ok, thanks
Arch has always teneded to be a headache at times
So I go to update/upgrade the “Arch template” unman has built and did the -Syu and I guess my question is do or does anyone keep the repo/rpm up to date?
Because I either have to “ignoreapp” cus as usual Arch won’t update/upgrade.
The app now in question is …XFCE 4.1.6 + settings.
Again thank you unman for your time and effort in making these templates. As for the other templates they are working and running just awesome. Can update/upgrade, all apps run… no issues seen on my end. It just this Arch
Hello unman,
thank you very much for your work!
I have some questions regarding parrot-pwn-4.0.6 for R4.1:
- Whats the proper way to update the template? Updating a fresh parrot template with apt-get update && apt-get upgrade breaks the domU for me. Qubes cannot connect to the qrexec handler and shuts down the domU automatically.
/var/log/qubes/qrexec.appvm.log
domain dead
2022-04-12 10:33:41.826 qrexec-daemon[34818]: qrexec-daemon.c:340:init: cannot connect to qrexec agent: No such process
/var/log/xen/console/guest-appvm.log
[2022-04-12 10:33:35] (2 of 2) A start job is running for…twork uplink wait (50s / no limit)
[2022-04-12 10:33:35] (2 of 2) A start job is running for…twork uplink wait (50s / no limit)
[2022-04-12 10:33:36] (2 of 2) A start job is running for…twork uplink wait (51s / no limit)
[2022-04-12 10:33:36] (1 of 2) A start job is running for…/net/devices/eth0 (50s / 1min 30s)
[2022-04-12 10:33:37] (1 of 2) A start job is running for…/net/devices/eth0 (51s / 1min 30s)
[2022-04-12 10:33:37] (1 of 2) A start job is running for…/net/devices/eth0 (51s / 1min 30s)
[2022-04-12 10:33:38] (2 of 2) A start job is running for…twork uplink wait (53s / no limit)
[2022-04-12 10:33:38] (2 of 2) A start job is running for…twork uplink wait (53s / no limit)
[2022-04-12 10:33:39] (2 of 2) A start job is running for…twork uplink wait (54s / no limit)
[2022-04-12 10:33:39] (1 of 2) A start job is running for…/net/devices/eth0 (53s / 1min 30s)
[2022-04-12 10:33:40] (1 of 2) A start job is running for…/net/devices/eth0 (54s / 1min 30s)
[2022-04-12 10:33:40] (1 of 2) A start job is running for…/net/devices/eth0 (54s / 1min 30s)
The newer qubes-template-parrot-pwn-4.0.6-202203261043.norach.rpm solved this issue for me.
- Can i also upgrade the template to parrot 5.0? With apt-get full-upgrade? Or would a apt-get upgrade suffice?
With apt-get upgrade and apt-get dist-upgrade I got to 5.0 without problems.
1 Like
Yes. The only thing to watch is that you aren’t removing any core Qubes
components - using hold and unhold, as explained here will help.
I’m in process of uploading new templates, including Parrot - should be
there in the next few days.
2 Likes
An updated Parrot template is available at
https://qubes.3isec.org/Templates
I’ve also uploaded packages for Debian-12, bookworm for 4.1.
You can build these from qubes-builder, but the packages aren’t yet
available from official repositories.
Check out the instructions at https://qubes.3isec.org/
When I comment in the Forum or in the mailing lists I speak for myself.
1 Like
Should I understand that Parrot will be included as official template in near future?
Should I understand that Parrot will be included as official template in near future?
I doubt it.
There are many distros based on the official templates which are
straight forward to build.
I build a lot, and make some of them generally available.
I’ve posted notes before which explain how to roll your own distro
template.
Awesome work @unman
I’m having difficulty with installing a Parrot template.
When running the command:
sudo dnf install parrot_temp.rpm
or
sudo dnf install qubes-template parrot_temp.rpm
Dom0 responds with Cannot load RPM file
I’m sure I’m doing something very silly 
Any suggestions would be greatly appreciated.
My bad
I think this could be to do with the signing of the .rpm
When following these instructions:
You will need to copy the key in to dom0:
qvm-run -p qube 'cat PATH_TO_KEY ' > unman.pub
and then import it:sudo rpm --import unman.pub
I get error: unman.pub: import read failed(0)
and
error: unman-public.pgp: import read failed(0)
Thanks unman for your hard work, enjoy everything you and the others do…New parrot template unman did installed just fine. With the new parrot template the apps are not launching right. If I click like “run terminal” and parrot template will start but it will not launch “run terminal”. I have to go back in and click it again then it will populate.
Also I can’t install like “terminator” or even update/upgrade…
I am getting…
Ign:1 http://HTTPS///deb.parrot.sh/
500 Unable to connect [IP: 127.0.01 8082]
Err:1 Failed to fetch http://HTTPS//
How do I fix this?
Do I have to edit or remove
Parrot will not update from qubes manager as well. I right click on parrot template and click on update and nothing happens. Thought I would just add that.
Rolling distros - Parrot, Arch, Kali
Templates like Parrot or Kali are based on Debian testing.
To avoid breakage when updating, the core Qubes packages are on hold.
This means that they will not be updated.
You can confirm this by runningapt-mark showholdin the template.
apt-mark unholdwill remove the hold, and allow you to update the Qubes packages.
I suggest you restore the holdapt-mark holdto make sure that the Qubes packages are not removed when updating other packages.
So, while updating a template you will see that some packages cannot be upgraded because they will conflict with the Qubes packages.
Periodically, in the template, remove the hold on the Qubes packages. Update the package list withapt updateand then update the Qubes packages - either manually withapt install..., or using a manager like aptitude, and selecting Qubes packages for upgrade.
Once the upgrade has been completed, put the Qubes packages back on hold, and upgrade again.
Undoubtedly a pain, but less than the pain of breaking your qubes, and having to crawl backwards to get them working again.
Then again, if you use aptitude you would be able to see what changes would be made, opt to retain the Qubes packages - always keep the Qubes packages , and avoid breakage that way. This depends on you looking to see what changes will be made and acting accordingly. Usingapt-mark holdwill take some pressure off.
I have to admit, i’m totally confused by what this is and what it does, I changed my sources to just https, but i’m fairly sure that isn’t the idea? searched the forum and the net for “https://HTTPS///” and didn’t come up with anything.
Scrolled further back on this post and saw about apt-cacher-ng. Am sticking with changing to https as I don’t really need this.
I’ve been away.
The repos are configured to use a caching proxy.
Any proxy has to find a way to deal with encrypted requests -
https://…
Some solutions are:
MITM - the proxy intercepts the request, sends it own https request, and
returns cached
Don’t cache https request
Rewrite the client request: http://HTTPS/// means that the request is
sent to the proxy as http, and the proxy then rewrites it to https://
This means that outbound traffic still uses https, but the proxy can see
all requests and cached the packages.
Rewriting the repository definitions is fine:
sed -i s^http://HTTPS///^https://^ REPO_DEFINITION will do it.
Thank you uman for all your help!
Glad you are back
Could someone explain how or where I would do this?
Is there a path to a file where I would enter this?
Example…sudo nano /etc/?/?
I guess it’s for /etc/apt/source.list and /etc/apt/source.list.d/* but you can search for the files with this:
sudo grep -lr "http://HTTPS///" /etc
And if it’s source.list files then you can replace strings like this:
sudo sed -i s^http://HTTPS///^https://^ /etc/apt/source.list /etc/apt/source.list.d/*