I am trying to use salt to install qubes-template-fedora-34-minimal to dom0, using the default repository.
But I don’t know what is the name of the default repository. I tried current but that doesn’t work.
I made a /srv/salt_user/template-fedora.sls file by adapting shaker/template-fedora-34-minimal.sls at main · unman/shaker · GitHub
template-fedora-minimal:
qvm.template_installed:
- name: qubes-template-fedora-34-minimal
- fromrepo: current
Then I applied the state with:
[user@dom0 ~]$ sudo qubesctl state.apply \
template-fedora-minimal saltenv=user
I get an error that says [Qrexec] Error: Unknown repo: 'current'.
What should be the name of the default repository?
If I delete the - fromrepo: current line in the .sls file, I get another error:
qvm-tempate: error:
Template `qubes-template-fedora-34-minimal` not found.
But I think qubes-template-fedora-34-minimal is the correct name of the template.
The name is qubes-templates-itl and you didn’t have to change it.
[user@dom0 ~]$ cat /etc/qubes/repo-templates/qubes-templates.repo
[qubes-templates-itl]
name = Qubes Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-itl
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-itl
#metalink = https://yum.qubes-os.org/r$releasever/templates-itl/repodata/repomd.xml.metalink
enabled = 1
fastestmirror = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-templates-itl-testing]
name = Qubes Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-itl-testing
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-itl-testing
#metalink = https://yum.qubes-os.org/r$releasever/templates-itl-testing/repodata/repomd.xml.metalink
enabled = 0
fastestmirror = 1
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-templates-community]
name = Qubes Community Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-community
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-community
#metalink = https://yum.qubes-os.org/r$releasever/templates-community/repodata/repomd.xml.metalink
enabled = 0
fastestmirror = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-templates-community
[qubes-templates-community-testing]
name = Qubes Community Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-community-testing
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-community-testing
#metalink = https://yum.qubes-os.org/r$releasever/templates-community-testing/repodata/repomd.xml.metalink
enabled = 0
fastestmirror = 1
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-templates-community
1 Like
Thanks!
I didn’t know I can check /etc/qubes/repo-templates/qubes-templates.repo
But I still get the same error:
template ‘qubes-template-fedora-34-minimal’ not found.
template-fedora-minimal
qvm.template_installed:
- name: qubes-template-fedora-34-minimal
- fromrepo: qubes-templates-itl
When I use fedora-34-minimal, I don’t immediately get an error. The command is still running.
I get that name from [user@dom0 ~]$ qvm-template list
And I get a new error:
ID: template-fedora-minimal
Function: qvm.template_installed
Name: fedora-34-minimal
Result: False
Comment: Failed to install template fedora-34-minimal. Additional info follows:
Error canonicalizing file: Payload forged!
Downloading 'qubes-template-fedora-34-minimal-0:4.0.6-202110020922'...
ERROR: [Errno 2] No such file or directory:
'/root/.cache/qvm-template/tmpxxxxxxx/qubes-template-
fedora-34-minimal-0:4.0.6-202110020922.rpm.UNTRUSTED'
This may be because of interrupted download.
How to fix that? This salt thing is super slow.
tzwcfq
May 28, 2022, 7:13pm
10
Just try to run salt again so it’ll download template again. I don’t know if there is a way to retry the partial download if it’s failed.
I apply the salt state again. When the command is still running, I check the /root/.cache/qvm-template/tmpxxxx/
The tmp folder is completely empty and I dont see the rpm for the fedora minimal template.
It is not downloading.
Usually, when I update the qubes, it would download things through whonix.
Maybe the salt method won’t work if the update has happened through whonix?
tzwcfq
May 28, 2022, 7:20pm
12
Do you see any network activity in sys-whonix → Nyx when you’re running salt state?qvm-template don’t download template in dom0 filesystem file but directly in stdout:
As for downloading - if the service would download directly to stdout,
https://groups.google.com/g/qubes-devel/c/2XaMP4Us3kg/m/5U_0fca8BwAJ
how to do that?
xentop in dom0 says the NETS, NETTX(k), and NETRX(k) columns are all zeros for all VMs.
tzwcfq
May 28, 2022, 7:30pm
14
If your dom0 updatevm is sys-whonix then open Nyx app in sys-whonix. Or run nyx command in sys-whonix terminal.
Nyx in sys-whonix says it is downloading something.
tzwcfq
May 28, 2022, 7:40pm
16
You can wait until it finish or if it’ll fail you can check if the network activity in nyx will stop.
It worked. I deleted the fromrepo line.
But I feel it is much slower than directly running qubes-dom0-update. I haven’t timed qubes-dom0-update yet.
I removed the fedora-34-minimal template, following the instruction at Qube troubleshooting | Qubes OS
$ sudo qvm-remove fedora-34-minimal
And then I install it again…
$ sudo qubes-dom0-update qubes-template-fedora-34-minimal
And get the payload forged error. qubes-dom0-update is even slower than salt this time.