Hey I am pretty new to Qubes OS and I recently ran into a Problem that I couldn’t figure out.
I installed snapd in a fedora template and installed applications like vs code, discord, android studio, gitkraken. First I installed them in an appVM based on that template which didn’t work so I installed them in the template itself (I might not have restarted everything properly). Everything worked like expected inside the template but did not in the appVM. Just vs code worked inside the appVM (not sure if I did anything different).
But inside a standaloneVM based on the fedora template everything worked like expected. So my question is, why does it work in a standalone and not in an appVM? The installation guide which explains snap uses appVMs aswell.
Thanks for your help!
From what you said, it sounds like you may not be installing the software properly. The steps from How to install software | Qubes OS are:
- Start the template.
- Start either a terminal (e.g. gnome-terminal) or a dedicated software management application, such as gpk-application.
- Install software as normally instructed inside that operating system, e.g.:
Fedora: sudo dnf install <PACKAGE_NAME>
Debian: sudo apt install <PACKAGE_NAME>
- Shut down the template. (Do not skip this step.)
- Restart all qubes based on the template. (Do not skip this step.)
- (Recommended) In the relevant qubes’ Qube Settings, go to the Applications tab, select the new application(s) from the list, and press OK. These new shortcuts will appear in the Applications Menu.
Sorry I wasn’t 100% clear. I wrote this in a slight rush. I am talking about the " Installing Snap Packages" Part in How to install software | Qubes OS
I did this inside a fedora-32 template
sudo dnf install snapd qubes-snapd-helper
And installed Software inside an AppVM with:
snap install discord
snap install gitkraken
now after restart I try to launch them via the quick menu and nothing happens.
If I try it with the terminal:
[user@Development ~]$ discord
internal error, please report: running "discord" failed: cannot find installed snap "discord" at revision 130: missing file /var/lib/snapd/snap/discord/130/meta/snap.yaml
If I try the installation again it says that discord is already installed.
And the same process works perfectly fine inside a standaloneVM
Now I am trying to understand why that is. And how I could make it work inside an AppVM.
(Ignore the VS code part from my original post because I did that with the normal installation method)
Did you shutdown the Fedora template after installing snapd and qubes-snapd-helper, then restart the AppVM?
Also, it looks like these should be snap install <package> as opposed to sudo install <package>. Is this just a typo and you ran the correct commands?
Sorry yes that was just a typo. And I also did restart the template and created a new AppVM
I got it to work. I fully removed snap/snapd from the appVM with:
Stop snapd services
$ sudo systemctl stop snapd
Remove snapd packages
$ sudo dnf remove purge snapd gnome-software-plugin-snap
Remove user snap directory
$ rm -rf ~/snap/
Remove cache directory for snapd
$ sudo rm -rf /var/cache/snapd/
Afterwards I installed snapd and the qubes snap helper inside the appVM and restarted.
I left the fedora-32 template how it was because the template itself worked fine.
Now installing and running applications inside the appVM worked fine.
Not sure why it didn’t work in the first place. I might have done some miss cofiguration or snap had some sort of “hiccup” 
.
But I still don’t really have an explanation why everything worked perfectly fine inside a standaloneVM (I read in another thread that running snap inside standaloneVMs causes less problems) but I would like to understand the difference in doing so.
3 Likes
Note that Qubes OS security relies on the isolation between TemplateVMs and AppVM. You should not run any applications in the former, they are only for installation scripts which are usually less buggy and more rigorously verified by maintainers.
Yes thats true.
I just copied the same installation command that I used inside the AppVM and pasted it into the template just for testing purposes after the applications not working inside the AppVM. But I do understand that you shouldn’t be doing that.