Understanding default-mgmt-dvm

augsch · December 23, 2023, 12:29pm

As for this, there’s no contradiction in the doc. For a minimal template ( without any preconditon ), you can choose whether to install qubes-core-agent-passwordless-root. But a bare minimal template isn’t enough to perform adminstrative tasks as a default-mgmt-dvm. So you’ll need qubes-core-agent-passwordless-root if you want that minimal template to be also the template of your default-mgmt-dvm.

For example, you can choose whether to install tor in a template. But if you want to connect to the onion network, tor becomes mandatory.

qubist · December 23, 2023, 2:00pm

You just need to create a disposable qube named “default-mgmt-dvm” based on a “full” template ( fedora-38 instead of fedora-38-minimal ) and that’s all.

If that is so, why does the documentation say that for default-mgmt-dvm all that is necessary is to install 2 specific packages? Why doesn’t it say that a full template is required.

So you’ll need qubes-core-agent-passwordless-root if you want that minimal template to be also the template of your default-mgmt-dvm.

IOW, passwordless root is not a choice but an unavoidable requirement for this particular qube. Is that what you mean?

I personally think you have reached somewhere that hardly anyone has explored before. So there might not be immediate and comprehensive answer to your question.

Should that one be asked in a separate thread then?

augsch · December 23, 2023, 2:36pm

You are right. I missed the “from scratch” part in your original post. I didn’t think you were asking for a minimal setup.

Yes.

Not really, I think. What I mean is that someone has to dig for the info, and it’s unreliable to wait for some random person to do this for you. Please, if you would like, dig the info yourself. Probably by looking through the source code.

qubist · December 23, 2023, 3:54pm

Thanks. I guess this clarifies question 3.

I am not asking anyone to dig into source code for me (or vice versa). It is a Sisyphean effort to look for answers this way, especially in the particular case. I think I will try a separate thread. Maybe someone would know.

qubist · January 22, 2024, 10:50am

Do I understand correctly that in 4.2 default-mgmt-dvm is no longer necessary and it safe to delete it?

unman · January 22, 2024, 12:40pm

No - what make you think so?
Or better, “necessary” for what?

What do you mean by “safe” in this context?
Other than removing dom0, you are free to remove any qube or
package.

Bearillo · January 22, 2024, 12:53pm

It’s still used for, at minimum, qvm-console-dispvm, but no other usages come to mind right now.

Edit: oh and the “Plan B” or “Paranoid mode” backup restore function, though that one is partially broken anyway (can be made to work, however…issue being tracked here).

qubist · January 22, 2024, 2:35pm

No - what make you think so?

The new way updates run (I don’t see any dispVMs created on the fly as before).

Or better, “necessary” for what?

For updates.

What do you mean by “safe” in this context?

As in “not used, therefore unnecessary, therefore safe to remove”. But from your words I understand that is not the case.

Still, I wonder how exactly it is used as I have never seen it (or any derivatives of it) start since I upgraded to 4.2. What can you say about that?

qubist · January 23, 2024, 6:44pm

The new way updates run (I don’t see any dispVMs created on the fly as before).

This is very strange. When the GUI tool, Qubes Update, is used - the above is true. However, if I use the command line Salt formulas, given in the docs, dispVMs get created and started like in 4.1.