If any one is interested I’ve posted some updated templates for
Debian-12, archlinux-minimal, and Parrot-pwn. I think they work
reasonable well.
Instructions are here
Bookworm based templates cant be updated using the GUI tool, because
there’s no salt-ssh package as yet. We are aware of this, but expect it
to be fixed by the time bookworm is released.
I have a new Kali template and a black arch - I need to finalise and
rebuild, then I’ll put these up.
The prebuilt Ubuntu templates are quite old - there’s an open issue about
building jammy, which I have not resolved to my satisfaction. Once I do I
will rebuild jammy and post it as well as a Vera Mint.
These are, of course, unofficial builds so you are trusting me to do the
right thing ™
I’ve posted before a guide to customising the existing template builds
Remember that you might like the look of (e.g) a Mint desktop, but you
wont get that from a template. Some people do not understand this.
Also, using any bookworm based distro, or any rolling distro, is
a) insecure, and b) likely to generate a large amount of update traffic.
Always happy to look at other templates or new flavours. (Please don’t
suggest *BSD - it pains me as it is.)
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
@unman, why are rolling distributions unsafe? Please explain. The only reason I can think of is the possible breakage of qubes-specific packages when upgrading. What else?
That was a trial from 4 months ago - I should pull it.
On the `apt-cacher-ng syntax, I will include this depending on the target
users.
If a template is primarily aimed at users who will be using
apt-cacher-ng, then I bake it in. @Insurgo has suggested that I modify the system so that new templates
will be installed and modified if cacher is installed.This is a good
idea, but I have little time to do this, and it is a major intervention
for an unofficial project, I think.
I can only emphasise again that debian-12 pushes for extrepo, and that this project seems to be an easy solution to resolve the problem of deploying new repo+software from qubes users. Thinking of building blocks here and trying to get advanced users to chime in to one day have what users need and reducing complexity. We are still far from the day users will point and click to install Signal into their personal qube without having to know the template it is based on, but with those building blocks slowly getting traction, we will get there.
Cacher is amazing. Kept track of the changes I had to apply to have things cached and cleaned as I need it to be, but for cacher, the problem is still present. We can either leave the templates repo definition intact so that software can be deployed onto qubes not talking to cacher, or have everything passing through cacher. And having inotifywait could seal the deal here if template/qube is instructed to use the update proxy. That inotifywait service could be applied conditionally of the update proxy service running+cacher being deployed, and listen and apply changes transparently.