Hi,
I worked a bit on the debian template.
My changes consist mainly in making the fedora systemd services running
under Debian (I know Marek has started doing something similar).
These changes should enable debian-templates to be used as netvm,
proxyvm, dispvm.
You can get it from here (only via git. no gitweb):
https://git.ipsumj.de/hw42/qubes/gui-agent-linux.git
https://git.ipsumj.de/hw42/qubes/core-agent-linux.git
https://git.ipsumj.de/hw42/qubes/linux-utils.git
There are two tags. hw42_debian-systemd-1 are my original changes which
are better tested. hw42_debian-systemd-2 are merged with the latest
changes from Marek. These should also work well (I'm writing this Email
with a VM based on them) but are less tested.
Please note that I have tested my changes only in my custom debian
unstable template (and some quick test on the "official" debian
template). I originally planed to test it better but since Marek and the
whonix-guys seems to do similar work as I have already done I thought
its better to publish it now.
A lot of the incompatibility were simple path miss matches (especially
xenstore-*). I simply removed the absolute paths - Are there any good
reasons to hardcode the paths?
0d0261d is not backward compatible. So if you downgrade the packages you
have to undo it manually.
Some things are still missing:
- update proxy in netvm.
- NetworkManager is untested since I don't use it.
- App-Menus
- ...
HW42
PS: Some notes on how to verify my Code:
The git tags are signed my Qubes-Code-Signing-Key [0]. This key can be
downloaded here [1]. It's signed by my email-Key [2]. Since I don't
known anybody of the Qubes project personally the verification of this
key is a bit tricky. All my signed emails to this list (not all are
signed) should be signed by this key.
The https-downloads (the repo and the key) can be verified by my private
CA [3] which should be verifiable via DNSSEC/DANE.
[0]: FC1A C023 76D0 4C68 341F 406F 8C05 216C E09C 093C
[1]:
https://ipsumj.de/hw42.asc
[2]: AA27 B2CE F3A6 8BD1 4669 0713 E4AC C927 8A64 6816
[3]:
https://ipsumj.de/ipsumj_ca_cert.pem
https://ipsumj.de/ipsumj_ca_cert.pem.sig
(If you want to verify against my email key [2])