Also qvm-service approach will make easy to enable this from GUI (there is
services tab in VM settings).
>
>> * (optional) install Tor's FC repo for latest versions (to get stream
>> isolation)
>> * Install Tor package
>> * Create startup config+scripts
>> * Execute startup scripts on boot
>>
>> I'd love to submit this change, however I haven't the faintest clue how
>> to go from the changes I made on disk to a default ProxyVM to a
>> standalone rpm.: via network or USB key, or qvm-copy-to-vm if you do development in one AppVM, and test in another
>>
>> I'm only familiar with Archlinux and Debian's package formats. Do you
>> have any docs on how to proceed?
>>
>
> The book on building RPMs:
>
>
http://www.rpm.org/max-rpm/
You can also look to already existing rpms. Some assorted hints for torvm:
1. This fit into addons repository
(
http://git.qubes-os.org/gitweb/?p=mainstream/addons.git;a=summary)
2. I think it can contain those files:
/usr/lib/qubes-tor/start_tor_proxy.sh (just like in Joanna article)
/lib/udev/rules.d/99-qubes-tor-hook.rules
(based on /etc/udev/rules.d/99-qubes_network.rules - which BTW should also be
in /lib/udev/rules.d...) - instead of qubes_ip_change_hook file
/lib/systemd/system/qubes-tor-setup.service
perhaps some other
3. qvm-service works by creating files in /var/run/qubes-service/, then you
can add simple condition to systemd unit file to get it automatically enabled:
ConditionPathExists=/var/run/qubes-service/qubes-tor
4. Stop action should also terminate tor daemon
5. To disable qubes-netwatcher and qubes-firewall services you can:
a) just do nothing and require the user to manually disable them in VM settings
b) create additional service, started just after qubes-sysinit (which prepare
/var/run/qubes-service dir) and removes qubes-netwatcher and qubes-firewall
files from /var/run/qubes-service. This service can have dependencies
something like:
[Unit]
DefaultDependencies=no
After=qubes-sysinit.service
Before=qubes-network.service qubes-firewall.service
>> On a related note, it would be great if the developer docs described how
>> to go about developing Qubes w/out having to reinstall from an ISO after
>> every change. (i.e., how does the Qubes dev workflow work?)
>
> Hm... something like this:
> 1) Modify some specific repo
> 2) Build a new RPM
> 3) Copy the RPM to a test AppVM or a test system (if developing for Dom0
> or hypervisor)
First of all get qubes-builder :)