How to install software in an AppVM without loosing persistence?

[Monsieur DuPont]

Dear Qubes users/fans;

I was trying the other day to install some piece of software in a Debian-9 based AppVM but after a reboot it was reset to its usual state and that piece of software was no longer found.

Hence how is it possible to install persistently software in AppVMs?

Thank you in advance!

Yours faithfully,

Signed, your fellow Qubes user/fan

[Claudia]

You have to install it in the TemplateVM that the AppVM is based on. Then, power off the TemplateVM and reboot the AppVM. The package will now be available in all AppVMs which are based on that template. Optionally, you can clone the TemplateVM first and then set the AppVM to use the new template. Alternatively, you can install the app in a Standalone VM.

https://www.qubes-os.org/doc/templates/
https://www.qubes-os.org/doc/software-update-domu/

[unman]

Depending on what the software is, and how it is installed, you may also
be able to install to one of the persistent directories under
/rw - /home/user (obviously) or under /usr/local

unman

[Monsieur DuPont]

> Depending on what the software is, and how it is installed, you may also be able to install to one of the persistent directories under /rw - /home/user (obviously) or under /usr/local

That looks like a good solution, unfortunately I couldn't find any easy way to do it online (I have no experience in Linux terminal kung fu). So any help with that regards would be deeply appreciated, especially since the other solution (of cloning a TemplateVM and installing stuff in it) didn't work for me for some reason :(

[dhorf-hfre...@hashmail.org]

On Sun, Feb 09, 2020 at 12:49:39PM -0000, 'Monsieur DuPont' via qubes-users wrote:
> That looks like a good solution, unfortunately I couldn't find any easy way to
> do it online (I have no experience in Linux terminal kung fu). So any help
> with that regards would be deeply appreciated, especially since the other

that depends a lot on what you are trying to install.

> solution (of cloning a TemplateVM and installing stuff in it) didn't work for

or you just install it in the template, without any cloning.
that should work for anyone who is not part of the "computers are more
secure without a compiler installed" cult.

[unman]

On Sun, Feb 09, 2020 at 05:16:09PM +0100, dhorf-hfre...@hashmail.org wrote:
> On Sun, Feb 09, 2020 at 12:49:39PM -0000, 'Monsieur DuPont' via qubes-users wrote:
> > That looks like a good solution, unfortunately I couldn't find any easy way to
> > do it online (I have no experience in Linux terminal kung fu). So any help
> > with that regards would be deeply appreciated, especially since the other
>
> that depends a lot on what you are trying to install.

Yes, it does.
In Fedora you can install using `dnf --installroot` option
I dont think there is a similar option in Debian.
If you have a tar file, you can untar it where you will (e.g Tor
Browser)
If you have sources, you can very often compile and install wherever you
want, and the README will help you to do that.

>
>
> > solution (of cloning a TemplateVM and installing stuff in it) didn't work for
>
> or you just install it in the template, without any cloning.
> that should work for anyone who is not part of the "computers are more
> secure without a compiler installed" cult.

There are many reasons for cloning templates, and security and
compartmentalization are two of them.
I dont know any cultists such as you describe. I do know security
professionals who maintain distinct templates for different qubes, on
the reasonable ground of reducing attack surface where possible. I prefer
to follow them.

unman