Must create HVM if I want to use a unsupported distro as a VM?

[Stumpy]

I want to use a linux distro that currently doesnt seem to have a
template for Qubes. Does that if I want to use it I would have to either
go the HVM route like for win or create my own template (probably beyond
me).

[unman]

Yes, that's right. Bear in mind that you can use these as templates too.

[Stumpy]

Thanks Unman
So when you saud "can use these as templates too" you mean that a HVM
can be used as a template? (oh god please say yes!!! if yes then I am
assuming I could make a win7 template and create win7 appvms?)

[unman]

Pleased to say "Yes".

Yes you can create win7 appVMs from a template. Unless you use QWT to
set home directory to /dev/xvdb you will have effectively a
disposableVM, which may throw you to start with.

You can have this for any HVM - do full install on to /dev/xvda, and any
qubes based on that template will act as disposableVMs. I have BSD
netvms set up like this.

unman

[Sven Semmler]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/10/2018 07:47 AM, unman wrote:
> Yes you can create win7 appVMs from a template. Unless you use QWT
> to set home directory to /dev/xvdb you will have effectively a
> disposableVM, which may throw you to start with.

I am using a Win7 HVM as template and have have two AppVMs based on
it. Without QWT. You can move the user directory manually in the
template VM and then use dd to copy the private section once when
creating the AppVM.

Steps:

- -> In your Windows 7 HVM which will be your template use Disk Manager
to format the private partition. By default it usually is 2 GB and unuse
d.

- -> https://lifehacker.com/5467758/move-the-users-directory-in-windows-7
(use the manual way later in the post!)

If your HVM is not already a template use qvm-clone --class TemplateVM

Then:

- -> https://groups.google.com/d/msg/qubes-users/TJZQbB9CvrU/j6Zu1ZaJCQAJ

Obviously try QWT first, if it works for you. Having the shared
clipboard and the ability to send/receive files in an AppVM is gold.
For me QWT doesn't work yet but there seem to be many who have no
issues. The above could be your fallback, in case you have issues like
me [1].

/Sven

[1]
https://github.com/QubesOS/qubes-issues/issues/3585#issuecomment-4107642
31
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAluWps8ACgkQ2m4We49U
H7aylRAAvxsBhARpwQzJZnPxAqhxV7ISsE9WOJi6RreJoc9mGFw9o98Zi1SilrYf
Qh2Y5UMmrHQhQuvGl2+O2IUfNzVuc4DdJ3ZZNARGA4sNDCxvQobDs+jYs7bbLFK9
N50wQCU0uiTtuppc03xRLNQGXtvGo6hpcRynpY7S2ak6Tai1dLkuAdKkSwfBc3zJ
WQuyiTbOVyS3uv5llbdmrllurbJhgGkfxJAJ3Zomv2N4B2OumwKeNO99rgBCP5ll
igrySVfubozfOd/6YC8Z8Yd7c2JojNBV6Tsmfw0Ut8FAnslUUIa8Qyv0K74gaWS/
S7sKsplQdjLxoJNvoyG6svVex49GsHrOjA3ibbQdyWLxsybkp8d2wvIFeYc0WoCR
i2GT1yxVGiQghKW0G6Gz8L4z04e/yrVLN6pFKiwSTn7Cjvxpt3PsFp01LLUPJJEL
yYDvh/J3mcrJtdgihnnXUiQRjqQCPwxyVH1FAA1+6NkiRT4BGDrLrWotzisvAG5p
p7yZPMRZNy2d/6ssh/Tw8iMY24eVZDrF6Krluxgf8b/3T7oX1ufJOcPI5NhF2v6z
N3uXjc1XvuPTxeIrWEo4VWy7NBbH+PLz4PEQMjwJ/8a/sMRGbIgaa0ovNIeCmIdc
S9AVBX02t4vvLURbej7Pmrxsh4s60pUgk6n6LTCUnupeCRz12cs=
=zSIj
-----END PGP SIGNATURE-----

[Stumpy]

Yeah! Good to know thanks!

[Stumpy]

Thanks you very much for the additional info end the links, will try to
give it a whirl this weekend!
Cheers

[Stumpy]

On 09/10/2018 08:47 AM, unman wrote:

... I sent my previous email too soon, that is, it just occured to me
that you said you have your netvms set up like this using BSD disposable
templates?

So your netvms are actually dvms? If yes, that sounds like a really good
idea, so even if they are compromised they would be "disinfected" after
reboot or after they are restarted?

Am i understanding this right?

thanks again!

[Sven Semmler]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 9/10/18 8:07 PM, Stumpy wrote:
> Am i understanding this right?

Can't answer for unman, but in general this is possible and in my
opinion advisable:

- -> https://www.qubes-os.org/doc/dispvm-customization/

If you go this route, it comes with limitations:

- -> NetVM will obviously "forget" previously connected networks
- -> Firewall VM will obviously forget manually added rules

I don't use manual firewall rules, so this is not an issue for me. And
regarding the NetVM I have done the following to "teach" the DVM
template my two most frequent WiFi passwords:

1) all my sys-vms are based on a clone of fedora-28-minimal named tpl-sy
s

2) in tpl-sys I have installed additional packets as listed here:
https://www.qubes-os.org/doc/templates/fedora-minimal/ (you also need
gnome-keyring for the password dialog in the NetVM ... change request
for the docu in already underway).

3) created app-vm named dvm-sys based on tpl-sys and temporarily set
virt_mode to hvm and provides_network to true.

4) ran dvm-sys and connected it to my two frequent WiFi networks

5) reversed virt_mode to pvh and provides network to false

7) created sys-dvm-net as outlined in the docu mentioned at the
beginning of this post using dvm-sys as disp vm template

/Sven
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAluXG8MACgkQ2m4We49U
H7aQ1A//cAbCBplslNOt4120mW2G0qmXMGAVsgVhS7kWrXQaj3kTB0uQKldsA2qM
JKYeKzll2t8dP4IiY1rtMhKOW4b8QEL0gv7n27o/tmVZPA8EeK5+rvMHuOg72jIt
77gQVApzRAaH/WuzyqJY/+mGxbTqo80zUpnG3ThVB/RIvqmm7HRoJsFA2jXA6VgX
pAgYcxZBCT6tIuku1VfAIvJDHgaruerVZ5CVoTVoVFvFlWfgs7YjAsxD/TJ/gmUX
GpxnqMVi7gQYzLFtKn63TyIhnrU95yDx0QutXZCfKv5dI5biZ0myLKHHNnFEQzMR
llSVCgAB0HDyhTgaNKM5D7Z+Q+q3BJJC+Lma6pwixwdFvcGodBlzMdimG5RFt81Y
uk2pEyZRlGUaHnAMMs2VF9lUdCbQBPM3CGHunRCf9kr2eB/yKV5lXDLoYLWth3SO
ZCnDc3mKW/sXv1xznU78fPE9b2r8ydfH5DoVoueue2GxKueQoqlxt4Bx2xUvBFBj
Nfolm+jsBiOaxlMjO+8/W6VInUbuNs2N8ATt5WQq1bLgG3YFsU/go/KCxTAXA1AW
FVdu+9DIBrYn3u1og1Zz3gu8yW4r/4Y27PZwTLeKRXzcDXZtMWG5RyCEwrzMXHLV
yYauiaQlcWtCIcdr27EYW+vGJHfolYW9eca6+2vUCKT+mkJJ3gk=
=49Kr
-----END PGP SIGNATURE-----