Qubes tools in Debian HVM
154 views
Skip to first unread message
Micah Lee
Oct 2, 2016, 2:13:07 PM10/2/16
to qubes...@googlegroups.com
I'm attempting to creating an HVM template based on Debian with a
grsecurity kernel. But first, I'd like to my HVM to be able to use
qrexec services like copying files.
I installed Debian Stretch in an HVM template and I added the Qubes R3
repository to my apt sources, as well as the right key:
deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch main
I looked at what packages from that repo are currently installed in my
debian-9 template and tried installing them in the HVM:
apt install -y libqrexec-utils2 libqubesdb libqubes-rpc-filecopy2
libvchan-xen libxen-4.6 libxenstore3.0 qubes-core-agent qubesdb
qubesdb-vm qubes-gpg-split qubes-gui-agent qubes-pdf-converter
qubes-thunderbird qubes-usb-proxy qubes-utils xenstore-utils
xen-utils-common
Then I rebooted. In hindsight, I clearly shouldn't have actually
expected this to work. When I boot the HVM I'm getting a bunch of
failures and timeouts, and it's taking forever to run Init Qubes
Services [1].
[1] http://i.imgur.com/qbIXlaV.png
I'd like to be able to use qvm-copy-to-vm, qubes-gpg-client, etc.,
within this HVM. Is this something that's possible without a huge amount
of work or writing new software?
grsecurity kernel. But first, I'd like to my HVM to be able to use
qrexec services like copying files.
I installed Debian Stretch in an HVM template and I added the Qubes R3
repository to my apt sources, as well as the right key:
deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch main
I looked at what packages from that repo are currently installed in my
debian-9 template and tried installing them in the HVM:
apt install -y libqrexec-utils2 libqubesdb libqubes-rpc-filecopy2
libvchan-xen libxen-4.6 libxenstore3.0 qubes-core-agent qubesdb
qubesdb-vm qubes-gpg-split qubes-gui-agent qubes-pdf-converter
qubes-thunderbird qubes-usb-proxy qubes-utils xenstore-utils
xen-utils-common
Then I rebooted. In hindsight, I clearly shouldn't have actually
expected this to work. When I boot the HVM I'm getting a bunch of
failures and timeouts, and it's taking forever to run Init Qubes
Services [1].
[1] http://i.imgur.com/qbIXlaV.png
I'd like to be able to use qvm-copy-to-vm, qubes-gpg-client, etc.,
within this HVM. Is this something that's possible without a huge amount
of work or writing new software?
HW42
Oct 2, 2016, 3:19:33 PM10/2/16
to Micah Lee, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Micah Lee:
It can work. I only tried it yet by converting an existing PV template.
So I might miss stuff which is required when converting an "normal"
Debian install (double check /etc/fstab). You need to do at least:
apt-get install qubes-kernel-vm-support # and rebuild initramfs?
remove /dev/xvdc1 from /etc/fstab
qvm-prefs -s $hvm qrexec_installed true
qvm-prefs -s $hvm quiagent-installed true
sed -e '/<video/,+2d' /var/lib/qubes/appvms/$hvm/$hvm.conf > /tmp/$hvm.conf
qvm-start --custom-config=/tmp/$hvm.conf $hvm
In R4 this will be much more painless ;]
-----BEGIN PGP SIGNATURE-----
iQIsBAEBCgAWBQJX8V2WDxxodzQyQGlwc3Vtai5kZQAKCRDkrMknimRoFgHvD/9A
HE1RYQA0cV5Z/OGNVK2b4H6j1vQs7eEsZdH/B67n1N2DcE+XSpxqlk4emJvPUQgZ
CIECEmVT4UEq0ZyTnS4FzEOC+5jHRPv9aCImBNB9HfWeBCmYVq8HdvQgYrXPrJEp
xI87z3P4q2AHyIoVX1HKu9YGVuKZaSGPuOGq7txj1CAF3EhpVqXGG9m6qtXBFMXy
wtBFAv6tM+9YkBiF3hA83dzWhC+kzFN9JlrOyaNr2O12Z54YCvyGAMI9wRbE4hc4
0ELRjeAOxAGgaFG2GEsUljjH0cLxAL1kzjDmCDcSkmt3bp7zVfI2WzwYOO65s48W
JXJZvWC2UVjJcoEaztN0clyCytd9ZKVZY2vxN2qbMS6aue4MkPDedAaeRIvsY3c9
loO7RDB4v6G4MP5RQaMmtCh/xYgpaqGsovlLUJr7rzVCNHGU2aVQNXxEAlMeq+aA
KLxkoyU0/ced3bMcDchmDHJ2FLoTQt0vVWOfB8IMBZddLNcrlqAfvbjOdIqzz25a
wL52Y6Mp4zrk/WTXTya2okJ2tYfXNfW6xsF9IWT2qnnBBl17UlunDe8QOUAjnvs7
kL5mE80dyoPgTj8aQb7hBHTw0ofMVODQBxeWstmJZ/BTGT/sfXj1FDdrL13LypAK
7EWWup0VwXJcrGbie4qsoqp0USazCpfto1Yia7/cIg==
=Qolb
-----END PGP SIGNATURE-----
Hash: SHA512
Micah Lee:
So I might miss stuff which is required when converting an "normal"
Debian install (double check /etc/fstab). You need to do at least:
apt-get install qubes-kernel-vm-support # and rebuild initramfs?
remove /dev/xvdc1 from /etc/fstab
qvm-prefs -s $hvm qrexec_installed true
qvm-prefs -s $hvm quiagent-installed true
sed -e '/<video/,+2d' /var/lib/qubes/appvms/$hvm/$hvm.conf > /tmp/$hvm.conf
qvm-start --custom-config=/tmp/$hvm.conf $hvm
In R4 this will be much more painless ;]
-----BEGIN PGP SIGNATURE-----
iQIsBAEBCgAWBQJX8V2WDxxodzQyQGlwc3Vtai5kZQAKCRDkrMknimRoFgHvD/9A
HE1RYQA0cV5Z/OGNVK2b4H6j1vQs7eEsZdH/B67n1N2DcE+XSpxqlk4emJvPUQgZ
CIECEmVT4UEq0ZyTnS4FzEOC+5jHRPv9aCImBNB9HfWeBCmYVq8HdvQgYrXPrJEp
xI87z3P4q2AHyIoVX1HKu9YGVuKZaSGPuOGq7txj1CAF3EhpVqXGG9m6qtXBFMXy
wtBFAv6tM+9YkBiF3hA83dzWhC+kzFN9JlrOyaNr2O12Z54YCvyGAMI9wRbE4hc4
0ELRjeAOxAGgaFG2GEsUljjH0cLxAL1kzjDmCDcSkmt3bp7zVfI2WzwYOO65s48W
JXJZvWC2UVjJcoEaztN0clyCytd9ZKVZY2vxN2qbMS6aue4MkPDedAaeRIvsY3c9
loO7RDB4v6G4MP5RQaMmtCh/xYgpaqGsovlLUJr7rzVCNHGU2aVQNXxEAlMeq+aA
KLxkoyU0/ced3bMcDchmDHJ2FLoTQt0vVWOfB8IMBZddLNcrlqAfvbjOdIqzz25a
wL52Y6Mp4zrk/WTXTya2okJ2tYfXNfW6xsF9IWT2qnnBBl17UlunDe8QOUAjnvs7
kL5mE80dyoPgTj8aQb7hBHTw0ofMVODQBxeWstmJZ/BTGT/sfXj1FDdrL13LypAK
7EWWup0VwXJcrGbie4qsoqp0USazCpfto1Yia7/cIg==
=Qolb
-----END PGP SIGNATURE-----
Micah Lee
Oct 3, 2016, 2:33:13 PM10/3/16
to qubes...@googlegroups.com
On 10/02/2016 12:18 PM, HW42 wrote:
> It can work. I only tried it yet by converting an existing PV template.
> So I might miss stuff which is required when converting an "normal"
> Debian install (double check /etc/fstab). You need to do at least:
>
> apt-get install qubes-kernel-vm-support # and rebuild initramfs?
>
> remove /dev/xvdc1 from /etc/fstab
>
> qvm-prefs -s $hvm qrexec_installed true
> qvm-prefs -s $hvm quiagent-installed true
> sed -e '/<video/,+2d' /var/lib/qubes/appvms/$hvm/$hvm.conf > /tmp/$hvm.conf
> qvm-start --custom-config=/tmp/$hvm.conf $hvm
>
> In R4 this will be much more painless ;]
Thanks for the help! I haven't yet succeeded in booting my HVM, but I
> It can work. I only tried it yet by converting an existing PV template.
> So I might miss stuff which is required when converting an "normal"
> Debian install (double check /etc/fstab). You need to do at least:
>
> apt-get install qubes-kernel-vm-support # and rebuild initramfs?
>
> remove /dev/xvdc1 from /etc/fstab
>
> qvm-prefs -s $hvm qrexec_installed true
> qvm-prefs -s $hvm quiagent-installed true
> sed -e '/<video/,+2d' /var/lib/qubes/appvms/$hvm/$hvm.conf > /tmp/$hvm.conf
> qvm-start --custom-config=/tmp/$hvm.conf $hvm
>
> In R4 this will be much more painless ;]
got a bit closer. I think I've come to the conclusion though that I can
save myself a lot of work by attempting to get this working in R4.
Reply all
Reply to author
Forward
0 new messages