Newbie-Question(?) How to install Firefox AddOns in a disposable VM

[piitb...@gmail.com]

Hello,

I tried to install Firefox-AddOns in my Fedora-App-VMs.
I've launched my Domain untrusted: Firefox and installed my "default" Firefox-AddOn (NoScript, AdBlock Ultimate, FlashBlock, HTTPS Everywhere) and after restarting the "untrusted" AppVM the AddOns where still there.

Now I want to have the same plugins installed in my disposable VM, but I don't know how.
I thought that each disposable VM will be made from the fedora-23-dvm (dvm = disposable VM?) and as such started up fedora-23-vm, launched Firefox and installed the AddOns.
After restarting Firefox the AddOns where still there.
Also after shutting down the VM and restarting the AddOns survived.

If I launch a disposable Firefox I can't see any AddOns - so the Questions, how do I install Firefox Addons in the disposable VM that will still there after restarting the disposable VM or opening a new disposable Browser?

- Piit

[piitb...@gmail.com]

Additional Note:

As far as I know the problem is, that the firefox addons are stored in the profile directory which belongs to the user (=/home directory) which will be deleted after closing a disposable VM.

Still I don't know how to fix this and if it a good idea to do so.
But reducing Clutter on Websites is a good thing.

- Piit

[Axon]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

piitb...@gmail.com:

https://www.qubes-os.org/doc/dispvm-customization/
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW7ITwAAoJEJh4Btx1RPV83B8QAPHrJJp3O5kLA6fZoRZhm1Jr
thRBtb8+eOBzgGufsZE0jvmNSJJ4fUBrIZZZXgMfyjQxk+kuh8XH0EzU9QYxXHP+
nTWHDOGLp0Tb5NElib3OcFyoQF1KE68eaCRiyQbq8GN0ocBFkwgTFCNqtw2XbwLZ
KEcHyr9P8hFe+7kAE/R35RMRR/tisF60sjvWs1Za6Vx41eRfIUCvfdKJs9Lk/Kqv
bVOr+x/nuwQBFHrznSK6dqecXuRxZMtIvaHKlTUsL9MSvFPB/kYCqM/2QWtjKvl6
Cd81MAePONtLBeyrehnbQ3s0nHNwozQIboATRSc7BreSGkU8dTGL7w26kDFOgtxE
32A49NR06lELGWGsDdVy52qqMY3pmZ3Aky5GtsC7FX/Xw/pcUF3gW6h1n06pMnyL
3pqpkIs5R0zwSS4cQ1i4B0crRSRjmaO/E1Oz9kpwgjSrDstA9k1r2kVUsF3w4aeX
9FB/5VvOJ824nukolGpE/q+6m6ifcjZUJ40TrIUGtpBT/0Jz/ewvYHfMrwhZj+0h
zYTHZQ682+CKZZvRz8P6YujgVga7vYOgbp0gViicFw+pQgHVD8ke7mykQpg81y7e
03DWJKO4p71Fr19h0MmYiSQEgrjyo+6tywJfkdxBCB5AIuz+Eq8+RyfjFgpuD3mo
62WxQH05MoSKauYxxl6a
=GVGm
-----END PGP SIGNATURE-----

[raah...@gmail.com]

After reading that I still don't know how either...

[qu...@qubu16.sbrk.co.uk]

On Fri, Mar 18, 2016 at 10:45:06PM +0000, Axon wrote:
> https://www.qubes-os.org/doc/dispvm-customization/

See this thread where I went through this:
https://groups.google.com/d/msg/qubes-users/2_huXNxDXdE/sx2EOEQSCAAJ

I installed noscript, requestpolicy, cookie monster and web developer addons
in my dispvm and it works fine. Note the correction to the command list
in the second message of that thread.

Paul

[raah...@gmail.com]

but how did you actually install the addons?

[raah...@gmail.com]

and how do you keep them updated?

[qu...@qubu16.sbrk.co.uk]

On Fri, Mar 18, 2016 at 09:20:15PM -0700, raah...@gmail.com wrote:
> On Saturday, March 19, 2016 at 12:19:25 AM UTC-4, raah...@gmail.com wrote:
> > On Saturday, March 19, 2016 at 12:11:00 AM UTC-4, qu...@qubu16.sbrk.co.uk wrote:
> > > On Fri, Mar 18, 2016 at 10:45:06PM +0000, Axon wrote:
> > > > https://www.qubes-os.org/doc/dispvm-customization/
> > >
> > > See this thread where I went through this:
> > > https://groups.google.com/d/msg/qubes-users/2_huXNxDXdE/sx2EOEQSCAAJ
> > >
> > > I installed noscript, requestpolicy, cookie monster and web developer addons
> > > in my dispvm and it works fine. Note the correction to the command list
> > > in the second message of that thread.

> > but how did you actually install the addons?

At the point where I started the xterm, I started firefox, installed all the
addons, touched the marker file, halted the dispvm and then continued with
the rest of the commands.

> and how do you keep them updated?

To do that, I'd have to startup the dispvm, install updates, touch the
marker file and run the subsequent commands again to create a newly
modified dispvm.

Paul

[piitb...@gmail.com]

Hello Paul,

Am Samstag, 19. März 2016 05:11:00 UTC+1 schrieb qu...@qubu16.sbrk.co.uk:

On Fri, Mar 18, 2016 at 10:45:06PM +0000, Axon wrote:
> https://www.qubes-os.org/doc/dispvm-customization/

See this thread where I went through this:
https://groups.google.com/d/msg/qubes-users/2_huXNxDXdE/sx2EOEQSCAAJ

Thank you, I think the Qubes OS documentation is missing something like an example, which would make it easer for newbies like myself to understand the procedure.
Maybe adding the information like adding Firefox Addons to a disposable VM is a good example?

I'll try to follow the mentioned links and see if I can setup my disposable VM with some Firefox Addons.
From the first link (Qubes OS docu):

Note that currently Qubes supports exactly one DispVM template, so any changes you make here will affect all DispVMs.

As such it is not possible to have several disposable VM, as such I don't understand the procedure from the 2nd link:

The (corrected) example from the 2nd link shows how to place an example file in the disposable VM, which will be available in every disposable VM.
Instead of cerating a text file, we could of couse also tweak the system.
Can you describe what each step is for

• Clone an existing VM by copying all its disk files
  clone fedora-23 to a new VM named f23
  dom0$ qvm-clone fedora-23 f23
• What is this command for?
  Make f23 the new default disposable VM?
  dom0$ qvm-create-default-dvm f23
• Launch a XTERM window in a new disposable VM (which is based on f23)?
  dom0$ qvm-run -a f23-dvm xterm
• Create a test file to see if a change made to the disposable VM is persistent
  Example for any other configuration change within the VM
  f23-dvm$ echo abc > test
• Poweroff this VM
  f23-dvm$ sudo halt -p
• Launch a XTERM window in a new disposable VM (which is based on f23)?
  dom0$ qvm-run -a f23-dvm xterm
• Verify if the configuration change has survived during reboot
  f23-dvm$ cat test
  abc
• Poweroff this VM
  f23-dvm$ sudo halt -p
• What is this command for?
  f23-dvm$ touch .qubes-dispvm-customized
• What is this command for?
  dom0$ qvm-create-default-dvm f23 --default-script
• What is this command for?
  dom0$ echo xterm|/usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red

Can someone answer what the yellow marked commands are for as this would make me understand how we can change a disposable VM.

- Piit

[x...@xet7.org]

Hi,
I'm using one Standalone AppVM based on Debian8 template when installing for example Flash plugin with flashplugin-installer from repos, and other custom software. I don't see point in adding those to disposable VMs etc, not all my VMs have need for Flash plugin.

Standalone VM is full separate VM that has copy of template VM and keeps all changes made to installed apps etc. It needs to be updated separately.

BR,
xet7

[Axon]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

piitb...@gmail.com:

> Hello Paul,
>
> Am Samstag, 19. März 2016 05:11:00 UTC+1 schrieb
> qu...@qubu16.sbrk.co.uk:
>>
>> On Fri, Mar 18, 2016 at 10:45:06PM +0000, Axon wrote:
>>> https://www.qubes-os.org/doc/dispvm-customization/
>>
>> See this thread where I went through this:
>> https://groups.google.com/d/msg/qubes-users/2_huXNxDXdE/sx2EOEQSCAAJ
>
>>
>>
>>
>
> Thank you, I think the Qubes OS documentation is missing something
> like an example, which would make it easer for newbies like myself
> to understand the procedure. Maybe adding the information like
> adding Firefox Addons to a disposable VM is a good example?
>
> I'll try to follow the mentioned links and see if I can setup my
> disposable VM with some Firefox Addons.
>> From the first link (Qubes OS docu):
>
> Note that currently Qubes supports exactly one DispVM template, so
> any
>> changes you make here will affect all DispVMs.
>
>
> As such it is not possible to have several disposable VM, as such I
> don't understand the procedure from the 2nd link:
>
> The (corrected) example from the 2nd link shows how to place an
> example file in the disposable VM, which will be available in every
> disposable VM. Instead of cerating a text file, we could of couse
> also tweak the system. Can you describe what each step is for
>
>

> - Clone an existing VM by copying all its disk files clone
> fedora-23 to a new VM named f23 dom0$ qvm-clone fedora-23 f23 -

> What is this command for? Make f23 the new default disposable VM?

> dom0$ qvm-create-default-dvm f23 - Launch a XTERM window in a new

> disposable VM (which is based on f23)? dom0$ qvm-run -a f23-dvm

> xterm - Create a test file to see if a change made to the

> disposable VM is persistent Example for any other configuration

> change within the VM f23-dvm$ echo abc > test - Poweroff this VM
> f23-dvm$ sudo halt -p - Launch a XTERM window in a new disposable
> VM (which is based on f23)? dom0$ qvm-run -a f23-dvm xterm - Verify

> if the configuration change has survived during reboot f23-dvm$ cat

> test abc - Poweroff this VM f23-dvm$ sudo halt -p - What is this
> command for? f23-dvm$ touch .qubes-dispvm-customized - What is this
> command for? dom0$ qvm-create-default-dvm f23 --default-script -

> What is this command for? dom0$ echo
> xterm|/usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT
> red
>
> Can someone answer what the yellow marked commands are for as this
> would make me understand how we can change a disposable VM.
>
> - Piit
>
>

Did you try following the steps in the documentation (as opposed to
the ones in that thread)? Each step is explained in the documentation.
If it's not clear enough, let me know which specific phrases in the
documentation are unclear.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW7XBoAAoJEJh4Btx1RPV8boQP/jiUhRtYvGfC9unf5IRerN63
XX4G24z9WF04m447iZc+bMq3kLqPUUAfiEkmckouD+OMMhiLhSMXTTdq+s1GqfeF
No7jiEZnRZ4oZyx8Jaql9h16Bn614s9RllAQZJwGuTW4Wkxd1/OHOKqkUFFwkfSn
UKpVjSnUE0eBIMmfWnhWOjNRrAZkqoPH7S/dXEZaVYm8bNrAQw+0QvtpHxffW01B
2iRzh1TJ2I+MrX1fIgwJF+Df6yx2cxYSU2/CQpyOaoNIJdoL98ENb73CU07u2+1a
hWpbGSwjbVTVHE7MYYqZ3S3yxoLBjeqvTbPuzbcgE3SqWUcB1jkV/ukH3Tp68Fwe
shhSMcpiChupoedDGfem/THqoaZ/hMNIu8Obuifm0S82FbslTwdcCI8h92abmN5G
P3+Zj6HZ4pm3Ootm7GbVzEuUPl2VKXwW7s9hKf48VbzcP3c6e0gV7jC8bktIJltw
PnsP78kBTf0IXsiktP4aVr/5P84Db7ZeUYCOuzGRMBiuK9sufZeAMW7z3/ACHbz3
C75KoWgCx2oaXNhPBUaCM5o9r0Yv5GjKxDlPnl89OiZJ/QvheWocPMUi6RoM9LEs
qXfwz0/ET1Z3YtyvCoI2vyBIgG/m8LK2CPao3lBCSyYFXTA7arYK8BBRtPVqIpXP
m+y8YvYRQOHZ4OwY5Xck
=KmeE
-----END PGP SIGNATURE-----

[Axon]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

qu...@qubu16.sbrk.co.uk:

But the instructions are already correct, aren't they? Step 3 clearly
shows the `.qubes-dispvm-customized` file being created in the dvm
template, not in dom0.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW7NjbAAoJEJh4Btx1RPV887oQAJaqyPkMy0ud9+v0JWXEeAOp
XTDhgRWCFMI8g7EIgXkWPcAF9eQWPbG4sB8N/dLW9StlvC9NQWibSo2YBUbPhmHO
Dk0iVxXN1dqGwxCN01o/M5UEiT62FJ10P1e4rfAOiiwkMm078VmysJcAenp1AD0O
BlMowkpJJgxty/QREuqrk6ulIF/4xfFv0Eg0HoKX7bc6IY4tqyFJocMhdyiDkDeV
ss/H1rtyysu9jpFzI3Cu/cwGYa7ug24vkxUAYlpMBPk/LipGlla44TQIO78zCu7m
acNbBwbDHUJydswBuH2eGDW5XS1HXLrVojzOgZ14+Npz/JqDcV798ZDdMQWKPJvi
OCCm3uhVh5OytFHc33g+SDezk88zEQ5wJBggr4VmveahCojvhuBKcfB+J7JnBiUH
vMzp7slkOg/AQc/cUQ2I3M/uZwvBkcpvQMt/cmPJf2Eu6FdQJvKX3oBvuxODUVYO
DNk8kpqFCWRFtJeX12R0zW9NTwlHkue8aksjAiV+7gVG/UMN9W5iWZOouCbKsExo
KBDF2c8gl3dS9d8rX0hlnTJ2jZTes9+pnXNmHJW4YWQmPD+VW2xJHcDAY63ybG87
myM30b11muNxUtT0lOxJt152qjlEQ1vSdSjY2zuvp7F54lMvmCDN9hzEBRK63sv0
HGav209qgwnBgqTO8kXB
=PZdx
-----END PGP SIGNATURE-----

[7v5w7go9ub0o]

On 03/19/2016 04:43 AM, Axon wrote:


> qu...@qubu16.sbrk.co.uk:
>> On Fri, Mar 18, 2016 at 10:45:06PM +0000, Axon wrote:
>>> https://www.qubes-os.org/doc/dispvm-customization/
>>
>> See this thread where I went through this:
>> https://groups.google.com/d/msg/qubes-users/2_huXNxDXdE/sx2EOEQSCAAJ
>>
>>
>>
I installed noscript, requestpolicy, cookie monster and web
>> developer addons in my dispvm and it works fine. Note the
>> correction to the command list in the second message of that
>> thread.
>>
>> Paul
>>
>
> But the instructions are already correct, aren't they? Step 3
> clearly shows the `.qubes-dispvm-customized` file being created in
> the dvm template, not in dom0.
>

Perhaps part of the recent confusion re: dispvm is the equating of
"dispvm" and "shortcut to firefox running in a dispvm"!? e.g. when one
is updating a dispvm, they are actually updating firefox within the dispvm.

Also, perhaps step 2 of the instructions could use an example of
entering "firefox" into the terminal to start the browser, and then
customizing it; e.g. going to "extensions" within the now open browser
and checking for updates!?

(Sigh.....also again, I fear I have added to the confusion by suggesting
to some that I "start up a dispvm" and copy files into it - e.g.
keepassx. In this case I am *not* using the qubes-dispvm firefox
shortcut, but instead am running:
"sh -c 'echo uxterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0'"

I should have been more clear.

[Axon]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

raah...@gmail.com:

> On Friday, March 18, 2016 at 6:45:26 PM UTC-4, Axon wrote:
> piitb...@gmail.com:
>>>> Hello,
>>>>
>>>> I tried to install Firefox-AddOns in my Fedora-App-VMs. I've
>>>> launched my Domain untrusted: Firefox and installed my
>>>> "default" Firefox-AddOn (NoScript, AdBlock Ultimate,
>>>> FlashBlock, HTTPS Everywhere) and after restarting the
>>>> "untrusted" AppVM the AddOns where still there.
>>>>
>>>> Now I want to have the same plugins installed in my
>>>> disposable VM, but I don't know how. I thought that each
>>>> disposable VM will be made from the fedora-23-dvm (dvm =
>>>> disposable VM?) and as such started up fedora-23-vm, launched
>>>> Firefox and installed the AddOns. After restarting Firefox
>>>> the AddOns where still there. Also after shutting down the VM
>>>> and restarting the AddOns survived.
>>>>
>>>> If I launch a disposable Firefox I can't see any AddOns - so
>>>> the Questions, how do I install Firefox Addons in the
>>>> disposable VM that will still there after restarting the
>>>> disposable VM or opening a new disposable Browser?
>>>>
>>>> - Piit
>>>>
>
> https://www.qubes-os.org/doc/dispvm-customization/
>

> After reading that I still don't know how either...
>

Which part is unclear? Did you try following the steps?
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW7K5nAAoJEJh4Btx1RPV8uw8QAM5W5LzbAeAw4jnRJ5S901rg
2vnk1cuN93mGhQudSnNXwVEqETz6xZCn0/m4qDGRAqJ4cuWRVC656vWL+Y/5ku+F
MRNR8+AL8/Y0wkyLiKJrfUs6ra9ShVWfoqvaBE2mvDt0Z+bzTqRNHWde67y/dPpD
KqGLUZ7zoHWiYSV2SIOMf0qbucrHUbYpM9wAfowgDRVVO61k8/sU4dTeBbIMNQmc
g5p4PhClNmqMlww+Bgz8y1Zj+9wrLeNli+6DZkDxojcjpaqE82GuWIHwyfsHw7e+
HS9wfGCXV8twF2pi7ewWtw1IxTpFFUSQkGyN8K40l7DfdOt6SaQ02VhVJk35Bd96
QyAc7uiCZXOL/8fnebaoG1cFgKgMwf3HP9IG7sdp0j9HPk5rvOHnEzmOIIRabU/m
r97gEPau7Hu9vI5xholWOXYPka87FVRFzKDgM0IZ7YzNthZzWAMWdzzwhkVOsMm2
4b6HLi/r037zey1j9nY3h2u1GHM+GenSIrJQxcokMIzSS7D1kFkgakKjcDC5LbOr
8XxS+EgYJ3SFmcUCxMqH43S54u5x5iu8NS7zpIESI0seBp2AnyRYOKj0KSTc9lU4
vIVhtlm71zfNWybP/9mz1mTG+tsQ0XjU+5EZcrfgTR/VknWoWKAxsdVHRslcMMlu
ozlI7C7eI0Rahi03HRrR
=dHHB
-----END PGP SIGNATURE-----

[piitb...@gmail.com]

Hello Axon,

I have followed the documentation "Changing the template used as a basis for Disposable VM", located at https://www.qubes-os.org/doc/dispvm-customization/ and got it running.

My goal was to have the following Firefox-Addons available at in the disposable VM:

• AdBlock Ultimate
• Disconnect
• FlashBlock
• HTTPS Everywhere
• NoScript

I did the following steps:

1. Launched a Terminal in the Disposable VM Template (fedora-23-dvm)
   qvm-run -a fedora-23-dvm gnome-terminal
2. Launched Firefox from the Terminal via firefox and installed the desired Firefox-AddOns
3. Still beeing in the same Terminalsession I run the command from the documentation:
   touch /home/user/.qubes-dispvm-customized
   (unfortunately the documentation has no information why I need to run this command, which should be added)
4. Shutdown the Disposable VM Template via poweroff
5. Regenerate the DispVM template with the command from the documentation from a terminal in Dom0:
   qvm-create-default-dvm --default-template --default-script
   (the documentation should include an information for the two options --default-template and --default-script as I could also not find any information via qvm-create-default-dvm--help)

Regarding your question:

Am Samstag, 19. März 2016 19:58:57 UTC+1 schrieb Axon:

(...) Which part is unclear? Did you try following the steps? (...)

I think the documentation is good, but adding the above red comments would make it even better.
Another important information is that there can only be one type of disposable VM and as such only one Template can be the base for these disposable VMs.

Is there a place where the concept of the qubes os structure is explained in more details, as I would like to understand what I am seeing when entering ll /var/lib/qubes/dvmdata

As far as I understand:

fedore-23-dvm is an App-VM which is based on the fedora-23 VM-Template.
I can use any App-VM as base for the disposable VM via...

[user@dom0 ~]$ qvm-create-default-dvm <custom-template-name>

... which will then create some symbolic links in /var/lib/qubes/dvmdata which will point to the AppVM.

 As such I can only have one disposable VM, but  can "relink" them to any App-VM if I need to.

- Piit