You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The initial support for dom0 RPMs such as the qubes-template-securedrop-workstation config introduced in #260 has a major deficiency: the configuration does not persist across workstation reboots. That's due to the fact that the pubkey for the RPM repo is placed directly inside the sys-firewall AppVM.
Steps to reproduce
Run make clean && make all
Confirm that sudo qubes-dom0-update --enablerepo securedrop-workstation-dom0 qubes-template-securedrop-workstation completes successfully (although the template should already be installed, due to make all)
Reboot workstation.
Observe that sudo qubes-dom0-update --enablerepo securedrop-workstation-dom0 qubes-template-securedrop-workstation does not complete successfully.
Suggested changes
In order for the config to persist, we have two options:
Add the configuration to the TemplateVM for sys-firewall (e.g. fedora-30)
Add the configuration to /rw/config/ in sys-firewall, so the config is restored on each boot of the AppVM.
Between the two, 2) is preferable: we don't want all Fedora-based machines to include the dom0 pubkey repo info, and we don't want to have to update the Template settings every time a Fedora version goes EOL (see #329).
The text was updated successfully, but these errors were encountered:
The initial support for dom0 RPMs such as the
qubes-template-securedrop-workstationconfig introduced in #260 has a major deficiency: the configuration does not persist across workstation reboots. That's due to the fact that the pubkey for the RPM repo is placed directly inside thesys-firewallAppVM.Steps to reproduce
make clean && make allsudo qubes-dom0-update --enablerepo securedrop-workstation-dom0 qubes-template-securedrop-workstationcompletes successfully (although the template should already be installed, due tomake all)sudo qubes-dom0-update --enablerepo securedrop-workstation-dom0 qubes-template-securedrop-workstationdoes not complete successfully.Suggested changes
In order for the config to persist, we have two options:
sys-firewall(e.g.fedora-30)/rw/config/insys-firewall, so the config is restored on each boot of the AppVM.Between the two, 2) is preferable: we don't want all Fedora-based machines to include the dom0 pubkey repo info, and we don't want to have to update the Template settings every time a Fedora version goes EOL (see #329).
The text was updated successfully, but these errors were encountered: