Qubes Builder
Python Makefile Shell
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
build-logs .gitignore: also ignore log.old files Nov 19, 2012
cache Add plugins support, move distribution-specific scripts there Mar 10, 2015
doc doc: describe ALLOWD_DISTS_* option Jul 1, 2018
example-configs fix branch for python-quamash Aug 6, 2018
iso gitignore update Jun 19, 2016
libs convert argslist to ascii strings before os exec call Sep 28, 2017
qubes-packages-mirror-repo Update qubes-packages-mirror-repo description Apr 18, 2015
release-configs Add centos7+xfce template Aug 3, 2018
repo-latest-snapshot Updated update-repo-current target May 14, 2014
rpc-services Make build-template-in-dispvm compatible with R4.0 May 21, 2018
scripts travis: convert /dev/shm into normal mounpoint Jul 16, 2018
.gitignore gitignore May 21, 2018
.setup.data Remove wheezy and trusty builds from setup Aug 3, 2018
Makefile Fix template signing if DIST name contains a dash Jul 12, 2018
Makefile.dummy windows-image: add support for component-specified extra files to ext… Oct 18, 2013
Makefile.generic Set DIST_ORIG_ALIAS for template build Jun 28, 2018
README.md Add PyYAML to documented dependencies Jul 26, 2018
qubes-developers-keys.asc Add old Woju's keys revocation certificates Jan 8, 2016
qubes-release-1-signing-key.asc Update qubes-release-1-signing-key.asc Apr 15, 2012
qubes-release-2-signing-key.asc New Release 2 signing key: qubes-release-2-signing-key.asc Nov 15, 2012
qubes-release-3-signing-key.asc Introduce qubes-release-3-signing-key.asc Nov 19, 2014
qubes-release-3.0-signing-key.asc Add symlinks for release 3.x keys Apr 14, 2016
qubes-release-3.1-signing-key.asc Add symlinks for release 3.x keys Apr 14, 2016
qubes-release-3.2-signing-key.asc Add Qubes 3.2 signing key symlink May 18, 2016
qubes-release-4-signing-key.asc Add Qubes 4.0 signing key Apr 9, 2017
qubes-release-4.0-signing-key.asc Add Qubes 4.0 signing key Apr 9, 2017
setup setup: handle plugin dependencies for dom0 May 25, 2018
win-mksrcimg.sh windows: create build-logs dir in windows-sources.img Jul 10, 2018
win-mountsrc.sh windows: mount source image read-only by default Dec 6, 2015

README.md

This repository contains an automated build system for Qubes, that downloads, builds and packages all the Qubes components, and finally should spit out a ready-to-use installation ISO.

Note: The build system has been improved since this file was last updated. The Archlinux template building instructions contain more up-to-date and detailed information on how to use the build system.

In order to use it one should use an rpm-based distro, like Fedora, and should ensure the following packages are installed:

  • git
  • createrepo
  • rpm-build
  • rpm-sign (if signing of build packages is enabled)
  • rpmdevtools
  • make
  • python2-sh
  • dialog
  • perl-open
  • PyYAML

Usually one can install those packages by just issuing:

$ sudo dnf install git createrepo rpm-build rpm-sign make python2-sh rpmdevtools rpm-sign dialog perl-open PyYAML perl-Digest-MD5 perl-Digest-SHA

for older Fedora or CentOS versions use:

$ sudo yum install git createrepo rpm-build rpm-sign make python2-sh rpmdevtools rpm-sign dialog perl-open PyYAML

Or just install them automatically by issuing:

$ make install-deps

The build system creates build environments in chroots and so no other packages are needed on the host. All files created by the build system are contained within the qubes-builder directory. The full build requires some 25GB of free space, so keep that in mind when deciding where to place this directory.

The build system is configured via builder.conf file -- one should copy selected file from example-configs/, and modify it as needed, e.g.:

cp example-configs/qubes-os-master.conf builder.conf 
# edit the builder.conf file and set the following variables: 
# GIT_PREFIX="marmarek/qubes-" 
# NO_SIGN="1"

Alternatively you can use setup script, which will help you to create the configuration interactively.

One additional useful requirement is that 'sudo root' work without any prompt, which is default on most distros (e.g. 'sudo bash' brings you the root shell without asking for any password). This is important as the builder needs to switch to root and then back to user several times during the build process (mainly to preform chroot). But do not call make directly as root.

Additionally, if building with signing enabled (so NO_SIGN is not set), one must set SIGN\_KEY in builder.conf.

It is also recommended to use an empty passphrase for the private key used for signing. Contrary to a popular belief, this doesn't affect your key or sources security -- if somebody compromised your system, then the game is over, whether you use additional passphrase for the key or not.

To build all Qubes packages one would do:

$ make qubes-os-iso

And this should produce a shiny new ISO.

One can also build selected component separately. E.g. to compile only gui virtualization agent/daemon:

$ make gui-daemon

You can also build the whole template in DispVM:

$ make template-in-dispvm

For details see doc/ directory.