Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upImplement qrexec service for installing template images #1705
Comments
marmarek
added
enhancement
C: core
P: major
release-notes
labels
Jan 29, 2016
marmarek
added this to the Release 3.1 milestone
Jan 29, 2016
marmarek
modified the milestones:
Release 3.1,
Release 3.1 updates
Feb 8, 2016
added a commit
that referenced
this issue
May 31, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
jpouellet
May 26, 2017
Contributor
Would this be resolved by QubesOS/qubes-doc@7ec63f5?
Also, XREF #2634 since I hadn't noticed this before.
|
Would this be resolved by QubesOS/qubes-doc@7ec63f5? Also, XREF #2634 since I hadn't noticed this before. |
referenced
this issue
in QubesOS/qubes-doc
May 26, 2017
andrewdavidwong
modified the milestones:
Release 3.1 updates,
Release 3.2 updates
May 31, 2017
marmarek
modified the milestones:
Release 3.2 updates,
Release 4.0
Mar 17, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
marmarek
Mar 17, 2018
Member
Admin API covers all of this. It is already possible to install qubes-template-* rpm package from a VM (having appropriate Admin API access). Some nicer UI could be useful, but that's #2534
|
Admin API covers all of this. It is already possible to install qubes-template-* rpm package from a VM (having appropriate Admin API access). Some nicer UI could be useful, but that's #2534 |
marmarek
closed this
Mar 17, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
marmarek commentedJan 29, 2016
Currently the only way to install new template is to use
qubes-dom0-updatetool. This means the package needs to be built and signed by ITL.It would be good to provide a tool (qrexec service) to create new templates from 3rd party sources. The template image itself (
root.img) is not trusted by dom0 in any way, so it would not compromise whole system security (contrary to rpm installed in dom0, which can do anything).AppVMs based on some template do trust its
root.img, but it's up to the user which VMs will use such template.Then, having such service, it will be possible to write a tool (running in some VM), which would download the image, verify its checksum/signature and transfer to dom0. Optionally first converting the image to "raw" format from something else (vmdk, vdi, qcow2 etc).
Such template should have PVGrub set as a kernel by default, so the template will be able to use whatever kernel it want. Including non-Linux one: MirageOS, FreeBSD etc.
In R4.0, we will have tags for VMs, so such template should be tagged as
importedandimported-from-VMNAME(whereVMNAMEis a name of VM which sent that image). Related to #1637