Qubes is https://qubes-os.org - if you never heard about it, reading https://www.qubes-os.org/getting-started/ will give you a nice overview what's possible and also should make you understand why Qubes…
Aims
- run Debian in Qubes' dom0 (as developer preview/setup for now)
- upload to Debian experimental for now (as a preparation to hopefully upload to unstable one day, to get the packages into Debian (make sure they comply to DFSG etc), to get the package tested by reproducible.debian.net)
- Developer preview, not usable by users, not supported by Qubes/invisiblelabs
- uploading the VM parts to Debian will make it possible to run Debian (and whonix and whatnot) VMs without using the Qubes apt repo (this is a more low hanging fruit that running Debian in dom0 but it's also less interesting)
Caveats
- it's clear that the libvirt and xen forks are not going to land like this in Debian. For libvirt we hope the version in Debian will actually be current enough (as Qubes has upstreamed their patches…), for Xen we hope the packaging can be changed to ship all the stuff Qubes is shipping (and which Debian is not yet).
- for the desktop support packages, we'll need to see… currently Qubes patches those desktops (for desktop specific reasons). Making the awesome source package build two packages, awesome and awesome-qubes is probably the easiest first step…
Things to tackle besides packaging
- Update mechanism
- qubes-dom0-updates currently uses another VM to download the .rpms which then are verified within dom0. This ain't possible like this on Debian, as .debs are not signed.
- installer
- dom0 (should use xen during installation), can be worked around (once packages exist) by manually installing them on Debian…
- VM templates, can be worked around by installing Fedora Qubes and backing up the VMs (and templates) and restoring them on Debian…
Resources
https://alioth.debian.org/project/admin/?group_id=101020 (maybe useful to have a mailinglist as maintainer address… or use qubes-devel list?)
- #debian-qubes on irc.debian.org
Packaging stati
git repo |
source pkg name if different |
prio |
dom0/VM/both |
existing Debian packaging |
ITP bug |
antievilmaid |
|
optional |
dom0 |
no |
|
app-linux-img-converter |
qubes-img-converter |
optional |
both |
only VM part |
|
app-linux-input-proxy |
qubes-input-proxy |
low |
both |
yes |
|
app-linux-pdf-converter |
qubes-pdf-converter |
low |
both |
only VM part |
|
app-linux-split-gpg |
qubes-split-gpg |
low |
both |
only VM part |
|
app-linux-usb-proxy |
qubes-usb-proxy |
low |
both |
only VM part |
|
app-thunderbird |
xul-ext-qubes |
optional |
VM only |
yes |
|
app-yubikey |
qubes-yubikey |
optional |
dom0 |
no |
|
artwork |
qubes-artwork |
medium |
dom0 |
no |
|
core-admin |
qubes-core-admin |
high |
dom0 |
no |
|
core-admin-linux |
qubes-core-admin-linux |
high |
dom0 |
no |
|
core-agent-linux |
qubes-core-agent |
high |
VM |
yes |
|
core-libvirt |
libvirt |
medium |
dom0 |
yes, in Debian but Qubes has some optional patches |
|
core-qubesdb |
qubes-db |
high |
both |
yes |
|
core-vchan-xen |
libvchan-xen-qubes |
high |
both |
yes |
|
desktop-linux-awesome |
qubes-awesome-patched |
medium |
dom0 |
no, and it's a fork |
|
desktop-linux-i3 |
qubes-i3-patched |
optional |
dom0 |
no, and it's a fork |
|
desktop-linux-kde |
qubes-kde-patched |
optional |
dom0 |
no, and it's a fork |
|
desktop-linux-xfce4 |
qubes-xfce4-patched |
optional |
dom0 |
no, and it's a fork |
|
gui-agent-linux |
qubes-gui-agent |
high |
VM only |
yes |
|
gui-common |
qubes-gui-common |
high |
both |
yes |
|
gui-daemon |
qubes-gui-daemon |
high |
dom0 |
no |
|
linux-utils |
qubes-utils |
high |
both |
yes |
|
manager |
qubes-manager |
medium |
dom0 |
no |
|
mgmt-salt |
qubes-mgmt-salt |
low |
both |
yes |
|
mgmt-salt-base |
qubes-mgmt-salt-base |
low |
both |
yes |
|
mgmt-salt-base-overrides |
qubes-mgmt-salt-base-overrides |
low |
both |
yes |
|
mgmt-salt-base-topd |
qubes-mgmt-salt-base-topd |
low |
both |
yes |
|
mgmt-salt-dom0-qvm |
qubes-mgmt-salt-dom0-qvm |
low |
dom0 |
yes |
|
mgmt-salt-dom0-update |
qubes-mgmt-salt-dom0-update |
low |
dom0 |
yes |
|
mgmt-salt-dom0-virtual-machines |
qubes-mgmt-salt-dom0-virtual-machines |
low |
dom0 |
yes |
|
vmm-xen |
xen |
high |
dom0 |
yes, in Debian, but Qubes needs some patches |
|
Further remarks
- there's also an app-linux-yubikey repo with slightly different code…
- core-admin postinst script need xen running
Git repos we don't care about
git repo |
why we don't care |
app-linux-tor |
obsoleted by whonix |
builder-fedora |
git submodule used for qubes-builder |
gui-agent-xen-hvm-stubdom |
git submodule used for building the xen package |
installer-qubes-os |
used to build the fedora based installer |
linux-deb |
scripts to update the apt repos on qubes-os.org |
linux-dom0-updates |
fedora backports |
linux-kernel |
newer linux kernel that what fedora has |
linux-pvgrub2 |
grub compiled with XEN support, part of grub2 debian package already |
linux-template-builder |
part of build infrastructure |
linux-yum |
scripts to update the yum repos on qubes-os.org |
mgmt-salt-base-config |
shall be obsoleted |
vmm-xen-windows-pvdrivers |
windows only |