kuhbs runs in dom0. If dom0 is compromised, the security
model of Qubes OS is broken. Please read all the code in this
repository, especially the kuhbs executable
scripts/kuhbs-executable, all of its functions below
functions/ as well as the kuhbs provided scripts that can
be used to setup VMs below setup-scripts/. Please open an
issue if you have any questions.
If you have read the code and understood how kuhbs works then please follow these steps:
1) Install Qubes OS on your workstation and let the installer create the default VMs, at least sys-net, sys-firewall and sys-usb. These Qubes OS default VMs are used during the setup of the kuhbs kuhb’s (described below), which manage networking and usb.
2) Open a disposable VM with internet access and clone the kuhbs git repository:
git clone https://github.com/Blunix-GmbH/kuhbs-for-qubes3) Move the .git directory, which could potentially contains malicious code:
mv kuhbs/.git kuhbs-git-directory
cd - # return to previous directory4) Create a .tar.gz archive of the git repository:
tar cvzf /home/user/kuhbs.tar.gz kuhbs5) Copy the tar archive to dom0:
qvm-run --pass-io disp0123 'cat /home/user/kuhbs.tar.gz' > kuhbs.tar.gz6) Unpack the tar archive:
tar xvzf kuhbs.tar.gzThis will place the kuhbs git repository at
/home/user/kuhbs/. You can change this location, but you
have to modify the KUHBS_BASE_PATH variable in the
defaults.sh file.
7) Read and understand the install script - you will most likely want to modify something!
less kuhbs/install/install.sh8) If you have read and understood the installer, run it:
kuhbs/install/install.shkuhbs does not mind being the only configuration management system on your Qubes OS installation. You can have kuhbs manage the upgrades on the VMs or use the qubes manager - kuhbs runs the upgrades on all kuhb’s in parallel (tpl then app in order) and is much faster though ;)