Qubes stuff

All files are signed with my Qubes OS Signing key.
You'll need to get this from a keyserver, or two, to make sure all is fine:
keyserver.ubuntu.com or, pgp.mit.edu
pub   rsa4096 2016-06-25 [SC]
      4B1F 400D F256 51B5 3C41  41B3 8B3F 30F9 C8C0 C2EF
uid           [ unknown] unman (Qubes OS signing key) 
sub   rsa4096 2016-06-27 [S] [expires: 2024-06-30]
sub   rsa4096 2016-06-25 [E]

You can also check the Qubes users mailing list or look on github.

Once you have copies of the key, check the fingerprint:

gpg -n --import --import-options import-show unman.pub
replacing unman.pub with the path to the key. Once you are satisfied that you have a genuine key, you can use it to validate the packages.


We provide up to date Qubes packages for Ubuntu 2022.4, Ubuntu 2024.4, and Debian testing, built using Qubes builder v2.
Although you could manually download the packages, it's better to use native package tools, and use the repositories provided.

Using Repositories in Debian based templates

To use a repository, copy the validated key to a template, and install it.
sudo gpg -o /usr/share/keyrings/unman-keyring.gpg --dearmor  unman.pub  
replacing unman.pub with the path to the key.

Then create a repository definition like this at /etc/apt/sources.list.d/3isec.list:
deb [signed-by=/usr/share/keyrings/unman-keyring.gpg] https://qubes.3isec.org/4.2 trixie main
deb [signed-by=/usr/share/keyrings/unman-keyring.gpg] https://qubes.3isec.org/4.2 noble main

Make sure that the definition matches the distribution you want.


To use the Arch repository you will need to get my Qubes OS signing key, validate it against sources in this mailing list, or at GitHub, or against different downloads via Tor.
qvm-copy the key in to the arch template.
Add the key:
sudo pacman-key --add 
sudo pacman-key --lsign unman
cd /etc/pacman.d
Then either create a new file, or rename the existing
Open the conf file for editing - the contents should be:
Server = https://qubes.3isec.org/arch/4.1
Then update:
sudo pacman -Syuu