Qubes stuff

All files are signed with my Qubes OS Signing key.
You'll need to get this from a keyserver, or two, to make sure all is fine:
keyserver.ubuntu.com or, pgp.mit.edu
pub   4096R/C8C0C2EF 2016-06-25
      Key fingerprint = 4B1F 400D F256 51B5 3C41  41B3 8B3F 30F9 C8C0 C2EF
uid                  unman (Qubes OS signing key) 
sub   4096R/4731B36C 2016-06-27 [expires: 2022-06-30]

You can also check the Qubes users mailing list or look on github.

Once you have copies of the key, check the fingerprint:

gpg -n --import --import-options import-show 
replacing "" with the path to the key you saved. Once you are satisfied that you have a genuine key, you can use it to validate the packages.


To use a Ubuntu repository, copy the validated key to a Ubuntu Template, and install it using apt-key.
sudo apt-key add unman.pub
replacing "unman.pub" with the path to the key.
Then add a line like this to /etc/apt/sources.list:
deb https://qubes.3isec.org/4.0 focal main
deb https://qubes.3isec.org/4.0 bionic main


To use the Arch repository you will need to get my Qubes OS signing key, validate it against sources in this mailing list, or at GitHub, or against different downloads via Tor. qvm-copy the key in to the arch template.
Add the key:
sudo pacman-key --add 
sudo pacman-key --lsign unman
cd /etc/pacman.d
Then either create a new file, or rename the existing
Open the conf file for editing - the contents should be:
Server = https://qubes.3isec.org/arch/4.0
Then update:
sudo pacman -Syuu


For 4.1, follow the above process, changing 4.0 to 4.1 throughout.