Sometimes users need to install software on TemplateVMs that is not available on the software respository for that templateVM's distribution. But first please try the recommended (simpler and safer) method and to see if it's available. In this post, I try to break down some of the alternatives.
Required reading: from the official docs on Trusting your TemplateVMs
There are at least 3 methods: - Temporarily allowing networking for software installation - Updates proxy - Copy from another VM
[quote="tava, post:1, topic:1722"] I use NordVPN, it uses wget, to download package, to template VM. For security, Template VM has no internet access, but wget need Internet connection. So I attach sys-net to template VM for temporary, to download NordVPN. It means security has been compromised. [/quote]
I'm trying to build BitcoinArmory from source into a template VM but get the following error: $ git clone git://github.com/etotheipi/BitcoinArmory.git Cloning into 'BitcoinArmory'... fatal: unable to access 'https://github.com/etotheipi/BitcoinArmory.git/': Could not resolve host: github.com -- Zhang9000 at google groups
This is by far the easiest (GUI only), but you're giving unchecked network access to the VM, but at least you don't forget to turn it off (as would happen if you say connect it to sys-firewall).
Before proceeding, read this explanation from the docs about this process.
sys-firewall (never sys-net since sys-firewall enforces network isolation between qubes)Important: go to the "Firewall rules" tab and select "Limit outgoing internet connections to..." and then on the bottom click the checkbox saying Allow full network access for 5 min.
You then have 5 min to do the network required part for installing the program on the template.
Go back to the Qube settings "Basic" tab and set the Networking to None.
(solution based on this post)
The updates proxy is how templateVMs are able to update software, even though they're not connected to the internet.
So if you want to wget, pip install or git clone for example you can proxy those applications to the updates proxy (running on 127.0.0.1:8082).
Se bellow an example of this in practice https://forum.qubes-os.org/t/external-repositories-pip-snap-appimage-persistent-installations-in-template-appvm/561/4
You can also download the required files on another VM (or even a DisposableVM) and copy those files to the TemplateVM.