[nmglug] PureOS GnomeBoxes virtual machine on MX 'writable LiveUSB'

Tom Ashcraft trailerdog234 at comcast.net
Fri Aug 7 07:33:38 PDT 2020

PureOS GnomeBoxes virtual machine on MX 'writable LiveUSB'

My notes with a bit of explication in case someone else might like to 
try this (looking at you, Brian) or maybe provide additional virtual 
machine/USB hints or comments.

So far it all seems to work rather nicely--but it does make a 
ten-year-old plus AMD Turion II Toshiba Satellite L505 with 4MB RAM 
rather sluggish.

I decided to try Qemu-KVM-VirtualMachineManager first rather than the 
recent edition proprietary VirtualBox available in MX for the sake of 
reinforcing general Debian transferable GNU FOSS skills.

A couple of years ago I'd gotten fairly comfortable with setting up 
Ubuntu and Debian servers in Qemu-KVM-VirtualMachineManager virtual 
machines.  Also, yesterday I had just done a passably successful 
installation of Windows 10 with spice guest additions that produced 
really nice choices of display resolutions, but was slow because I was 
unable to find any way to specify more than 16MB default for video, 
though it is supposed to be possible to do this through XML setting that 
never materialized in my instance of virt-manager).  Probably some 
missing dependency that was unmentioned in the YouTube video I was using 
as a guide.  At any rate, I couldn't make PureOS run under Qemu-KVM-VMM 
probably for similar reasons (i.e. I didn't know what I was doing.)

Searching YouTube again I came accross Gnome Boxes which I had heard 
about from Jared at an abqlug meeting but forgotten.

Like Qemu-KVM, gnome-boxes passes muster as Debian free software, shows 
and installs with apt.  Really easy to use and works like a dream.

However, there are several packages/dependencies in common with 
qemu-kvm, and also a few additional packages in common with both that 
are required to get both to work properly, at least in the case of using 
PureOS as a virtual machine.  Also, there is one more that I think will 
be nice to have, and one more that is required to make it all go under MX.

So here's all the stuff, probably pretty closely in order of best 
priority and sequence of installation.

But first an aside about PureOS.  The first update to the latest version 
replaces Pure Browser with Firefox ESR.  Apparently most everything in 
PureOS is just Debian along with a special somewhat more highly 
curated/ranked software repository.  I added several of my favorite 
packages via apt and noticed they were listed with a slash followed with 
the word amber.  I assume this is as in green/amber/red categories of 
suspicion.  Just a guess.  I haven't yet looked into it.

And just in case one happens to be preparing to create virtual machines 
on a computer not used for virtual machines before, remember to restart 
the computer, go into BIOS settings and make sure the virtualization 
setting is enabled...

Now.  Every command that follows a dollar sign below should be done 
(except in one case where noted otherwise):

For reference
https://wiki.debian.org/KVM applicable command/packages summation:

$ sudo apt-get install qemu-kvm libvirt-clients libvirt-daemon-system 

For reference
(lifted from Chris Titus Tech who is coming from a place other than 
Debian but catches most of what seems to be missing in other references 
I've seen)

Applicable commands:


$ sudo apt install gnome-boxes qemu-kvm libvirt-bin
*But* if you did the above from wiki.debian.org/KVM (as I think is 
likely best), all but gnome-boxes packages are consequently obsoleted 
and will cause defeat the entire command, so just do:

$ sudo apt install gnome-boxes

Add User to kvm:

sudo usermod -a -G kvm $USER

Allow users in kvm group to start VMs:

sudo sed -i -e 's/\#group\ =\ "root"/group=kvm/g' /etc/libvirt/qemu.conf


For reference

Fix MX problem with gnome-boxes and have more network options:

$ sudo apt install bridge-utils qemu-utils

And that did it.  GnomeBoxes is pretty well entirely self-teaching and 
easy to figure out by clicking around a little.  A very nice program.

PureOS install thereafter initiates loading of live/demo instance, then 
imap & smtp, email password and keyring password setup is required in 
order to proceed to first full use of desktop.

Closed welcome page and hit Activities > Install.

Uses the Calamares installer

Other things about the automated aspects of my virtual installation that 
I noted to note:

Auto set/detected 'ATA QEMU HARDDISK - 20.0 GiB (/dev/sda)'

Selected 'Erase disk', 'no swap', 'encrypt system'.

Auto set/detected 'Boot loader location:  Master Boot Record of ATA QEMU 
HARDDISK (/dev/sda)'

Username, computer name, user password are set, then final commitment to 
overwrite the 20.0 GiB above is made and permanent installation proceeds.

Takes at least a half-hour probably more on L505.

Initial login and setup again first requires imap & smtp, email address 
info and setup in order to achieve first full access to desktop 

Seems to me that from the security point of view, one's identity is 
probably now already compromised by association with an ip address and 
probably also some un-announced machine and browser identifications.  
However, if anonymity is not a necessary requirement for one's personal 
security, this set of arrangements likely represents a reasonable 
workable compromise on the part of the Librem developers  between 
necessary social accountability/responsibility and the user's legitimate 
needs for privacy against the prevailing ubiquitous conditions of 
rampant unwarranted commercial/criminal/government intrusion.

Therefore, in my case, because of the "pure" orientation of PureOS, I 
opted FOR DoH in Firefox.  (The initial state was opt-in, not opt-out as 
Dr. Vixie has feared, and as I seem to remember it actually is in the 
non-ESR version of Firefox.) That is, it is perhaps reasonable that 
"they" should know who I am, but it is certainly none of their business 
what I do, unless it is illegal.  I don't lie on my driver's license; I 
lock the door of my house; I draw my shades together in the evening.

Firefox hamburger menu > Preferences > General.  Scroll all the way to 
the bottom of the bottom, Network Settings > Settings.  Scroll to bottom 
of opened Connection Settings window. Check box 'Enable DNS over 
HTTPS'.  One does have to wonder exactly why this setting is so far out 
of sight.

So.  An easy-to-use encrypted Debian-based privacy-oriented OS in an 
easy-to-use GNU virtual machine in an encrypted easy-to-use Debian OS on 
a portable USB stick that still works as a storage device and likely 
works on, as far as I presently know, just about any Linux or Windows 
machine.  A veritable Swiss army knife. Might work as a cat toy or 
bottle opener too (once).


More information about the nmglug mailing list