I formerly manually installed KickSecure into Qubes Debian template a few years back and recently installed the independent KickSecure template but was completely caught off guard by the introduction of the highly restrictive user-sysmaint-split feature which prevents the use of sudo and installing software from/in the default user account etc.
I feel the impact to the user experience of this new feature could have been made far bolder/more apparent (rather than just a simple new feature introduction reference) but i do acknowledge the solid reasoning behind the introduction of this important security feature and would still like to give it a go rather than simply bypassing/removing it.
I browsed some info regarding this new feature and understand one must reboot into (rather than simply log out of the current account and straight into) the sysmaint account to install software and make changes etc but am interested to know the recommended way to reboot into this account in a Qubes template given there is no UI shown during the normal boot up process. Please advise.
I also note that during the first steps of template installation instructions it enables the repo “qubes-templates-community-testing” and assume this essentially enables the same option as the “community testing templates” tick box in the Qubes OS Global Config UI menu. Strangely this option still remains unticked in this UI after running the Dom0 terminal command and also even after a restart. Shouldn’t this option now be automatically ticked in the UI after this change using the terminal?
I largely try and avoid enabling testing repos to prevent potentially installing Beta/RC updates which can have stability and other issues at times. Now that KickSecure is installed can i safely disable the “qubes-templates-community-testing” repo or will this potentially prevent/delay KickSecure from receiving important updates? If it must be enabled, is there any way to limit this repo to just KickSecure only and ensure it isn’t available to any of my other VM’s?
Thanks for your help and advice.