Skip to main content
Topic: In terms of security, how safe is it to keep extra packages such as... (Read 627 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

In terms of security, how safe is it to keep extra packages such as...

QEMU is very buggy such as the limitation for 30fps in the window. I explicitly tested it with all graphics modes and an FPS counter on a random game, the game is running on 100+ fps but the screen feels like it's running on around 30. I want my VMs to run on my monitor's refresh rate, which is the logical behavior, however for some reason QEMU doesn't have that as a part of it. In addition to that, sometimes it's just useful to compile packages myself because I can include or exclude features that I will or won't be using.

However I know that the more packages you have on your system, the more attack surface there is. Compiling often requires a lot of packages, sometimes over GB of random stuff. And once it's compiled, I'm not sure that there is a bug-free way to convert the compiled program (along with the dependencies needed and everything else) into a file that I can use to either install it or launch it on another machine (hence I cannot use a VM to compile QEMU and run it on the host machine for example).

Any advice for this? I have a lab PC on which I also have a VM for web browsing, banking, etc, so isolation is of utmost importance. I'm just not going to reboot it every time, entering a few very long passwords every time I want to check my bank balance or other things. I can do without recompiling programs but if there's a good way to do that, maybe someone can push me to the right direction.

Note that I always prefer GUI over terminal or I read and copy the commands if it's the same. I'm not into terminal, I don't work in tech, I just like playing around with software and having a secure and privacy-friendly system which is only achievable on Linux. I've been using Linux for years successfully by mostly using GUI unless there's no other choice. However that also means that I need a detailed and concrete example-based guide for terminal, general examples are very confusing for me because I just won't remember the thousands of meanings for symbols and various commands. I can work it obviously but I need a good guide that is not assuming that you either work in tech or have no social life and worries about making money to pay the rent and buy food.

Re: In terms of security, how safe is it to keep extra packages such as...

Reply #1
Just use the -r option of makepkg

Quote from: questtix – on
However that also means that I need a detailed and concrete example-based guide for terminal

How much do you pay?

Re: In terms of security, how safe is it to keep extra packages such as...

Reply #2
Quote from: qontinuum – on
Just use the -r option of makepkg

How much do you pay?
I'm used to Debian so far, maybe that's why I had so many problems when I tried compiling QEMU in the past. I will investigate that. Thanks for the tip! Shouldn't assume arch is the same even for basic things, my mistake.

I can pay whatever's left after I pay for my rent, utilities, internet and food. Which is somewhere between -20 and 20 usd depending if I had to borrow money last month or not. I'm not being "smart," I just don't make a lot and prices of everything went up considerably since the Ukraine fiasco began, but salaries remained the same.

Re: In terms of security, how safe is it to keep extra packages such as...

Reply #3
Handy fun free classic BASH tutorial:
https://mywiki.wooledge.org/FullBashGuide
There's also "$ man bash" but that's a rather long man page and probably easier to use as a reference as you require!
You should be able to build on one machine and use the result on another, might be trickier in extreme cases like ARM vs regular architecture but could still be done, also sometimes there might be software issues if you were using different versions and / or operating systems. But you could even do a build with static libs that gets around many of those issues. makepkg & PKGBUILD's mean it's very easy to build things on an ARCH based OS once you start to understand the system. Debian does package splitting, so you usually need stacks of *dev packages, whereas here those header files etc. are already in the main package as standard. There is an equivalent way  to automate package building and build dep installation in Debian incidentally using dpkg some option or other I can't remember offhand and getting the build scripts, but it's still a simpler system here.

Re: In terms of security, how safe is it to keep extra packages such as...

Reply #4
Quote from: ####### – on
Handy fun free classic BASH tutorial:
https://mywiki.wooledge.org/FullBashGuide
There's also "$ man bash" but that's a rather long man page and probably easier to use as a reference as you require!
You should be able to build on one machine and use the result on another, might be trickier in extreme cases like ARM vs regular architecture but could still be done, also sometimes there might be software issues if you were using different versions and / or operating systems. But you could even do a build with static libs that gets around many of those issues. makepkg & PKGBUILD's mean it's very easy to build things on an ARCH based OS once you start to understand the system. Debian does package splitting, so you usually need stacks of *dev packages, whereas here those header files etc. are already in the main package as standard. There is an equivalent way  to automate package building and build dep installation in Debian incidentally using dpkg some option or other I can't remember offhand and getting the build scripts, but it's still a simpler system here.
Thank you, that gave me some understanding of why I was having so many issues. The more I get into Arch, the more stupid I feel for choosing Debian as my first Linux system years ago. I just never switched because I thought it would be hard. It is but not as hard as I thought.
 

Re: In terms of security, how safe is it to keep extra packages such as...

Reply #5
A lot that you learned in Debian will still apply here, and many servers run Debian based systems so perhaps it will come in useful for you.  :D
In virtualbox there are options to use simulated graphics but also you can set up a pass through system that uses the real graphics card, so it should give you the full performance you would normally have outside the vm. You might need to install some packages and / or do a bit of config for this to work. I've only used virtualbox for a vm but others on the forum might have more specific help for qemu, perhaps it should be able to do something similar.