Use Waydroid with Kicksecure

From Kicksecure
Jump to navigation Jump to search
Waydroid logo

How-To: Use Waydroid with Kicksecure.

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Install Waydroid[edit]

warning Security warning: Adding a third party repository and/or installing third-party software allows the vendor to replace any software on your system. Including but not limited to the installation of malware, deleting files and data harvesting. Proceed at your own risk! See also Foreign Sources for further information. For greater safety, users adding third party repositories should always use Multiple Kicksecure to compartmentalize VMs with additional software.

Kicksecure default admin password is: changeme Documentation in the Kicksecure wiki provides guidance on adding third-party software from different upstream repositories. This is especially useful as upstream often includes generic instructions for various Linux distributions, which may be complex for users to follow. Additionally, documentation Kicksecure usually has a higher focus on security, digital software signatures verification.

The instructions provided here serve as a "translation layer" from upstream documentation to Kicksecure, offering assistance in most scenarios. Nevertheless, it's important to acknowledge that upstream repositories, software may undergo changes over time. Consequently, the documentation on this wiki might need occasional updates, such as revised signing key fingerprints, to stay current and accurate.

Please note, this is a general wiki template and may not apply to all upstream documentation scenarios.

Users encountering issues, such as signing key problems, are advised to adhere to the Self Support First Policy and engage in Generic Bug Reproduction. This involves attempting to replicate the issue on Debian bookworm, contacting upstream directly if the issue can be reproduced as such problems are likely unspecific to Kicksecure. In most cases, Kicksecure is not responsible for, nor capable of resolving, issues stemming from third-party software.

For further information, refer to Introduction, User Expectations - What Documentation Is and What It Is Not.

Should the user encounter bugs related to third-party software, it is advisable to report these issues to the respective upstream projects. Additionally, users are encouraged to share links to upstream bug reports in the Kicksecure forums and/or make edits to this wiki page. For instance, if there are outdated links or key fingerprints in need of updating, please feel free to make the necessary changes. Contributions aimed at maintaining the currentness and accuracy of information are highly valued. These updates not only improve the quality of the wiki but also serve as a useful resource for other users.

The Kicksecure wiki is an open platform where everyone is welcome to contribute improvements and edits, with or without an account. Edits to this wiki are subject to moderation, so contributors should not worry about making mistakes. Your edits will be reviewed before being made public, ensuring the integrity and accuracy of the information provided.

1. Add the Waydroid OpenPGP key the system APT keyring.

Securely download the key.

If you are using Kicksecure (kicksecure), run.

scurl https://repo.waydro.id/waydroid.gpg --output waydroid.gpg

If you are using a Qubes Template (kicksecure-17), run. [1] [2]

http_proxy=http://127.0.0.1:8082/ https_proxy=http://127.0.0.1:8082/ curl https://repo.waydro.id/waydroid.gpg --output waydroid.gpg

Display the key's fingerprint. [3]

gpg --keyid-format long --import --import-options show-only --with-fingerprint waydroid.gpg

Verify the output.

  • Digital signatures: A tool enhancing download security. Commonly used across the internet.
  • Learn more: Curious? Learn more about digital software signatures.
  • Optional: Digital signatures are optional. If you've never used them before, there might be no need to start now.
  • No worries: New to digital software signatures? It's okay, no need to worry.
  • Not a requirement: Not mandatory for using Kicksecure, but an extra security measure for advanced users.

The most important check is confirming the key fingerprint exactly matches the output below. [4]

Key fingerprint = 0D27 43A2 4328 AE06 34DF 3557 959F E34E 90E5 1522

Warning:

Do not continue if the fingerprint does not match -- this risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Copy the signing key to the APT keyring folder. [5]

sudo cp waydroid.gpg /usr/share/keyrings/waydroid.gpg

2. Add the Waydroid third-party APT repository.

echo "deb [signed-by=/usr/share/keyrings/waydroid.gpg] https://repo.waydro.id/ bookworm main" | sudo tee /etc/apt/sources.list.d/waydroid.list

3. Install Waydroid.

Install waydroid. To accomplish that, the following steps A. to D. need to be done.

A. Update the package lists.

sudo apt update

B. Upgrade the system.

sudo apt full-upgrade

C. Install the waydroid package.

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends waydroid

D. Done.

The procedure of installing waydroid is complete.

4. Done.

The process of installing Waydroid is complete.

See Also[edit]

Footnotes[edit]

  1. Using Qubes UpdatesProxy (http://127.0.0.1:8082/archive.org) because Qubes Templates are non-networked by Qubes default and therefore require UpdatesProxy for connectivity. (APT in Qubes Templates is configured to use UpdatesProxy by Qubes default.)
  2. Even more secure would be to download the key Disposable and then qvm-copyarchive.org it to the Qubes Template because this would avoid curl's attack surface but this would also result in even more complicated instructions.
  3. Even more secure would be to display the key in another Disposable because this would protect the Template from curl's and gpg's attack surface but this would also result in even more complicated instructions.
  4. Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
  5. https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302archive.org

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 11 year success story and maybe DONATE!