[qubes-users] dose qubes os work with HP ENVY x360 15 i7-1065G7
dose qubes os work with HP ENVY x360 15 i7-1065G7 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/578447a2-2ddd-4785-a932-3e33143a8077n%40googlegroups.com.
Re: [qubes-users] Re: Thinkpad X1 Carbon Gen6 suspend/resume issues
O > > > > BIOS v1.31, Hyperthreading on in BIOS > > > > > > Hyperthreading disable documented here: > > https://groups.google.com/forum/m/#!topic/qubes-announce/JEtRYPmG-pAl > > > > > > Cannot replicate using Arch with sway or Xorg 1.20.3, 4.18.16-ck kernel. > > Thanks alot! This is very helpful. > > I re-enabled hyperthreading using the boot option 'smt=on'. All the CPU > related issues are gone then, including the increased heat. > > I hope the option to do that will be retained in the future. Hardened > security is a great thing, but actually my prime reason for using Qubes is > its superior organisation and ease to use. where exactly did you put this smt=on option in? thanks ron > > Although I expect the heat issue to be a bug of some kind. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181028114353.06325afb%40vm-stargate1. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] pgp smart card for luks keyfile
On Mon, 1 Oct 2018 07:07:58 + "'awokd' via qubes-users" wrote: > hron wrote on 9/28/18 10:47 AM: > > Hi, > > I am wondering if it is possible to use a LUKS key file during boot of > > qubes. In other distros I encrypted that key file with a pgp smart card an > > could decrypt it during boot by just plugging in the smart card and typing > > in my PIN code. > > Does anybody know if this could be done for qubes too? > > Some have had success with Yubikey, but I don't think it works exactly > like you're describing. > > thanks for this hint. I'll search for this approach. I just want to find a solution that avoids typing in the long passwords. ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181001194519.1085a02f%40vm-stargate1. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Last dom0 update broke 3.2
On Sunday, November 12, 2017 at 12:52:10 PM UTC-7, Francesco wrote: > After last dom0 update it properly restarted but gave some qubes manager > errors. > > > Second restart keeps restarting on a loop Every time giving the enclosed > screen. > > > Best > Fran I ran into something similar after my first Qubes 3.2 install. I did some tinkering with the USB to get my USB keyboard and mouse working again after setting up sys-usb the default way (having missed the warning). I think I broke something along the way. It worked for a while with some warnings messages during boot. But finally, one of the updates broke it completely, and I couldn't boot without a kernel panic. I just re-installed and did the USB setup right the second time around. Didn't lose anything essential thanks to having moved the appvms to a separate drive (though it took me a little while to figure out how to restore them). Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/63d8d582-7bbb-40e1-aa03-1b4458bdc047%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: liklihood of an fx 8350 amd processor working
On Friday, November 17, 2017 at 6:22:03 AM UTC-7, Styles Grant wrote: > I did see some evidence of one guy who got a ryzen to work, and another who > got an a 10 series to work. I'd nab an a 10, but this old fx 8350 is on sale. > > What do you think? I'm running on an FX-6300, and it's working great for me. I was a little worried when I started reading the docs and saw there were issues with AMD support, but no problems. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21c2cb9c-026a-4735-a3b0-e14156fd12b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Hope to install the OS on an SSD and /home on a spinning disk
On Friday, November 17, 2017 at 7:49:00 AM UTC-7, toront...@gmail.com wrote: > I intend to reinstall 3.2 which is currently running on somewhat undersized > SSD. This time I would like to keep most of the semi-static portions of the > OS and templates on the SSD for speed and to reduce wear on the SSD and the > more dynamic parts on a spinning disk. If this were a conventional Linux > distro, I would put /tmp, /var, /home in separate partitions on the spinner > and the rest on the SSD. I would tend to put swap on the spinner also because > with the amount of memory in this box, I do not expect swap to be used much, > if at all and would rather wast space on the disk than the SSD. > > The problem is that the more I think about it, the more convinced I have > become that I do not actually understand the file system structure in Qubes > OS. > > I have done some keyword searches here but have not found what I need. I > would appreciate any pointers as to where I could find this info or if it is > compact, a list of what to put where would be great. I am fully comfortable > with fdisk so I do not need help with the partitioning itself, unless there > is some unusual gotchas in Qubes. > > I think I need to still put /tmp and /Var on the disk but I think I > understand that the /home for each of the VMs actually reside in /var but I > do not know what is happening with /tmp. > > Thank you in advance. I did this when I installed 3.2, but with a tweak to what's described in the docs: rather than symlinks (which it says break the backups), I used the existing directory as a mountpoint. I have some detailed notes I've meant to write up properly. I'll see if I can get them pasted in here later. But basically I: 1. Installed QubesOS normally, using just the SSD (with a tiny swap space, just to stop Qubes from complaining every boot, but that's optional). 2. Set up two hard drives mirrored with mdraid, and encrypted with LUKS. 3. Manually decrypted and mounted the drive (the two drives are seen as one md0 drive) to a temporary mount point. 4. Ensured all appvms were shutdown, and moved all of them to the new drive (these were the only ones I was really worried about; the rest I can get with a reinstall). 5. Unmounted md0 and remounted it on top of the old appvms directory. 6. Tested that everything worked as expected (appvms startup, function, and shutdown properly). 7. Edited fstab, crypttab, and mdadm.conf to ensure these get mounted during boot. 8. Rebooted, and all was good. A few more steps, but no symlinks, appvms all on a separate, encrypted, mirrored drive. A nice little feature too is that since I used the same passphrase for md0 as for the SSD, it only prompts once for them during boot. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3da29ed4-046a-4dee-acfe-d5d2b2e43f51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Baffled About Passphrases
Hi, I'm new to Qubes/Linux and would like to know how to change/add/remove passphrases applied to the USB I installed Qubes 3.2 on. I looked around at Qubes FAQs and elsewhere, which was helpful, but not giving a step-by-step of what to do. [user@untrusted ~]$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT xvdc 202:32 1 11.5G 0 disk ├─xvdc2202:34 1 10.5G 0 part │ └─dmroot 253:00 10G 0 dm / └─xvdc1202:33 11G 0 part [SWAP] xvda 202:01 10G 1 disk └─dmroot 253:00 10G 0 dm / xvdd 202:48 1 500M 1 disk /usr/lib/modules/4.9.56-21.pvops.qubes.x86_64 xvdb 202:16 12G 0 disk /rw Although I selected default encryption during the Qubes install, I can't determine whether or not enryption is actually set. I also looked at 'man cryptsetup', but unsure of how to use it, or even if I should use it. Can anyone set me on the right path? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd8fce4c-9094-f052-ea09-f85d275e6a11%40ronallensmith.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Yubikey in challenge/response mode to unlock LUKS on boot
On Sunday, October 22, 2017 at 6:56:55 AM UTC-6, the2nd wrote: > Hello, > > sorry for the long delay. Didnt had time to answer. > > If some of you is willing to help with testing LUKS-on-LVM could you please > provide the output of the commands below? > > sudo su - > . /usr/lib/dracut/modules.d/99base/dracut-lib.sh > getarg rd.ykluks.uuid > > If you have not modified your grub config for the ykluks dracut module yet > use this getarg command: > getarg rd.luks.uuid ... > Thanks > the2nd getarg rd.ykluks.uuid outputs nothing for me. But then, I'm not using a Yubikey. getarg rd.luks.uuid outputs "luks-", where lsblk shows that partition name to be a "crypt [SWAP]" on sda3 (sda1 being my /boot/efi/, and sda2 containing "crypt /". Not sure if/how any of this helps, but there it is. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3fe76359-4792-4177-b6a6-014426c8024b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Idea for (resonable secure) cloud-storage usage with Qubes
On Saturday, October 14, 2017 at 5:54:28 PM UTC-6, [799] wrote: ... > Solution Design: > > [Access+Transfer AppVM] > > Template: fedora-25-minimal > > Additional packages: > > - OneDrive Freeclient (https://github.com/skilion/onedrive) > > - sudo dnf -y install nfsutils > > Will be configured to mount a NFS-share from the Storage AppVM and to access > OneDrive to synchronize the files > > Data will be downloaded and storad in the mounted NFS-Share of the Storage > AppVM ... > In the Work AppVM you are mounting the NFS Share from the Storage AppVM: > > sudo mount 10.137.2.20:/var/nfs/work /mnt/onedrive-work.encfs > > > > In Order to access the files, the NFS share is encfs-mounted: > > encfs /mnt/onedrive-work.encfs ~/work ... > What's your opinion about this approach (I hope I could make clear what the > idea is) - am I opening to much attack possibilities because I need to have > NFS server running between the AppVMs? Keep in mind, that I am only sharing > one directory, which is encrypted and only the AppVM knows how to decrypt the > data. > > So even if the Storage AppVM gets compromissed, the data should be encrypted > (and therof protected). ... > Interested to get your feedback. > > > [799] Have you considered using SSHFS rather than NFS? I'm no security expert, but it would seem to me to be more secure than NFS. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e94c1d60-7c05-412a-a504-b3548862a5cb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] FYI: New email address
Just a quick note that I've switch to a new email address dedicated to this group, and unsubscribed my old ronhd at shaw address. It's still active, but I won't see posts to the group ML on it. Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEbwT065BT%3D7z_PjbduZrWnJ7PZFCjXLxUXhMaH8YEcEkXFHEg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Turn off quiet boot? [SOLVED]
On 10/12/2017 12:37 AM, Patrik Hagara wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/12/2017 01:42 AM, Ron Hunter-Duvar wrote: Does anyone know how to turn off QubesOs' quiet boot (splash screen instead of kernel messages)? ... This is with EFI booting. No grub (don't even have a grub.cfg file in /boot). Thanks, Ron Removing the "rhgb" (historically "Red Hat Graphical Boot") parameter will result in defaulting to text boot instead of plymouth splash screen. You can still switch back and forth by pressing Esc. The "quiet" parameter, as you found out, only affects early kernel boot messages (before initramfs is mounted and plymouth can be started started). Cheers, Patrik Thanks, Patrik, that did the trick. Never thought to question what the "rhgb" was for. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01cb95ec-1be1-4574-91f7-e9598c1c07ff%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Error Creating Ubuntu VM in Qubes 3.2
On October 12, 2017 4:25:29 PM MDT, Person wrote: >l tried the former commands again, with “ls -lh” and “pwd”, but the >terminal remained unresponsive, even if it was formerly responsive. > >So I tried changing the command around a little. The Qubes site >mentions to enter this command: “qvm-run --pass-io 'cat >/path/to/file_in_src_domain' > /path/to/file_name_in_dom0”, and I >realized that I didn’t put in a desired path for the file in dom0. I >tried using a directory in dom0 that I found, which was >/home/user/Downloads. When I entered this command, dom0’s response was >“Usage: qvm-run [options] [] []” and “qvm-run: error: Too >many arguments”. I’m not too sure what this means, but I believe I >somehow typed in the command wrong. I typed in “qvm-run —pass-io >sys-net ‘cat /home/user/Downloads’ /home/user/Downloads”. (The first >“/home/user/Downloads is the directory in sys-net and the second is the >directory in dom0.) Where you show the command you typed, you're missing the output redirection (the ">"). So instead of the shell doing the redirection to the file, it passes it as an argument to the qvm-run command, resulting in the error you got. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/60927EFB-EB40-4004-9655-6F035AF74196%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Turn off quiet boot?
Does anyone know how to turn off QubesOs' quiet boot (splash screen instead of kernel messages)? I like to see the messages during boot (and shutdown). More than once I've caught a lurking problem (although it scrolls by fast, those red "[ FAILED ]" messages really stand out). I've removed the "quiet" keyword from the "kernel=" lines in /boot/efi/EFI/qubes/xen.cfg, but that only gives me the first page or so, and still brings up the splash screen. Pressing Esc gets me back to the messages, but I'd like to have it stay there. This is with EFI booting. No grub (don't even have a grub.cfg file in /boot). Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e70e29b0-3c89-64c5-3c6a-955b289255b2%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?
On 10/08/2017 07:27 AM, Ron Hunter-Duvar wrote: On October 7, 2017 10:43:55 PM MDT, Reg Tiangha wrote: On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: ... It's weird, but it seems like every distro *but* Fedora has released an updated version or version with a backported fix. Even Red Hat Enterprise has done it. I don't know what the hold up is, but it'll be a package with a backported fix and currently it's set to be 2.76.4 (or greater if more bugs are found). https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 One of the reasons I like Debian so much is the priority they put on security. That, and stability. You may not get all the latest shiny stuff, at least not in stable, but you know it will be rock solid. Tried fedora several times in the past, and always went to something else instead. Ron Not really the place for this probably (dev list might be better), but I wonder if the devs ever considered basing dom0 on Alpine Linux. Running a lightweight and secure Xen dom0 is one of its intended uses (https://wiki.alpinelinux.org/wiki/Xen_Dom0). Hmm, I wonder what it would take to do a variant of Qubes with Alpine running dom0 and Debian for everything else. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ead09b3-c3d0-e402-c10a-6548504d918a%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] kswapd0 using 100% CPU with not even a MB swap in use
On 10/07/2017 04:29 AM, Holger Levsen wrote: Hi, so kswapd0 is using 100% CPU in one of my Qubes and this makes the fan spin and noisy… and that Qube is hardly using any swap at all: $ free totalusedfree shared buff/cache available Mem:1888212 776484 640712 70296 471016 1031616 Swap: 1048572 716 1047856 So I ran "sudo swapoff -a" (and "sudo swapon -a") and now zero swap is used but kswapd0 is still busy swapping(?) and the fan is noisy and I wonder what to do… Any hints / ideas? (I know I could shut down the VM and restart it but I hope there's a better solution / workaround.) Two questions: 1. What's that Qube doing? 2. What's it's max memory? Just speculating, but if a Qube hits the max memory it's allowed by the dom0, would it start swapping, even if there was lots of memory available on the machine? Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a44fa4e1-5c65-c65d-6fa6-1a30d4fcc36b%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?
On October 7, 2017 10:43:55 PM MDT, Reg Tiangha wrote: >On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: > >> Well, I did all this, and confirmed that the sys-* servicevms are all >> using Fedora 25, but it still has dnsmasq version 2.76. According to >> US-CERT, 2.78 is needed to get the vulnerability fixes. Which >concerns >> me, given the length of time that the exploit code has been public. >> Surprises me too, since Debian had it out in a matter of hours. >> >> However, it's not running in any of these, nor in dom0. Should I just >> uninstall it? >> >> Thanks, >> Ron >> > >It's weird, but it seems like every distro *but* Fedora has released an >updated version or version with a backported fix. Even Red Hat >Enterprise has done it. I don't know what the hold up is, but it'll be >a >package with a backported fix and currently it's set to be 2.76.4 (or >greater if more bugs are found). > >https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 One of the reasons I like Debian so much is the priority they put on security. That, and stability. You may not get all the latest shiny stuff, at least not in stable, but you know it will be rock solid. Tried fedora several times in the past, and always went to something else instead. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/C4B1473D-77A7-4B64-ABD8-4E867D2723E3%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Reasonably secure laptop with touchscreen and enough ram for dictation in Windows App-VM?
On 10/07/2017 01:10 PM, frassefredk...@gmail.com wrote: Thank you for your response and for sharing your thoughts and experince from using Lenovo Thinkpads! I looked at the Hardware Compatibility List and looked at Thinkpads, most of the models did not seem to be for sale anymore. Honestly I haven't seen any user using touchscreen with Qubes. Just out of interest what is the use case for touch? Regarding recommendation: You haven't said which display size you need. ' The use case of touch is mainly for ergonomical reasons. I read and write alot and it is better for my arms to scroll down the documents and highlight things using the touch instead of the keyboard and mouse. This is so important for me that I would pay more for a touchscrren even. But if I would be able to take notes on a Yoga from a conference, using the touch screen, then that would not a be a bad thing either, but I dont expect that to work well wth Qubes. Desired size of the screen is 14-16 inches. I Should be been more clear about my question regarding the security of the Lenovo and if they can be trusted. I have read articles accusing Lenovo of planting backdoors in its hardware. My technical skills are currently on a hobbyists level so I'm not always sure what to trust and not, wanted some input from others regarding this. But then I have also read this article (cited below) that sort of says that the likelyhood of there being a backdoor planted by Lenovo is low. I just dont know what to believe in. Do you have any comments to this? :) "Lenovo hardware is reportedly banned from the US CIA, as well as the UK's MI5 and MI6, as well as the Australian Security Intelligence Organization (ASIO) and Secret Intelligence Service (ASIS). As of the time of writing, no evidence of any wrongdoing on the part of Lenovo has been presented by any of governments who have banned their hardware from use in intelligence services. On devices as open as computers, and especially with Lenovo's ThinkPad product line, which has been long venerated for being foremost among laptops designed with modularity in mind—featuring detailed disassembly manuals and readily available replacement parts—it is difficult to imagine that many opportunities exist to hide a hardware backdoor in a relatively open product. Combined with the fact that the vital components (processor, RAM, etc.) aren't made by Lenovo, there are few opportunities for Lenovo to introduce a hardware-level backdoor in a way that wouldn't be glaringly obvious to any engineer armed with a screwdriver." Source: http://www.techrepublic.com/blog/it-security/corporate-espionage-or-fearmongering-the-facts-about-hardware-level-backdoors/ "...glaringly obvious to any engineer armed with a screwdriver." That's the most unbelievably naive view of security I can remember reading. I bet the author's password is "pa33w0rd", and it's secure because no one would guess some letters were switched with numbers. https://thehackernews.com/2015/09/lenovo-laptop-virus.html Note: (1) confirmed, (2) 3 times, (3) one of them was BIOS-embedded. https://thehackernews.com/2015/08/lenovo-rootkit-malware.html Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/06858cf0-1bfe-31a0-b318-03a811a2ed92%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Reasonably secure laptop with touchscreen and enough ram for dictation in Windows App-VM?
On 10/07/2017 09:42 AM, Frasse F wrote: I would like some purchasing advice: I'm looking for a laptop that is reasonably secure and also has a built in touch screen. I would prefer if it had 16 GB of ram as I want to run Qubes OS and I want to sometimes be able to run a Windows App-VM for dictation and speech recognition which is processed locally (I do a lot of writing and I also care about security/privacy). ... My second alternative is to buy a non purism laptop which has both a touchscreen, enough RAM and is fairly secure. So my second alternative that I'm considering would be the Lenovo 520 Yoga. https://www.dustin.se/product/5011033265/yoga-520-touch . The model is running the Intel® Core™ i5-7200U Processor. According to the specification page on Intels website, this processor does not have the vPro technology. https://ark.intel.com/products/95443/Intel-Core-i5-7200U-Processor-3M-Cache-up-to-3_10-GHz These are my questions 1) Is there anything except for the AMT/vPro aspect of the hardware security that I might have overlooked that is critical when evaluating the Lenovo Yogas safety? 2) Should one in general be sceptic towards Lenovo even when they are using hardware from other manufacturers? Personally, I avoid Lenovo like the plague since they became Chinese-owned. Yes, I know pretty much all the hardware is manufactured in China now anyway, but having the senior company management controlled by the Chinese government adds a whole 'nother layer of vulnerabilities. My suspicions were confirmed when they were caught pre-installing spyware on them. Of course, that was only Windows, and they were forced to remove it, and claimed it was only intended for Chinese customers. But to me it shows their intent, and there are many other ways they can embed spyware (BIOS/UFI, other firmware) that would affect Linux too, and wouldn't be so easily removed. Call me paranoid (because I am), but that's my opinion. I typically go with Dell, although their quality has gone down in recent years, and I can't comment on Qubes-specific issues, or your particular requirements. 3) are there a Qubes user out there who are already using a laptop with touch screen and enough ram, running Qubes? What laptop model are you using and would you recommend it? Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/26e6628d-9b30-0b64-0405-06ac2d6898f1%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 dnsmasq update?
On 10/06/2017 09:04 PM, Ron Hunter-Duvar wrote: On October 6, 2017 5:05:49 PM MDT, Unman wrote: On Thu, Oct 05, 2017 at 12:41:32PM -0600, Ron Hunter-Duvar wrote: ... The install disk still contains fed23 templates and you're expected to update as soon as you have installed. To install a new template all you have to do is : sudo qubes-dom0-update qubes-template-fedora-25 Thanks for the tip. I don't remember seeing it in the getting started material I read. Doing it now. This will install the template and you can then just switch your serviceVMs - either using Qubes Manager, or by: 'qvm-prefs -s template '. ... Well, I did all this, and confirmed that the sys-* servicevms are all using Fedora 25, but it still has dnsmasq version 2.76. According to US-CERT, 2.78 is needed to get the vulnerability fixes. Which concerns me, given the length of time that the exploit code has been public. Surprises me too, since Debian had it out in a matter of hours. However, it's not running in any of these, nor in dom0. Should I just uninstall it? Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/728aa211-a104-87aa-eb42-59301b562ed9%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Possible to add second interface to sys-firewall?
On 10/06/2017 01:41 PM, Ed wrote: On 10/06/2017 03:14 PM, Mike Keehan wrote: On Fri, 6 Oct 2017 12:17:26 -0400 Ed wrote: On 10/06/2017 12:10 PM, Mike Keehan wrote: Wouldn't it be possible to add a second Firewall VM to be used solely by your special single vm? Yes I believe this would def work, and also should be automatic/reliable across reboots, but I was really hoping to not give up 2-4GB of RAM just for this purpose. I think you will find that the firewall VM runs OK in just 500Mb, maybe less. Search the mail list for "vm memory" - there have been a number of discussions about how much is actually used by the system VMs. (I can't remember the details off hand, or I would give more info!) It is worth knowing that although a VM is initially set up with a 4Gb memory allocation, it only uses what it needs. The rest is still available to the other qubes etc. Mike. You know that's not a bad point. I never really looked into reducing the memory allotment. I just know anecdotally on my systems the firewall vm's use 2-3GB (when left with the default max of 4GB). I also know they will run on less if I'm pushing a system out of memory but I never though to just restrict them to less to start. I'm not really strapped for memory on the machine I'm working with here so it does look like adding an additional firewall VM would be the easiest way to get what I want, it just seemed a tad wasteful to me, but perfect is the enemy of good Appreciate the input! IMO, it's best to leave memory management to the OS until such time as a definite problem is found (which would most likely show up as swapping, which would cause massive performance problems). I suspect you'd find if you looked closely at the vm that most of the memory used is for caching. That's a good thing. No point having memory sit unused and forcing to to keep downloading the same files. The moment the cache is needed for something else, it'll be reallocated. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/976e6d2e-b2ab-4e82-3a9b-4ac1a001c7b5%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 dnsmasq update?
On October 6, 2017 5:05:49 PM MDT, Unman wrote: >On Thu, Oct 05, 2017 at 12:41:32PM -0600, Ron Hunter-Duvar wrote: >> On 10/05/2017 01:52 AM, Ilpo Järvinen wrote: >> > On Wed, 4 Oct 2017, Ron Hunter-Duvar wrote: ... >> > FC23 has been EOL'ed for long time, you should upgrade your >template to >> > FC25 or later (as FC24 likewise, is EOL'ed). The easiest >alternative is to >> > install fedora-25 template that is nowadays included to qubes >repositories >> > (IIRC). Then change your AppVMs having fedora-23 as their template >to use >> > fedora-25 template. >> > >> >> I wondered about that too. Why does Qubes 3.2 still use FC23? Wasn't >it EOL >> in 2015? >> >> I use debian-8 for all my appvms. I changed the default before I >created any >> of them. >> >> But I still need it for my servicevms. Especially since they're the >ones >> exposed to the internet (although still behind a separate firewall, >but >> that's potentially affected too). >> >> Haven't had time to look into how to setup a new template and convert >the >> servicevms. But for this, if there's no fix coming, I guess I'll have >to >> deal with it. >> >> Thanks, >> Ron > >No, Fed 23 was EOL in December 2016. >It's still used in dom0 because there should be little call to upgrade >dom0 - see the explanation here: >www.qubes-os.org/doc/software-update-dom0/ > >The install disk still contains fed23 templates and you're expected to >update as soon as you have installed. > >To install a new template all you have to do is : >sudo qubes-dom0-update qubes-template-fedora-25 Thanks for the tip. I don't remember seeing it in the getting started material I read. Doing it now. >This will install the template and you can then just switch your >serviceVMs - either using Qubes Manager, or by: >'qvm-prefs -s template '. > >Of course, there's no reason why you shouldnt use Debian for all your >qubes, and ditch Fedora template altogether. Do you mean I can switch my servicevms to Debian? I don't want to create any unnecessary headaches for myself right now, but I much prefer Debian. >unman Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/C9A5D777-0E22-493D-B321-D53276938729%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 dnsmasq update?
On 10/05/2017 01:52 AM, Ilpo Järvinen wrote: On Wed, 4 Oct 2017, Ron Hunter-Duvar wrote: Saw the news earlier today about the major dnsmasq vulnerabilities (remote code execution), and already received the update for the debian-8 template, but not for the fedora-23 template or dom0. Anyone know of an ETA for this? dom0 does not have network connectivity. Yeah, I wondered about that. Any reason for it to even have dnsmasq installed? Because it does. FC23 has been EOL'ed for long time, you should upgrade your template to FC25 or later (as FC24 likewise, is EOL'ed). The easiest alternative is to install fedora-25 template that is nowadays included to qubes repositories (IIRC). Then change your AppVMs having fedora-23 as their template to use fedora-25 template. I wondered about that too. Why does Qubes 3.2 still use FC23? Wasn't it EOL in 2015? I use debian-8 for all my appvms. I changed the default before I created any of them. But I still need it for my servicevms. Especially since they're the ones exposed to the internet (although still behind a separate firewall, but that's potentially affected too). Haven't had time to look into how to setup a new template and convert the servicevms. But for this, if there's no fix coming, I guess I'll have to deal with it. Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad369241-56f8-8920-f558-aea94c030ab7%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.2 dnsmasq update?
Hi, Saw the news earlier today about the major dnsmasq vulnerabilities (remote code execution), and already received the update for the debian-8 template, but not for the fedora-23 template or dom0. Anyone know of an ETA for this? Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c95d75c-293e-0e3e-6e31-f3163d5654b3%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Error Creating Ubuntu VM in Qubes 3.2
On 10/03/2017 09:37 PM, Person wrote: Because the terminal didn’t respond with an error message, I am relatively sure that the ISO was successfully copied to dom0. Copying it to dom0 wasn’t a problem, really, but finding it in dom0 was. And the “find” commands don’t seem to work for finding in dom0. In a dom0 terminal, the file should be in whatever directory you were in when you ran the qvm-run command, since you didn't specify a directory in the command you showed. If you didn't change directories first, that would either be /root if you were root or /home/user otherwise. You should be able to find it (as root) by running: # find /root /home -name '*.iso' If it's not found in either of them, then you either put it somewhere else (like /tmp or /var/lib/qubes), or the copy didn't work. As for what to do with it once it's copied, I can't help there at this point. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d3a91a8-1853-4179-0b9c-9b05e4cfc171%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Yubikey in challenge/response mode to unlock LUKS on boot
On 10/02/2017 08:34 PM, joevio...@gmail.com wrote: On Saturday, 5 August 2017 11:20:27 UTC-4, the2nd wrote: Hi, i switched to Qubes OS 3.2 on my notebook some weeks ago. Besides some issues i had it works very well. One problem was to get the installer to install qubes on LVM-on-LUKS. I preferred this over the default LUKS-on-LVM setup because you dont have to encrypt any LV separately. ... Please note that the current version will probably not work with a default qubes LUKS-on-LVM installation. But if some experienced user is willing to help testing i'll try to come up with a version that supports this too. Besides the yubikey/luks stuff the module handles the rd.qubes.hide_all_usb stuff via its own rd.ykluks.hide_all_usb command line parameter because the yubikey is connected via USB and needs to be accessable until we got the challenge from it. i am still unsure if this is the best method to implement this. So if anyone with a deeper knowledge of qubes/dracut does have a better/more secure solution i happy about any help. Regards the2nd This is working great for me. A few questions though: 1) The default Qubes 3.2 install seems to be LVM-on-LUKS where there is only one LUKS encryption and root/swap LVMs within that. So your instructions work with the default install. ... I'd have to say that the2nd is right. I didn't notice on my first Qubes 3.2 install, because I only had one encrypted partition on my OS drive (skipped a swap partition, despite the installer's whining). Second time around I gave in and created one. lsblk shows sda2 with a luks-encrypted / within it, and sda3 with a luks-encrypted swap. If it were LVM-on-LUKS, it would be a single luks-encrypted partition two logical volumes within it. Ron PS: I'm a Qubes-noob, but long-time Linux user. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/814cee70-0b5c-12a4-ee3e-bdb1f5479f3e%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: timeout on VMstart: cannot execute qrexec-daemon
On October 2, 2017 10:30:49 AM MDT, evo wrote: > > >Am 01.10.2017 um 22:06 schrieb evo: >> Hello! >> >> i can not start one of the StandaloneVMs >> it just give me a timeout and "cannot execute qrexec-daemon" >> >> after reboot the same thing. >> >> logs show the following: >> >> guid.VM >> Icon size: 128x128 >> XIO: fatal IO error 11 (Resource temporarily unavailable) on X >server >> ":0.0" >> >> after 31000 requests (31000 known processed) with 0 events >remaining. >> >> >> >> can somebody help please? >> > > >please help somebody, i have my password-manager and other important >stuff there and just an older backup :-/ You might be able to recover the essential files by creating a new VM and copying the private.img and volatile.img files from the old VM (/var/log/qubes/appvms/) to the new one, then booting the new one. This worked for me when I had to reinstall QubesOs. As to the error itself, it seems to suggest a missing icon file somewhere. I don't know why that would stop the VM from starting, but qrexec-daemon seems to be rather brittle. No idea how you would fix it. Might require either digging into the code or help from one of the developers to track down and resolve. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/F491CFE0-3275-42EE-B90A-F4404A11DB11%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Error Creating Ubuntu VM in Qubes 3.2
On 10/01/2017 06:59 PM, Person wrote: The file was in Home/User/Downloads, and I did make sure to include the command. Also, the Ubuntu file did end in “.iso”. I did run qvm-start in dom0. I believe I typed “qvm-start --cdrom=sys-net:/home/user/Downloads/”, or I did the same thing but replaced “Ubuntu” with “hvm”. (“Ubuntu” is the name of the standalone VM I made and wanted to attach the .iso to.) As for the qvm-run error, I have no idea if I entered the location correctly or not. I typed “qvm-run --pass-io 'cat /home/user/Downloads/' > ubuntu-17.04-server-amd64.iso”. I did copy the template to dom0, but I could not find it in dom0 (when I open the dom0 Boot Screen where stand-alone VMs look for things to boot from, I cannot find the template file there) and so was unable to install it in dom0. I did install Xenial in sys-net, but I couldn’t find the template when I looked at my list of VMs, even when I use the methods you listed. I believe my main problem is copying the files to dom0 in general, because that is the only way I can make these files into VMs. You didn't actually type the angle brackets <> around the vm and file names, did you? If so, that would probably be your problem. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/048d7722-a76d-ffce-a7b0-e5d0204e310a%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 4.0-rc1: qvm- remove incomplete (?) - All qubes functionality (qubesd) down as a result
On 09/28/2017 10:55 AM, Johannes Graumann wrote: On Wed, 2017-09-27 at 13:19 +0200, Johannes Graumann wrote: Gentlepeople, I recently managed to install the community whonix templates into my 4.0 setup and have since been striving to recreate the arrangements of proxyvms etc. I ran in 3.2. In this process I erroneously create a vm called 'sys-whonix-gw', using the whonix-gw template. I proceeded to remove this vm using 'qvm- remove' and ever since all qubes functionality does not come up at reboot. Investigating the output of 'systemctl status qubesd' et al, I became aware of an error thrown that reports 'sys-whonix-gw' as missing ... apparently there are remnants of that vm left in the system despite me calling 'qvm-remove'. Short of a reinstall, is there anything I can do to rescue this situation? Thanks for any pointers. Sincerely, Joh Any hit at all? Joh Hi Joh, I found quite a few bits and pieces of VMs lying around when looking at how to recover VMs from my previous install. This might take a while, but you can run the following commands in a root terminal session on dom0: # cd / # grep -r * 2>/dev/null No guarantees, and be careful what you remove/edit, but it's worth a shot. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b69f4236-8b49-c187-2d51-e4dce68ae315%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to recover Qubes when keyboard / mice is dysfunctional due to USB qube setup issues?
On 09/27/2017 11:35 AM, Yethal wrote: W dniu środa, 27 września 2017 14:08:56 UTC+2 użytkownik Patrick Schleizer napisał: cooloutac: On Sunday, September 24, 2017 at 12:23:39 PM UTC-4, cooloutac wrote: On Sunday, September 24, 2017 at 12:23:23 PM UTC-4, cooloutac wrote: On Sunday, September 24, 2017 at 9:25:24 AM UTC-4, Patrick Schleizer wrote: Quote from https://www.qubes-os.org/doc/usb/ Caution: By assigning a USB controller to a USB qube, it will no longer be available to dom0. This can make your system unusable if, for example, you have only one USB controller, and you are running Qubes off of a USB drive. How can one recover from such a situation if there is no PS2 keyboard/mice available? I guess... Unless there is a better way...? Boot the system using from an external disk using a USB recovery operating system... Then modify the local disk (with broken Qubes)... Then do what? Cheers, Patrick ya that. exactly. that would be the only way I would know of. sorry i misunderstood. you could use the qubes keyboard proxy. or unhide it from dom0. think they are both explained in the docs there, but don't think either are recommended but if you have no choice. The Qubes documentation explains how to hide/unhide it with the gui. But when the disk is not booted (for recovery booted from USB), the gui cannot be used since it refers to the USB booted and not internal disk supposed to be recovered. To undo it some file on the internal disk needs to be modified. Which files needs what modification? Remove rd.qubeshideallusb parameter from grub and then rebuild grub Incidentally, I believe that messing up the sys-usb setup, losing keyboard & mouse, and recovering from it is how I eventually made my system unbootable. That plus intervening updates and other tweaks. So not sure I have much to add on how to do it properly. But maybe serves as a cautionary tale. I used an old ps/2 keyboard to get control of the system again (no mouse), and get the USB controller I had my main keyboard and my mouse on assigned back to dom0 again (thankfully I have several controllers on this motherboard, with keyboard, mouse and nothing else on one of them). I got it working, but I think I messed up something on sys-usb. From time to time after that I would get a kernel panic starting sys-usb during boot. Then after a recent dom0 update, I got a "non-system disk or disk error" BIOS error and that was it. Couldn't get it properly recovered. So I booted from a Ubuntu live USB, mounted the Qubes partitions, copied everything off to a backup USB hard drive, then did a clean reinstall of Qubes. After the reinstall, I've been more careful in setting up sys-usb, and it's working fine so far. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54af4c88-0887-3e44-1b6b-0a27e4df25ee%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to recover VMs copied before reinstall?
On 09/26/2017 09:36 AM, Ron Hunter-Duvar wrote: On September 26, 2017 9:20:57 AM MDT, 'One7two99' via qubes-users wrote: Hello Ron, Original Message Subject: Re: [qubes-users] How to recover VMs copied before reinstall? Local Time: 26 September 2017 4:58 PM From: ro...@shaw.ca [...] I want to access my existing ones from the previous install, not create new ones. I put a lot of hours into getting them set up the way I wanted them, and they contain important data I don"t want to lose. [...] I am also building all sys- / template- and App-VMs based on the available templates in Qubes. As I would like to rollout Qubes for friends and maybe also co-workers I have documented each step when configuring/provisioning new AppVMs or templates. I've written a handful scripts which will take the default qubes-templates and apply all updates / packe installation and post-configuration tasks without user interaction. This reduces time rebuilding the system but also allows another backup policy where I only store the data and reinstall everything else from my scripts. If you're interested I can forward them to you. [799] I'm not sure if that will help, but I'll take a look. If I can at least get my files into new appvms of the same name, it would do the trick. Thanks, Ron Turns out there's an easy way to restore my files and firewall settings. Here's what I did for each VM: 1. Create a new appvm of the same name and type as the old one (with the old ones in a different location of course). 2. Start then stop the appvm (to ensure it's properly initialized). 3. Copy the firewall.xml, private.img and volatile.img files from the old one to the new one. 4. Start the appvm, and everything's back where it should be (other than menu customizations, and possibly previously installed apps). I don't know if all these steps are required (particularly #2, and both img files in #3), but the recipe works, so I'm sticking with it. The hardest part was actually restoring the old appvm files, given the deliberate roadblocks to moving files into dom0. Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f668487-dfa8-7fef-26be-6f3604912ed0%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to script the creation of templates (Was: How to recover VMs copied before reinstall?)
Thanks, 799, I'll take a look at them when I get a chance. Ron On 09/27/2017 03:52 AM, 'One7two99' via qubes-users wrote: Hello Ron, Me: >> I've written a handful scripts which will take the default >> qubes-templates and apply all updates / packe installation and >> post-configuration tasks without user interaction. >> This reduces time rebuilding the system but also allows another backup >> policy where I only store the data and reinstall everything else from >> my scripts. >> If you"re interested I can forward them to you. Ron: > I"m not sure if that will help, but I"ll take a look. If I can at least get my files into new > appvms of the same name, it would do the trick. Here is a script I am using to rebuild my work-template, which is based on a fedora template. The scripts allows me to install a Qubes 3.2 default and then run all commands to add a new template, update it, install additional packages and even installs some software (here only the VMware Horizon View Client) which is not available in the default repositories. There is some "overhead" in the script as I'd like to run it even after having it done once. As such it will also remove any existing VM with the same name (qvm-destroy). qvm-destroy is another scripts: [content of qvm-destroy] #!/bin/bash # Kill a running AppVM and remove it # Usage: qvm-destroy echo "Killing VM: $1" qvm-kill $1 echo "Removing VM: $1" qvm-remove $1 echo "Waiting for 5s (just to be sure)" sleep 5s [content of my create-t-fedora-25-work.sh] #!/bin/bash templatebasevm=fedora-25 worktemplatevm=t-fedora-25-work internetvm=my-untrusted # Install minimal Fedora 25 template sudo qubes-dom0-update qubes-template-$templatebasevm # Remove existing Template VM ./qvm-destroy $worktemplatevm echo "Clone template to $worktemplatevm" qvm-clone $templatebasevm $worktemplatevm # Hide original template qvm-prefs -s $templatebasevm internal true echo Launch new template-vm $worktemplatevm qvm-start --skip-if-running --tray $worktemplatevm echo "Wait for 10sec until Template VM is up" sleep 10s echo "Install updates and additional applications in $worktemplatevm" qvm-run $worktemplatevm 'xterm -e "sudo dnf -y update && \ sudo dnf -y install mc nano pass libreoffice gimp && \ sudo dnf -y install gstreamer gstreamer-plugins-base libffi libpng12 libXSrnSaver"' echo "Wait until all packages have been installed." read -p "Press Enter to continue" # Download VMware Horizon View echo "Starting $internetvm to download Horizon View" qvm-start --tray $internetvm sleep 10s # FIXME: the qvm-copy-to-vm has the name of the target template ($worktemplatevm) # hardcoded, as I didn't find a way to use the variable within this line qvm-run $internetvm 'xterm -e "cd /home/user && wget https://download3.vmware.com/software/view/viewclients/CART17Q2/VMware-Horizon-Client-4.5.0-5650368.x64.bundle && \ mv VMware-Horizon-Client-4.5.0-5650368.x64.bundle VMware-Horizon-Client-4.5.0.bundle && \ qvm-copy-to-vm t-fedora-25-work VMware-Horizon-Client-4.5.0.bundle && \ sleep 10s"' echo "(qvm-)Copy file VMware-Horizon-Client-4.5.0.bundle from $internetvm to $worktemplatevm" read -p "Press Enter to continue" # Install VMware Horizon View qvm-run $worktemplatevm 'xterm -e "chmod +x ~/QubesIncoming/my-untrusted/VMware-Horizon-Client-4.5.0.bundle && \ sudo ~/QubesIncoming/my-untrusted/VMware-Horizon-Client-4.5.0.bundle && \ rm /QubesIncoming/my-untrusted/VMware-Horizon-Client-4.5.0.bundle && \ shutdown -h now"' You'll find this and also other scripts I use to rebuild my templates and appvms in the attached archive. Any improvements are welcome. I'll try to think if I'll add something like backing up the private image file and adding it when rebuilding an appvm makes sense. [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com <mailto:qubes-users+unsubscr...@googlegroups.com>. To post to this group, send email to qubes-users@googlegroups.com <mailto:qubes-users@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/gWaGUcU_dTBx_dZOXjYj1jHab3dHrtOWk8Fmxg5g7QQlxozzrnywgGdlGro9pnagdfywJ_ztlIwlzboaU6WOrWNCusCjuDdad6jNfkr5z4Q%3D%40protonmail.com <https://groups.google.com/d/msgid/qubes-users/gWaGUcU_dTBx_dZOXjYj1jHab3dHrtOWk8Fmxg5g7QQlxozzrnywgGdlGro9pnagdfywJ_ztlIwlzboaU6WOrWNCusCjuDd
Re: [qubes-users] How to recover VMs copied before reinstall?
On September 26, 2017 9:20:57 AM MDT, 'One7two99' via qubes-users wrote: >Hello Ron, > >> Original Message >> Subject: Re: [qubes-users] How to recover VMs copied before >reinstall? >> Local Time: 26 September 2017 4:58 PM >> From: ro...@shaw.ca >> >> [...] I want to access my existing ones from the previous install, >not create new ones. I put a lot of hours into getting them set up the >way I wanted them, and they contain important data I don"t want to >lose. [...] > >I am also building all sys- / template- and App-VMs based on the >available templates in Qubes. As I would like to rollout Qubes for >friends and maybe also co-workers I have documented each step when >configuring/provisioning new AppVMs or templates. > >I've written a handful scripts which will take the default >qubes-templates and apply all updates / packe installation and >post-configuration tasks without user interaction. >This reduces time rebuilding the system but also allows another backup >policy where I only store the data and reinstall everything else from >my scripts. > >If you're interested I can forward them to you. > >[799] I'm not sure if that will help, but I'll take a look. If I can at least get my files into new appvms of the same name, it would do the trick. Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/60E8F6C5-38BA-43DA-8B4F-319D038140CE%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to recover VMs copied before reinstall?
On September 26, 2017 4:20:34 AM MDT, Chris Laprise wrote: >On 09/25/2017 07:12 PM, Ron Hunter-Duvar wrote: >> Hi, >> >> My first Qubes install ended up unbootable, and I didn't have a >recent enough backup of my VMs. So I booted from a Ubuntu live cd, >mounted the partitions, and copied everything off to a backup drive and >did a clean reinstall. >> >> Now I've copied my appvms back to /var/lib/qubes/appvms/, but they >don't show up in the VM Manager. >> >> Can anyone tell me how to get these appvms useable again? >> >> Thanks, >> Ron >> > >Try using `qvm-add-appvm vmname templatename`. Doesn't that just create a new appvm? I want to access my existing ones from the previous install, not create new ones. I put a lot of hours into getting them set up the way I wanted them, and they contain important data I don't want to lose. I am wondering if creating new ones of the same name, then overwriting the img files with the old ones would work. Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/EAA26BF9-CB89-4F54-A754-A7B2BB36B630%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to recover VMs copied before reinstall?
Hi, My first Qubes install ended up unbootable, and I didn't have a recent enough backup of my VMs. So I booted from a Ubuntu live cd, mounted the partitions, and copied everything off to a backup drive and did a clean reinstall. Now I've copied my appvms back to /var/lib/qubes/appvms/, but they don't show up in the VM Manager. Can anyone tell me how to get these appvms useable again? Thanks, Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/BAC83D8B-6BFC-4D5D-9810-D4432F534EA6%40shaw.ca. For more options, visit https://groups.google.com/d/optout.