Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)

2017-02-13 Thread Miroslav Rovis 
Not about Tails, this message, but yes it is about GUI-less (non-dbus)
virt-manager.

About its use for installing and running a Tails' relative: Whonix.

I made a well-accepted, I believe, push for Whonix to be installable and
runnable (actually it maybe already is!) in sans-dbus systems.

Pls. if anybody feels passionate enough about Unix heredity staying
sound and prosperous, and you feel you can contribute by helping in this
thread:

Whonix on Gentoo issues
https://forums.whonix.org/t/whonix-on-gentoo-issues/3188

then pls. do contribute!

There is a poor-eyesight old man that I am useless digression somewhere
in one of the first three posts (which I can't remove anymore, old posts
are not editable in Whonix forums), and also previous to below all
attempts of mine were unsuccessful, so...

So maybe if you start from:

https://forums.whonix.org/t/whonix-on-gentoo-issues/3188/7

[from] post 7, you will be sufficiently in the clear what the issue is.

And on a sidenote on this thread that you're reading. I probably need to
re-evaluate the current status of no-dbus virt-manager using virt-viewer
as GUI, with the last night update of Gentoo installtion of mine (always
such a pleasure).

Pls. contribute if you are familiar with Whonix and the issues there!

I've top posted this, because it regards the entire thread, not this
particular email below.

On 170114-22:53+0100, Miroslav Rovis wrote:
> More errata.
> 
> On 170114-13:06+0100, Miroslav Rovis wrote:
...
> > If anybody is interested, I attach the install log:
> > 
> > app-emulation_virt-viewer-5.0-r1_20170113-164725.log.gz
> > (that's from /var/log/portage, just I replaced the : with _)
> > 
> > where it's easy to spot lines like:
> > 
> > virt-viewer-app.h:47:5: error: unknown type name 'GtkApplicationClass'
> > 
> > because the new API is missing in GTK2. And the package virt-viewer cannot
> > possibly compile.
> > 
> you can read in the changelog of the source of virt-viewer-5.0, if you
> unpack the virt-viewer-5.0.tar.gz, these lines:
> 
> /usr/portage/distfiles/virt-viewer-5.0.tar.gz
> 
> virt-viewer-5.0/ChangeLog :
> 
>   [...]
> 
> 2016-02-15  Fabiano FidĂȘncio  
> 
>   Drop support to gtk2
>   The 3.0 release was the last one that still supports GTK2. For the
>   Windows builds the support to GTK2 was dropped in the previous release.
>   Let's do the same for the entire project now.
> 
> 2016-02-15  Pavel Grunt  
> 
>   display: Use correct variable name
>   Fix gtk2 build
> 
>   [...]
> 
...

Regards!

-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr


signature.asc
Description: Digital signature

Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)

2017-01-14 Thread Miroslav Rovis 
More errata.

On 170114-13:06+0100, Miroslav Rovis wrote:
> On 170113-23:50+0100, Miroslav Rovis wrote:
...
> 
> The (gzip'ed) virt-viewer-5.0-r1.ebuild is included for completeness, and to
> demonstrate the issue awaiting Gentoo, and any other distro with a
> non-poetterware offer, in the future.
> 
> I patched it by placing the patch:

( in the slightly wrong way, because it would try to patch that 3.1-r1
version, not just the 5.0-r1 version )

> gtk+-2_revert.patch
> 
> like this:
> 
> # ls -lRa  /etc/portage/patches/app-emulation/
> /etc/portage/patches/app-emulation/:
> total 12
> drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 .
> drwxr-xr-x 7 portage portage 4096 2017-01-13 10:24 ..
> drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 virt-viewer
> 
> /etc/portage/patches/app-emulation/virt-viewer:
> total 20
> drwxr-xr-x 2 portage portage  4096 2017-01-14 09:21 .
> drwxr-xr-x 3 portage portage  4096 2017-01-13 10:24 ..
> -rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch
> #

The right way is (with the same patch):

# ls -lRa  /etc/portage/patches/app-emulation/
/etc/portage/patches/app-emulation/:
total 12
drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 .
drwxr-xr-x 7 portage portage 4096 2017-01-13 10:24 ..
drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 virt-viewer

/etc/portage/patches/app-emulation/virt-viewer-5.0:
total 20
drwxr-xr-x 2 portage portage  4096 2017-01-14 09:21 .
drwxr-xr-x 3 portage portage  4096 2017-01-13 10:24 ..
-rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch
#

where notice the change in this line:

/etc/portage/patches/app-emulation/virt-viewer-5.0:
   ^ ^ ^ ^ ^ ^ ^ ^

and that does not try to patch 3.1-r1
...

And with regard to this:
> but it was still to no avail, because they are starting to implement the new
> API of GTK3, and the GTK2, which in Gentoo and in some other distros is kept
> so dbus is not a dependency, don't have those new calls, functions et cetera.
> 
> If anybody is interested, I attach the install log:
> 
> app-emulation_virt-viewer-5.0-r1_20170113-164725.log.gz
> (that's from /var/log/portage, just I replaced the : with _)
> 
> where it's easy to spot lines like:
> 
> virt-viewer-app.h:47:5: error: unknown type name 'GtkApplicationClass'
> 
> because the new API is missing in GTK2. And the package virt-viewer cannot
> possibly compile.
> 
you can read in the changelog of the source of virt-viewer-5.0, if you
unpack the virt-viewer-5.0.tar.gz, these lines:

/usr/portage/distfiles/virt-viewer-5.0.tar.gz

virt-viewer-5.0/ChangeLog :

[...]

2016-02-15  Fabiano FidĂȘncio  

Drop support to gtk2
The 3.0 release was the last one that still supports GTK2. For the
Windows builds the support to GTK2 was dropped in the previous release.
Let's do the same for the entire project now.

2016-02-15  Pavel Grunt  

display: Use correct variable name
Fix gtk2 build

[...]

All that means more work for our developers, since I don't believe that
the dbus useflag would be invalidated to impose dbus on Gentoo users,
and if anybody knows that GTK3 might ever in the future drop dependency
to dbus, pls. do tell us!

Otherwise, I was able to follow my tip "GUI-less (non-dbus) virt-manager
(to run Tails in Gentoo)" and the attachments thereof to install all
correctly in my Air-Gapped.

But I want to try and install Tails into, and later run it form, either
real or virtual USB storage, and of course, with persistent volume
available, which will all take me more familiarizing with all these
virtualization tools and ways.

The problem is, and it's my grsecurity hardened kernel that's logging it
in my syslog, the installed virtual machine tails domain keeps trying to
connect to, I guess tor nodes, by inexistent, or fake should I say,
subjects, have a look (it's verbose, but it's complete information about
this segment, along with the information that it is what has been
happening consistently for all these hours since the installation, of
course, the IP addresses of the presumed nodes varying all the time as
well):

Jan 14 21:30:01 g0n kernel: [358997.592199] grsec: (root:U:/) exec of
/usr/bin/find (find /var/spool/cron/lastrun -name cron.daily -cmin +1445
-exec rm {} ; ) by /usr/bin/find[run-crons:22618] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:22614] uid/euid:0/0
gid/egid:0/0

[721 lines cut]

Jan 14 21:30:44 g0n kernel: [359041.239800] grsec: (miro:U:/) denied
connect() to 81.7.16.59 port 443 sock type stream protocol tcp by
/var/tmp/portage/app-emulation/qemu-2.8.0/image/usr/bin/qemu-system-x86_64[CPU
0/KVM:5447] uid/euid:1000/1000 gid/egid:1000/1000, parent
/sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Jan 14 21:31:49 g0n kernel: [359106.109822] grsec: (miro:U:/) denied
connect() to 81.7.16.59 port 443 sock type stream protocol tcp by

Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)

2017-01-14 Thread Miroslav Rovis 
One attachment missing...

On 170114-13:06+0100, Miroslav Rovis wrote:
> On 170113-23:50+0100, Miroslav Rovis wrote:
> > I made it!
...
> /etc/portage/patches/app-emulation/virt-viewer:
> total 20
> drwxr-xr-x 2 portage portage  4096 2017-01-14 09:21 .
> drwxr-xr-x 3 portage portage  4096 2017-01-13 10:24 ..
> -rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch
> #

As you can see, I posted the patch, albeit pertaining to the
unsuccessful install, posted just as demo of more troubles ahead with
the opaque dbus thing in GTK3...

But I forgot to post the ebuild with which the patch does the utmost
possible with the GTK2 setup:

virt-viewer-5.0-r1.ebuild.gz

Just for completeness, as I said.

...

> I will next check this in my Air-Gapped, and post errata if any in the next
> email to this, in slow time.

Still more might be pending. If not, the confirmation when I install it
in Air-Gapped.


-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr


virt-viewer-5.0-r1.ebuild.gz
Description: Binary data


signature.asc
Description: Digital signature

Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)

2017-01-14 Thread Miroslav Rovis 
On 170113-23:50+0100, Miroslav Rovis wrote:
> I made it!
> 
> See:
> http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/
> or open:
> $  \
> http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/Screen_170113_2102_g0n_1.webm
> 
> (and also Screen_170113_2102_g0n_2.webm and Screen_170113_2102_g0n_3.webm )
> 

Just the end result of how it worked, you can see at, not much there, at this 
time.

> But there are stories to tell, along with patches to share, and a place
> for a nice bug report, coming.
> 

Main story, or tip, that I hope might be useful to others, in this
email.
---

This was the successful command that started the domain "tails" (pls. note
that I will be converting any commands in this email to fit withing 72
char lines, but they were without those "\" at end, and were one long line
each; I'll also be wrapping pastes such as from /var/log/messages):

[So this was the successful command that started the domain "tails"]:

$ virt-install --name tails --disk tails.img --graphics spice --memory 1024 \
--cdrom tails-i386-2.9.1.iso --livecd --debug |& tee \
virt-install_$(date +%y%m%d_%H%M)_g0n

Also note that the |& tee virt-install_$(date +%y%m%d_%H%M)_g0n is not needed,
but allows me to reconstruct the procedure, to find it in the logs, and of 
course
that redirection (along with the --debug of course) produced the
debugging log named:

virt-install_170113_0701_g0n

(find it gunzip'ed in the attachment)

However, that command didn't start any GUI, since the no-dbus virt-manager has
no GUI whatsoever.

But, as you can see from that log virt-install_170113_0701_g0n:

[Fri, 13 Jan 2017 07:01:37 virt-install 5357] DEBUG (virt-install:732) Domain
state after install: 1

was there made notice of in bottom, and I take it that it means the domain was
created and started.

And it also gave advice as to what can be done about it (on a previous line):

[Fri, 13 Jan 2017 07:01:36 virt-install 5357] WARNING (cli:487) Unable to
connect to graphical console: virt-viewer not installed. Please install the
'virt-viewer' package.

Which I went about installing, which wasn't easy at all, as you can read below.

During all those 14 hours the VM was running, pretty quietly, it didn't leave
much in the logs...

During most of which time thereof I made many unsuccessful attempts at
installing virt-viewer, and eventually I made it to install it, and ran:

$ virt-viewer tails

which shows in the syslog as:

Jan 13 21:02:53 g0n kernel: [270966.343875] grsec: exec of
/usr/bin/virt-viewer (virt-viewer tails ) by /usr/bin/virt-viewer[bash:30436]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:19756]
uid/euid:1000/1000 gid/egid:1000/1000

which is what you can see the screencasts of at:

http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/
(the link already given above)

To be honest, it's not at all so easy to track down exactly how I did it. But
there are a few reasons why I want to do it, the most important being, that I
need to replicate the entire procedure, patches and all, because I completed
this installation in my clone machine, which I also use for test-installs
like this, but the more permanent install I want to do in Air-Gapped [1]
machine, which never goes online, and which installation I can then clone [2]
onto this contacting-with-the-dangerous-and-dirty-internet machine (and other
machines of mine sometimes).

Air-Gapping is complex of course, yes, but it so clean and peaceful.
Especially the updating the Air-Gapped from my local Gentoo mirror with the
portage snapshots signed by the Releng Team. My Air-Gapped is pretty reliably
non-compromised, or at least has been, and continues to be, very difficult to
compromise. And there'll be some strange things to show from this clone,
introduced wih this installation, which don't let me calm and peaceful, there
will be!

Another reason which looke very important to me when I was getting confused if
no-dbus gtk2 virt-manager, along with virt-viewer, was at all possible, is, I
even thought for those hard long hours that it looked impossible, that already
the time was running out to fix
it for everybody, from older packages that would work...

Because there really ended up being no way that I could do it, pls. look it
up:

https://packages.gentoo.org/packages/app-emulation/virt-viewer

with, say, what is currently in testing:

https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-5.0.ebuild

While I tried patching quite a few files in the virt-viewer-5.0 source, it
could never anymore be done without making gtk+-2.0 into more of a gtk+-3.0
just without the dbus dependency, which I am not apt to accomplishing.

Instead, I had to bump into my local portage repo this one:

https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-3.1.ebuild

(of course for both of those --and other packages that I needed to patch--, I
used the local /usr/portage/app-emulation/virt-viewer to get those ebuilds)

and

Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)

2017-01-13 Thread Miroslav Rovis 
I made it!

See:
http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/
or open:
$  \
http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/Screen_170113_2102_g0n_1.webm

(and also Screen_170113_2102_g0n_2.webm and Screen_170113_2102_g0n_3.webm )

But there are stories to tell, along with patches to share, and a place
for a nice bug report, coming.

( only when it's short info, and clear from the title what it's about,
do I top post )

On 170111-21:55+0100, Miroslav Rovis wrote:
> Hi!
> 
> This is my installation of the package virt-manager:
> 
> # equery l virt-manager
>  * Searching for virt-manager ...
> [IP-] [  ] app-emulation/virt-manager-1.4.0-r2:0
> #
> 
> # emerge -pv virt-manager
> 
> These are the packages that would be merged, in order:
> 
> Calculating dependencies ... done!
> [ebuild   R] app-emulation/virt-manager-1.4.0-r2::gentoo  USE="sasl -debug
> -gnome-keyring -gtk -policykit" LINGUAS="-as -bg -bn_IN -bs -ca -cmn -cs -da
> -de -en_GB -es -fi -fr -gu -hi -hr -hu -is -it -ja -kn -ko -ml -mr -ms -nb -nl
> -or -pa -pl -pt -pt_BR -ro -ru -sk -sr -sr@latin -sv -ta -te -tr -uk -vi
> -zh_CN -zh_TW" PYTHON_TARGETS="python2_7" 0 KiB
> 
> Total: 1 package (1 reinstall), Size of downloads: 0 KiB
> #
> 
> Also gunzip the equery_f_virt-manager.txt.gz for the list of files, of which I
> present only those that I will, apparently, have to try and use, once my
> initial query is cleared:
> 
> /usr/bin/virt-clone
> /usr/bin/virt-convert
> /usr/bin/virt-install
> /usr/bin/virt-xml
> 
> While at the list of files, pls. notice that there is no executable named
> 'virt-manager' in my system's virt-manager install:
> 
> # grep -E '\/?bin\/virt-manager' equery_f_virt-manager.txt
> #
> 
> or:
> 
> # grep 'virt-manager$' equery_f_virt-manager.txt
> #
> 
> both return empty.
> 
> If I try sticking:
> echo "app-emulation/virt-manager gtk" >> 
> /etc/portage/package.use/package.use.file
> 
> hopeful to get the GUI, then:
> 
> # emerge -pv virt-manager
> 
> These are the packages that would be merged, in order:
> 
> Calculating dependencies ... done!   
> 
> !!! All ebuilds that could satisfy "x11-libs/gtk+:3[introspection]" have been 
> masked.
> !!! One of the following masked packages is required to complete your request:
> - x11-libs/gtk+-3.22.5::gentoo (masked by: package.mask)
> /etc/portage/package.mask/package.mask.file:
> #media-video/libav
> #gnome-base/gconf
> 
> - x11-libs/gtk+-3.22.4::gentoo (masked by: package.mask)
> - x11-libs/gtk+-3.20.9::gentoo (masked by: package.mask)
> - x11-libs/gtk+-3.18.9::gentoo (masked by: package.mask)
> - x11-libs/gtk+-3.16.7::gentoo (masked by: package.mask, missing keyword)
> 
> (dependency required by "app-emulation/virt-manager-1.4.0-r2::gentoo[gtk]" 
> [ebuild])
> (dependency required by "virt-manager" [argument])
> For more information, see the MASKED PACKAGES section in the emerge
> man page or refer to the Gentoo Handbook.
> 
> #
> 
> And that is a story that I have met many times with many packages, and, in
> short, it hasn't ever been possible to solve it because in my
> security-oriented no-frills true-unix only system I have "-dbus" among other
> useflags:
> 
> # grep -B3 -A6 '\-dbus' /etc/portage/make.conf
> # These are the USE flags that were used in addition to what is provided by 
> the
> # profile used for building.
> USE="a52 alsa apache2 audit bash-completion berkdb bzip2 caps cdr crypt \
>cscope css -dbus dri dvb dvdr fam ffmpeg fontconfig gdbm \
>-geoip gif git -gnome gnutls gpm gstreamer gzip hardened \
>imagemagick -introspection jack jpeg jpeg2k -kde lame libcaca -libav \
>mad maildir mhash mng mplayer ncurses nls ogg opengl -pam png 
> -policykit \
>readline sasl sdl -selinux -systemd sysvipc smp sound sox sqlite 
> sqlite3 \
>ssl subversion svg tiff truetype -udev unicode v4l vim-syntax vorbis \
>X x264 xattr xine xv xvid zlib -pulseaudio"
> 
> (
> A sidenote: notice what is banned with the '-' prefix. It's an
> non-poetterware [1], true-unix only system, and the 'hardened' useflag is of
> course for grsecurity-based hardened system, not for NSA Linux based. Oh
> sorry, I meant SELinux, but NSA, at the turn of the millenium, created SELinux
> just as, say, Mozilla, back in the Netscape days, created Javascript. So it
> should be called that, shouldn't it?
> )
> 
> So I guess, to get Tails installed, the way I will need to follow:
> 
> https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html
> 
> is certainly not literally. Exampli gratia, there is not anything to click at
> at all in my virt-manager, for me to be able to follow, say, let me paste 
> just the
> first step into here from that "advanced_topics" Tails page:
> 
> PASTING->
> Running Tails from an ISO image
> 
> Start virt-manager.
> Double-click on localhost (QEMU) to connect to the QEMU system of your 
> host.
> To create a

[gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)

2017-01-11 Thread Miroslav Rovis 
Hi!

This is my installation of the package virt-manager:

# equery l virt-manager
 * Searching for virt-manager ...
[IP-] [  ] app-emulation/virt-manager-1.4.0-r2:0
#

# emerge -pv virt-manager

These are the packages that would be merged, in order:

Calculating dependencies ... done!
[ebuild   R] app-emulation/virt-manager-1.4.0-r2::gentoo  USE="sasl -debug
-gnome-keyring -gtk -policykit" LINGUAS="-as -bg -bn_IN -bs -ca -cmn -cs -da
-de -en_GB -es -fi -fr -gu -hi -hr -hu -is -it -ja -kn -ko -ml -mr -ms -nb -nl
-or -pa -pl -pt -pt_BR -ro -ru -sk -sr -sr@latin -sv -ta -te -tr -uk -vi
-zh_CN -zh_TW" PYTHON_TARGETS="python2_7" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB
#

Also gunzip the equery_f_virt-manager.txt.gz for the list of files, of which I
present only those that I will, apparently, have to try and use, once my
initial query is cleared:

/usr/bin/virt-clone
/usr/bin/virt-convert
/usr/bin/virt-install
/usr/bin/virt-xml

While at the list of files, pls. notice that there is no executable named
'virt-manager' in my system's virt-manager install:

# grep -E '\/?bin\/virt-manager' equery_f_virt-manager.txt
#

or:

# grep 'virt-manager$' equery_f_virt-manager.txt
#

both return empty.

If I try sticking:
echo "app-emulation/virt-manager gtk" >> 
/etc/portage/package.use/package.use.file

hopeful to get the GUI, then:

# emerge -pv virt-manager

These are the packages that would be merged, in order:

Calculating dependencies ... done!   

!!! All ebuilds that could satisfy "x11-libs/gtk+:3[introspection]" have been 
masked.
!!! One of the following masked packages is required to complete your request:
- x11-libs/gtk+-3.22.5::gentoo (masked by: package.mask)
/etc/portage/package.mask/package.mask.file:
#media-video/libav
#gnome-base/gconf

- x11-libs/gtk+-3.22.4::gentoo (masked by: package.mask)
- x11-libs/gtk+-3.20.9::gentoo (masked by: package.mask)
- x11-libs/gtk+-3.18.9::gentoo (masked by: package.mask)
- x11-libs/gtk+-3.16.7::gentoo (masked by: package.mask, missing keyword)

(dependency required by "app-emulation/virt-manager-1.4.0-r2::gentoo[gtk]" 
[ebuild])
(dependency required by "virt-manager" [argument])
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

#

And that is a story that I have met many times with many packages, and, in
short, it hasn't ever been possible to solve it because in my
security-oriented no-frills true-unix only system I have "-dbus" among other
useflags:

# grep -B3 -A6 '\-dbus' /etc/portage/make.conf
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="a52 alsa apache2 audit bash-completion berkdb bzip2 caps cdr crypt \
 cscope css -dbus dri dvb dvdr fam ffmpeg fontconfig gdbm \
 -geoip gif git -gnome gnutls gpm gstreamer gzip hardened \
 imagemagick -introspection jack jpeg jpeg2k -kde lame libcaca -libav \
 mad maildir mhash mng mplayer ncurses nls ogg opengl -pam png 
-policykit \
 readline sasl sdl -selinux -systemd sysvipc smp sound sox sqlite 
sqlite3 \
 ssl subversion svg tiff truetype -udev unicode v4l vim-syntax vorbis \
 X x264 xattr xine xv xvid zlib -pulseaudio"

(
A sidenote: notice what is banned with the '-' prefix. It's an
non-poetterware [1], true-unix only system, and the 'hardened' useflag is of
course for grsecurity-based hardened system, not for NSA Linux based. Oh
sorry, I meant SELinux, but NSA, at the turn of the millenium, created SELinux
just as, say, Mozilla, back in the Netscape days, created Javascript. So it
should be called that, shouldn't it?
)

So I guess, to get Tails installed, the way I will need to follow:

https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html

is certainly not literally. Exampli gratia, there is not anything to click at
at all in my virt-manager, for me to be able to follow, say, let me paste just 
the
first step into here from that "advanced_topics" Tails page:

PASTING->
Running Tails from an ISO image

Start virt-manager.
Double-click on localhost (QEMU) to connect to the QEMU system of your host.
To create a new virtual machine, choose File -> New Virtual Machine.
In step 1, choose Local install media (ISO image or CDROM).
In step 2, choose:
Use ISO image, then Browse..., and Browse Local to browse for the ISO 
image that you want to start from.
OS type: Linux.
Version: Debian Wheezy.
In step 3, allocate at least 1024 MB of RAM.
In step 4, disable storage for this virtual machine.
In step 5:
Type a name for the new virtual machine.
Click Finish to start the virtual machine.
->PASTED

Instead, I fear that I am left to these:

/usr/bin/virt-clone
/usr/bin/virt-convert
/usr/bin/virt-install
/usr/bin/virt-xml

to accomplish the above GUI tasks, but translated