[qubes-devel] Re: [GSoC] Qubes-MIME-Handlers Weekly Progress Report #3
On 06/22/2017 12:21 PM, Marek Marczykowski-Górecki wrote: > On Thu, Jun 22, 2017 at 02:49:28AM -0700, Andrew Morgan wrote: >> On 06/22/2017 02:08 AM, Marek Marczykowski-Górecki wrote: >>> On Thu, Jun 22, 2017 at 01:50:56AM -0700, Andrew Morgan wrote: That may be useful to users who want to keep certain files in their ~/Downloads folder without having to open them in a DispVM every time. >>> >>> IMO the user should move the file out of Downloads first to have this >>> effect. >>> > >> Fair enough, I suppose we could simply prevent a user from marking a >> file as trusted if it's in a untrusted directory? What if the user >> manually removed the xattrs? Our daemon may have to do more work to make >> sure all files in untrusted folders are always untrusted... > > IMO daemon should restore untrusted xattr in that case (it's just one > another INOTIFY flag). But see the other thread. > > Additionally, qvm-file-trust is written in python3, while the unittest files are written in python2. Do you forsee this as a problem? Should I convert to py2? Thanks, Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oj1qmn%24e2o%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-devel] Re: [GSoC] Qubes-MIME-Handlers Weekly Progress Report #3
On 06/22/2017 12:21 PM, Marek Marczykowski-Górecki wrote: > On Thu, Jun 22, 2017 at 02:49:28AM -0700, Andrew Morgan wrote: >> On 06/22/2017 02:08 AM, Marek Marczykowski-Górecki wrote: >>> On Thu, Jun 22, 2017 at 01:50:56AM -0700, Andrew Morgan wrote: That may be useful to users who want to keep certain files in their ~/Downloads folder without having to open them in a DispVM every time. >>> >>> IMO the user should move the file out of Downloads first to have this >>> effect. >>> > >> Fair enough, I suppose we could simply prevent a user from marking a >> file as trusted if it's in a untrusted directory? What if the user >> manually removed the xattrs? Our daemon may have to do more work to make >> sure all files in untrusted folders are always untrusted... > > IMO daemon should restore untrusted xattr in that case (it's just one > another INOTIFY flag). But see the other thread. > > Hey Marek, I'm starting to write some unit tests for qvm-file-trust. I found a page in the documentation on unit tests (https://www.qubes-os.org/doc/automated-tests/), and from what I can see all the tests are in qubes-core-admin. The tests in the repo seem pretty high level, more at the VM level. For testing the cli tool, should I create a new file or integrate into one of the existing ones? Also I noticed that most of the files seem to be gone in the master branch as opposed to release3.2. Is it a good idea to base on release3.2 or will those files be permanently gone in R4? Thanks, and apologies for the slight delay in the latest weekly update, had some major sunburn from the beach that slowed down my productivity a bit :) Should be out tomorrow. Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oj1qgf%249am%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-devel] Re: [qubes-users] Re: Request for feedback: 4.9 Kernel
On 06/15/2017 04:51 PM, Zrubi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/15/2017 10:02 PM, Reg Tiangha wrote: On 06/15/2017 01:53 PM, Zrubi wrote: Maybe it is a know issue, but: online netvm change on a disposable VM is also broken on the latest 4.9 VM kernel. (Qubes Manager shows it is changed, but not working in practice) I've *never* ever had this work for me (although it might have worked once in R3.0 or something old like that); I've always had to shut down the Disp VM first, alter the dvm template, and then start up a new one in order to change NetVMs. well this is such a basic feature I would go crazy if that would not work... I'm using this feature from the beginning. And it was always working in general. I remember for some broken kernel releases. But this feature should work in general. As it is working with my setup, in case of kernel VM 4.4 - but not in case of VM kernel 4.9 I noticed this, too. So reverting a dispVM's template back to 4.4 should fix it? -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/3915cfa4-50e1-be0f-c615-8f837cc13971%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0
On Jun 28, 2017 20:16, "Marek Marczykowski-Górecki" < marma...@invisiblethingslab.com> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 07:58:24PM -0400, Outback Dingo wrote: > successful... now lets see what it does -rw-r--r-- 2 dingo dingo > 1265631232 Jun 28 19:57 Qubes-DVD-x86_64-20170628.iso Hmm, it's a bit small. Should be about 3GB. I guess templates are not included. Have you built them? Check qubes-src/linux-template-builder/rpm/noarch - if its empty, execute "make template", then "make iso" again. I configured it for only F25 templates it's installing now also during the install I noticed it only gave me a gui option for xfce not kde I'll know more in 10 mins - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZVEbcAAoJENuP0xzK19cs4+IH/RV2Ruj6W9ds+Ex3BAGMirq2 ZpnvsD+C7DHblHVdHsCMDTdpola0V/uR8JRTYBvd5muk2yV6TLRTPiMoOjna2k/M Z546aQA7RJGxrNmXwbW/FCThcHmNO7s0sETBNa11YcYkDWegyHnuzb/PHzaj2qCJ ZlIAiliml3Uz0mYlHj1FFT8QLAbOZ++66daO1vJnPk2cZs8PPM7/YnrJ//6Hy+me kULJ8Nc42yuJI4aCteuJi4IlgtpXkQyOEFHobEUaNeb5NOuehz5+oXoEojAp2YKc KGFt/wz/TCFmISZNcFPm/omHe6jTssK5QqHebLDUWZqR1yFeTbvHYh4Q2A0eIzE= =ga4A -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CAKYr3zzHVVjM6BjbGUK%3DZZLupWAgdOBpPU8eJdaRptOjnjD14w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 07:58:24PM -0400, Outback Dingo wrote: > successful... now lets see what it does -rw-r--r-- 2 dingo dingo > 1265631232 Jun 28 19:57 Qubes-DVD-x86_64-20170628.iso Hmm, it's a bit small. Should be about 3GB. I guess templates are not included. Have you built them? Check qubes-src/linux-template-builder/rpm/noarch - if its empty, execute "make template", then "make iso" again. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZVEbcAAoJENuP0xzK19cs4+IH/RV2Ruj6W9ds+Ex3BAGMirq2 ZpnvsD+C7DHblHVdHsCMDTdpola0V/uR8JRTYBvd5muk2yV6TLRTPiMoOjna2k/M Z546aQA7RJGxrNmXwbW/FCThcHmNO7s0sETBNa11YcYkDWegyHnuzb/PHzaj2qCJ ZlIAiliml3Uz0mYlHj1FFT8QLAbOZ++66daO1vJnPk2cZs8PPM7/YnrJ//6Hy+me kULJ8Nc42yuJI4aCteuJi4IlgtpXkQyOEFHobEUaNeb5NOuehz5+oXoEojAp2YKc KGFt/wz/TCFmISZNcFPm/omHe6jTssK5QqHebLDUWZqR1yFeTbvHYh4Q2A0eIzE= =ga4A -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170629001627.GW1268%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0
successful... now lets see what it does -rw-r--r-- 2 dingo dingo 1265631232 Jun 28 19:57 Qubes-DVD-x86_64-20170628.iso On Wed, Jun 28, 2017 at 7:24 PM, Marek Marczykowski-Górecki <marma...@invisiblethingslab.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Thu, Jun 29, 2017 at 01:04:12AM +0200, Wojtek Porczyk wrote: >> On Thu, Jun 29, 2017 at 12:07:04AM +0200, Marek Marczykowski-Górecki wrote: >> > On Wed, Jun 28, 2017 at 11:41:38PM +0200, Wojtek Porczyk wrote: >> > > On Wed, Jun 28, 2017 at 04:40:53PM -0400, Outback Dingo wrote: >> > > > Does Anyone have a recent build iso of Qubes 4.0 I can try, Ive tried >> > > > building it unsuccessfully drama in another thread. I just want to >> > > > verify my networking issues are resolved. >> > > >> > > I don't think it exists. The one I'm currently working off has >> > > non-installable >> > > templates (rpms from R3.2 can't be used on R4.0 because of some problems >> > > with >> > > post-installation, so I run the internal tools more or less manually) and >> > > there is no Manager. >> > >> > Wojtek, I've already uploaded qubes-template-fedora-25 to templates-itl >> > for R4.0. And unless you want to use grub installed there, it works ;) >> >> Oooh, and >> https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170615.iso{,.asc} >> could be usable? :P > > Depends on definition of "usable". One issue is that the image include > wrong template (with R3.2 repository definitions)... > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJZVDqdAAoJENuP0xzK19csbr4H/2xqFfOZ0taIJ0sMYdUyu4jj > AwHYmTAooSjGSA9xjA8CB1folc9YNqRK4xDYEaOffs8wRZIFKzQ9jU88JPOQ5n8W > iCIhUxMiN3/vEgRw9jIfskIXz34fmmuWALXSwmw9Tq8vv8KquokXK4FqpAwWHjjI > yooeqj8OH19sf6aDOam63tHYMo3+DOvAW7JgMwCzFbtN+w+gSkI7B311f3a/4P23 > SkBu4C4yEPXdCUmfl1rXm/nGjRIR1f3q+ies/0VeLPNhBCVWPIQQm6OhxMPpUHwU > rO5NfXubouCEKvNQFgZY3FNypKGOzEKby9lnDkIDZk0RJP+s0LO3qAj2kheY4q0= > =sRL1 > -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CAKYr3zzQeSLbLCemy4gn0jkmiAd2S5FAuS6idDf3EJ2g%2BstEsg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 29, 2017 at 01:04:12AM +0200, Wojtek Porczyk wrote: > On Thu, Jun 29, 2017 at 12:07:04AM +0200, Marek Marczykowski-Górecki wrote: > > On Wed, Jun 28, 2017 at 11:41:38PM +0200, Wojtek Porczyk wrote: > > > On Wed, Jun 28, 2017 at 04:40:53PM -0400, Outback Dingo wrote: > > > > Does Anyone have a recent build iso of Qubes 4.0 I can try, Ive tried > > > > building it unsuccessfully drama in another thread. I just want to > > > > verify my networking issues are resolved. > > > > > > I don't think it exists. The one I'm currently working off has > > > non-installable > > > templates (rpms from R3.2 can't be used on R4.0 because of some problems > > > with > > > post-installation, so I run the internal tools more or less manually) and > > > there is no Manager. > > > > Wojtek, I've already uploaded qubes-template-fedora-25 to templates-itl > > for R4.0. And unless you want to use grub installed there, it works ;) > > Oooh, and > https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170615.iso{,.asc} > could be usable? :P Depends on definition of "usable". One issue is that the image include wrong template (with R3.2 repository definitions)... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZVDqdAAoJENuP0xzK19csbr4H/2xqFfOZ0taIJ0sMYdUyu4jj AwHYmTAooSjGSA9xjA8CB1folc9YNqRK4xDYEaOffs8wRZIFKzQ9jU88JPOQ5n8W iCIhUxMiN3/vEgRw9jIfskIXz34fmmuWALXSwmw9Tq8vv8KquokXK4FqpAwWHjjI yooeqj8OH19sf6aDOam63tHYMo3+DOvAW7JgMwCzFbtN+w+gSkI7B311f3a/4P23 SkBu4C4yEPXdCUmfl1rXm/nGjRIR1f3q+ies/0VeLPNhBCVWPIQQm6OhxMPpUHwU rO5NfXubouCEKvNQFgZY3FNypKGOzEKby9lnDkIDZk0RJP+s0LO3qAj2kheY4q0= =sRL1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628232412.GV1268%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 29, 2017 at 12:07:04AM +0200, Marek Marczykowski-Górecki wrote: > On Wed, Jun 28, 2017 at 11:41:38PM +0200, Wojtek Porczyk wrote: > > On Wed, Jun 28, 2017 at 04:40:53PM -0400, Outback Dingo wrote: > > > Does Anyone have a recent build iso of Qubes 4.0 I can try, Ive tried > > > building it unsuccessfully drama in another thread. I just want to > > > verify my networking issues are resolved. > > > > I don't think it exists. The one I'm currently working off has > > non-installable > > templates (rpms from R3.2 can't be used on R4.0 because of some problems > > with > > post-installation, so I run the internal tools more or less manually) and > > there is no Manager. > > Wojtek, I've already uploaded qubes-template-fedora-25 to templates-itl > for R4.0. And unless you want to use grub installed there, it works ;) Oooh, and https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170615.iso{,.asc} could be usable? :P - -- pozdrawiam / best regards _.-._ Wojtek Porczyk .-^' '^-. Invisible Things Lab |'-.-^-.-'| | | | | I do not fear computers,| '-.-' | I fear lack of them.'-._ : ,-' -- Isaac Asimov `^-^-_> -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZVDXpAAoJEL9r2TIQOiNR6HkP/1Uyw78uuQRVy9KAHGAK39RS QRP7f3hLI/uDnfG+svQd7QTdzywsq/EMKICjDZbhXDN+bAbO6AGZCkYJTdmrRSvf pcSvepwMQXePeSHaTvmIo4DawYkbjHt+wY4hg8qDp8x2XkYtHw/CQkJ5H7YgQQGy DbTBLYN+JZ3eqvWDbfuxIA8YKYkuyQmsGMu4JUQsKvemQm2kIFVb4awiZQ2mwCB+ 3HUUA4YWGvHkmUCBtoixJ26qimMWkVsV9fq4bxkEWY5l+qVhT6f8LWRDA6QfANHV NnuiHUJQuDGs5tc6TY+pHQTYcTST9Hvxcc3WMcgNDTnYintOWxvZUYoTOaAiigNW sVd03HU5sY/sU5hcBl4IpEAJ9jW658gahv2vuKXKOqwuED6Mk24Q2kBsvT8VjZgL Gc7VnkVgDQ/K//Szwfl9dBPLqyT8bzpvzCWd5y9GVuhq1e3jC2qQQCtbuBh8mel9 FK/2JUlY4pCFIPvhtXKzFrhwP3QJMtIxM5p/ssWAELEX2OPoDbaJ7dNAM0qQAdEP iZbYyoEeAuvcjWhkGoTgGFBXGB0dy0xLCrEckp2j2/Sr3ervCWy9lfSN4tT9brwQ OtIJU2WO1ajWP1Jzu9RcfqBt7P39j83rnjfTfAtepz+UkQOWOtpCED9LdpAS+N8R BSP5QXkztFpe1NOHrnCu =S6fe -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628230412.GG2697%40invisiblethingslab.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 11:41:38PM +0200, Wojtek Porczyk wrote: > On Wed, Jun 28, 2017 at 04:40:53PM -0400, Outback Dingo wrote: > > Does Anyone have a recent build iso of Qubes 4.0 I can try, Ive tried > > building it unsuccessfully drama in another thread. I just want to > > verify my networking issues are resolved. > > I don't think it exists. The one I'm currently working off has non-installable > templates (rpms from R3.2 can't be used on R4.0 because of some problems with > post-installation, so I run the internal tools more or less manually) and > there is no Manager. Wojtek, I've already uploaded qubes-template-fedora-25 to templates-itl for R4.0. And unless you want to use grub installed there, it works ;) > And bugs. Not much, but some annoying. > > Looks like we're going to deliver on Andrew's promise with a slight delay. As always... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZVCiJAAoJENuP0xzK19csIPcIAJRG2b97QKYWeIU3JDtI+jAR uDIYPfayGlQNK80Q9i52bIffXhfU8CTFGXCfG29tzTuNkBbqJKY1Yhm87WreLHjT 7ujqOIgcRXfCk3WEwRMxzDcePCxmtgYA+SrV5IvTNCovHwzJTBDcvjXwg/yYpA8W d97YikdTVVm4YpRlHHhzjC9sYoPhzCEXBECTpS9h7I2h5VfGp8+sCSWSqNG/5bY1 XaV7RJZcF56hJqdQLf9mdgE/zYsuLkIpEfiw1i6Qi/Yf1eety4VlGP/v7xH5z23L 6hZvQxGk9GdkLm3l9aFmziNVu1w47JOyt3TaS5CfiQYZTay0xw+khdOppPcqmLw= =XdTq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628220704.GU1268%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Stack-clash kernel vuln & patches
On Wed, 28 Jun 2017, Reg Tiangha wrote: > Yeah, that was me screwing up by making a commit but forgetting to > upload the file. I'm still a git newb so I didn't know how to delete or > revert properly (if there's a good online guide, please point me to the > right direction); I didn't know the main branch had already applied the > fix before I did my version. I almost just want to delete my version and > re-fork the master one; would that be too extreme, or is there an easier > way to clean that up? Your friends in history tweaking are: git reset --hard commitid git commit --amend Also the other variants of git reset (mixed & soft) can be useful from time to time. I strongly recommend running git status prior to any git reset --hard as you'll lose any not yet committed state with that command forever. ...And if you've already pushed to github, a forced push is needed to replace the previous version with the cleaned up version of the history: git push -f Some care is needed with forced pushes though. If Marek has already merged something from you, you should generally not force push anything more ancient than what he merged (you cannot edit the history he merged unless he also rewrites his repo which would cause troubles for all who track those repos). In addition, if you forget what commitids previously were at HEAD (when doing a complex rewrite), git reflog gives you a list of the previous hashes. You can always git reset --hard originalcommitid if you were not satistified with the history rewrite. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/alpine.DEB.2.20.1706290032470.29933%40whs-18.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 04:40:53PM -0400, Outback Dingo wrote: > Does Anyone have a recent build iso of Qubes 4.0 I can try, Ive tried > building it unsuccessfully drama in another thread. I just want to > verify my networking issues are resolved. I don't think it exists. The one I'm currently working off has non-installable templates (rpms from R3.2 can't be used on R4.0 because of some problems with post-installation, so I run the internal tools more or less manually) and there is no Manager. And bugs. Not much, but some annoying. Looks like we're going to deliver on Andrew's promise with a slight delay. - -- pozdrawiam / best regards _.-._ Wojtek Porczyk .-^' '^-. Invisible Things Lab |'-.-^-.-'| | | | | I do not fear computers,| '-.-' | I fear lack of them.'-._ : ,-' -- Isaac Asimov `^-^-_> -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZVCKRAAoJEL9r2TIQOiNRz9oP/jooiVHbwAyNUQ/weVIlrFY7 ETLpgvDASqGNqUCxD0CXlKA4UB1oA8VvkJAhYSfDKJ5dQ1JzvC5Lkfe8CVuUqhUz yKwJUoBjmj2OSeW/5klKgZ9IE/kcXB2aCw37pXM7IZA/3FtT9g7RHtH5UFeSH6zX mjyWALWVWEtuoqwFvgiV1E/1u0r7V+yvD2Ans5u/3M1wWgXBTUDGWL9zPldEZwBi 3l9GsfL6M7TO55UkEukK/jVvy489yodYO5ntDiXOQXE3DNcbsNirqHm1R/7yr0lr 8RYe5z2uiBM6Fa4hpDSLX9wmJM+i6X0m6q9WQjXvlyffpK++rvLLFjqZxIFmnmz/ rLXaEw0K7DW5vGklpRGUXhzHVraxeOjoUoBuGAbhVPMeqCEKu4LRatgMnuV3ePGI +PBq7P057cEpoztfeuyJKHLtEwPkXR2O5UY+ErmzXunMHtBp387Uz8wXcnjrKDgc HyYr4IYsNwsd2o1Dp9lwpl8WDjYQpZS5GCMlsznVe6yJEIJgnS0dbkzbAxjkYu0H DSMqTIElFUKNagf1El7WIbozZqmoGaL6EGcbTRzC/NLa7KDmZdXxnUhB4P7g/Wzv 4KT9P1s9dhxsYvVxHcvkhRASWLsiwbwF6q7f4nA9OwJ7GNEcXMGiBzyv2GyOdead cJj6Dq2d0R18yV49la4+ =jI7V -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628214137.GF2697%40invisiblethingslab.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0 built from git fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 10:52:33PM +0200, Marek Marczykowski-Górecki wrote: > On Wed, Jun 28, 2017 at 11:31:48AM -0400, Outback Dingo wrote: > > still a struggle It wasn't easy to write, so why should it be easy to compile. /s - -- pozdrawiam / best regards _.-._ Wojtek Porczyk .-^' '^-. Invisible Things Lab |'-.-^-.-'| | | | | I do not fear computers,| '-.-' | I fear lack of them.'-._ : ,-' -- Isaac Asimov `^-^-_> -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZVB/gAAoJEL9r2TIQOiNRDpoP/2ZZ6dBPE/0Dz0lbGvOSIhIm 9HxvC5RWKZs5qSxjiuPf/KGwPZ3NRXLeooX9lDRFMvtVR0g+9/GNK0XgQymoEGtw Zf3gDpFPXMygONBbOonfLnksVzzjM0G+UuycoNFVRUTLtiGMC4RH0woyTBsahW6o LT8jtaeNEVTJ4hfF1UCfSyMUGygit9mrhiBS+cs2ip23tYfuH1U95N/HpKxvI+Xq GTDktlW7PSel88lgGSWH1QlnMJBLaOp8zMwc0bm9cTh/Uf+0wlZPGkU9svT7Aef9 nSuqUU9hrPMH6WOmLvJMkgYKfV+HuPRIXucDdp/li0brjiApA46l14J/KMgKeqK5 hRKmvo8wecVEsgI9sWZTgzTxqAHy8aLAIa9zWw05wYYtJ/u0QU70FHiSphsWJkfW YE9ACKbtQQtPWfpMSETctXKMGdeBgE9ZadUEZ3pCdxIcVMXAhSuWAiwt+3TB3IGH l0QuM7Nbkiuh0j2E3M3d+yM1CfjNdaXTK+zAqWFYq7lvp5v2/YGb253J9e55vXrC xEJ4xn5Nvh5n4G2eu7tHb1XAXVLQmZ89j0HgWdLK0rzoubYPNZJWQxtUjCKfdi5G zCxNzR73BXdS27c6iRNoqPTqJGgK4TVpWgk8wU4TTVKklRbFBN981w/2g0lKVS8u e90Rz91+zuzhlw3aqMiS =rZaS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628213007.GE2697%40invisiblethingslab.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Stack-clash kernel vuln & patches
On 06/28/2017 03:14 PM, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Jun 28, 2017 at 02:59:03PM -0600, Reg Tiangha wrote: >> On 06/28/2017 01:42 PM, Chris Laprise wrote: >>> Are the latest kernels in testing patched for CVE-2017-1000364? >>> >>> Some info... >>> >>> https://www.darkreading.com/vulnerabilities---threats/stack-clash-smashed-security-fix-in-linux-/d/d-id/1329193 >>> >>> >>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 >>> >> The one in testing probably isn't. Those fixes weren't introduced until >> 4.9.34 (or 4.4.74 and 4.11.7) which were introduced a few days ago. They >> compile easily enough with all existing Qubes/Xen patches, though so if >> you have the capability of compiling your own kernel, just incrementing >> the number in the version file is enough. > Reg, as you do track kernel changes, would you mind sending pull > requests when you think it's worth updating kernel in Qubes repo? > I'm not sure if we want to upload every single stable update, as it will > probably never get out of testing ;) but for example 4.9.34 would be a > good idea for the reason above. > > And for this, I'd like to have slightly cleaner git history - for > example you have applied XSA 216 patch twice. After already being > applied in QubesOS/qubes-linux-kernel repository... > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJZVBw6AAoJENuP0xzK19csNnkIAJGIaznPOS/8Ir7PkEZAXWp8 > KjejFM4n6O9p0j3IRcLAHmlYmDsXQGb9gKSCs3RPLMSVvlqNMiGMvoDVYpo5XoEP > dmy7o3M2koKlT1rjsqwj6IhJN4E+ZaqrhrogLnQOPQnoDOOVQ7BF+o8kF0Ms/xb6 > 11jGtL1v7AjydqM+P9JpadjderBhi3Kfx7nQ8sT3VDHQW36vBZ0z72LIUuITPSPo > XT3dybSqUsYJxNGxpWdjIF2L3VYB+2EAI638QVh9IEF8SR9B/XrQ6mEMwTN+0d3k > /wT9UVC0bJfK0ArsY3CztRxRywvVuNAHmjynKleQzSk44b1HiHV6bgCQ5aR6OgE= > =S86f > -END PGP SIGNATURE- > Yeah, that was me screwing up by making a commit but forgetting to upload the file. I'm still a git newb so I didn't know how to delete or revert properly (if there's a good online guide, please point me to the right direction); I didn't know the main branch had already applied the fix before I did my version. I almost just want to delete my version and re-fork the master one; would that be too extreme, or is there an easier way to clean that up? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oj16ff%2428i%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Stack-clash kernel vuln & patches
On 06/28/2017 02:59 PM, Reg Tiangha wrote: > On 06/28/2017 01:42 PM, Chris Laprise wrote: >> Are the latest kernels in testing patched for CVE-2017-1000364? >> >> Some info... >> >> https://www.darkreading.com/vulnerabilities---threats/stack-clash-smashed-security-fix-in-linux-/d/d-id/1329193 >> >> >> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 >> > The one in testing probably isn't. Those fixes weren't introduced until > 4.9.34 (or 4.4.74 and 4.11.7) which were introduced a few days ago. They > compile easily enough with all existing Qubes/Xen patches, though so if > you have the capability of compiling your own kernel, just incrementing > the number in the version file is enough. > > Well actually, I might be mistaken. There could be some preliminary fixes in the version that's in current-testing (4.9.33) but more comprehensive fixes were introduced in the latest round of kernel updates by upstream (i.e. 4.9.34). In the short term, one can mitigate a little bit by manually setting RLIMIT_STACK and RLIMIT_AS values of local users and remote services to low values. https://arstechnica.com/security/2017/06/12-year-old-security-hole-in-unix-based-oses-isnt-plugged-after-all/ -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oj168f%24pde%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Stack-clash kernel vuln & patches
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 02:59:03PM -0600, Reg Tiangha wrote: > On 06/28/2017 01:42 PM, Chris Laprise wrote: > > Are the latest kernels in testing patched for CVE-2017-1000364? > > > > Some info... > > > > https://www.darkreading.com/vulnerabilities---threats/stack-clash-smashed-security-fix-in-linux-/d/d-id/1329193 > > > > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 > > > > The one in testing probably isn't. Those fixes weren't introduced until > 4.9.34 (or 4.4.74 and 4.11.7) which were introduced a few days ago. They > compile easily enough with all existing Qubes/Xen patches, though so if > you have the capability of compiling your own kernel, just incrementing > the number in the version file is enough. Reg, as you do track kernel changes, would you mind sending pull requests when you think it's worth updating kernel in Qubes repo? I'm not sure if we want to upload every single stable update, as it will probably never get out of testing ;) but for example 4.9.34 would be a good idea for the reason above. And for this, I'd like to have slightly cleaner git history - for example you have applied XSA 216 patch twice. After already being applied in QubesOS/qubes-linux-kernel repository... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZVBw6AAoJENuP0xzK19csNnkIAJGIaznPOS/8Ir7PkEZAXWp8 KjejFM4n6O9p0j3IRcLAHmlYmDsXQGb9gKSCs3RPLMSVvlqNMiGMvoDVYpo5XoEP dmy7o3M2koKlT1rjsqwj6IhJN4E+ZaqrhrogLnQOPQnoDOOVQ7BF+o8kF0Ms/xb6 11jGtL1v7AjydqM+P9JpadjderBhi3Kfx7nQ8sT3VDHQW36vBZ0z72LIUuITPSPo XT3dybSqUsYJxNGxpWdjIF2L3VYB+2EAI638QVh9IEF8SR9B/XrQ6mEMwTN+0d3k /wT9UVC0bJfK0ArsY3CztRxRywvVuNAHmjynKleQzSk44b1HiHV6bgCQ5aR6OgE= =S86f -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628211433.GS1268%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0 built from git fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 11:31:48AM -0400, Outback Dingo wrote: > On Wed, Jun 28, 2017 at 7:03 AM, Marek Marczykowski-Górecki >wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Wed, Jun 28, 2017 at 06:53:30AM -0400, Outback Dingo wrote: > >> -> Installing core RPM packages... > >> /var/tmp/rpm-tmp.UBUWVQ: line 9: grep: command not found > >> /var/tmp/rpm-tmp.UBUWVQ: line 16: grep: command not found > >> Failed to connect to bus: No such file or directory > >> Failed to set locale, defaulting to C > >> Package dnf-1.1.10-6.fc25.noarch is already installed, skipping. > >> Package dnf-plugins-core-0.1.21-5.fc25.noarch is already installed, > >> skipping. > >> Running in chroot, ignoring request. > >> groupadd: GID '0' already exists > >> make[1]: *** > >> [/home/dingo/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:81: > >> /home/dingo/qubes-builder/chr > >> oot-fc25/home/user/.prepared_base] Error 1 > >> make[1]: Leaving directory '/home/dingo/qubes-builder' > >> make: *** [Makefile:221: vmm-xen-dom0] Error 1 > >> [root@localhost qubes-builder]# > > > > Run the build as normal user (it will use sudo where really necessary). > > > > still a struggle > -> Building meta-packages (rpm_spec/qubes-vm-meta-packages.spec) for > fc25 vm (logfile: build-logs/meta-packages-vm > -fc25.log) > --> Done: > > qubes-src/meta-packages/pkgs/fc25/noarch/qubes-repo-contrib-4.0.0-1.fc25.noarch.rpm > > qubes-src/meta-packages/pkgs/fc25/noarch/qubes-vm-dependencies-4.0.0-1.fc25.noarch.rpm > > qubes-src/meta-packages/pkgs/fc25/noarch/qubes-vm-recommended-4.0.0-1.fc25.noarch.rpm > ln: failed to access > 'pkgs/fc25/noarch/qubes-desktop-linux-common-3.2.0-1.fc25.noarch.rpm': > No such file or direct > ory > ln: failed to access > 'pkgs/fc25/noarch/qubes-menus-3.2.0-1.fc25.noarch.rpm': No such file > or directory > make[1]: *** > [/home/dingo/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:166: > update-repo-do] Error 1 > make: *** [Makefile:294: template-local-fc25] Error 1 Oh, looks like order in COMPONENTS is wrong. Put desktop-linux-common before linux-template-builder. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZVBcSAAoJENuP0xzK19cs4foH/A0ApfliAaiU7x+aNm9mcJIw YvvXfBxIJbTHfmjLnD34/cpcjh3XPBEg9Fe/359N35xACHgbbVD7go1drf9RJvUZ OebzUjRotjcmeV6MGcBtwNdAHuWmYMURegJgl6qgIJNVVtdIv7Ttsg+o0/Dbypk0 YKW8NumrPiZ4YMW81wEZ3BhNfFOFjG7Dsn87ilqC1lgfKa3Hrkphy7QunZMAaMBt 4NMy1xujWXNmt6dR38shapYTfeVedjBXHmfe1Nqub1hHITbVIbOPiLyDoSiuUgA7 mm0jP8fQsWCWm0G6IzOvUrXzLR5bcaSJZn+Ia5E3TvOBeqEL13G0dxksIe0dK0I= =fSrV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628205233.GB3857%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Qubes 4.0
Does Anyone have a recent build iso of Qubes 4.0 I can try, Ive tried building it unsuccessfully drama in another thread. I just want to verify my networking issues are resolved. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CAKYr3zwrQoSzc0WgesKNOmoSxBgqqrNnOrSmRQyqUSDOLQGFVQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: [GSoC] Progress report: Anti Evil Maid enhancements
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Andrew Morgan: > (For some reason your reply doesn't show up in mailing list, so replying > with it quoted below) Ah what is the matter with Google Groups and my e-mail address. > Heh, I need to stop replying to emails in the wee hours of the > morning... Thought you just needed a script tested or whatnot. > > That being said, while it is my main work laptop, t if all that happened > was the RAM cracked it wouldn't be too expensive to replace. Anything > else would be bad though, since I'm doing my own GSoC project on here :P I probably wouldn't try this with my main system. There could be other issues, such as condensation. > What may be tricky is what to do after the DRAM contents have > been frozen. Does one just plug it in to a running Desktop system and > execute some software to scan the contents? For the SCLEAN test, it would all happen inside a single notebook: 1. Boot in AEM mode, without dom0_mem=max:4096 2. Turn off swap space and shut down all VMs 3. Run some small program in dom0 that allocates as much memory as possible and fills it with a pattern 4. Cool down RAM modules, unplug disk, and power cycle 5. Boot memory scraper from another disk, and see if the pattern is still present - if it is, SCLEAN has been ineffective > This article states that cold boot attacks against DDR3 systems are > much less feasible than DDR1/2. Would it even work if we tried? > > https://darkwebnews.com/security-guide/cold-boot-attacks-unencrypted-ram > -extraction/ With t=0 seconds between power off and power on (what they call "warm reset" in the quoted paper [1]), they say it worked even with DDR3 RAM. But it's good to know that transplanting DDR3 RAM turned out to be pointless! Thanks for the link. Rusty 1. https://www1.cs.fau.de/filepool/projects/coldboot/fares_coldboot.pdf -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJZVAEBXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfaGQP/3sZguIoGBYlV0XklUvd2VYM po6okxWjvmAh35d/TRFvkIkKVLmCmq62+kZ2HQDhjebuQm4se+9TJDphyhUHecDx IVjIZei68F+ln9ziTBPz4ctymTmDZjdEO9NFeKv/ZQqgmOZvr2JNN+wKJKz/T57b vnvLyp2ubb+oXQ+wJ3NcGudnhjQqbDYsgQmWCkXmUcMsI3BT/4KHNB1SDgpvmDBk 8ic6/ViyrZXqsJSZf7qZOT2dZ+5OcBSZgYp6MKRRsCo3vJOqKfSscr+f3QCdnU5I HlBEgoWIkiSWLLOxcNYUvksUHy52kz3vr24TmYgK0G0ewblqKQeem/7PJCIZJ2M3 FZC0Q2E2Tzj7BLL4Rfdkyh+O/EDMiwI43Qr1was9bADQ/L2z8qMlsODafzb6pz+X 5KDf9gNJRjOGUV+r6I39PCz9TLO+zrBNUUJCVC8C8CL0fKHy06EPh0m9LXxehDt1 bwHR3vPFMj4+87MoWH+fWgqkogEM+VVoNTTaxOWM2jPF2EJ4bje7MxCfOdb2+qqM 7MBpBJVoQ7YRhVxtWGMOmJN3EkijajD3scEpaN9Li8mAh8PzFdvOTXFzXehOVUma usvUzPf0nJmFkDL1q/K1tL5RyEgLvH/ypZPs65ArOJNDlBhBQI3wfucHDLMDWUNG K6BZSGXO+IE1bkqcrVME =bvnr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628191358.GA1016%40mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Stack-clash kernel vuln & patches
Are the latest kernels in testing patched for CVE-2017-1000364? Some info... https://www.darkreading.com/vulnerabilities---threats/stack-clash-smashed-security-fix-in-linux-/d/d-id/1329193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/3360f483-e399-0962-6087-48603d404d6e%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0 built from git fails
On Wed, Jun 28, 2017 at 7:03 AM, Marek Marczykowski-Góreckiwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Jun 28, 2017 at 06:53:30AM -0400, Outback Dingo wrote: >> -> Installing core RPM packages... >> /var/tmp/rpm-tmp.UBUWVQ: line 9: grep: command not found >> /var/tmp/rpm-tmp.UBUWVQ: line 16: grep: command not found >> Failed to connect to bus: No such file or directory >> Failed to set locale, defaulting to C >> Package dnf-1.1.10-6.fc25.noarch is already installed, skipping. >> Package dnf-plugins-core-0.1.21-5.fc25.noarch is already installed, skipping. >> Running in chroot, ignoring request. >> groupadd: GID '0' already exists >> make[1]: *** >> [/home/dingo/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:81: >> /home/dingo/qubes-builder/chr >> oot-fc25/home/user/.prepared_base] Error 1 >> make[1]: Leaving directory '/home/dingo/qubes-builder' >> make: *** [Makefile:221: vmm-xen-dom0] Error 1 >> [root@localhost qubes-builder]# > > Run the build as normal user (it will use sudo where really necessary). > still a struggle -> Building meta-packages (rpm_spec/qubes-vm-meta-packages.spec) for fc25 vm (logfile: build-logs/meta-packages-vm -fc25.log) --> Done: qubes-src/meta-packages/pkgs/fc25/noarch/qubes-repo-contrib-4.0.0-1.fc25.noarch.rpm qubes-src/meta-packages/pkgs/fc25/noarch/qubes-vm-dependencies-4.0.0-1.fc25.noarch.rpm qubes-src/meta-packages/pkgs/fc25/noarch/qubes-vm-recommended-4.0.0-1.fc25.noarch.rpm ln: failed to access 'pkgs/fc25/noarch/qubes-desktop-linux-common-3.2.0-1.fc25.noarch.rpm': No such file or direct ory ln: failed to access 'pkgs/fc25/noarch/qubes-menus-3.2.0-1.fc25.noarch.rpm': No such file or directory make[1]: *** [/home/dingo/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:166: update-repo-do] Error 1 make: *** [Makefile:294: template-local-fc25] Error 1 > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJZU4zxAAoJENuP0xzK19csp1wH/15aOLAcrJTwZjxoM5JzU0f8 > EtBaiaZSmP2IaXuBZuFk5hcKnBDuiAIA79C9LL8MCdb3eBWDobVWjwa2CQx/33bd > JH3XLDIDZBQUeRBcd2rELZmBcsfmwPNOng82HXh6DyjPtCHTpupUI2LP8DTy+vXF > CQ18TKfqV6/hR1wWrknCh3KaD9uSgkb9Xu3Px9fzj8xetnsPpKreaLXWirTQxEUq > 61VC0Jc9NI9L+lCVlV8UNrK9ymJ76mstw3LnXrBX9Uwa+2SsY0oYA6orpb6r1S95 > 0Neci+ckHxvNV3wDi4iC3uy0NV7AsujmwB2GkqzNuZ5PIPCr0/2zKB77/52n768= > =WL0+ > -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CAKYr3zyxum-u-YdJzkYPBYENJ5tK6Xak2FbfRPs0gsKGhj436w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0 built from git fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 28, 2017 at 06:53:30AM -0400, Outback Dingo wrote: > -> Installing core RPM packages... > /var/tmp/rpm-tmp.UBUWVQ: line 9: grep: command not found > /var/tmp/rpm-tmp.UBUWVQ: line 16: grep: command not found > Failed to connect to bus: No such file or directory > Failed to set locale, defaulting to C > Package dnf-1.1.10-6.fc25.noarch is already installed, skipping. > Package dnf-plugins-core-0.1.21-5.fc25.noarch is already installed, skipping. > Running in chroot, ignoring request. > groupadd: GID '0' already exists > make[1]: *** > [/home/dingo/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:81: > /home/dingo/qubes-builder/chr > oot-fc25/home/user/.prepared_base] Error 1 > make[1]: Leaving directory '/home/dingo/qubes-builder' > make: *** [Makefile:221: vmm-xen-dom0] Error 1 > [root@localhost qubes-builder]# Run the build as normal user (it will use sudo where really necessary). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZU4zxAAoJENuP0xzK19csp1wH/15aOLAcrJTwZjxoM5JzU0f8 EtBaiaZSmP2IaXuBZuFk5hcKnBDuiAIA79C9LL8MCdb3eBWDobVWjwa2CQx/33bd JH3XLDIDZBQUeRBcd2rELZmBcsfmwPNOng82HXh6DyjPtCHTpupUI2LP8DTy+vXF CQ18TKfqV6/hR1wWrknCh3KaD9uSgkb9Xu3Px9fzj8xetnsPpKreaLXWirTQxEUq 61VC0Jc9NI9L+lCVlV8UNrK9ymJ76mstw3LnXrBX9Uwa+2SsY0oYA6orpb6r1S95 0Neci+ckHxvNV3wDi4iC3uy0NV7AsujmwB2GkqzNuZ5PIPCr0/2zKB77/52n768= =WL0+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170628110313.GP1268%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Qubes 4.0 built from git fails
-> Installing core RPM packages... /var/tmp/rpm-tmp.UBUWVQ: line 9: grep: command not found /var/tmp/rpm-tmp.UBUWVQ: line 16: grep: command not found Failed to connect to bus: No such file or directory Failed to set locale, defaulting to C Package dnf-1.1.10-6.fc25.noarch is already installed, skipping. Package dnf-plugins-core-0.1.21-5.fc25.noarch is already installed, skipping. Running in chroot, ignoring request. groupadd: GID '0' already exists make[1]: *** [/home/dingo/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:81: /home/dingo/qubes-builder/chr oot-fc25/home/user/.prepared_base] Error 1 make[1]: Leaving directory '/home/dingo/qubes-builder' make: *** [Makefile:221: vmm-xen-dom0] Error 1 [root@localhost qubes-builder]# -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CAKYr3zwOM77mW8HNZtmTVsEeo14rNB-RBMdX3KuipBkKG2X%3DcA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: [GSoC] Progress report: Anti Evil Maid enhancements
(For some reason your reply doesn't show up in mailing list, so replying with it quoted below) On 06/27/2017 02:38 PM, Rusty Bird wrote:> Andrew Morgan: >> On 06/26/2017 08:28 AM, Rusty Bird wrote: >>> Hi Patrik, >>> I've read some more about Intel TXT and tboot... and it seems that cold boot attacks could be ruled out as any abrupt shutdown will trigger a secure RAM scrub (via BIOS ACM, a different thing from the SINIT ACM module). However, I'm not 100% sure whether whole RAM gets wiped or just the TXT-related bits -- couldn't find that explicitly stated in neither TXT nor tboot docs. :-\ And since the BIOS ACM is a binary blob, the only way to find out will be to actually perform a cold boot attack... >>> >>> Yes, it would be interesting to test this on e.g. a popular ThinkPad >>> with 16 GB RAM. There are some bootable memory scrapers [1] if anyone >>> doesn't know what to do with all their liquid nitrogen... > >> I have a Thinkpad T540p with 16GB of RAM. Let me know if you need any >> testing done :) > > Whoa, really? That would be cool! No pun inte-- oh, who am I kidding. > > On video, it looks like the T540p has one RAM module sort of on top of > another, covering half of the lower module. Do you think there's still > enough vertical space between them to cool down the whole lower > module? If not, could it fracture from thermal stress? (And how > annoyed would you be if "something like that" happened...) > > Rusty > Heh, I need to stop replying to emails in the wee hours of the morning... Thought you just needed a script tested or whatnot. That being said, while it is my main work laptop, t if all that happened was the RAM cracked it wouldn't be too expensive to replace. Anything else would be bad though, since I'm doing my own GSoC project on here :P What may be tricky is what to do after the DRAM contents have been frozen. Does one just plug it in to a running Desktop system and execute some software to scan the contents? Laptop RAM wouldn't fit in a normal desktop, so I'd need to get an adapter or use another compatible laptop (may have one). This article states that cold boot attacks against DDR3 systems are much less feasible than DDR1/2. Would it even work if we tried? https://darkwebnews.com/security-guide/cold-boot-attacks-unencrypted-ram -extraction/ Open to ideas :) Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oivm9b%24hhb%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature