[qubes-devel] [Fwd: Issue #3553: Debian based UpdateVM does not support --action=list or reinstall]
[No responses from qubes-users, trying here next!] https://github.com/QubesOS/qubes-issues/issues/3553 Like the title says, Debian based UpdateVM does not support --action=list or reinstall. Error message says: ERROR: yum version installed in VM host does not suppport --downloadonly option ERROR: only 'install' and 'upgrade' actions supported (list not) It's easy enough to come up with a work-around for reinstall, but what would be the work-around for the following? sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable --action=list kernel-qubes-vm Apologies if this is answered somewhere else; could not locate it. Ideally the command/work-around would be available from dom0 without the user having to figure out what UpdateVM he happens to be using. Suggestions? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/4dcb9cc894feca30a9a51168b6c4e1c8.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Port Forward using iptables broken?
Sent from my mobile phone. > On 10 Feb 2018, at 03:44, joevio...@gmail.com wrote: > >> On Friday, 9 February 2018 03:44:13 UTC-5, awokd wrote: >>> On Fri, February 9, 2018 7:33 am, bowabos wrote: On Friday, 9 February 2018 06:50:05 UTC, joev...@gmail.com wrote: Fedora templates have a weird issue where the packet counter on the sys-net nat FORWARD chain does not increment. The PREROUTING chain does increment. >> >> I saw this too when trying to follow the port forwarding example in >> https://www.qubes-os.org/doc/firewall/ . Mentioned it on qubes-users. >> @adubois is researching as well. > > https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b > Try this Portfwd script. It was modified to work with new fedora templates > using nft. > > Created an updated version for Qubes 4.0 (RC4 tested) > Portfwd.sh| clear all > > Command line specify the "VM, Port and Protocol"... or just "VM clear all" to > undo previous. > Script will recursively configure iptables/nft for all proxyVMs in use. > Now uses comments on iptables to remove previous entries (no duplicates) > > Works with Fedora 25/26 which uses nft rules along with iptables > Works with Debian 8/9 too Thanks. I may have a look later. I will first validate that it does not work as well with vanilla Fedora 26. > > -- > You received this message because you are subscribed to a topic in the Google > Groups "qubes-devel" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-devel/0ixnn8G5dAg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-devel+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-devel@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-devel/8a0d97ad-843e-4a44-ae07-86885ad396d1%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/EB6C6EA7-3395-4D52-AFF8-62A4ED98D0D4%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Port Forward using iptables broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Feb 09, 2018 at 04:12:57PM -0800, joevio...@gmail.com wrote: > On Friday, 9 February 2018 19:02:09 UTC-5, Alex Dubois wrote: > > On Friday, 9 February 2018 23:59:52 UTC, Alex Dubois wrote: > > > On Friday, 9 February 2018 16:36:14 UTC, joev...@gmail.com wrote: > > > > Yes, thanks for pointing out the typos. They are only mistakes in this > > > > post. I use a script running in dom0 to generate pretty much > > > > everything. The same script works when debian-8 is used. The > > > > interface is different depending on the template > > > > > > I confirm I have the same issue. > > > Please however note that I have another PCI NIC connected to an AppVM (My > > > qubes also act as a firewall for home network) and we have no issue > > > connecting outbound. > > > Outbound connection as you know do not need the PRE-ROUTING rules, so > > > also the problem is seen on the FORWARD rule, I suspect more the > > > PRE-ROUTING rule is at fault and does not do its job. > > > I'll try to dig into this, however I won't have much time this week... > > > > Also, could you clarify if you've tested on FirewallVM and if here again > > Debian is OK and Fedora not. This might rule out issues with physical cards > > (which I suspect is not the problem as PRE-ROUTING does get the packet). > > Yes, if the template on sys-net is changed to Debian-8, but sys-firewall > (FirewallVM) is left with fedora... sys-net does send the packet to > sys-firewall, which then appears the same way... PREROUTING sees it, but > FORWARD does not. An idea: Debian don't have nftables installed by default, so qubes-firewal fallback to iptables. But not on Fedora - there nftables is used. This applies to both sys-net and sys-firewall. A quick test: 1. List rules: nft list table ip qubes-firewall 2. Add rule accepting traffic from eth0: nft add rule ip qubes-firewall forward meta iifname eth0 accept - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlp+rHcACgkQ24/THMrX 1ywR9gf/RJFy4TVihhweEh7ZqpwKTTD/JNgYCrl2nelvRwxl8awlqL/sxBBTGo39 byprAaL/Oe+6L4aX3d/tfbmpuJ7plHIJvm9PIxQ4SVj46iEcMRJIm1xQCjV8YtFu bvAna5vrisuUuaEo/Kx1a7ee4gJTjHNUtTgA8N2ar+oL/csG2Vlz38zCVjAD8isf HoCn8H35V4zvJoVXNuFTpSBplIlxa4ouryBWT9GQktBnZ1OPqdeiKotgFX2N5sJc z01XQQ83HWJ+1/x+iGI9OoGidBKHI+izjSNhlyO70SW/9L1Xg+2NkaetJcO1VLHI TaegOvEhZkvw2X6DVeeG5fGk1nYKXQ== =evy9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180210002528.GT2070%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] [Fwd: Issue #3553: Debian based UpdateVM does not support --action=list or reinstall]
On 02/10/2018 06:56 AM, 'awokd' via qubes-devel wrote: [No responses from qubes-users, trying here next!] https://github.com/QubesOS/qubes-issues/issues/3553 Like the title says, Debian based UpdateVM does not support --action=list or reinstall. Error message says: ERROR: yum version installed in VM host does not suppport --downloadonly option ERROR: only 'install' and 'upgrade' actions supported (list not) It's easy enough to come up with a work-around for reinstall, but what would be the work-around for the following? sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable --action=list kernel-qubes-vm Apologies if this is answered somewhere else; could not locate it. Ideally the command/work-around would be available from dom0 without the user having to figure out what UpdateVM he happens to be using. Suggestions? Debian doesn't have the required toolset for full rpm support, so I think the only answer is for the user to keep a Fedora-based VM on hand if they wish to do anything more with packages in dom0 than simple updates. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/d1f1f8cf-d970-518a-4fe5-45fc97a256d6%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Port Forward using iptables broken?
Using socat (great for tcp only connections) https://gist.github.com/Joeviocoe/90ec9fd9a0769b4671a8ae9c87584187 If udp is needed https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/02189988-bfcf-493e-9814-b9e4a23d9bbb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Error: failed to synchronize cache for repo ..." when using Fedora-26 as sys-net
https://github.com/QubesOS/qubes-issues/issues/3557 Related to: https://github.com/QubesOS/qubes-issues/issues/3135 Root cause: When changing TO fedora-26, the qubes-updates-proxy service fails to start on boot. A manual start of the service fixes the issue. A reboot seems needed to have it start on boot. Not a problem since sys-net changing templates is rare. I just didn't assume a reboot or manual service start would be needed. No problem going FROM fedora-26 to another template, as the service starts properly on first run. Solution: running 'systemctl restart qubes-updates-proxy' in sys-net -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ad175686-4436-4a52-853c-ec1de7b1d4c7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] [Fwd: Issue #3553: Debian based UpdateVM does not support --action=list or reinstall]
On Sun, February 11, 2018 2:41 am, Chris Laprise wrote: >> Ideally the command/work-around would be available from dom0 without >> the user having to figure out what UpdateVM he happens to be using. >> Suggestions? >> > > Debian doesn't have the required toolset for full rpm support, so I > think the only answer is for the user to keep a Fedora-based VM on hand if > they wish to do anything more with packages in dom0 than simple updates. Any kind of clever hack like qvm-run $updatevm apt list that would accomplish the same thing? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/d3e89983f345862c21b3baea51ca3246.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Display blank / won't refresh image after suspend/resume
[No responses from qubes-users, trying here next!] https://github.com/QubesOS/qubes-issues/issues/3558 In RC4.0... After suspend/resume Any monitors that were inverted or rotated, will be black. The mouse does move across the screen... but no objects move on this screen. Refreshing the configurations by toggling to another terminal (ctrl-alt-f2) then back again (ctrl-alt-f1), or changing the resolution/position of screens in xrandr/arandr/etc/... will restore the last known image on the affected monitors. Reconfiguring the affected screen to remove invert/rotate settings does restore the image refreshing ability. The monitors behave normal, but I need them inverted. Logging off or restarting X server does not fix the issue. A reboot is needed to restore the desired behavior of having a working and inverted screen. Very problematic as I do need to suspend resume a lot. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/863c3029-b1f5-4b33-a8d1-675ff0c4a806%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Display blank / won't refresh image after suspend/resume
On 02/11/18 06:36, joevio...@gmail.com wrote: [No responses from qubes-users, trying here next!] https://github.com/QubesOS/qubes-issues/issues/3558 In RC4.0... After suspend/resume Any monitors that were inverted or rotated, will be black. The mouse does move across the screen... but no objects move on this screen. Refreshing the configurations by toggling to another terminal (ctrl-alt-f2) then back again (ctrl-alt-f1), or changing the resolution/position of screens in xrandr/arandr/etc/... will restore the last known image on the affected monitors. Reconfiguring the affected screen to remove invert/rotate settings does restore the image refreshing ability. The monitors behave normal, but I need them inverted. Logging off or restarting X server does not fix the issue. A reboot is needed to restore the desired behavior of having a working and inverted screen. Very problematic as I do need to suspend resume a lot. Before suspending, have you tried turning off your secondary display(s) (xrandr --output dispname --off) and un-rotating your primary display (ie. getting back to a "clean" state) ? That's what I used to have to do with my laptop docked: in that case I'd use only my secondary larger monitor with the laptop's display turned off and without turning on the primary display before suspending both displays would stay off after resuming and I would have to type my xscreensaver password and issue xrandr commands blindingly to turn on one of the displays. Note that I write "used to": a kernel update fixed the problem (some weeks or months ago - can't remember) - both displays are now turned on after resume. So the issue was likely not specific to Qubes. Hope this helps. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/47540b65-81bc-b21f-1dc1-54b373c3fe39%40maa.bz. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Display blank / won't refresh image after suspend/resume
On Sunday, February 11, 2018 at 5:36:12 AM UTC+1, joev...@gmail.com wrote: > [No responses from qubes-users, trying here next!] > > https://github.com/QubesOS/qubes-issues/issues/3558 > > In RC4.0... After suspend/resume > Any monitors that were inverted or rotated, will be black. > > The mouse does move across the screen... but no objects move on this screen. > Refreshing the configurations by toggling to another terminal (ctrl-alt-f2) > then back again (ctrl-alt-f1), or changing the resolution/position of screens > in xrandr/arandr/etc/... will restore the last known image on the affected > monitors. > > Reconfiguring the affected screen to remove invert/rotate settings does > restore the image refreshing ability. The monitors behave normal, but I need > them inverted. > > Logging off or restarting X server does not fix the issue. > A reboot is needed to restore the desired behavior of having a working and > inverted screen. > > Very problematic as I do need to suspend resume a lot. Did you try restart LightDM in TTY2 terminal? As I understand it, it's a layer below the x-server because LightDM will start/stop the x-server whenever it's starting or stopping. You probably can't fix this issue which seems heavily XFCE4 related, by just restarting the x-server. You most likely need to go deeper, and restart the LightDM. Plenty of guides on the internet on how to do that btw, in case you need an approach. It's not uncommon for XFCE4 to loose configuration files. Hard reset can for example mess-up the Whisker-menu XFCE4-panel plugin configuration files. Updates to the packages can cause old custom settings not to be loaded. And probably suspend/hibernate too. Also it may be driver related, if some people can't reproduce your issue, then it's likely driver/hardware related issue, and perhaps blacklisting hardware so that a driver is unplugged before suspend/hibernate, and then automatically brought back after suspend/hibernate, may very well fix issues. But you need to know which driver that is causing the issue. If its driver related, which it may very well be, then it can be as simple as changing your kernel version, or even xen version. If older versions do not work, then you may need to wait for a newer version. It's my understanding possible that sometimes other code can trigger driver bugs, which were otherwise dormant. So it may not entirely be driver related, however, it does look like it's XFCE4/driver related. Maybe it's the graphic/screen driver. I'm not sure if a blacklist before/after suspend/hibernate of a graphic driver is feasible, but it may be another clue you could try look further into. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/9138463c-532f-4161-b25d-34efe26388ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
