Re: [qubes-devel] Why no arm64 support?
On Wed, Nov 02, 2022 at 10:44:11AM +0100, Michal Suchánek wrote: > why is Qubes limited to x86? [...] > arm64 on the other hand does have Xen port already. a.) because this is a rather recent thing and > So is tehre anything actually blocking running Qubes on non-x86? b.) someone (tm) has to do the work. (adding support, testing it, fixing issues. also this needs hardware.) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Where will your kids go when they become climate refugees? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/Y25oYFOClQbvVcdW%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] qubes-mirage-firewall template
On Wed, Aug 31, 2022 at 06:02:23PM -0400, Demi Marie Obenour wrote: > I hope so too, and I would like it to become fast enough to be the > default. I have the same concern. On slow computers (eg x230) it's not only slow but might also be using one cpu 100% -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ These heat waves aren’t tragedies, they’re crimes. The fossil fuel industry knew decades ago that this is what their pollution was causing, so they spent billions to lie to the public and block climate action. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YxCR1bJrtN%2BCvmzq%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] Why code review is hard
On Sun, Feb 13, 2022 at 11:52:53AM +0100, David Hobach wrote: > I never stated it is. It was just a general comment on code review and > bash in specific - especially since I'm aware that Qubes has a lot of > bash in sometimes security relevant places (qubes-dom0-update, qubes-rpc, > ...). ah, makes sense now, thanks. > > where did you report it? > At bug-bash, but they bashed me [1]. ^^ heh. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ All data, over time, approaches deleted, or public. (@quinnnorton) -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YgjlqjeJf752yy9k%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] Why code review is hard
On Sat, Feb 12, 2022 at 01:03:35PM +0100, David Hobach wrote: > just stumbled across it and was wondering what a reviewer would expect from > this code to do: [...] > At least on my amchine it executes "badCode" in both domU and dom0. I might miss where you stumbled upon this, but how is this related to qubes? (and why should this code run differently in domU and dom0?) > I guess it's a bash bug and reported it accordingly, but anyway... where did you report it? -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The system isn't broken. It was built this way. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YgjJ9PS0416EtHNc%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] systemd rescue mode vs qubes root account locked
On Tue, Feb 08, 2022 at 03:29:04AM +0100, Marek Marczykowski-Górecki wrote: > Generally, booting the installer is more reliable in some cases, since > it doesn't rely on dom0 being in any usable state. right. > But since that may be > inconvenient at times, you can get shell in initramfs using 'rd.break' > on the kernel cmdline. oh, I didn't know about that feature from dracut, thank you! do you think this should be mentioned in qubes-doc? -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ If secure encryption is outlawed, only criminals will have it. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YgKaayETnTFBAuah%40layer-acht.org. signature.asc Description: PGP signature
[qubes-devel] systemd rescue mode vs qubes root account locked
hi, recently I had some hw issues which I needed to debug so I tried booting with systemd rescue mode (by appending systemd.unit=rescue.target to the kernel cmdline) but that failed because the root account is locked on Qubes. So I'm wondering what is the recommended resuce mode for Qubes? booting the installer in rescue mode or setting a root password or??? -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ This is the year of gpg on the desktop! (Gunnar Wolf) -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YgG1oLS7L95Ndtlp%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-users] Re: [qubes-devel] QubesOS weekly builds
On Wed, Mar 31, 2021 at 10:13:49AM +0200, Frédéric Pierret wrote: > > I guess you have ran diffoscope on two builds, how is the result? Do you > > already have this in CI too? (this is for testing for reproducible > > builds...) > Not yet but I've discussed few days ago with Marek on how to do the build > integration > in order to reproduce the ISO. I'm finishing few Fedora related reproducible > things > then I guess I would do this, depending on what Marek has in mind for the > schedule. :) cool! I'm looking forward to see the diff between an ISO build on Debian and Fedora :) Though of course the first stepp will be diffing two builds on the same system... > Additionally, I've added few days ago the automatic openQA trigger for each > ISO I build: https://openqa.qubes-os.org/group_overview/1. It's jobs > corresponding to "BUILD20XXYYZZ-4.1" where in the settings, for example this > one: https://openqa.qubes-os.org/tests/16829#settings, it downloads from my > hosting repository the built ISO. very nice! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C ⠈⠳⣄ No future. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20210331082226.GB20251%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] QubesOS weekly builds
Hi Frédéric, On Sun, Mar 21, 2021 at 11:33:05PM +0100, Frédéric Pierret wrote: > Due to recent troubles with kernels 5.4.X and 5.10.X, I've decided to add > again to this weekly pipeline, the build of a fresh Qubes R4.1 ISO. I don't > build any package or any template. It uses only Qubes OS repositories. yay, that's very nice and useful! thank you! > Please note that, contrary to my first attempt, I don't include kernel-latest > kernels. So do they have 5.4.x or 5.10.x? > The ISOs are signed by "fepitre-bot" > 1C8714D640F30457EC953050656946BA873DDEC1. nice! > That said, the ISO(s) can be found on my self hosted server: > https://qubes.notset.fr/iso/. I'll give them a try in the next days on some new hardware which doesn't work with the iso from December but should be working now... I guess you have ran diffoscope on two builds, how is the result? Do you already have this in CI too? (this is for testing for reproducible builds...) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C ⠈⠳⣄ People call vaccine mandates "Orwellian" even though Orwell died at 46 of tuberculosis, which is now preventable with a vaccine. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20210330222919.GA11474%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] Signed repository metadata and untrusted templates
On Mon, Jul 27, 2020 at 04:04:07AM +0200, Marek Marczykowski-Górecki wrote: > > If I recall correctly, they use signatures on *source* packages, > > but not on *binary* packages. > Yes. And those formats are completely different. well. technically, signed .changes files are uploaded, these .changes files include checksums of source package or binary package files. usually, developers upload .changes files containing source package file hashes and then build daemons upload .changes files containing binary package file hashes. however: - those changes files are only sent to mailing lists and are not easily accessable anywhere. - gpg keys expire - gpg keys of buildds are not easily accessable. The gpg keys of current people allowed to upload packages are available in the debian-archive keyring package. (And then there's dak, the Debian Archive Kit, which is running on ftpmaster.debian.org and which produces the Packages files, which are unsigned, and the Releases files, which are signed and contain hashes of the Packages files (which contain hashes of the packages). And then we hope that noone breaks into ftpmaster and modifies things there and if someone did, we hope we will notice. Which we probably will, so an attacker better modifies things back into previous state after doing the attack.) In theory there are also the debsigs and debsig-verify packages which allow embedding signatures into packages, but noone is using those. I hope apt-transport-in-toto will be usable for a Debian installation one day. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200727140555.GA14619%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] Re: [qubes-project] RFC Offline Documentation
On Fri, May 29, 2020 at 09:33:24AM +, tetrahedra via qubes-devel wrote: > I find the markdown files are human-readable enough for troubleshooting > purposes that I can just read them with vim. same here. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200529104857.GC10638%40layer-acht.org. signature.asc Description: PGP signature
[qubes-devel] Re: DNF for Debian
hi Mihai, On Fri, May 29, 2020 at 12:17:13PM +0200, Mihai Moldovan wrote: > Sorry for the late response. I've been busy, and, honestly, also always forgot > to actually answer. thanks for your reply & don't worry, this happens often & to many people, me included. > unman seems to be interested, if that's good enough, so there's that. that is good enough if not much better than that. > > all very very nice! It would be a pity to have this rot, but then, without > > maintenance it will anyway eventually... > > Personally, I will have to "maintain" the package sets anyway, because I'm > building a lot of Fedora/CentOS packages in an automatic fashion on Debian. > > This "maintenance" just means that I'll probably update stuff every half a > year > or year, though, essentially "whenever it breaks" (which does tend to happen). [...] > As given in the initial description, I've published source and binary packages > for Debian Unstable/Sid at https://packages.x2go.org/debian-test/pool/main/ > > Note that the binaries are a bit old by now and would probably like a rebuild, > but the source is still the one I'm also using on my package builder. > > Also, the packages became a bit stale version wise (after all, they are 9 > month > old by now) and some included patches have already been applied upstream. I > haven't tried updating (and testing any updates) yet, though, and probably > won't > come to that shortly either. the important part is whether we'll get these packages ready and up to date until end of 2020 *and* whether we can commit to maintain important fixes after that. end of 2020 because of "key release dates" on https://release.debian.org/ it's ok(ish) if the stuff is outdated today, but in 6 month it really should be current. (and then after the release we can slack a bit again, though usually it's less effort to always package and upload the latest version.) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200529104302.GB10638%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] Re: DNF for Debian
Hi unman, On Sun, May 03, 2020 at 05:07:14PM +0100, unman wrote: > I'd be happy to take on maintenance of this package, and may be anything > else that's Qubes required but seems to be lapsing in Debian. cool. I'll be happy to review & sponsor these uploads to Debian! > Also, I wonder if there would be value in getting Qubes packages in to > Debian, so they can be installed straight in to HVM - I seem to recall > this was raised some time back, but dont recall outcome. Waste of time? I gave up working on https://wiki.debian.org/Qubes/Devel as I believe dom0 should use something more tailored and shrinked down system then both Debian and Fedora are and because the Qubes and Debian release cycles don't match at all, thus one will probably always need a Qubes apt repo too. I'm not sure to which packages / use-case you are refering to. Can you explain again, please? -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C There are only two kinds of nazis: stupid ones and those without an excuse. (Volker Strübing) -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200526132845.GA19326%40layer-acht.org. signature.asc Description: PGP signature
[qubes-devel] Re: DNF for Debian
Hi Mihai, On Fri, Sep 13, 2019 at 05:36:55PM +0200, Mihai Moldovan wrote: > I've packaged DNF cool! > for Debian and would like to find someone to take over these > packages and maintain them as part of the distribution. > > I'm not a DD and while I believe the packages to be of reasonable if not high > quality, I already have enough on my plate and know that I will not be able to > properly maintain them, keep up with upstream releases etc. > Point in case: while I did the original packaging more than a year, I only > updated this set of packages recently when they actually broke with newer > Fedora > releases (i.e., they were too old to create newer Fedora changeroots when used > by mock). hm, I'd be willing to sponsor and mentor those uploads, but I cannot commit to maintaining them as well. Is there anybody out there who would? > == What is DNF? == [...] > == Why does Debian need DNF? == [...] > == Prerequisites == [...] > == Package List == [...] > == Repository == [...] all very very nice! It would be a pity to have this rot, but then, without maintenance it will anyway eventually... -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200503120340.GA9438%40layer-acht.org. signature.asc Description: PGP signature
Re: [qubes-devel] New page with packages status
On Wed, Mar 20, 2019 at 01:57:47AM +0100, Marek Marczykowski-Górecki wrote: > https://ftp.qubes-os.org/~qubesosbot/status.html > It's updated daily. very nice, thank you! :) -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20190331201625.dm6vl3yhxd54vi5w%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] More regular point releases schedule?
On Wed, Feb 06, 2019 at 05:54:29PM +0100, Marek Marczykowski-Górecki wrote: > It may be a good idea to introduce regular schedule for stable [point > releases[1]. It would minimize the need to download a lot of updates > just after installation. This is even more significant, if some updates > may require non-standard update procedure (like installing new template > versions). Such releases should also be coordinated with relevant > templates maintainers. good idea! > I'm not sure what such schedule should look like, every 3 months? 6 months? start slow, with 6 months, and increase the frequence if deemed useful? -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20190206165848.kw4q56hf2ee6pxwl%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] ANN: Fast incremental backups project
On Sun, Dec 23, 2018 at 02:48:55AM +0100, Marek Marczykowski-Górecki wrote: > Also note that we'd like to have at least some level of hiding metadata > - like VM names (leaked through file names). I think it would be nice if this was an optional feature (on by default), as I find it super inconvinient to find a certain backed up qube (and I dont care that much about hiding this metadata most of the time.) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20181223124533.6cktjkbnnafpqscw%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] My farewell to Qubes OS!
Dear Joanna, On Thu, Oct 25, 2018 at 12:21:44PM +0200, Joanna Rutkowska wrote: > It's been nearly 9 years[*] since I sent the first internal email > within ITL to Rafał Wojtczuk and Alex Tereshkin with the original idea > for making Qubes OS. Shortly after this, we started drafting the > original architecture and writing some early PoC code... Thank you very much for all your work on Qubes, it's an amazing project you've created and worked on for so long! I'm also very glad you plan to stay around as an advisor and user! :) I wish you lots of fun and interesting work at the Golem Project! Can't wait to see Qubes Air take off ;) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20181025103826.iaqvrvgrw7r5jjws%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-devel] Re: [qubes-users] Whonix support ending for Qubes 3.2
On Fri, Oct 05, 2018 at 10:26:18PM -0500, Andrew David Wong wrote: > the Qubes OS > Project will continue to support Qubes 3.2 as planned until 2019-03-28. [6] thank you, Qubes OS! > [...] Users who decide to continue using Whonix on Qubes 3.2 do so > at their own risk. this has been the case always anyway, so meh. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20181006104706.xuiciv7ipvaotd3g%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Whonix version support policy
On Thu, Sep 13, 2018 at 09:00:40PM -0500, Andrew David Wong wrote: > * One month after a new stable version of Qubes OS is released, Whonix >TemplateVMs will no longer be supported on any older version of Qubes >OS. I'm quite disappointed by this. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180914104120.ozmopzwrjhltkq2c%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Qubes 3.2.1 ISO size
On Thu, Sep 13, 2018 at 12:58:20AM +0200, Marek Marczykowski-Górecki wrote: > The alternative would be releasing Qubes 3.2.1 as is, adding a note that > single-layer DVD is not enough for installation. Since this release is > looong overdue, I tend to this option, but want to hear opinions of > others first. I too think this is fine, most people use usbsticks anyway. (And those few who like an read-only media will have to either use 3.0 or 4.0 images...) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180913085716.sht5wdqji2p24uwo%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Fedora 26 and Debian 8 approaching EOL
On Thu, May 24, 2018 at 07:29:18PM -0500, Andrew David Wong wrote: > Thank you for the correction. I've updated the announcement on the > website to clarify this: > https://github.com/QubesOS/qubes-posts/commit/3db9a35e297b3defa0863f8ab02ebd56e8384053 thank you, looks good! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180525084649.v3qeix2bsaoinhug%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Fedora 26 and Debian 8 approaching EOL
On Wed, May 23, 2018 at 08:21:12PM -0500, Andrew David Wong wrote: > Fedora 26 will reach EOL ([end-of-life]) on 2018-06-01, and Debian 8 > (["Jessie" full, not LTS][debian-releases]) will reach EOL on > 2018-06-06. We strongly recommend that all Qubes users upgrade their > Fedora 26 and Debian 8 TemplateVMs and StandaloneVMs to Fedora 27 and > Debian 9 or higher, respectively, by these EOL dates. I'm not sure why you suggest^wstrongly recommend to upgrade from Debian 8 to 9. "Suggest" I would understand, but Debian 8 will be supported for another 2 years via LTS. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180524091854.ydlin2mvv77qeb2r%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] PSA: keep your code signing keys inaccessible to email clients
On Mon, May 14, 2018 at 11:30:09AM -0400, Jean-Philippe Ouellet wrote: > On Mon, May 14, 2018 at 11:26 AM, Holger Levsen wrote: > > On Mon, May 14, 2018 at 11:20:29AM -0400, Jean-Philippe Ouellet wrote: > >> The immediate impact on Qubes developers is that one should use > >> separate keys… > > > > or simple use an email client which cannot display html and doesnt > > active elements and reloading stuff from the internet. there are plenty > > of those good old email clients :) > > I agree with your recommendation, but consider it orthogonal. > > I would not be one bit surprised if there's some memory corruption > lurking somewhere in mutt, so I think separating email and signing is > a good idea regardless. I agree. (and should have used "and" instead of "or" as my first word in the previous reply.) And this is even nicely documented, see qubes-doc/security/split-gpg.md and "Advanced: Using Split GPG with Subkeys" there. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180514153705.rkehtynbejav2lpo%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] PSA: keep your code signing keys inaccessible to email clients
On Mon, May 14, 2018 at 11:20:29AM -0400, Jean-Philippe Ouellet wrote: > The immediate impact on Qubes developers is that one should use > separate keys… or simple use an email client which cannot display html and doesnt active elements and reloading stuff from the internet. there are plenty of those good old email clients :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180514152603.areatj5a4g4ppfky%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] problems when upgrading to qubes-core-agent_3.2.25-1+deb9u1
On Mon, Mar 12, 2018 at 08:43:47PM +0100, Marek Marczykowski-Górecki wrote: > Hmm, indeed something is not right. But since the removal failed, it > should be safe... "should"... > What was your previous qubes-core-agent package version? 3.2.22-1+deb9u1 > > and the missing dconf commands feels like a missing depends... > Should be ok - means you don't need any gnome stuff the configuration is > shipped for. dconf should be called automatically as soon as you install > anything using it. then why not use if [ -x /usr/bin/dconf ] ; then $use-dconf fi ? :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180312201327.zermcsjthiqpn5my%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-devel] problems when upgrading to qubes-core-agent_3.2.25-1+deb9u1
hi, I just upgraded my 3.2 installation and on Debian 9 templates I saw this: Preparing to unpack .../qubes-core-agent_3.2.25-1+deb9u1_amd64.deb ... Unpacking qubes-core-agent (3.2.25-1+deb9u1) over (3.2.22-1+deb9u1) ... dpkg: warning: unable to delete old directory '/var/run/qubes': Directory not empty dpkg: warning: unable to delete old directory '/rw': Device or resource busy dpkg: warning: unable to delete old directory '/home_volatile/user': Directory not empty dpkg: warning: unable to delete old directory '/home_volatile': Directory not empty Setting up qubes-core-agent (3.2.25-1+deb9u1) ... Installing new version of config file /etc/qubes-rpc/qubes.GetImageRGBA ... Installing new version of config file /etc/qubes-suspend-module-blacklist ... Removed /etc/systemd/system/multi-user.target.wants/haveged.service. Created symlink /etc/systemd/system/multi-user.target.wants/haveged.service → /etc/systemd/system/haveged.service. Leaving 'diversion of /etc/init/plymouth-shutdown.conf to /etc/init/plymouth-shutdown.conf.qubes-disabled by qubes-core-agent' Leaving 'diversion of /etc/init/prefdm.conf to /etc/init/prefdm.conf.qubes-disabled by qubes-core-agent' Leaving 'diversion of /etc/init/splash-manager.conf to /etc/init/splash-manager.conf.qubes-disabled by qubes-core-agent' Leaving 'diversion of /etc/init/start-ttys.conf to /etc/init/start-ttys.conf.qubes-disabled by qubes-core-agent' Leaving 'diversion of /etc/init/tty.conf to /etc/init/tty.conf.qubes-disabled by qubes-core-agent' Leaving 'diversion of /etc/init/serial.conf to /etc/init/serial.conf.qubes-orig by qubes-core-agent' /var/lib/dpkg/info/qubes-core-agent.postinst: line 192: dconf: command not found the attempted removal of those directories seems bad (how bad is it, can I reboot?) and the missing dconf commands feels like a missing depends... -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180312192557.2dnet2byww5vcvgd%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Re: Qubes OS 4.0-rc3 has been released!
On Wed, Jan 24, 2018 at 04:29:14PM +0100, Marek Marczykowski-Górecki wrote: > On Wed, Jan 24, 2018 at 06:35:15AM -0800, joeh9...@gmail.com wrote: > > Hi, this is in no way meant to appear impatience but I'm going to install > > Qubes OS on my new laptop (Lenovo P71) and am just wondering whether it's > > worthwhile to install 4RC3, or wait for 4.0 to come out. > > Any idea on when we can expect it? > > If it's months, I think I'd rather install 4RC3 first, if it's quite soon > > I'd rather wait. > We hope that upcoming rc4 will be the final one. And rc4 is almost ready > - like this or next week. and so far upgrading from rc3 to rc4/final is supported and it looks like it will stay that way. so it *should* be safe to install rc3 now and then upgrade... -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180124165334.jjtmlrqnhphtf2ax%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Qubes Air's usefulness
On Tue, Jan 23, 2018 at 02:47:30PM +0100, 'Tom Zander' via qubes-devel wrote: > On Tuesday, 23 January 2018 03:13:17 CET Kelly Dean wrote: > > If a user needs Qubes, that means he needs more security than a > > conventional OS gives. > I'd like to challange that assumption. me too. Qubes is great if you just want an OS to develop and tinker, without any security in mind. (disposable VMs and templates are sooo use- and powerful.) OTOH, Qubes is also great if you just want an OS to develop and tinker, with security in mind. :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180123140447.cmfbqeaevhft4hug%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] solved: gnome-terminal in disposable VMs closes prematurely
On Thu, Jan 18, 2018 at 03:16:26PM +0100, Marek Marczykowski-Górecki wrote: > Let me try (on f26): > $ sakura hmpf. I've only tried in on f25… (IOW: still using xterm in dom0 as less is more there.) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180118142634.jszfwykgpetry2py%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] solved: gnome-terminal in disposable VMs closes prematurely
On Thu, Jan 18, 2018 at 02:58:14PM +0100, 'Tom Zander' via qubes-devel wrote: > Thats rather unfortunate, I would suggest trying Konsole as an alternative, I found "sakura" to be much more lightweight and still supporting font-resizing with ctrl+(plus|minus) by default. It's also available on Fedora, Debian & whonix. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180118140220.5b5pinmnkbj43ukl%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Upgrade instructions for R3.2 and QSB37 patches
On Sun, Jan 14, 2018 at 04:28:49PM -0600, Andrew David Wong wrote: > I agree that: > > 1. We should keep our promise to support R3.2 for a full year after the >release of R4.0 stable. > > 2. We should not force R3.2 users to install an upgrade that may break >their stable installations. I kind of agree with these two, but then… a.) if 3.2 suddenly gets xen 4.8 I'm not sure it's really 3.2 anymore. I tend to think that Qubes 3.x with xen 4.8 should be called Qubes 3.3. b.) if fixing spectre and meltdown really needs xen 4.8 I'm not sure there is a point keeping 3.2 called "supported". I also don't think that Qubes can be blamed for this, as until now it was sufficient to keep the kernel up2date… also Qubes 3.3 would keep the promise "as far as possible" while making clear that there are more changes than usual. c.) continuing to support 3.2 with (such) known security issues is probably pointless... if that's the case I think this should be communicated clearly. > 3. We should not expect every Qubes user to be subscribed to the mailing >lists, website, or social media or regularly check them for >announcements. agreed. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180115110001.xu32nfm3qla6hogt%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Difference between PVH and PVHVM
On Mon, Dec 11, 2017 at 12:45:34PM -0500, Jean-Philippe Ouellet wrote: > Marmarek or HW42 could probably give you better answers, but the > following is my understanding: > > The terminology is admittedly somewhat confusing, especially since Xen > people no longer talk about a discrete set of virt modes but it's now > thought of as more of a "spectrum". > > Right now (R4-rc3) we are using a mode where memory management is > handled by hardware (SLAT), but QEMU is still involved in domain init > and provides device models for VMs which don't use PV drivers. The > goal in the future is to eliminate QEMU entirely, but this requires > kernel support which AFAIK deemed not mature enough the last time it > was evaluated for use in Qubes. Various names have been used for this > (and similar) virt mode at different points in time: > PVH/PVHv2/HVMlite/etc. You can find more info on the Xen wiki and in > various Xen developer summit presentation slides if you're so > inclined. > > The benefits to removing QEMU entirely are: > 1) reduced attack surface (both because you can't exploit qemu to > escalate privileges within the domain (relevant for VMs without > passwordless sudo), as well as eliminating the PV hypervisor interface > exposed to the *-dm domains) > 2) decreased per-vm memory footprint (right now each running domain > requires an additional ~140mb mem for its corresponding *-dm domain) > 3) lower CPU overhead (right now each *-dm domain takes ~10-15% CPU, > see #2849 [1], but even after fixing that there would still be some > overhead) > > Regards, > Jean-Philippe > > [1]: https://github.com/QubesOS/qubes-issues/issues/2849 is this a good enough write up to push this into qubes-doc.git so that it doesnt get lost? :-) +thanks for explaining, Jean-Philippe! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20171216105812.d76pytl7dtar5bao%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Re: Template's root volume partition table in Qubes 4.0 - dalaying rc2 one more week
On Mon, Oct 16, 2017 at 03:45:24PM +0200, Marek Marczykowski-Górecki wrote: > Given those two options, we've decided it's better to have cleaner > situation longterm (option 2) at the cost of less convenient rc stage, > than the other way around. After all, we'll need to support this for a > much longer time than we spend now at release candidates. Thumbs up & thank you! :-) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20171016153805.jdhcnnfdzzp2fnar%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-devel] Re: Qubes 3.2 Kernel 4.12
On Fri, Aug 25, 2017 at 09:16:07PM +0200, Marek Marczykowski-Górecki wrote: > I see a few options for this problem: > > 1. Use "unstable" repository for non-longterm kernels. We've done this > before, for 4.8 kernels. [...] Or create new repository specifically for > non-longterm kernels. I like 1b much better than 1 :) > 2. Have non-longterm kernels packaged with different package name than > "kernel" (and "kernel-qubes-vm").[...] works for me too. > 3. Terminate the policy of using only longterm support kernels. probably the least preferred option by me, unless you get a lot of help. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170826161850.GB25936%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Qubes Security Bulletin #32: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)
On Tue, Aug 15, 2017 at 04:05:27PM +0200, Marek Marczykowski-Górecki wrote: > Actually: > sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing q.e.d. & thanks! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170815144125.GA9791%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Qubes Security Bulletin #32: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)
Hi, first of all: thanks for this handling this update! On Tue, Aug 15, 2017 at 08:31:31AM -0500, Andrew David Wong wrote: > Patching > = [...] > The packages are to be installed in dom0 via the qubes-dom0-update command or > via the Qubes VM Manager. A system restart will be required afterwards. [...] > These packages will migrate to the current (stable) repository over the next > two weeks after being tested by the community. I think it would be good to include the *exact* commands here. The first quoted paragraphs seems to imply one can simply upgrade packages as usual, while the second quoted paragraphs implies that this doesnt work, but that one has to use some other, unspecified (here) repository (for the next two weeks). Please include those two commands needed instead, with the full options needed. So, "sudo qubes-dom0-update" for the first paragraph, and "sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing" for the 2nd… (IIRC!) Else people have to guess or simply wont know etc… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170815135959.GA7620%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Building security updates
On Wed, Jun 21, 2017 at 01:44:07AM +0200, Marek Marczykowski-Górecki wrote: > 1. Do nothing - have fixed packages delayed by about 1h in the worst > case. I think that's entirely fine, especially as this is a (time) limited "solution". (the issue will go away with reproducible builds…) Fixing this seems to be quite some work and result in a somewhat suboptimal solution too (bugs/glitches possible…), for a small gain, which will benefit very few people. (I'd dare to say that 99% of the users update later than in the first hour…) There are bigger fish to fry :-) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170621091817.GA20965%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Re: 3.2.1 should be released
On Mon, Jun 19, 2017 at 09:30:37AM +0200, Marek Marczykowski-Górecki wrote: > > > As for Qubes 3.2.1 - exactly as Reg said - it's blocked on 4.9 kernel > > > testing. > > does it not make sense to anyone else that at the least the testing > > image should also be released to get more eyes on it > Packages are in testing repository - just enable it and help us. I think it would be useful to send a dedicated short email, subject "please help testing 3.2.1 - howto included" and then indeed include the few steps needed to do so. currently that information is very well hidden… (and it doesnt help that there are several "testing" repositories…) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170619101122.GD1321%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Re: qubes-core-agent package split
On Tue, May 30, 2017 at 02:21:57AM +0200, Marek Marczykowski-Górecki wrote: > > > Package: qubes-core-agent-network > > > Package: qubes-core-agent-network-manager > > maybe qubes-core-agent-network_ing_(-support) and > > qubes-core-agent-network-manager? > Those names are long enough already, so no -support suffix. agreed. > But -networking IMO is ok. that be very fine with me. another option/idea: why "qubes-core-agent-$foo", there is not really an agent involved always, so maybe better and shorter eg "qubes-vm-networking"? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170530083859.GA30351%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Re: qubes-core-agent package split
On Mon, May 29, 2017 at 07:30:04AM +0200, Marek Marczykowski-Górecki wrote: > > > > While at it - is it better to name it qubes-nautilus or > > > > qubes-core-agent-nautilus? > > > > > > I think the latter is definitly better than the former, but maybe > > > rather qubes-vm-filemanager-support-(kde|gnome) ? > > Renamed to qubes-core-agent-nautilus. > > I've also renamed Fedora package to qubes-core-agent, so both Debian and > Fedora packages have the same name. yay! > > > maybe it's now time to update #2771 and put the above thoughts as a list > > > there? > > Added some of them there. > > Additional ideas: > - qubes-core-agent-network - all kind of network setup - not needed if >only offline VMs are used from such template >- include also updates proxy stuff (and dependency on tinyproxy for > this reason) > - qubes-core-agent-network-manager - mostly useful for NetVM (depends >on qubes-core-agent-network and NetworkManager) what's the diff between the two? > I've done some of it already in separate branch[1]. Interesting part > (new content in debian/control): > > Package: qubes-core-agent-nautilus > Package: qubes-core-agent-dom0-updates > Package: qubes-core-agent-network > Package: qubes-core-agent-network-manager ok, (looks good,) so the latter is only needed for sys-net(s), basically? maybe qubes-core-agent-network_ing_(-support) and qubes-core-agent-network-manager? or maybe I'm just overly pedantic here… :-) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170529234437.GA15554%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Re: qubes-core-agent package split
On Tue, May 23, 2017 at 01:51:24AM +0200, Marek Marczykowski-Górecki wrote: > > - qubes-core-agent-filemanager-support > You mean putting both dolphin and nautilus support files there? Should > this package depend on both? ah, no, absolutly not. I wasn't aware of dolphin… > I've already created qubes-nautilus[2], but not qubes-dolphin, because > nautilus support pulls quite a lot of dependencies (through > nautilus-python), dolphin support does not. Dolphin is only about adding > few files and may not depend on anything dolphin specific - when you > install dolphin, you'll have it. I definilty say those two should be splitted… but maybe not along those lines, but rather -kde or -gnome…? (Then it would also be more obvious to me that I want neither ;) > While at it - is it better to name it qubes-nautilus or > qubes-core-agent-nautilus? I think the latter is definitly better than the former, but maybe rather qubes-vm-filemanager-support-(kde|gnome) ? > > - qubes-core-agent-core > > - qubes-core-agent-x > What should be here? Note that we have qubes-gui-agent already. which also should be splitted further as there are gui VMs were I definitly do not want pulseaudio support… > > - qubes-core-agent-gnome and -xfce and -i3 maybe? > What do you have in mind here? Window manager runs in dom0, here we have > VM package... notifications mostly, or maybe there should be qubes-core-agent-gnome-support, recommending(!) qubes-…-nautius-support and qubes-gnome-notifications and qubes-pulseaudio-support? > > - qubes-core-agent-dom0-update-proxy > Makes sense. :) maybe it's now time to update #2771 and put the above thoughts as a list there? > > > [1] https://github.com/QubesOS/qubes-issues/issues/2771 -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/2017052300.GA24864%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Re: qubes-core-agent package split
Hi Marek, sorry for the late reply… On Mon, Apr 24, 2017 at 02:08:39AM +0200, Marek Marczykowski-Górecki wrote: > Currently the package in title is "everything but the kitchen sink" type > of package. It contains at least: > > - qrexec-agent > - all kind of qrexec services (file copy, etc) > - all kind of system configuration, including sudoers, sysctl (disable >tcp timestamps etc), NetworkManager etc > - various networking scripts > - handling of dom0 updates > - updates proxy stuff > - integration with GUI file managers (nautilus, dolphin etc) > - ... > Full list of files in Debian package: > https://gist.github.com/marmarek/30f089c595832a547af8ab034cc7b8e0 > Full list of files in Fedora package: > https://gist.github.com/marmarek/532170f5e7ae995b33d33d6f85cde040 > > It would be good to split it into more sensible sub-packages. Mostly for > more specialized/minimal templates. For example currently fedora-minimal > template have awful hack[2] breaking some dependencies to make the template > minimal, which leads to various problems[3]. But also we don't want to > have too many of those packages, to keep maintenance and dependency > tracking at reasonable level. > Any suggestions into what packages it should be split? > > IMO at least qrexec-agent should be in separate package (so it would be > possible to install just that, without all the integration/configuration > stuff). But while at at, better think a little more about optional (or > close to) packages layout. so that would be "qubes-core-agent-qrexec", judging from your list above there should also - qubes-core-agent-filemanager-support - qubes-core-agent-core - qubes-core-agent-x - qubes-core-agent-gnome and -xfce and -i3 maybe? - qubes-core-agent-dom0-update-proxy what else? I think it helps to think in package names, as they should indicate the purpose and thus the depends of the packages. And they should all come from the same source package, to ease transition and maintenance. > PS I've created also issue on github[1] for this, to put the discussion > outcome there. > > [1] https://github.com/QubesOS/qubes-issues/issues/2771 -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170522232705.GB22855%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Graphical Qubes Memory Monitor
Hi Johny,
On Wed, Apr 05, 2017 at 02:09:18PM -0400, Johny Jukya wrote:
> I've always found it a bit hard to figure out exactly what Qubes was doing
> with the memory, shuffling it between VM's. The memory bar graph in the
> manager isn't terribly informative. Having a relatively low memory system,
> management of it is important.
agreed.
[...]
> It shows the memory actually in use by programs (hatched/dotted area) as
> well as the full allocation for the VM (the whole pie slice).
>
> https://github.com/johnyjukya/qmemmon
wow, that's a pretty neat looking screenshot there!
> Obviously, never run any new code in dom0 unless you know what you're doing,
> and you've preferrably looked over the code yourself. This is 170-ish lines
> of Python, so giving it a sanity check isn't a huge deal.
agreed (+done so), but I still dont want to run more qt stuff in dom0… :)
however, this might be just me + now, I also do think that the information
this tool is providing is currently missing in QubesOS and that *maybe* your
tool could be tuned to be included by default…
However, I'm wondering whether it would be possible to split it: do the data
collection in dom0, cause thats where it has to be done and do the data
processing and presentation in a VM (either existing or specially started
dispVM).
For myself, I've modified qubes-i3status' status_mem function like this:
status_mem() {
local mem=$(((`xentop -b -i 1 | grep -v NAME | cut -b 38-47|xargs echo|sed
"s# #+#g#"`)/1024))
local reallymem=$(((`( vmstat -s -S K ; for VM in $(xl list|egrep -v
"(Name|dom0)"|cut -d " " -f1) ; do /usr/lib/qubes/qrexec-client -d $VM
user:"/usr/bin/vmstat -s -S K" -t -T ; done ) | grep "used memory" | cut -d "K"
-f1 | xargs echo | sed "s# #+#g#"`)/1024))
json mem "Mem: ${reallymem}M/${mem}M"
}
and then qubes-i3status takes care to only run this once a minute.
But this (my solution) only tells me how much memory is really used, while
yours has that and more details. Nice work!
--
cheers,
Holger
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/20170406115246.GA4238%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Digital signature
Re: [qubes-devel] Qubes packages updates, what has changed?
Hi Marek, sorry for the late reply, your replies often include lots of data to process… that's awesome just sometimes hard to find the time to :) Thanks a lot for all this information! On Tue, Mar 07, 2017 at 12:36:17AM +0100, Marek Marczykowski-Górecki wrote: > Yes, we currently do not fill %changelog section in rpm packages. We > have this on our todo list... > https://github.com/QubesOS/qubes-issues/issues/1508 ah. I've subscribed to this issue now, as I think it's quite important to solve. > There is more: right now we're enabling another way to track updates - > have an issue created for every updated package, as a way to track what > is in testing repository. See here: > https://github.com/QubesOS/qubes-issues/issues/2573 > https://github.com/QubesOS/updates-status/issues nice. I've subscribed to the later URL too :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170321170140.GA14907%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Qubes packages updates, what has changed?
On Mon, Mar 06, 2017 at 11:06:25PM +, Holger Levsen wrote: > I just did a dom0 upgrade and was offered to update qubes-gui-dom0 to version > 3.2.9-1.fc23, however when I clicked on "package changelog" in yum-extender > the changelog was empty. > > This has happened before… > > So I'm wondering: how can I find out, what has changed and why does Qubes 3.2 > receive an update? > > I'm thinking more of a general solution, like an announce mailinglist, but (or making sure yum-extender has a changelog to display…) > for now I would also be happy about a pointer to the git repo and branch, > where I can see those changes leading to qubes-gui-dom0 3.2.9-1.fc23… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170306230814.GA5940%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Qubes packages updates, what has changed?
Hi, I just did a dom0 upgrade and was offered to update qubes-gui-dom0 to version 3.2.9-1.fc23, however when I clicked on "package changelog" in yum-extender the changelog was empty. This has happened before… So I'm wondering: how can I find out, what has changed and why does Qubes 3.2 receive an update? I'm thinking more of a general solution, like an announce mailinglist, but for now I would also be happy about a pointer to the git repo and branch, where I can see those changes leading to qubes-gui-dom0 3.2.9-1.fc23… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170306230625.GA5241%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] [RFC] Keyboard shortcuts for qubes-manager
On Tue, Dec 20, 2016 at 03:15:29PM -0500, Jean-Philippe Ouellet wrote: > > CTRL-Shift-K maybe? > Is this because you are worried about accidental use? Or some other reason. yes > We already do have a confirmation dialog before a VM is actually > killed, keyboard shortcut or not. I was aware and still I think it's better to make it less easy to press it accidently. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161220223321.GB27559%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] [RFC] Keyboard shortcuts for qubes-manager
Hi, first of all: yay, keyboard shortcuts! Thanks for your work on this! two minor comments: On Tue, Dec 20, 2016 at 02:31:13PM -0500, Jean-Philippe Ouellet wrote: > 3. Ctrl+C for Clone, because Clone and Copy start with C > Ctrl+Shift+N may also be a good candidate here, idk. CTRL-C is not a good choice here, I think, cause C already is cancel and copy… > 5. Ctrk+K for Kill CTRL-Shift-K maybe? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161220194822.GA13325%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Qubes 4.0 development status update
Hi Marek, thanks for sharing this information. I found it quite interesting! (and wouldnt mind to see such posts every 3 months or so…) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161205084857.GA3282%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Running (or not) Xen during installation
Hi, On Thu, Nov 03, 2016 at 09:13:26PM +0100, Marek Marczykowski-Górecki wrote: > Long story short - technically Xen is no longer needed during > installation of Qubes OS. Or at least is very close to such state. given the benefits you described, I think it makes sense not to use Xen during installation _as long as_ there is a live image one can use to test ones hardware with Xen/Qubes. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161104104858.GA25901%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Introducing the qubes-announce read-only mailing list
Hey, On Thu, Oct 27, 2016 at 04:56:52PM -0700, Andrew David Wong wrote: > We've just introduced a new mailing list: qubes-announce [...] > https://www.qubes-os.org/mailing-lists/#qubes-announce cool, thanks! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161028094141.GC11192%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Packaging 3rd-party software
On Thu, Oct 13, 2016 at 01:34:13PM +0200, Wojtek Porczyk wrote: > > Option 4 sounds fine to me. > Second that. same here, even though I'm late to this party. :) Regarding the name, maybe something more general, like QubesOS-3rdparty? I fear that QubesOs-Apps could become too wrong / misnomed too soon… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161024114455.GA15088%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837913: ITP: qubes-utils -- Common Qubes utils for dom0 and VMs
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-utils Upstream Author : Marek Marczykowski * URL : https://github.com/QubesOS/qubes-linux-utils.git * License : GPL2+ Programming Lang: C / several Description : Common Qubes utils for dom0 and VMs Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the common Qubes utils for dom0 and VMs. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915113133.22883.94510.reportbug%40matrix.athome. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837910: ITP: qubes-gui-daemon -- Qubes GUI daemon
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-gui-daemon Upstream Author : Joanna Rutkowska * URL : https://github.com/QubesOS/qubes-gui-daemon.git * License : GPL2+ Programming Lang: C Description : Qubes GUI daemon Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the GUI daemon running on dom0. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915112128.GA22722%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837908: ITP: qubes-gui-common -- Common files for Qubes GUI - protocol headers
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-gui-common * Upstream Author : Joanna Rutkowska Rafal Wojtczuk Marek Marczykowski * URL : https://github.com/QubesOS/qubes-gui-common.git * License : GPL2+ Programming Lang: C Description : Common files for Qubes GUI - protocol headers Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the protocol description headers for Qubes GUI, needed on both dom0 and the VMs. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915111753.GA22363%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837906: ITP: qubes-gui-agent -- Qubes GUI Agent for VMs
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-gui-agent Upstream Author : Joanna Rutkowska * URL : https://github.com/QubesOS/qubes-gui-agent-linux.git * License : GPL2+ Programming Lang: C Description : Qubes GUI Agent for VMs Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the Qubes GUI agent that needs to be installed in VMs in order to provide the Qubes manager GUI. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/2016091514.GA21734%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837905: ITP: libvchan-xen-qubes -- Qubes vchan libraries
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: libvchan-xen-qubes Upstream Author : Joanna Rutkowska Rafal Wojtczuk Marek Marczykowski * URL : https://github.com/QubesOS/qubes-core-vchan-xen.git * License : GPL2+ Programming Lang: C Description : Qubes vchan libraries Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the Qubes vchan communication libraries for Dom0 and VMs. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915104454.GA14985%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837903: ITP: qubes-db -- Qubes OS database and tools
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-db Upstream Author : Marek Marczykowski * URL : https://github.com/QubesOS/qubes-core-qubesdb.git * License : GPL2+ Programming Lang: C Description : Qubes OS database and tools Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the Qubes OS database and tools running on dom0 and the VMs. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915103752.GA14183%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837902: ITP: qubes-core-agent -- The Qubes core files for VMs
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-core-agent Upstream Author : Joanna Rutkowska Rafal Wojtczuk * URL : https://github.com/QubesOS/qubes-core-agent-linux.git * License : GPL2+ Programming Lang: several Description : The Qubes core files for VMs Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the core-agent functionality running on VMs. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915103154.GA13318%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837900: ITP: qubes-core-admin-linux -- Linux-specific files for Qubes dom0
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-core-admin-linux Upstream Author : Marek Marczykowski * URL : https://github.com/QubesOS/qubes-core-admin-linux.git * License : GPL2+ Programming Lang: several Description : Linux-specific files for Qubes dom0 Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the linux specific core-admin functionality running on dom0. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915102609.GA11962%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#837896: ITP: qubes-core-admin -- The Qubes core files (Dom0-side)
Package: wnpp Severity: wishlist Owner: Holger Levsen * Package name: qubes-core-admin Upstream Author : Joanna Rutkowska Rafal Wojtczuk * URL : https://github.com/QubesOS/qubes-core-admin.git * License : GPL2+ Programming Lang: Python Description : The Qubes core files (Dom0-side) Qubes OS is a security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate qubes. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. This package contains the core-admin functionality running on dom0. For more information on Qubes, see https://www.qubes-os.org/tour/#what-is-qubes-os For more information on this packaging effort, see https://wiki.debian.org/Qubes/Devel -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160915095850.GA6585%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] Bug#827108: yum: please include --downloadonly patch from upstream
Package: yum Version: 3.4.3-3 Severity: wishlist Hi, to be able to use Debian for sys-firewall VM of Qubes-OS.org yum needs to support the --downloadonly option, which it currently does not. Fedora has version 3.4.3-507 so it seems this functionality was added via a patch. It would be great if you could add this patch to the Debian yum package. The patch still needs to be identified. If someone reading this knows where it is, please add the info to this bug. Thanks for maintaining yum! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160612113033.GA10531%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Re: Reinitialize Templates
On Sun, Jun 12, 2016 at 01:01:00PM +0200, Marek Marczykowski-Górecki wrote: > > what version of yum is needed? Debian indeed has only 3.4.3-3, even in > > unstable :/ > Hmm, Fedora has 3.4.3-507, so I'm afraid --downloadonly option is added > only in some Fedora local patch :/ hmpf. if that patch were identified one could file a wishlist bug against the Debian package to include it… > > also: will this in future (eg for 3.2) require dnf or will yum still be > > supported for some time? > yum is enough. In fact anything that can parse yum repo metadata, > resolve dependencies and download rpms is enough. So maybe yum/dnf > python API is robust enough to write a _simple_ tool which would > download requested packages? does dnf have --downloadonly? Cause I suppose it would be more useful to just package dnf for Debian instead of writing yet another tool to do that job… but maybe then that tool would have less dependencies and features… hm. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160612112159.GA4140%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] Re: Reinitialize Templates
On Sun, Jun 12, 2016 at 10:44:20AM +0200, Marek Marczykowski-Górecki wrote: > > ERROR: yum version installed in VM sys-firewall does not suppport > > --downloadonly option > > ERROR: only 'install' and 'upgrade' actions supported (reinstall not) > Indeed, currently --action=reinstall (or any other than listed above) > requires Fedora-based updatevm. Debian has too old yum version for > that... what version of yum is needed? Debian indeed has only 3.4.3-3, even in unstable :/ also: will this in future (eg for 3.2) require dnf or will yum still be supported for some time? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160612102254.GA1922%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-devel] qubes on an x260 with skylake cpu…
Hi, I wrote this in a hurry and I guess it was clear what I ment but in case not, I'd like to clarify this bit: On Wed, Jun 01, 2016 at 05:16:45PM +0000, Holger Levsen wrote: > I'm also upgrade to xen 4.6.1-15-56.fc20 but as xen 4.6.0 it shows the same "I also upgraded to xen 4.6.1-15-56.fc20 but it shows the same symptoms as 4.6.0…" > symptons with kernels 4.1.13, 4.4.x and 4.5.x, so I assume this is actually > a kernel and not a xen issue. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160601220119.GA1166%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-devel] qubes on an x260 with skylake cpu…
Hi, so I'm still trying to run Qubes properly on an Thinkpad x260 with i5 skylake CPU. Qubes 3.1 installed nicely, but the graphics is completly broken after suspend and battery life is less than half of what it should be. kernel 4.1.13-9.pvops.qubes works nicely, but has those suspend and battery life issues. kernel 4.4.10-9.pvops.qubes doesnt boot. (Goes black after "loading initramfs" immediatly… even with debug…) kernel 4.5.5-300.fc24 doent boot, same symptoms. I'm also upgrade to xen 4.6.1-15-56.fc20 but as xen 4.6.0 it shows the same symptons with kernels 4.1.13, 4.4.x and 4.5.x, so I assume this is actually a kernel and not a xen issue. I've tried Mareks .iso image from https://github.com/QubesOS/qubes-issues/issues/1807 but that also showed the same symptoms. So I guess I'll be forced to build my own 4.5 kernel (havent done this on fedora since a very very long time, so I would rather like to avoid this) with the half baken patch from the http://xen.markmail.org/message/44kawmueeecmzbcj thread or does anyone have other suggestions I can try? Does rawhide have a 4.6 kernel already? Any other suggestions? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160601171645.GA26340%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
