Re: [qubes-users] Re: Qubes 3.2 Dom0 no longer updating.

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-06 10:40, Daniel Moerner wrote:
> On Friday, January 6, 2017 at 7:15:14 AM UTC-5, Opal Raava wrote:
>> Hi all,
>> 
>> Since about a week or so, I'm unable to update dom0 the way I 
>> used to. The VM Manager will tell me there are updates available 
>> for Dom0, and when I click 'Update VM' I see the familiar 
>> 'downloading updates' but after that the window with the updates 
>> never appears.
>> 
>> If I run qubes-dom0-update it tells me 'No updates available'
>> 
>> Does this perhaps have to do with fedora23/fedora24 issues? I 
>> asked on IRC and one person is having this issue as well. Is 
>> anybody else having this issue?
> 
> Hi,
> 
> See https://github.com/QubesOS/qubes-issues/issues/2086. The 
> packages in the testing repo fix this problem for me. Note that
> now that F23 EOL has occurred, updates will be much less common.
> 
> Daniel
> 

As Daniel pointed out, this is a known issue with the "updates
available" icon incorrectly displaying even when no updates are
actually available.

The update mechanism itself still works correctly. That is, if you run
`sudo qubes-dom0-update`, and it returns "No updates available," that
is because there are, in fact, no updates available. No cause for alarm.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYcJXsAAoJENtN07w5UDAwS3IP/09d6C3ie3aX94vwt7ieqnRf
9CyJzUJWxVoXWf+5XtoOjUOp2fEzHa9ihYdoEhXvXboYXM2LpcdrOZJQKFRAOcYQ
BonfLNjocSCMiJbKMDGXyjIJl+p7FwCz20UfBvfmVry4Ck7O99lnq7vSAg5uDM5U
LWckE1Eqb6A2cZXx+SxVC08xJx0V6Do2twJT8BOOSqclGT9E2Wate2KW8xg00X7H
63dqUG9BQ0OIPM17X2C3O53xiDMY+pEDWfXeACN/XPTs93T0vMV8lzxy/ZAafuiD
Ayq1WNBmswULUcfpdaA8bqaRZpTqTEKzuK1de7cz1ljBUsS6aBuwo92llJ3uui2l
l405fUwdt2hX+wnYBm5KXd9UqlTScnZfxoJRU7sUTHFhQFBk4EhfeibxdrJsTNWC
xVpqrH2BWGYaiD6bNFLMjiwlAajCnGE3/PE0QeB7qp56Qyr6sbdvZesNHLWS5Eok
Gb0gh+V3ELMPHuerM1DDCCHtyMWsggSxQhgeorrcA7h2BHFF0CB2hAHkCPHb4OwG
F3OmgUgo69oJUTZJEMu9nf7ZNzd9GEf42fqCxo6UDlDzlzcreFxsQyk36S+N7RDF
G2VoZsdgXuCWETEqsUEO2g/UNMcGQQzeVNAuEFklZYQuEy3K3dcZDnP1DhAYNqQa
ZfcD0k9XBRhjSa+MhjMj
=zhOS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05055215-16f1-e39f-f3a2-70df7282937b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dom0 Update failed.

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jan 05, 2017 at 07:51:49PM -0800, Drew White wrote:
> On Friday, 6 January 2017 11:39:36 UTC+11, Marek Marczykowski-Górecki  wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On Thu, Jan 05, 2017 at 04:01:11PM -0800, Drew White wrote:
> > > Hi folks.. 
> > > 
> > > Tried to do an update on Dom0, but it's failing, and I'm not getting the 
> > > information I need to be able to resolve the issue.
> > 
> > It's simple. You selected arbitrary subset of update, apparently
> > excluding packages required by those you've selected.
> > 
> 
> It checked dependencies, it found there were none required. If they were 
> required, it would have gotten the dependencies for the packages I requested 
> to install. That is how it works because I didn't tell it to NOT get the 
> dependencies.
> 
> If you look at the versions, it said I already have version 10 installed, so 
> it skipped it. Why did it skip subversion 10 and not install 12 when it's 
> supposed to update and do subversion 12?

Try adding --action=update. By default if you pass list of packages, the
action is "install" and AFAIR dnf does not consider update in such a
case...

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYcE7VAAoJENuP0xzK19csui8H+wVJ3I1GH+6YHbItKf+vTLSE
Izl7lXxdV7vQ7S3LaNVpdXZ2hsP7JExP2NmY3q2y9o7WMIAdEk1UIPQIqdbS7R09
yTgWFswYmc8Hv6oKhw3Bsx0XoyycJuaJBU3fMZFCwQuishFJmq7mGTMXZc0XMPUK
MLPepBpdB61xgyL/X8SsttcrvvQLiUSbe6eIR7pvVwuzqPMaOhfYn3lcXpUvrleb
40F294L6iRPNp+i0nTnXnkiNfknzHSwZWS5dj59ItQNO5xCm/dxm42YoVwM8qKgW
482MHqy/pJodpoCYM2Yt6XHDwwXK3jg6XLZGiMVmS7RNcPIHUonvDc+sYDYLdxM=
=eLR2
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170107021340.GW5268%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Archlinux template instruction leads to failed recipe on target "core-agent-linux-vm"

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jan 06, 2017 at 10:51:42AM -0800, albi...@gmail.com wrote:
> понедельник, 19 декабря 2016 г., 18:00:38 UTC+3 пользователь Ilja Michel 
> написал:
> > Hi,
> > 
> > I ran into the same problem. It looks as if make is not able to read the 
> > init folder, but I can't figure out why. 
> > What worked for me:
> > Delete or erase the concerning lines in 
> > ~/qubes-builder/qubes-src/core-agent-linux/Makefile (line 99f): 
> > #install -m 0755 init/*.sh vm-systemd/*.sh $(DESTDIR)$(LIBDIR)/qubes/init/ 
> > and
> > #install -m 0644 init/functions $(DESTDIR)$(LIBDIR)/qubes/init/
> > Do what these lines would have done manually by copying the contents of 
> > ~/qubes-builder/qubes-src/core-agent-linux/init and all the *.sh-files in 
> > ~/qubes-builder/qubes-src/core-agent-linux/vm-systemd into 
> > ~/qubes-builder/chroot-archlinux/home/user/qubes-src/core-agent-linux/pkg/qubes-vm-core/usr/lib/qubes/init
> > Then run "make core-agent-linux-vm" again.
> > 
> > Unfortunately I'm stuck in "make template" now with a similar problem. So I 
> > didn't get much further. 
> > 
> > Best regards,
> > Ilja
> 
> Actually, you don't have to do it by hands. You only need to remove 
> 'init/*.sh' argument from the first line and remove the second line 
> completely.
> They don't work because there is no files match this mask.
> 
> After that you can need to do the 'make qubes-vm' step completely, since the 
> list of separate steps in the manual is not complete.
> 
> I've found that building 'app-linux-split-gpg' fails on 'pandoc' command 
> absence, but didn't manage the way to install it properly. Could only get 
> worked this around by changing qubes-src/app-linux-split-gpg/doc/Makefile.
> first line should look like:
> PANDOC=/bin/true
> 
> It will only skip builds some docs, so it doesn't have to influence the 
> installation in any way. After that the template creation was successful for 
> me.

Fixes for both issues already merged:
https://github.com/QubesOS/qubes-app-linux-split-gpg/pull/7
https://github.com/QubesOS/qubes-core-agent-linux/pull/32

Thanks Nicklaus!

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYcEkcAAoJENuP0xzK19csFv8H/3KIpQpbXmrqYV5RnLzTEQsS
ZehKTwc3ADNSJAcOyJ/Sdcy+/MerIyJaTrP8lIvk3b07pnn+ayQ9M5H73I0LClkd
8b8hDH8F+jafM+2ep2PXBQIL3YmMj0AVrqvluKhEgd5jI3O9gTj9SR8PGuRAuSam
oBa9inl7geJY1RZl5B3EqYYieRlf8Y8fxl/HoL1BPpFL2Grt+HPkZhNnRqLvsWpZ
cRaDBW9hJEsGJlkhi2MRETkpRCb427Q50RcuBWnHAj7ZXcTzsdJU38QKIBrJo93k
STGzn/ATnxyLn/gh+aaOcGipO06q2IUFMKHEQ2ZfNPWj9LoDEMAGeyPp1OUTsUo=
=eVCK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170107014915.GV5268%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] My Intel system doesn't have Vt-x and Vt-d, please help me understand the implications.

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jan 06, 2017 at 08:04:08PM +, 5vo30m+lpi66xm176ugr7ruk via 
qubes-users wrote:
> Hi everyone! 
> 
> First off happy new year! :)
> 
> To get into the subject, I'm trying to get as many Qubes users around me as 
> possible to convert my family and friends from Windowsism to Qubism. However 
> in some cases I see that the Intel®™ (backdoor℠ inside®) hardware that they 
> have does not support VT-x and VT-d.
> 
> So I would like to better understand the implications of this. From the User 
> FAQ:
> 
> https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-x
> 
> I understand that this means that: 
> 
> o Not being able to use fully virtualized VMs (e.g., Windows-based qubes)
> 
> o No security benefit in having a separate NetVM
> 
> But the points I wont to understand are:
> 
> ~ Does this mean that one wont be able to install Windows in a VM in such 
> system (that's it?)? 
Yes.

> What does fully virtualized VM really mean?

https://www.qubes-os.org/doc/glossary/#hvm

In short: a VM running OS not necessary modified to be running in a VM.

> ~ How is this relevant practically speaking? In other words, could an 
> attacker deploy malware to NetVM (from an AppVM that is connected to the 
> NetVM)? If not, in which situations can attacker get to the NetVM and 
> therefore to dom0?

The way you've descried, or using some remote attack directly on NetVM -
because NetVM is what is facing external network directly.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYcEZoAAoJENuP0xzK19cs10AIAJJTAtko8yOjdDXcWOaq7lRB
2fKeGJDIG5x9ZILWfJbDrqaAgd14NuQyCU4UAMokk3dkgo6u6/0gjr55tshp5pyx
Ah6i253s+16MRatC+vBYohD+NJWE3tZG1vsr6IiDQxuqb/pykrqywbDcKUMIEtgs
xrlorH5liM5LuWxiKPJSqtV9LtQb4Y3EILXBSeJuiDPeqbcaYu1lniSQMsoUUR7J
HES0ygE552wH4HhMiqE3f3FOy7yQSF8lmjSRnl50X7Pzw0y1Ojs5CUgV/oYPh/XP
vye8F6PGDxQpAx6HHCsuUSQgAoIUhWDrZJcXKHHvIoMKkgDPahP1IDt8eRa5m38=
=qXgS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170107013743.GT5268%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: A really nice guide on installing Coreboot on a X220 with a Raspberry Pi

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jan 06, 2017 at 04:18:05PM -0800, kuggh...@gmail.com wrote:
> On Monday, November 14, 2016 at 4:34:47 AM UTC+1, David Schissler wrote:
> > https://tylercipriani.com/blog/2016/11/13/coreboot-on-the-thinkpad-x220-with-a-raspberry-pi/
> 
> Hi David and list, I followed this guide but could not boot Qubes after 
> installing Coreboot 4.5.
> 
> Expected behavior:
> 
> Booting from disk after bios stage.
> The following log from coreboot shows the same system successfully booting on 
> a (non XEN) live distribution (Tails): 
> https://paste.debian.net/hidden/fdc9fc95/
> 
> Note: To add debug prints I had to build another coreboot flash with 
> spkrmodem hence the differing versions and dates. The behavior trying to boot 
> Qubes from disk was the same on both versions of coreboot.
> Actual behavior:
> 
> Coreboot SeaBIOS cursor blinks OS does not start.
> 
> Output is:
> Press ESC for boot menu.
> (pressing ESC)
> Select boot device:
> 
> AHCI/0: INTEL SSDSA2BW160G3L ATA-8 Hard-Disk (149 GiBytes)
> USB MSC Drive Kingston DataTraveler 3.0 PMAP
> iPXE (PCI 00:19.0)
> (pressing 1)
> 
> Booting from Hard Disk...
> Cursor keeps blinking, nothing boots.
> The following log from coreboot shows a boot failure trying to boot the 
> successfully installed Qubes OS R3.2 from disk: 
> https://paste.debian.net/906598/
> Steps to reproduce the behavior:
> 
> Install coreboot 4.5 with SeaBIOS payload on Lenovo Thinkpad x220
> 1.2 Turn on debuging using either spkrmodem (and record/wait for about 5 
> hours for bios to boot) or use a EHCI debugger 
> (https://www.coreboot.org/EHCI_Debug_Port). Configure either: 
> CONFIG_HAVE_USBDEBUG=y || CONFIG_SPKMODEM=y
> Install Qubes 3.2 on disk.
> Boot from disk in SeaBIOS.

SeaBIOS implements "legacy boot" protocol, not UEFI. So you need to
install system in legacy mode.
As already suggested, running grub2-install (after installing the tool
first) should be enough. You can boot from installation image to do that
(choose rescue mode).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYcETNAAoJENuP0xzK19csTe4IAIWi5P/n8gjoarCR+1Qv+bpz
lFKKy316lWa3yNpqaOvx49XChyxyyuUI347ktyZzsNO7lF8RtaSE2B0RX1t8V/vX
DClVI5U4yLcDl4xCRjhfoPHXmZXis1zTNx5NzofYfqUMPoZWL0vDDK/9J/jE6n0G
yCjK1kATtDA5w1p4GfXLgtzNPg8VrPKkkzhzZIYXCBH/O88sAEUAlBug47WMXSXy
B2j8Av+gqwQC9fz/o+UwqXe3z8x896zBfu5hphd7DTGESfCTnXK2gy7XAwdiw6Oy
x7FTCq2ODVo124bHB58XFoRAV8csGAvkaB4Dc6fzP+mYk/fYuEudC8dkDVkRQwg=
=dUZH
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170107013052.GS5268%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: A really nice guide on installing Coreboot on a X220 with a Raspberry Pi

[hirschauer.andreas via qubes-users]

> Booting from Hard Disk...
> Cursor keeps blinking, nothing boots.
> The following log from coreboot shows a boot failure trying to boot the 
> successfully installed Qubes OS R3.2 from disk: 
> https://paste.debian.net/906598/

I have the same issue on my X230 with Coreboot, that Grub doesn't start. But 
i've fixed it with the USB key troubleshooting. Chroot to your installation and 
run grub2-install on the Disk. After that i was able to boot into grub and 
Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dcc89aa4-1cab-4da6-b7cb-28ad1682ff1f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: After installing Libre apps can't get them on a shortcut

[Patrick Bouldin]

On Friday, January 6, 2017 at 7:40:51 PM UTC-5, Patrick Bouldin wrote:
> Hello,
> 
> I've added apps to the template before, and then on the app vm I could then 
> create a shortcut. I installed all the Libre apps on the template. I then go 
> to the app vm and they are there, but they don't show up on the "add 
> shortcut" menu.
> 
> Any clue?
> 
> Thanks,
> Patrick

PS - I see the following to add shortcuts to app that didn't make them 
available: https://www.qubes-os.org/doc/signal/

But I still confused with step 1. Am I even on the right track? What shortcut 
has been created in step 1 of the Signal example? How did he "get" the shortcut?
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71090504-4e58-40b0-8df7-af7756f0a1ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Using pass with split GPG

[Nicklaus McClendon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I've been looking into solutions for password managers utilizing
Qubes' isolation as well as possible while not compromising
functionality. Password based options are suboptimal, as regular
backups and syncing can be challenging, as the "Vault" qube for the
database should not have network capability. Similarly, options that
require copy and pasting between qubes lead to password being kept on
the clipboard until manually removed. As such, I began looking at
using pass with split gpg. Pass is designed to work with Git for
backup and synchronization and uses GPG for encryption. With the
following patch, you can set
$PASSWORD_STORE_GPG_PROGRAM="qubes-gpg-client-wrapper" and enjoy pass
with split gpg.

https://lists.zx2c4.com/pipermail/password-store/2017-January/002633.htm
l
- -- 
kulinacs 
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhwOjkACgkQuXLc0JPg
MlZ7hA//aJ/9lsZlT2fx/VhKfN+CBkqNQZ7xkiQBc3qwso91Qu+PvyO4/WOPupb1
BYZkye838+s+tR3/1NHE7iwAZfl1fThlKKz+19TpFIWL64ARL408O7Bw+ijVezRY
xL9tJMCaQkLvQRwwFXNBrETDlRnpzJwCj1YmA2oU717g0PBjs1qi4cq/cu7Mo/D+
w2cA2V7n8dPPY9lZa3oNH+xsL1N1g/OzQ3I8hgFMprd2Tpk7Xr2EJWNH+1AhCPtV
AIsKv+QcgikIWscXRj+6EWYq3EG1qUA8dTWhO3st8LR7nvGJLSJYI92Fv0C4354T
h8f6m8nza8JyTzBjk/FekjObil2q+3BEUaBHQA7sK6Q5kQEkYXprzm1G1X5tALWB
8gmdceYNiJBae/w3WQU4I2QG1ZdETy7T66hTMafHa5NEvDFVabWb2+50hsnGZ5Z/
KIP9cnliPzZKFKlm8tCmiYbFIG08w9QnIH3TBYzCxjmlLDldgw9U4KUts2V23fJq
PH1gSChgEaCad9zTWMbJ5+s+QH6gmTBipUV1rrYN9P2vMeDhOX7tsB0NOG+jRBk6
dx45CQ2KzQopxy31z1Sd7HXMDmTeL+7lOuyPjhhOwrQSqHF9qHQbT73ujIDmps9W
XKyw39uXrIZqg0XrkV77T9CybnLLsXFfDaJ0NlVYdBZ8ImzJ+hY=
=VOI4
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5282174a-57e0-5927-f801-df6d6b7b3b92%40kulinacs.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - DELL Inspiron 17, 7000 Series (7746)

[LXK]

Hi All,

sending HCL info.

Only issue encountered so far was the bus reset issue on what appears to
be the HDMI audio, preventing the network VMs from starting.

I worked around it via a custom systemd unit, removing the device before
network comes up.


Thanks and keep up the great work.

LXK


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bdc18496-b19c-84cc-fd9a-29ebc06073ce%40droidcraft.org.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Inspiron_17_7000_Series_7746-20170107-021605.yml
Description: application/yaml


0xD440D67B.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Re: Fedora Desktop in Qubes

[Patrick Bouldin]

On Wednesday, December 28, 2016 at 2:41:28 AM UTC-5, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-12-27 12:39, Patrick Bouldin wrote:
> > On Tuesday, December 27, 2016 at 2:13:48 PM UTC-5, Patrick Bouldin wrote:
> >> On Tuesday, December 27, 2016 at 2:11:04 PM UTC-5, Patrick Bouldin wrote:
> >>> On Tuesday, December 27, 2016 at 2:04:28 PM UTC-5, Patrick Bouldin wrote:
>  On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin 
>  wrote:
> > Hi, I saw some threads on this but am not clear at a high level.
> >
> > I thought I would install dropbox client on one of my Fedora VMs so 
> > that working with files is much smoother than from a browser. So, is 
> > installing a Fedora Desktop the best plan to do that? Don't assume I 
> > know enough of native Qubes ability please - maybe I'm missing a key 
> > point!
> >
> > Thanks,
> > Patrick
> 
>  Thanks David. housekeeping question - before I started I copied my 
>  Fedora template, just in case. Am I correct I can easily undo those 
>  changes incorrectly made by deleting the template and renaming the 
>  backup template to the production one (just deleted)?
> 
> 
> Yes, that's correct.
> 
> >>>
> >>> Sorry, I meant Andrew!
> >>
> 
> No worries.
> 
> >> And I see it works so disregard, Andrew - thanks again.
> > 
> > Wow, this is a bear for me. 
> > 
> > Dropbox said:Add the following to /etc/yum.conf.
> > 
> > 
> > name=Dropbox Repository
> > baseurl=http://linux.dropbox.com/fedora/\$releasever/
> > gpgkey=http://linux.dropbox.com/fedora/rpm-public-key.asc
> > 
> > So I performed a sudo gedit on that file and added the above three lines. 
> > When I saved it I received this:
> > 
> > ** (gedit:1791): WARNING **: Set document metadata failed: Setting 
> > attribute metadata::gedit-position not supported
> > [user@fedora-24 ~]$ 
> > 
> > So I do see that you can't save metadata by extending the yum.conf file, 
> > and tried a few other things that I think it was suggesting.
> > 
> 
> No, I think that's just a warning message about the gedit program
> itself. Should be safe to disregard. You can verify that the contents of
> the file were saved with `cat /etc/yum.conf`.
> 
> > When I try and run $ sudo dnf install nautilus-dropbox
> > I get this:
> > Last metadata expiration check: 0:14:35 ago on Tue Dec 27 15:23:35 2016.
> > No package nautilus-dropbox available.
> > Error: Unable to find a match.
> > 
> 
> Try this:
> 
> $ sudo dnf --refresh install nautilus-dropbox
> 
> If that still doesn't work, try creating a separate repo file,
> `/etc/yum.repos.d/dropbox.repo`, with this content:
> 
> [Dropbox]
> name=Dropbox Repository
> baseurl=http://linux.dropbox.com/fedora/$releasever/
> gpgkey=https://linux.dropbox.com/fedora/rpm-public-key.asc
> 
> Then try this again:
> 
> $ sudo dnf --refresh install nautilus-dropbox
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJYY2yaAAoJENtN07w5UDAwPdQP/0PkbijP3sTDVl5wCbliYP3k
> geBxtHDYfCwPtH4Puvwn5M7az7zSGYVsVp8mhFVpbwzasIhc8AEogAMWFWflq4Vh
> T6SfrTqjQXkt0oGqUQbZDWsfUylyZl46y9aPO/CczE2iG6lIxjts/DpKuibwmWr3
> GYMD/O9IhxFPm7rBHGCQkg02tAoQ4Y8/s/qPaouSrgRm4pkRDvr9mv0ztOsaQr9k
> PIInequHgt9TeQkJBBcMlIH/wjXA7nnS9kRYJieGeBZ5UXL4pQPh/0CPnTJfvZZP
> tAqdSMrCxvCXoyJRbJYuLA2IhInYlmcxK3k7iY7A7BBUkleK0WjT1JwwutS96hja
> 0DLK90HkTv8smo5lN0FOk2xXgLk5cWC98QiKluL8x7zH12dPpWUXQA/yF++mSlH8
> 7iteaYYD1oYfzI6jHBCvBtVjgtvrQSkkLcy4WNGhJZ6WT5hggArLgnGzKGauWfGq
> p6iBUYEOqDpa1jNVHQ1sdmftvBw4j2FfdbrLNuGYL9qCg33PXQmyW8JGkassJ2ac
> CKLvxQums/JcnF9yg7VEu0VmFGlCGYs/gPxQFe0UbUIcsekiAPCfFUPUvyFw5NEH
> 2xDThJ7rruRWakxKl+f7hU0M+Faf50N+OrCoJbyaZzmo83HbYEvhi13z3TUjoAiX
> MXBCUJOmxHvRlLS+fpzN
> =iMaH
> -END PGP SIGNATURE-

Darn, still not working - I noticed this link is not working: 
baseurl=http://linux.dropbox.com/fedora/\$releasever/
gpgkey=http://linux.dropbox.com/fedora/rpm-public-key.asc


So it's not finding the file, tested that just in my browser address bar.

Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c06a6c9-7639-43c4-86ae-243ad5e67455%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] PCI-e USB 2.0 / 3.0 cards that are known to be "good for qubes" (support reset, etc)

[daltong defourne]

Basically, what it says in the subject.

I want to buy an (1x?) pci-e USB card that would be compatible with qubes "as 
much as possible", ideally supporting reset to avoid the annoying "unable to 
reset" thingie

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e80a3d49-62fe-4900-9795-e9891ad9c950%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Lenovo ThinkPad W520

['Andreas' via qubes-users]

Amazing work, Qubes developers. Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/utJI6seELXFccPbXn9UkPf4XeVafjXGsgCKstLVxgmPQjWCDWqaFBxsSMGIYTyYMgorvdhpYMKK2njTTlI4_IO4DC9Ilv4D8sSRWfi-JAM4%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-4270CTO-20170106-122819.cpio.gz
Description: application/gzip


Qubes-HCL-LENOVO-4270CTO-20170106-122819.yml
Description: application/yaml

[qubes-users] My Intel system doesn't have Vt-x and Vt-d, please help me understand the implications.

[5vo30m+lpi66xm176ugr7ruk via qubes-users]

Hi everyone! 

First off happy new year! :)

To get into the subject, I'm trying to get as many Qubes users around me as 
possible to convert my family and friends from Windowsism to Qubism. However in 
some cases I see that the Intel®™ (backdoor℠ inside®) hardware that they have 
does not support VT-x and VT-d.

So I would like to better understand the implications of this. From the User 
FAQ:

https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-x

I understand that this means that: 

o Not being able to use fully virtualized VMs (e.g., Windows-based qubes)

o No security benefit in having a separate NetVM

But the points I wont to understand are:

~ Does this mean that one wont be able to install Windows in a VM in such 
system (that's it?)? What does fully virtualized VM really mean?

~ How is this relevant practically speaking? In other words, could an attacker 
deploy malware to NetVM (from an AppVM that is connected to the NetVM)? If not, 
in which situations can attacker get to the NetVM and therefore to dom0?

Thanks for all the help!






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com//abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48d0f8ae1f196ed17d3d5f81ca16db398d6%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HDMI not working on my Dell Inspiron 17 7999

[Marc de Bruin]

On Saturday, December 3, 2016 at 9:18:35 PM UTC+1, Jonathann Giroux wrote:
> Hello guys, I just install Qubes on my Dell Inspiron 17 7999 and it's working 
> greatexcept for te hdmi port. My second screen in hdmi is not working at all. 
> Any ideas why? Thanks. 

I'm also having problems with getting HDMI to work on a Dell. In my case a Dell 
XPS 15, model 9550. 

Did you manage to solve it? xrandr does show HDMI1 and HDMI2 but no resolutions 
available to choose from.

Tnx,
Marc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6d0de19-7046-41f3-a725-8d034fac8ec0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Archlinux template instruction leads to failed recipe on target "core-agent-linux-vm"

[albibek]

понедельник, 19 декабря 2016 г., 18:00:38 UTC+3 пользователь Ilja Michel 
написал:
> Hi,
> 
> I ran into the same problem. It looks as if make is not able to read the init 
> folder, but I can't figure out why. 
> What worked for me:
> Delete or erase the concerning lines in 
> ~/qubes-builder/qubes-src/core-agent-linux/Makefile (line 99f): 
> #install -m 0755 init/*.sh vm-systemd/*.sh $(DESTDIR)$(LIBDIR)/qubes/init/ and
> #install -m 0644 init/functions $(DESTDIR)$(LIBDIR)/qubes/init/
> Do what these lines would have done manually by copying the contents of 
> ~/qubes-builder/qubes-src/core-agent-linux/init and all the *.sh-files in 
> ~/qubes-builder/qubes-src/core-agent-linux/vm-systemd into 
> ~/qubes-builder/chroot-archlinux/home/user/qubes-src/core-agent-linux/pkg/qubes-vm-core/usr/lib/qubes/init
> Then run "make core-agent-linux-vm" again.
> 
> Unfortunately I'm stuck in "make template" now with a similar problem. So I 
> didn't get much further. 
> 
> Best regards,
> Ilja

Actually, you don't have to do it by hands. You only need to remove 'init/*.sh' 
argument from the first line and remove the second line completely.
They don't work because there is no files match this mask.

After that you can need to do the 'make qubes-vm' step completely, since the 
list of separate steps in the manual is not complete.

I've found that building 'app-linux-split-gpg' fails on 'pandoc' command 
absence, but didn't manage the way to install it properly. Could only get 
worked this around by changing qubes-src/app-linux-split-gpg/doc/Makefile.
first line should look like:
PANDOC=/bin/true

It will only skip builds some docs, so it doesn't have to influence the 
installation in any way. After that the template creation was successful for me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b46722c8-7f22-4e86-9a72-12779b6a4fe2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 3.2 Dom0 no longer updating.

[Daniel Moerner]

On Friday, January 6, 2017 at 7:15:14 AM UTC-5, Opal Raava wrote:
> Hi all,
> 
> Since about a week or so, I'm unable to update dom0 the way I used to. The VM 
> Manager will tell me there are updates available for Dom0, and when I click 
> 'Update VM' I see the familiar 'downloading updates' but after that the 
> window with the updates never appears.
> 
> If I run qubes-dom0-update it tells me 'No updates available'
> 
> Does this perhaps have to do with fedora23/fedora24 issues? I asked on IRC 
> and one person is having this issue as well. Is anybody else having this 
> issue?

Hi,

See https://github.com/QubesOS/qubes-issues/issues/2086. The packages in the 
testing repo fix this problem for me. Note that now that F23 EOL has occurred, 
updates will be much less common.

Daniel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07e9e1e6-35c4-4c23-b28e-7272a36cd9f2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 3.2 Dom0 no longer updating.

['James Funkhauser' via qubes-users]

Same with me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/DoLODTgtjSGW2woOjrpYgj_QnnTSG5lRtSUkjxhA17cS6kCo1_NiHN_E9YJhFJrdhGccqDA4vTfEUn1hTMg62Vw15SQdxvereN3GRxXUtR8%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 3.2 Dom0 no longer updating.

[J. Eppler]

I encounter the same issue

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a882a1f1-4933-40fb-8e43-636bbcdd0622%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Razer Blade 14" (01/2017)

[michael . liesenfelt]

HCL: Razer Blade 14" (01/2017)
---
layout:
  'hcl'
type:
  'laptop'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'Unknown' (I disabled secure boot in the firmware)
brand: |
  Razer
model: |
  Blade
bios: |
  E1.00
cpu: |
  Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
chipset: |
  Intel Corporation Skylake Host Bridge/DRAM Registers [8086:1910] (rev 07)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation HD Graphics 530 [8086:191b] (rev 06) (prog-if 00 [VGA 
controller])
  NVIDIA Corporation GP106M [GeForce GTX 1060] [10de:1c20] (rev a1) (prog-if 00 
[VGA controller])
network: |
  Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
memory: |
  16272
scsi: |


versions:

- works:
Yes
  qubes: |
R3.2
  xen: |
4.6.1
  kernel: |
4.4.31-11
  remark: |
Had to fix UEFI boot process and update the kernel to fix intel i915 
graphics flicker. Still testing features and capabilities.
  credit: |
Michael Liesenfelt
  link: |
http://www.razerzone.com/gaming-systems/razer-blade

---


Installation and BIOS/UEFI:
I had to disable secure boot in the firmware before my USB stick would boot, 
just as expected.
I enabled the boot ‘SCM’ boot compatibility option.

I did a custom installation (https://www.qubes-os.org/doc/custom-install/) to 
manually create the gpt partition table, luks encrypted device mapper 
(--cipher=aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random), lvm physical 
volume, lvm virtual group, and logical volumes. Selected ‘custom partitioning’, 
re-scanned the available disks, then manually created the volumes for 
installation. Installation proceeded smoothly.

Boot Problems [solved]:
Upon rebooting after installation the razer firmware would not detect or boot 
the qubes installation. To solve this issue, boot the installer with the 
‘rescue’ option and follow the “Troubleshooting UEFI related problems” > “Boot 
device not recognized after installing” qubes documentation 
(https://www.qubes-os.org/doc/uefi-troubleshooting/).

Copy /boot/efi/EFI/qubes/ to /boot/efi/EFI/BOOT/.
Rename /boot/efi/EFI/BOOT/xen.efi to /boot/efi/EFI/BOOT/BOOTX64.efi.
Rename /boot/efi/EFI/BOOT/xen.cfg to /boot/efi/EFI/BOOT/BOOTX64.cfg.


LAN:
No wired ethernet adapter.

WLAN (necessary before fixing graphics):
The Atheros works well. On first bootup, ‘Add/Remove app shortcuts’ to the 
‘sys-net’ VM. Select the ‘Settings’ application. From the main menu > Service 
VM sys-net > sys-net: Settings. Add your wireless information to ‘Network’.

Intel Graphics Problems [solved]:
Upon first reboot the i915 Intel 530 graphics would result in a spontaneous 
screen flicker. To fix this issue, update dom0 so the 4.4.31-11 
kernel/initramfs is installed in addition to the default 4.4.11-11. Upon 
reboot, the old 4.4.11 kernel will still be loaded. Copy the new 4.4.31 kernel 
and initramfs from /boot to /boot/efi/EFI/BOOT/. Edit 
/boot/efi/EFI/BOOT/BOOTX64.cfg, copy the previous two entries, and edit them 
appropriately for 4.4.31-11 kernel/initramfs. The i915 initial compatibility 
kernel boot option can be safely removed.

The QHD+ screen is dense and beautiful. After installation I set the display 
resolution to 1080p until I figure out xfce font/icon/wm scaling.

Disk/filesystem:
I replaced the stock 256G Samsung 951 nvme SSD with a Samsung 960 Pro 1TB. Both 
are detected, have no problems, and run extremely fast.

Encryption Performance:
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1   624896 iterations per second for 256-bit key
PBKDF2-sha256 800439 iterations per second for 256-bit key
PBKDF2-sha512 653725 iterations per second for 256-bit key
PBKDF2-ripemd160  358610 iterations per second for 256-bit key
PBKDF2-whirlpool  276523 iterations per second for 256-bit key
#  Algorithm | Key |  Encryption |  Decryption
 aes-cbc   128b  1001.2 MiB/s  2868.0 MiB/s
 serpent-cbc   128b87.5 MiB/s   639.6 MiB/s
 twofish-cbc   128b   195.6 MiB/s   352.9 MiB/s
 aes-cbc   256b   755.4 MiB/s  2349.0 MiB/s
 serpent-cbc   256b86.5 MiB/s   654.8 MiB/s
 twofish-cbc   256b   197.0 MiB/s   353.7 MiB/s
 aes-xts   256b  2837.0 MiB/s  2821.5 MiB/s
 serpent-xts   256b   626.0 MiB/s   629.8 MiB/s
 twofish-xts   256b   345.8 MiB/s   353.0 MiB/s
 aes-xts   512b  2290.6 MiB/s  2309.5 MiB/s
 serpent-xts   512b   621.2 MiB/s   621.4 MiB/s
 twofish-xts   512b   344.0 MiB/s   351.4 MiB/s

So, AES-NI : aes(512bit)-xts will be able to keep up with the fastest NVMe 
SSD’s out there and keep cycles off of the CPU’s AVX units.

LSPCI:
00:00.0 Host bridge: Intel Corporation Skylake Host Bridge/DRAM Registers (rev 
07)
00:01.0 PCI bridge: Intel Corporation Skylake PCIe Controller (x16) (rev 07)
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 530 (rev 06)
00:08.0 System peripheral: Intel Corporation Skylake Gaussian Mixture Model
00:14.0 USB controller: Intel Corporation Sunrise Point-H USB 3.0 xHCI 
Controller (rev 31)
00:14.2 Signal processing controller: 

Re: [qubes-users] Qubes 3.2 Dom0 no longer updating.

[Adrian Rocha]

Same issue here.
I tried changing the updateVM but it's the same.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0ab0e98-d69c-4fa9-af11-2bf790033c05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 Dom0 no longer updating.

[Антон Чехов]

On Friday, January 6, 2017 at 2:58:00 PM UTC+1, john.david.r.smith wrote:
> On 06/01/17 13:15, Opal Raava wrote:
> > Hi all,
> >
> > Since about a week or so, I'm unable to update dom0 the way I used to. The 
> > VM Manager will tell me there are updates available for Dom0, and when I 
> > click 'Update VM' I see the familiar 'downloading updates' but after that 
> > the window with the updates never appears.
> >
> > If I run qubes-dom0-update it tells me 'No updates available'
> >
> > Does this perhaps have to do with fedora23/fedora24 issues? I asked on IRC 
> > and one person is having this issue as well. Is anybody else having this 
> > issue?
> >
> i have the same issue

I noticed that as well. I usually updated via terminal and it doesn't seem to 
work at the moment.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/76224964-0c80-4dff-ae89-a044daa65a29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 Dom0 no longer updating.

[john.david.r.smith]

On 06/01/17 13:15, Opal Raava wrote:

Hi all,

Since about a week or so, I'm unable to update dom0 the way I used to. The VM 
Manager will tell me there are updates available for Dom0, and when I click 
'Update VM' I see the familiar 'downloading updates' but after that the window 
with the updates never appears.

If I run qubes-dom0-update it tells me 'No updates available'

Does this perhaps have to do with fedora23/fedora24 issues? I asked on IRC and 
one person is having this issue as well. Is anybody else having this issue?


i have the same issue

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/87fb2f71-98d3-0fe9-ee1c-a8be6adadad3%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Odd failure when trying to use Asus WL-167G with Qubes (both Fedora and Debian 8 VMs). Help :(

[daltong defourne]

Do you, by any chance, happen to run an ASUS mobo?
I happen to have exactly this thing on ASUS + Skylake, and have managed to 
alleviate it somewhat, here's full report
https://groups.google.com/forum/#!topic/qubes-devel/7K1wm_tuuVI

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbb0c8f9-b227-49cd-bb42-759be6cf029d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 3.2 Dom0 no longer updating.

[Opal Raava]

Hi all,

Since about a week or so, I'm unable to update dom0 the way I used to. The VM 
Manager will tell me there are updates available for Dom0, and when I click 
'Update VM' I see the familiar 'downloading updates' but after that the window 
with the updates never appears.

If I run qubes-dom0-update it tells me 'No updates available'

Does this perhaps have to do with fedora23/fedora24 issues? I asked on IRC and 
one person is having this issue as well. Is anybody else having this issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34ca6f88-67fe-4f86-83e0-1599adaebe9c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Use an remote PULSE Audio server

[Robert Mittendorf]

Hey fellow Qubes-Users,

I want to use an remote PULSE audio server to playback sound output. The
server side is up & running. The connecting AppVM is based on the
debian-8 template

Standard auto-discover does not work, probably because the AppVM tries
to locate the remote server in the virtual internal networks of my Qubes OS.
I tried to use a tunnel in /etc/pulse/default.pa:
load-module module-tunnel-sink-new server=%SERVER_IP% sink_name=Remote
channels=2 rate=44100

I noticed that Qubes itself uses PULSE audio.
When I boot a VM, there is a Qubes VSINK device, but no tunnel.
If I restart PULSE audio
pulseaudio -k
pulseaudio --start
that device is gone, but the tunnel is shown.

Even though the tunnel is shown, I cannot playback sound using it.

I would like to have both devices (Qubes VSINK and the remote PULSE
server) to choose from in pavucontrol

Questions
1) What does Qubes do in order to show/connect to the VSINK? Is there a
different config file which is loaded when an AppVM boots?
2) Is a tunnel the right/best option to connect to the remote PULSE
audio server?
3) Is it a bug that a restart of pulseaudio does remove/not reconnect to
Qubes VSINK?

Thanks for reading and a happy new year :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7d6705a-7b9b-39bf-63f4-8fe9cf8a606f%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Nvidia drivers in dom0 still works? (need to get a GTX 1070 off the ground)

[daltong defourne]

On Monday, December 19, 2016 at 3:12:55 PM UTC+3, Foppe de Haan wrote:
> On Sunday, December 18, 2016 at 11:33:23 PM UTC+1, Mathew Evans wrote:
> > Just to update.
> > 
> > I am currently running Nvidia drivers without a issue.
> > 
> > dom0 Kernel: 4.4.31-11
> > Nvidia: 375.20
> > Kernel-module: compiled in dom0; 
> > 
> > Quick Guide:
> > 1. dom0:   qubes-dom0-update install gcc devel-kernel ksmod linux-headers
> > 2. appvm:  download NVIDIA-Linux-375.20-install.run (any appvm)
> > 3. dom0:   qvm-run --pass-io  'cat /PATH/TO/NVIDIA.run' > NVIDIA.run
> > 4. dom0:   ./NVIDIA.run --ui=none --no-x-check --keep --extract-only 
> > 5: dom0:   cp NVIDIA-*/kernel/;  IGNORE_XEN_PRESENCE=y CC="gcc 
> > -DNV_VMAP_4_PRESENT -DNV_SIGNAL_STRUCT_RLIM" make module;
> > 6: dom0:   cp nvidia.ko /lib/modules/4.4.31-11.pvops.qubes.x86_64/extra/.
> > 7: dom0:   depmod -a; modinfo nvidia (all working will show up fine)
> > 8: dom0:   EDIT GRUB or EFI; add rd.driver.blacklist=nouveau
> > 9: dom0;   reboot and enjoy nvidia support.
> > 
> > additional: you can install nvidia extra apps etc.. if you so wish just run 
> > ./nvidia.run --no-kernel-module -a
> > 
> > 
> > Hopefully this will help those of you wanting Nvidia driver instead of 
> > Nouveau.
> > Please note this is a ruff write up and guide not a perfect solution, and 
> > assumptions are made that you are always fimilar enough with *nix operating 
> > systems to figure out that parts i've missed out or aint put in detail.
> 
> Thanks. Corrected a few typos / improved readability:
> 
> 1. dom0:   qubes-dom0-update gcc kernel-devel kmod kernel-headers; 
> (qubes-dom0-update --enablerepo=qubes-dom0-unstable if using newer kernel)
> 2. appvm:  download NVIDIA-Linux-375.20-install.run (any appvm)
> 3. dom0:   qvm-run --pass-io  'cat /PATH/TO/NVIDIA.run' > NVIDIA.run; 
> chmod +x NVIDIA.run;
> 4. dom0:   ./NVIDIA.run --ui=none --no-x-check --keep --extract-only
> 5: dom0:   cd NVIDIA-*/kernel/; make module IGNORE_XEN_PRESENCE=y CC="gcc 
> -DNV_VMAP_4_PRESENT -DNV_SIGNAL_STRUCT_RLIM";
> 6: dom0:   sudo cp nvidia.ko /lib/modules/4.4.31-11.pvops.qubes.x86_64/extra/.
> 7: dom0:   sudo depmod -a; modinfo nvidia (all working will show up fine)
> 8: dom0:   EDIT GRUB or EFI; add rd.driver.blacklist=nouveau (to kernel 
> options)
> 9: dom0;   reboot and enjoy nvidia support. (First boot will likely take a 
> while.)

Thanks a lot!

I will try this out as soon as I gather some much needed bravery.

So far I have bought a new mobo (asus Hero VIII) and was getting some very ... 
curious behavior on it (making a writeup right now) that I was able to 
reproduce on a different box with same  model of motherboard and CPU.

Frankly, I am very looking forward to using proprietary drivers and the GPU 
(IGFx on Skylake Core i7 is ... weird.)

Once again, thank you very much!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b1a6a9f-91f9-4105-ba7d-339040980999%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] after install - how use network (esp. wireless) ?

[Unman]

On Wed, Jan 04, 2017 at 04:04:56PM +0100, haa...@web.de wrote:
> Hello,
> 
> sorry to annoy you with stupid beginner questions. I just got to install
> Qubes. I feel quite helpless, which after 15 years of running "standard
> linux" is an unusual thing :)
> 
> First, I am stuck with an easy sounding problem : network. The help in
> "documentation"  is still a stub (I could write some parts once I
> understand them:) Anyhow: so how do I activate the wireless card, select
> a network, and all of that? I looked in a dom:sys-net terminal for
> ifconfig, but is does not look like I am used to. I tried wpa_cli but it
> hangs trying to connect to wpa_supplicant, Networkmanager is only for
> root ...
> 
> A second (even more stupid) question is how configure a cube: I did some
> test in dom:work and now it does no longer start - and without seeing it
> in the dom-manager, I cannot undo the bad setting. 
> 
> 
> Thanks, Bernhard
> 

Hi Berhard -

make sure that you have assigned your network card to sys-net before
starting that qube. You should then be able to see the interface using
ifconfig, and configure it with normal tools.
You should also see the Network manager applet in the panel. If not,
check that you have nm-applet running in sys-net.
Remember that in Qubes the user/root distinction is pointless within a
qube on a standard install. 
If you have problems with the wireless card specifically, it may be
that you need specific drivers or additional firmware. You may see
something in the logs or try searching the lists for your specific card.

On the second point, you can toggle the ability to see non-running
qubes in the Manager. (I assume that this is what you mean here.)
You can also control qubes using qvm-prefs from dom0, and qvm-service,
among other command line utilities.

If you want to make further modifications to individual qubes, you can
do this using the mechanism in /rw. You can use rc.local to control many
aspects of the qube startup and the bind-dirs utility to make parts of
the root filesystem persistent and independent of the template.
Most of this is covered in the docs.





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170106113516.GA14287%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] after install - how use network (esp. wireless) ?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-04 07:04, haa...@web.de wrote:
> Hello,
> 
> sorry to annoy you with stupid beginner questions. I just got to install
> Qubes. I feel quite helpless, which after 15 years of running "standard
> linux" is an unusual thing :)
> 
> First, I am stuck with an easy sounding problem : network. The help in
> "documentation"  is still a stub (I could write some parts once I
> understand them:) Anyhow: so how do I activate the wireless card, select
> a network, and all of that? I looked in a dom:sys-net terminal for
> ifconfig, but is does not look like I am used to. I tried wpa_cli but it
> hangs trying to connect to wpa_supplicant, Networkmanager is only for
> root ...
> 

Does this help?

https://www.qubes-os.org/doc/user-faq/#how-do-i-connect-to-a-wireless-network

> A second (even more stupid) question is how configure a cube: I did some
> test in dom:work and now it does no longer start - and without seeing it
> in the dom-manager, I cannot undo the bad setting. 
> 

If it doesn't appear in Qubes Manager, try toggling the "Show/Hide inactive
VMs" button. Also try:

$ qvm-prefs -l work

to view the current settings, and:

$ qvm-prefs -s work  [...]

to change them.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYb39AAAoJENtN07w5UDAw8MIQAKecSnm105owu8zSNW4XsyC8
d4ud5pN6akomabzeoaYxYEwaxqJCszkqPasbXNcmbd0ei383iUIqt5bJmP0ZnXif
DhvKoIVKxQqQOQKn5BrdITgPxdu3+1dvLcHMlGXOMRlPTV4w9qcDs+gJDhqE1p+7
+XN+yW4gSv5B1fz9uDyAG8+QcmIJsHOZGHswfjq7j2CZsNnkyPqwUDcB8j5XNqP7
l5ldIU4WlU84Vok9x8GYcfNmwDL4hzfzWUrZmus6N68eEQ8/PP7iqLlkxOqdWp3J
sqVuJE1PwD5rHoCqb/fAoqjwUDPrWMgaDUs56igfU0vZfxNufIu2Xc9SddGhcp4p
J06CV/2V96eoTOjUc8+nalBv2RxXg7MquWHyHItaUdpNWHNChL/gwGtW6l3CHiyM
v+jOdEpJ3GsmzZkQRaAHprWys7MvbjKF5h8OeW/RMwBVfMoZmOohwFb2z8SLZYdQ
5pjn0CYS6sPHKDCSrrPqfHVWnFcMuy9P5s5Rr3fBYeBh/zeIXf1uDsyRbL+YFI++
NE0wOINni8dCD++oxS9Hgy8OgcyEy7EmewTq6ST2xScxccSgyNoa0sYBc0ici2FI
LFSjh+VRQqZbYUcJS7C9ytBjtV2fQIjcpjm3CloOhexxFp+j8pPFd1zKgwP+p8qd
cek8belbYoSD/57ca3NR
=qEor
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/712c430f-2e32-7718-2572-6962d9fd2719%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] strange bug: qubes-os booted from external device forces filevault reset.

[Ángel]

pixel fairy wrote:
> when booting qubes-os on a mac (hardware 11,3) filevault stops accepting the 
> passphrase and you have to use the reset key to make a new one. 
> 
> ive only done this with an external drive. for some reason, qubes is either 
> writing to the internal drive, or the mac firmware is rewriting it, or 
> filevault keeps those keys elsewhere and qubes is somehow tripping that. 
> either way, its pretty strange stuff.
> 

My guess is that it would be related to a TPM, either being tripped
directly (eg. by Qubes checking if there is one) or by detecting a
hardware change related to the boot from the external drive.

You could try removing/disconnecting the internal drive and then booting
from the external drive. That way cannot write to the internal drive at
all, so if it still happens after putting it back, it clearly is not a
matter of accesses to the internal drive.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483659678.1409.4.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] after install - how use network (esp. wireless) ?

[haaber]

Hello,

sorry to annoy you with stupid beginner questions. I just got to install
Qubes. I feel quite helpless, which after 15 years of running "standard
linux" is an unusual thing :)

First, I am stuck with an easy sounding problem : network. The help in
"documentation"  is still a stub (I could write some parts once I
understand them:) Anyhow: so how do I activate the wireless card, select
a network, and all of that? I looked in a dom:sys-net terminal for
ifconfig, but is does not look like I am used to. I tried wpa_cli but it
hangs trying to connect to wpa_supplicant, Networkmanager is only for
root ...

A second (even more stupid) question is how configure a cube: I did some
test in dom:work and now it does no longer start - and without seeing it
in the dom-manager, I cannot undo the bad setting. 


Thanks, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85281d6e-9277-b024-d4f8-0a91a2e41d18%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Dom0 (System tools) shortcuts suddenly disappeared

[Ángel]

Otto Kratik wrote:
> Is there any way to easily refresh/restore the System Tools shortcuts, 
> without having to add each one back manually in some obscure way? I don't 
> even remember what all the normal items under that menu are, but they 
> suddenly just vanished without warning or explanation, and I have no idea 
> whatsoever how to get them back. Can anyone please help?
> 

Look at /var/lib/qubes/appvms/*/whitelisted-appmenus.list

Do you still have those files listing the .desktop entries that should
be shown in the menu?


Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483450270.1356.3.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Trouble reading data CD under Qubes

[Ángel]

Pawel Debski wrote:
> 
> > How do I check whether it is really mounted in dom0?
> > (I think it is not, but maybe I'm doing something wrong
> notification bubble should pop up on the screen.  I think its usually sr0 or 
> something. 
> 
> What would be the right command in Konsole?
> 

Try doing:
 mount | grep ^/dev/sr

but if the files are available at /run/media/pdebski/CDTITLE, it is
clearly mounted.

In order to unmount it, you can do 
 umount /run/media/pdebski/CDTITLE

and then proceed to attach dom:sr0 to your favourite AppVM

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483660084.1409.6.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Trouble seeing software installed in template vm in an appvm that uses the template

[Unman]

On Thu, Jan 05, 2017 at 08:04:13PM -0800, Drew White wrote:
> On Friday, 6 January 2017 14:58:33 UTC+11, Brian LoBue  wrote:
> > Hi All,
> > 
> > I've installed ruby in a fedora 24 template vm via "sudo yum install 
> > ruby". Everything seems fine at that point. "which ruby" points to 
> > "/usr/bin/ruby". When I start an appvm that is based on the fedora 24 
> > template vm "which ruby" indicates that no application is available. I'm 
> > guessing I've missed something obvious. Is there something I need to do 
> > to update the appvm's after installing software on the templatevm? Any 
> > help would be appreciated.
> > 
> > Thanks
> > 
> > Brian
> 
> Did you create the appvm after the template updated?
> if not, as root, run "updatedb", then try again.
> 

updatedb rebuilds the database used by 'locate' , whereas 'which' searches
through the path.
So either your PATH doesn't include /usr/bin (echo $PATH to check), or
you really don't have ruby there. If this is the case then either you are
using the wrong template or you started the qube before the template had
fully shut down. (Or the Qubes template implementation is broken.)

You shouldn't need to do anything additional for a template based qube.

Check you are using the template  you think - qvm-prefs 
template.
Check in the template again.
Restart the qube when the template is fully shut down.
Test again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170106095553.GA13736%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

[Connor Page]

why wouldn't you consult the list of actually installed packages?
https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/conf/comps-qubes.xml

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddaf1b18-3b91-475d-b998-9c1a9597f534%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.