[qubes-users] Cant Update with Fedora 24 minimal template as net-vm

[FWM]

I've setup a new firewall-VM & net-vm to use the fedora-24-minimal-template,

Firewall uses base template with no aditional packages.

the net-vm is a cloned fedora-24-minimal-template with the following packages 
installed (NetworkManager network-manager-applet dbus-x11 dejavu-sans-fonts 
tinyproxy notification-daemon gnome-keyring). I didnt add wireless stuff cos i 
dont need it.

when using fedora24-net-vm via the fedora24-firewall-vm, i have internet access 
in app vms, but updates to templates time out.

BUT when i route through the Qubes default sys-net and sys-firewall, updates 
work fine.

Under global settings i have changed the update Vm to the new 
fedora24-minimal-firewall-VM (base template with no additional packages). Or 
should it be set directly to the net-vm? 



Im guessing im missing a package or a setting?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dfef4af-e6b4-4d59-b9c2-daca4d9fbb84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: What? Can I access a windows USB drive?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-02-09 08:09, elsiebuck...@gmail.com wrote:
> I right clicked (Q manager) work vm left clicked attached block 
> devices. Opened files (work vm) and this time I couldn't even find
>  the drive. Last time I found the drive, but couldn't access the 
> contents.
> 

Instead of using Qubes Manager to attach it, try just opening Nautilus
in your USB qube. It should appear automatically in the side bar or
under "Other Locations." At least, this is what happens when I plug in
an NTFS-formatted drive. (Actually, it should also work in the same
way using qvm-block, but the let's try to eliminate some variables.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYnRpuAAoJENtN07w5UDAwZe8P/A0UlSRG9cZl+dQ3K3Km0Icy
dF0fUgxqVTK9P0NDayFRpcyQvWwl5Ns4oC6wapg+lCFhsSRCHxZkcFKrh9qhahdH
k35HaUxILzO76hCrmzZmdjnuEVDYno/THe4sckeR3qDsJG0v4azoJoAuikrwuVVf
co234EV5sNmT9Ao+dHaR5PMH2xt/ibcDgPs8TRHdc3TvzSAWMUQGjPA3Y15ujyc4
XTuVrVqTopG5I7JDniKX4QU/K8tz7QTabp8+dpVAAoClAvylaGPDdNV+QUbRrdPu
02dR5WRH2+cYZtVzS2IqdmFvtwEUDdZUvUy6ErcwzDvfqzDVXY+TgftqJNSCGYEy
Wi17ffKcOxQM53wcG21YyIwe8KrG3pU0OLCme/aXUq63BTWxijmcdGBhX9dYWFYf
5Lorq4tsyQU55xS+w7brbUqXS4gXH4J7qE7rk1T42OpEDP+XnCzT6h4+Ju1VCvi5
9vMGXAFxn8rQ6RjiRm+Jf+3MrAKt1acK6FtHBWdfGs29t/612AoeSj5HUoSSCuck
ot0Vsiwa4vDeZU+lQQ1pDGsU7mcJRhkBt7v8incOtgnFN0xq+6mXtNMCwOnuSLkY
h4iW2IQsHMM4egeBp0FLXC4F+z5pQ4WRRadrkKGy+jzSSFsyOFThracuU9pf2Sjr
Ma0FYFl6nJi1gezLqmJx
=Wql9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54754809-5348-8e91-be86-bfb0cfa1080c%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem with a Privacy Guide

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-02-09 03:33, Unman wrote:
> On Thu, Feb 09, 2017 at 09:27:38AM +0100, wile.e.coy...@keemail.me wrote:
>>
>> Hello qubes-team, 
>>
>> I'm actually facing a problem with a guide of yours. I've used the Privacy 
>> Guide "Tor Onion Repos" entering the following two commands:
>>
>> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' 
>> /etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo
>>
>> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' 
>> /etc/yum.repos.d/qubes-templates.repo && cat 
>> /etc/yum.repos.d/qubes-templates.repo 
>>
>> Now i cant resolve a connection to the update servers anymore, please tell 
>> me the right commands to reset it.
>>
>> By the way, I could not enter the other two commands because the following 
>> variables didnt exists on my new qubes r3.2 installation:
>>
>> $DebianTemplateVM
>> $FedoraTemplateVM
>>
>> Because I ran into all these problems, I would prefer to just set it back. 
>> Please tell me how to. 
>>
>> Thanks. =)
> 
> It's important that you know what is happening here.
> 
> sed is, as Bernhard tells you, a stream editor. It runs through a file
> making edits.
> The -i option allows you to change a file in place.
> s/foo/bar  will SUBSTITUTE (s) the phrase 'foo' with replacement 'bar'
> 
> So that first command in dom0 went through the file
> /etc/yum.repos.d/qubes-dom0.repo and on every line where it found:
> yum.qubes-os.org
> changed it to:
> yum.qubesos4z6n4.onion
> and then saved the changed file.
> 
> Instead of the sed command, the instructions could say:
> 1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text
> editor.
> 2. Look for every occurrence of yum.qubes-os.org, and change it to
> yum.qubesos4z6n4.onion.
> 3. Save the changed file.
>  
> If you really want to set it back you can either reverse the sed
> command, or make the changes manually in a text editor.
> That is:
> 1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text
> editor.
> 2. Look for every occurrence of yum.qubesos4z6n4.onion and change it to
> yum.qubes-os.org.
> 3. Save the changed file.
> 
> Do the same for the other file.
> That's reversed the changes you made.
> 
> 
> The two variables that "dont exist" are just placeholders for the name
> of the template that you want to change.
> So instead of $DebianTemplateVM type in the name of the Debian template
> that you want to affect. 
> The qvm-run command allows you to run programs on qubes from dom0 - in
> this case, using sed allows you to change those files quickly from dom0
> instead of opening the TemplateVM, firing up a text editor and making
> the changes in the TemplateVM.
> 
> 
> What's puzzling is that you find that you can't connect to the update
> servers anymore. (I assume that you mean from dom0 because you didnt
> make any changes in Templates.)
> It occurs to me that it doesn't actually say on the page that you will
> need your updateVM to be running behind a Tor gateway for this method to
> work. Perhaps you knew this? Perhaps not. You should ensure that you
> made this change - if your updateVM is NOT running through Tor then
> updates will always file. If it IS then they will fail some of the time
> - that seems to be inevitable using Tor.
> 
> If you really do want to revert then you dont need to worry about this.
> Just revert the changes you made in the .repo files and things should
> work again.
> 

Thank you, unman, for the characteristically clear and comprehensive
answer. That page was just meant to be a quick placeholder for people
who know what they're doing. We should be able to take it down or
rewrite it soon, once this is implemented:

https://github.com/QubesOS/qubes-issues/issues/2623

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYnRmBAAoJENtN07w5UDAwWdwQALna4cIdUzg6HChKCYIcd0MC
jAnvgJ0z4Tty7K4S0DE7YKMHk/HUhM6ZSCq/xAE9WmylJgR02jCvZnViB2Agphql
5mZFyjDL55AccKvi+UmhKtg04R6QpkCv53aKNsjB94VSMvYA7WN33HLKKavtIXuK
fW30Zk8D5zx7ojnUsOLSzA6lSGWwOUDzNKShvAx0j6z6avv7cPAsTDdQKZKYyDwV
vD8xm3hOlHzc6Uci0qGIJL38S6LDZ9YHqgpH3QsfmIbPvfUnfMRlrH7Khumm0Yww
VXdChMRsug+N10MfRPN664J50SCFg83CCXXW+Lyz+86zptFzY+CVO2BWCKF4yKZV
nJpsNKXMIZ/wDi1S89BGnDRW+mEWE3/KUCBuniGdbHSQqzUB/tbsABI8rD3ZG2t2
3cubP1Ne1ewFjkKUnBh+ejhgPPm+EvK6dDd22CuEmhitHu8hfYue2WDart36imK9
3rnOtNN1FlhdiRFQbA82yHzV5Rcz6ZUiV0cDZuwjwHx5mNgQTzGZrStx2VQQQkMx
uWuermCXosB+LVqe3DNMGnBSNqbfMM7/eC3eNZCxMCGpTWd7fiPUCOHLYS28bz24
ZPuBQtkH1VmXdm0Eh30qMVNvo8aLe3fG6YPhiIxntmBBXCf6vnHRii1mm3gZFFg1
zHgWS/lZGYSdvBsrkzA4
=ca7v
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this 

[qubes-users] MakeMKV on blu-ray drive?

[JW]

I'm new to Qubes, so apologies for the basic questions :)

Can I rip a blu-ray from an internal SATA drive by attaching it as a block 
device? Or would I need to put the reader on it's own SATA controller and 
attach that? 

Also, does it matter if the OS is a HVM vs PV?

Thanks!

-J

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5aba0fe-780c-442d-b791-34d6dfba7224%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[JW]

Thank you very much! I've been fighting with Ubuntu install as well. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4af28bd-1918-4336-8fd9-5883aa69f11f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Running qvm-create-default-dvm against fedora-24-minimal hangs

[qubes]

Hi again,

On 31.01.2017 19:30, qu...@posteo.de wrote:

Hi,

I have tried to to create my own disposable vm based on the minimal
Fedora 24 template and it always hangs during "Waiting for DVM
fedora-24-minimal-dvm ...". The only difference to the original rpm
template is sudo and the salt vm package.

If I use the regular fedora-24 template it works fine.

So which package or service am I missing?


I have the package qubes-core-vm installed as described in the Wiki but 
it still does not work. Can anybody at least reproduce the issue? The 
qubes package seem to be the same for my disposable vm based on the 
minimal template and the default template.


I have also read on this mailing list that you can use the 
minimal-template for disposable vms which does not work for me at all, 
even if I reset it.


Thx in advance

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37694f330f8a069cee1083f3e89adafe%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Updating packages with salt does not refresh the repositories

[qubes]

Hi,

I have an update.sls with the following content:

updates:
  pkg.uptodate:
- refres: True

The problem is that if I run it, it always tells me that there are no 
new packages although Qubes shows that there are with the green arrow 
and if I run manually `dnf update` then packages are updated.


The issues seems to be that the repository does not get refreshed even 
though I have it enabled, because if I refresh manually the updates get 
installed by salt.


I have a workaround by calling `dnf makecache` before with salt, but 
this should be not necessary. Can anyobdy confirm this or knows why this 
happens?


Thx in advance

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d89ffa536cafe2fce56c95c9e13bf72%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] backup failes

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

haaber:
> Cannot create /media/user/hexstring/qubes-backup/2017-02... : permission
> denied.

Try "sudo chown user:user /media/user/hexstring/qubes-backup".

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJYnPnSXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfgRoP/1dJWam9ej7w+LGSN8ECzDew
t1eF65sNwrPiuZX6gZvOepkgKfqk7aUPYkeggW2MXnYPUGZKt4+ZOzFloV/29KOw
JhCgSHjmTmati3E/vvAAgBSc+LxDeozweYM0OFTql0Q5s1ha8NtmEpqlHm94G6Ok
x5XzYikRvVeHXoC3U4vmvAR974gWG9nUU+Oi4CDZrTAMQjR3uWjSqsQDH6r7vEuG
7/IWt/eFp3/196abeLqhV/zuwCzE9H6QyBMVfQOGbrJ2nKZjIStQw0v/X2vaG6nF
gTtjzv3LSj5nhP8uzrlwvIfAG85WMWofjhsILuMMVv342GmupcMEwW2U2KEwH8LB
f20H5c9iHPzzT3XTNzCRlO/be6igxHcGRsnBgH+KCZ++1B1sq4JROR5hOduu0hnD
K9fOr6Buyg1lbz3W+1wFHXIs2mBppu936Kfhs0R6A4/2hCXhZKZm72aDgpVnEoTL
MoTHHAaw6UW6iuBSirrzzvCuUhnjSPdcs7k1p9wdkwdMNmVaG5Xl+Qb6EB5XfrV0
kO2/F56OTZmsE8H3n0oF/sNwVAbZmN9g4eOujdDm0a4rHMx/fwQFGH9CrHsdKCK7
T5FhWHIXk0JJ7C98s9MNb+BWVIlkZ19RXPnKa5ishnuIkcEWG/+UE21UccUxh8mh
yff9xd+OMCZ0mx9FaK9U
=rDDj
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170209232258.GA2634%40mutt.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] backup failes

[haaber]

Hello,

I tried the built-in backup procedure in qubes3.2 -- it fails (from
qubes VM manager). The procedure I follow: I select only shutdown qubes,
I select sys-usb as appvm (in which the ext. harddisc is mouted on
/media/user/hexstring/ and in which I manually created a qubes-backup
folder that I select. I enter the pwd, get the summary, say next again,
and then:

Error: failed to write the backup:

Cannot create /media/user/hexstring/qubes-backup/2017-02... : permission
denied.

And that's it. Do you have some hint what my error may be? I read about
te size issue of the qubes. I have more than 100G in total. I it that
maybe? Can I only backup the old way (create a sparse file, loopback it,
cryptsetup it, put ext2 on it, mount it, copy all private.img files) ?

Thank you! Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/880a127f-8251-3946-1bf6-f8a19239c1bc%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Qubes R3.1] Installation problem: "NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s!"

['Slideshowbob' via qubes-users]

 Original Message 
Subject: [qubes-users] Re: [Qubes R3.1] Installation problem: "NMI watchdog: 
BUG: soft lockup - CPU#2 stuck for 22s!"
Local Time: 22. November 2016 3:48 PM
UTC Time: 22. November 2016 14:48
From: th.revi...@gmail.com
To: qubes-users 

On Saturday, May 14, 2016 at 1:48:37 PM UTC+3, Danny Eagle wrote:
> Full error message:
> [5578494253.737246] NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s! 
> [NetworkManager: 1057]
>
> After choosing "Install Qubes" option this message pops up.
> I'm installing it on desktop not laptop.
>
> If i take "Check hardware and install Qubes" I get to second window and it 
> freezes.

Same bug here. Sometimes it says CPU#2, sometimes CPU #5. I algo get [Xorg 
1224] at the end.

It's a more recent Asus laptop with Core i7 6700HQ (Skylake) CPU. I should also 
mention that when I get the installation menu it says "processing" for 
installation source, and when I select it, it only gives me options for DVD, 
local iso, an network install - but I'm trying to install from a USB. What's up 
with that? The installation did boot from the USB and I chose DD mode in Rufus.

I have that CPU stuck bug, too. But only on R3.2, R3.1 works fine for me. CPU 
is i5-
6440HQ.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YSqrIkv1bVrjSM3JCSkzPKOurekNRxYjZea4iXVhDQPIiKg6ihb30vIkkfuae2G_0iqeUe9FYHQwwSfCrqh_hN7B5quqt44GeGJQEXkgKOk%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Trouble installing Windows SP1 7 64-bit on Qubes 3.2

[Jarle Thorsen]

> I have the same Problem :(
> When I change the model type to Cirrus,then appear a libvirtError that 
> doesn't make any sense to me:
> 
> Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain 
> 'win7x64test2' ist bereits mit UUID ----  
> definiert
> 
> In english it should be something like: libvirt.libvirtError: operation 
> failed: Domain 'win7x64test2' already exists with UUID 
> ----
> 
> The Original command that I run:
> qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso 
> --custom-config=/home/dave/Schreibtisch/win7x64test2.conf
> 
> Can anyone help me please??

Run "virsh undefine win7x64test2" in dom0, then try again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc1534f6-5a9f-4ad8-9ef2-e04e4467b525%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Trouble installing Windows SP1 7 64-bit on Qubes 3.2

['01v3g4n10' via qubes-users]

On Thursday, February 9, 2017 at 12:19:47 PM UTC-6, bal...@gmail.com wrote:
> I have the same Problem :(
> When I change the model type to Cirrus,then appear a libvirtError that 
> doesn't make any sense to me:
> 
> Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain 
> 'win7x64test2' ist bereits mit UUID ----  
> definiert
> 
> In english it should be something like: libvirt.libvirtError: operation 
> failed: Domain 'win7x64test2' already exists with UUID 
> ----
> 
> The Original command that I run:
> qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso 
> --custom-config=/home/dave/Schreibtisch/win7x64test2.conf
> 
> Can anyone help me please??

I was having the same issue, but these instructions worked for me.
https://github.com/QubesOS/qubes-issues/issues/2488

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5de1c628-e458-43ac-99e1-6988d1d8d5d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Trouble installing Windows SP1 7 64-bit on Qubes 3.2

[balue96]

I have the same Problem :(
When I change the model type to Cirrus,then appear a libvirtError that doesn't 
make any sense to me:

Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain 
'win7x64test2' ist bereits mit UUID ----  
definiert

In english it should be something like: libvirt.libvirtError: operation failed: 
Domain 'win7x64test2' already exists with UUID 
----

The Original command that I run:
qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso 
--custom-config=/home/dave/Schreibtisch/win7x64test2.conf

Can anyone help me please??

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d62d4d9-acb6-443d-8470-bffdc1b3bffa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes R3.2 on Thinkpad X250: cannot install Windows 7 (hangs on "Starting Windows" at install)

[balue96]

I have the same Problem :( 

When I change the model type to Cirrus,then appear a libvirtError that doesn't 
make any sense to me: 

Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain 
'win7x64test2' ist bereits mit UUID ----  
definiert

In english it should be something like: libvirt.libvirtError: operation failed: 
Domain 'win7x64test2' already exists with UUID 
----

The Original command that I run:
qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso 
--custom-config=/home/dave/Schreibtisch/win7x64test2.conf

Can anyone help me please??

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e4471be-b137-4358-a57e-8e9a5bad7d96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can't boot into Windows anymore on dual-boot

[fabraga]

On Wednesday, 27 April 2016 17:53:55 UTC+2, TheGrandQubes  wrote:
> As this issue is not specific to qubes, you might have more luck looking into 
> a forum on linux / windows dual boot. 
> 
> 
> You need to install "reFInd" and see if there is an option to access your 
> windows. 
> If not : 
> - Save the EFI folder of your EFI partition
> - Reinstall windows, 
> - Reinstall "reFInd" 
> - See if you have both options and if not, copy back some of the EFI files 
> that you saved. Maybe first only the qubes folder.
> 
> 
> Booting from USB: can you remove the HDD from booting options in your bios 
> all together? 
> Booting from USB: in your bios, did you turn Fast boot and Secure boot off? 
> Booting from USB: try the following: use Refus or dd command in linux to copy 
> the "reFInd" on the usb stick and see if that helps.
> 
> 
> On Tuesday, 26 April 2016 04:48:27 UTC+1, David B  wrote:
> 
> Installed Qubes 3.1 on Lenovo Thinkpad laptop x220 (with pre-installed 
> Windows 7) just fine
> 
> LVM partition; automatic configuration
> 
> However, I cannot boot into Windows anymore. I've tried UEFI only boot, 
> Legacy only boot. Only goes into Qubes
> Also when I atttach liveUSB for other OS (e.g. Tails) , machine doesn't boot 
> from USB - goes straight into Qubes.
> When I try to access /etc/grub.d/40_custom to add boot stanzas to multiboot, 
> I am denied permission to "cd grub.d" when I am in /etc directory
> I tried to wipe my drive using dban (blancco 5) installed on a USB. Again, 
> machine doesn't load program from USB when I choose it from the BIOS boot 
> menu.
> I don't care if I end up wiping Windows off the drive. I just want to be able 
> to use the full 120 GB of my drive because right now it seems to be 
> completely inaccessible. It would be nice to be able to load Windows somehow 
> onto Qubes but it is not essential. I copied the files from Windows from the 
> Thunar file system onto a USB.
> I also think I didn't choose a root password when I installed and I wonder if 
> that is relevent to my problem (i.e. permissions)
> Would be very grateful for help bc I have reached the limit of my computer 
> knowledge and nothing has worked.
> 
> David

I am having the same problem as David but I tried even further. I tried using 
rEFInd, which used to work before I installed Qubes but this time it doesn't 
list any options to load either Windows 10 or Debian (I had dual booting with 
these two before installing Qubes in another partition, planing to have a third 
OS for testing/learning purposes). Qubes discontinued its version for Live USB 
(it doesn't support it anymore so I discarded it). 

I tried EVERY SINGLE THING. I even loaded "Repair > Command Prompt" from a 
Windows 10 Repair USB Drive to run "bootrec.exe /FixMbr" and "bootrec.exe 
/FixBoot" and "bootrec /RebuildBcd" (which used to work before - yeah I learned 
a lot from my first dual booting experience), and although it printed 
"successful" the problem remained the same this time, after rebooting the 
machine (only Qubes showing up for loading). Then I also tried "bootsect /nt60 
c: /mbr" (didn't work) and I tried "bootsect /nt60 ALL /mbr" (also nothing).

So, I reinstalled Windows 10 (during the process I confirm current Windows 
would be renamed to Windows.old etc, etc.) and all files were copied and 
installed and everything went well but when it finally finished for rebooting, 
no Windows to load. I tried the same with Debian, reinstalling it again to its 
partition, and all went well but no booting for this either. Qubes completed 
"sealed" the MBR and EFI zones. Those cannot be re-written! 

In fact, I even went further resetting my BIOS, following HP instructions (my 
laptop is a "HP ENVY dv7" and tried to updated the BIOS again from a 
combination of instructions (pressing power button for 2/3 seconds while 
pressing Windows Key together with B or V) to start the process, which I 
remember worked once before, but for some reason is not working anymore. So it 
seems Qubes re-wrote something in my BIOS as well. Unbelievable. At this moment 
everything I get now is "Missing operating system" on my screen. I know my 
files are still there. The partitions are still there. Windows and Debian with 
all my personal files are still there. But I cannot access them. I simply 
can't. Qubes gives me only one option: reinstalling itself. It is like a 
malware which took reign of my laptop.

Using another laptop (thanks God I have another one), I searched for "how to 
uninstall Qubes", "how to remove Qubes" etc. but all I get are pages talking 
about how to remove/reinstalling Qubes's templates. There is nothing about 
removing the OS itself. How can that be? 

Please, if anybody knows anything that can help me restoring my Windows I would 
appreciate very much. Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an 

Re: [qubes-users] Convert live system to VM in Qube OS?

[Jean-Philippe Ouellet]

On Sat, Feb 4, 2017 at 7:31 AM, Alex  wrote:
> First, you may already have thought about it, but the simple
> transposition of a work pc to a VM environment (be it qubes or not) does
> not give you any additional security benefit. It only increases the
> compatibility problems!

On the other hand, it allows one to start using qubes without suddenly
breaking your entire workflow, and allows one to gradually adopt the
Qubes model while still being able to get your work done. The
realistic alternative is likely not trying Qubes and continuing to use
your old system indefinitely because the perceived migration burden is
too great.

> If you want to
> benefit from fake persistence of system files, you will need to try to
> move as much software as possible in either the template (installing
> with dnf) or in /usr/local/bin (if manually-compiled or direct binary
> package).

/usr/local/bin is not "fake-persisted", it is persisted. All of
/usr/local is a symlink to /rw/usrlocal, which is persisted.

> For your actual question, there's no tool to assist in "converting" a
> live system to a Qubes VM: since there would be so little benefit
> there's no actual reason to make such a tool.

I disagree. I think a migration tool could be quite helpful, and I am
often asked if one exists while promoting Qubes to friends.
Unfortunately there are (and will likely always be) higher priority
things to implement.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_DnNq33w%2BShrHc%2BeMmzx1pOW5MEj8cm4Q-Yw5O-8V4-FQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-run fails silently with chromium

[Unman]

On Thu, Feb 09, 2017 at 04:08:54AM -0800, m...@lamarciana.com wrote:
> > Is chromium the only program with which you experience this problem?
> 
> Thanks for your answer Andrew.
> 
> Thanks to a private reply I got, I have been seen that the problem is related 
> with my `PATH`. I have installed chromium via nix package manager, and for 
> this reason it is not in the `PATH` that dom0 is able to see. Answering your 
> question, it happens with any other package I installed with nix.
> 
> It doesn't happen in my VM because there I have the `PATH` configured with 
> zsh when I log in.
> 
> So, now, the question comes down to: how could I change my VM `PATH` seen 
> from dom0? I tried with my VM `~/.profile` and `~/.bashrc` but without 
> success. I suspect this may be related with another topic I open some time 
> ago:
> 
> https://groups.google.com/forum/#!topic/qubes-users/G9F3EHpeU2Q
> 
> Thank you very much
> 

The issue you raise there arises because the xterm is not a login shell
so will not use .profile.
It is interactive so (using bash) will use .bashrc

On the immediate question here you can always set the path explicitly:
qvm-run -p qube "export PATH=$PATH: && foo"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170209171726.GA2064%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: What? Can I access a windows USB drive?

[elsiebuck105]

I right clicked (Q manager) work vm left clicked attached block devices. Opened 
files (work vm) and this time I couldn't even find the drive. Last time I found 
the drive, but couldn't access the contents.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cfb4a49e-6528-4d9d-8968-1dacf154ea2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: what about usb to jtag interface?

[pixel fairy]

On Thursday, February 9, 2017 at 3:54:03 AM UTC-8, Oleg Artemiev wrote:
> I've heared that new intel mother boards  will have (or already have)
> ability to access jtag interface via USB.

yes, skylake and kabylake processors. heres the ccc talk on it.

https://www.youtube.com/watch?v=2JCUrG7ERIE

> Does this mean that USB qube is now useless as a security border on
> such a mother board?

only if the manufacturer has it enabled. the only vendor who got back to me 
(and knew what i was talking about) when i asked was system76 to confirm that 
it is disabled on their lemur series. 

puri.sm was aware, but doesnt have any hardware out using those chips.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4638e95e-c1b8-4203-87dc-bfdcaaee68a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Moving less used templates to secondary storage

[Unman]

On Thu, Feb 09, 2017 at 06:03:26AM -0800, Pablo Di Noto wrote:
> Hello,
> 
> Running 3.2 with XFCE.
> 
> My notebook has a small SSD with Qubes boot and root/swap on it, and a larger 
> (and slower) SHDD mounted as /var/lib/qubes-add and configured as an 
> additional Xen pool.
> 
> I am running out of space (and at the same time, losing speed drastically) on 
> the SSD, and half of the space is used by fedora-23, debian-8, debian-9 and 
> whonix-* templates.
> 
> I decided to move the debian-8 and whonix-* templates to the additional pool, 
> but cannot make the move be recognized by Qubes (all command line utilities 
> obviously cannot find the templates).
> 
> Question 1: Is this use-case --having templates on a secondary storage pool-- 
> supported?
> Question 2: Which is the proper way to move the least used templates? I guess 
> qvm-prefs need to reflect the move somehow, but have not been able to deduce 
> myself.
> 
> Willing to write up docs after done :-)
> 
> Cheers,
> ///Pablo
> 

There's a section in the docs on this:
www.qubes-os.org/doc/secondary-storage

Did you read that?

There's no need to configure a new storage pool.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170209153623.GB1291%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ad-blocking ProxyVM?

[Unman]

On Thu, Feb 09, 2017 at 04:32:12AM -0800, Joe Ruether wrote:
> Hello!
> 
> I am trying to set up a proxy vm that will redirect DNS requests to a local 
> DNS server, for the purposes of adblocking.
> 
> Here is the setup:
> 
> internet <-> sys-net <-> sys-firewall <-> MY_PROXYVM <-> appvm_with_firefox
> 
> I have created a proxyvm based on a debian-8 template, and have installed 
> PiHole (https://pi-hole.net/) as an adblocker. PiHole works by starting a DNS 
> server (dnsmasq) and rejecting any dns queries to domains that serve ads.
> 
> If (in the proxyvm) I set the contents of /etc/resolv.conf to 127.0.0.1 and 
> open firefox (in the proxyvm), I can verify that the adblocker is working 
> correctly.
> 
> The issue I am having is when I used the proxyvm as the netvm for another 
> appvm. Without any other changes, my appvm's firefox has internet access, but 
> the adblocker has no effect. Of course, some additional setup is needed, but 
> I'm not exactly sure how to do that.
> 
> I'm not very good with iptables, and every attempt I have made to redirect 
> DNS to 127.0.0.1 in the proxyvm has failed (and caused both the proxyvm and 
> the appvm to lose the ability to browse). Here are the commands I ran (in the 
> proxyvm):
> 
> #!/bin/bash
> DNS=127.0.0.1
> NS1=10.137.4.1
> NS2=10.137.4.254
> iptables -t nat -A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $DNS
> iptables -t nat -A PR-QBS -d $NS1 -p tcp --dport 53 -j DNAT --to $DNS
> iptables -t nat -A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $DNS
> iptables -t nat -A PR-QBS -d $NS2 -p tcp --dport 53 -j DNAT --to $DNS
> 
> ---
> 
> I pieced this together from what I could find from the VPN documentation on 
> the qubes website as well as the contents of 
> /usr/lib/qubes/qubes-setup-dnat-to-ns
> 
> Running the qubes-setup-dnat-to-dns script by itself after changing 
> /etc/resolv.conf (all this on the proxyvm) didn't seem to have any impact.
> 
> So! My question is, am I going about this correctly? I think I need to modify 
> the iptables in the proxyvm to redirect any incoming (from the appvm) DNS 
> queries to 127.0.0.1, while still allowing outgoing (to the internet, from 
> the proxyvm) DNS queries to get out. Along with this, I think I need to 
> ensure that there are rules that allow all other traffic to pass through 
> unhindered.
> 
> Or is there a different, qubes-specific way of handling DNS that I should be 
> using? After inspecting the sys-firewall ipconfig and iptables, it is clear 
> that something behind-the-scenes is happening where an additional NIC is 
> created for each attached appvm, and the iptables are being populated 
> automatically somehow. I'm not sure how the proxyvm is supposed to get the 
> addresses of the appvm and sys-firewall (my script above had addresses 
> hardcoded).
> 
> Thank you for any help! If I get all this working, I'm planning on making a 
> Salt file that can create the adblocking proxyvm.
> 

I don't see any reason why this shouldn't work.
I wouldn't be so specific in the nat rules but that's your call. Just
protocol and post would suffice.

One obvious point is that you are ADDING those rules to the end of the
PR-QBS chain without flushing it first. If you already have redirect
rules there they will trigger first.
What does your nat table look like after you run that script?

Another point may be that you don't have an incoming rule in the INPUT
chain allowing inbound traffic to the DNS ports. Unless you've changed
this the default rule will block inbound traffic from any vif interface.
So you need to ensure you are allowing that traffic with an:
iptables -I INPUT -i vif+ -p udp --dport 53 -j ALLOW

Finally, you need to consider the effects of the qubes-firewall and
qubes-netwatcher services.
If you want to retain these you can use
/rw/config/qubes-firewall-user-script to override the automatic Qubes
configuration and insert your own iptables rules.
You can also use rc.local to set initial iptables rules.
Remember to make those files executable if you want to use them.

Most of this is in the docs, although not easy to find.

Hope this helps

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170209152124.GA1291%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Moving less used templates to secondary storage

[Pablo Di Noto]

Hello,

Running 3.2 with XFCE.

My notebook has a small SSD with Qubes boot and root/swap on it, and a larger 
(and slower) SHDD mounted as /var/lib/qubes-add and configured as an additional 
Xen pool.

I am running out of space (and at the same time, losing speed drastically) on 
the SSD, and half of the space is used by fedora-23, debian-8, debian-9 and 
whonix-* templates.

I decided to move the debian-8 and whonix-* templates to the additional pool, 
but cannot make the move be recognized by Qubes (all command line utilities 
obviously cannot find the templates).

Question 1: Is this use-case --having templates on a secondary storage pool-- 
supported?
Question 2: Which is the proper way to move the least used templates? I guess 
qvm-prefs need to reflect the move somehow, but have not been able to deduce 
myself.

Willing to write up docs after done :-)

Cheers,
///Pablo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8a61aaf-0343-48aa-95ad-d213c9e12a36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Ad-blocking ProxyVM?

[Joe Ruether]

Hello!

I am trying to set up a proxy vm that will redirect DNS requests to a local DNS 
server, for the purposes of adblocking.

Here is the setup:

internet <-> sys-net <-> sys-firewall <-> MY_PROXYVM <-> appvm_with_firefox

I have created a proxyvm based on a debian-8 template, and have installed 
PiHole (https://pi-hole.net/) as an adblocker. PiHole works by starting a DNS 
server (dnsmasq) and rejecting any dns queries to domains that serve ads.

If (in the proxyvm) I set the contents of /etc/resolv.conf to 127.0.0.1 and 
open firefox (in the proxyvm), I can verify that the adblocker is working 
correctly.

The issue I am having is when I used the proxyvm as the netvm for another 
appvm. Without any other changes, my appvm's firefox has internet access, but 
the adblocker has no effect. Of course, some additional setup is needed, but 
I'm not exactly sure how to do that.

I'm not very good with iptables, and every attempt I have made to redirect DNS 
to 127.0.0.1 in the proxyvm has failed (and caused both the proxyvm and the 
appvm to lose the ability to browse). Here are the commands I ran (in the 
proxyvm):

#!/bin/bash
DNS=127.0.0.1
NS1=10.137.4.1
NS2=10.137.4.254
iptables -t nat -A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $DNS
iptables -t nat -A PR-QBS -d $NS1 -p tcp --dport 53 -j DNAT --to $DNS
iptables -t nat -A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $DNS
iptables -t nat -A PR-QBS -d $NS2 -p tcp --dport 53 -j DNAT --to $DNS

---

I pieced this together from what I could find from the VPN documentation on the 
qubes website as well as the contents of /usr/lib/qubes/qubes-setup-dnat-to-ns

Running the qubes-setup-dnat-to-dns script by itself after changing 
/etc/resolv.conf (all this on the proxyvm) didn't seem to have any impact.

So! My question is, am I going about this correctly? I think I need to modify 
the iptables in the proxyvm to redirect any incoming (from the appvm) DNS 
queries to 127.0.0.1, while still allowing outgoing (to the internet, from the 
proxyvm) DNS queries to get out. Along with this, I think I need to ensure that 
there are rules that allow all other traffic to pass through unhindered.

Or is there a different, qubes-specific way of handling DNS that I should be 
using? After inspecting the sys-firewall ipconfig and iptables, it is clear 
that something behind-the-scenes is happening where an additional NIC is 
created for each attached appvm, and the iptables are being populated 
automatically somehow. I'm not sure how the proxyvm is supposed to get the 
addresses of the appvm and sys-firewall (my script above had addresses 
hardcoded).

Thank you for any help! If I get all this working, I'm planning on making a 
Salt file that can create the adblocking proxyvm.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7df5d8c4-e52f-4eec-bbea-6c9646c9d3a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Windows 7 unattanded setup HW detection failure

[halasz . arpad]

Hello,

I tried to install our enterprise unattanded setup Win7 iso. With the cirrus 
driver it is started properly as well but my problem there is a hardware 
detection included in this setup image and it can't recognize the hardware. 
(Only two manufacturer is enabled at this moment on our network.)

I don't have any technical knowledge regarding the virtualization. What do you 
think is it try to read the BIOS and cannot? Could you give me a hint to get a 
workaround?

I would like to use the Qubes-os and our enterprise Win7 in a VM because it 
includes several specific tools what I not able to install to a normal Windows.

Regards
Arpad

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1c737e8-8b81-447d-882b-0e04bdcc7740%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-run fails silently with chromium

[marc]

> Hello, did you run "Add more shortcuts" at least once (look which apps
> are there)? I got very confused by this point in another, maybe related
> situation: when changing the templateVM you *must* do so, since symbolic
> links to all apps are different in fedora and debian, for example.   All
> the best, Bernhard

Thanks for your answer haaber. Yes, I run that... now I see it is related with 
the application PATH. Please, see previous replies for details.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d03a102-ece2-4642-9a61-bd803b8a6259%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-run fails silently with chromium

[marc]

> I dont see this behaviour in a TemplateBased qube, or a standalone.
> In both, the browser just opens.
> That's with a standard Debian-8 template.
> 
> You can try running with '-p' option to see if any errors are being
> thrown.

Thanks for your answer Unman. The issue is that I installed it with nix package 
manager and then it ends up in another path. Please, see my previous reply for 
details.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d9b1e42-870c-4e93-8835-807a727c417b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-run fails silently with chromium

[marc]

> Is chromium the only program with which you experience this problem?

Thanks for your answer Andrew.

Thanks to a private reply I got, I have been seen that the problem is related 
with my `PATH`. I have installed chromium via nix package manager, and for this 
reason it is not in the `PATH` that dom0 is able to see. Answering your 
question, it happens with any other package I installed with nix.

It doesn't happen in my VM because there I have the `PATH` configured with zsh 
when I log in.

So, now, the question comes down to: how could I change my VM `PATH` seen from 
dom0? I tried with my VM `~/.profile` and `~/.bashrc` but without success. I 
suspect this may be related with another topic I open some time ago:

https://groups.google.com/forum/#!topic/qubes-users/G9F3EHpeU2Q

Thank you very much

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/acc2936b-4c14-4dbd-b426-624820d0d58b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] what about usb to jtag interface?

[Oleg Artemiev]

I've heared that new intel mother boards  will have (or already have)
ability to access jtag interface via USB.

JTAG is about debugging hardware via special interface.

Does this mean that USB qube is now useless as a security border on
such a mother board?

-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6O264MX6%3DqxQp0PpV8%2B1EKk7GQ4GjCGh%3DppZ5Gi_VR3EQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[Unman]

On Thu, Feb 09, 2017 at 02:37:36AM -0800, damien.wa...@gmail.com wrote:
> Hi,
> 
> I am new into qubes (few months) and find it great. But I need a distro with 
> newer packages (debian jessie was fine until I ran in issues with encfs 
> compatibility).
> 
> So I wanted to build an ubuntu template but I did not found clear 
> instructions.
> 
> using https://github.com/QubesOS/qubes-builder and the setup script, I do not 
> get ubuntu to choose in the menu.
> 
> On this forum, there is few posts about it but using privaze repo.
> 
> I really need help on this :-)
> 
> Best regards,
> 
> Damien
> 

Hi Damien,

The Ubuntu builds are referenced in setup as Trusty and Xenial.

I've just put in a series of Pull Requests that should allow
straightforward builds of both.
Wait a little while for them to be merged. 

It should then be a matter of:
git clone  https://github.com/QubesOS/qubes-builder
cd qubes-builder
./setup
make qubes-vm
make template

Copy generated Template to dom0 and install - there's a handy script
provided to do this for you.

I'll let you know when the PRs are merged. Focus at the moment is on
the GSOC applications.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170209114141.GB32081%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem with a Privacy Guide

[Unman]

On Thu, Feb 09, 2017 at 09:27:38AM +0100, wile.e.coy...@keemail.me wrote:
> 
> Hello qubes-team, 
> 
> I'm actually facing a problem with a guide of yours. I've used the Privacy 
> Guide "Tor Onion Repos" entering the following two commands:
> 
> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' 
> /etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo
> 
> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' 
> /etc/yum.repos.d/qubes-templates.repo && cat 
> /etc/yum.repos.d/qubes-templates.repo 
> 
> Now i cant resolve a connection to the update servers anymore, please tell me 
> the right commands to reset it.
> 
> By the way, I could not enter the other two commands because the following 
> variables didnt exists on my new qubes r3.2 installation:
> 
> $DebianTemplateVM
> $FedoraTemplateVM
> 
> Because I ran into all these problems, I would prefer to just set it back. 
> Please tell me how to. 
> 
> Thanks. =)

It's important that you know what is happening here.

sed is, as Bernhard tells you, a stream editor. It runs through a file
making edits.
The -i option allows you to change a file in place.
s/foo/bar  will SUBSTITUTE (s) the phrase 'foo' with replacement 'bar'

So that first command in dom0 went through the file
/etc/yum.repos.d/qubes-dom0.repo and on every line where it found:
yum.qubes-os.org
changed it to:
yum.qubesos4z6n4.onion
and then saved the changed file.

Instead of the sed command, the instructions could say:
1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text
editor.
2. Look for every occurrence of yum.qubes-os.org, and change it to
yum.qubesos4z6n4.onion.
3. Save the changed file.
 
If you really want to set it back you can either reverse the sed
command, or make the changes manually in a text editor.
That is:
1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text
editor.
2. Look for every occurrence of yum.qubesos4z6n4.onion and change it to
yum.qubes-os.org.
3. Save the changed file.

Do the same for the other file.
That's reversed the changes you made.


The two variables that "dont exist" are just placeholders for the name
of the template that you want to change.
So instead of $DebianTemplateVM type in the name of the Debian template
that you want to affect. 
The qvm-run command allows you to run programs on qubes from dom0 - in
this case, using sed allows you to change those files quickly from dom0
instead of opening the TemplateVM, firing up a text editor and making
the changes in the TemplateVM.


What's puzzling is that you find that you can't connect to the update
servers anymore. (I assume that you mean from dom0 because you didnt
make any changes in Templates.)
It occurs to me that it doesn't actually say on the page that you will
need your updateVM to be running behind a Tor gateway for this method to
work. Perhaps you knew this? Perhaps not. You should ensure that you
made this change - if your updateVM is NOT running through Tor then
updates will always file. If it IS then they will fail some of the time
- that seems to be inevitable using Tor.

If you really do want to revert then you dont need to worry about this.
Just revert the changes you made in the .repo files and things should
work again.

unman

unman





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170209113328.GA32081%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] ubuntu template

[damien . waber]

Hi,

I am new into qubes (few months) and find it great. But I need a distro with 
newer packages (debian jessie was fine until I ran in issues with encfs 
compatibility).

So I wanted to build an ubuntu template but I did not found clear instructions.

using https://github.com/QubesOS/qubes-builder and the setup script, I do not 
get ubuntu to choose in the menu.

On this forum, there is few posts about it but using privaze repo.

I really need help on this :-)

Best regards,

Damien

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d4cbc32-324c-4a20-8d67-665b08960886%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Question to Mirage OS firewall users

[Thomas Leonard]

On Tuesday, February 7, 2017 at 5:31:25 PM UTC, Foppe de Haan wrote:
> On Tuesday, February 7, 2017 at 6:22:53 PM UTC+1, Thomas Leonard wrote:
> > On Tuesday, February 7, 2017 at 4:51:06 PM UTC, Foppe de Haan wrote:
> > > On Tuesday, February 7, 2017 at 5:24:58 PM UTC+1, Thomas Leonard wrote:
> > > > On Tuesday, February 7, 2017 at 3:55:30 PM UTC, Foppe de Haan wrote:
> > > > > Anyone else tried to use MirageOS i.c.w. a torrent client? I've 
> > > > > allocated 60mb ram, but it crashes within 2-8 hours here, which is 
> > > > > kind of disappointing.
> > > > 
> > > > Do the logs show an out-of-memory error when that happens? I haven't 
> > > > seen one for a long time now, but maybe torrents stress it more than 
> > > > usual.
> > > > 
> > > > If so, it could be https://github.com/yomimono/mirage-nat/issues/17 - 
> > > > there's a Mirage hackathon next month and I'm hoping to get some time 
> > > > to work on this there.
> > > 
> > > Yes. "Fatal error: out or memory. Mirage exiting with status 2"
> > 
> > By the way, what version of the firewall are you using?
> > If it's not qubes-mirage-firewall v0.2 then try upgrading first - there 
> > were lots of OOM problems in v0.1.
> > 
> > > That said, 2 minutes earlier the log notes that memory use was still only 
> > > at 16.7/38.2 MB.
> > 
> > The annoying thing about hashtables is the way they suddenly double in 
> > size. Since you're allocating 60 MB to the firewall (I only use 20 MB for 
> > mine), you could try adjusting the thresholds at these two lines:
> > 
> > https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L41
> > https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L47
> > 
> > Change the 0.9 (allow 90% of memory to be used) to 0.4 in both places. If 
> > the NAT table is the cause, that should make the problem go away.
> > 
> > > (Most of the log -- 90-95% -- consists of 'Failed to parse frame' 
> > > messages, btw.)
> > 
> > "Failed to parse frame" probably means it saw an ICMP (not TCP or UDP) 
> > packet and therefore didn't handle it. Another thing I'm hoping to fix 
> > soon... https://github.com/yomimono/mirage-nat/issues/15
> 
> I built it using docker about 2 days ago. Will do the other things you 
> mentioned, report back when I know more :)

Thanks! If that is the cause of the memory problem, it should be easy to fix 
anyway.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74503e3d-1fe3-4649-8a8d-fe2051adee64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem with a Privacy Guide

[haaber]

> Hello qubes-team,
>
> I'm actually facing a problem with a guide of yours. I've used the
> Privacy Guide "Tor Onion Repos" entering the following two commands:
>
> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/'
> /etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo
>
> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/'
> /etc/yum.repos.d/qubes-templates.repo && cat
> /etc/yum.repos.d/qubes-templates.repo
>
> Now i cant resolve a connection to the update servers anymore, please
> tell me the right commands to reset it.
>
> By the way, I could not enter the other two commands because the
> following variables didnt exists on my new qubes r3.2 installation:
>
> $DebianTemplateVM
> $FedoraTemplateVM
>
> Because I ran into all these problems, I would prefer to just set it
> back.
> Please tell me how to.
You may simply use sed ("stream editor") the other way: syntax is  sed
-i 's/SEARCH/REPLACE/'
So the first command reverted will contain
sed -i 's/yum.qubesos4z6n4.onion/yum.qubes-os.org/'

Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f91643e9-5b0b-c041-439c-78671224d7bb%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Problem with a Privacy Guide

[wile.e.coyote]

Hello qubes-team, 

I'm actually facing a problem with a guide of yours. I've used the Privacy 
Guide "Tor Onion Repos" entering the following two commands:

sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' 
/etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo

sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' 
/etc/yum.repos.d/qubes-templates.repo && cat 
/etc/yum.repos.d/qubes-templates.repo 

Now i cant resolve a connection to the update servers anymore, please tell me 
the right commands to reset it.

By the way, I could not enter the other two commands because the following 
variables didnt exists on my new qubes r3.2 installation:

$DebianTemplateVM
$FedoraTemplateVM

Because I ran into all these problems, I would prefer to just set it back. 
Please tell me how to. 

Thanks. =)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KcWy5ly--3-0%40keemail.me.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] off topic, made a group/list for general mobile privacy / security discussions

[pixel fairy]

discussion about mobile privacy not specific to qubes-os come up often here, so 
i made a separate group for that.

i like the web interface, and google is good at spam filtering. that said, i 
fully realize the irony of using google groups for this, and am open to moving 
the forum.

you have to ask to join, but ill accept everyone whos posted in a qubes list or 
probably anyone whos email doesnt look like a spammer or criminal.

id like to open this other langauges, but i only speak english, so i cant 
moderate other languages. please open other lists / forums for those.

https://groups.google.com/forum/#!forum/mobileprivacy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/125cdd68-c0f2-460f-8f1d-441a34386f37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.