Re: [qubes-users] Re: Archlinux Community Template Qubes OS 3.2

['Olivier Médoc' via qubes-users]

On 03/05/2017 10:13 PM, andres...@gmail.com wrote:
> Hi!
>
> I saw in the repository some files about an Arch Linux Minimal template:
> https://github.com/QubesOS/qubes-builder-archlinux/blob/master/scripts/packages_minimal.list
>
> How should we install it? Must we build it?

Yes it must be built, but you can also use the prebuilt template, check
the additional packages installed in packages.list vs
packages_minimal.list and remove packages and dependencies that you
don't want using pacman -Rsc packagename.

>From what I understood, ITL try to not use minimal templates because
there are too much libraries that are needed by very useful features.
However, I often take the standard templates, check the packages that
are installed after the qubes agents in /var/log/yum.log or
/var/log/pacman.log and remove packages I dislike.

>
> I tried to install "qubes-template-archlinux-minimal", but it can't be found. 
> And "qubes-template-archlinux" came only with the default template.
>
> Also, the Arch Linux template is not shutting down normally (need to kill the 
> VM). With a quick look at logs it seems qetty is not terminating. I can try 
> to paste the logs here if it's an unknown bug.
>
> Regards
>
About the template not shutting down, I had this issue but I do not have
this problem anymore. Try updating the Qubes agents by enabling the
archlinux QubesOS repository inside your TemplateVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef45209c-64cd-58ac-3f05-6925d07a7ee1%40yahoo.fr.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Archlinux Community Template Qubes OS 3.2

['Olivier Médoc' via qubes-users]

> Oiivier,
>
> Its great pacman is now supported for updating.  When I was working with 
> others to update the  build and doc to work with newer archlinux versions I 
> tried most everything asking many on the archlinux forum for help.  No one 
> could offer a good solution that did not break update security or require 
> manual opening and closing of the firewall access.
>
> https://groups.google.com/forum/#!searchin/qubes-users/tim$20w$20pacman/qubes-users/vT_ETcU5BvQ/sDhu879WDQAJ
>  I also had a thread on dev.  
>
> How was the functionality added?  To pacman to allow for proxy addition 
> without going thru wget or thru a change in qubes update proxy service?  
Hello,

In fact I use curl which is included by default (as pacman apparently
use curl libraries anyway). I update the configuration in /etc/pacman.d/
to use curl with a proxy by calling curl with http_proxy environment
variable.

No changes is actually required to the qubes update proxy.

> I found the powerpill pacman wrapper which used aria2 to allow for proxy 
> without breaking update proxy security to be at the time the best avenue not 
> to mention its added power and speed.  The only issue to have made everything 
> completely smooth was the reflector app to keep update mirror list current 
> had no option to allow for a proxy entry.  I planned to send a email to xyne 
> to see if he could add it as he has been quite responsive in the past to 
> similar request.
>
> Really glad its now working.  The reason I ask about how it was addressed is 
> I wondered if it would allow reflector program to go thru or does it have 
> still have the proxy option to plug in the ip?
>
> Thanks again for keeping the distro updated and working.
>
I did not tested reflector yet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d80d86c-2f40-9d20-292c-4b9694f1c12b%40yahoo.fr.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes i3 Tips & Tricks

[sm8ax1]

Daniel Moerner:
> I've been using i3 in dom0 for about a month now, and I wanted to share a few 
> tips and tricks (partly so I can have them in a centralized place for 
> reference):
> 
> 1. To lock the screen on suspend and resume, you need to add a systemd target 
> in /etc/systemd/system. This has to use your username (or supposedly 
> xss-lock, which I haven't bothered figuring out how to use). I use the 
> following content, substituting for $USER:
> 
> [Unit]
> Description=Lock screen on suspend
> 
> [Service]
> User=$USER
> Type=forking
> Environment=DISPLAY=:0
> ExecStart=/usr/bin/i3lock -d -c 00
> 
> [Install]
> WantedBy=suspend.target
> 
> 2. Volume keys: Install pulseaudio-utils. Then put the following in 
> .i3/config:
> 
> bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume 1 +5%
> bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume 1 -5%
> bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute 1 toggle
> 
> I then customize the qubes-i3status command by adding: (I know this awk/sed 
> mixture is awful, and it's hard-coded for my system, which has two pulseaudio 
> sinks)
> 
> status_volume() {
>local muted=$(pactl list sinks | awk -F ' ' '/Mute/ {print $2}' | sed -s 
> 's/ //g' -e '2q;d')
>if [[ $muted == 'yes' ]]; then
>json volume "Volume: 0%"
>else
>local volume=$(pactl list sinks | awk -F ' ' '/Volume/ {print $2}' | 
> sed -s 's/ //g' -e '3q;d')
>json volume "Volume: $volume"
>fi
> }
> 
> And then add a local volume variable to the main() call. I update every 
> second.
> 
> 3. A few minor tweaks to the config file: See this pull request, which has 
> already been merged: https://github.com/QubesOS/qubes-desktop-linux-i3/pull/5 
> 
> A few more personal thoughts: Personally, I change the navigation to use vim 
> keys, and then remap horizontal split to 'b'. I also remap 'focus child' to 
> 'c', since I find it to be a useful shortcut. Originally I disabled 
> fullscreen, on the model of Xfce4, but I had to reenable it as part of a 
> workaround for https://github.com/QubesOS/qubes-issues/issues/1502
> 
> I'm sure I'm missing a few things, but I wanted to share this, since I 
> sometimes see people asking about i3, especially on IRC.
> 
> Best,
> Daniel 
> 

Thanks for this. I've used i3 on other OSes and I like it a lot. I
probably won't use it on Qubes however because of an issue that I'll
note here since it may or may not affect other users.

In i3 it is rather difficult to control the size of a window with fine
granularity, and in particular it is very difficult to restore the exact
size a window would have been created with. This is a problem for users
of Tor Browser, because websites and exit nodes can query the browser
window's size even when you have JavaScript disabled. This makes you an
easy fingerprinting target.

If anyone knows of any workarounds for this, perhaps forcing certain
kinds of windows to be created in floating mode and keep their original
size, please share them.

-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bab51d99-56d2-af1e-96bd-0483eebd2653%40vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles

[Ed Welch]

On 03/06/2017 09:16 PM, Ted Brenner wrote:
Thanks for the details Ed. Did you have to start over from scratch or 
were you able to remove QWT and then install the older version?


On Fri, Mar 3, 2017 at 8:46 PM, Ed Welch > wrote:


I figured out how to install an older version of qubes-windows-tools

sudo dnf remove qubes-windows-tools

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
qubes-windows-tools-3.2.1-3.x86_64

From the testing repo:
http://yum.qubes-os.org/r3.2/current-testing/dom0/fc23/rpm/


I was able to see the different versions so I chose the most
recent prior to 3.2.2-3, which was 3.2.1-3.

And I have to say, this was a whole different ballgame, everything
with this version went really smoothly, I'm up and running now
with an updated win 7 instance, gui comes up fine, never even
needed debug mode.

I'm not sure if Ted and I are just among the first to do a clean
install with 3.2.1-3 or if there is something about our systems
giving us these issues.

Anyone please let me know how I can help (filing issues in github,
logs, etc) but for now I'm happy with how the older version is
working.

Ed


On 03/03/2017 11:45 AM, Ted Brenner wrote:

For what it's worth, I'm having the exact same issues.

On Fri, Mar 3, 2017 at 9:13 AM, Ed Welch > wrote:

Hey everyone, new to qubes, love it!

Getting going with linux I found pretty straight forward, no
issues.

Trying to get a Windows 7 HVM template created, not going so
well.

Thought I would post some of the issues I've had for
posterity and also see if I can get some help.


If you are like me and don't generally read long winded
posts, please at least scroll to my QUESTION at the bottom :)


Most of the instructions tell you to create a VM, however,
none of them tell you to increase the default VM specs.  For
win 7 64 it seems you want to increase the RAM to 4096MB and
primary partition to 40960MB (40G) I know for a fact 20G is
not enough to update windows 7 sp1 to latest.

You'll want to do this before anything else because it's more
difficult to do after you get started


Then I ran into the xen/cirrus video driver issue which
causes windows to freeze on the startup screen, found this
issue with workaround:
https://github.com/QubesOS/qubes-issues/issues/2488


This workaround does the trick, but I think it's important to
note a few additional steps, after the last setup reboot and
BEFORE YOU SHUTDOWN windows and try to install the windows
guest additions.

MAKE SURE to enable login without password through the
netplwiz tool, it seemed like this was the crucial step in
avoiding this issue:

https://groups.google.com/forum/#!msg/qubes-users/Vbga8Z-DjHE/GVHIWIob5uIJ



Also, users mentioned in that thread the importance of adding
more RAM, however, for me it seemed that enabling login
without password was the step that avoided putting your VM in
a totally unrecoverable BSOD loop.

Following the wiki instructions, I then installed the windows
tools from the qubes-dom0-current-testing repo (and also
updated the qrexec_timeout to 300 seconds) then switching
back to the modified instructions for working around the
cirrus/xen bug I was able to boot into windows and install
the windows tools.


This is where I hit my next big stumbling point, during the
installation the PV drivers prompt you to reboot.  DO NOT
REBOOT until the installation finishes, I did eventually see
on this page 'Xen PV driver components may display a message
box asking for reboot during installation – it’s safe to
ignore them and defer the reboot.'

Really this needs to be promoted to
https://www.qubes-os.org/doc/windows-appvms/
 IMO and in big
bold letters DO NOT REBOOT until the installation is
completed kind of thing.  If you reboot before it finishes
this is really unrecoverable and it's easier to just blow
away the vm and start again...


Ok, so now we get to where I'm stuck, my vm is installed,
qubes-windows-tools 3.2.2-3 is installed, however as soon as
I start the thing, it boots and the display immediately goes
away, found this issue:
https://github.com/QubesOS/qubes-issues/issues/1896
 

Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles

[Ted Brenner]

Thanks for the details Ed. Did you have to start over from scratch or were
you able to remove QWT and then install the older version?

On Fri, Mar 3, 2017 at 8:46 PM, Ed Welch  wrote:

> I figured out how to install an older version of qubes-windows-tools
> sudo dnf remove qubes-windows-tools
>
> sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
> qubes-windows-tools-3.2.1-3.x86_64
>
> From the testing repo: http://yum.qubes-os.org/r3.2/
> current-testing/dom0/fc23/rpm/
>
> I was able to see the different versions so I chose the most recent prior
> to 3.2.2-3, which was 3.2.1-3.
>
> And I have to say, this was a whole different ballgame, everything with
> this version went really smoothly, I'm up and running now with an updated
> win 7 instance, gui comes up fine, never even needed debug mode.
>
> I'm not sure if Ted and I are just among the first to do a clean install
> with 3.2.1-3 or if there is something about our systems giving us these
> issues.
>
> Anyone please let me know how I can help (filing issues in github, logs,
> etc) but for now I'm happy with how the older version is working.
>
> Ed
>
>
> On 03/03/2017 11:45 AM, Ted Brenner wrote:
>
> For what it's worth, I'm having the exact same issues.
>
> On Fri, Mar 3, 2017 at 9:13 AM, Ed Welch  wrote:
>
>> Hey everyone, new to qubes, love it!
>>
>> Getting going with linux I found pretty straight forward, no issues.
>>
>> Trying to get a Windows 7 HVM template created, not going so well.
>>
>> Thought I would post some of the issues I've had for posterity and also
>> see if I can get some help.
>>
>>
>> If you are like me and don't generally read long winded posts, please at
>> least scroll to my QUESTION at the bottom :)
>>
>>
>> Most of the instructions tell you to create a VM, however, none of them
>> tell you to increase the default VM specs.  For win 7 64 it seems you want
>> to increase the RAM to 4096MB and primary partition to 40960MB (40G) I know
>> for a fact 20G is not enough to update windows 7 sp1 to latest.
>>
>> You'll want to do this before anything else because it's more difficult
>> to do after you get started
>>
>>
>> Then I ran into the xen/cirrus video driver issue which causes windows to
>> freeze on the startup screen, found this issue with workaround:
>> https://github.com/QubesOS/qubes-issues/issues/2488
>>
>> This workaround does the trick, but I think it's important to note a few
>> additional steps, after the last setup reboot and BEFORE YOU SHUTDOWN
>> windows and try to install the windows guest additions.
>>
>> MAKE SURE to enable login without password through the netplwiz tool, it
>> seemed like this was the crucial step in avoiding this issue:
>> https://groups.google.com/forum/#!msg/qubes-users/Vbga8Z-DjH
>> E/GVHIWIob5uIJ
>>
>> Also, users mentioned in that thread the importance of adding more RAM,
>> however, for me it seemed that enabling login without password was the step
>> that avoided putting your VM in a totally unrecoverable BSOD loop.
>>
>> Following the wiki instructions, I then installed the windows tools from
>> the qubes-dom0-current-testing repo (and also updated the qrexec_timeout to
>> 300 seconds) then switching back to the modified instructions for working
>> around the cirrus/xen bug I was able to boot into windows and install the
>> windows tools.
>>
>>
>> This is where I hit my next big stumbling point, during the installation
>> the PV drivers prompt you to reboot.  DO NOT REBOOT until the installation
>> finishes, I did eventually see on this page 'Xen PV driver components may
>> display a message box asking for reboot during installation – it’s safe to
>> ignore them and defer the reboot.'
>>
>> Really this needs to be promoted to https://www.qubes-os.org/doc/w
>> indows-appvms/ IMO and in big bold letters DO NOT REBOOT until the
>> installation is completed kind of thing.  If you reboot before it finishes
>> this is really unrecoverable and it's easier to just blow away the vm and
>> start again...
>>
>>
>> Ok, so now we get to where I'm stuck, my vm is installed,
>> qubes-windows-tools 3.2.2-3 is installed, however as soon as I start the
>> thing, it boots and the display immediately goes away, found this issue:
>> https://github.com/QubesOS/qubes-issues/issues/1896  which matches the
>> behavior I'm seeing, however, this was fixed some time ago, but not totally
>> sure when it was released??
>>
>>
>> My second, issue, which may actually be causing the first, seems to best
>> be described in this thread: https://groups.google.com/d/to
>> pic/qubes-users/4OgwojFK-sI/discussion
>>
>> Specifically I'm having the issue in the last comment, the only way I can
>> get any UI is if I boot with --debug, and when I do, I often see that error
>> linked: 'The GUI agent that runs in the VM 'win7' implements outdated
>> protocol (0:0), and must be updated.
>>
>>
>> After reading through that thread, several people were mentioning that
>> 3.2.2-3 has 

Re: [qubes-users] do I really need these packages in dom0 :?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-06 06:40, Oleg Artemiev wrote:
> On Sun, Mar 5, 2017 at 1:29 PM, Andrew David Wong
>  wrote:
>> from above only netcf-libs is required indirectly by xen 
>> related package. So is it safe to drop all other from
>> above w/ rpm -e  ?
> 
> Yes. You can start with 'dnf remove initial-setup-gui' -
> it will propose additional packages not needed anymore.
> But carefully review that list before confirming.
>>> 
 Shouldn't those be removed by default as a postinstall step?
>>> May I add this (and above sentence as subject) as a feature 
>>> request in github?
>> I waited a couple of days for this but didn't see anything
>> submitted, so I've created an issue for it:
>> 
>> https://github.com/QubesOS/qubes-issues/issues/2670
>> 
>> Didn't mean to steal your thunder, but I was afraid it would end
>> up falling through the cracks (as so many important issues do).
> Thank you. :)  I was quite busy a few days including weekends. Also
> it was unclear for me into which repo I should report this (yes, 
> this is probably documented in report bugs). %)
> 

:)

> btw: i18n regression should be reported there too?
> 

I'm not sure which regression you're referring to. Please post a
detailed comment on that issue if you think there's a relevant regression.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYvgamAAoJENtN07w5UDAwhgkP/Re+MN5uQMVlZKL6SZgSqoxk
9MYoGAyEWFX/ywKBo9hwGIwp/qziDWQQWgfN7F6eGXZ9nZGlqfdOB8CuvwvmIw9B
LENrKDN7KIS+kwRI9ryx6ebdlDNWfR8L331omdn4VZ3XFDIirRCSxXBTwvhstihJ
M16y3o+ddqllpQv7RunkVEUyrcQvW6bsgqDUYE3FpqbX/BFmQTLayJcdWXwXZ8OD
136sxNS1CzPsvn0fIEEZacbK5s9/h2GrJbWD/Tn4yIJubvEXil8pXd/KlHrhQ3zZ
B0NdH8siTiwuOf/Mv9I5YYp7Uqtr/Hbjl8dQNVoUYg1Mjz0CYeK8sTu2JM9kXP/c
6EgLHJeb0U2bc89JSn8QkmtHs3Vi/wNFPgdDfFpjNjfYOBfmM6l1dDSlDme3goy/
5RO3fTFx4o0dVH4+yKbnxrV6k1MczfzmXl9ODUVgwYuaMkWcY3/iyu/fws1ZhsSY
RzdOixiibfzHQJFnTQRo8aRYK3JkuqUMMRr+TwpRNbM7A1AL4al//e2uppWGXRHI
fPzTlcNGM+vKI5K1P5Oxulgx8QvnatIvzPB7zJff4U40aq30TaSTto3MXEbcU90E
L4SamnMCFLzCp86H7oqWT1tQchSPhKicZNDpvJmId/oeICYpIoEWZTICQUhTYtID
FlhnSGl3Vpn8tRTJSOPi
=UuOa
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b6e49c6-b97a-949d-8f7a-2269e8566184%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-06 14:22, Antoine wrote:
> On Sun, Mar 05, 2017 at 05:35:03PM -0800, Andrew David Wong wrote:
>> Filed a bug report:
>> 
>> https://github.com/QubesOS/qubes-issues/issues/2674
>> 
>> Antoine, you didn't mention which version of Qubes or Debian 
>> you're using, so I assumed Qubes 3.2 and the Debian 8 
>> TemplateVM.
> 
> In fact, I am using a Debian 9 TemplateVM.
> 
> Antoine
> 

Thanks. I've updated the bug report.

However, please note that Debian 8 has gone more extensive testing
than Debian 9 as a TemplateVM. You may wish to try Debian 8 to see
whether this resolves your problem.

https://www.qubes-os.org/doc/supported-versions/#templatevms

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYvf9hAAoJENtN07w5UDAwd4wP/iPxL+W+Skap6XzBRmNdPR2i
PuBbS6iLd46YiUaRR06jGG2Iha6g/jNkDPLeWBcWWFXxJnFiE3iJSTrElTZgPLEC
TZpdOhDftejZ8/7cLmXnLI8aec24cubB6bZBZUymUs9BgqQQgJiLJfwHg0TCOsRJ
skysZttUBYh0WZDlyHRecRNl7D6SikfD12OKGuxEy7I3kOZfuC37cai/mF5KHfRf
ypPkj7pkvr7FYdUd65SP8KNc8U5IsoBeyDXfjJ4UYbo2/+B9lUPicULB2oBuBNPQ
cYukQbHJTC03thHWr3OCkD3jfQlXDaJO9JsVMfrzaYuVONRPQhHIB0tKKhvI9kO/
05h7dMLdN5rjiX3bl9nHZMuJ3CrXMYjT9P1qL85EP2/Wamb4a/16XjX2bLftj6iK
peKG0zgGwnOaFjoBLFyhTcL6YMSyWzcxAkwLWhr0o8lEayztBFk/lQjP46DeLcFB
ZGS24S85K5s026i73bDQ+YAxhY/dgCPVt/APDyfXZ3HW0jQRN0WvFPdk6B0FGgWR
BBZaZDE+rXlpwJTyoZbflymjHk8I5JvC25cMXeZz2YBodmS8SCV0LKj0DwO5xSLc
9uhwZ6sLLDdopFXD7faFEZwzbn3WyAqGUF/6zvcec6LMW87IW1a3/XJENjaM2YQG
Ac+kZnIOp8zhShaHCwcK
=oAkz
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66b0a2ee-677a-1308-885b-d22cfc013fbf%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: New User, First Time Install - Have I lost everything?

[Tez Dread]

On Monday, March 6, 2017 at 7:07:18 PM UTC, Vít Šesták wrote:
> I don't know the “auto” option, but it probably behaves the same as with 
> Fedora.
> 
> Just a quick guess: Your Windows partition is still present on your HDD, but 
> you cannot boot Windows (see below why). I don't believe the installer to be 
> so stupid to replace existing partitions.
> 
> For security reasons, dualboot is not supported by default. In past, it used 
> to be enabled, but this has caused some potential security issues: 
> https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-020-2015.txt
> 
> If you want dualboot, you still can: https://www.qubes-os.org/doc/multiboot/
> 
> If you want to access data stored on Windows partition from QubesOS (with all 
> drawbacks related to accessing NTFS from Linux), I suggest this:
> 
> 1. Create an AppVM for that. (Alternatively: use disposable VM)
> 2. In Qubes Manager, attach the Windows partition.
> 3. In the AppVM, you can mount it and browse it, like on usual Linux 
> distributions. (You need NTFS drivers installed.)
> 
> Regards,
> Vít Šesták 'v6ak'

HI Vit, thank you for the reply.

I jumped into this thinking the PC had the Legacy option but was mistaken so I 
don't have the dual boot option available after all.

I got to step 3 but then wasn't able to find a way to mount it in the AppVM to 
view it?

I was able to view everything on that partition but the only way I could figure 
it out was to install Disks application in the personal VM but everything's 
there.

I have no doubt I'll be back with other issues, would like to move over to this 
but a steep learning curve.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41081668-a3ee-498c-a1b5-22a16602771c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes i3 Tips & Tricks

[Daniel Moerner]

I've been using i3 in dom0 for about a month now, and I wanted to share a few 
tips and tricks (partly so I can have them in a centralized place for 
reference):

1. To lock the screen on suspend and resume, you need to add a systemd target 
in /etc/systemd/system. This has to use your username (or supposedly xss-lock, 
which I haven't bothered figuring out how to use). I use the following content, 
substituting for $USER:

[Unit]
Description=Lock screen on suspend

[Service]
User=$USER
Type=forking
Environment=DISPLAY=:0
ExecStart=/usr/bin/i3lock -d -c 00

[Install]
WantedBy=suspend.target

2. Volume keys: Install pulseaudio-utils. Then put the following in .i3/config:

bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume 1 +5%
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume 1 -5%
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute 1 toggle

I then customize the qubes-i3status command by adding: (I know this awk/sed 
mixture is awful, and it's hard-coded for my system, which has two pulseaudio 
sinks)

status_volume() {
   local muted=$(pactl list sinks | awk -F ' ' '/Mute/ {print $2}' | sed -s 's/ 
//g' -e '2q;d')
   if [[ $muted == 'yes' ]]; then
   json volume "Volume: 0%"
   else
   local volume=$(pactl list sinks | awk -F ' ' '/Volume/ {print $2}' | sed 
-s 's/ //g' -e '3q;d')
   json volume "Volume: $volume"
   fi
}

And then add a local volume variable to the main() call. I update every second.

3. A few minor tweaks to the config file: See this pull request, which has 
already been merged: https://github.com/QubesOS/qubes-desktop-linux-i3/pull/5 

A few more personal thoughts: Personally, I change the navigation to use vim 
keys, and then remap horizontal split to 'b'. I also remap 'focus child' to 
'c', since I find it to be a useful shortcut. Originally I disabled fullscreen, 
on the model of Xfce4, but I had to reenable it as part of a workaround for 
https://github.com/QubesOS/qubes-issues/issues/1502

I'm sure I'm missing a few things, but I wanted to share this, since I 
sometimes see people asking about i3, especially on IRC.

Best,
Daniel 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33922074-d6a3-46cb-b450-2b094122d53a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS

['Antoine' via qubes-users]

On Sun, Mar 05, 2017 at 05:35:03PM -0800, Andrew David Wong wrote:
> Filed a bug report:
> 
> https://github.com/QubesOS/qubes-issues/issues/2674
> 
> Antoine, you didn't mention which version of Qubes or Debian you're
> using, so I assumed Qubes 3.2 and the Debian 8 TemplateVM.

In fact, I am using a Debian 9 TemplateVM.

Antoine

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2017030622.vzipj7ztpgcd6ezi%40fedora-23-dvm.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] qvm-create-default-dvm fails

[haaber]

On Mon, Mar 06, 2017 at 03:49:30PM +0100, Bernhard wrote:
>> On 03/06/2017 02:55 PM, Unman wrote:
 self._update_libvirt_domain()
   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
 line 755, in _update_libvirt_domain
 raise e
 libvirt.libvirtError: operation failed: domain 'debian-8-dvm' already
 exists with uuid 61320a0c2-1e2a-4bff-b064-29fe587619b8

 Bernhard
>>> Look here:
>>> www.qubes-os.org/doc/remove-vm-manually
>>>
>>> That libvirt error sghows that you have a redundant entry in the db,
>>> which you need to remove.
>>> Then try creating the dvmTemplate again. Remember, no sudo!
>> Hello Unman, I looked at your link.
>>
>> |1) rm -rf is done. 2) qvm-remove --just-db debian-8-dvm says "there is
>> no VM with this name.." (and he's right!) 3) 
>> in|||~/.local/share/applications/ there no thing such as |debian-8-dvm*
>> There is debian-8-gnome-terminal.desktop
>> debian-8-gpk-application.desktop and
>> debian-8-qubes-appmenu-select.desktop I won't touch these, will I ??
>> Still, the error persists. Find finds no debian-8-dvm* file in /var ...
>> I also find -type f -size -1M -exec grep -il debian-8-dvm \{} \;
>> verifyied my /var: no debian-8-dvm string wheresoever. However, I found
>> /etc/libvirt/libxl/debian-8-dvm.xml I moved it to 
>> |||/etc/libvirt/libxl/debian-8-dvm.xml|.old to see what happens, but the
>> error persists still. Desparate ... any ideas? Bernhard |
> Try this:
> virsh -c xen:/// undefine debian-8-dvm
>
> Then try recreating the dvmTemplate again.
This did it, thank you! I found the command some hours ago, after your
last mail that made me google libvirt issues. I posted it immediately,
but maybe I used the wrong "from" address and the mail was eaten by
google groups. Anyhow, THANK YOU so much! Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed848df0-0bd9-eee1-9cc7-0818372a7ee6%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Upgrading from Qubes 3 to 4.

[Jean-Philippe Ouellet]

On Mon, Mar 6, 2017 at 1:02 AM,   wrote:
> Hello,
>
> I'm looking at getting a new laptop in the next few months. I will, of 
> course, run Qubes on this thing but since Qubes 4 is on the horizon I'm 
> wondering how easy/difficult it will be to upgrade once it's out. Has 
> anything been said about this?
>
> Since I don't really need my new computer until June, I'm considering holding 
> off and wait for Qubes 4 to come out. Has anything been said about the 
> release date? Googling doesn't reveal much in the way of recent information.
>
> Regards,
> Elias

https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/

Note that those are bare minimum requirements, and that you will
probably want more. If you need to run windows HVMs, I'd say at least
double those recommendations.

I'm probably something of a power user, but used to run out of memory
regularly with 8gb and am about to run out of disk with 500gb.

I think perhaps we should consider adding a "recommended requirements"
section instead of just "minimum requirements".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_CiPp%3DeO8n%3DZNTR0PKCP%2BYU3VRoLeXee%3D9QB-UyopD_uA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-create-default-dvm fails

[Unman]

On Mon, Mar 06, 2017 at 03:49:30PM +0100, Bernhard wrote:
> On 03/06/2017 02:55 PM, Unman wrote:
> >> self._update_libvirt_domain()
> >>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
> >> line 755, in _update_libvirt_domain
> >> raise e
> >> libvirt.libvirtError: operation failed: domain 'debian-8-dvm' already
> >> exists with uuid 61320a0c2-1e2a-4bff-b064-29fe587619b8
> >>
> >> Bernhard
> > Look here:
> > www.qubes-os.org/doc/remove-vm-manually
> >
> > That libvirt error sghows that you have a redundant entry in the db,
> > which you need to remove.
> > Then try creating the dvmTemplate again. Remember, no sudo!
> 
> Hello Unman, I looked at your link.
> 
> |1) rm -rf is done. 2) qvm-remove --just-db debian-8-dvm says "there is
> no VM with this name.." (and he's right!) 3) 
> in|||~/.local/share/applications/ there no thing such as |debian-8-dvm*
> There is debian-8-gnome-terminal.desktop
> debian-8-gpk-application.desktop and
> debian-8-qubes-appmenu-select.desktop I won't touch these, will I ??
> Still, the error persists. Find finds no debian-8-dvm* file in /var ...
> I also find -type f -size -1M -exec grep -il debian-8-dvm \{} \;
> verifyied my /var: no debian-8-dvm string wheresoever. However, I found
> /etc/libvirt/libxl/debian-8-dvm.xml I moved it to 
> |||/etc/libvirt/libxl/debian-8-dvm.xml|.old to see what happens, but the
> error persists still. Desparate ... any ideas? Bernhard |

Try this:
virsh -c xen:/// undefine debian-8-dvm

Then try recreating the dvmTemplate again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170306194521.GA23427%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Assigning microphone to AppVM from terminal

[Fabrizio Romano Genovese]

Thanks Rusty Bird, you made my day!

Cheers,
Fab

On Mon, Mar 6, 2017 at 1:15 PM, Rusty Bird 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Fabrizio Romano Genovese:
> > I've built a little toggle script to automatically attach/detach my
> camera to an appvm. For the sake of completeness, I'd like to do the same
> for the internal microphone.
>
> https://github.com/rustybird/qubes-stuff/blob/master/dom0/
> bin/qvm-microphone
>
> Rusty
> -BEGIN PGP SIGNATURE-
>
> iQJ8BAEBCgBmBQJYvWDiXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
> NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfoD8P/1Of6v/HyTh/mw/P8+K/CARY
> H+4f1IvASKO5srRM2vYtDs+kEyU+ykN/Rs05ru3HCmI2NVRfrVQftRlZqx55JIgm
> 6/mEud28WuLAk+ZwRsDEtklgsdIc+XshbvoW9yjuVTruD7KoC361LfqLjG7NJRzO
> EEbKwjTK3PsZLpedUAzokE/xfEDhbxUhWDPZMKuOz5zkuMZVW8dQFU/va7+xsAHO
> IPB9FsJk0kTN43OaeUGado7z5N5UQOfmXMEM12fAj3KHbGm8nV9cyEF3xmN48ey9
> tZ/Zykmw7OahTBqXROzDLXLbkVFKpR86YQE1fIx7KM9Lqz6VGPn7L/zBsHz3dG4z
> RXpC9X/WibY1CZek3myI7Jstd4LkGW8WH7PTwgZwUP61LpnH/gsJukDM4CEjBWGX
> NuqRFmhokBqjkHGmumzW+h0I7DSnPULkGGy5tHULQ4HOm5r4o/O5LTTEgHMQHSPQ
> jaQxoSVRZ2fdpu1BE7nPTqlt0/gFP9HesEy7q6Q5OlQg38k7j+oe6LHtKWQ272B4
> 3LQbQXmvCkHXoIew72ywN8WkFEuBy6uArGwetIDZ53bderxep+Bvo1064DUwObf/
> KJ1rRYlIlapa5fECPZ6UJyseLlGOgOSCopSLEY6T83LC0ZmOa0HzJDKi8CfoNt/Z
> ltlD2fZXowwhhM8ToKpk
> =kAjE
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAZqLaNLRxgF8nC3JHwmA5Pk2bKafi7boxLg4SP4jtRgaoF%2BEQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Nvidia Optimus mode not possible?

[Vít Šesták]

Well, you probably can use Optimus with QubesOS, except it is pretty useless, 
because QubesOS renders everything in AppVMs on CPU. GPU is used:

a. In dom0, where integrated GPU is usually enough.
b. In HVMs if you use GPU passthrough. Note that you cannot start multiple VMs 
with the same VM assigned. (Not sure how hard/easy is it to configure GPU 
passthrough. It is hard not supported on my old laptop, so I have no experience 
with this.)

The only thing I want from Nvidia is not to consume power (and not to produce 
heat), which is what bbswitch is useful for.

Well, if you have an output wired to Nvidia GPU, Optimus could be useful to 
handle this output. I had a limited luck using intel-virtual-output with 
opensource Nvidia drivers (added a second screen, but the system was rather 
unusable then). Maybe I would have more luck with proprietary drivers.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/521ff80e-6ce2-4be2-9d9d-683da5b7eca2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] New User, First Time Install - Have I lost everything?

[Vít Šesták]

I don't know the “auto” option, but it probably behaves the same as with Fedora.

Just a quick guess: Your Windows partition is still present on your HDD, but 
you cannot boot Windows (see below why). I don't believe the installer to be so 
stupid to replace existing partitions.

For security reasons, dualboot is not supported by default. In past, it used to 
be enabled, but this has caused some potential security issues: 
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-020-2015.txt

If you want dualboot, you still can: https://www.qubes-os.org/doc/multiboot/

If you want to access data stored on Windows partition from QubesOS (with all 
drawbacks related to accessing NTFS from Linux), I suggest this:

1. Create an AppVM for that. (Alternatively: use disposable VM)
2. In Qubes Manager, attach the Windows partition.
3. In the AppVM, you can mount it and browse it, like on usual Linux 
distributions. (You need NTFS drivers installed.)

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea47c084-1c7b-4a53-9208-99d2e1cbe3e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Nvidia Optimus mode not possible?

[evo]

Hi!

i read some posts about this and as i understood, it is not possible to
use optimus mode with nvidia and intel card on Qubes OS, is it right?

The thing with Bumblebee and bbswitch, which i don't fully understand,
seems not to work, or do somebody have some new tricks?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c6c5192e-9264-4373-c133-e1aa5562f1d6%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] New User, First Time Install - Have I lost everything?

[Tez Dread]

Hello,

I read the Installation page but there's not much to it so assumed that it 
would be like a Linux desktop installation so I went into Disk management in 
Windows 10 and created a new 200gb partition with the intention of testing it 
out by way of dual booting.

There is just the one HDD in the PC and it had Windows 10 installed + a 
separate partition that stored data only (docs, downloaded programs etc) and 
then I added the new partition, left it as free space and rebooted.

I chose the Auto option for installing, thinking that A. Previous times I've 
installed Linux it installed to the free space, B. There is nothing in the 
documentation that explains in detail how to install Qubes into a new partition 
and finally, there was no warning to say that 'All Data on the HDD selected 
will be deleted'

The install has gone fine as much as I can tell but I can't tell if the data 
partition is still there. If I go into Computer it just shows /Home and all the 
Qubes OS stuff.

Can someone please tell me what has happened here?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73c5f63d-7399-420e-8933-d9fe31888718%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

[Vít Šesták]

Hi Holger,
I am generally OK with this level of sarcasm.

> But if you don't regularily test what you backup and test that you  can 
> actually restore, your backup is rather worthless. You don't want to find out 
> your restore is broken, once your regular install is gone…

Sure. I remember having some hard time with decryption of the backup. Despite 
it is almost five years ago and I have finally succeeded, I remember it was not 
a good feeling.

Doing some checks is on my tasklist. I haven't decided how exactly it should 
look like, but there is some basic ticket on this: 
https://github.com/v6ak/qubes-incremental-backup-poc/issues/14 If you have some 
idea on this, you are welcome. (Maybe I should add help-wanted label here.)

> cool. Is that documented in your git repo too or just here? :)

Just here. Well, you can get some bare idea from running ./backup -h, but the 
testing process is not described elsewhere.  

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f8bc2d1-75cb-46ea-aba7-76af056ec999%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Firewall error by adding new IP

[evo]

On 03/06/2017 03:05 PM, Unman wrote:
> On Mon, Mar 06, 2017 at 08:26:30AM +0100, evo wrote:
>>
>>
>> On 03/06/2017 12:41 AM, Unman wrote:
>>> On Sun, Mar 05, 2017 at 10:26:22PM +0100, evo wrote:


 On 03/05/2017 10:22 PM, Unman wrote:
> On Sun, Mar 05, 2017 at 10:12:15PM +0100, evo wrote:
>> oh, thanks... i thought i read the post about firewall, but didnt see
>> the limit of 3kb.
>>
>> so the only way to get over 3kb is to adit own rules in /rw/config?
>> And for building the own script there, i should really understand the
>> whole iptables thing.. puh :)
>>
>> sorry for the newbee-question, but what the hell is /rw??
>>
>>
>>
>> On 03/05/2017 10:03 PM, Unman wrote:
>>> On Sun, Mar 05, 2017 at 09:35:00PM +0100, evo wrote:
 Hello!

 i get an error pop-up:
 "ERROR: Firewall tab: (0,'Error')

 by adding new address.

 i have already added few addresses (about 20 or 30)
 is there any limit or something like that??

 thanks!
>>>
>>> Yes:
>>> It's documented here:
>>> www.qubes-os.org/doc/firewall
>>>
>>> There's also a proposal for a work around
>>>
>
> Can you try not to top-post?
>
> When you are running a TemplateBasedVM, most of the file system comes
> from the template. This means that many changes that you make will
> disappear on reboot. (E.g changing config in /etc , installing programs
> etc.)
> Some parts of the file system, (/home /and /usr/local) DO persist in the
> qube. They are actually stored in /rw: have a look.
> There is also a mechanism (bind-dirs) for making other files persistent.
> You can read about it in the docs.
> (You can, of course, also store files in /rw/config and use the
> rc.local mechanism to change files in the root file system on boot - e.g
> adding entries to hosts files, custom iptables rules etc etc.)
>
> unman
>

 ok, so the /rw is on the VM and not in the dom0, understand.

 do i need a special name for the iptable-rules in /rw/config?

 maby just a example for permiting 8.8.8.8:80 ... i know its the iptables
 thing :)
>>>
>>>
>>> For proxyVMs (like sys-firewall) there is a built-in mechanism you can
>>> exploit.
>>> Say you want to allow traffic from 10.137.100.1 to 8.8.8.8:80, but you
>>> have already hit that 3k limit.
>>> Edit the file /rw/config/qubes-firewall-user-script, and add the line:
>>> iptables -I FORWARD -s 10.137.100.1 -d 8.8.8.8 -p tcp --dport 80 -j ACCEPT
>>>
>>> chmod +x /rw/config/qubes-firewall-user-script
>>>
>>> This script is called whenever a new qube is attached to the proxyVM
>>> and the relevant iptables rules are automatically rebuilt.
>>>
>>> You can also build your own custom rulesets and store them in an
>>> arbitrarily named file called from /rw/config/qubes-firewall-user-script,
>>> and you can, of course, do anything you like from this file, which will
>>> be triggered when a new qube is attached: that is, you arent limited to
>>> firewall manipulation.
>>>
>>> unman
>>>
>>>
>>
>> thanks!
>> so i can just write the line for one rule, without writing the whole
>> script for iptables.
> 
> Yes - the rest of the rules will be taken from the entries you have
> configured in the manager for that qube.
> 
>>
>> so i can call it however i want or use the qubes-firewall-user-script
>> file... is it principally the same? or does qubes-firewall-user-script
>> replace the whole rules i already have?
> 
> qubes-firewall-user-script is just a script that is called after the
> usual Qubes firewall service process - that reads the rules set per
> attached qube and instantiates them on the ProxyVM.
> A significant difference is that a rule you set in
> qubes-firewall-user-script will be set every time that script is called,
> whereas one set in manager (or in qvm-firewall) will only be applied
> when the relevant qube is attached.
> It doesn't replace the other rules unless you explicitly ask it to do so
> - you could do this if you wanted. Since it's just a script you can do
> anything you like in there, as I've said. This would include setting
> rules depending on what qubes were attached (e.g if qube A and qube B are
> BOTH attached to ProxyVM open up inbound access to qube A).
> 
>>
>> the problem i have now is... i forgot to delete the "overloaded" rule
>> from the VM and now i can not start it. is there any other way to start
>> it, or to delete this overloaded 3k-file? is this file on sys-firewall
>> or on the VM itself?
> 
> Just delete the rules from the manager interface or look at qvm-firewall
> (in dom0). The help there is pretty good.
> 

hmmm... i can not delet it from the manager interface, because i can not
start the VM (because of the overloaded 3KB-limit of the firewall).

qvm-firewall seems to be a great thing!
with qvm-firewall -n "VM-name" list i can 

Re: [qubes-users] Problems installing on device running Coreboot

[Duncan]

Hi Rusty,

This workaround does indeed work. Thanks for your help!

D

Rusty Bird:
> Duncan:
>> Coreboot was configured as follows: SeaBIOS as primary payload [...]
> 
>> The behavior of trying to boot a stock Qubes install that was installed
>> using the installer booted by Coreboot, is that selecting the SSD to
>> boot from just seems to result in hanging.
> 
> It's a SeaBIOS-related installer bug, see the last paragraph of
> https://github.com/QubesOS/qubes-issues/issues/2553#issuecomment-284367521
> for a workaround.
> 
> Rusty
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a552993b-973e-170e-403c-600776ceadd1%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Attaching a single USB device to a qube (USB passthrough)

[Franz]

On Sun, Mar 5, 2017 at 11:39 PM, Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2017-03-05 17:56, Franz wrote:
> > On Sun, Mar 5, 2017 at 10:39 PM, Andrew David Wong
> >  wrote:
> >
> >> On 2017-03-05 14:18, Franz wrote:
> >>> On Sun, Mar 5, 2017 at 5:11 PM,  wrote:
>  [...] did it work with it plugged in at boot?
> 
> >>> did not try that wondering if it may be a security risk
> >>
> >> Yes, leaving USB devices plugged in during boot can be a risk,
> >> since Qubes can't isolate USB controllers during early stages of
> >> the boot process. IIRC, Joanna's recommendation is to unplug all
> >> USB devices before (re)booting.
> >>
> >>
> > So, leaving that aside, the only remaining option would be to look
> > into some log or similar information source to try to find out why
> > the scanner appears in sys-usb, but not in dom0 qvm-usb. Any idea
> > where to look?
> >
>
> Sorry, no idea.
>
> P.S. - Franz, would you mind excluding extraneous quoted material from
> your replies? In particular, please exclude PGP signatures and generic
> Google Groups information included as a signature.
>
> https://www.qubes-os.org/mailing-lists/#discussion-list-guidelines
>
>
To go along I tried to use the USB controller that was assigned to
assignedVM, that worked in the past. But now I am unable to start the
assignedVM. The log tells:
Icon size: 128x128
invalid PMaxSize for 0x3600015 (32767/32767)
invalid PMaxSize for 0x3600015 (32767/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600040 (32767/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
libvchan_is_eof
Icon size: 128x128
domain dead
Failed to connect to gui-agent

Best
Fran

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAu-%2Bp4735bvz-5Lzzu7RWyKKENDCPUt_R1tg5iHypAgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] installing qubes 3.2 from a usb disk behind a hub

[wvervoorn]

Hello,

I have a UEFI system that I try to install Qubes 3.2 on.

This system only has a single USB port available. So I connected a hub to the 
system and the USB disk is connected behind this Hub.

The installation starts but the usb disk is not recognized so the installation 
fails because of that. If I unplug the disk and plug it in again it is 
recognized properly so I guess Qubes has problems mounting the disk behind the 
hub while it is starting the kernel.

Do you have any suggestions?

Best regards,

Wim Vervoorn

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7a7381f-263d-458e-b282-62b77aca6124%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-create-default-dvm fails

[Bernhard]

On 03/06/2017 02:55 PM, Unman wrote:
>> self._update_libvirt_domain()
>>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
>> line 755, in _update_libvirt_domain
>> raise e
>> libvirt.libvirtError: operation failed: domain 'debian-8-dvm' already
>> exists with uuid 61320a0c2-1e2a-4bff-b064-29fe587619b8
>>
>> Bernhard
> Look here:
> www.qubes-os.org/doc/remove-vm-manually
>
> That libvirt error sghows that you have a redundant entry in the db,
> which you need to remove.
> Then try creating the dvmTemplate again. Remember, no sudo!

Hello Unman, I looked at your link.

|1) rm -rf is done. 2) qvm-remove --just-db debian-8-dvm says "there is
no VM with this name.." (and he's right!) 3) in|||~/.local/share/applications/ 
there no thing such as |debian-8-dvm*
There is debian-8-gnome-terminal.desktop
debian-8-gpk-application.desktop and
debian-8-qubes-appmenu-select.desktop I won't touch these, will I ??
Still, the error persists. Find finds no debian-8-dvm* file in /var ...
I also find -type f -size -1M -exec grep -il debian-8-dvm \{} \;
verifyied my /var: no debian-8-dvm string wheresoever. However, I found
/etc/libvirt/libxl/debian-8-dvm.xml I moved it to 
|||/etc/libvirt/libxl/debian-8-dvm.xml|.old to see what happens, but the
error persists still. Desparate ... any ideas? Bernhard |

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8a22850-7557-666b-af3a-66115bb29322%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] do I really need these packages in dom0 :?

[Oleg Artemiev]

On Sun, Mar 5, 2017 at 1:29 PM, Andrew David Wong  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> from above only netcf-libs is required indirectly by xen
> related package. So is it safe to drop all other from above
> w/ rpm -e  ?

 Yes. You can start with 'dnf remove initial-setup-gui' - it
 will propose additional packages not needed anymore. But
 carefully review that list before confirming.
>>
>>> Shouldn't those be removed by default as a postinstall step?
>> May I add this (and above sentence as subject) as a feature
>> request in github?
> I waited a couple of days for this but didn't see anything submitted,
> so I've created an issue for it:
>
> https://github.com/QubesOS/qubes-issues/issues/2670
>
> Didn't mean to steal your thunder, but I was afraid it would end up
> falling through the cracks (as so many important issues do).
Thank you. :)  I was quite busy a few days including weekends.
 Also it was unclear for me into which repo I should report this (yes,
this is probably
documented in report bugs). %)

btw: i18n regression should be reported there too?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6Ncmc3EM3kvNyCYS8Y99-ffYkSF_sv%2BucSWEdpXDz0diw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Firewall error by adding new IP

[Unman]

On Mon, Mar 06, 2017 at 08:26:30AM +0100, evo wrote:
> 
> 
> On 03/06/2017 12:41 AM, Unman wrote:
> > On Sun, Mar 05, 2017 at 10:26:22PM +0100, evo wrote:
> >>
> >>
> >> On 03/05/2017 10:22 PM, Unman wrote:
> >>> On Sun, Mar 05, 2017 at 10:12:15PM +0100, evo wrote:
>  oh, thanks... i thought i read the post about firewall, but didnt see
>  the limit of 3kb.
> 
>  so the only way to get over 3kb is to adit own rules in /rw/config?
>  And for building the own script there, i should really understand the
>  whole iptables thing.. puh :)
> 
>  sorry for the newbee-question, but what the hell is /rw??
> 
> 
> 
>  On 03/05/2017 10:03 PM, Unman wrote:
> > On Sun, Mar 05, 2017 at 09:35:00PM +0100, evo wrote:
> >> Hello!
> >>
> >> i get an error pop-up:
> >> "ERROR: Firewall tab: (0,'Error')
> >>
> >> by adding new address.
> >>
> >> i have already added few addresses (about 20 or 30)
> >> is there any limit or something like that??
> >>
> >> thanks!
> >
> > Yes:
> > It's documented here:
> > www.qubes-os.org/doc/firewall
> >
> > There's also a proposal for a work around
> >
> >>>
> >>> Can you try not to top-post?
> >>>
> >>> When you are running a TemplateBasedVM, most of the file system comes
> >>> from the template. This means that many changes that you make will
> >>> disappear on reboot. (E.g changing config in /etc , installing programs
> >>> etc.)
> >>> Some parts of the file system, (/home /and /usr/local) DO persist in the
> >>> qube. They are actually stored in /rw: have a look.
> >>> There is also a mechanism (bind-dirs) for making other files persistent.
> >>> You can read about it in the docs.
> >>> (You can, of course, also store files in /rw/config and use the
> >>> rc.local mechanism to change files in the root file system on boot - e.g
> >>> adding entries to hosts files, custom iptables rules etc etc.)
> >>>
> >>> unman
> >>>
> >>
> >> ok, so the /rw is on the VM and not in the dom0, understand.
> >>
> >> do i need a special name for the iptable-rules in /rw/config?
> >>
> >> maby just a example for permiting 8.8.8.8:80 ... i know its the iptables
> >> thing :)
> > 
> > 
> > For proxyVMs (like sys-firewall) there is a built-in mechanism you can
> > exploit.
> > Say you want to allow traffic from 10.137.100.1 to 8.8.8.8:80, but you
> > have already hit that 3k limit.
> > Edit the file /rw/config/qubes-firewall-user-script, and add the line:
> > iptables -I FORWARD -s 10.137.100.1 -d 8.8.8.8 -p tcp --dport 80 -j ACCEPT
> > 
> > chmod +x /rw/config/qubes-firewall-user-script
> > 
> > This script is called whenever a new qube is attached to the proxyVM
> > and the relevant iptables rules are automatically rebuilt.
> > 
> > You can also build your own custom rulesets and store them in an
> > arbitrarily named file called from /rw/config/qubes-firewall-user-script,
> > and you can, of course, do anything you like from this file, which will
> > be triggered when a new qube is attached: that is, you arent limited to
> > firewall manipulation.
> > 
> > unman
> > 
> > 
> 
> thanks!
> so i can just write the line for one rule, without writing the whole
> script for iptables.

Yes - the rest of the rules will be taken from the entries you have
configured in the manager for that qube.

> 
> so i can call it however i want or use the qubes-firewall-user-script
> file... is it principally the same? or does qubes-firewall-user-script
> replace the whole rules i already have?

qubes-firewall-user-script is just a script that is called after the
usual Qubes firewall service process - that reads the rules set per
attached qube and instantiates them on the ProxyVM.
A significant difference is that a rule you set in
qubes-firewall-user-script will be set every time that script is called,
whereas one set in manager (or in qvm-firewall) will only be applied
when the relevant qube is attached.
It doesn't replace the other rules unless you explicitly ask it to do so
- you could do this if you wanted. Since it's just a script you can do
anything you like in there, as I've said. This would include setting
rules depending on what qubes were attached (e.g if qube A and qube B are
BOTH attached to ProxyVM open up inbound access to qube A).

> 
> the problem i have now is... i forgot to delete the "overloaded" rule
> from the VM and now i can not start it. is there any other way to start
> it, or to delete this overloaded 3k-file? is this file on sys-firewall
> or on the VM itself?

Just delete the rules from the manager interface or look at qvm-firewall
(in dom0). The help there is pretty good.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this 

Re: [qubes-users] First time user: initial issues and thoughts

[sm8ax1]

Chris Laprise:
> On 03/05/2017 08:11 AM, sm8ax1 wrote:
>>
>> Thanks, I read the custom install page prior to installing, but I was
>> unaware of #2340.
>>
>> To be honest, when I decided I wanted BTRFS, I just sort of assumed that
>> guest disk images were logical volumes to begin with. The custom install
>> page mentioned LVM in every scenario, so I thought it was necessary for
>> that reason. And the Xen wiki repeatedly mentions that logical volumes
>> are faster than image files on any kind of filesystem.  It was, however,
>> suspcious when the custom install page said "-l 100%FREE" for the root
>> LV. I guess that's what I get for assuming.
>>
>> Are there any plans for hooking Qubes up to the LVM in this way? LVM
>> itself supports block-level rw CoW snapshots, and the Xen project
>> strongly recommends it over image files.
> 
> Normally you shouldn't mix Btrfs with LVM, as the former is a kind of
> volume manager in itself.
> 
> I have used Btrfs on Qubes for probably close to 2 years and it has been
> very good in terms of stability and performance. However, anaconda
> (fedora's installer) doesn't handle a mixture of partitioning and fs
> options well, esp. if you select Btrfs. The only 'good' way I've found
> is to select a Btrfs system install and let it re-partition the whole
> disk; otherwise, it has a tendency to forget steps such as LUKS
> encryption layer.
> 
> Note that thin-provisoned LVM (probably the type you're referring to)
> incurs a speed penalty as well. Its really doing the same work as Btrfs,
> but without some of the nice features.

The installer worked the way I wanted it to after a few tries, as I
mentioned earlier. I just had to delete the filesystem from the LV
first. The custom install page even warns that it's likely to be
glitchy. I can't really complain.

I'm not sure what you mean by the installer forgetting the LUKS
encryption layer. That already existed on the disk before I used the
installer. I had to unlock it within the installer before I could setup
the root and swap LVs. If it were to overwrite the whole LUKS container
with a root filesystem then that's one hell of a bug.

About Btrfs...

You have a point that Btrfs can replace LVM for the most part and
thin-provisioned LVM's performance is probably comparable. However, I
was referring specifically to Xen Project's recommendation to use LVM
because the block device backend is faster than the filesystem backend
according to them. This is regardless of the performance difference
between btrfs and thin-provisioned LVM, presumably.

I mistakenly implied that snapshot capabilities even matter with things
as they are today. If Qubes can run on ext4, necessarily without any
CoW/snapshot infrastructure, then it seemingly could run on traditional
LVM just the same. The only difference is it would be running on a block
device rather than a filesystem. Snapshots and thin-provisioned LVM are
both beyond the scope of this comparison.

As a separate issue, CoW copies of blocks being created when a file is
randomly written to is just part of how Btrfs works and irrelevant to
snapshots (which AFAIK aren't used) in Qubes's case. It can cause bad
performance with random-write scenarios like virtual machine images.
Using an LV solves the problem, but so does `chattr +C`, so there's not
much of an argument here.

As an aside, sometimes the biggest advantage to using LVM is because
many early userspace implementations don't know how to unlock multiple
LUKS partitions (e.g. root (btrfs) and swap). Although you don't
technically need swap unlocked in early userspace, you do if you want to
resume from hibernation and/or only enter your password once. Btrfs
doesn't support swap files either.

Using Btrfs instead of LVM is completely valid in many cases. The
question is whether the performance advantage of traditional LVM would
justify supporting it in addition to image files.

>> I wanted to setup MAC address spoofing on my wireless interface too, so
 I modified /etc/NetworkManager/NetworkManager.conf in sys-net, but when
 I restarted it my changes were gone. I read that I have to make changes
 in the TemplateVM itself (fedora-23) for them to be persistent, but the
 problem is that I don't necessarily need all VMs to have this change.
 I'm still not sure of the correct way to make changes to a single VM
 that inherits from a TemplateVM.
>>>
>>> On MAC anonymization:
>>>
>>> https://www.qubes-os.org/doc/anonymizing-your-mac-address/
>> That's more or less what I read on other sites. I think we should
>> consider putting a Big Fat Warning on that page saying that your changes
>> will be lost on restart if the VM belongs to a template, or you could
>> easily leak your real MAC address by accident.
> 
> This behavior is explained in Qubes introductory material...
> template-based VMs forget anything that isn't in /rw (such as home/).
> That's why its routine for Qubes docs to instruct adding settings to the
> template. 

Re: [qubes-users] qvm-create-default-dvm fails

[Unman]

On Mon, Mar 06, 2017 at 09:41:56AM +0100, haaber wrote:
> On 03/06/2017 12:49 AM, Unman wrote:
> > On Sat, Mar 04, 2017 at 04:18:56AM +0100, haaber wrote:
> >> Hello,
> >>
> >> I want to base my disp-vm's on debian-8. So I run in dom0
> >>
> >>> [me@dom0 dvmdata]$  sudo qvm-create-default-dvm debian-8
> >>> A VM with the name 'debian-8-dvm' does not exist in the system.
> >> this is strange, since /var/lib.qubes/appvms/debian-8-dvm DOES exist.
> >> Running it with "sh -x" prefix, I find the problem here:
> >>> [me@dom0 dvmdata]$  sudo sh -x qvm-create-default-dvm debian-8
> >>> [..]
> >>> + /usr/lib/qubes/qubes-prepare-saved-domain.sh debian-8-dvm
> >> /var/lib/qubes/appvms/debian- 8-dvm/dvm-savefile vm-default
> >>> A VM with the name 'debian-8-dvm' does not exist in the system.
> >> so the error  is produced by qubes-prepare-saved-domain.sh. Prefixing
> >> the hurting command with  "bash -x" gives
> >>
> >>> sudo bash -x qubes-prepare-saved-domain.sh debian-8-dvm
> >> /var/lib/qubes/appvms/debian- 8-dvm/dvm-savefile vm-default
> >>> [..]
> >>> + qvm-start debian-8-dvm --dvm
> >>> A VM with the name 'debian-8-dvm' does not exist in the system.
> >> This is a python2 script. Running it with -v reveals
> >>
> >>> [me@dom0 dvmdata]$ sudo /usr/bin/python2 -v /usr/bin/qvm-start
> >> debian-8-dvm --dvm
> >>> [..]
> >>> # /usr/lib64/python2.7/gettext.pyc matches /usr/lib64/python2.7/gettext.py
> >>> import gettext # precompiled from /usr/lib64/python2.7/gettext.pyc
> >>> # /usr/lib64/python2.7/locale.pyc matches /usr/lib64/python2.7/locale.py
> >>> import locale # precompiled from /usr/lib64/python2.7/locale.pyc
> >>> # /usr/lib64/python2.7/copy.pyc matches /usr/lib64/python2.7/copy.py
> >>> import copy # precompiled from /usr/lib64/python2.7/copy.pyc
> >>> A VM with the name 'debian-8-dvm' does not exist in the system.
> >> Here I am stuck. May anybody help me understand what may go wrong here? 
> >> Bernhard
> >>
> > Dont use sudo here - you may hit problems with permissions. The same
> > goes for all qube operations - qvm-clone, create etc.
> >
> > Can you simply delete the  /var/lib/qubes/appvms/debian-8-dvm directory
> > and then try 'qvm-create-default-dvm debian-8' , and report back?
> >
> Thanks for helping Unman! This happens:
> 
> [ me@dom0 ] rm -rf /var/lib/qubes/appvms/debian-8-dvm
> [ me@dom0 ] qvm-create-default-dvm debian-8
> --> Using TemplateVM: debian-8
> --> Creating directory: /var/lib/qubes/appvms/debian-8-dvm
> --> Copying the template's private image:
> /var/lib/qubes/vm-templates/debian-8/private.img
> --> Creating volatile image:
> /var/lib/qubes/appvms/debian-8-dvm/volatile.img...
> --> Creating icon symlink: /var/lib/qubes/appvms/debian-8-dvm/icon.png
> -> /usr/share/icons/hicolor/128x128/devices/appvm-gray.png
> Traceback (most recent call last):
>   File "/usr/bin/qvm-create", line 223, in 
> main()
>   File "/usr/bin/qvm-create", line 201, in main
> vm.create_on_disk(verbose=options.verbose, source_template=template)
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
> line 1308, in create_on_disk
> self._update_libvirt_domain()
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
> line 755, in _update_libvirt_domain
> raise e
> libvirt.libvirtError: operation failed: domain 'debian-8-dvm' already
> exists with uuid 61320a0c2-1e2a-4bff-b064-29fe587619b8
> 
> Bernhard

Look here:
www.qubes-os.org/doc/remove-vm-manually

That libvirt error sghows that you have a redundant entry in the db,
which you need to remove.
Then try creating the dvmTemplate again. Remember, no sudo!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170306135542.GA21521%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Assigning microphone to AppVM from terminal

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Fabrizio Romano Genovese:
> I've built a little toggle script to automatically attach/detach my camera to 
> an appvm. For the sake of completeness, I'd like to do the same for the 
> internal microphone.

https://github.com/rustybird/qubes-stuff/blob/master/dom0/bin/qvm-microphone

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJYvWDiXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfoD8P/1Of6v/HyTh/mw/P8+K/CARY
H+4f1IvASKO5srRM2vYtDs+kEyU+ykN/Rs05ru3HCmI2NVRfrVQftRlZqx55JIgm
6/mEud28WuLAk+ZwRsDEtklgsdIc+XshbvoW9yjuVTruD7KoC361LfqLjG7NJRzO
EEbKwjTK3PsZLpedUAzokE/xfEDhbxUhWDPZMKuOz5zkuMZVW8dQFU/va7+xsAHO
IPB9FsJk0kTN43OaeUGado7z5N5UQOfmXMEM12fAj3KHbGm8nV9cyEF3xmN48ey9
tZ/Zykmw7OahTBqXROzDLXLbkVFKpR86YQE1fIx7KM9Lqz6VGPn7L/zBsHz3dG4z
RXpC9X/WibY1CZek3myI7Jstd4LkGW8WH7PTwgZwUP61LpnH/gsJukDM4CEjBWGX
NuqRFmhokBqjkHGmumzW+h0I7DSnPULkGGy5tHULQ4HOm5r4o/O5LTTEgHMQHSPQ
jaQxoSVRZ2fdpu1BE7nPTqlt0/gFP9HesEy7q6Q5OlQg38k7j+oe6LHtKWQ272B4
3LQbQXmvCkHXoIew72ywN8WkFEuBy6uArGwetIDZ53bderxep+Bvo1064DUwObf/
KJ1rRYlIlapa5fECPZ6UJyseLlGOgOSCopSLEY6T83LC0ZmOa0HzJDKi8CfoNt/Z
ltlD2fZXowwhhM8ToKpk
=kAjE
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170306131514.GA5779%40mutt.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problems installing on device running Coreboot

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Duncan:
> Coreboot was configured as follows: SeaBIOS as primary payload [...]
> 
> The behavior of trying to boot a stock Qubes install that was installed
> using the installer booted by Coreboot, is that selecting the SSD to
> boot from just seems to result in hanging.

It's a SeaBIOS-related installer bug, see the last paragraph of
https://github.com/QubesOS/qubes-issues/issues/2553#issuecomment-284367521
for a workaround.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJYvUTvXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrf5tYP/1WYtGZitIJSrdE6+4CjzYzJ
WChkecv65fccuTWw2KNRK4kqwkqhRvPFf7LIqoR9T0Af7cI6sUhpAIfBEsJiFwml
a96iklx5CUTq3kC1g1dKybA215jklor+iZ+lQdkqI+XoX+tAYwXVnKx4wsHf/vjB
39gAY8DkyCehfbHBVH/eJEUQthTYQBTP4ApIIztXCYFyugX4Uroq5stfa7x2L1jg
25UccetgklignaZjvuiRt6cA7/3A+OVwOIwU1VeT2LKXgrWD9ioVIpqeF2U3OIB0
vSHvBLqR00WrAK52Yy4MfSI00QzcQxJ9zeLv8yBCNtfCGx9gHVXeSmusqDTAJ6S9
9vw12l7I0l8K7WPjBG6HMhFxAaymdTGh1McZKveg57RVHG6cJfOglNf50oSnSixI
YJZvd+0VVSY4LMgSmg/LhTsnR3w5V+/j8AXQJkJNCv5zbXO6MW4PjdyZSMOA/JlF
ieV3xmdiTI49Kw2qJlCY9e5iHRUru0jLYume3eIwFONsXenn3FEcYYnRMSw+hDYV
8lsd9GpCdvlqjCXpNkGtMgBf6uWuYcc+tnMhcqz9NfqEvY0lNOB7NOiCWC8aDDJa
soMQi/XkCZZ3ggb0TY7mtgcB5WPkHQnS7TQKn5JI3MaPJJ1ESRRCz2datO7JFpJI
qyBqbDKjQ/YEkIzZSYq6
=Be4n
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170306111559.GB5307%40mutt.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: salt, getting started (to disable CAPS LOCK and configure basic tools everywhere)

[Holger Levsen]

On Fri, Mar 03, 2017 at 10:38:04PM +, Holger Levsen wrote:
> so I've read qubes-doc.git/configuration/salt.md and wonder, /srv/salt is
> installed by the qubes packages and the document says the Qubes salt API is
> supposed to change between minor release - so where am I supposed to put
> *my* salt config?
> 
> Also what best practices / tools exist to maintain this in git in a VM and
> then copy it over to dom0?
> 
> My actual first "pressing" usecase to use Salt is to disable CAPS LOCK
> everywhere… :-)
> 
> My second use case would be to deploy the same customisations to basic
> tools (eg enable syntax highlighting in vim) everywhere…

anybody has some ideas? or is noone using salt successfully yet? ;)

also on Debian 8:

$ sudo apt install qubes-mgmt-salt-vm
[...]
The following packages have unmet dependencies:
 qubes-mgmt-salt-vm : Depends: qubes-mgmt-salt but it is not going to be 
installed
  Recommends: qubes-mgmt-salt-vm-python-pip but it is not 
installable
E: Unable to correct problems, you have held broken packages.


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170306105829.GB9319%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

[Holger Levsen]

Hi Vít,

On Sat, Mar 04, 2017 at 09:53:31AM -0800, Vít Šesták wrote:
> Holger, restore is already implemented in some basic form. (I havre mentioned 
> it here on Mar 1.) 

I'm sorry, I was wrong indeed and a bit too sarcastic too. I guess this was
due to your initial mail where there was no restore yet…

> Both backup and restore are equally important: Without backup you have 
> nothing to restore from.

well, true. But if you don't regularily test what you backup and test that you
can actually restore, your backup is rather worthless. You don't want to find
out your restore is broken, once your regular install is gone…

> Feel free to try it

I'm sorry, I'm at my limits…

> On testing: Some basic manual test passed, but I should create automated 
> tests. (Maybe integration tests are more important than unit tests here – 
> after ali, it mostly integrates existing products together.)

I think so, yes.
 
> You can test restore scenario (at some level) now:
> 
> 1. Backup.
> 2. Create new BackupStorageVM and new config directory for restore testing.
> 3. Run restore (./backup --action=restore other-args…) with specified config 
> directory and VM name template. For example, you specify template 
> “restore-testing-%” in order to add prefix “restore-testing-”.
> 4. Verify that restored VMs contain the desired data.

cool. Is that documented in your git repo too or just here? :)


and really: thank you very much for working on making the backup experience of
Qubes better. That's very very much appreciated!

-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170306105115.GA9319%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

Re: [qubes-users] Abridged summary of qube...@googlegroups.com - 33 updates in 17 topics

[Amilton Justino]

Em domingo, 5 de março de 2017 16:56:27 UTC-3, cooloutac  escreveu:
> On Sunday, March 5, 2017 at 1:47:46 PM UTC-5, Amilton Justino wrote:
> > Hello all,
> > 
> > I am not able to put ssh-agent and ssh-add to work automatically in an
> > AppVM with fedora 23.
> > Manually running every login works correctly. Has anyone got it?
> > 
> > Thanks in advance,
> 
> not sure what you mean?  maybe you can make a script on startup like here 
> https://www.qubes-os.org/doc/config-files/

Thank you, I'll see what I get with this.
Sorry for my poor English.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adc97736-55ca-4d3f-939d-f61d3cb5d799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-create-default-dvm fails

[haaber]

On 03/06/2017 12:49 AM, Unman wrote:
> On Sat, Mar 04, 2017 at 04:18:56AM +0100, haaber wrote:
>> Hello,
>>
>> I want to base my disp-vm's on debian-8. So I run in dom0
>>
>>> [me@dom0 dvmdata]$  sudo qvm-create-default-dvm debian-8
>>> A VM with the name 'debian-8-dvm' does not exist in the system.
>> this is strange, since /var/lib.qubes/appvms/debian-8-dvm DOES exist.
>> Running it with "sh -x" prefix, I find the problem here:
>>> [me@dom0 dvmdata]$  sudo sh -x qvm-create-default-dvm debian-8
>>> [..]
>>> + /usr/lib/qubes/qubes-prepare-saved-domain.sh debian-8-dvm
>> /var/lib/qubes/appvms/debian- 8-dvm/dvm-savefile vm-default
>>> A VM with the name 'debian-8-dvm' does not exist in the system.
>> so the error  is produced by qubes-prepare-saved-domain.sh. Prefixing
>> the hurting command with  "bash -x" gives
>>
>>> sudo bash -x qubes-prepare-saved-domain.sh debian-8-dvm
>> /var/lib/qubes/appvms/debian- 8-dvm/dvm-savefile vm-default
>>> [..]
>>> + qvm-start debian-8-dvm --dvm
>>> A VM with the name 'debian-8-dvm' does not exist in the system.
>> This is a python2 script. Running it with -v reveals
>>
>>> [me@dom0 dvmdata]$ sudo /usr/bin/python2 -v /usr/bin/qvm-start
>> debian-8-dvm --dvm
>>> [..]
>>> # /usr/lib64/python2.7/gettext.pyc matches /usr/lib64/python2.7/gettext.py
>>> import gettext # precompiled from /usr/lib64/python2.7/gettext.pyc
>>> # /usr/lib64/python2.7/locale.pyc matches /usr/lib64/python2.7/locale.py
>>> import locale # precompiled from /usr/lib64/python2.7/locale.pyc
>>> # /usr/lib64/python2.7/copy.pyc matches /usr/lib64/python2.7/copy.py
>>> import copy # precompiled from /usr/lib64/python2.7/copy.pyc
>>> A VM with the name 'debian-8-dvm' does not exist in the system.
>> Here I am stuck. May anybody help me understand what may go wrong here? 
>> Bernhard
>>
> Dont use sudo here - you may hit problems with permissions. The same
> goes for all qube operations - qvm-clone, create etc.
>
> Can you simply delete the  /var/lib/qubes/appvms/debian-8-dvm directory
> and then try 'qvm-create-default-dvm debian-8' , and report back?
>
Thanks for helping Unman! This happens:

[ me@dom0 ] rm -rf /var/lib/qubes/appvms/debian-8-dvm
[ me@dom0 ] qvm-create-default-dvm debian-8
--> Using TemplateVM: debian-8
--> Creating directory: /var/lib/qubes/appvms/debian-8-dvm
--> Copying the template's private image:
/var/lib/qubes/vm-templates/debian-8/private.img
--> Creating volatile image:
/var/lib/qubes/appvms/debian-8-dvm/volatile.img...
--> Creating icon symlink: /var/lib/qubes/appvms/debian-8-dvm/icon.png
-> /usr/share/icons/hicolor/128x128/devices/appvm-gray.png
Traceback (most recent call last):
  File "/usr/bin/qvm-create", line 223, in 
main()
  File "/usr/bin/qvm-create", line 201, in main
vm.create_on_disk(verbose=options.verbose, source_template=template)
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
line 1308, in create_on_disk
self._update_libvirt_domain()
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
line 755, in _update_libvirt_domain
raise e
libvirt.libvirtError: operation failed: domain 'debian-8-dvm' already
exists with uuid 61320a0c2-1e2a-4bff-b064-29fe587619b8

Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1385c377-20b1-eebd-aa74-80e8b4dddb77%40web.de.
For more options, visit https://groups.google.com/d/optout.