[qubes-users] Re: Qubes 4.0: Creating VMs on USB Drives?

[tharrisone]

Thanks for that, it works great. 
Is there someplace where I can read docs specific to qubes 4.0? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/404bc805-27cc-435e-8a04-55881900f4a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: shutdown problem with rc4.0

[Steffen Hartmann]

Am Montag, 16. Oktober 2017 22:48:21 UTC+2 schrieb tharr...@gmail.com:
> On Monday, October 16, 2017 at 8:03:57 PM UTC, Steffen Hartmann wrote:
> > Hello,
> > 
> > After a fresh install the shutdown procedure now hangs every time. I didnt 
> > have this issue on previous version.
> > 
> > Since the screen remains black, howto track down this effect?
> > 
> > I have a dell precision 5500 with 16 GB and permissive bit true for a 
> > broadcom network card.
> > 
> > Thank you in advance
> > 
> > Steffen
> 
> I've had this problem too but I waited for a while like 2 mins and it finally 
> shutdown but for some reason the disposable vms don't get reset.

ok I tried that,

I have been wating some hours but it didnt help. It even happens after logging 
into the os and shutdown immediatly. No disp. vms included.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef6ed3c3-b1c0-4253-9445-7158c88b0a84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0: Creating VMs on USB Drives?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Oct 16, 2017 at 01:47:17PM -0700, tharris...@gmail.com wrote:
> I read this after the release of rc1: 
> "Flexible VM volume manager (easy to keep VMs on external drives, or in 
> memory-only),..."
> 
> I'm on 4.0 rc1 using testing repo but I have no idea how to do this.

Take a look at qvm-pool tool. It allows you to create additional storage
pools, for example on a secondary disk (here mounted on /mnt/external).
For example:

qvm-pool -a ext file -o dir_path=/mnt/external

("ext" is freely chosen name)

Then, you can create new VMs there:

qvm-create -P ext -l red some-vm

If you want to migrate VMs between pools, it isn't directly possible.
But you can clone VM to a different storage pool (see qvm-clone).

More on this will be in a separate article.

For reference, pasting qvm-pool help here:

[user@dom0 ~]$ qvm-pool --help
usage: qvm-pool [-h] [--verbose] [--quiet] [-o options]
[-l | -i POOLNAME | -a NAME DRIVER | -r NAME | 
--help-drivers]

Manages Qubes pools and their options

optional arguments:
  -h, --helpshow this help message and exit
  --verbose, -v increase verbosity
  --quiet, -q   decrease verbosity
  -o optionscomma-separated list of driver options
  -l, --listlist all pools and exit (default action)
  -i POOLNAME, --info POOLNAME
print pool info and exit
  -a NAME DRIVER, --add NAME DRIVER
add pool
  -r NAME, --remove NAME
remove pool
  --help-driverslist all drivers with their options and exit

[user@dom0 ~]$ qvm-pool --help-drivers
DRIVEROPTIONS
file  revisions_to_keep, dir_path
linux-kernel  dir_path
lvm_thin  volume_group, thin_pool, revisions_to_keep

If you want to store some templates there, and/or a lot of VMs, I
recommend "lvm_thin" driver (you need to create LVM volume group, then
thin pool manually). But for just few VMs, "file" driver should be
enough.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJZ477/AAoJENuP0xzK19csrf8IAJVTO1Gzm18LTJjQlhhmVD/v
4RQ3ctSNvj9McihbGSuk1CApvdOiuZIT38rZCqz922QT2uoC9hDXWe7tWuodhCqT
ZOxSWxpINPEMtjfY6LH4hROeGbSPWrsUvR0ScHmMcve11z5fxx/OWTztTwvqmC4P
1WQqlShRY+FbzWr+5NDR7GkoXFpPNaLtY7rT7lCnMGllcvud5KbbhdHS8e4KJ9jJ
IXErE65XHytQaFvMtKdIJPw6JIlK8cJYkrEiAy7ySqhctTzpseXNFGdk7mX39a6/
D6bQ/w5VCfJ1eqC2qi4h2Nt3j4W0SlmE5TXNWaNxxNwC3X1jKZPKI8yw/fssI6U=
=pQua
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171017003524.GK10749%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to uninstall or reinstall Whonix

[Franz]

On Mon, Oct 16, 2017 at 10:02 AM, Franz <169...@gmail.com> wrote:

>
>
> On Mon, Oct 16, 2017 at 4:13 AM, Franz <169...@gmail.com> wrote:
>
>>
>>
>> On Mon, Oct 16, 2017 at 4:09 AM, Franz <169...@gmail.com> wrote:
>>
>>>
>>>
>>> On Sat, Oct 14, 2017 at 11:17 AM, Person  wrote:
>>>
 I believe I’m going to ask the Whonix forums, then.

 Thank you all for your input.


>>> It is really very simple, just  follow instructions here
>>>
>>> https://www.qubes-os.org/doc/whonix/install/
>>>
>>> In my case the command did not work in one step, I had to divide it in
>>> two
>>>
>>> sudo qubes-dom0-update --enablerepo=qubes-templates-community 
>>> qubes-template-whonix-ws
>>>
>>>
>>>
>>> sudo qubes-dom0-update --enablerepo=qubes-templates-community 
>>> qubes-template-whonix-gw
>>>
>>> Best
>>>
>>
>> But if it had been already installed  previously, you should add the
>> option
>>  --action=reinstall
>>
>
> Well installation works well, but trying to start the template I get a
> cannot execute a qrexec-daemon
>

A work-around: changing the netVM of whonix-gw to sys-firewall allows
whonix-gw to start without the qrexec issue. Then shutting it down and
using the correct netVM that is sys-whonix everything works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qBOJq0AjHD0S7B%3Dh2zHLzharpwhWGNWBpqByvbsH2E_JQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VMWare machine on Qubes

[Unman]

On Mon, Oct 16, 2017 at 01:57:50PM -0700, Alejandro Berlanga wrote:
> Hello everyone,
> 
> FIrst of all I am very noob to Qubes. And my problem is that I have a vm 
> machine created for vmware and I was hoping if there is a way to install it 
> on Qubes?
> 
> P.D. If you need more info tell me please!!
> 
> Thank You
> 

You can convert the disk to raw format and then try to use it in a qube.
Something like 'qvm-img convert -S -O raw  '
Then configure a new qube and use the new raw img as root.img
The chances of this working are dependent on what OS is involved - some
wont boot given a substantial hardware change, some may require
relicensing.

hth

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171016224307.nq3fvsmltadprm2n%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes Patch for WPA_SUPPLICANT KRACK exploit

[cyberian]

Should I wait for qubes to release a patch or should I grab the Fedora 25 patch 
for this exploit?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/659e8e64-7de7-46c6-90a4-fd8a94f75847%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes Live Images

[Unman]

I had some enforced spare time last week and dusted off some old Live
images for r3.2. They need tidying up but are usable now.

There are two iso images, suitable for burning to DVD or USB.
Both use Debian templates.
The smaller (2GB) is pretty vanilla, with some additional non-free
drivers for wifi adapters.
The larger (2.4GB) has a TorVM, and Tor Browser in an online qube.
There are restrictive iptables on sys-net and TorVM, and MAC spoofing
set on sys-net. The offline qube has libre office and veracrypt
installed.

The menu system is simple, and wont update if you create new qubes.
You'll need to use 'qvm-run -a  ', or practice working with
the mysteries of xdg menus.

Both images will run(sort of) in 4GB RAM - 8 is better.

If you use DVD then get used to the sound of the disc thrashing. The
faster DVD drive you have the better. (That said they work reasonably well
on an old MacBook with 8GB RAM.) You also need patience - generally it
seems better to start new qubes discretely.

Running from USB is fine. If you have ample RAM you'll forget it's a
live system, unless you hammer the (limited) free disk space.

Both images are available from http://qubes.3isec.org - hashes and
signatures to check included.

I hope to have updated versions ready for 4.0-rc2, along with a tidy build
system, and (maybe) an installer.

Cheers

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171016223202.asz2pplz7caouqdz%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] FYI: New email address

[Ron Qubed]

Just a quick note that I've switch to a new email address dedicated to this
group, and unsubscribed my old ronhd at shaw address. It's still active,
but I won't see posts to the group ML on it.

Thanks,
Ron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEbwT065BT%3D7z_PjbduZrWnJ7PZFCjXLxUXhMaH8YEcEkXFHEg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] VMWare machine on Qubes

[Alejandro Berlanga]

Hello everyone,

FIrst of all I am very noob to Qubes. And my problem is that I have a vm 
machine created for vmware and I was hoping if there is a way to install it on 
Qubes?

P.D. If you need more info tell me please!!

Thank You

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e228ad5-6ba1-4953-9ef9-1f9fcac171f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: shutdown problem with rc4.0

[tharrisone]

On Monday, October 16, 2017 at 8:03:57 PM UTC, Steffen Hartmann wrote:
> Hello,
> 
> After a fresh install the shutdown procedure now hangs every time. I didnt 
> have this issue on previous version.
> 
> Since the screen remains black, howto track down this effect?
> 
> I have a dell precision 5500 with 16 GB and permissive bit true for a 
> broadcom network card.
> 
> Thank you in advance
> 
> Steffen

I've had this problem too but I waited for a while like 2 mins and it finally 
shutdown but for some reason the disposable vms don't get reset. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54747e3e-a9d4-401a-af8f-76e3ff5c2d62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4.0: Creating VMs on USB Drives?

[tharrisone]

I read this after the release of rc1: 
"Flexible VM volume manager (easy to keep VMs on external drives, or in 
memory-only),..."

I'm on 4.0 rc1 using testing repo but I have no idea how to do this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c53a7508-8ce9-4d3a-bad6-f8eec7ce3947%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] shutdown problem with rc4.0

[Steffen Hartmann]

Hello,

After a fresh install the shutdown procedure now hangs every time. I didnt have 
this issue on previous version.

Since the screen remains black, howto track down this effect?

I have a dell precision 5500 with 16 GB and permissive bit true for a broadcom 
network card.

Thank you in advance

Steffen

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4241af81-4810-4462-b450-7cc5a0377d11%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0-rc2 release

[Foppe de Haan]

On Monday, October 16, 2017 at 8:07:37 PM UTC+2, plata...@gmail.com wrote:
> Dear Qubes Team,
> 
> in there the next delay or will the 4.0-rc2 be released in the next couple of 
> hours (today)?
> 
> regards
> 
> gregor

Delayed one week. Reasons here: 
https://groups.google.com/forum/#!topic/qubes-devel/23FwvVd-pjU

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e489fdeb-37e5-444d-b33a-9ba8ec6b7252%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0-rc2 release

[platagregor]

Dear Qubes Team,

in there the next delay or will the 4.0-rc2 be released in the next couple of 
hours (today)?

regards

gregor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/244483ec-3f23-409e-ba38-8813613ffd92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to uninstall or reinstall Whonix

[Franz]

On Mon, Oct 16, 2017 at 4:13 AM, Franz <169...@gmail.com> wrote:

>
>
> On Mon, Oct 16, 2017 at 4:09 AM, Franz <169...@gmail.com> wrote:
>
>>
>>
>> On Sat, Oct 14, 2017 at 11:17 AM, Person  wrote:
>>
>>> I believe I’m going to ask the Whonix forums, then.
>>>
>>> Thank you all for your input.
>>>
>>>
>> It is really very simple, just  follow instructions here
>>
>> https://www.qubes-os.org/doc/whonix/install/
>>
>> In my case the command did not work in one step, I had to divide it in two
>>
>> sudo qubes-dom0-update --enablerepo=qubes-templates-community 
>> qubes-template-whonix-ws
>>
>>
>>
>> sudo qubes-dom0-update --enablerepo=qubes-templates-community 
>> qubes-template-whonix-gw
>>
>> Best
>>
>
> But if it had been already installed  previously, you should add the option
>  --action=reinstall
>

Well installation works well, but trying to start the template I get a
cannot execute a qrexec-daemon

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCV-7-5kw3OK4_uH9SRkEVD-Ta8bziuT5KuLeJF0_uvtA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connect to the AppVM with VNC using Xen capabilities

[msgheap]

воскресенье, 15 октября 2017 г., 1:46:40 UTC-4 пользователь msg...@gmail.com 
написал:
> Hello.
> 
> I want to connect to one of my AppVMs with VNC from remote host using Xen 
> capabilities.
> I wanted to do it with the custom Xen config, but I can't figure out how to 
> change the default Xen config or use custom Xen config to start my AppVM. I 
> think it was possible in Qubes OS 3.2 with "qvm-start 
> –custom-config=CUSTOM_CONFIG", but I've installed Qubes OS 4.0 
> (current-testing) and there is no such option now.
> I've found the location of the Xen configs used for VMs in 
> /etc/libvirt/libxl/vmname.xml and tried to change the graphics type parameter 
> from 'qubes' to 'vnc' in my AppVM config with virsh and then start the AppVM, 
> but the Xen config keep reverting back to its original state after I start 
> AppVM. Is it hardcoded for Qubes OS to overwrite this file every time when I 
> start VM?
> How can I enable vnc in Xen config for Qubes OS VM?
> Rdp/x11vnc and other services that can be installed in the quest OS are not 
> an options, because I need to access the VM even if the network is broken in 
> the VM.

I've found the way to do it in this document:
https://github.com/QubesOS/qubes-core-admin/blob/master/doc/libvirt.rst
It works fine.

Also, there was an error in this libvirt.rst document, it states that it looks 
for the files:`/etc/qubes/templates/libvirt/by-name/.xml` but it actually 
looks for files:`/etc/qubes/templates/libvirt/xen/by-name/.xml` in the 
source code:
https://github.com/QubesOS/qubes-core-admin/blob/master/qubes/vm/__init__.py

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6025a370-8fb7-44f5-91ec-dee3ad1f1cdd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Expired certificate warnings for ftp.qubes-os.org

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Oct 16, 2017 at 03:16:22PM +0300, private user82 wrote:
> Hi,
> 
> I'm receiving warnings in my browser that the certificates for 
> "ftp.qubes-os.org" and "keys.qubes-os.org" have expired today. 
> 
> SHA256 
> Fingerprint=42:DE:02:82:3F:8C:27:3E:6B:E0:D0:8B:4F:36:7A:64:23:9F:CD:74:78:2B:82:43:1E:0C:31:AE:0C:B6:54:F3
> 
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
> Validity
> Not Before: Jul 18 08:15:00 2017 GMT
> Not After : Oct 16 08:15:00 2017 GMT
> Subject: CN=ftp.qubes-os.org

Thanks, fixed.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJZ4xW4AAoJENuP0xzK19cspdsH/RhJtkvZ5M6dGB/urJ1RqoiM
WHyLKpLDXeGyE56SIeaH2WhBh1s46Qa/XufrPk8x4pN2//rp7mGapRI8Xnq8E4Lt
OcEwHCmXCzIgnOnz152VZpts+hN5eO3dN8ioAj/Ge+DEHZJPHaiz5XEiHFFckhxW
Jr6ec9nFR86JNOAdBTm6xte4RIz2aLLF8B0OySPRCBGRVhQMhnQTdVexroGNA4Zh
O1Qa3BlJzjomBSS7kNrm4+oKmTP2T1T3MrjgxM3Fp4UUBB08QLLiNAZGZcTgJ/vn
JSRGBBYtd646Gp1T9pLF7ytzNA3VejOxJwW3H9J7OBJDFtS4Js3f4p8TydYWcK4=
=9+60
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171016123309.GJ10749%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Expired certificate warnings for ftp.qubes-os.org

[private user82]

Hi,

I'm receiving warnings in my browser that the certificates for 
"ftp.qubes-os.org" and "keys.qubes-os.org" have expired today. 

SHA256 
Fingerprint=42:DE:02:82:3F:8C:27:3E:6B:E0:D0:8B:4F:36:7A:64:23:9F:CD:74:78:2B:82:43:1E:0C:31:AE:0C:B6:54:F3

Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Jul 18 08:15:00 2017 GMT
Not After : Oct 16 08:15:00 2017 GMT
Subject: CN=ftp.qubes-os.org

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13141508156182%40web17j.yandex.ru.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] fedora-25 template

[Roy Bernat]

Hi 

i have created new vm using fedora-25 . when i am using external screen the 
apps in this vm resolution are very big (...strange )

when i am creating vm from debian template  everything work fine . 

again thanks 



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/28b93b6e-ec9e-4c9c-8b5b-6e19d24f24f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Read-only file system in applVM

[Foppe de Haan]

On Friday, October 13, 2017 at 4:12:12 AM UTC+2, Chris Laprise wrote:
> On 10/12/2017 06:42 AM, Foppe de Haan wrote:
> > On Wednesday, October 11, 2017 at 10:08:18 PM UTC+2, Chris Laprise wrote:
> >> On 10/11/2017 04:05 PM, Chris Laprise wrote:
> >>>
> >>> I can explain the steps. You may wish to backup your appVM before
> >>> continuing.
> >>>
> >>> 1. Start a dispVM (I'll call it disp1). Your appVM should not be running.
> >>>
> >>> 2. In dom0 run 'qvm-block -A /var/lib/qubes/appvms/yourappvm/private.img'
> >>> Substitute 'yourappvm' in above command with the name of your appVM.
> >> Correction: This command should be 'qvm-block -A disp1
> >> dom0:/var/lib/qubes/appvms/yourappvm/private.img'
> >>
> >>
> >> -- 
> >> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
> > just for my information: why not just run that from dom0 directly (e.g. 
> > sudo fsck /var/lib/qubes/appvms/bla/bla.img)? is there a security risk 
> > involved with the invocation of fsck?
> >
> 
> Actually, yes there is a risk.
> 
> -- 
> 
> Chris Laprise, tas...@posteo.net
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

btw, when I try this (qvm-block method) in R4.0-rc1, I get 'backend vm 'dom0' 
doesn't expose device '/var/lib/qubes/etc/etc.img'.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c065d54a-ec38-4f55-84d0-e8b6adfae77d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to uninstall or reinstall Whonix

[Franz]

On Mon, Oct 16, 2017 at 4:09 AM, Franz <169...@gmail.com> wrote:

>
>
> On Sat, Oct 14, 2017 at 11:17 AM, Person  wrote:
>
>> I believe I’m going to ask the Whonix forums, then.
>>
>> Thank you all for your input.
>>
>>
> It is really very simple, just  follow instructions here
>
> https://www.qubes-os.org/doc/whonix/install/
>
> In my case the command did not work in one step, I had to divide it in two
>
> sudo qubes-dom0-update --enablerepo=qubes-templates-community 
> qubes-template-whonix-ws
>
>
>
> sudo qubes-dom0-update --enablerepo=qubes-templates-community 
> qubes-template-whonix-gw
>
> Best
>

But if it had been already installed  previously, you should add the option
 --action=reinstall

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAyNUe0REwG9LsVTtxWJjHE%2Bm2crkFr%3DKJNonTvwJpeAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to uninstall or reinstall Whonix

[Franz]

On Sat, Oct 14, 2017 at 11:17 AM, Person  wrote:

> I believe I’m going to ask the Whonix forums, then.
>
> Thank you all for your input.
>
>
It is really very simple, just  follow instructions here

https://www.qubes-os.org/doc/whonix/install/

In my case the command did not work in one step, I had to divide it in two

sudo qubes-dom0-update --enablerepo=qubes-templates-community
qubes-template-whonix-ws



sudo qubes-dom0-update --enablerepo=qubes-templates-community
qubes-template-whonix-gw

Best

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCaQ9hBr%3D2W%3DpmXk8U-rq8ty1aQOxUzNNWhWMveGF4xng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: AW: Re: [qubes-users] AW: Idea for (resonable secure) cloud-storage usage with Qubes

[David Hobach]

Hi again,

On 10/15/2017 08:37 PM, '[799]' via qubes-users wrote:

I think you have some misconceptions here
- the main one being why people tend to use
Qubes OS: Segregation of data to application-
specific domains, i.e. impact of a domain
compromise is limited.


You are right, regarding why people use Qubes.
But depending on specific workflows there is a need to either work with cloud 
storage for collaboration or to switch the OS completely for this use case.


Ok, that's something I can understand. So far I was under the impression 
that all of your VMs were using that cloud backed storage.



Think about a (cloud based or on premise) storage service which is used by 
several people.
My goal is to work 100% in Qubes and I think that splitting access of data and 
local storage offers a better security than having the data synced and stored 
in one AppVM.
And I tried to build something that makes it easier to access data from various 
VMs in an easy way (knowing that it is less secure than using qvm-copy-to-vm).
But using some scripts we can reduce the attack surface on nfs in such a way, 
that we only enable NFS/open ports when access is needed.
I can't see how this approach is less secure than using one VM for 
syncing/storing/accessing the data?


The point here is that it's not much more secure neither. In fact you 
might even introduce unwanted mistakes (mistakenly opening ports to one 
of your other VMs e.g.), which ultimately could lead to the compromise 
to one of your other VMs.


Attacking a nfs implementation shouldn't be too hard for a dedicated 
attacker, i.e. you can bet that a compromise of any of your 
nfs-connected VMs would lead to a compromise of _at least_ all of your 
nfs connected VMs. Which is equal or worse than what you had without 
that idea.


So the standard attack path would be:
other OS --> nfs-client VM --> other nfs VMs


Your idea however makes your Qubes
installation vulnerable to: - Any attacks
originating from that OS ("files should still be
accessible/decryption from other Operating
systems")


True, but wouldn't this mean that the AppVM which is working as NFS Client must 
be compromised before NFS is attacked?


Yes, also holds for the standard Qubes OS model though (you running your 
nfs client in the same domain where you have your nfs data).



Nfs-based attacks (basically all your AppVMs
using nfs will be vulnerable to all nfs
vulnerabilities


NFS access to the server is allowed on a per VM basis (firewall allow per IP), 
shouldn't this be enough to reduce NFS attack surface?


No. Protocol & implementation vulnerabilities exist.


encfs based attacks which people can even
find on wikipedia.


Yes true, it is a shame, that we still don't have a multiplatform open source 
encryption standard that could maybe also be adapted by cloud storage providers.
But as mentioned the idea could also be implemented with other encryption 
solutions like CryFS, ...


I don't know that one.

Anyway file-based encryption suffers from revealing meta data such as 
file access timestamps, number of files, work activity, maybe even 
folder structures.


Volume-based encryption doesn't tend to have these issues. The 
containers of the truecrypt successor should also be supported by 
cryptsetup if I recall correctly.


Assuming the other OS is Qubes OS you could do one encrypted 
voloume/container per Qubes domain and do an implementation as follows:

- mount the remote fs in some "distributor" appVM, e.g. using sshfs
- use qvm-block from dom0 to attach the encrypted containers from the 
distributor VM to the respective target domains
- decrypt the containers in the respective domains using keys that can 
only be found there


That implementation still suffers from parsing attacks on cryptsetup, 
but the others should be identical to attacking Qubes OS itself.


It might be possible to mitigate potential cryptsetup issues by writing 
an own qrexec service, but that should be left to the pros...


The performance should be roughly as good as reading & writing from a 
network backend is in general.


For non-Qubes OS systems I don't see the point of separating domains 
though. The other OS doesn't do it neither.


KR
David

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5758a2c-bcdd-aa2b-ece9-b7031e22d59a%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qubes-users] No space left on device

[Franz]

On Sun, Oct 15, 2017 at 12:00 PM, Franz <169...@gmail.com> wrote:

>
>
> On Oct 13, 2017 22:19, "Franz" <169...@gmail.com> wrote:
>
>
>
> On Oct 13, 2017 20:56, "Franz" <169...@gmail.com> wrote:
>
>
>
> On Oct 13, 2017 19:32, "Marek Marczykowski-Górecki" <
> marma...@invisiblethingslab.com> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Fri, Oct 13, 2017 at 06:27:31PM -0300, Franz wrote:
> > whonix was not working so tried to reinstall it for 3.2Qubes with this
> > command
> >
> > $ sudo qubes-dom0-update --enablerepo=qubes-templates-community
> > --action=reinstall qubes-template-whonix-ws
> >
> > However while it worked for whonix-gw I am getting the following error
> > for whonix-ws after the long download:
> >
> >  qfile-agent: Fatal error: File copy: No space left on device; Last
> > file: qubes-template-whonix-ws-3.0.6-201608050146.noarch.rpm (error
> > type: No space left on device)
> > '/usr/lib/qubes/qrexec-client-vm dom0 qubes.ReceiveUpdates
> > /usr/lib/qubes/qfile-agent /var/lib/qubes/dom0-updates/packages/*.rpm'
> > failed with exit code 1!
> >
> >
> > No space left on device? Running df -h on dom0 the most used item is:
> >
> > /dev/dm-1  82%, used 189G available 43G which should be more than
> > enough for a less than 700MB download
> >
> > So where should I look for?
>
> Template (and generally packages) is downloaded to
> /var/lib/qubes/updates in dom0. Maybe you have something smaller mounted
> there?
>
>
> There I found only the following: /var/lib/qubes/updates/rpm/qub
> es-template-whonix-ws-3.0.6-201...noarch.rpm
>
> Doing
> du -h
> There gives 191M which is very smaller than the 43G I expected.
>
> But the fact that some space is still available suggests that the template
> was fully downloaded and I do not have to download it again. Correct?
>
> You
>
> may want to try --clean option, to clean cache first.
>
>
> It seems --clean is an option for a command. Which command?
>
>
> I understood, it is the same update command. But running it, it replies 0
> files removed. So it may not help.
>
> Is there a easy way to increase space?
>
>
>
> I updated the template again using the --clean option, but I get the same
> "no space left" error.
>
> But the situation is even worse. Now df -h shows that even the last 43G
> disappeared from /dev/dm-1. So zero available space left.
>
> Hope there is a solution
> Best
> Fran
>

I removed some templates and everything worked again. It seems there is
only a limited space allocated to templates and when this space fills up,
then it messes with the general space available in the system at /dev/dm-1
eating up all available space.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qC2J08wRKWm%2B%3DFCWFK1MHYbgyx9DFc8LUwbE9ZAvW-efA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.