date:20180311

On Monday, March 12, 2018 at 5:16:28 AM UTC+1, sevas wrote:
> actually... maybe I did. I made a reply to the KDE/Template sec discussion 
> and it was gone.

maybe it'll help if we say we love google? Joke aside... it's very frustrating. 
but at least we got a topic on it now, so if others see it, they know they're 
not alone. Exiting moment to see if this message will disappear too or not... I 
mean, maybe we can outsmart it by having love and google in the same sentence 
(sarcasm).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71738233-40cf-47f1-9e76-20e315169b16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Custom resolutions-xrandr

2018-03-11 Thread randallrbaker

Did that solve the black bar issue? Also I'm the so called average user so I 
would need a small step by step guide cause this looks super confusing.
Thanks an advance

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2fe3409-858c-40ee-a074-d253119df535%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] whonix won't connect to the net

2018-03-11 Thread randallrbaker

So i have network, but whenever I try and connect to the net it fails when 
routed to wbonix. I'm running qubes 4.0 rc5 but it won't even allow me to 
download all the updates.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac329107-177a-4c8a-a93f-08d89773f301%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: anyone else get hit by google's auto-deleting qubes users mail responses the moment they are send?

actually... maybe I did. I made a reply to the KDE/Template sec discussion and 
it was gone. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07ab9091-2c93-44e9-89bc-1edcb698540c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: anyone else get hit by google's auto-deleting qubes users mail responses the moment they are send?

I have not experienced this and you may be right, it wouldnt suprise me from 
them these days. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef30591b-62f2-4528-bd5c-f042d6a059a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Custom resolutions-xrandr

2018-03-11 Thread Nazar Zhuk

> If im trying to create a custom resolution that I can auctually see on my 
> 3200x1800 how do I get rid of the black area and make the resolution full 
> screen? I tried adding xrandr --output eDP-1 set "scaling mode" "full aspect" 
> and nothing is happening.I allready made a resolution of 1800x1400, but 
> instead of going full it just shrinks the display to fit into a box.

This worked for me on Dell XPS 13 (9360) with 3200x1800 screen: 
https://askubuntu.com/a/377944.

My normal setup though is increasing fonts in dom0 XFCE; and in VM's 
Xft.dpi=216, GDK_SCALE=2, GDK_DPI_SCALE=0.5. There is QT5 scaling option too. 
See https://wiki.archlinux.org/index.php/HiDPI#X_Resources

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/E8Wn6ifqjqJLN3DmOucXBoZirPO57z8339l9Wz94_BWz7D95RrTJPkqIExLeIAx7RA0FC8uK2Qhqcy-_6EQlDikN6eMXuMBQSfU7aS7ZFdE%3D%40zhuk.online.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread Chris Laprise

On 03/11/2018 10:03 AM, David Hobach wrote:

On 03/11/2018 11:21 AM, Chris Laprise wrote:

...and for now omitted the '-d' destination part in iptables.

Then if I issue:

sudo iptables -t nat -F PR-QBS
sudo iptables -t nat -A PR-QBS -i vif+ -p udp --dport 53 -j DNAT
--to $eth0_address
sudo iptables -t nat -A PR-QBS -i vif+ -p tcp --dport 53 -j DNAT
--to $eth0_address

it appears to work from a downstream appVM. But I haven't checked yet
to see if its really using the dnscrypt proxy; even if it is, the
config may need to be adjusted for better security.

I just tested that one (my implementation was also doing pretty much
exactly that + a local INPUT chain firewall so it was a 5 min test
removing the INPUT firewall):

Since you'll need something like

-I INPUT -p udp -m udp --dport 53 -j ACCEPT
-I INPUT -p tcp -m tcp --dport 53 -j ACCEPT

I used this, which is Alex's example without '-d':

iptables -I INPUT 3 -j ACCEPT -p udp --sport 1024:65535 --dport 53 -m
conntrack --ctstate NEW

it makes DNS accessible for all downstream VMs regardless of the
qubes-firewall settings, i.e. apprently the nft FORWARD rules are not
applied for DNAT to localhost.

That's probably why I had opened that github issue & implemented a local
firewall back then...

You can verify my findings by using the dom0 qvm-firewall command line
to revoke DNS access for a downstream VM & then use e.g. dig in that VM.
The qubes-vm-settings GUI won't work as in 4.0 DNS & ICMP is always
allowed.

So yes, if one is aware of that issue, one can certainly use it the way
you described. If you rely on the qubes-firewall to work as expected,
you shouldn't use it.

Thanks for the specific caveat.

Qubes 3.2 firewall had a dns incompatibility when you configured a
tunnel such as openvpn. I was able to fix that problem (pretty
seamlessly) with sed :) .

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a802b5cd-0b42-c548-716b-3eaf3519f17d%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes won't boot 'kernel panic', where is AppVm data?

On Sun, March 11, 2018 10:03 pm, ale10203...@gmail.com wrote:
> Hello, I am currently locked out of my qubes system because of a "kernel
> panic" error I encounter when I boot the system, after the grub screen. I
> don't really know what to do. The only thing I did before this to happen
> is to try to install AEM (without success), it may be the reason for
> this. Is there any fix to this?

Haven't tried AEM, unfortunately.

> I still have my qubes installation media,
> I can run the troubleshooting mode. I have qubes R4-rc4.
> I am also searching for the place to search for my appvms data so I can
> backup them and then re-install qubes (I use qubes for some months now),
> I can't find the appvm data anywhere... thanks for your answers !

Qubes R4.0 uses LVM instead of files- each disk in each AppVM is a
separate LVM logical partition. Short version is you mount the decrypted
disk, then you scan it for LVM partitions, and then mount the filesystem
inside the LVM partition you want to recover. Have only done it once or
twice, can't remember exact commands, but search for something like LUKS
LVM rescue.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19e47a061ac3f1be0da0883c24d3a355.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: FYI: Kernel Hardening; a discussion (2018)

On Sun, March 11, 2018 5:49 pm, sevas wrote:
> I did not mean to go so far south with the above statements. So heres my
> additions for alternatives...
>
> CopperheadOS is doing a project still early in the making on reawakening
> the open source kernel hardening. The GitHub page can be found here:
> https://github.com/copperhead/linux-hardened/issues
>
>
> ...which are limited.

I agree, it's disappointing grsecurity couldn't figure out a better way to
handle that.

You might find this interesting, though:
http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aab399088b8ba801a475147db625f619.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dependency error building Qubes

On Sun, March 11, 2018 9:22 pm, rucksack.peter via qubes-users wrote:
> I'm trying to build a Qubes ISO on a Fedora 26 System, following the
> instructions of the documentation page "Building Qubes OS ISO", and get
> this error message:
>
> make[1]: Entering directory '/home/xy/qubes-builder'
> sudo chroot /home/xy/qubes-builder/chroot-fc25 dnf install -y
> gcc-6.4.1-1.qubes1.fc25.x86_64 libgcc.x86_64 Qubes OS Builder Repository
> 251 kB/s | 257  B 00:00
> No package gcc-6.4.1-1.qubes1.fc25.x86_64 available.
> Package libgcc-6.4.1-1.fc25.x86_64 is already installed, skipping.
> Error: Unable to find a match.
> make[1]: *** [qubes-src/vmm-xen/Makefile.builder:27:
> workaround-gcc-upgrade-fc25] Error 1 make[1]: Leaving directory
> '/home/xy/qubes-builder'
> make: *** [Makefile:224: vmm-xen-dom0] Error 1
>
>
> How can I fix this?

I hit that too but didn't have time to dig in to it. The "qubes1" in the
filename doesn't look quite right, I'd expect just "qubes" but maybe it's
some other issue. If you want to fix it, look at the build-logs and build
script and try to figure out where that is coming from? It's possible it's
already fixed in Marek's repo but hasn't yet made it to master, so you
might want to check recent commits there too.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/893d9fc003f53c6f2cb357a16ce4fc7a.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] anyone else get hit by google's auto-deleting qubes users mail responses the moment they are send?

As the title suggests, the very moment sending mail responses, it changes and 
turns into a deleted message. This has now happened twice in a row. So this is 
a heads-up for google's new level of censorship craziness. Though I have to 
wonder why it only hits some people, maybe it's because of certain Tor nodes 
out there..

Case of point, double deletes
https://groups.google.com/forum/#!topic/qubes-users/b84gHvES2Bc

I have to wonder if creating a new mail topic will be deleted too, if so, then 
at least some of you will read it. 

Given the above double accident twice in a row, and also the increased number 
of deleted messages here and there lately, it seems like google's auto-delete 
bot system is going overboard on its censorship. No harmful content was 
included, just a normal message like any other.

- Yu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78f41063-d548-4dd1-abb8-37617a6fe3e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes won't boot "kernel panic", where is AppVm data?

2018-03-11 Thread ale10203040

Hello, I am currently locked out of my qubes system because of a "kernel panic" 
error I encounter when I boot the system, after the grub screen. I don't really 
know what to do. 
The only thing I did before this to happen is to try to install AEM (without 
success), it may be the reason for this.
Is there any fix to this? I still have my qubes installation media, I can run 
the troubleshooting mode. I have qubes R4-rc4. 
I am also searching for the place to search for my appvms data so I can backup 
them and then re-install qubes (I use qubes for some months now), I can't find 
the appvm data anywhere... thanks for your answers !

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf7e1461-8946-416b-a9e3-cda06a93a3f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Want to use qubes. Will my pc be compatible?

2018-03-11 Thread 799

Hello,

Am 11.03.2018 10:27 nachm. schrieb "konngammre" :

So recently I found out about qubes-whonix and really want to try it out
for myself but, I have a new pc and was wondering if it will work. Also

if I have qubes on one drive and windows one another and the qubes drive is
encrypted does the windows drive compromise security of qubes?

I highly suggest to read or at least take a quick look over the excellent
Qubes documentation at https://www.qubes-os.org/doc/

Specifically:
https://www.qubes-os.org/faq/#is-there-a-list-of-hardware-that-is-compatible-with-qubes-os

... and ...

https://www.qubes-os.org/faq/#can-i-install-qubes-os-together-with-other-operating-system-dual-bootmulti-boot

Questions from me:

1) what is your level of Linux expertise?

2) which applications are you running inside windows?

You could run Windows as HVM within Qubes to minimize the need to boot up
windows.
This is also a good migration way to find out which apps you need in Qubes
to replace existing windows apps.

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2to1e4TpCjGoGOCyLNunaVRzmXN6EoQoTPZ70K5UTyHMw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Want to use qubes. Will my pc be compatible?

2018-03-11 Thread konngammre

So recently I found out about qubes-whonix and really want to try it out for 
myself but, I have a new pc and was wondering if it will work. Also if I have 
qubes on one drive and windows one another and the qubes drive is encrypted 
does the windows drive compromise security of qubes?

gpu-Gtx 1060
cpu-ryzen 5 1600x
mobo-b350-f
12gb of ram

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/340cf6d5-3a3d-4918-8ab6-b90c739314a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Will qubes work with this pc?

2018-03-11 Thread koredofr

So i recently got a pc and then learned about qubes-whonix and was wondering if 
it will work with my pc. Also If I have a encrypted qubes drive and a windows 
drive can the windows drive compromise qubes?

gpu-gtx 1060
cpu-ryzen 5 1600x
mobo-b350-f
12 gb of ram

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fef2381e-ec5a-467f-b52b-5b9c843e92b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Dependency error building Qubes

2018-03-11 Thread rucksack.peter via qubes-users

I'm trying to build a Qubes ISO on a Fedora 26 System, following the 
instructions of the documentation page "Building Qubes OS ISO", and get this 
error message:

make[1]: Entering directory '/home/xy/qubes-builder'
sudo chroot /home/xy/qubes-builder/chroot-fc25 dnf install -y 
gcc-6.4.1-1.qubes1.fc25.x86_64 libgcc.x86_64
Qubes OS Builder Repository 251 kB/s | 257  B 00:00
No package gcc-6.4.1-1.qubes1.fc25.x86_64 available.
Package libgcc-6.4.1-1.fc25.x86_64 is already installed, skipping.
Error: Unable to find a match.
make[1]: *** [qubes-src/vmm-xen/Makefile.builder:27: 
workaround-gcc-upgrade-fc25] Error 1
make[1]: Leaving directory '/home/xy/qubes-builder'
make: *** [Makefile:224: vmm-xen-dom0] Error 1

How can I fix this?



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e18e84d3-3aeb-4c20-8fef-4a06d92fc356%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: FYI: Kernel Hardening; a discussion (2018)

2018-03-11 Thread taii...@gmx.com

I don't see the issue with the pax devs being anonymous as then it is 
much more difficult for someone to put political pressure on them to 
demand they insert a backdoor or approve some type of undesired change - 
ex: why do you think almost every linux distro switched to systemd 
overnight?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9f4c095-3959-f3f1-2aef-9bca823c7aa6%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: FYI: Kernel Hardening; a discussion (2018)

I did not mean to go so far south with the above statements. So heres my
additions for alternatives...

CopperheadOS is doing a project still early in the making on reawakening
the open source kernel hardening. The GitHub page can be found here:
https://github.com/copperhead/linux-hardened/issues

...which are limited.

If anyone has any information on the ColdHak.ca kernel hardening project,
please let me know. I have sent messages to two of the ColdHak members and
am awaiting response. My question is about what features to expect in their
project. As their website has no information on what it actually does. As
well, the last and only update was from a little over a year ago, it does not
appear as if they are still working on this.

Update:
One of the members of the ColdHak Team has reached out to me. What was not
understood was that the ColdHak Project was an automated tool for building
GrSec. The project was killed when GrSec closed the doors to open source
developing, as mentioned above.
above. There does not appear to be any active design for those who wish to
change the

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/aa009611-3d13-40d3-9c18-d4ba54f625dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install qubes-windows-tools under Qubes 4rc5

On Sunday, March 11, 2018 at 1:53:32 PM UTC+1, Ivan Mitev wrote:
> On 03/11/2018 01:50 PM, 799 wrote:
> > Hello,
> > 
> > I'm trying to install windows on my new Qubes 4rc5 installation.
> > It seems that Qubes.Windows-Tools (QWT) are not available in the Qubes
> > 4-repositories.
> > 
> > qubes-dom0-update --enablerepo=qubes-dom0-current-testing
> > qubes-windows-tools
> > [...]
> > Error: Unable to find a match
> > 
> > After some trial and error I found a way, is there another way to
> > accomplish easier?
> > If not I would add this to the docs.
> 
> It's already a work in progress ; check this issue:
> 
> https://github.com/QubesOS/qubes-issues/issues/3585
> 
> BTW that's exactly the kind of main issue that ought to be listed in the
> qubes community project: not ready for official inclusion in qubes-doc,
> but helpful to probably many users.
> 
> 
> > 
> > 1) Go to the rpm-repository from Qubes 3.2
> > https://ftp.qubes-os.org/repo/yum/r3.2/current-testing/dom0/fc23/rpm/
> > 
> > 2) Download qubes-windows-tools-3.2.2-3.x86_64.rpm in an 
> > 
> > https://ftp.qubes-os.org/repo/yum/r3.2/current-testing/dom0/fc23/rpm/qubes-windows-tools-3.2.2-3.x86_64.rpm
> > 
> > 3) move the rpm file to dom0, run in dom0
> > qvm-run --pass-io  'cat
> > /home/user/Download/qubes-windows-tools-3.2.2-3.x86_64.rpm' >
> > qubes-windows-tools-3.2.2-3.x86_64.rpm
> > 
> > 4) Verify rpm package
> > rpm -K qubes-windows-tools-3.2.2-3.x86_64.rpm
> > it would be better to verify the signature i the AppVM, but you need to
> > import the Qubes Signing Key to do so, I was lazy and was fine with moving
> > the rpm-file to dom0 and verify the signature there.
> > 
> > 5) Install rpm-package
> > rpm -ivh qubes-windows-tools-3.2.2-3.x86_64.rpm
> > 
> > 6) the Qubes Windows Tools ISO will be located at
> > /usr/lib/qubes/qubes-windows-tools.iso
> >this will be a link to the latest version installed, thereof to:
> >/usr/lib/qubes/ubes-windows-tools-3.2.2.3.iso in this case
> > 
> > [799]
> >

That's a good point, I'll try see if I can promote your github post on Qubes 
Community to help increase awareness of it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/056fc3d2-ae8a-4306-9ac4-e00f46e6ab96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS 4.0-rc5 has been released!

On Sunday, March 11, 2018 at 6:30:58 PM UTC+1, Dave wrote:
> I just used System Tools, Qubes Manager UPDATE (down arrow) for DOM0 and each 
> template without keying terminal commands. It appears to have worked, so I 
> assume that RC4 already included testing repo

yeah, if it's anything like it was back in Qubes 3.2. (I'd assume so), then 
these updates in the Qube Manager are stable updates. Once current-testing 
updates are deemed tested and stable after testers tried them out, they 
eventually migrate to stable repository. That's when you see them in the Qube 
Manager (or via normal update commands, not the current-testing ones). 

So I assume they must have been moved from testing to stable now? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7211e67e-4483-43f8-a238-6d705749d47f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: FYI: Kernel Hardening; a discussion (2018)

I did not mean to go so far south with the above statements. So heres my 
additions for alternatives... 

CopperheadOS is doing a project still early in the making on reawakening 
the open source kernel hardening. The GitHub page can be found here:
https://github.com/copperhead/linux-hardened/issues

...which are limited. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f52c48d-2c51-420c-a7c9-9ec723de270e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS 4.0-rc5 has been released!

2018-03-11 Thread Dave

I just used System Tools, Qubes Manager UPDATE (down arrow) for DOM0 and each 
template without keying terminal commands. It appears to have worked, so I 
assume that RC4 already included testing repo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9349ad32-5fda-463e-aeb9-df86463f6c73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sys-usb issue

2018-03-11 Thread Travis Dean

Thanks, I'll look into it.

On Sun, Mar 11, 2018 at 11:04 awokd  wrote:

> On Sun, March 11, 2018 2:53 pm, Travis Dean wrote:
> > I set up a usb qube, I have all usb controllers assigned to it. It is
> > based on Fedora 26. I am on Qubes OS 4 rc5. When I shutdown the Debian 9
> > TemplateVM all usb devices disappear from the list of attched devices. I
> > then have to restart sys-usb.
> >
> > I've tested to see if it does it with any other TemplateVMs and it does
> > not, only Debian 9.
>
> There was a similar thread over on qubes-devel. Don't know if an issue got
> created.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAH5yx2icchiZAYHWoCz3qwMWKdQAZQ-D35Bu5Vh_Y6fXPTTS%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sys-usb issue

On Sun, March 11, 2018 2:53 pm, Travis Dean wrote:
> I set up a usb qube, I have all usb controllers assigned to it. It is
> based on Fedora 26. I am on Qubes OS 4 rc5. When I shutdown the Debian 9
> TemplateVM all usb devices disappear from the list of attched devices. I
> then have to restart sys-usb.
>
> I've tested to see if it does it with any other TemplateVMs and it does
> not, only Debian 9.

There was a similar thread over on qubes-devel. Don't know if an issue got
created.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8aff1c641727aa3679da0b0106870345.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-usb issue

2018-03-11 Thread Travis Dean

I set up a usb qube, I have all usb controllers assigned to it. It is based
on Fedora 26. I am on Qubes OS 4 rc5. When I shutdown the Debian 9
TemplateVM all usb devices disappear from the list of attched devices. I
then have to restart sys-usb.

I've tested to see if it does it with any other TemplateVMs and it does
not, only Debian 9.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAH5yx2jsKvtjiP0LV0iKv5E45rLtho6xxPu_FyS2h7rP%2BqzFjQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking doesn't work in Qubes 4.0-rc5

2018-03-11 Thread nicholas roveda

I've been using R4-rc2 for some months and I've just installed the R4-rc5
version, but it's giving me hard times.

During the installation it complains about Vt-d and Interrupt Remapping
feautures missing and sys-usb didn't work at the beginning, but after I
switched to PV mode it works fine, I can connect to my WiFi and sys-net can
reach the internet.

The point is any other qube, sys-firewall included, can't reach the internet.
- I've tried to analyze the traffic with wireshark and it seems that the DNS
requests reach sys-net, but no answer is received, while in sys-net everything
seems fine (`dig` works).
- I've tried to ping sys-firewall and send some packets from sys-net with the
Python socket and the packets reach sys-firewall but the `recv()` function
stucks in a death loop as nothing is received, so I think somewhere the packets
are dropped.
- I've tried to clear all iptables chains, but nothing changed.

Everything worked in rc1, rc2 and I think also rc3 (I can't remember the last
update - current-testing repo), so I really can't figure out what I'm missing.
Some major changes concerning networking were introduced in rc5?

Anyone is experiencing the same problem?
Any suggestions?

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fd89ecb3-6762-4a68-88bf-97f3f864b0d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread David Hobach


On 03/11/2018 03:03 PM, David Hobach wrote:
So yes, if one is aware of that issue, one can certainly use it the way 
you described. If you rely on the qubes-firewall to work as expected, 
you shouldn't use it.


P.S.:
An alternative might be to setup the local DNS service in a VM closer to 
the Internet, i.e. not in the proxy VM which also implements the qubes 
firewall.


Something like
Internet <-- sys-net <-- sys-firewall <-- DNS server VM <-- proxy VM 
with qubes-fw <-- client VM


I didn't test that though.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec054435-0c3c-9517-f02f-f9c2c50c19a8%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread David Hobach

On 03/11/2018 11:21 AM, Chris Laprise wrote:

...and for now omitted the '-d' destination part in iptables.

Then if I issue:

sudo iptables -t nat -F PR-QBS
sudo iptables -t nat -A PR-QBS -i vif+ -p udp --dport 53 -j DNAT --to
$eth0_address
sudo iptables -t nat -A PR-QBS -i vif+ -p tcp --dport 53 -j DNAT --to
$eth0_address

it appears to work from a downstream appVM. But I haven't checked yet to
see if its really using the dnscrypt proxy; even if it is, the config
may need to be adjusted for better security.

I just tested that one (my implementation was also doing pretty much
exactly that + a local INPUT chain firewall so it was a 5 min test
removing the INPUT firewall):

Since you'll need something like

-I INPUT -p udp -m udp --dport 53 -j ACCEPT
-I INPUT -p tcp -m tcp --dport 53 -j ACCEPT

it makes DNS accessible for all downstream VMs regardless of the
qubes-firewall settings, i.e. apprently the nft FORWARD rules are not
applied for DNAT to localhost.

That's probably why I had opened that github issue & implemented a local
firewall back then...

So yes, if one is aware of that issue, one can certainly use it the way
you described. If you rely on the qubes-firewall to work as expected,
you shouldn't use it.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ba33e227-187d-4945-6b51-d1ef0093d21a%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.

smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qubes-users] bash autocomplete

2018-03-11 Thread Holger Levsen

On Sun, Mar 11, 2018 at 02:11:02PM +0100, haaber wrote:
> I don't know what this 3D-thing, is I'll learn it. I have, in the
> meanwhile, tested the attached file, that distinguishes also running,
> paused and halted VM's. For the moment this is completely sufficient for
> me. Maybe I'll add the completion "root" when I complete "qvm-run -u",
> since this is what I need for updating sudo-less minimal templates :)
> 
> I put the file it in /etc/bash_completion.d/ within dom0, and source it
> in .bashrc.   

awesome, thanks for sharing (again)! :)


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180311135227.llfhwe6ezwso324z%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] bash autocomplete

2018-03-11 Thread haaber

Thank you Holger,
I don't know what this 3D-thing, is I'll learn it. I have, in the
meanwhile, tested the attached file, that distinguishes also running,
paused and halted VM's. For the moment this is completely sufficient for
me. Maybe I'll add the completion "root" when I complete "qvm-run -u",
since this is what I need for updating sudo-less minimal templates :)

I put the file it in /etc/bash_completion.d/ within dom0, and source it
in .bashrc.   Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b99595c0-2cda-a92e-b0b1-e36bd827c33e%40web.de.
For more options, visit https://groups.google.com/d/optout.
#!/bin/bash
_qvmall()
{   local cur VMS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=$(qvm-ls --raw-list)
COMPREPLY=( $(compgen -W "${VMS}"  ${cur}) )
return 0
}
_qvmrunning()
{   local cur VMS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=$(qvm-ls --raw-data|grep -i running|cut -f1 -d"|")
COMPREPLY=( $(compgen -W "${VMS}"  ${cur}) )
return 0
}
_qvmhalted()
{   local cur VMS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=$(qvm-ls --raw-data|grep -i halted|cut -f1 -d"|")
COMPREPLY=( $(compgen -W "${VMS}"  ${cur}) )
return 0
}
_qvmpaused()
{   local cur VMS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=$(qvm-ls --raw-data|grep -i paused|cut -f1 -d"|")
COMPREPLY=( $(compgen -W "${VMS}"  ${cur}) )
return 0
}



complete -F _qvmall qvm-appmenus  
complete -F _qvmall qvm-clone 
complete -F _qvmall qvm-firewall  
complete -F _qvmall qvm-move-to-vm
complete -F _qvmall qvm-remove
complete -F _qvmall qvm-start-gui 
complete -F _qvmpaused qvm-unpause
complete -F _qvmall qvm-backup
complete -F _qvmall qvm-copy-to-vm
complete -F _qvmrunning qvm-pause 
complete -F _qvmall qvm-run   
complete -F _qvmall qvm-usb
complete -F _qvmhall qvm-backup-restore
complete -F _qvmall qvm-service   
complete -F _qvmrunning qvm-kill  
complete -F _qvmrunning qvm-shutdown  
complete -F _qvmall qvm-tags  
complete -F _qvmall qvm-check 
complete -F _qvmall qvm-features  
complete -F _qvmall qvm-prefs 
complete -F _qvmhalted qvm-start

Re: [qubes-users] bash autocomplete

2018-03-11 Thread Holger Levsen

On Fri, Mar 02, 2018 at 07:10:22PM +, Holger Levsen wrote:
> On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote:
> > to have the shell behave nicer. If I have some free time, I might
> > customize this stub to suggest available options to all qvm-* and
> > qubes-* commands. I am surprised that I might be  the first one to
> > discuss this subject (?!)   Bernhard
> i'm definitly interested in this, this is super useful.

so thanks, Unman and haaber, I now have this as my .bashrc and it works
nicely:


# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

# Uncomment the following line if you don't like systemctl's auto-paging 
feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

_qvm()
{   local cur
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=`qvm-ls --raw-list`
COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) )
}

complete -F _qvm qvm-appmenus
complete -F _qvm qvm-clone
complete -F _qvm qvm-firewall
complete -F _qvm qvm-move-to-vm
complete -F _qvm qvm-remove
complete -F _qvm qvm-start-gui
complete -F _qvm qvm-unpause
complete -F _qvm qvm-backup
complete -F _qvm qvm-copy-to-vm
complete -F _qvm qvm-pause
complete -F _qvm qvm-run
complete -F _qvm qvm-usb
complete -F _qvm qvm-backup-restore
complete -F _qvm qvm-service
complete -F _qvm qvm-kill
complete -F _qvm qvm-shutdown
complete -F _qvm qvm-tags
complete -F _qvm qvm-check
complete -F _qvm qvm-features
complete -F _qvm qvm-prefs
complete -F _qvm qvm-start
complete -F _qvm qm

For your convinience I've also attached this file. (you might want to comment
out the last line...)


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180311125641.p5s4bfgqbhfyowlg%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

# Uncomment the following line if you don't like systemctl's auto-paging 
feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

_qvm()
{   local cur
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=`qvm-ls --raw-list`
COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) )
}

complete -F _qvm qvm-appmenus
complete -F _qvm qvm-clone
complete -F _qvm qvm-firewall
complete -F _qvm qvm-move-to-vm
complete -F _qvm qvm-remove
complete -F _qvm qvm-start-gui
complete -F _qvm qvm-unpause
complete -F _qvm qvm-backup
complete -F _qvm qvm-copy-to-vm
complete -F _qvm qvm-pause
complete -F _qvm qvm-run
complete -F _qvm qvm-usb
complete -F _qvm qvm-backup-restore
complete -F _qvm qvm-service
complete -F _qvm qvm-kill
complete -F _qvm qvm-shutdown
complete -F _qvm qvm-tags
complete -F _qvm qvm-check
complete -F _qvm qvm-features
complete -F _qvm qvm-prefs
complete -F _qvm qvm-start
complete -F _qvm qm


signature.asc
Description: PGP signature

Re: [qubes-users] How to install qubes-windows-tools under Qubes 4rc5

2018-03-11 Thread Ivan Mitev



On 03/11/2018 01:50 PM, 799 wrote:
> Hello,
> 
> I'm trying to install windows on my new Qubes 4rc5 installation.
> It seems that Qubes.Windows-Tools (QWT) are not available in the Qubes
> 4-repositories.
> 
> qubes-dom0-update --enablerepo=qubes-dom0-current-testing
> qubes-windows-tools
> [...]
> Error: Unable to find a match
> 
> After some trial and error I found a way, is there another way to
> accomplish easier?
> If not I would add this to the docs.

It's already a work in progress ; check this issue:

https://github.com/QubesOS/qubes-issues/issues/3585

BTW that's exactly the kind of main issue that ought to be listed in the
qubes community project: not ready for official inclusion in qubes-doc,
but helpful to probably many users.


> 
> 1) Go to the rpm-repository from Qubes 3.2
> https://ftp.qubes-os.org/repo/yum/r3.2/current-testing/dom0/fc23/rpm/
> 
> 2) Download qubes-windows-tools-3.2.2-3.x86_64.rpm in an 
> 
> https://ftp.qubes-os.org/repo/yum/r3.2/current-testing/dom0/fc23/rpm/qubes-windows-tools-3.2.2-3.x86_64.rpm
> 
> 3) move the rpm file to dom0, run in dom0
> qvm-run --pass-io  'cat
> /home/user/Download/qubes-windows-tools-3.2.2-3.x86_64.rpm' >
> qubes-windows-tools-3.2.2-3.x86_64.rpm
> 
> 4) Verify rpm package
> rpm -K qubes-windows-tools-3.2.2-3.x86_64.rpm
> it would be better to verify the signature i the AppVM, but you need to
> import the Qubes Signing Key to do so, I was lazy and was fine with moving
> the rpm-file to dom0 and verify the signature there.
> 
> 5) Install rpm-package
> rpm -ivh qubes-windows-tools-3.2.2-3.x86_64.rpm
> 
> 6) the Qubes Windows Tools ISO will be located at
> /usr/lib/qubes/qubes-windows-tools.iso
>this will be a link to the latest version installed, thereof to:
>/usr/lib/qubes/ubes-windows-tools-3.2.2.3.iso in this case
> 
> [799]
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58b51772-e856-29c3-804e-0adf0836bc1c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Semi-crosspost to qubes-users. Windows HVM dual-headed use on Qubes R3.2 issues/experiences

2018-03-11 Thread carolinemcgrath86

On Thursday, March 8, 2018 at 1:35:22 PM UTC+3, awokd wrote:

> There's a suggestion in here to use one large window covering both screens
> along with "Winsplit Revolution" to make virtual monitors inside that:
> https://www.mail-archive.com/qubes-users@googlegroups.com/msg08199.html
> 
> Kind of a hack but I'm not aware of any other working approach.


The previous post was intended in response to awokd, not myself :) 

Fat fingers, sorry.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c229d78a-3714-4da8-b706-1d15ab9654bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Semi-crosspost to qubes-users. Windows HVM dual-headed use on Qubes R3.2 issues/experiences

2018-03-11 Thread carolinemcgrath86

On Thursday, March 8, 2018 at 1:08:50 AM UTC+3, caroline...@gmail.com wrote:
> Hello!
> Just posting into qubes-users to ask if anyone was able to get it to work 
> properly (as two separate windows emulating two separate monitors under 
> windows)
> 
> I was able to do that ALMOST acceptably by doing the steps described here:
> https://github.com/QubesOS/qubes-issues/issues/3480
> 
> But just as the person reporting there I am being thwarted by a nasty "ghost 
> mouse/click" bug.
> 
> Has anyone ever found a workaround for this issue? Is there perhaps a better 
> way to do a dual-head (maybe we could get both "screen-windows" originate 
> from QGA.exe?)
> 
> P.S.: I initially posted about this in qubes-devel in hopes that maybe 
> someone there would know a workaround for this. Posting here in hope that 
> maybe someone also tried to do a dual-head in windows under Qubes and figured 
> out workaround for issue currently plaguing me.


Thanks for suggestion!

That's what I am doing now, but the "stretch window across two screens" is 
working out bad for me, because resolutions differ between two my screens, and 
I end up wasting a chunk of space on main screen (and it looks ugly)

The "honest two windows for honest two screens" approach is much more 
promising, if only someone could find a way to get rid of them ghost clicks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa1963c3-d30a-4302-83b1-90c0b454faa1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to install qubes-windows-tools under Qubes 4rc5

2018-03-11 Thread 799

Hello,

I'm trying to install windows on my new Qubes 4rc5 installation.
It seems that Qubes.Windows-Tools (QWT) are not available in the Qubes
4-repositories.

qubes-dom0-update --enablerepo=qubes-dom0-current-testing
qubes-windows-tools
[...]
Error: Unable to find a match

After some trial and error I found a way, is there another way to
accomplish easier?
If not I would add this to the docs.

1) Go to the rpm-repository from Qubes 3.2
https://ftp.qubes-os.org/repo/yum/r3.2/current-testing/dom0/fc23/rpm/

2) Download qubes-windows-tools-3.2.2-3.x86_64.rpm in an 

https://ftp.qubes-os.org/repo/yum/r3.2/current-testing/dom0/fc23/rpm/qubes-windows-tools-3.2.2-3.x86_64.rpm

3) move the rpm file to dom0, run in dom0
qvm-run --pass-io  'cat
/home/user/Download/qubes-windows-tools-3.2.2-3.x86_64.rpm' >
qubes-windows-tools-3.2.2-3.x86_64.rpm

4) Verify rpm package
rpm -K qubes-windows-tools-3.2.2-3.x86_64.rpm
it would be better to verify the signature i the AppVM, but you need to
import the Qubes Signing Key to do so, I was lazy and was fine with moving
the rpm-file to dom0 and verify the signature there.

5) Install rpm-package
rpm -ivh qubes-windows-tools-3.2.2-3.x86_64.rpm

6) the Qubes Windows Tools ISO will be located at
/usr/lib/qubes/qubes-windows-tools.iso
   this will be a link to the latest version installed, thereof to:
   /usr/lib/qubes/ubes-windows-tools-3.2.2.3.iso in this case

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vu0KwjUTcRFeWiV_S%3DR8WRN2B8bL2J%3DxHOCGnu6m93-A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread Chris Laprise

On 03/10/2018 04:43 PM, Alex Dubois wrote:

On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee wrote:

‐‐‐ Original Message ‐‐‐

On March 8, 2018 11:26 AM, Chris Laprise wrote:

\> \[1\] https://dnsprivacy.org/wiki/

\[2\] https://www.qubes-os.org/doc/networking/

Micah,

If you have any specific instructions on how to setup the forwarder

you're using, I'd be happy to try it myself and post a solution for use

with qubes-firewall.

I found the dnsprivacy wiki to be a bit scattered and not very specific.

Their video "tutorial" is really a lecture on the concept.

Thanks, yes I'd love to share instructions. I haven't gotten it working yet --
I'm traveling right now and haven't spent a lot of time on it, and might not
for the next week or two. But once I figure it out I'd like to write a blog
post or something with instructions. But maybe I should sent it to this list
first for people to test and give feedback.

For your info, I have a wiki on how to use dns-crypt here:
https://github.com/adubois/adubois.github.io/blob/master/_posts/2013-11-19-setup-dnscrypt-unbound.md
It is supposed to be exposed via blog.bowabos.com but github changed something
and the static site does not get automatically generated at the moment...

Nice. I gave this a try on debian-9, using apt to install dnscrypt-proxy
and unbound.

One problem is that the howto assumes particular Qubes 10.137.2.x and
10.138.2.x nets for unbound.

Another problem is that on Qubes 4.0 the vif interfaces plus eth0 all
share the same IP address. This isn't explained in the Qubes networking
or firewall docs, so it may be a bug...

To keep unbound.service from failing I changed unbound.conf to this:

interface:
access-control: 10.137.0.0/24 allow
harden-large-queries: yes
private-address: 10.0.0.0/8
private-address: 192.168.0.0/16
val-permissive-mode: yes
do-not-query-localhost: no

...and for now omitted the '-d' destination part in iptables.

Then if I issue:

sudo iptables -t nat -F PR-QBS
sudo iptables -t nat -A PR-QBS -i vif+ -p udp --dport 53 -j DNAT --to
$eth0_address
sudo iptables -t nat -A PR-QBS -i vif+ -p tcp --dport 53 -j DNAT --to
$eth0_address

it appears to work from a downstream appVM. But I haven't checked yet to
see if its really using the dnscrypt proxy; even if it is, the config
may need to be adjusted for better security.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6be04a34-d79d-df7f-cd64-68d098613df6%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] FYI: Kernel Hardening; a discussion (2018)