Re: [qubes-users] New Install of Qubes OS 4.0.2 RC1 Dom0 Doesnt Update
On Sat, 13 Jul 2019, alexw8...@gmail.com wrote: > The Issue I am having is that When I try and update Dom0 in the Terminal > using "sudo qubes-dom0-update" I am getting this. > > Fedora 25 - x86_64 - Updates > Fedora 25 - x86_64 > Qubes Dom0 Repository (updates) > determining the fastest mirror (15 hosts)..done.. > Qubes Templates repo138% > Qubes Templates repository > Last metadata expiration check: > Dependencies resolved. > > Reinstalling: > python3-blivet noarch 2:2.1.6-5.fc25 qubes-dom0-current > python3-kickstart noarch 1000:2.32-4.fc25 qubes-dom0-current > qubes-release noarch 4.0-8 qubes-dom0-current > qubes-release-notes noarch 4.0-8 qubes-dom0-current > > It downloads these updates and then says: > > Complete! > The downloaded packages were saved in cashe until the next successful > transaction. The problem is that they're effectively the same version of the installed package so nothing gets updated but the update process realizes that too late. > After I restart the computer this just keeps repeating. Is there a way > to fix this? You can force reinstalling these package if you want to prevent the repeat. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1907131807050.22676%40whs-18.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] OS not booting in qube
On Tue, Jul 16, 2019 at 10:18:12AM -0700, shamaarmarti...@gmail.com wrote: > Trying to boot windows 7 and other OSs in a qube. I extracted the files and > made them executable. Sometimes i see the setup menu and then it crashes and > says no bootable device. Sometimes the no bootable device in Dom0 appears > before I even select a file too boot from. Not sure if this is a bug or if I > need to reconfigure some things. > Please explain exactly what you are trying to do. "boot in a qube" - "extracted the files and made them executable" - i know what these words mean but not in this context. Give some detail on steps you have taken. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190717000637.fce3m7osqb6e2bep%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: /etc/qubes/guid.conf syntax
On Friday, August 16, 2013 at 5:47:41 PM UTC-4, Alex wrote: > So I wanted fullscreen for one of my AppVMs and following > http://wiki.qubes-os.org/trac/wiki/FullScreenMode to the letter, I created > the following entry in /etc/qubes/guid.conf: > > > VM: { > media: { > allow_fullscreen = true; > }; > };Problem is, once I did that, I could not start the AppVM. The GUI was > showing me an unhelpful "ERROR: Cannot start qubes_guid!". > > > A more useful message was offered by running qvm-start media from Dom0: > > > [...] > > --> Starting Qubes GUId... > Critical: error reading config (/etc/qubes/guid.conf:21): duplicate setting > name > ERROR: Cannot start qubes_guid! > > > A-ha! So /etc/qubes/guid.conf cannot have two VM:{} stanzas. This was not > obvious to me by the wording "you can do that by creating the following > entry in the /etc/qubes/guid.conf file in Dom0" in the documentation. Please > consider updating the page to explicitly say that you must only have one > VM:{} stanza. > > > > For the visual types: > > > GOOD: > > VM: { > work: { > #allow_utf8_titles = true; > }; > personal: { > allow_fullscreen = true; > }; > }; > > BAD: > VM: { > work: { > #allow_utf8_titles = true; > }; > }; > > VM: { > personal: { > allow_fullscreen = true; > }; > }; > Alex Thanks for the info, but I believe your spacing does not match the Qubes' Instructions. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ce368f4-8e61-4b4d-81d5-c0bff292f82d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] (very) portable Qubes OS on a Lenovo S730 - will it work?
Hello, I'm interested running Qubes OS on a new day-to-day laptop which might be a Lenovo S730 because of portability and USB-C charging (knowing that I am unable to run Coreboot on it). Question: has someone successfully installed Qubes on this device? Specs: - Intel Core i5-8265U - Intel UHD 620 on-Board Graphic - 8 GB LPDDR3 - 256 GB PCIe-SSD The Qubes Hardware Compatibility List (HCL) has not listed this device: https://www.qubes-os.org/hcl/ regards - O. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2t%3D2FojAWxhqf%3DdmaVR%2BLErGjDENe6xt2nS8ZPFB1uQpQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Lenovo X270
I forgot to mention that HDMI is also working out of the box with current kernel-4.19 provided by the R4.0.2rc1. This is really a plug and play Qubes installation :) Best, On 7/16/19 7:22 PM, Frédéric Pierret wrote: > Hi, > > I installed Qubes R4.0.2rc1 on a Lenovo X270 without any problem. > Initial setup of Qubes with separate 'sys-usb', default VMs went fine. > Suspend is currently working without any problem. > > The installation is in UEFI mode (with secure boot disabled). > > Best, > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/56c38727-7e12-3ae0-c040-64f7df8ddf16%40qubes-os.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Using Salt to update TemplateVMs
On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > I really do recommend using qubesctl for almost all system > configuration. If only because it makes recovery so much easier. > I see people saying "keep a list of packages you've installed" - if you > keep state and use salt you can rebuild your system (almost) completely > automatically. Do you happen to have some example "personalized" salt scripts you use (or a pointer to where someone has posted some)? I was planning to put together some bash scripts to push configuration into my templates (90% repo adjustments and specific packages to download), but your comment above is intriguing. B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46f4a28d-fe95-4ce3-abad-162ccd8d5a4f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Lenovo X270
Hi, I installed Qubes R4.0.2rc1 on a Lenovo X270 without any problem. Initial setup of Qubes with separate 'sys-usb', default VMs went fine. Suspend is currently working without any problem. The installation is in UEFI mode (with secure boot disabled). Best, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d7cf0b4-9353-505f-8386-3ce0763ca63c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-LENOVO-20K5S3J102-20190716-191213.yml Description: application/yaml signature.asc Description: OpenPGP digital signature
[qubes-users] OS not booting in qube
Trying to boot windows 7 and other OSs in a qube. I extracted the files and made them executable. Sometimes i see the setup menu and then it crashes and says no bootable device. Sometimes the no bootable device in Dom0 appears before I even select a file too boot from. Not sure if this is a bug or if I need to reconfigure some things. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04ea831e-4af7-4ee8-af9d-b31f8d63af2e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Building Whonix Templates Error
On Tuesday, 16 July 2019 17:19:21 UTC+3, unman wrote: > On Mon, Jul 15, 2019 at 11:47:47PM -0700, Claudio Chinicz wrote: > > Hi Folks, > > > > I'm trying to rebuild the Whonix templates because I've broken the gateway > > and removed them all. > > > > I've followed the steps outlined here > > (https://www.qubes-os.org/doc/building-whonix-template/#building-whonix-templates) > > and got an error when issuing the "make qubes-vm" command (see below the > > full output). > > > > I thought it was missing Debian keys and so I've downloaded keys for Debian > > 8, 9 and 10 from https://ftp-master.debian.org/keys.html but still got the > > same error. > > > > Any help is much appreciated. > > > E: Release signed by unknown key (key id 7638D0442B90D010) > >The specified keyring > > /home/user/qubes-builder/qubes-src/builder-debian/keys/stretch-debian-archive-keyring.gpg > > may be incorrect or out of date. > >You can find the latest Debian release key at > > https://ftp-master.debian.org/keys.html > > Error in debootstrap > > make[1]: *** > > [/home/user/qubes-builder/qubes-src/builder-debian//Makefile-legacy.debian:20: > > /home/user/qubes-builder/chroot-vm-stretch/home/user/.prepared_base] Error > > 1 > > key id 7638D0442B90D010 is the Debian archive signing key. > Whonix-15 is based on buster. > The relevant keys should be automatically installed, if you follow > the process. > Either you didnt update qubes-builder, or run make-get-sources, or you may > have found a bug in the Whonix builder. Hi Unman, I've deleted my Builder VM and created a new one from Fedora-29 following the instructions from https://www.qubes-os.org/doc/building-whonix-template/ I've done copy/paste from the browser to the terminal in order to avoid typo errors and ended up with the same error: E: Release signed by unknown key (key id 7638D0442B90D010) The specified keyring /home/user/qubes-builder/qubes-src/builder-debian/keys/stretch-debian-archive-keyring.gpg may be incorrect or out of date. You can find the latest Debian release key at https://ftp-master.debian.org/keys.html Error in debootstrap make[1]: *** [/home/user/qubes-builder/qubes-src/builder-debian//Makefile-legacy.debian:20: /home/user/qubes-builder/chroot-vm-stretch/home/user/.prepared_base] Error 1 make: *** [Makefile:219: mgmt-salt-vm] Error 1 Please note that I followed the instructions to build whonix-14 templates (on the link above there is no whonix-15). The idea was to build Whonix-14 and later on to update it. Please let me know if you'd like me to run any test/command and provide feed-back. I'm really willing to succeed here since I've deleted my whonix-14 templates (all of them) and since then I do not have whonix on my Qubes (4.0.1). Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/52d8db88-0b7d-4104-828c-4238f88c2f4a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installing updates from source
On Sun, Jul 14, 2019 at 09:10:31PM +, 'Public Email Account' via qubes-users wrote: > I was able to install Qubes from source using Qubes Builder. But how do I > install Qubes updates from source, for dom0 and the fedora and debian > templates? I do not want to have to trust precompiled binaries from the Qubes > repo. > > Thank you > Just build the packages in qubes-builder, copy them in to dom0 or template, and manually install them there. All the packages are signed, of course. Is there something wrong with the validation process that you can see? If you dont trust the precompiled binaries, why do you trust the code, and the build mechanism? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190716143938.f64pajya6bwbxmgz%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using Salt to update TemplateVMs
On Sun, Jul 14, 2019 at 09:13:16PM -0500, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 14/07/2019 9.08 PM, Andrew David Wong wrote: > > On 14/07/2019 8.19 AM, unman wrote: > >> On Sat, Jul 13, 2019 at 06:40:00PM -0500, Andrew David Wong > >> wrote: > >>> > >>> 1. When using the Qubes Update widget, a mgmt DisposableVM is > >>> started. Why is that? Is it just for executing Salt commands so > >>> that they're not executed in dom0? > > > >> Yes, this is standard in Qubes. > > > >>> > >>> 2. How can one update a TemplateVM the way the Qubes Update > >>> widget does? For example, when I update a Fedora TemplateVM > >>> myself, I just execute `dnf update` in the template. I don't > >>> start any DisposableVMs, so clearly my method of updating is > >>> different from what the Qubes Update widget does. Is there some > >>> kind of scriptable qubesctl command I can issue from dom0 that > >>> does the same thing as the Qubes Update widget? > >>> > > > >> The update widget calls qubesctl and runs the state file in > >> /srv/formuals/base/update-formula/update/qubes-vm.sls > > > >> You can run this yourself by: qubesctl --skip-dom0 > >> --targets= --show-output state.sls update.qubes-vm > > > >> Skip the "show-output" option if you want to script. > > > >> It's a wrapper to salts pkg.uptodate call, so you could put that > >> in a state file yourself. > > > > > > Thanks, unman. I'm not quite sure what the last sentence means. > > Why would one want to put that in a state file oneself? > > > > Could you explain what these options mean? > > --skip-dom0 -- The documentation doesn't really explain this. > --targets -- Is this the qube to be updated in this case? > --skip-dom0 -- Doesnt try to action state in dom0. --targets -- You can give list of qubes to use as targets, (comma delimited) or use keywords. 'qubesctl --templates'. > The reason I'm asking: I've just been updating via `dnf update` (and > similar) for a long time now, but I'm noticing that certain bug fixes > are being implemented via Salt, and I'm worried that I might skip > these fixes if I never update via Salt. Do you think that updating via > qubesctl is a better idea than updating "manually," or does it not > matter? I really do recommend using qubesctl for almost all system configuration. If only because it makes recovery so much easier. I see people saying "keep a list of packages you've installed" - if you keep state and use salt you can rebuild your system (almost) completely automatically. I think there are some cases where a configuration fix may be pushed via salt, but in most I would expect changes to be incorporated in to an updated package, so you would get those using a manual update. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190716143509.u3e4st4shagi3tiu%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Building Whonix Templates Error
On Mon, Jul 15, 2019 at 11:47:47PM -0700, Claudio Chinicz wrote: > Hi Folks, > > I'm trying to rebuild the Whonix templates because I've broken the gateway > and removed them all. > > I've followed the steps outlined here > (https://www.qubes-os.org/doc/building-whonix-template/#building-whonix-templates) > and got an error when issuing the "make qubes-vm" command (see below the > full output). > > I thought it was missing Debian keys and so I've downloaded keys for Debian > 8, 9 and 10 from https://ftp-master.debian.org/keys.html but still got the > same error. > > Any help is much appreciated. > E: Release signed by unknown key (key id 7638D0442B90D010) >The specified keyring > /home/user/qubes-builder/qubes-src/builder-debian/keys/stretch-debian-archive-keyring.gpg > may be incorrect or out of date. >You can find the latest Debian release key at > https://ftp-master.debian.org/keys.html > Error in debootstrap > make[1]: *** > [/home/user/qubes-builder/qubes-src/builder-debian//Makefile-legacy.debian:20: > /home/user/qubes-builder/chroot-vm-stretch/home/user/.prepared_base] Error 1 key id 7638D0442B90D010 is the Debian archive signing key. Whonix-15 is based on buster. The relevant keys should be automatically installed, if you follow the process. Either you didnt update qubes-builder, or run make-get-sources, or you may have found a bug in the Whonix builder. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190716141917.75hjc2g6j6uthgan%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] firewall rules by domainname
On 7/16/19 11:21 AM, haaber wrote: Hello, entering IP adresses in the firewall restriction list can be a a lengthy and unpleasant exercise. If your admin-VM should only be able access your bank, whose webpage loads various data over JS encapsulated subdomains, it can take a long while to make that working. The natural question would be to allows domains by *name* rather than IP ranges. For example *.mybank.com Is that possible? Cheers It is possible by full domain name. I.e. your *. is not possible. Moreover there will be issues with DNS load balancers etc. as the IP is only resolved once (during startup) by the firewall and then used instead of the domain name. There might be a respective feature request @github. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7fcd18ef-c1ce-067a-850b-083fed954150%40hackingthe.net. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME Cryptographic Signature
[qubes-users] firewall rules by domainname
Hello, entering IP adresses in the firewall restriction list can be a a lengthy and unpleasant exercise. If your admin-VM should only be able access your bank, whose webpage loads various data over JS encapsulated subdomains, it can take a long while to make that working. The natural question would be to allows domains by *name* rather than IP ranges. For example *.mybank.com Is that possible? Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba9e14a1-de02-175b-9962-55ba70f42779%40web.de. For more options, visit https://groups.google.com/d/optout.