Re: [qubes-users] fail to install qubes-template-fedora-29 "Failed writing body"

2020-01-02 Thread ryantate via qubes-users 


On Monday, January 7, 2019 at 8:56:36 PM UTC-5, pixel fairy wrote:
>
> On Thursday, January 3, 2019 at 4:51:12 PM UTC-8, 799 wrote:
> > Am Fr., 4. Jan. 2019, 01:46 hat pixel fairy  
> geschrieben:
> > $ sudo qubes-dom0-update qubes-template-fedora-29
> > [...]
> > 
> > Downloading Packages:
> > 
> > [MIRROR] qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm: Curl 
> error (23): Failed writing received data to disk/application for 
> https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/templates-itl/rpm/qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm
>  
> [Failed writing body (8615 != 16384)]
> > 
> > [FAILED] qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm: Curl 
> error (23): Failed writing received data to disk/application for 
> https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/templates-itl/rpm/qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm
>  
> [Failed writing body (8615 != 16384)]
> > [...]
> > 
> > 
> > Do you have enough free space in sys-firewall (df -h)
> > 
> > 
> > - O
>
> That was the problem. made a clone of the template, gave it more system 
> storage, and used that for sys-firewall, which worked. 
>

I had this same issue and the same solution.

Here is my question: Why does Qubes require me to increase the size of the 
*system storage* in order to enable a larger download in the updateVM 
(sys-firewall)?

In other words, there is the sys-firewall "Private storage" (/dev/xvdb) and 
"System storage" (/dev/xvda3).

I would think the update downloads to this VM (which are just destinated 
for another vm, in this case dom0) should go in private storage. Private 
storage setting is particular to the vm and can be set while it is running, 
etc. Also it is a payload that should have nothing to do with the running 
system of the VM (at least not at that moment).

Instead, the downloads seem to be going to the system storage. This means, 
to make room for the updatevm download in sys-firewall, I have to go into 
the template settings, change the size -- which will affect every VM using 
this template, right? -- and then shut it down, and then reboot 
sys-firewall which is a big pain. In other words, enabling the download in 
dom0 means touching two other VMs just to get it working :-\

This seems wrong to me, because shouldn't downloads be kept far from the 
system files in sys-firewall? Is this an oversight or something 
intentional/required?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c063bb5-b156-4c0c-8227-fdf2f1c71984%40googlegroups.com.

[qubes-users] fedora-30 won't open control panel, dumps core

2020-01-02 Thread ryantate via qubes-users 
Downloaded pristine fedora-30 template using qubes-dom0-uipdate. Updated it 
through the built in update mechanism (which, thank you for that, it is 
nice).

However, navigating to fedora-30/Settings in Qubes menu is totally non 
responsive.

Typing `gnome-control-center` at terminal in fedora30 template vm dumps 
core.

typing `XDG_CURRENT_DESKTOP=GNOME gnome-control-center` in that same 
terminal seems to work at first (this is how I opened settings in fedora-29 
template :-\).  But then when I navigate to the Devices/Printers section to 
add a printer it dumps core again. Transcript below.

Now, whenever I try to re-open control center, it opens in the printer tab, 
and so immediately dumps core. So I seem to have already ruined my 
fedora-30 template, if I ever want to change the settings.

(By the way, I think this is the 4.0.1 fedora-30 if it makes any 
difference, based on the filenames curl downloaded. I don't think I'm on 
4.0.2 yet? But I needed to try fedora-30 because I have a new printer here 
that fedora 29 does not seem to have drivers for.)

Does the fedora-30 settings menu work for everyone else and maybe my Qubes 
is somehow borked?


--
[user@fedora-30 ~]$ gnome-control-center 
**
ERROR:../shell/cc-shell-model.c:458:cc_shell_model_set_panel_visibility: 
assertion failed: (valid)
Aborted (core dumped)
[user@fedora-30 ~]$ XDG_CURRENT_DESKTOP=GNOME gnome-control-center

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_type: assertion 'value != NULL' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_type_is_subtype_of: assertion 'g_variant_type_check (type)' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_boolean: assertion 'g_variant_is_of_type (value, 
G_VARIANT_TYPE_BOOLEAN)' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_type: assertion 'value != NULL' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_type_is_subtype_of: assertion 'g_variant_type_check (type)' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_boolean: assertion 'g_variant_is_of_type (value, 
G_VARIANT_TYPE_BOOLEAN)' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_type: assertion 'value != NULL' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_type_is_subtype_of: assertion 'g_variant_type_check (type)' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_boolean: assertion 'g_variant_is_of_type (value, 
G_VARIANT_TYPE_BOOLEAN)' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_type: assertion 'value != NULL' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_type_is_subtype_of: assertion 'g_variant_type_check (type)' failed

(gnome-control-center:1139): GLib-CRITICAL **: 12:23:46.500: 
g_variant_get_boolean: assertion 'g_variant_is_of_type (value, 
G_VARIANT_TYPE_BOOLEAN)' failed

(gnome-control-center:1139): display-cc-panel-WARNING **: 12:23:51.332: no 
sunset data, using 16.00

(gnome-control-center:1139): display-cc-panel-WARNING **: 12:23:51.332: no 
sunrise data, using 8.00

(gnome-control-center:1139): GLib-GObject-CRITICAL **: 12:23:51.347: 
g_object_ref: assertion 'G_IS_OBJECT (object)' failed
Segmentation fault (core dumped)
[user@fedora-30 ~]$ XDG_CURRENT_DESKTOP=GNOME gnome-control-center

(gnome-control-center:1169): display-cc-panel-WARNING **: 12:23:57.594: no 
sunset data, using 16.00

(gnome-control-center:1169): display-cc-panel-WARNING **: 12:23:57.595: no 
sunrise data, using 8.00

(gnome-control-center:1169): GLib-GObject-CRITICAL **: 12:23:57.602: 
g_object_ref: assertion 'G_IS_OBJECT (object)' failed
Segmentation fault (core dumped)
[user@fedora-30 ~]$ XDG_CURRENT_DESKTOP=GNOME gnome-control-center

(gnome-control-center:1193): display-cc-panel-WARNING **: 12:24:08.789: no 
sunset data, using 16.00

(gnome-control-center:1193): display-cc-panel-WARNING **: 12:24:08.790: no 
sunrise data, using 8.00

(gnome-control-center:1193): GLib-GObject-CRITICAL **: 12:24:08.804: 
g_object_ref: assertion 'G_IS_OBJECT (object)' failed
Segmentation fault (core dumped)
[user@fedora-30 ~]$ XDG_CURRENT_DESKTOP=GNOME gnome-control-center

(gnome-control-center:1222): display-cc-panel-WARNING **: 12:24:11.537: no 
sunset data, using 16.00

(gnome-control-center:1222): display-cc-panel-WARNING **: 12:24:11.538: no 
sunrise data, using 8.00

(gnome-control-center:1222): GLib-GObject-CRITICAL **: 12:24:11.568: 
g_object_ref: assertion 'G_IS_OBJECT (object)' failed
Segmentation fault (core dumped)
[user@fedora-30 ~]$ XDG_CURRENT_DESKTOP=GNOME gnome-control-center

(gnome-control-center:1245): display-cc-panel-WARNING **: 12:24:13.679: no 
sunset data, using 16.00

(gnome-control-center:1245): display-cc-panel-WARNING **: 12:24:13.679: no 
sunrise data, using 8.00

(gnome

Re: [qubes-users] Is it plausible to use Debian template with sys-XXX VM?

2020-01-02 Thread Chris Laprise 

On 12/31/19 8:11 AM, trueriver wrote:



On Monday, 30 December 2019 03:49:12 UTC, xao wrote:

Check this article - https://www.qubes-os.org/doc/templates/minimal/
 (scroll down
untill you see "Debian" header)

It explains what you need to install so that debian template will
work as expected.


Yes, and the advice works :)

I will tweak the docs to make it clear that the Debian full templates 
need these extra installs to work as templates for sys-XXX


FWIW, I've been using Debian templates as sys-xxx for years. The 
important thing to install is the wifi driver for use as sys-net. 
However, changes from this issue should eventually make that step 
unnecessary for most people:


https://github.com/QubesOS/qubes-issues/issues/5123

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/abea81cc-2c7c-19c8-72d3-88d3fa1b6d09%40posteo.net.

[qubes-users] Which Qemu does Qubes have and how to use?

2020-01-02 Thread Guerlan 
I'm trying to install macOS on Qubes. For it, it needs Qemu. There are two 
qemu-* in dom0:

qemu-img-xen and qemu-nbd-xen

I can't find options to see which versions of qemu they are. Where's the 
simple `qemu` command? And is it rigth to run it in dom0?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8637c8de-9110-430b-aa03-5be541fc6d90%40googlegroups.com.

[qubes-users] Re: Recommended laptop?

2020-01-02 Thread Guerlan 


On Tuesday, December 24, 2019 at 7:43:08 AM UTC-2, Ondřej Šulák wrote:
>
> Hello pals,
> for the last release of Qubes, what laptop would you recommend? Is there 
> any cheaper option which does have HW compatibility with latest Qubes 
> (ideally with shipping from EU), than this one:
>
> https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/
>  
> ?
>
> Thanks for any tips!
>
> Ondrej
>


Im running on a Razer Blade Steatlh 4k + touchscreen 2016 16gb RAM 512gb 
SSD i7 ultra thin. *Everything* works wxcept for the lid closing and 
opening but I'm trying to find a solution. Qubes runs very good on this 
laptop, I'm very happy!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da6966c6-c4d8-4465-85a6-dc9a27cb4206%40googlegroups.com.

Re: [qubes-users] Re: Recommended laptop?

2020-01-02 Thread Thierry Laurion 


Le jeudi 2 janvier 2020 00:10:09 UTC-5, Chris Laprise a écrit :
>
> On 1/1/20 8:28 PM, Thierry Laurion wrote: 
> > 
> > 
> > On Wed, Jan 1, 2020 at 4:12 PM Chris Laprise   
> > > wrote: 
> > 
> > On 1/1/20 1:36 PM, Thierry Laurion wrote: 
> >  > 
> >  > 
> >  > Le mercredi 1 janvier 2020 13:32:00 UTC-5, Chris Laprise a 
> écrit : 
> >  > 
> >  > On 1/1/20 5:43 AM, Lorenzo Lamas wrote: 
> >  >  > Hello Thierry, 
> >  >  > 
> >  >  > Thanks for all that you are doing for the community. Do 
> > you see a 
> >  >  > possibility of a Qubes Certified Laptop with an AMD CPU? 
> >  >  > Intel is affected a lot more than AMD by the sidechannel 
> >  > vulnerabilities 
> >  >  > in the last years. The Privacy Beast has a 3rd gen Intel 
> > CPU, Intel 
> >  >  > stopped providing uCode updates for 1st gen in 2019, so 
> > this year is 
> >  >  > probably the last year they will support 3rd gen. More CPU 
> >  >  > vulnerabilities will most certainly be discovered in the 
> > coming 
> >  > years, 
> >  >  > so there is a need for an AMD based certified laptop, or 
> > at least a 
> >  >  > newer generation Intel based laptop, even though that may 
> > mean we're 
> >  >  > stuck with PSP or ME. 
> >  > 
> >  > As much as I like the Insurgo/Purism/System76 offerings, this 
> > issue has 
> >  > weighed on me to reconsider. 
> >  > 
> >  > The massive amount of side-channel vulnerabilities have shown 
> > Intel's 
> >  > engineering is reckless, and it gets worse. They're still 
> pushing 
> >  > fraudulent compiler code – detecting and de-optimizing AMD – 
> > almost a 
> >  > decade after it was reported in the press. And they outright 
> > refuse to 
> >  > pay government fines relating to their misconduct – which 
> > also included 
> >  > threatening PC vendors with retaliation if they sell "too 
> > many" AMD 
> >  > units. 
> >  > 
> >  > Historically, when a behemoth like Intel goes renegade its 
> > because they 
> >  > know their products are superior and the public will accept 
> the 
> >  > situation as a trade-off. But the only thing that's 
> > "superior" about 
> >  > Intel is their attitude and their ill-gotten revenue. 
> >  > 
> >  > The biggest problem I see is peoples' willingness to go along 
> > with what 
> >  > is becoming a tradition of anti-competition. Whatever logical 
> > fallacies 
> >  > are put forward to make it seem palatable with CPUs will also 
> > undermine 
> >  > user motivations in other areas. 
> >  > 
> >  > Completely agreeing. This is why this 
> >  > 
> > <
> https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-549986749> 
>
> > 
> >  > needs collaboration to have real solutions in the future. 
> > 
> > The relative ease of using another x86 brand with better 
> implementation 
> > and ethics such as AMD makes it a clear choice in the meantime, 
> while 
> > the much more difficult and lengthy task of adopting open hardware 
> is 
> > pursued. 
> > 
> > People can wait 18-36 months for a Qubes port to POWER 
> architecture... 
> > That is 18-36 months of being subject to maximum side-channel (and 
> > probably other) risks and signalling a tacit acceptance of Intel's 
> > engineering. And at the end of that period, we still won't have 
> laptops. 
> > 
> > Only holding out for the perfect appears to be the enemy of good in 
> > this 
> > case; it is the wrong mindset for adding alternatives. Under these 
> > circumstances, there should be absolutely no hint that a robust x86 
> > alternative is somehow passe... but that appears to be the message 
> > coming from vendors. 
> > 
> > I am not aware of any AMD model to recommend on my end which would have 
> > the good mix of QubesOS well supported components to fit requirements 
> > and warned compatibility issues. 
> > 
> > If you have such model in mind to recommend, be part of the solution and 
> > let us know. 
> > 
> > Meanwhile, models that fitted the bill for workstation/server got 
> > dropped by coreboot by lack of interest from the community (KGPE-D16 
> > ). 
> It 
> > might be brought back under grant work (TBD), but AFAIK, there is not 
> > such trust altogether from the community torward AMD, not really more 
> > trust torward their PSP (ME equivalent) and not so much known right now 
> > from attempts reversing  it. 
>
> Yes, this has as much to do with community attitudes as anything else. I 
> would still expect some vendor to be able

Re: [qubes-users] Re: Recommended laptop?

2020-01-02 Thread Chris Laprise 

On 1/2/20 2:51 PM, Thierry Laurion wrote:



Le jeudi 2 janvier 2020 00:10:09 UTC-5, Chris Laprise a écrit :

On 1/1/20 8:28 PM, Thierry Laurion wrote:
 >
 >
 > On Wed, Jan 1, 2020 at 4:12 PM Chris Laprise  > wrote:
 >
 >     On 1/1/20 1:36 PM, Thierry Laurion wrote:
 >      >
 >      >
 >      > Le mercredi 1 janvier 2020 13:32:00 UTC-5, Chris Laprise a
écrit :
 >      >
 >      >     On 1/1/20 5:43 AM, Lorenzo Lamas wrote:
 >      >      > Hello Thierry,
 >      >      >
 >      >      > Thanks for all that you are doing for the
community. Do
 >     you see a
 >      >      > possibility of a Qubes Certified Laptop with an AMD
CPU?
 >      >      > Intel is affected a lot more than AMD by the
sidechannel
 >      >     vulnerabilities
 >      >      > in the last years. The Privacy Beast has a 3rd gen
Intel
 >     CPU, Intel
 >      >      > stopped providing uCode updates for 1st gen in
2019, so
 >     this year is
 >      >      > probably the last year they will support 3rd gen.
More CPU
 >      >      > vulnerabilities will most certainly be discovered
in the
 >     coming
 >      >     years,
 >      >      > so there is a need for an AMD based certified
laptop, or
 >     at least a
 >      >      > newer generation Intel based laptop, even though
that may
 >     mean we're
 >      >      > stuck with PSP or ME.
 >      >
 >      >     As much as I like the Insurgo/Purism/System76
offerings, this
 >     issue has
 >      >     weighed on me to reconsider.
 >      >
 >      >     The massive amount of side-channel vulnerabilities
have shown
 >     Intel's
 >      >     engineering is reckless, and it gets worse. They're
still pushing
 >      >     fraudulent compiler code – detecting and de-optimizing
AMD –
 >     almost a
 >      >     decade after it was reported in the press. And they
outright
 >     refuse to
 >      >     pay government fines relating to their misconduct – which
 >     also included
 >      >     threatening PC vendors with retaliation if they sell "too
 >     many" AMD
 >      >     units.
 >      >
 >      >     Historically, when a behemoth like Intel goes renegade
its
 >     because they
 >      >     know their products are superior and the public will
accept the
 >      >     situation as a trade-off. But the only thing that's
 >     "superior" about
 >      >     Intel is their attitude and their ill-gotten revenue.
 >      >
 >      >     The biggest problem I see is peoples' willingness to
go along
 >     with what
 >      >     is becoming a tradition of anti-competition. Whatever
logical
 >     fallacies
 >      >     are put forward to make it seem palatable with CPUs
will also
 >     undermine
 >      >     user motivations in other areas.
 >      >
 >      > Completely agreeing. This is why this
 >      >
 >
>

 >
 >      > needs collaboration to have real solutions in the future.
 >
 >     The relative ease of using another x86 brand with better
implementation
 >     and ethics such as AMD makes it a clear choice in the
meantime, while
 >     the much more difficult and lengthy task of adopting open
hardware is
 >     pursued.
 >
 >     People can wait 18-36 months for a Qubes port to POWER
architecture...
 >     That is 18-36 months of being subject to maximum side-channel
(and
 >     probably other) risks and signalling a tacit acceptance of
Intel's
 >     engineering. And at the end of that period, we still won't
have laptops.
 >
 >     Only holding out for the perfect appears to be the enemy of
good in
 >     this
 >     case; it is the wrong mindset for adding alternatives. Under
these
 >     circumstances, there should be absolutely no hint that a
robust x86
 >     alternative is somehow passe... but that appears to be the
message
 >     coming from vendors.
 >
 > I am not aware of any AMD model to recommend on my end which
would have
 > the good mix of QubesOS well supported components to fit
requirements
 > and warned compatibility issues.
 >
 > If you have such model in mind to recommend, be part of the
solution and
 > let us know.
 >
 > Meanwhile, models that fitted the bill for workstation/server got
 > dropped by coreboot by lack of interest from the community (KGPE-D16
 >

[qubes-users] Booting VM to single user mode

2020-01-02 Thread tetrahedra via qubes-users 

is it possible?

I tried using `sudo virsh edit MYVM` to add `single` / `init=/bin/bash`
(for fedora & debian, respectively) to the kernel
 but the settings would not validate, and after I selected
"ignore" to force it, the machine still did not boot into single-user
mode.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103005806.GA1058%40danwin1210.me.

[qubes-users] This is my HCL

2020-01-02 Thread William Derenne 
Hi,

Qubes OS is a great project !

Cordialy,


William DERENNE
DROON

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADo-Fh8QFtonxT8Xt-aGi-6RzQNHRhqKNQi2UauACUiZmjNvgg%40mail.gmail.com.


Qubes-HCL-LENOVO-81SX-20200102-151130.yml
Description: application/yaml

Re: [qubes-users] Booting VM to single user mode

2020-01-02 Thread tetrahedra via qubes-users 

On Fri, Jan 03, 2020 at 01:58:06AM +0100, tetrahedra via qubes-users wrote:

is it possible?

I tried using `sudo virsh edit MYVM` to add `single` / `init=/bin/bash`
(for fedora & debian, respectively) to the kernel
 but the settings would not validate, and after I selected
"ignore" to force it, the machine still did not boot into single-user
mode.


Solution:
qvm-prefs MYVM kernelopts "nopat single"

where `nopat` is whatever kernel options were previously listed in the
output of `qvm-prefs MYVM kernelopts`

Unfortunately there is still the problem that the VM is killed after 60
seconds because Qubes can't connect to the qrexec agent... anyone know
how to disable this?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103011849.GA1204%40danwin1210.me.

Re: [qubes-users] Booting VM to single user mode

2020-01-02 Thread 'awokd' via qubes-users 
tetrahedra via qubes-users:

> Solution:
> qvm-prefs MYVM kernelopts "nopat single"
> 
> where `nopat` is whatever kernel options were previously listed in the
> output of `qvm-prefs MYVM kernelopts`
> 
> Unfortunately there is still the problem that the VM is killed after 60
> seconds because Qubes can't connect to the qrexec agent... anyone know
> how to disable this?
> 
Try qvm-prefs with qrexec_timeout. 0 might disable, or some high number.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d56458a-6c8a-b6a5-9d37-c32135fdb3d1%40danwin1210.me.

Re: [qubes-users] Booting VM to single user mode

2020-01-02 Thread tetrahedra via qubes-users 

On Fri, Jan 03, 2020 at 01:25:36AM +, 'awokd' via qubes-users wrote:

Unfortunately there is still the problem that the VM is killed after 60
seconds because Qubes can't connect to the qrexec agent... anyone know
how to disable this?


Try qvm-prefs with qrexec_timeout. 0 might disable, or some high number.


using 0 gives the error "no such property: 'qrexec_timeout'"

High number works.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103014549.GA1285%40danwin1210.me.

[qubes-users] Mounting a VM's storage on a different machine

2020-01-02 Thread tetrahedra via qubes-users 

I have a VM that's having serious problems. Is there any way to mount
the VM's private storage (/rw/*) on a different VM, in order to recover
the data?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103014700.GB1285%40danwin1210.me.

Re: [qubes-users] Mounting a VM's storage on a different machine

2020-01-02 Thread tetrahedra via qubes-users 

(subject line is incorrect, should be "mounting on a different VM")


On Fri, Jan 03, 2020 at 02:47:00AM +0100, tetrahedra via qubes-users wrote:

I have a VM that's having serious problems. Is there any way to mount
the VM's private storage (/rw/*) on a different VM, in order to recover
the data?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103014700.GB1285%40danwin1210.me.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103014815.GA1330%40danwin1210.me.

[qubes-users] What happened to "paranoid mode"?

2020-01-02 Thread tetrahedra via qubes-users 

From back in the 3.2 era:

https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/
$ qvm-backup-restore --paranoid-mode

On my 4.0 install this option does not appear. Is it no longer
considered necessary?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103015531.GB1330%40danwin1210.me.

[qubes-users] Qubes OS 4.0.2 has been released!

2020-01-02 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

We're pleased to announce the release of Qubes 4.0.2! This is the second
stable point release of Qubes 4.0. It includes many updates over the
initial 4.0 release, in particular:

- - All 4.0 dom0 updates to date
- - Fedora 30 TemplateVM
- - Debian 10 TemplateVM
- - Whonix 15 Gateway and Workstation TemplateVMs
- - Linux kernel 4.19 by default

Qubes 4.0.2 is available on the Downloads page:

https://www.qubes-os.org/downloads/


What is a point release?
- 

A point release does not designate a separate, new version of Qubes OS.
Rather, it designates its respective major or minor release (in this
case, 4.0) inclusive of all updates up to a certain point. Installing
Qubes 4.0 and fully updating it results in the same system as installing
Qubes 4.0.2.


What should I do?
- -

If you installed Qubes 4.0 or 4.0.1 and have fully updated, then your
system is already equivalent to a Qubes 4.0.2 installation. [1] No
further action is required.

Similarly, if you're currently using a Qubes 4.0.2 release candidate
(4.0.2-rc1, 4.0.2-rc2, or 4.0.2-rc3), and your system is fully updated,
then your system is equivalent to a 4.0.2 stable installation, and no
additional action is needed. [1]

Regardless of your current OS, if you wish to install (or reinstall)
Qubes 4.0 for any reason, then the 4.0.2 ISO makes this more convenient
and secure, since it bundles all Qubes 4.0 updates to date.

*Note:* At 4.5 GiB, the Qubes 4.0.2 ISO will not fit on a single-layer
DVD (for the technical details underlying this, please see issue
#5367). [2] Instead, we recommend copying the ISO onto a sufficiently
large USB drive. [3] However, if you would prefer to use optical media,
we suggest selecting a dual-layer DVD or Blu-ray disc.

Thank you to all the release candidate users for testing this release
and reporting issues! [4]


[1] https://www.qubes-os.org/doc/updating-qubes-os/
[2] https://github.com/QubesOS/qubes-issues/issues/5367
[3] 
https://www.qubes-os.org/doc/installation-guide/#copying-the-iso-onto-the-installation-medium
[4] https://www.qubes-os.org/doc/reporting-bugs/

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2020/01/02/qubes-4-0-2/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl4OpQ8ACgkQ203TvDlQ
MDDQMhAAwtmOkAou4r0goWfBWNjrNey3nS+WjHm4VC9tRIkmGJ7Y7J5yIcGUbVzh
Zsk3vQsSx9kzjAreFFmqjS27XMEjf8PB0ZKBWA8OTjymqXeMfCoFfXpjKsDEXnOi
roRIYvHgk3NqDwUsJ+u9cDfYWka1lgoQB7Rn6iLaFd35ukSu1hJGZHeAZHst6VBh
g0EA8hq/ESTe3mfs8sdLpaO9c1ldH/rwmhBbJYpnKJ/Q+3MF7eX/hbenKSBtLjRN
Qd0QJW4aVjE5ZfryB6pJgga2JsMAF/1zJz0sjtdey4L+bkP2LkWrwvNM4z7rf+d+
0svS+9bg0jAreP5gHHUC6s2N+q3kYl4oPYTJjxOfnd3qJgtqQXnSAJ8/IMWHNtKR
KNK4I7ylo24FuUAZ36JP43eRXEAbKpjpIwcI3Fch2MWLRu+rRmRyv9ROEKSX8XqF
bi6cKR8os1t1hUmoqm7k5k/au7cW8WTJ3uGOiwFUiMhVZ5dmGDUkhVF8rIngi3qu
Zl6lomhI4nXTlguwdpJPnDbnEZAgYKLLgyV4mazrFgcp4zCZpgVSzwxtzC4v6yCb
BUcSnUvXpVHesrLLObs14ruwcMe5hRJCtaLk1fPwL6mdW/rPTGoqm2TCSWLQfQaF
z0ldcBo27v3QmvqO8fpNYDTLfadXocou8E4zrMutCIZCUoA6a2Q=
=K5j1
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50fdc3be-b208-2f04-1868-c530633cff5b%40qubes-os.org.

[qubes-users] linux on mobile - qubes perspective?

2020-01-02 Thread qtpie 
I guess many people on this mailinglist are using a smartphone, 
regardless of the downsides. More and more services are only fully 
accessible via smartphone, at least where Im from. Employers force you 
to. In 2020 we are probably going to see two new smartphones capable of 
running software based on the mainline linux kernel: pinephone an 
librem5. Im interested technically and security wise.


I'm curious about peoples view on this from a qubes/security perspective.

Two articles that will get you up to speed, first on hardware, second on 
software.


https://tuxphones.com/yet-another-librem-5-and-pinephone-linux-smartphone-comparison/
https://fam-ribbers.com/2019/12/28/State-of-Linux-on-mobile-and-common-misconceptions.html

Currently I'd say
- dont mix security domains on your smartphone that you dont mix on 
qubes (ie if you have separate qubes for work mail and private mail on 
your laptop, dont put work and private mail together on the same 
smartphone). This is hard though. Do people walk around with 3 or more 
smartphones?
- smartphones are less secure than qubes or well maintained regular 
linux pc's


Things I wonder about:
- Is there a possibility that we are in the foreseeable future going to 
see Qubes-level security (domain separation by baremetal virtualisation) 
on a smartphone/ARM? Is there an effort being made?
- Does the arrival of mainline linux on smartphones and other 
developments around pinephone/librem5 change anything for Qubes users in 
particular and security conscious people in general?

- Can we put more trust in these new phones than in current phones?
- Particular strategies for using the smartphone next to qubes in a safe 
way that arent commonly known.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/quclsp%24d30%241%40blaine.gmane.org.

[qubes-users] HCL - HP Elitebook 8460p

2020-01-02 Thread Tooth Fairy 
Now running 4.0.2-rc3, everything works. Have also run 4.0.1, 4.0, 3.2 and 3.1 fine.

The only thing that doesn work is S3 sleep in combination with Anti Evil Maid(problems started with 4.0) If S3 sleep is engaged, laptop will do a hard shutdown. When booting without AEM, S3 sleep works fine.

 

Anti Evil Maid works.

Sys-usb works(though sometimes the USB 2.0 ports don't, not sure if it is an issue of software or old hardware. The USB 3.0 ports always work).

Attaching USB devices to other VMs works.

Sys-net works with both WiFi and Ethernet(out of the box).

DVD drive works.

 

Webcam and microphone not tested.

 

 



-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-c89c2604-ab3f-4536-a218-ef39f677405b-1577823169720%403c-app-mailcom-lxa12.


Qubes-HCL-Hewlett_Packard-HP_EliteBook_8460p-20191231-095921.yml
Description: application/yaml

Re: [qubes-users] Mounting a VM's storage on a different machine

2020-01-02 Thread tetrahedra via qubes-users 

On Fri, Jan 03, 2020 at 02:48:15AM +0100, tetrahedra via qubes-users wrote:

(subject line is incorrect, should be "mounting on a different VM")


On Fri, Jan 03, 2020 at 02:47:00AM +0100, tetrahedra via qubes-users wrote:

I have a VM that's having serious problems. Is there any way to mount
the VM's private storage (/rw/*) on a different VM, in order to recover
the data?


Solved:
https://www.reddit.com/r/Qubes/comments/chgb3h/is_it_possible_to_access_files_inside_a_vm/f8ur03m/

Also put in a PR for qubes-comunity-docs with this info, since I saw a
few posts around the Internet for people asking how to do it and not
finding an answer.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200103023859.GA1491%40danwin1210.me.