[qubes-users] Fetching updates after disabling qubes-update-check in clearnet qubes

2020-07-13 Thread fiftyfourthparallel 
I came across this reply by unman while reading through the Qubes Whonix 
security 

page:

>It is the qubes that perform  update checks and then notify dom0
accordingly. So if you have a qube connected to clearnet it will check
over clearnet.
>You can disable this in clearnet connected qubes - it's the
qubes-update-check service.
>Or you can disable globally in qubes-global-settings.

https://www.mail-archive.com/qubes-users@googlegroups.com/msg27567.html

While the Whonix Wiki maintainer thinks its enough of an issue to include 
on the Whonix security page, Marek doesn't think time-based correlation is 
an issue ("When you actually download and install those updates (over Tor) 
in the template is up to you, it isn't immediately after checking if 
something is available, so time based correlation isn't really an issue here 

").

Though it's not clear to me whether this is actually an issue, I figured 
I'd do it anyways. My question is, if I wanted to disable 
qubes-update-check service, how would I go about updating my templates over 
tor? Do I create debian and fedora templates linked to sys-whonix just to 
get updates?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eadac1c4-f3df-4559-a2f1-edf58f7bb09fo%40googlegroups.com.

[qubes-users] Re: saltstack used to update firefox profile

2020-07-13 Thread liked2 

On 2020-07-13 13:48, unman wrote:

On Sun, Jul 12, 2020 at 05:55:56PM +0100, liked2-mmb7mzph...@public.gmane.org 
wrote:

Hi,

I'm trying to build up my AppVms with saltstack and currently stuck with 
updating my firefox profile because it's located in a randomly generated 
directory (where xxx are random alpha-numerics):
/home/user/.mozilla/firefox/xxx.default-release/prefs.js

1st try with file.append from saltstack seems not to work with wildcards:

/home/user/.mozilla/firefox/*.default-release/prefs.js:
?? file.append:
?? - text:
?? - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);

2nd try with a for loop also fails:

{% for file in salt[cmd.run']('ls -l 
/home/user/.mozilla/firefox/*.default-release/prefs.js') %}
{{ file }}
{ file.find type=f 
name='/home/user/.mozilla/firefox/*.default-release/prefs.js' }
?? file.append:
?? - text:
?? - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);
{% endfor %}


Do you have a 3rd working example/suggestion?


Thanks in advance! P.



I'm a great believer in keeping salt as simple as possible.
In this case:
```
echo 'user_pref("browser.startup.homepage", "https://www.qubes-os.org"; ); ' >> 
/home/user/.mozilla/firefox/*.default-release/prefs.js :
   cmd.run

```

If you *do* want complexity, your 1st try is a non-starter, as you've
discovered.
In the 2nd, I wouldn't use a variable name which is also the name of a
salt module. Nor would I use `ls` and `file.find` together - what's the
point? Otherwise that looks workable.



I agree to use salt-KISS but, with using the command line in salt renders it 
somehow less useful from my point of view. For example I've to be careful not 
to execute that script twice etc.

You're right with the second try. I just mixed 2 solutions into 1 during 
copying.

2a was using "ls":
{% for file in salt[cmd.run']('ls -l 
/home/user/.mozilla/firefox/*.default-release/prefs.js') %}
{{ file }}
file.append:
 - text:
   - user_pref("browser.startup.homepage", "https://www.qubes-os.org";);
{% endfor %}

Unfortunately, this fails with the error:
- Rendering SLS 'base:my_script' failed: Jinja syntax error: expected token 
',', got 'string'; line 1

2b was an attempt to use the find functionality, but I didn't manage to get 
this working. Error message is:
{ file.find type=f 
name='/home/user/.mozilla/firefox/*.default-release/prefs.js' }
  file.append:
- text:
  - user_pref("browser.startup.homepage", "https://www.qubes-os.org";);

This one fails basically with the same error.

Any other suggestions?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5c90b18-7159-d53c-b5cf-95e2ee13a061%40gmx.de.

[qubes-users] Trouble installing Whonix 15

2020-07-13 Thread shamaarmartin96 
I wanted to use the uninstall reinstall method to upgrade whonix 14 to 15 on 
qubes 4.0

Procedure:
1. Delete all whonix template packages 
2. Make sure dom0 is updated
3. Adjust whonix version to 15
4. Attempt to download and configure TemplateVMs with the command:
sudo qubesctl state.sls qvm.anon-whonix

Results: various errors
virtual machine does not exist!
Got empty response from qubessd
7 succeeded 
6 Failed

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cb9770d2-30ff-4f18-b279-7d931a28666fo%40googlegroups.com.

Re: [qubes-users] Problem installing KDE in Qubes 4.0.1...

2020-07-13 Thread Qubes 

On 7/13/20 3:15 PM, Andrew Sullivan wrote:

Download failed: Curl error (23): Failed writing received data to
disk/application for
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/current/dom0/fc25/repodata/5c730001e14b36382c932b29b017f5fbb519aec538fc7017bab03317192743f5-filelists.xml.gz  
[Failed writing body (4498 != 16384)]


You have a connectivity problem.


I did notice that a lot of the files seem to refer to Fedora 25, while I'm
using Fedora 30.


Installing KDE is installing something in dom0, that is why the 
repositories are pointing to fc25 and not fc30.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c982060-3038-c978-7f72-715ac6d1ed0a%40ak47.co.za.

[qubes-users] Problem installing KDE in Qubes 4.0.1...

2020-07-13 Thread Andrew Sullivan 
Hello

XFCE isn't my favourite DM so I tried to install KDE.

First, I issued the following command from a dom0 terminal:

sudo qubes-dom0-update @kde-desktop-qubes

After downloading a lot of files (or trying to, it fails with the following 
message:

Errors during downloading metadata for repository 'qubes-dom0-current':
  - Curl error (23): Failed writing received data to disk/application for 
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/current/dom0/fc25/repodata/389fc71cd8627e9157ef8d13cbdeb189f0791a09aea9f620736f0c405d8642fc-primary.xml.gz
 
[Failed writing body (401 != 16384)]
  - Curl error (23): Failed writing received data to disk/application for 
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/current/dom0/fc25/repodata/5c730001e14b36382c932b29b017f5fbb519aec538fc7017bab03317192743f5-filelists.xml.gz
 
[Failed writing body (4498 != 16384)]
Error: Failed to download metadata for repo 'qubes-dom0-current': Yum repo 
downloading error: Downloading error(s): 
repodata/389fc71cd8627e9157ef8d13cbdeb189f0791a09aea9f620736f0c405d8642fc-primary.xml.gz
 
- Download failed: Curl error (23): Failed writing received data to 
disk/application for 
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/current/dom0/fc25/repodata/389fc71cd8627e9157ef8d13cbdeb189f0791a09aea9f620736f0c405d8642fc-primary.xml.gz
 
[Failed writing body (401 != 16384)]; 
repodata/5c730001e14b36382c932b29b017f5fbb519aec538fc7017bab03317192743f5-filelists.xml.gz
 
- Download failed: Curl error (23): Failed writing received data to 
disk/application for 
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/current/dom0/fc25/repodata/5c730001e14b36382c932b29b017f5fbb519aec538fc7017bab03317192743f5-filelists.xml.gz
 
[Failed writing body (4498 != 16384)]

I did notice that a lot of the files seem to refer to Fedora 25, while I'm 
using Fedora 30.

I suspect I'm doing something wrong?

Thanks

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e75b966-548d-4b33-a974-43cf9dc6476eo%40googlegroups.com.

Re: [qubes-users] saltstack used to update firefox profile

2020-07-13 Thread unman 
On Sun, Jul 12, 2020 at 05:55:56PM +0100, lik...@gmx.de wrote:
> Hi,
> 
> I'm trying to build up my AppVms with saltstack and currently stuck with 
> updating my firefox profile because it's located in a randomly generated 
> directory (where xxx are random alpha-numerics):
> /home/user/.mozilla/firefox/xxx.default-release/prefs.js
> 
> 1st try with file.append from saltstack seems not to work with wildcards:
> 
> /home/user/.mozilla/firefox/*.default-release/prefs.js:
> ?? file.append:
> ?? - text:
> ?? - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);
> 
> 2nd try with a for loop also fails:
> 
> {% for file in salt[cmd.run']('ls -l 
> /home/user/.mozilla/firefox/*.default-release/prefs.js') %}
> {{ file }}
> { file.find type=f 
> name='/home/user/.mozilla/firefox/*.default-release/prefs.js' }
> ?? file.append:
> ?? - text:
> ?? - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);
> {% endfor %}
> 
> 
> Do you have a 3rd working example/suggestion?
> 
> 
> Thanks in advance! P.
> 

I'm a great believer in keeping salt as simple as possible.
In this case:
```
echo 'user_pref("browser.startup.homepage", "https://www.qubes-os.org"; ); ' >> 
/home/user/.mozilla/firefox/*.default-release/prefs.js :
  cmd.run

```

If you *do* want complexity, your 1st try is a non-starter, as you've
discovered.
In the 2nd, I wouldn't use a variable name which is also the name of a
salt module. Nor would I use `ls` and `file.find` together - what's the
point? Otherwise that looks workable.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200713124825.GB4984%40thirdeyesecurity.org.

Re: [qubes-users] broken link in https://www.qubes-os.org/doc/vm-sudo/

2020-07-13 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2020-07-13 5:53 AM, unman wrote:
> On Mon, Jul 13, 2020 at 11:51:15AM +0200, Peter Funk wrote:
>> While reading in the official Qubes OS documentation I discovered
>> a broken link in the page titled "Passwordless Root Access in VMs"
>> in "Background (/etc/sudoers.d/qubes in VM)".  I was interested in
>> the Background and was unable to find the mentioned 
>> https://github.com/QubesOS/qubes-core-agent-linux/blob/master/misc/qubes.sudoers
>> anywhere else.  Does anybody know where this was moved to?
>>
>> Best regards, Peter Funk
> 
> The contents of the file are there on that page, so you have already
> read it.
> As to your failure to find it anywhere else in master, it has been hidden in 
> the
> confusingly named "passwordless-root" directory. ;-)
> 
> https://github.com/QubesOS/qubes-core-agent-linux/blob/master/passwordless-root/qubes.sudoers
> 

I've removed the unnecessary broken link.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl8MRLEACgkQ203TvDlQ
MDAhThAAqpg2SjU308KbmF5vHw0hJ6RtyrtTbGUbzI44mpPf75J7ooqsl4dfeCEQ
oCkQPqRZLVUpxQMLvhFsEGBmlueQcB4peB8nSa3kwqwm7X9ZGsJskp8UuK9hgBE6
OnIggwCnCI543WODTLDuqk5WQkjDeFW+8etqnOkZch5BPlwbJ+vyQppa0b3rgR8y
zmIwk98i2nYWBMG5L2/eaF35+dN006xj3ZY+2c6lGEmxb0hMGLOvYTxScinktFjl
VDTbkLyiHQHgfFjM4XbfQjn8mdyybaRSAWDJrvJ/JRFmsz4wMVY2kR+3dBjh2wsq
r1e9EtFNmQYNBNOWT7Bwh53jOR+h/1cW931qVOIP+mH4vVguYV0puvF7wyCf+i0w
PuCQ9YWw62J6Oo4EB3UwvYzMGdgvPx3S7Ab/NKzZLPbHeheRBIOENgEkC7HFIL4H
loAJIAq7uGxZpGowhATxhIzgt/AVIiPfg6afEz/np8G9ed1Qx5FwPBiun8gLsYWE
VNxFpCxPJ0278DecgOaJxMjcY3LFLhMZrkcrT/96cG1ImJpd7dsO53Hm8yzXYq2I
s5ZfCIJZWaQOWEHTiei6EhofiAyPgi++2aY6Sejs6LdQqQMLBuXR6kmbUqw/ISY4
Hhj48kQr5Z8HP6L9HFwy5deIN4C5Tiri5wDsyzKPemKygwls+Jg=
=ubhS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c54e702-e380-c8ce-8685-9ed874f6252d%40qubes-os.org.

Re: [qubes-users] broken link in https://www.qubes-os.org/doc/vm-sudo/

2020-07-13 Thread unman 
On Mon, Jul 13, 2020 at 11:51:15AM +0200, Peter Funk wrote:
> While reading in the official Qubes OS documentation I discovered
> a broken link in the page titled "Passwordless Root Access in VMs"
> in "Background (/etc/sudoers.d/qubes in VM)".  I was interested in
> the Background and was unable to find the mentioned 
> https://github.com/QubesOS/qubes-core-agent-linux/blob/master/misc/qubes.sudoers
> anywhere else.  Does anybody know where this was moved to?
> 
> Best regards, Peter Funk

The contents of the file are there on that page, so you have already
read it.
As to your failure to find it anywhere else in master, it has been hidden in the
confusingly named "passwordless-root" directory. ;-)

https://github.com/QubesOS/qubes-core-agent-linux/blob/master/passwordless-root/qubes.sudoers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200713105358.GA4984%40thirdeyesecurity.org.

[qubes-users] broken link in https://www.qubes-os.org/doc/vm-sudo/

2020-07-13 Thread Peter Funk 
While reading in the official Qubes OS documentation I discovered
a broken link in the page titled "Passwordless Root Access in VMs"
in "Background (/etc/sudoers.d/qubes in VM)".  I was interested in
the Background and was unable to find the mentioned 
https://github.com/QubesOS/qubes-core-agent-linux/blob/master/misc/qubes.sudoers
anywhere else.  Does anybody know where this was moved to?

Best regards, Peter Funk
-- 
Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200713095115.GA15085%40pfmaster-P170EM.