Re: [qubes-users] Re: [qubes-announce] Qubes OS 4.0 reaches EOL on 2022-08-04
Dear Demi Marie What about between bisecting between 4.19 and 5.4? That sounds interesting. I am willing to test. The problem with staying on 4.19 is that eventually it will lose support upstream. Qubes is not RHEL, and we can't support an old kernel forever. That you cannot use your hardware on Linux 5.4+ is a bug, but without access to the hardware in question there is no way (that I am aware of) to figure out what the bug is so that it can be fixed. of course it is not a solution: it is a continued workaround, that allows to install 4.1 with an old kernel without being cut off other updates, for the time that the real problem takes to solve. *That alone* is helpful. Because what do I do next? Remove qubes 4.0 and install vanilla debian instead? Stay on unsupported Q4.0? Both seem worse than using the newest qubes on an old kernel: surely, it's not forever. I would really appreciate help of the dev's on that single point: an explication of how to sneak in an extrakernel in the iso. They do not need to explain iso packing & unpacking (that is easy), only how to twiggle the iso boot procedure. Thank you so much! Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd0f00dc-23d2-cf77-6ee8-7f3644ed02b2%40web.de.
Re: [qubes-users] Re: [qubes-announce] Qubes OS 4.0 reaches EOL on 2022-08-04
On 7/6/22 10:02, Demi Marie Obenour wrote: On Wed, Jul 06, 2022 at 12:27:11AM -0700, Peter Palensky wrote: Same here. Only 4.x and 5.4.175 kernel works for me (Dell hardware :-( ). I am afraid of losing that when updating... You see the 4.1 ISO contains an "extrakernels" folder (empty). The question is: which files go there, and how modify the iso-boot procedure so that one were allowed to select the kernel. Sounds like a reasonable feature, no? I failed on this: iso's are complicated, linux boot is complicated (and therefore abstracted out into software). > Yeah, this really needs to be addressed. Would it be possible to > bisect > between kernels 5.4.x and 5.10.x to see what went wrong? The relevant > git tags are signed by Linus Torvalds or Greg Kroah-Hartman, and their > public keys are in the (signed) qubes-linux-kernel git repository.> but as far as my dell hardware is concerned, 5.4 kernels are already unstable. I expect no gain from this! I guess adding the 4.19 (extra)kernel to the iso is the least painful way to go. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/62a3a2e3-59b7-9ede-ec58-a91168f24ef4%40web.de.
[qubes-users] Re: [qubes-announce] Qubes OS 4.0 reaches EOL on 2022-08-04
Dear Qubes Community, Qubes OS 4.0 is scheduled to reach end-of-life (EOL) on 2022-08-04 -- one month from the date of this announcement. that is bad news for those who, like me, are stuck with 4.1 install problems for >1 year. My computer freezes while install. I have asked many times how to include (e.g. by unpacking & repacking the ISO) an additional 4.19 LTS kernel in the installer and boot it: that would probably do the job. Alas, I got no help on this, yet. So I launch my question again. best, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/695de955-5922-0f43-9301-bb773159b4d8%40web.de.
Re: [qubes-users] Re: Q: Upgrading whonix-ws, auto-remove packages?
always use 'sudo apt autoremove' afterwards and never run into problems. So you probably can follow, what the upgrade function told you. Cheers :) Ulrich Windl schrieb am Dienstag, 5. Oktober 2021 um 23:53:02 UTC+2: Following the instructions, my upgrade ended with this message: The following packages were automatically installed and are no longer required: [50 lines removed] acl anon-iceweasel-warning apt-file binaries-freedom bsdmainutils bsdtar I'm wondering whether those qubes packages may actually be removed. I'm afraid to break my system when doing so. I do not share TheGardner's opinion. removing libraries like libcrypto or removing python or qubes-core-agent looks *very* suspicious to me. I'd think apt got lost. Was there some version change in the repos ?? (like underlying debian-10 to 11 that was messed up?) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2b0756c-9fb9-0bd2-f159-d49f9ab55af2%40web.de.
[qubes-users] how to modify qubes-installer-ISO
Dear qubes-community, I would like to modify the qubes-iso (add a different kernel, maybe add a wireless driver). Did someone here solve that already? A brief google on the subject reveals that modifying ISO's is not straightforward ... and touching the kernel may add extra difficulties. Thank you for your help, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9687038-0a99-59a8-cac6-16cd7421e577%40web.de.
Re: [qubes-users] i915 driver problems
On 9/1/21 3:11 PM, Sven Semmler wrote: I do have freezes and crashes with the 5.4 kernel and have to use 4.19 consequently. But I don't know what causes it. How did you determine that it's the i915 driver in your case? Sad for you, but I am kind of happy that I am not alone :) Maybe you add your experience to my bug report https://github.com/QubesOS/qubes-issues/issues/6397 as well? Sometimes I need a vanilla debian (life system on usb) to uefi-debug / emergencybackup. And even that one hangs from time to time, by spitting out a last word [drm:intel_cpu_fifo_underrun_irq_handler [i915]] ERROR CPU pipe A FIFO underrun Since the std debian is very stable and much less complex than xen + qubes, I take that as a hint (badly enough, when qubes freezes happen, qubes dies faster than kernel logs are written, so I have no other starting point anyways). For these reasons, my suspicion was early on the i915 driver. Also, i915 seems known problematic from 5.x kernels onwards any kind of other linuxes (google it). cheers, Bernhard P.S: my chipset is an intel 620 [8086:5917] rev 07. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec3db828-fe92-b0b1-b7ae-5fcdafb1e718%40web.de.
[qubes-users] i915 driver problems
Hello, I wonder if some of you guys have the bad luck of an i915 graphics card and found some solutions. For me, no >= 5.4 xen kernel works (freezes). So I still run it on 4.19 :) I first thought this to be an "evolution problem" since I use and update Q4 since its beta state. So I tried a new install on a new disc, but that fails even before finishing install, freezing as well :-( Even a plain "live debian" freezes from time to time with i915 errors, which gives a clue where the problem comes from. Is there maybe a way to tweak the installer? Thanks, best, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c02775dd-5079-5532-6d54-35ca012e6201%40web.de.
Re: [qubes-users] Dom0 kernel panic
On 3/3/21 3:29 PM, frag face wrote: Hi all, I'm running Qubes 4.0 My dom0 doesn't boot anymore (following an aborted Fedora update it seems...). Boot runs to kernel panic, see attached image. From a newly installed Qubes on a different disk, I can mount my crashed disk, decrypt it and access all my Qubes, DOM0... I see two options to recover my environment (and would prefer the first): 1- Fix my Dom0 environment on my crashed hard drive (I have another drive with a newly installed Qubes 4.0-rc3) 2- Save my qubes from my crashed disk, and restore them on my new 4.0-rc3 install. Any advise to perform a rescue for option 1 or 2 is welcomed ! 1) try to boot from a life system. Mount /boot and, in case of UEFI, have a look in efi/qubes/xen.cfg or efi/BOOT/xen.cfg you should be able to select a older kernel. Maybe that allows to reboot. 2) emergency backup is a good idea in any case. Open the encrypted volume (using luks)then runvgchange -ayto activate all logical volumes. With lvscan you should be able to see the names (something like qubes-...-work-private qubes-...-work-root etc It is the "private" one that you want. Mount them (they are all in /dev/mapper/ ) and "rsync -auv" your data to a harddrive in respective subdirs. That is less safe than the paranoid version of qubes-backup since its grasps all ".config" files, but at least you have a full take. Good luck! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ac3a6b2-9d0f-cb77-0ae0-a62e2f740d7c%40web.de.
Re: [qubes-users] Memory balancing very inefficient
This behaviour might be linked to errors (e.g. my qubes install does not support 5.x xen kernels: crashes can be caused by "memory stress" and even if not, they always finish by loads of qmemman log entries, before deep freeze (not even a kernel panic, just sudden death) What does "your qubes install" mean? Mine has been auto-updated to kernel 5.4.88-1 mine too. But since this kernel crashes after 2-30 minutes I downgraded (xen!) kernel back to 4.19.163. That works, at least. My App-VM's run smoothly on 5.x kernels, even kernel-latest does fine. I current think about limiting all small VMs to 256MB and dom0 to 2 GB of RAM (by GRUB parameter) lacking any idea for a better approch. Tell us if that works! My qubes has no grub. But you can set kernel params in /boot/efi/EFI/qubes/xen.cfg Again: What is special about "my qubes" ? that is a poor try on non-violent communication. I have no grub installed: qubes (4.0) came out of the box like that (using UEFI, as did qubes 3.x before). I am surprised that qubes uses grub in other settings :)) I modified /boot/grub2/grub.cfg (changing all dom0_mem=max:4096M values) and this works as expected. After a few hours I could not figure out limitations having the limits in place. very good news, thank you. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d525b4f-3906-4dde-1279-3b9c85dd5efc%40web.de.
Re: [qubes-users] Need to fix boot process broken by kernel update. Data is safe.
Is there a standard HOWTO I can follow to fix the boot process (to go from a grub / xen.cfg that fails to LUKS decrypt and load unencrypted rootfs) Not that I know. Would be helpful, indeed. Unfortunately the grub update for the kernel upgrade seems to have messed up the boot process. How do I figure out if it's installed for BIOS or UEFI mode ? That is in your BIOS. If it is "legacy" it means old-school MBR, if not it should be written UEFI somewhere. My data is safe and LUKS encrypted . I can use a live USB to decrypt it, access it and I also have made 2 backup copies. good. So with nothing to lose I tried to fix the boot manually from a live USB including creating /etc/default/grub but situation is no better. I had similar problems recently. If it is UEFI (and I guess so), efibootmgr is your friend (not preinstalled on debian-live, but you grab it easily via apt-get). Also look the "UEFI troubleshooting" qubes webpage! You can re-do the qubes boot entry with efibootmgr (please read the man page, syntax is not memorisable for me). Good luck, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9296d3c7-7ea1-b9f0-23ac-2153920095f9%40web.de.
Re: [qubes-users] qubes-mirage-firewall 0.7
On 5/19/20 3:11 PM, sschi...@gmail.com wrote: I'm pleased to announce the release of qubes-mirage-firewall 0.7: https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.7 <https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.7> I try to build on buster, but already new-docker fails. DKMS: install completed. Building initial module for 4.19.120-1.pvops.qubes.x86_64 Error! Bad return status for module build on kernel: 4.19.120-1.pvops.qubes.x86_64 (x86_64) Consult /var/lib/dkms/aufs/4.19+20190211/build/make.log for more information. dpkg: error processing package aufs-dkms (--configure): installed aufs-dkms package post-installation script subprocess returned error exit status 10 Errors were encountered while processing: aufs-dkms If I ignore it, (docker is installed, but incomplete), the build fails, without surprise. Someone has a hint on that? Cheers, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b8f1d893-192b-7722-4962-18bb14cfce33%40free.fr.
Re: [qubes-users] ANN: Wyng beta, a fast incremental backup tool
'Wyng' is a backup program I've been working on for a while that can quickly backup "thin LVM" storage, the kind Qubes uses by default: Link https://github.com/tasket/wyng-backup I like your other scripts, so I had a look. That seems so damn complex at first glance! Maybe you want to improve your "readme" by some simple examples of "mise en oeuvre": assume I have a qubes machine and a backup-harddrive in my hand. What would be the steps to do? Can you stock your backup in a luks-container? Since you use "streams" can (can't?) there be a -whatever cipher- in the middle of your stream treatment? I did not get these informations from your text within reasonable time. Maybe I am stupid, but maybe I am not alone with that :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cca1a41-186a-ad5c-e420-520ad85b2cc5%40web.de.
Re: [qubes-users] Scary Systemd Security Report
Also, I see that you have many services that need not be there - some of these will be disabled by Qubes- some you do not need in every qube (cups-browsed, exim4, tinyproxy etc). how do get rid of them? exim for example looks to me like a virus. I found no way to uninstall it without destroying debian ... the trick is maybe to keep them, but disabled? Cheers, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ffa60bad-0bd8-156e-597a-1cc90b056a41%40web.de.
Re: [qubes-users] How do I get Started?
By default network cards are assigned to sys-net and are not visible in dom0 (as far as I know). Open the Qubes Manager -> sys-net -> VM settings -> Devices tab, and make sure your network card is assigned to it. So you need to run lsusb or lspci from within sys-net, not dom0. You should also run `iw list`, `iwconfig`, and/or `ifconfig` in sys-net. Let me clarify: PCI network cards are assigned to sys-net and not visible in dom0 by default, regardless of USB Qube. Other PCI devices remain in dom0. I can "see" they exist by typing lspci in dom0 (including network cards, and the usb controller). My understanding is that while dom0 can see them, they cannot see dom0 nor other qubes than the one they are attached to (and dom0 will not talk to them unless a game-over event occurred). If using a USB Qube: all USB devices are assigned to sys-usb and not visible in dom0. I assume USB network cards are automatically passed thru to sys-net from sys-usb. I never checked that. Maybe you need to pass them over by hand. That is what I would expect at least. You also have the option of combining sys-net and sys-usb into the same Qube so no passthru is necessary. (Or is that mandatory when using USB network cards and a USB Qube?) USB is one attack surface, network another. I would suggest to keep them apart. In fact, a USB qube does not need any networking at all (not even internet access). Imagine its becomes victim of a "bad-usb" then it still cannot 'break out' and phone home, for example. Actually my sys-usb is halted by default unless I really need it (consequence: if you plug any usb device, nothing happens. just nothing.). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0bc7459b-6110-4b93-b3d7-a8cd9ed16cf9%40web.de.
Re: [qubes-users] Days since last backup
However, I am stuck on how to determine how many days it has actually been since the last backup. What you are looking for is this command: qvm-prefs --get $vm backup_timestamp Nice. In case of a "manual backup", can you also set the variable that way? Like qvm-prefs --set $vm backup_timestamp 2019.11.22-00:00:00 (or some other time format) ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7939b014-2605-dd43-2f14-1a33a29e0b82%40web.de.
Re: [qubes-users] Re: Copying text to/from Dom0
That's the document I was referencing, but it doesn't mention using the clipboard, only files. It seemed to me that passing plain text by the clipboard to dom0 was going to be more secure than passing a complete file, so assumed that would be the preferred method. Does such a mechanism not exist then? There is a reason. Look for example here: https://security.stackexchange.com/questions/113627/what-is-the-risk-of-copy-and-pasting-linux-commands-from-a-website-how-can-some https://unix.stackexchange.com/questions/15101/how-to-avoid-escape-sequence-attacks-in-terminals better write/copy in a file, check it carefully and transfer then. And check again. Many other attacks are possible.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c3fbe112-3fb8-d9db-3611-a2c4d09034c1%40web.de.
[qubes-users] boot qubes with detached luks header on sdcard ?
I wonder if I could encrypt my (only) disc is a "headerless" more and store the header on a separate sdcard. Once any linux-type system is completely is booted this is easy. But can the qubes bootloader do that? (this needs to find and mount the sdcard first, then fetch the header there ). Some experience with that? Cheers, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/770005ca-4733-d831-136e-6ee5dcc5fedd%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] sys-usb needs more than default RAM to mount LUKS encrypted backup volume
You shouldn't mount encrypted drives on sys-usb. Use qvm-block to attach the partition to a different VM, then mount it there. This is a good question, I think. Since we distrust sys-usb I agree that we should not do the cryptsetup operations in sys-usb. But if you distrust the attached device as well (might be safer, right?), one might attach the luks-partition (resp. file) first to an intermediate (even temp !) VM, luksOpen it in there and re-attach the generated /dev/mapper volumes to the destination VM. That way sys-usb is blind to cryptsetup and the destination-vm is maximally protected from usb-based attacks. Overkill? Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/205543a3-89e6-5a55-f607-f48a6dd73d35%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: 4.0 not updating dom0 nor fedora?
On 04/18/2018 03:58 PM, anon432 wrote: I am getting the same error in dom0 and also getting "No New Updates" - which I know is not true. Does anyone have a link to a github issue where this has been filed? https://github.com/QubesOS/qubes-issues/issues/3737 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/435b6012-3acc-192f-9669-45b301525757%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] extract file from image backup
> > Apologies, missed your post donoban. But looping the backup seems interesting, I suppose it must be possible with the decryption too. > Yes, it is. I backup by data that way since Q4 - the qubes-backup may be more "handy", but I prefer knowing every single detail on encryption, etc myself. You may mount a luks-container in sys-usb (for example), and then attach one-by-one your app-vm private.img to sys-usb using the qubes widget; after mounting them (ro of course) you can simply rsync your data, most conveniently to the backup volume. Your app-vm will not be exposed to usb that way. If you have a full dd take of your qubes system (I understood you inital mail like that), be aware that the some image files are rather like "dd disk images" rather than "dd partition images", which means you cannot use the most straightforward mount on the loop device (you never mount a disc, but a partition!). Instead, have to read the offset of the partition start using fdisk or similar, and provide this offset to the mount command. A quick google reveals the details on this procedure :) Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/439262ae-b08c-fb00-d7b6-06a3c4b8d871%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] reboot sys-net
On 02/02/2018 11:58 AM, Ilpo Järvinen wrote: > On Fri, 2 Feb 2018, Bernhard wrote: > >> Did by chance someone write a dom0-script that >> >> a) fetches a list of all (running) appvm's that use sys-net. >> >> b) setting their net-vm to "none" >> >> c) reboot sys-net >> >> d) undoes step (b) >> >> That would allow to confortably reboot sys-net (same ideas apply to >> sys-firewall & sys-whonix) and could help many people in many >> situations. I am not a bash hero, and before losing half a day on this >> useful script, I prefer asking if someone did it already :) > I didn't have it already but it wasn't too difficult to do so I wrote one > as it seems somewhat useful. Awesome! Thank you very much. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36c7f28f-90a7-f322-d5fc-3ff3a90af580%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] reboot sys-net
Did by chance someone write a dom0-script that a) fetches a list of all (running) appvm's that use sys-net. b) setting their net-vm to "none" c) reboot sys-net d) undoes step (b) That would allow to confortably reboot sys-net (same ideas apply to sys-firewall & sys-whonix) and could help many people in many situations. I am not a bash hero, and before losing half a day on this useful script, I prefer asking if someone did it already :) Thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc35b472-0c8c-df87-a0d7-3705f9a2d1ce%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Q4rc3 debian-9 template fails to update.
On 12/18/2017 07:34 PM, David Hobach wrote: > > > On 12/18/2017 03:58 PM, Chris Laprise wrote: >> On 12/16/2017 07:49 AM, Yuraeitha wrote: >>> On Saturday, December 16, 2017 at 10:51:30 AM UTC, Chris Laprise wrote: >>>> On 12/16/2017 04:21 AM, haaber wrote: >>>>> I freshly installed debian-9 ; when installing packages, apt-get >>>>> hangs >>>>> for days(!) with >>>>> >>>>> 81% [waiting for headers] ... >>>>> followed by Err:XX Connection failed. >>>>> >>>>> Has someone an idea where to look / how to procede? (there is >>>>> definitely >>>>> no other apt* running ). Thank you, Bernhard >>>> >>>> I just updated a freshly-installed debian-9 on 4.0rc3 two days ago >>>> without connection errors. >>>> >>>> The difference may be that I have been updating my dom0 with >>>> --enablerepo=qubes*testing, and a template having connection errors >>>> suggests a problem with dom0/xen or with whatever is running sys-net. >>>> >> >> Now I'm experiencing this with fedora-26 updates. > > Yes, I know that issue for quite some time as well on debian-8 (I had > done a testing upgrade there some time ago as well). Disabling the > Qubes proxy & allowing a direct connection fixes it for me, but of > course that shouldn't become a permanent solution. > I don't like direct connection. I am more and more convinced that hilbernate/suspend is the origin of these problems. I tried out a full reboot of all net-related qubes (sys-net, sys-firewall, sys-whonix) , and that indeed solves the pb. I now look, as a better workaround, for a dom0-script that: on running qubes saves the NetVM setting, then sets NetVM to none, then reboots these 3 bad guys, and finally restores old NetVM's. How could this be done? Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b21b25a3-4188-be6d-aad1-325360ba8d78%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Q4rc3 debian-9 template fails to update.
2) Does restarting all of Qubes, and immediately update debian-9 after full startup, make any difference? I.e. I've experienced issues on longer running Qubes 4 my self, but mostly my issues are triggered by suspend/hibernate or if HDMI plugged TV-screen goes to sleep mode on its own (even if laptop screen is not sleeping). It triggers various of weird system issues, I'm suspecting it's driver-module/kernel related, but I'm not really all that sure. A full system restart however, makes everything work fully again. Perhaps you experience something similar, yet different at the same time. Either way, quick way to find out whether a full restart works or not. >> YES! So I guess things are linked to hilbernation problems when I close >> the lid. Is there another cure than full reboot? Bernhard > aha, this should narrow it down to possible suspects indeed. > > Just to be sure, there might still be a possibility that the restart fixed > another issue, of an origin we didn't speculate about. Was it a single case > issue the restart fixed? Or do you encounter repeatedly issues after > hibernation which are fixed with restarts? Just to verify, so we don't jump > to conclusions too fast. > > I'm guessing your issue is pretty much similar to my own, except we > experience somewhat different symptoms, originating from the same cause - > hibernate/suspend. You can see my github issue rapport here from a few weeks > back (I haven't had the time to keep the rapport updated due to emerging > deadlines hunting me down, but I plan to return to it eventually. Also it was > different back then, the issue I rapported back then has changed somewhat > (slightly) between that date and today. I plan to update there soon as well); > https://github.com/QubesOS/qubes-issues/issues/3359 > Feel free to add your own experiences of the issue if you think it has > similar root causes. The symptoms might be different, but the cause/trigger > appears to the similar. > > Possibly it's the admin mechanism that breaks down? I experience issues in > the domU windows, like the Qubes coloured panels, or Qubes widgets, general > graphical freezes, or entire forced restarts during suspend because it > doesn't suspend while in my bag but stays awake when it's supposed to be > suspending, etc. Perhaps, your issue is similar, but you get networking > issues instead, i.e. when updating. > > So all this might be somehow related to the admin mechanism, I'm speculating > now though, but it seems like a good place to start given the clues so far > seems indirectly to point towards it. > > You can throw a link there back to this thread on github, if you find it > useful to do so, if you decide to make a post on the github thread. If you > don't plan to post on github, do you mind if I link to this thread instead > for extra references? Once I get around to it of course. I think it's a good > idea to show more people have this issue (assuming it indeed has a shared > trigger/cause), perhaps it can provide extra clues of the overall bug. > > The problem right now though, is to narrow it down more precisely, so the > exact issue can be found. > > Also, something that changed in recent updates (I'm sitting on > current-testing updates), is that it now appears to be enough to only restart > all network based VM's (non network based VM's are fine and don't need > restart). Basically, sys-net and sys-firewall are messed up. This makes it > easier, as it no longer requires a full system restart. Is this the same for > you too? > I am not on github, but feel free to link our discussion there. I confirm that strange things happen after (too many?) hilbernations. One amazing behaviour is that I cannot start new applications neither from qubes menu nor the dom0 terminal. A command like "qvm-run work xterm" will just come back to command line without anything happening. This is non-working behaviour persists when AppVMs (but not the qubes-system) are rebooted. On the other hand side, running apps inside an AppVM work normally, and if I happen to hold a terminal open in each appvm I can launch new processes easily. This suggests that the problem sits really in the "qubes part". Bernhard PS: For those that might want to join our discussion: Q4rc3, updated with --enablerepo=qubes*testing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b36103bc-c1b7-742f-9056-d2d17355a2df%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] sys-whonix / tor / thunderbird
Hello, one of the most useful features of tor-browser is Ctl-Shift-L to change the tor-path (and so, with high proba, the exit node IP) : this way, websites that block a specific exit node for a certain time can be still loaded (of course some fascist websites block all tor-exits and so that this measure does not help) . I feel that the same feature would be useful in other applications (in particular in thunderbird). How can this be done? Maybe a "forced reconnect" of IMAP connections suffices, but apart totally restarting thunderbird I don't see how this can be done. Any hints? Or is there good reason not to torify mail-fetching? Or never via IMAP? thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e980fe7b-398f-bfe7-a13b-6b169ce06562%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] mount root.img files [solved]
> So I would like to "break in" the vm-template as dom0, and change > that one line in /etc/pam.d/common-auth back. But how to mount the > root.img file? I answer my own question, since this is more easy & efficient than I thought, and should help others in many cases! (0) make sure template-vm is halted. (1) as dom0 root: (a) fdisk -l path-to-root.img Then read off the start sector of ...root.img3, (say, 1000). Multiply that value with 512 (512000 in my example). (b) mount -o loop,offset=512000 path-to-root.img /mnt (change 512000 by your value) (c) modify bad config files (d) umount /mnt (2) restart template-vm and we're back! Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bb6ea5f3-73aa-b6e0-4d32-e3f2a11d8d4c%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] mount root.img files
Hello, I brought myself in trouble, when I (badly) followed the vm-sudo instructions : as non-root, I modified (using each time sudo) the file /etc/pam.d/common-auth in debian-8. Now, at the follwoing steps I would need to sudo again - but the process is blocked (saying 3 times bad password), since the new VMAuth is (only) partially set up. - Of course, qubes-revert command for template vm does not exist in Q4, that would be too easy. - Actually, reinstalling debian-8-template fails as well, since there seems no package named qubes-template-debian-8 in contrast with the qubes documentation - So I would like to "break in" the vm-template as dom0, and change that one line in /etc/pam.d/common-auth back. But how to mount the root.img file? I tried a losetup & mount approach, but the file is non-mountable. I have not found any documentation either. So I ask in despair for some help. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c601bc55-8bfa-39eb-f396-a20b08bff24a%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] A lot of trouble with qubes 4.0 rc2
On 11/20/2017 09:34 PM, Chris Laprise wrote: > > If possible, you should try doing a full update with testing release: > > qubes-dom0-update --enablerepo=qubes*testing Thank you for helping me. I'll try this out quickly & tell (all of) you on this list. >> 2) I created a large (150G) personal appvm. The "max system storage" is >> still 10G and I don't see how/where this could be changed. When >> playing back backups, the fs is de facto limited to these 10G - so rsync >> fails at some stage; from this moment on reboots fail as well (with >> qrexec-error). journalctl gives no help (the journal keeps silent while >> launching "qvm-start personal" in the neighbour terminal). > > System storage (the template) is different than private storage, and I > believe its the latter you should be concerned about. Not sure just > how you are using rsync... a lot depends on what your source and > target are. > Here is my procedure: I have a usb disc. I attach it to the appvm, loop the luks container to /dev/loopX, cryptsetup luksOpen it, and mount then the /dev/mapper/backup . Then I use (as root) rsync -auv /backup/appvm-name /home/user/. The data is 140G so I gave 150G to the appvm as private storage. The rsync fails after ~6GB of data transferred. Is this possble since the (standard install) LVM-thin cannot provide quickly enough disc space?? Alternatively I can start the appvm, pause it, attach its private.img to sys-usb and follow then the above procedure as root in sys-usb (this is how I made the backups, since I prefer doing them by hand). Is there some flaw in my procedure? Thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/755eb516-14e5-8d93-e456-8bd8e0e73682%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] A lot of trouble with qubes 4.0 rc2
Hello, I jumped into cold water and have a fresh install of 4.0rc2. It seems almost completely disfunctional at this stage. Problems are: 1) starting (larger) appvms result in a systematic qrexec-daemon error. First I thought this would be debian specific, but it is not. I have 16G ram, and try to start a single f25 based appvm ...I read some people suggesting to install xen-hvm-stubdom-linux 2001:4.8.2-10.fc25 -- I tried this, but no notable change (after coldboot). I tested if HVM / PV could help. Quick answer: No. 2) I created a large (150G) personal appvm. The "max system storage" is still 10G and I don't see how/where this could be changed. When playing back backups, the fs is de facto limited to these 10G - so rsync fails at some stage; from this moment on reboots fail as well (with qrexec-error). journalctl gives no help (the journal keeps silent while launching "qvm-start personal" in the neighbour terminal). I hope I can get some help here, since I will have to reinstall 3.2 otherwise :( Thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b92699b1-688b-3384-c063-babe6eb41bc2%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes 4.0rc2 - debian appvm fails with qrexec-daemon message
Hello, with your nice help I happily installed Q4.0rc2. Then I created a bunch of debian-8 based appvm's, to copy my data back from the backup. But they don't start, finishing with "Cannot execute qrexec-daemon" error. I hate that error : no clue where it comes from. Any hints? Thank you! Bernhard P.S: First, I thought that this is the annoying but harmless "after-tempate-change-xfce-menu-messy" bug (which forces to go to VM settings, remove all Applications, save, go there again, put them back & save again to get all symlinks right). But the problem is somewhere else. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2af9d708-912a-a7b6-09e8-d510f4bdfda8%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes 4.0rc2 install question
On 11/20/2017 05:38 AM, taii...@gmx.com wrote: > I tried toinstall Q4.0-rc2 today. To my surprise the installer warns me >> about hardware incompatibilities that should not exist, according to the >> HCL : I have a i7-4600U cpu that has VT-x with EPT and VT-d as it >> should. >> So I am confused ... qubes-hcl-report says "HVM not active", same for >> "I/O MMU" and further "no HAP". Is this a maybe BIOS setting I have to >> change? Or another (non-cpu) hardware incompatibility? Thank you, >> Bernhard > You gotta enable them in the BIOS configuration menu of course, > assuming your motherboard has implemented those features. Thank you, that was all. I am astonished that features of the CPU must be enabled by BIOS, this was out of horizon of imagination to me. Best, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b8c8035-d366-ddaf-524a-fc6b833761c6%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] http filter
Hello, in the (nice) tutorial https://www.qubes-os.org/doc/config/http-filtering-proxy/ it is suggested to run the tinyproxy inside the FirewallVM. That is estonishing to me. I would think the qubes way were to have a proxyVM (based on some minimal template) that is set *behind* Firewall and on in it. one ascii picture replaces ten phrases: Jungle <-> SysNet <-> FirewallVM <-> ProxyVM <-+-> AppVM1 <-+-> AppVM2 So here are my two questions: - is this better than the suggested tinyproxy-in-FirewallVM ? - did someone set up his filtering that way and give some hints / errors to avoid? Thanks, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61ea05f9-9f6a-403d-7052-4deb8f56fb0d%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Weird SSL issues
> Hello Qubes community! > > I have a weird issue with SSL (HTTPS) access. > > Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal sys-firewall. > Any app-vm running Fedora 24 or Debian 9 (have not tested any other) have > issues connecting to https sites with Chrome, Chromium or Firefox-esr. > Sometimes it works, sometimes not... > > I have tested on numerous wired and wireless network with the same result. > > Please help me figure this out! > > Dominique > Hello, I sometimes have SSL issues that all from the fact that the time in the appvm are wrong (sometimes even in the future) - although dom0 is accurately set up. If you have a cure to that (especially for debian) I am interested ... maybe you experience the same problem? Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/790483d5-87ae-e2e2-9f25-d1b30bade364%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to extract a backup from dom0
> After the recent update I lost all communications out of dom0, no > network as already described here > https://groups.google.com/forum/#!topic/qubes-users/unDqbBa_k_Y > <https://groups.google.com/forum/#%21topic/qubes-users/unDqbBa_k_Y> > > Also USB sticks do not mount anymore even after deleting all > assignments of 00:1a.0 and 00:1d.00 > > But dom0 still works, so made a backup of all VMs. But how to take > the backup out of dom0? Boot a live-linux with built-in LUKS support. Tails for example (activate root access after boot). Then "break in" by hand following standard tutorials "how to mount a luks drive", and copy all to your usb disc. consider generatinga huge sparse-file, say, BACKUP.enc then loop-it: losetup -f % findes out a free slot losetup /dev/loopxxx BACKUP.enc Now /dev/loopxxx is a device that can by crypt-setuped by luks in a standard tutorial way. Mount it, and move your data in. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/05617375-2010-3610-db90-0ca9c8e24b46%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] debian minimal
Hi Unman & ubestemt, thank you for your patience. I followed Unmans hints. The difference is that, due to no-full-fedora-appvm-working-error I was using a f-24-minimal als starting point. This is bad, since minimal means minimal.. so the setup script failed miserably several times without surprise. The first ones seemed easy. I added dialog, dialog-devel. Then it was dpkg-dev and debootstrap that were missing. Got them as well. Since gpg is used & installed I added as a guess additionally openssl & openssl-devel as well. Now I am stuck: Setup spills out Traceback (most recent call last) File ./setup, line 1919 in main(sys.arg) File ./setup, line 1902, in main Wizard(DialogUI(), **args)** File ./setup, line 1190 in __call__ self.verify_keys(self.keys, force=False) File ./setup, line 1233, in gpg-verify_key _env=env .. UnicodeDecodeError: 'ascii' code can't decode byte 0xc3 in position 91: ordinal not in range(128) This error, as suggested here https://stackoverflow.com/questions/21129020/how-to-fix-unicodedecodeerror-ascii-codec-cant-decode-byte is due to some coding problems. Maybe some 'errors' in the setup script never appear in a rich-fedora system, but fail in fedora-minimal? I have no clue how too fix that. Anyone might help? Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fc72dc9f-e4ce-4ef7-e609-2380e533c73b%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] debian minimal
Hello, I ask again about a debian-8/9-minimal (preferably with coldkernel). I know there was already a discussion on the subject, but I could not gather enough information yet to start myself. There is a conf file debian-8-minimal-3.0.2-201505170018.conf on github. The date "2015" is not completely re-assuring. Is there a newer one? Even if it were up-to-date, what do I do with this file? Could someone give me a brief summary (or give diff's to the well documented archlinux building process)? Thank you! Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1cccd7ad-008a-6b69-7231-5b3cc092eeb4%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] debian8's thunderbird dead
Hello, since debian-8 rebraded icedove thunderbird, they are all dead. On the command line the just spill out "Killed" verbose or safe-mode give no better information. This may or may not be linked to the change in debian8 - it may also be linked to the "immutable script" in rc.local that I copied after some hardening discussion here in the forum 2 months ago. I don't see how, but since I am lost I look for any possibility. May you help me? Thx, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/164f213e-7364-608b-c6a7-80bf6c222c38%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Breaking the Security Model of Subgraph OS
> What exactly makes subgraph special and not just another > apparmor/selinux MAC type clone? > > The firewall is a neat bit of progress however, but again that can > also be accomplished with an apparmor MAC default profile however > allow app to access site etc is only on an IP basis not a DNS basis > (dns basis is sketchy anyways). I perfectly agree that this 'phone home' business is inaccaptable. If you consider that this type of firewall is easy to set up within qubes I invite you to write a small tutorial on the subject for 'normal users' .... thank you! Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c8dc688-20c2-f88e-c2ae-555258bb5da2%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Alternate net-vm
> Hello All, > > Does anyone use an alternate net-vm and have any notes on setting it > up as I am having problems with internet connection? I am going to try > getting it going but wondered if there was an alternative! > Hello, I used a debian-9 by the mentioned clone & update process and also a fedora-24-minimal that just needs to be enriched by fwireless irmware. Both work well. All the best -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0747ee7a-ce67-fa79-1b4f-4ecf08ba124e%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-create-default-dvm fails
On 03/06/2017 02:55 PM, Unman wrote: >> self._update_libvirt_domain() >> File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", >> line 755, in _update_libvirt_domain >> raise e >> libvirt.libvirtError: operation failed: domain 'debian-8-dvm' already >> exists with uuid 61320a0c2-1e2a-4bff-b064-29fe587619b8 >> >> Bernhard > Look here: > www.qubes-os.org/doc/remove-vm-manually > > That libvirt error sghows that you have a redundant entry in the db, > which you need to remove. > Then try creating the dvmTemplate again. Remember, no sudo! Hello Unman, I looked at your link. |1) rm -rf is done. 2) qvm-remove --just-db debian-8-dvm says "there is no VM with this name.." (and he's right!) 3) in|||~/.local/share/applications/ there no thing such as |debian-8-dvm* There is debian-8-gnome-terminal.desktop debian-8-gpk-application.desktop and debian-8-qubes-appmenu-select.desktop I won't touch these, will I ?? Still, the error persists. Find finds no debian-8-dvm* file in /var ... I also find -type f -size -1M -exec grep -il debian-8-dvm \{} \; verifyied my /var: no debian-8-dvm string wheresoever. However, I found /etc/libvirt/libxl/debian-8-dvm.xml I moved it to |||/etc/libvirt/libxl/debian-8-dvm.xml|.old to see what happens, but the error persists still. Desparate ... any ideas? Bernhard | -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b8a22850-7557-666b-af3a-66115bb29322%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] removed qubes-core-dom0 by accident
> upgrading from 3.1 to 3.2 broke with several hundred dupe packages. > package-cleanup didn't work, so I had to remove dupes by hand one by one. > > clicking through many y/N questions, I inadvertently removed libxml dupe, > which in turn removed qubes-core-dom0, all templates, and borked my system. > > I'm hurting here. Is there any way to restore my Qubes to a working system? > > No backups. (of course.) > > Any suggestions for system recovery? > > Or at least recovering my data? I can only give some limited backup help (from memory, I did it some moment ago). Use a live linux WITH luks support (tails is great). Boot it (in tails activate root at startup!), open terminal, enter sudo su - to make it a root terminal. 0) with lsblk you should see your partitions & sizes. Normally it allows to guess which ones are the encrypted disks. The procedure I use is (before retyping any command, read the manpage top know / verify you do want you want to do). 1) cryptsetup luksOpen /dev/[dev-name] ALIAS typically cryptsetup luksOpen /dev/sda1 HDD and / or cryptsetup luksOpen /dev/sdb1 SDD 2) standard installs will use a "volume group". Before mounting you may need to activate it: vgchange -a y (a='available', y=yes=activate, n=no=deactivate) 3) mount them: mount /dev/mapper..[ qubes-volume-name ] /somepath 4) mount your recue disc as well. You may want to encrypt your backups : (a) generate a huge sparse filetruncate -s 200G backup.luks (b) lopsetup -d will give you a free loopback slot, like loop5 for example. (c) losetup backup.luks /dev/loop5 (d) cryptsetup luksFormat /dev/loop5 (e) cryptsetup luksOpen /dev/loop5 backup (f) |mkfs.ext2 /dev/mapper/backup (g) mkdir /backup && mount /dev/mapp/er/backup /backup ||Now you have /backup that can be written to. Content will be stored encrypted in your backup.luks file. | 5) data is in /var/lib/qubes/ But (here someone may expolain it to me at the same time): the appvms seem to be in files actually, with strange names, like qubes-0 qubes-1 or something of this type. I presume they are loop-mounted by qubes into their respective dirs at startup. If you want to fetch data selectively, I guess you have to do the same: lopsetup -d will give you a free loopback slot, like loop5 for example. losetup file /dev/loop5 will then generate a "device" /dev/loop5 that points to your file. Now mount /dev/loop5 /some-other-path allows to mount a filesystm inside a file. Then you may go to /some-other-path and grab data. when done, close your encrypted disks correctly cryptsetup luksClose ALIAS and shutdown live-linux samefor backup ! Good luck, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/63332bb7-d326-a715-15e1-84bb9adcec35%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Deleted Ferdora-23 template, killed sys-net and sys-firewall
On 02/22/2017 05:28 AM, opiyv...@gmail.com wrote: > I switched my appvms to the fedora-25 template but I forgot that sys-net and > sys-firewall were still on fedora-23, and then I deleted the fedora-23 > template. Sys-net and sys-firewall both say "error no such file or directory > '/var/lib/qubes/vm-templates/fedora-23/apps.templates'" when I try to start > them (after reboot) > Before rebooting the network still worked but I couldn't open the settings > thing to change the template vm for sys-net and sys-firewall > > How can I somehow reinstall the fedora-23 template or change the sys-net and > sys-firewall templates to fedora-25 or debian-8? > > Thanks > Hello I don't think it is necessary to reinstall fedora-23. You may change the sys-net and sys-firewall to fedora-25 (in qubes manager: right click -> "change VMsettings" and then look for the dropdown menu for templateVM) and the start them. If wireless should not be available immediately, you will have to use ethernet : it is good to know that any working template VM (fedora-X, debian-X) should bring up a sys-net that allows at least ethernet. Then you can install the hardware firmware needed (try 'sudo lspci' to find out the chipset you have, try 'sudo dnf search chipset-keyword' ). Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3a1af946-c5ba-26ce-90b6-941b35879cb8%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes r3.2 bricked
On 25/01/2017 22:37, Ángel wrote: > Bernhard wrote: >> Thank you Angel, for helping me. >> > You're welcome, Bernhard. > > >> and, as I said, nothing starts. I start thinking of a disaster-mode data >> recovery since I do not know how I could possibly unbrick a system that >> has no network anymore?! > That's just because most VMs depends on sys-net, and sys-net is not > available. Can you still edit them with Qubes VM Manager? The VMs should > at least start if you set their NetVM to none. Then you could create a > new sys-vm if it still doesn't get fixed. > > Best > Hello Angel, that worked. With "no net" I can start the VM's. That solves a big pb, I can now backup data :) Before this trick, only with dom0 I would not have been able to attach the usb anywhere :)) 1) So, may I ask you some hint how to generate a new sys-net, please? 2) Another approach is this one: I looked at the guest-sys-net.log I cannot retype everything, so I give some extracts. The F24 part starts with fsck (?!) .. and after some time FAILED to start File System Check on Root Device. At this point one service after the next is Stopped, the log ends with : "Welcome to emergency mode" So, maybe I can first fsck the stopped sys-net fs from within dom0 by hand? How could I do that? I guess I loop /var/lib/qubes/(??) and then fsck it? Thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cfd04e81-1334-638b-0865-678e5e349e52%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes r3.2 bricked
On 24/01/2017 23:30, Ángel wrote: > Bernhard wrote: >> Hello, I bricked my system a bit. Yesterady I decided to follow the >> ..onion update procedure. For dom0 all went well (after reading that I >> must change to whonix-net),but I had to modify the debian-8 and >> fedora-24 repo-files "by hand". No big deal. I could update f24 (this >> morning), but debian bugged a bit. Suddenly I thought that maybe I had >> to put netVM to whonix for the templateVM's as well. With a doubt on it >> I looked up what I did with f24 .. and there, by accident I let the >> dropdown box on "sys-net" instead on sys-firewall (or whonix-net). > I would expect that this would make you lose the firewall protection... > > >> Immediately sys-net derailed and lost network. > ...not sys-net to die. > > > Is any of your /var/lib/qubes/*/*/firewall.xml files 0-bytes? > (if so, delete it -so it gets replaced with default settings- and > restart) > Thank you Angel, for helping me. me@dom0 qubes]$find /var/lib/qubes -iname *.xml finds only some files qubes-*somedate* in backup two xml fies in updates and qubes.xml itself. When I run in me@dom0 qubes]$ dom0qvm-start [some appvm] I get some lines like File "/usr/bin/qvm-start, line 136 then 120 File "/usr/lib64/python2.7/../000QubesVM.py File "/usr/lib64/python2.7/../006QubesProxyVM.py qubes.qdb.Error: (2, 'No such file or directory') and, as I said, nothing starts. I start thinking of a disaster-mode data recovery since I do not know how I could possibly unbrick a system that has no network anymore?! I add some history: after having changed to the .onion repo's, the fedora24 system suggested 123(!) package updates (I agreed). That seemed a lot to me, since I check for updates every day. If I have to guess, it is there that it became a brick. Is it sure that the f24 on qubes-os.org and the onion repo are the same? Can I unroll the last update? Thank you for any hint or help Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e0562fc-916d-72aa-8aa2-656bd6428c63%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes r3.2 bricked
Hello, I bricked my system a bit. Yesterady I decided to follow the .onion update procedure. For dom0 all went well (after reading that I must change to whonix-net),but I had to modify the debian-8 and fedora-24 repo-files "by hand". No big deal. I could update f24 (this morning), but debian bugged a bit. Suddenly I thought that maybe I had to put netVM to whonix for the templateVM's as well. With a doubt on it I looked up what I did with f24 .. and there, by accident I let the dropdown box on "sys-net" instead on sys-firewall (or whonix-net). Immediately sys-net derailed and lost network. When I tried to switch the templateVM setting back to sys-firewall, I just got a error box saying "16". I decided to solve this with a clean reboot. This allowed to switch back the templateVM's back to net-firewall for both, debian and f24. But net-usb, net-sys and net-firewall (they all depend on f24) did not come up again. I thought that this will resolve with a second clean reboot. But nope. So, the state is that I cannot start any appVM (they close immediately), and I have no network. Worse: I have no idea how to fix it, so I ask you for help. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/668039ad-66f2-f575-6ecd-7154de5c701d%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] installing complete texlive in dom:work -- out of space
Hello again, let me precise my question : how do I move appvm's (sitting in a relatively small SSD on /var/lib/appvm/..) to the large and empty HDD ? That would solve a lot of "space" problems. Did I partition wrong?? I set up 32GiB SSD: 512M /bootand the rest / 450Gib HD:16G /swap and the rest/home Thank you, Bernhard > Hello, > > thank you for all help I got so far. The qubes adventure continues for > me :) I do need > > a rather complete texlive installation, and when doing this with dnf I > run out of space. > > Can someone give me a hint what to do? > > > Thanks, Bernhard > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2cb84b98-fc5d-4fa3-2b79-33180463f674%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] installing complete texlive in dom:work -- out of space
Hello, thank you for all help I got so far. The qubes adventure continues for me :) I do need a rather complete texlive installation, and when doing this with dnf I run out of space. Can someone give me a hint what to do? Thanks, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46994222-4438-948e-1df6-dcbcb138fc10%40web.de. For more options, visit https://groups.google.com/d/optout.