Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
On Mon, 2022-05-30 at 14:11 -0400, Demi Marie Obenour wrote: > On Sat, May 28, 2022 at 12:56:42PM +0200, Johannes Graumann wrote: > > On Tue, 2022-05-24 at 12:35 -0400, Demi Marie Obenour wrote: > > > On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing > > > List > > > wrote: > > > > https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable > > > > states: > > > > > To do this [make a particular application open everything in > > > > > a > > > > > disposable VM], enable a service named app-dispvm.X in that > > > > > qube, > > > > > where X is the application ID. > > > > > > > > and invokes `app-dispvm.thunderbird` as an example. > > > > > > > > How would you do that for an application installes and run > > > > through > > > > flatpak? > > > > > > Flatpak-installed applications still have an application ID, > > > which is > > > what gets passed to qubes.StartApp to launch the application. > > > > Thank you for your answer. Lengthy googling has dug up no answer to > > what an "application ID" actually is or how to look it up. Could > > you > > please help with that? Given a running program, how do I identify > > it? > > It is the name of the .desktop file the application has within the > VM. > For Flatpak apps, I believe it will always be the ID of the flatpak > (the > reverse-DNS name). Thank you. I did the following: 1) in `dom0`: > qvm-service task-privcom app-dispvm.org.gnome.Evolution on 2) restart task-privcom This does not work: neither *.pdf, nor *.jpeg, etc. get opened in a dispvm when opening (double clicking) from within Evolution ... Further pointers? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/02d56795d145cff5cea6a9a495ef4241b4a51266.camel%40graumannschaft.org.
Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
On Tue, 2022-05-24 at 12:35 -0400, Demi Marie Obenour wrote: > On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing List > wrote: > > https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable > > states: > > > To do this [make a particular application open everything in a > > > disposable VM], enable a service named app-dispvm.X in that > > > qube, > > > where X is the application ID. > > > > and invokes `app-dispvm.thunderbird` as an example. > > > > How would you do that for an application installes and run through > > flatpak? > > Flatpak-installed applications still have an application ID, which is > what gets passed to qubes.StartApp to launch the application. Thank you for your answer. Lengthy googling has dug up no answer to what an "application ID" actually is or how to look it up. Could you please help with that? Given a running program, how do I identify it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48af07c3fae3c96c5a012615641609946e29735e.camel%40graumannschaft.org.
Re: [qubes-users] Failing Salt code: out of ideas and wrong error
On Wed, 2022-05-25 at 15:08 +0100, 'unman' via qubes-users wrote:
> On Tue, May 24, 2022 at 11:54:27PM +0200, 'Johannes Graumann' via
> qubes-users wrote:
> > Can any one point me to why the following fails? I have been
> > banging my
> > head against this for a while ...
> >
> > --- SNIP ---
> > create bind dirs config file:
> > file.managed:
> > - name: /rw/config/qubes-bind-dirs.d/50_user.conf
> > - makedirs: True
> > - mode: 644
> > - dir_mode: 755
> >
> > {% set binddirs = ['/usr/local'] %}
> >
> > {% for binddir in binddirs %}
> > configure '{{ binddir }}' to be persistent:
> > file.replace:
> > - name: /rw/config/qubes-bind-dirs.d/50_user.conf
> > - pattern: "^binds+=( '{{ binddir }}' )$"
> > - repl: "binds+=( '{{ binddir }}' )"
> > - append_if_not_found: True
> > {% endfor %}
> > --- SNIP ---
> >
> > The corresponding error ("State 'create bind dirs config file' in
> > SLS
> > 'custom_dom0.sys-vpn-mpihlr_assert_vpn_setup' is not formed as a
> > list")
> > is a complete red herring, as the so called first part by itself
> > works
> > just fine and only fails when I add the latter (jinja) part ...
> >
> > How do I properly deal with the single quotes in `pattern` and
> > `repl`?
> >
> > Thanks for any pointers.
> >
> > Sincerely, Joh
> >
> >
>
> Hi Joh
>
> Change the closing tag on the for statement to "-%}"
> This is, I think, salt specific - according to the jinja specs it
> will remove whitespace
> Your use of single quotes in pattern and repl will be fine.
>
> A simpler (and lazier) formulation would use file.append:
>
> {% for binddir in binddirs %}
> configure '{{ binddir }}' to be persistent:
> file.append:
> - name: /rw/config/qubes-bind-dirs.d/50_user.conf
> - text: "binds+=( '{{ binddir }}' )"
> - makedirs: True
> {% endfor %}
>
> You can drop the explicit file.managed in this case.
>
> unman
Thank you so much! Addition of the darn `-` made my problem disappear
... this one really had me pulling my hear out!
Sincerely, Joh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/63be168de19dca02f1e7760a318f6caff6fdf2ca.camel%40graumannschaft.org.
[qubes-users] Failing Salt code: out of ideas and wrong error
Can any one point me to why the following fails? I have been banging my
head against this for a while ...
--- SNIP ---
create bind dirs config file:
file.managed:
- name: /rw/config/qubes-bind-dirs.d/50_user.conf
- makedirs: True
- mode: 644
- dir_mode: 755
{% set binddirs = ['/usr/local'] %}
{% for binddir in binddirs %}
configure '{{ binddir }}' to be persistent:
file.replace:
- name: /rw/config/qubes-bind-dirs.d/50_user.conf
- pattern: "^binds+=( '{{ binddir }}' )$"
- repl: "binds+=( '{{ binddir }}' )"
- append_if_not_found: True
{% endfor %}
--- SNIP ---
The corresponding error ("State 'create bind dirs config file' in SLS
'custom_dom0.sys-vpn-mpihlr_assert_vpn_setup' is not formed as a list")
is a complete red herring, as the so called first part by itself works
just fine and only fails when I add the latter (jinja) part ...
How do I properly deal with the single quotes in `pattern` and `repl`?
Thanks for any pointers.
Sincerely, Joh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/eb5ea5103d373739332790182caa3cec24049cdf.camel%40graumannschaft.org.
[qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable states: > To do this [make a particular application open everything in a > disposable VM], enable a service named app-dispvm.X in that qube, > where X is the application ID. and invokes `app-dispvm.thunderbird` as an example. How would you do that for an application installes and run through flatpak? Thanks for any pointers. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a5cb7e4937d4dc24f095a9fa263c773e8f0e447.camel%40graumannschaft.org.
Re: [qubes-users] Circumventing autostart of apps when updating the appVM by `salt`?
On Thu, 2022-05-12 at 06:27 -0400, Demi Marie Obenour wrote: > On Thu, May 12, 2022 at 11:26:53AM +0200, Qubes OS Users Mailing List > wrote: > > I have a setup with appVMs that are configured to autostart a > > subset of > > apps when they get fired up - one example is `app-privcom` that > > runs > > `evolution`, `signal-desktop` (from a user level installed flatpak > > just > > in that VM) and `liferea` (also a flatpak) when coming online. > > > > Given the user-level flatpaked nature of some of the apps, the > > appVMs > > themselves have to be maintained (`flatpak update` etc.), which I > > do > > using `salt`. > > > > As a side effect of the convenient autostarting this results in > > apps > > popping up left and right when my fleet of appVMs is being updated > > by > > `salt` - which is a nuisance. > > > > Can anyone think of a way to circumvent app autostart in the > > context of > > firing up the the appVMs via `salt`? > > I don’t think this is possible right now. This would require that > the > VM know that it is being started via Salt, which it currently does > not. > Feel free to submit an enhancement request on GitHub. > Just thinking out loud here: traditional run level trickery in the context of starting a VM is that something feasible? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4416e16d2482f9871a05b00ffab0fa91e1c286ee.camel%40graumannschaft.org.
[qubes-users] Circumventing autostart of apps when updating the appVM by `salt`?
I have a setup with appVMs that are configured to autostart a subset of apps when they get fired up - one example is `app-privcom` that runs `evolution`, `signal-desktop` (from a user level installed flatpak just in that VM) and `liferea` (also a flatpak) when coming online. Given the user-level flatpaked nature of some of the apps, the appVMs themselves have to be maintained (`flatpak update` etc.), which I do using `salt`. As a side effect of the convenient autostarting this results in apps popping up left and right when my fleet of appVMs is being updated by `salt` - which is a nuisance. Can anyone think of a way to circumvent app autostart in the context of firing up the the appVMs via `salt`? Thank you for any pointers. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6acf1992de8c3c6028b8d39fa205d34b5c859558.camel%40graumannschaft.org.
Re: [qubes-users] Salt: Jinja Error in templates but NOT dom0!?
> On 03.05.2022 11:32 Frédéric Pierret wrote:
>
>
> Hello,
>
> Just writing what I'm thinking (not Salt expert at all!), you are probably
> missing default value in the .get(): .get('kernelrelease', SOMETHING_DEFAULT)
>
> Le 5/3/22 à 11:01, 'Johannes Graumann' via qubes-users a écrit :
> > I have the following `*.sls` in my `salt`setup:
> >
> > {% if salt['pkg.version_cmp'](salt['grains'].get('kernelrealease'), '5.12')
> > < 0 %}
> > move broken AX260 wifi blob out of the way:
> > file.rename:
> > - name: /usr/lib/firmware/iwlwifi-ty-a0-gf-ao.pnvm.xz.bak
> > - source: /usr/lib/firmware/iwlwifi-ty-a0-gf-ao.pnvm.xz
> > - force: True
> > - runas: root
> > {% endif %}
> >
> > This is supposed to automate moving `linux` firmware out of the way that
> > interferes with my wifi card's operation under certain non-cutting edge
> > kernel versions (as present in `QubesOS`).
> >
> > I can run this `*.sls`fine on `dom0` (where it doesn't make much sense,
> > respectively the change isn't necessary), but if I target the templates
> > (and particularly the one `sys-net` is based on), `salt` balks on the first
> > line. There's a lot of traceback, but the most readable message appears to
> > be along the lines of
> >
> > `Jinja error: get() missing 1 required positional argument: 'default'`
> >
> > Does anyone have any pointers as to what may be going on here, how to
> > better debug (error output from `dom0`--> Email VM?) and how to fix?
Hm. But why does it then work in `dom0`?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1628232447.48155.1651585502717%40office.mailbox.org.
[qubes-users] Salt: Jinja Error in templates but NOT dom0!?
I have the following `*.sls` in my `salt`setup:
{% if salt['pkg.version_cmp'](salt['grains'].get('kernelrealease'),
'5.12') < 0 %}
move broken AX260 wifi blob out of the way:
file.rename:
- name: /usr/lib/firmware/iwlwifi-ty-a0-gf-ao.pnvm.xz.bak
- source: /usr/lib/firmware/iwlwifi-ty-a0-gf-ao.pnvm.xz
- force: True
- runas: root
{% endif %}
This is supposed to automate moving `linux` firmware out of the way
that interferes with my wifi card's operation under certain non-cutting
edge kernel versions (as present in `QubesOS`).
I can run this `*.sls`fine on `dom0` (where it doesn't make much sense,
respectively the change isn't necessary), but if I target the templates
(and particularly the one `sys-net` is based on), `salt` balks on the
first line. There's a lot of traceback, but the most readable message
appears to be along the lines of
`Jinja error: get() missing 1 required positional argument: 'default'`
Does anyone have any pointers as to what may be going on here, how to
better debug (error output from `dom0`--> Email VM?) and how to fix?
Thanks in advance.
Joh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/bacd7404b94bcdc63fddb4ac8193ecc4f6ab76a2.camel%40graumannschaft.org.
Re: [qubes-users] Where to configure target dir of `qvm-move`/`qvm-copy` (`/home/user/QubesIncomming`)?
On Tue, 2022-04-12 at 15:10 +0200, Johannes Graumann wrote: > On Fri, 2022-04-08 at 04:45 +0200, airelemental via qubes-users > wrote: > > > > > > > See subject line - I'd like to remap the `/home/user` bit to > > > `/tmp` > > > to > > > enforce cleanup ... > > > > > > Thanks for any pointers. > > > > > > Joh > > > > > In /rw/config/rc.local, you can create /tmp/QubesIncoming. Then > > replace ~/QubesIncoming with a symlink to /tmp/QubesIncoming > > > > Good strategy, I'll try that. Thank you. This *.sls works nicely: ``` configure `rc.local` to remove any present `QubesIncoming`: file.replace: - name: /rw/config/rc.local - pattern: '^rm -rf /home/user/QubesIncoming$' - repl: 'rm -rf /home/user/QubesIncoming' - append_if_not_found: True configure `rc.local` to create `/tmp/QubesIncoming`: file.replace: - name: /rw/config/rc.local - pattern: '^install -d -o user -g user -m 770 /tmp/QubesIncoming$' - repl: 'install -d -o user -g user -m 770 /tmp/QubesIncoming' - append_if_not_found: True configure `rc.local` to link `/tmp/QubesIncoming` to $HOME: file.replace: - name: /rw/config/rc.local - pattern: '^ln -s /tmp/QubesIncoming /home/user/QubesIncoming$' - repl: 'ln -s /tmp/QubesIncoming /home/user/QubesIncoming' - append_if_not_found: True configure `rc.local` to properly chown the link: file.replace: - name: /rw/config/rc.local - pattern: '^chown -h user:user /home/user/QubesIncoming$' - repl: 'chown -h user:user /home/user/QubesIncoming' - append_if_not_found: True ``` It generates this code block in `/rw/config/rc.local`: ``` rm -rf /home/user/QubesIncoming install -d -o user -g user -m 770 /tmp/QubesIncoming ln -s /tmp/QubesIncoming /home/user/QubesIncoming chown -h user:user /home/user/QubesIncoming ``` -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5eb5fde15cdb7b2923dcf6012a356ad7024db543.camel%40graumannschaft.org.
Re: [qubes-users] Where to configure target dir of `qvm-move`/`qvm-copy` (`/home/user/QubesIncomming`)?
On Fri, 2022-04-08 at 04:45 +0200, airelemental via qubes-users wrote: > > > > See subject line - I'd like to remap the `/home/user` bit to `/tmp` > > to > > enforce cleanup ... > > > > Thanks for any pointers. > > > > Joh > > > In /rw/config/rc.local, you can create /tmp/QubesIncoming. Then > replace ~/QubesIncoming with a symlink to /tmp/QubesIncoming > Good strategy, I'll try that. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f9a1951f3f43b1025f8ba99b703a4b5d37caecf7.camel%40graumannschaft.org.
Re: [qubes-users] Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates
On Tue, 2022-04-05 at 19:39 +0200, 'Johannes Graumann' via qubes-users wrote: > On Tue, 2022-04-05 at 19:37 +0200, David Hobach wrote: > > And the last time I tried Citrix on Qubes, I just installed it to > > the > > home directory (there was a tarball for download IIRC). > This is really exciting ... will try this ... the rpm puts it into > `/opt` ... would remove the need for a dedicated template. > > Thanks! > You did not, perchance, find a way to run the darn `setupwfc` script without user interaction/using the defaults? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2d0adadd0599f82845c8ede6a0da7a43562125d.camel%40graumannschaft.org.
Re: [qubes-users] Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates
On Tue, 2022-04-05 at 20:16 +0200, David Hobach wrote: > > A related question: howto transfer a binary file (like the citrix > > tarball) to dom0 for integration into the salt setup? > > > > the `qvm-run` and `cat`-based version in the docs does not work in > > this > > case. > > Just pack it into one *.tar.gz and then use the qvm-run cat commands > to transfer it from the source VM to dom0. It works with any file, > just not with directories - so you need to pack those. > Was trying that but forgetting the VM of origin ... PEBKAC. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43889dac8ab05e84701c2a533d63d8af5db66229.camel%40graumannschaft.org.
Re: [qubes-users] Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates
On Tue, 2022-04-05 at 19:39 +0200, 'Johannes Graumann' via qubes-users wrote: > On Tue, 2022-04-05 at 19:37 +0200, David Hobach wrote: > > And the last time I tried Citrix on Qubes, I just installed it to > > the > > home directory (there was a tarball for download IIRC). > This is really exciting ... will try this ... the rpm puts it into > `/opt` ... would remove the need for a dedicated template. > > Thanks! > A related question: howto transfer a binary file (like the citrix tarball) to dom0 for integration into the salt setup? the `qvm-run` and `cat`-based version in the docs does not work in this case. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/71aab136097a3ff78d7af4752048c3aee2189826.camel%40graumannschaft.org.
Re: [qubes-users] Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates
On Tue, 2022-04-05 at 19:37 +0200, David Hobach wrote: > And the last time I tried Citrix on Qubes, I just installed it to the > home directory (there was a tarball for download IIRC). This is really exciting ... will try this ... the rpm puts it into `/opt` ... would remove the need for a dedicated template. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ae33da48ab6b07da4b4a68c3583704f2b13a3c76.camel%40graumannschaft.org.
[qubes-users] Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates
Hi, I'm maintaining my setup using salt. For work I need to use proprietary software (citrix client) - a picture perfect use case for a dedicated template/app vm combo (sadly there isn't a flatpak, which via user space-installation would allow me to bypass the dedicated template). Citrix now is playing nasty: https://www.citrix.com/de-de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html has *.debs, *.rpms and tarballs ready for download, but some java script magic adds individualized tokens to the download links, to prevent straight linking to the resources. Some nice person has figured out how to circumvent that using bash scripting in the AUR of ArchLinux (https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=icaclient) and I used that to build a shell script that will deliver a currently valid download link, which I was thinking to use via `cmd.script` in salt. However, I now realize that a proper Qubes template does not have standard internet access even when being updated, so that route is barred. How would you go about this? Just manual downloading the rpm and installing it into the template does the trick, but I'd vastly prefer a salty solution. Thanks for reading this far and thank you for any hints. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c26f3d6fc7c11cf84606d8d8a3d6c0bb2f98ea2.camel%40graumannschaft.org.
[qubes-users] Where to configure target dir of `qvm-move`/`qvm-copy` (`/home/user/QubesIncomming`)?
See subject line - I'd like to remap the `/home/user` bit to `/tmp` to enforce cleanup ... Thanks for any pointers. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8187b18a7546f77083fa3ff0f1938d872288c169.camel%40graumannschaft.org.
Re: [qubes-users] Qubes 4.1 on ThinkPad P15 Gen 2: Does not see ThinkPad USB-C Dock Gen. 2
> On 28.03.2022 15:06 'Johannes Graumann' via qubes-users > wrote: > > > > Please see subject line. The corresponding port on the ThnikPad and the cable > used are OK, as I can use them to hook up a USB keyboard, which is recognized > by my `sys-usb` VM and usable upon attaching it to a VM. > It's also not the dock itself, as I have tried with an identical model that > works for a colleague. > > Any advise is highly appreciated. Howto remedy? How to debug? > > Thanks for any insight. Please forget about this. PEBKAC. I was using the > wrong USB-C Port on the dock ... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1432683097.2356.1648476646118%40office.mailbox.org.
[qubes-users] Qubes 4.1 on ThinkPad P15 Gen 2: Does not see ThinkPad USB-C Dock Gen. 2
Please see subject line. The corresponding port on the ThnikPad and the cable used are OK, as I can use them to hook up a USB keyboard, which is recognized by my `sys-usb` VM and usable upon attaching it to a VM. It's also not the dock itself, as I have tried with an identical model that works for a colleague. Any advise is highly appreciated. Howto remedy? How to debug? Thanks for any insight. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2020826114.951546.1648472813699%40office.mailbox.org.
Re: [qubes-users] gnome flatpaks in VMs incompatible with nvidia/nouveau in dom0?
> On 26.03.2022 22:09 'Johannes Graumann' via qubes-users > wrote: > > > Hello, > > I recently switched my laptop/dom0 installation from the intel to the > nvidia/nouveau graphics card included. > > I have been running task/app dedicated VMs without having to install all > software into the corresponding minimal templates by augmenting them with > user-level flatpaks. > > For gnome apps (evolution from flathub in particular) this has broken through > the switch to nvidia/nouveau - see this: > https://discourse.flathub.org/t/after-transition-to-nvidia-card-nouveau-fedora-34-flatpak-evolution-fails-to-display-messages-with-webkit-error/2375 > > All I can find online is how to fix such problems by installing the > org.freedesktop.GL.mvidia* package that correspond to the driver running on > the host system, but I find NOTHING on how to deal with this when using > nouveau drivers. > > Does anybody have any insight into this? > The evolution/flathub folks sent me on to Webkit itself (https://bugs.webkit.org/show_bug.cgi?id=238445), but THANKS to QubesOS' infrastructure I solved the problem for now: moved from `fedora-34` to `debian-11` as the base distribution for the underlying template/image et voila - problem magically goes away. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/569513822.936906.1648466422819%40office.mailbox.org.
[qubes-users] gnome flatpaks in VMs incompatible with nvidia/nouveau in dom0?
Hello, I recently switched my laptop/dom0 installation from the intel to the nvidia/nouveau graphics card included. I have been running task/app dedicated VMs without having to install all software into the corresponding minimal templates by augmenting them with user-level flatpaks. For gnome apps (evolution from flathub in particular) this has broken through the switch to nvidia/nouveau - see this: https://discourse.flathub.org/t/after-transition-to-nvidia-card-nouveau-fedora-34-flatpak-evolution-fails-to-display-messages-with-webkit-error/2375 All I can find online is how to fix such problems by installing the org.freedesktop.GL.mvidia* package that correspond to the driver running on the host system, but I find NOTHING on how to deal with this when using nouveau drivers. Does anybody have any insight into this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1730316272.793845.1648328970885%40office.mailbox.org.
Re: [qubes-users] Qubes 4.1 & ThinkPad P15 Gen 2 (type 20YQ): Help in Remedying Reduced Functionality?
> On Thu, Mar 24, 2022 at 02:38:16PM +0100, 'Johannes Graumann' via qubes-users > wrote: > > > On 24.03.2022 13:39 'Johannes Graumann' via qubes-users > > > wrote: > > > > > > > > > > > > > > > > On 24.03.2022 12:16 'Johannes Graumann' via qubes-users > > > > wrote: > > > > ... > > > > As the laptop's HDMI port also does not work (likely due to being > > > > hardwired to the NVDIA card), I currently have no means of setting up > > > > multiple screens. > > > > > > > > I want to use Qubes and this machine as my daily driver and non > > > > functioning dock as well as the lack of a multiple screen options are > > > > show stoppers for this. > > > > The latter is possibly fixable through NVIDIA support in `dom0` and > > > > that's what I'm working on next, but I would highly appreciate any hint > > > > on how to get the dock working. > > > > > > > Installing `kernel-latest` in `dom0` (which currently brings in 5.16) and > > > setting graphics to `discrete` in the BIOS renders the on board HDMI port > > > active. `Hybrid` graphics settings results in a black screen when the > > > display manager comes up. > > > > > > Still having issues with the screens only being shown mirrored, but I'm > > > getting somewhere. > > > > > To get the multiscreen setup to behave properly, I had to switch of the > > compositor: > > > > ` Q → System Tools → Window Manager Tweaks → Compositor → uncheck “Enable > > display compositing” ` > > Does unchecking the “Mirror displays” option (in Q → System Tools → > Display) also work? If not, that’s a bug; please report it. If so, > that’s a user experience problem and should also be reported. No it doesn't. See https://github.com/QubesOS/qubes-issues/issues/7373. Does this serve? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1572862280.699361.1648134085804%40office.mailbox.org.
Re: [qubes-users] Qubes 4.1 & ThinkPad P15 Gen 2 (type 20YQ): Help in Remedying Reduced Functionality?
> On 24.03.2022 13:39 'Johannes Graumann' via qubes-users > wrote: > > > > > > On 24.03.2022 12:16 'Johannes Graumann' via qubes-users > > wrote: > > ... > > As the laptop's HDMI port also does not work (likely due to being hardwired > > to the NVDIA card), I currently have no means of setting up multiple > > screens. > > > > I want to use Qubes and this machine as my daily driver and non functioning > > dock as well as the lack of a multiple screen options are show stoppers for > > this. > > The latter is possibly fixable through NVIDIA support in `dom0` and that's > > what I'm working on next, but I would highly appreciate any hint on how to > > get the dock working. > > > Installing `kernel-latest` in `dom0` (which currently brings in 5.16) and > setting graphics to `discrete` in the BIOS renders the on board HDMI port > active. `Hybrid` graphics settings results in a black screen when the display > manager comes up. > > Still having issues with the screens only being shown mirrored, but I'm > getting somewhere. > To get the multiscreen setup to behave properly, I had to switch of the compositor: ` Q → System Tools → Window Manager Tweaks → Compositor → uncheck “Enable display compositing” ` -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1225995367.688364.1648129096849%40office.mailbox.org.
Re: [qubes-users] Qubes 4.1 & ThinkPad P15 Gen 2 (type 20YQ): Help in Remedying Reduced Functionality?
> On 24.03.2022 12:16 'Johannes Graumann' via qubes-users > wrote: > ... > As the laptop's HDMI port also does not work (likely due to being hardwired > to the NVDIA card), I currently have no means of setting up multiple screens. > > I want to use Qubes and this machine as my daily driver and non functioning > dock as well as the lack of a multiple screen options are show stoppers for > this. > The latter is possibly fixable through NVIDIA support in `dom0` and that's > what I'm working on next, but I would highly appreciate any hint on how to > get the dock working. > Installing `kernel-latest` in `dom0` (which currently brings in 5.16) and setting graphics to `discrete` in the BIOS renders the on board HDMI port active. `Hybrid` graphics settings results in a black screen when the display manager comes up. Still having issues with the screens only being shown mirrored, but I'm getting somewhere. No luck whatsoever with the USB-C dock. Pointers highly appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1060685086.680565.1648125567239%40office.mailbox.org.
[qubes-users] Qubes 4.1 & ThinkPad P15 Gen 2 (type 20YQ): Help in Remedying Reduced Functionality?
Hi, I got a new ThinkPad P15 Gen 2: 1x 11th Generation Intel® Core™ i7-11800H Processor(Core™ i7-11800H) 1x Bluetooth® 5.0 or above; Intel® Wi-Fi 6E AX210 2x2 AX 1x Ethernet; Combo audio/microphone jack; HDMI 2.0; 1 Power button; 2x TBT (DP 1.4 USB 3.2 Gen2); 2 USB 3.2 Gen 2 (Type A); SIM Card (Nano SIM) 1x 720P HD with Dual Array Microphone & ThinkShutter 1x NVIDIA RTX A2000 4GB As with a similar (even beefier) model https://www.qubes-os.org/hcl/#lenovo_thinkpad-p15-gen2-20yq004fus_i9-11950h_tiger-lake_integrated-graphics-uhd-rtx-a4000-mobile most things appear to work. I had to disable Bluetooth in the BIOS, the system will only boot with hybrid and not discrete graphics, and WiFi required the fixed mentioned in above HCL entry. Various reports seem to indicated, that USB-C docking stations have been found working (with reduced speed?) but I do not seem to be able to get the ThinkPad USB-C Dock Gen2 to jive with the system: neither web nor external screens work. Plugging it in does not do anything to `udevadmin` in either `dom0` nor `sys-usb`. As the laptop's HDMI port also does not work (likely due to being hardwired to the NVDIA card), I currently have no means of setting up multiple screens. I want to use Qubes and this machine as my daily driver and non functioning dock as well as the lack of a multiple screen options are show stoppers for this. The latter is possibly fixable through NVIDIA support in `dom0` and that's what I'm working on next, but I would highly appreciate any hint on how to get the dock working. Thank you for your consideration and any hints. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/373103948.669794.1648120563141%40office.mailbox.org.
Re: [qubes-users] Qubes 4.1: How to set private storage max size using SALT?
> On 24.03.2022 10:42 'Johannes Graumann' via qubes-users > wrote: > > > > On 24.03.2022 09:53 'Johannes Graumann' via qubes-users > > wrote: > > > > > > > On 22.03.2022 17:22 unman wrote: > > > > > > > > > You have to include a call to qvm-volume in your state file. > > > > > > 'qvm-volume extend QUBE:private 50G': > > > cmd.run > > > > Super! Thank you! > > Turns out, this does not generally work. The first time the command runs (and > , the target storage size is really bigger than what is set) > everything is fine, but as the shorthands like `G` do not reflect what's > really set (in bytes) under the hood such a statement fails on every further > run, as `qvm-volume` returns an error: `For your own safety, shrinking of > private is disabled ...` For me this works: set size manually for one VM, check the "real" byte level size using `qvm-volume i QUBE:private` and use the "real" full number rather than the `G`-shorthand ... inconvenient. If `qvm-volume` allows to set using shorthands, it also should take care of using that info when checking. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/920091549.657939.1648115740297%40office.mailbox.org.
Re: [qubes-users] Qubes 4.1: How to set private storage max size using SALT?
> On 24.03.2022 09:53 'Johannes Graumann' via qubes-users > wrote: > > > > On 22.03.2022 17:22 unman wrote: > > > > > > You have to include a call to qvm-volume in your state file. > > > > 'qvm-volume extend QUBE:private 50G': > > cmd.run > > Super! Thank you! Turns out, this does not generally work. The first time the command runs (and , the target storage size is really bigger than what is set) everything is fine, but as the shorthands like `G` do not reflect what's really set (in bytes) under the hood such a statement fails on every further run, as `qvm-volume` returns an error: `For your own safety, shrinking of private is disabled ...` -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/484006612.655686.1648114922617%40office.mailbox.org.
Re: [qubes-users] How to properly and entirely revert the GUI VM setup?
> On 19.03.2022 17:30 'awokd' via qubes-users > wrote: > > > 'Johannes Graumann' via qubes-users: > > Hello, > > > > I have been playing around with the GUI VM setup and it works on my machine > > (didn't manage to have network, but didn't look into that, see next), but > > the necessity to set a new password for user every time it is fired up > > renders it's use so impractical, I will refrain for now. > > > > The question then arises on how to roll its Deployment back. Do I just set > > the `salt` recipe to disable and delete the xfce template/vm? Or is there > > more to revert? > > Check out the bottom of > https://github.com/fepitre/qubes-doc/blob/guivm/user/advanced-topics/guivm.md > . Haven't done it myself, though. Thank you. Done. And all corresponding VMs/images deleted. BUT: The GUI vm remains as an option on the login screen (along with xfce) ... I'm now wondering whether that's the only stale remnant on the system ... Thanks for further hints. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1163699031.649392.1648112191852%40office.mailbox.org.
Re: [qubes-users] Qubes 4.1: How to set private storage max size using SALT?
> On 22.03.2022 17:22 unman wrote: > > > You have to include a call to qvm-volume in your state file. > > 'qvm-volume extend QUBE:private 50G': > cmd.run Super! Thank you! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/100043.648953.1648112003518%40office.mailbox.org.
[qubes-users] Qubes 4.1: How to set private storage max size using SALT?
Hi, Please see subject line ;) Thanks for any pointers. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1457529299.342716.1647883304344%40office.mailbox.org.
[qubes-users] How to properly and entirely revert the GUI VM setup?
Hello, I have been playing around with the GUI VM setup and it works on my machine (didn't manage to have network, but didn't look into that, see next), but the necessity to set a new password for user every time it is fired up renders it's use so impractical, I will refrain for now. The question then arises on how to roll its Deployment back. Do I just set the `salt` recipe to disable and delete the xfce template/vm? Or is there more to revert? Thank you for any pointers. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1327208772.353669.1647343392596%40office.mailbox.org.
[qubes-users] modeles & firmware packages for the kernel-latest packages?
Hi, The wireless card in my new machine (AX260) is reported to only start working with kernel 5.12, which means the stable kernel is not enough, but the kernel-latest package (now 5.16 in security-testing) should be fine. I am wondering though where to get the appropriate firmware and modules packages from ... they appear to be only available for 5.11 in security-testing. When I tried kernel-latest yesterday (it was still 5.15), booting worked just fine until the login manager GUI was supposed to come up and than the machine blacked out, which I assum to mean missing modules? Thank you for any advise in this matter. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/642484360.96161.1647017866427%40office.mailbox.org.
Re: [qubes-users] USB Keyboard support for whonix-ws-15 based disp vms?
On Thu, 2020-07-30 at 22:19 +0200, Johannes Graumann wrote: > On Thu, 2020-07-30 at 21:57 +0200, Qubes wrote: > > On 7/30/20 9:50 PM, Johannes Graumann wrote: > > > On Thu, 2020-07-30 at 21:48 +0200, Qubes wrote: > > > > On 7/30/20 9:42 PM, Johannes Graumann wrote: > > > > > On Thu, 2020-07-30 at 17:36 +0200, Qubes wrote: > > > > > > On 7/30/20 4:33 PM, Johannes Graumann wrote: > > > > > > > Hi, > > > > > > > > > > > > > > I'm fond of using torbrowser in a whonix-ws-15 based sip > > > > > > > VM > > > > > > > for > > > > > > > all > > > > > > > browsing that possibly works. > > > > > > > > > > > > > > In parallel I manage all authentication using a > > > > > > > Mooltipass > > > > > > > device > > > > > > > for > > > > > > > the storage of random long passwords - this little > > > > > > > machine > > > > > > > mimics a > > > > > > > USB > > > > > > > keyboard. > > > > > > > > > > > > > > Out of the box I am unable to use the Mooltipass device > > > > > > > in > > > > > > > dips > > > > > > > VMs > > > > > > > based on whonix-ws-15 - why is that and how do I change > > > > > > > it? > > > > > > > > > > > > > > Thanks for any hint. > > > > > > > > > > > > > > Sincerely, Joh > > > > > > > > > > > > > After your disposable VM has started you need to pass the > > > > > > USB > > > > > > device > > > > > > to > > > > > > the VM using the tray icon bottom right (or top right > > > > > > depending > > > > > > on > > > > > > the > > > > > > panel's orientation). > > > > > > > > > > I know about that. Thank you. Passing the device to the > > > > > dispvm > > > > > works > > > > > just fine, but the device does not work as intended. > > > > > > > > > > > > > > You say that out of the box it will not work with whonix-ws-15, > > > > does > > > > it > > > > work with other VMs? > > > > > > fedora-31-dvm disposable vms work just fine as do other fedora-31 > > > template based ones as well as debian-10 vms. > > > > > > > > I may just be shooting into the wind here but my suspicion is that > > the > > whonix-ws-15 template does not ship with all of the necessary > > Qubes > > packages for Qubes functions to work as expected. > > > > Like in the case of minimal templates, > > https://www.qubes-os.org/doc/templates/minimal/, you have to > > install > > packages according to your needs for specific functions and or > > functionality. I don't think the whonix-ws-15 template necessarily > > has > > what you need for USB device passthrough to work properly. > > I actually already hat a (quick) look at that page, but understood > that > the only USB-centric package listed is needed only if the template is > to be used for sys-usb. Am I wrong? I just checked, and the whonix-ws-15 template out of the box has qubes- usb-proxy installed - so missing that is not my problem. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/044c64a1cc3a263ea887dbc16f28dbf6e7172782.camel%40graumannschaft.org.
Re: [qubes-users] USB Keyboard support for whonix-ws-15 based disp vms?
On Thu, 2020-07-30 at 21:57 +0200, Qubes wrote: > On 7/30/20 9:50 PM, Johannes Graumann wrote: > > On Thu, 2020-07-30 at 21:48 +0200, Qubes wrote: > > > On 7/30/20 9:42 PM, Johannes Graumann wrote: > > > > On Thu, 2020-07-30 at 17:36 +0200, Qubes wrote: > > > > > On 7/30/20 4:33 PM, Johannes Graumann wrote: > > > > > > Hi, > > > > > > > > > > > > I'm fond of using torbrowser in a whonix-ws-15 based sip VM > > > > > > for > > > > > > all > > > > > > browsing that possibly works. > > > > > > > > > > > > In parallel I manage all authentication using a Mooltipass > > > > > > device > > > > > > for > > > > > > the storage of random long passwords - this little machine > > > > > > mimics a > > > > > > USB > > > > > > keyboard. > > > > > > > > > > > > Out of the box I am unable to use the Mooltipass device in > > > > > > dips > > > > > > VMs > > > > > > based on whonix-ws-15 - why is that and how do I change it? > > > > > > > > > > > > Thanks for any hint. > > > > > > > > > > > > Sincerely, Joh > > > > > > > > > > > After your disposable VM has started you need to pass the USB > > > > > device > > > > > to > > > > > the VM using the tray icon bottom right (or top right > > > > > depending > > > > > on > > > > > the > > > > > panel's orientation). > > > > > > > > I know about that. Thank you. Passing the device to the dispvm > > > > works > > > > just fine, but the device does not work as intended. > > > > > > > > > > > You say that out of the box it will not work with whonix-ws-15, > > > does > > > it > > > work with other VMs? > > > > fedora-31-dvm disposable vms work just fine as do other fedora-31 > > template based ones as well as debian-10 vms. > > > > > I may just be shooting into the wind here but my suspicion is that > the > whonix-ws-15 template does not ship with all of the necessary Qubes > packages for Qubes functions to work as expected. > > Like in the case of minimal templates, > https://www.qubes-os.org/doc/templates/minimal/, you have to install > packages according to your needs for specific functions and or > functionality. I don't think the whonix-ws-15 template necessarily > has > what you need for USB device passthrough to work properly. I actually already hat a (quick) look at that page, but understood that the only USB-centric package listed is needed only if the template is to be used for sys-usb. Am I wrong? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53ef4170ddb168af7dd6dba3339bd7f5b912c078.camel%40graumannschaft.org.
Re: [qubes-users] USB Keyboard support for whonix-ws-15 based disp vms?
On Thu, 2020-07-30 at 21:48 +0200, Qubes wrote: > On 7/30/20 9:42 PM, Johannes Graumann wrote: > > On Thu, 2020-07-30 at 17:36 +0200, Qubes wrote: > > > On 7/30/20 4:33 PM, Johannes Graumann wrote: > > > > Hi, > > > > > > > > I'm fond of using torbrowser in a whonix-ws-15 based sip VM for > > > > all > > > > browsing that possibly works. > > > > > > > > In parallel I manage all authentication using a Mooltipass > > > > device > > > > for > > > > the storage of random long passwords - this little machine > > > > mimics a > > > > USB > > > > keyboard. > > > > > > > > Out of the box I am unable to use the Mooltipass device in dips > > > > VMs > > > > based on whonix-ws-15 - why is that and how do I change it? > > > > > > > > Thanks for any hint. > > > > > > > > Sincerely, Joh > > > > > > > After your disposable VM has started you need to pass the USB > > > device > > > to > > > the VM using the tray icon bottom right (or top right depending > > > on > > > the > > > panel's orientation). > > > > I know about that. Thank you. Passing the device to the dispvm > > works > > just fine, but the device does not work as intended. > > > > > You say that out of the box it will not work with whonix-ws-15, does > it > work with other VMs? fedora-31-dvm disposable vms work just fine as do other fedora-31 template based ones as well as debian-10 vms. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e277e98ad9abc4e94391d6ed3aea9d65d1d557bb.camel%40graumannschaft.org.
Re: [qubes-users] USB Keyboard support for whonix-ws-15 based disp vms?
On Thu, 2020-07-30 at 17:36 +0200, Qubes wrote: > On 7/30/20 4:33 PM, Johannes Graumann wrote: > > Hi, > > > > I'm fond of using torbrowser in a whonix-ws-15 based sip VM for all > > browsing that possibly works. > > > > In parallel I manage all authentication using a Mooltipass device > > for > > the storage of random long passwords - this little machine mimics a > > USB > > keyboard. > > > > Out of the box I am unable to use the Mooltipass device in dips VMs > > based on whonix-ws-15 - why is that and how do I change it? > > > > Thanks for any hint. > > > > Sincerely, Joh > > > After your disposable VM has started you need to pass the USB device > to > the VM using the tray icon bottom right (or top right depending on > the > panel's orientation). I know about that. Thank you. Passing the device to the dispvm works just fine, but the device does not work as intended. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67b6b4707fdaaf84e44e3ec27ba4ec1d3af706dd.camel%40graumannschaft.org.
[qubes-users] USB Keyboard support for whonix-ws-15 based disp vms?
Hi, I'm fond of using torbrowser in a whonix-ws-15 based sip VM for all browsing that possibly works. In parallel I manage all authentication using a Mooltipass device for the storage of random long passwords - this little machine mimics a USB keyboard. Out of the box I am unable to use the Mooltipass device in dips VMs based on whonix-ws-15 - why is that and how do I change it? Thanks for any hint. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4958425e5a05ead89e39914add3dcb321ea3789.camel%40graumannschaft.org.
Re: [qubes-users] How to check (in BASH and dom0) whether a appVM exists?
On 2020-05-19 10:46, Frédéric Pierret wrote: There is a tool for checking state of VMs: [userdom0 ~]$ qvm-check toto usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE] [--running] [--paused] [--template] [--networked] [VMNAME [VMNAME ...]] qvm-check: error: no such domain: 'toto' [user@dom0 ~]$ echo $? 2 [user@dom0 ~]$ qvm-check sys-net qvm-check: sys-net: exists [user@dom0 ~]$ echo $? 0 Best, Frédéric On 2020-05-19 10:35, Christophe wrote: qvm-ls|grep yourvmname On 20/05/19 10:32AM, Johannes Graumann wrote: Hello, See subject line ;) Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74dcf0a303aa9afb95809626034f7e1e%40graumannschaft.org. Ha - even better ... sorry, saw this late. Thanks! Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f6c7d33dfa8a2dc7a58dde647641609%40graumannschaft.org.
Re: [qubes-users] How to check (in BASH and dom0) whether a appVM exists?
On 2020-05-19 10:35, Christophe wrote: qvm-ls|grep yourvmname On 20/05/19 10:32AM, Johannes Graumann wrote: Hello, See subject line ;) Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74dcf0a303aa9afb95809626034f7e1e%40graumannschaft.org. Thank you. I guess this should then do ... if ! qvm-ls --running|grep -q $VM; then echo "$VM not running or present. Aborting." exit 1 fi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db92155edb25d83dc9e39e977d2f58d3%40graumannschaft.org.
[qubes-users] How to check (in BASH and dom0) whether a appVM exists?
Hello, See subject line ;) Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74dcf0a303aa9afb95809626034f7e1e%40graumannschaft.org.
Re: [qubes-users] Mounting directories across VMs (losetup/block device solution for directories)?
On 2020-02-27 20:32, David Hobach wrote: On 2/26/20 10:23 PM, Johannes Graumann wrote: Hi, I'm experimenting with creating a sys-dropbox vm that syncs with my dropbox account. I would love to be able to then mount defined subdirectories of the synced path to other vms (losetop/qvm-block- style, which only works for files). Is this possible? Where to find pointers? qcrypt can do that: https://github.com/3hhh/qcrypt Nice solution, but overkill in my case - I use tresorit's E2EE solution (let's not get started on the closed source/snake oil discussion, I have to consider noob-co-usage ...) and want to sync that storage to a sys-tresorit, from where I want to grant access to certain subsections of it to individual vms - without additional encryption. Any pointers on where to start exploring the above mentioned sshfs via qubes-rpc solution? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3f6765132bff24fb69383f342e8fd5b%40graumannschaft.org.
[qubes-users] Mounting directories across VMs (losetup/block device solution for directories)?
Hi, I'm experimenting with creating a sys-dropbox vm that syncs with my dropbox account. I would love to be able to then mount defined subdirectories of the synced path to other vms (losetop/qvm-block- style, which only works for files). Is this possible? Where to find pointers? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1cae22993ccdcf5a64c974b2d364a6a55de7ea8c.camel%40graumannschaft.org.
Re: [qubes-users] Is Qubes Split GPG safe?
On 2020-02-13 18:36, Claudio Chinicz wrote: Hi Sven, Thanks again. I've tried them and found the following: - KMail is not allowed to authenticate with Oath2 from Google (my accounts are Gmail) - Evolution now does not support Gnupg - Claws is not available for Fedora Sorry for insisting.. any ideas? Best https://fedoraproject.org/wiki/Using_GPG_with_Evolution -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5c5c26b53ae5d1ddcfbb4b2675f9f7f7%40graumannschaft.org.
Re: [qubes-users] State of Arch Template?
On Sat, 2019-12-28 at 16:15 +0100, dhorf-hfref.4a288...@hashmail.org wrote: > On Sat, Dec 28, 2019 at 04:03:12PM +0100, Johannes Graumann wrote: > > A current Arch template would help this much, but the repos contain > > no > > such image for 4.0 and the qubes-builder doesn't even finish the > > "setup" script for me. > > What's the status of Arch support? Is is still being worked on? > > building an arch template through qubes-builder worked for me > without any effort/problems in the last days. > > -rw-rw-r-- 1 user user 657775936 Dec 26 20:14 qubes-template- > archlinux-4.0.1-201912261712.noarch.rpm > > the resulting VM starts and looks ok/working on console, but didnt > want > to run any gui apps, qvm-run calls were just hanging without any > error. > didnt track that down since i didnt actualy want to use it, was just > a question similar to yours came up on freenode #qubes ... > > i could probably walk you through the "building" part, but fixing > whatever needs fixing inside the arch template is out of scope for > me since i am not an arch user. Can others coment on the state/usability of the template? @Olivier Médoc ? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd2b8bdf27b23b0950931da137c9b36502e199b5.camel%40graumannschaft.org.
Re: [qubes-users] State of Arch Template?
On Sat, 2019-12-28 at 16:15 +0100, dhorf-hfref.4a288...@hashmail.org wrote: > On Sat, Dec 28, 2019 at 04:03:12PM +0100, Johannes Graumann wrote: > > A current Arch template would help this much, but the repos contain > > no > > such image for 4.0 and the qubes-builder doesn't even finish the > > "setup" script for me. > > What's the status of Arch support? Is is still being worked on? > > building an arch template through qubes-builder worked for me > without any effort/problems in the last days. > > -rw-rw-r-- 1 user user 657775936 Dec 26 20:14 qubes-template- > archlinux-4.0.1-201912261712.noarch.rpm > > the resulting VM starts and looks ok/working on console, but didnt > want > to run any gui apps, qvm-run calls were just hanging without any > error. > didnt track that down since i didnt actualy want to use it, was just > a question similar to yours came up on freenode #qubes ... > > i could probably walk you through the "building" part, but fixing > whatever needs fixing inside the arch template is out of scope for > me since i am not an arch user. Many thanks. After religiously sticking with the `qubes-builder` part of the online documentation I appear to have progressed further and will report back ... Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c3ece84ed4acd3c1cc41b4cd94baa5db4e04d2b5.camel%40graumannschaft.org.
[qubes-users] State of Arch Template?
Gentlepeople, I'm migrating an Arch setup to qubes (4.0). This is complicated by the rel. bleeding edge nature of Arch and the resulting software version incompatibility/unavailability. Currently I try to move a Digikam Archiving setup (Arch 6.4.0-4, Fedora-30 6.1.0-7, Debian-10 4:5.9) with smbnetfs mounted remote archives (not even present in Fedora). A current Arch template would help this much, but the repos contain no such image for 4.0 and the qubes-builder doesn't even finish the "setup" script for me. What's the status of Arch support? Is is still being worked on? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61007bacf7f9e500a2a7e4f13bda7ca75f1f8d83.camel%40graumannschaft.org.
[qubes-users] VM-individual Apps: Google Chrome flatpak? eos repos?
Hello, I'm experimenting with a more "one app - one VM" paradigm using a minimal template with flatpak installed and then VMs based on it that pull in individual apps int flatpak's --user local installs. I just don't want to have a plethora of templates with different software subsets, but rather a base template and then VM-specific app installs ... I'm running this for signal and different mail accounts accessed with evolution (all present in flathub.org), but am also looking into doing this for media replay/chrome. There's an option here https://gist.github.com/cho2/a9c20556e0585943624208c3ca1a5af7 , but the "institutionally controlled" first option using EndlessOS' flatpak repos is not working for me. Has anyone done this? Thanks for any pointers, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cba93e9da42e5e3fed4ffe9696510d42%40graumannschaft.org.
Re: [qubes-users] Salt Questions
On 2019-10-09 20:43, Brian C. Duggan wrote: On 10/8/19 6:45 AM, Johannes Graumann wrote: 2) I'm unclear about whether the fedora-/debian-X-minimal template VMs require additional packages to be managed through salt. https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so: Also, there are packages to provide additional services: ... qubes-mgmt-\*: If you want to use salt management on the template and qubes. If that's indeed the case, it's actually not possible to manage minimal template installation/customization entirely through salt, which I consider suboptimal. Qubes does not require that these packages be installed on target VMs to manage them. The disposable management VM applies states through salt-ssh over qrexec. So target VMs only need the qrexec agent installed: https://www.qubes-os.org/doc/salt/#configuring-a-vms-system-from-dom0 I believe qubes-mgmt-salt packages will let a user-controlled management VM use the AdminAPI through Salt. But I'm not sure whether the AdminAPI is mature enough for that to work fully, yet. Folks on this list have only talked about using Salt from dom0. 3) I so far have managed to setup `*.sls` files for updating all templates as well as dom0 (THANKS unman for the example repo posted a while ago). Now I'm trying to get a defined package installed in a minimal template and fail: flatpak.sls: install_flatpak: pkg.installed: - pkgs: - flatpak I was able to apply this state to a clone of fedora-30-minimal like this: # qubesctl --show-output --skip-dom0 \ # --target=fedora-30-minimal-flatpak state.sls flatpak Try getting the state to work by itself before using it in a top file. What do you get when you try that command? Brian -- Brian C. Duggan he/him/his Thank you for chiming in - I can indeed configure all official templates (minimal or not) using salt without installing anything special. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b3dd1452c5b70b17d30d7aeafc0d760%40graumannschaft.org.
[qubes-users] How does a dispVM know to shut down when program called in it closes?
Hello, What's the mechanism behind the fact that if I start firefox in a standard dispvm (as installation-provided) and terminate the program. the VM shuts down along with it? Thank for any hints. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e597553f059ec53b7313f1f376fb3a83%40graumannschaft.org.
[qubes-users] Salt Questions
Gentlepeople, I'm finally biting the bullet and setting out to salt my Qubes. 1) DARN is it complicated in comparison to Ansible - not least because of the ... interesting ... obsession with the physical characteristics of salty minerals (grain, pillar, ...) - just call it what if functionally is, for chrissakes ... 2) I'm unclear about whether the fedora-/debian-X-minimal template VMs require additional packages to be managed through salt. https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so: Also, there are packages to provide additional services: ... qubes-mgmt-\*: If you want to use salt management on the template and qubes. If that's indeed the case, it's actually not possible to manage minimal template installation/customization entirely through salt, which I consider suboptimal. 3) I so far have managed to setup `*.sls` files for updating all templates as well as dom0 (THANKS unman for the example repo posted a while ago). Now I'm trying to get a defined package installed in a minimal template and fail: flatpak.sls: install_flatpak: pkg.installed: - pkgs: - flatpak *.top: base: ^(.*)-flatpak$: - match: pcre - flatpak when applying this to --all, everything appears to run fine, but at the end, the present fedora-30-minimal-flatpak template does NOT have flatpak installed ... Where am I erring? Thank you for any insight you may be able to give. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5b638b1e2e4ab858548f05c4b8bf6e9b%40graumannschaft.org.
Re: [qubes-users] Using Salt to update TemplateVMs
On Thu, 2019-07-18 at 15:40 +0100, unman wrote: > On Tue, Jul 16, 2019 at 10:56:13AM -0700, brendan.h...@gmail.com > wrote: > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > > I really do recommend using qubesctl for almost all system > > > configuration. If only because it makes recovery so much easier. > > > I see people saying "keep a list of packages you've installed" - > > > if you > > > keep state and use salt you can rebuild your system (almost) > > > completely > > > automatically. > > > > Do you happen to have some example "personalized" salt scripts you > > use (or a pointer to where someone has posted some)? > > > > I was planning to put together some bash scripts to push > > configuration into my templates (90% repo adjustments and specific > > packages to download), but your comment above is intriguing. > > > > B > > > > I cant post my files, but I've put up an example which shows how to > create a qube for building Qubes. > Here: - https://github.com/unman/notes/tree/master/config/build > > There are some notes I used in training which are a very basic > hands on intro to salt in Qubes: > https://github.com/unman/notes/tree/master/salt > > In the build example,you'll see: > 1. Create.sls - Create a new qube: installing fedora-30-minimal if > not already > there, cloning to new template, using new template to create qube, > configure the new qube, and configure dom0. > 2. install.sls - installs required software in template. > 3. config.sls - Configures new qube as needed. > > I've broken this down to make it as clear as possible, and kept it > simple. > You could run each section like: > qubesctl state.sls build.create > qubesctl --skip-dom0 --targets=template-builder state.sls > build.install > qubesctl --skip-dom0 --targets=builder state.sls build.config > > Of course, you can do everything here using scripting. But for some > things, (like targeting packages and configuration at distro and > version), > salt is somewhat easier. > > unman > Do you have any demonstration solution that would do something along the lines of: a) query templates-itl, templates-itl-testing, templates-community for the highest fedora-X-minimal version (X) available b) proceed with installing that version As far as I know there's no "latest" metapackages that would render this trivial ... Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/706674c392efdcd5d6199dc85cf2417c261ca4ba.camel%40graumannschaft.org.
Re: [qubes-users] Using Salt to update TemplateVMs
On Thu, 2019-07-18 at 12:49 +0200, Johannes Graumann wrote: > On Thu, 2019-07-18 at 07:51 +0530, Kushal Das wrote: > > On Thu, Jul 18, 2019 at 12:44 AM Johannes Graumann > > wrote: > > > On Wed, 2019-07-17 at 18:56 +0530, Kushal Das wrote: > > > > On Tue, Jul 16, 2019 at 11:26 PM > > > > wrote: > > > > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > > > > > I really do recommend using qubesctl for almost all system > > > > > > configuration. If only because it makes recovery so much > > > > > > easier. > > > > > > I see people saying "keep a list of packages you've > > > > > > installed" - > > > > > > if you > > > > > > keep state and use salt you can rebuild your system > > > > > > (almost) > > > > > > completely > > > > > > automatically. > > > > > > > > > > Do you happen to have some example "personalized" salt > > > > > scripts > > > > > you > > > > > use (or a pointer to where someone has posted some)? > > > > > > > > > > I was planning to put together some bash scripts to push > > > > > configuration into my templates (90% repo adjustments and > > > > > specific > > > > > packages to download), but your comment above is intriguing. > > > > > > > > > There is also https://qubes-ansible.readthedocs.io/en/latest/ > > > > if > > > > you > > > > like Ansible. > > > What's the relationship/comparison to > > > https://github.com/Rudd-O/ansible-qubes? > > > > https://qubes-ansible.readthedocs.io/en/latest/ is a pure Python > > implementation > > and does not use Salt anywhere. Also, the plugin is already merged > > in > > upstream > > Ansible project. > > That is cool. Is it using the same security mechanisms that salt in > Qubes utilizes (like executing in a dispVM)? Can you comment of whether the ansible implementation is using (or can be made to do so) something equivalent to what is described for salt in https://github.com/QubesOS/qubes-issues/issues/1541#issuecomment- 187482786 : 1) For every VM managed by Salt (from dom0): - Start target VM. - Have dom0 to create DispVM. - Send all the Salt configuration there. - Grant it qubes.VMShell access to that selected VM only - Run salt-ssh (over qrexec) from the DispVM, targeting that single VM. Do not filter return channel there - so for example all the grains will be available to salt-ssh during state rendering. - Collect output back to dom0 (success/failure flag, optionally logging full output to some file) - Destroy DispVM - Shutdown target VM (opt-out? only when wasn't running at the start?). Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61d3460c782eafc6eb8fe5230a1df1ebb025fb11.camel%40graumannschaft.org.
Re: [qubes-users] Using Salt to update TemplateVMs
On Thu, 2019-07-18 at 07:51 +0530, Kushal Das wrote: > On Thu, Jul 18, 2019 at 12:44 AM Johannes Graumann > wrote: > > On Wed, 2019-07-17 at 18:56 +0530, Kushal Das wrote: > > > On Tue, Jul 16, 2019 at 11:26 PM wrote: > > > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > > > > I really do recommend using qubesctl for almost all system > > > > > configuration. If only because it makes recovery so much > > > > > easier. > > > > > I see people saying "keep a list of packages you've > > > > > installed" - > > > > > if you > > > > > keep state and use salt you can rebuild your system (almost) > > > > > completely > > > > > automatically. > > > > > > > > Do you happen to have some example "personalized" salt scripts > > > > you > > > > use (or a pointer to where someone has posted some)? > > > > > > > > I was planning to put together some bash scripts to push > > > > configuration into my templates (90% repo adjustments and > > > > specific > > > > packages to download), but your comment above is intriguing. > > > > > > > There is also https://qubes-ansible.readthedocs.io/en/latest/ if > > > you > > > like Ansible. > > What's the relationship/comparison to > > https://github.com/Rudd-O/ansible-qubes? > > https://qubes-ansible.readthedocs.io/en/latest/ is a pure Python > implementation > and does not use Salt anywhere. Also, the plugin is already merged in > upstream > Ansible project. That is cool. Is it using the same security mechanisms that salt in Qubes utilizes (like executing in a dispVM)? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0405663e45d6d3794ecf26e734c219558370526.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using Salt to update TemplateVMs
On Wed, 2019-07-17 at 18:56 +0530, Kushal Das wrote: > On Tue, Jul 16, 2019 at 11:26 PM wrote: > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > > I really do recommend using qubesctl for almost all system > > > configuration. If only because it makes recovery so much easier. > > > I see people saying "keep a list of packages you've installed" - > > > if you > > > keep state and use salt you can rebuild your system (almost) > > > completely > > > automatically. > > > > Do you happen to have some example "personalized" salt scripts you > > use (or a pointer to where someone has posted some)? > > > > I was planning to put together some bash scripts to push > > configuration into my templates (90% repo adjustments and specific > > packages to download), but your comment above is intriguing. > > > There is also https://qubes-ansible.readthedocs.io/en/latest/ if you > like Ansible. What's the relationship/comparison to https://github.com/Rudd-O/ansible-qubes? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36698ed29b11a9bf709480ac35ec91ef5247c7be.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes & guix to prevent image bloat/multiplication?
I became aware of guix through an announcement that it is now 1.0 ( https://www.gnu.org/software/guix/blog/2019/gnu-guix-1.0.0-released/) as it purportedly allows environment install/maintenance in user space, I was wonderung whether anyone has used it on qubes to install appVM specific software only there without having to customize/inflate the underlying images with software. Experiences? Thoughts? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c07f5fd1a542d99708bcf21682b970fa11e3d32c.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes-mirage-firewall 0.5
On Sat, 2019-04-06 at 06:31 -0700, Thomas Leonard wrote: > I got a few emails about this. I'm going to answer the questions here > because this is a community project and everyone should see the > discussion. > > Q: The build-with-docker script hard-codes /home/opam. What if your > user has a different name? > > The Docker build creates a virtual environment based on the > `ocaml/opam2:debian-9-ocaml-4.07` image (template). In this image, > the user is always called "opam". > > Using Docker means that every build is exactly the same, regardless > of whether you're using Fedora or Debian as the OS for your Qube. The > build script contains the hash of the expected image, so you can be > sure the unikernel you built is byte-for-byte identical with the one > we built. > > It also means that you don't have to install any special tools > (except Docker itself). The build is isolated from your own files, > except that it shares the `_build` directory, which is where you will > find the output files. > > Q: Can I build on Debian without using Docker? > > Yes. I got it working with this: > > sudo apt-get update > sudo apt-get install rsync pkg-config git gcc make m4 patch unzip > bubblewrap curl 0install-core > 0install add opam http://tools.ocaml.org/opam.xml > opam init --compiler=4.07.1 --disable-sandboxing > eval $(opam env) > opam install mirage > mirage configure -t xen && make depend && make tar > > Trying to keep these instructions up-to-date wastes a lot of > volunteer time however, so I would much prefer people to use the > Dockerfile if they have any problems building with their own OS. > > Q: Why does installing opam without Docker want to modify my > .profile? > > So it can make commands such as `ocaml` point to the ones that it has > installed in your home directory. If you're worried about what opam > is doing to your system, I suggest using the build-with-docker script > to sandbox everything. > > Q: Do I need some standalone system that docker can 'mess up' and > that I delete after build? > > Feel free to create a `firewall-builder` VM for this if you don't > trust Docker to sandbox things correctly in your existing qubes. > > Q: You have binaries on the github site, but neither checksums nor > signatures > > There is a checksum in the build-with-docker file which should match > the binary. In the case of the 0.5 release, you should see: > > $ sha256sum vmlinuz > 1f72adad30cbd4f8315983240bd150811084cb93d360c14740fadb36394c7aa8 > vmlinuz > > Perhaps future releases will come with signatures. > > Q: Where can I ask questions about this? > > - You can reply to this thread, where I will see it along with other > Qubes users (I know several people here are using it; see previous > discussions). > - You can file issues at > https://github.com/mirage/qubes-mirage-firewall/issues > - You can ask on the Mirage mailing list - see > https://mirage.io/community/ > - To report a security bug, see https://mirage.io/security Has anyone tried to build using podman (https://podman.io/)? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da7fca1ebeb57462df713096f0b82af15a4dfcfa.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Preparation for a Qubes Installation: Custom Disk encryption?
On Tue, 2019-02-12 at 08:08 -0500, Chris Laprise wrote: > On 2/12/19 4:40 AM, Johannes Graumann wrote: > > Gentlepeople, > > > > After playing with it on a secondary machine, I'm looking to > > transition > > from my Arch-setup to Qubes. > > > > I am traditionally choosing to encrypt my file systems using > > serpent > > (considered the strongest entry into the AES competition with > > slightly > > worse speed than the finally choosen Rijndael algorithm) and the > > following partitioning: > > - UEFI-required EFI System Partition, 512MB, EFI System > > - /boot partition (to be encrypted), 512MB, Linux filesystem > > - SWAP partition (to be encrypted using a random key), size of RAM > > (`free -m`) + 1 MiB, Linux filesystem > > - tmp partition (to be encrypted using a random key), 2GB, Linux > > filesystem > > > > All but the UEFI partition are being encrypted. '/boot' uses a > > keyfile > > resident in '/' (appropriate grub configuration) and thus PW- > > protectded > > through the encryption of '/'. > > FWIW, if you switch to legacy BIOS boot and your system has a TPM > you > may be able to use the Qubes anti-evil-maid package to guard against > firmware & boot tampering. Most Qubes users don't seem to opt for > it, > but I thought you might be interested in the extra security. > > > Questions: > > 1) Does that make sense (for Qubes)? > > On this topic, the sensibility of encryption options with Qubes is > about > the same as for regular Linux distros. Personally, I don't think > switching away from AES is necessary. > > > 2) Am I missing something necessary? > > 3) Is there documentation on custom disk encryption and if no: > > where in > > the installation process would I break out (how) to the CLI to get > > it > > done? > > Qubes uses the RHEL/Fedora installation tool called 'anaconda' which > is > documented on the Red Hat and Fedora sites. I don't recall if the > anaconda UI lets you specify the cipher, but the 'kickstart' feature > does so that might be an option. > > Also note that a non-AES cipher may seem nearly as quick as AES for > access times, however it will have an impact on multitasking > performance > since AES is hardware accelerated while the other ciphers are not on > most systems. So after I was pointed by @ADW at https://www.qubes-os.org/doc/custom-install/, I'm well set up to tackle any customization - I'm aware of the hardware acceleration generally baked in for AES algorithms. Yet the question remains whether swap and especially tmp partitions make sense from a Qubes-perspective. I assume that given the RAM management necessary, swap for dom0 may be quite sensible (is RAM+ 1MB an appropriate size?), but how about tmp? I realize that the my use case, where I traditionally have browsers etc. use it as a download directory that's automatically purged upon machine shutdown does not make a whole lot of sense for dom0. Is there anything Qubes-specific to keep in mind when deciding on whether a separate tmp partition is adding security? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/149dec4d462623703ef5549406c0826f5b79ed13.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] not enough memory to start domain "xyz"
On Sat, 2019-02-16 at 11:21 +0100, evo wrote: > > On 2/16/19 11:17 AM, Johannes Graumann wrote: > > On Sat, 2019-02-16 at 11:08 +0100, evo wrote: > > > Hey! > > > > > > I got the message that i don't have enough memory to start a > > > domain. > > > How can i understand, what exactly the problem is? > > > Is it a RAM problem on the dom, or in the domain itself, or on > > > the > > > whole > > > system? > > Others must answer this. > > > > > By the way, how can i check up how much RAM i have in the whole > > > laptop? > > > (I forgot it :D ) > > 'free -m' on the CLI does the trick. > > > > Joh > > > > thanks. > i knew about free -m, but i don't know where should i type it, to get > the whole RAM on the machine. What is CLI? :) > 'Command line interface'. Open a Shell on dom0 and type in that command. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/504cc7eb2f982ea0de3057bcd3fbb2f03d825654.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] not enough memory to start domain "xyz"
On Sat, 2019-02-16 at 11:08 +0100, evo wrote: > Hey! > > I got the message that i don't have enough memory to start a domain. > How can i understand, what exactly the problem is? > Is it a RAM problem on the dom, or in the domain itself, or on the > whole > system? Others must answer this. > > By the way, how can i check up how much RAM i have in the whole > laptop? > (I forgot it :D ) 'free -m' on the CLI does the trick. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22427150e41f826f12b8402d47226edcb4c368f2.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Preparation for a Qubes Installation: Custom Disk encryption?
Gentlepeople, After playing with it on a secondary machine, I'm looking to transition from my Arch-setup to Qubes. I am traditionally choosing to encrypt my file systems using serpent (considered the strongest entry into the AES competition with slightly worse speed than the finally choosen Rijndael algorithm) and the following partitioning: - UEFI-required EFI System Partition, 512MB, EFI System - /boot partition (to be encrypted), 512MB, Linux filesystem - SWAP partition (to be encrypted using a random key), size of RAM (`free -m`) + 1 MiB, Linux filesystem - tmp partition (to be encrypted using a random key), 2GB, Linux filesystem All but the UEFI partition are being encrypted. '/boot' uses a keyfile resident in '/' (appropriate grub configuration) and thus PW-protectded through the encryption of '/'. Questions: 1) Does that make sense (for Qubes)? 2) Am I missing something necessary? 3) Is there documentation on custom disk encryption and if no: where in the installation process would I break out (how) to the CLI to get it done? Thanks for any hints. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/038dcac4b42e2852a4d3d7a0644fc8251ea1dc4c.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] signal-desktop?
On Sun, 2019-01-06 at 23:14 +0100, haaber wrote: > > It's running fine for me from a flatpak --user install ... has the > > advantage that the template only needs flatpak and all signal is in > > the > > appVM only. > > > > Joh > > > > On Fri, 2019-01-04 at 18:57 -0600, Sven Semmler wrote: > > > Hi, > > > > > > I just installed signal-desktop (in the template) and now try to > > > run > > > it in the appVM. The app starts and I can see the window border, > > > but > > > nothing inside the window. > > > > > > Haven't done much diagnosis yet. Just wondering if someone here > > > recently installed signal-desktop on a debian-9 based qube and > > > has > > > some hints for me. > > I tested & get same problem as Sven. Could you please explain the > flatpak approach, Joh? Besides the usage for signal-desktop this may > be > helpful in other cases as well! Thank you, Bernhard https://flatpak.org/. You install flatpak in you template VM (using the usual tools). After that you fire up a AppVM for Signal (for example) and on it's CLI run 'flatpak install --user flathub org.signal.Signal' & afterwards fire it up in the same AppVM using 'flatpak run org.signal.Signal'. Skype also is manageable this way as are others: https://flathub.org/apps HTH, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d3394ebcc0618dd355c94c5e64761d760c6a4a00.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes configuration: Git tracking of ansible/salt recipes in external repository?
Gentlepeople, I have a conceptual question regarding a sensible layout of VMs and networking in the context of aiming at a qubes instance fully managed by scripting (salt or ansible, or shell, or ...). How would you set up a system that a) allows to automatedly configure qubes from dom0 (or even better a dedicated management VM) and b) allows for tracking of the scripting infrastructure using git and a github account (taking care of script integrity using gpg signing)? Direct network access of dom0 or the dedicated management VM is a bad idea, so how to solve this? put the git repo on a device shared temporarily with a dedicated networked VM that is only used for pushing/pulling? Thank you for any insight into how to manage such a setup. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac21991b09c9c4c35c22500a9005319e9ccc6b51.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Thoughts on Salt in Qubes in practice?
On Mon, 2018-10-15 at 12:35 -0400, Kushal Das wrote:
> On Mon, Jul 2, 2018 at 12:13 PM Marek Marczykowski-Górecki
> wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > On Mon, Jul 02, 2018 at 05:17:31PM +0200, Johannes Graumann wrote:
> > > Would there be possibilities to bring a in my experience much
> > > more
> > > approachable ansible option closer to the core and integrate it
> > > into
> > > the code base overseen by Invisible Things? Maybe by contracting
> > > Rudd-
> > > O?
> >
> > I think yes. But someone would need to implement it. Having Ansible
> > as
> > first-class citizen in Qubes requires:
> >
> > 1. Direct integration with Admin API / qvm-* commands / qubesadmin
> > python
> > module, instead of converting ansible -> salt -> qvm-* commands.
> > Generally make managing VMs with Ansible independent of Salt. Admin
> > API
> > allows to do all that from selected VM, instead of dom0 (as it was
> > before Qubes 4.0).
> >
> > 2. Make VM management more isolated - namely do not parse complex
> > data
> > returned from managed VM. Displaying success/fail info and a text
> > message should be ok, but an interactive protocol is not.
> > Salt (namely: salt-ssh) provides a method to package all the
> > required configuration into a single tarball, which then can be
> > send
> > and executed - this was AFAIR one of main reasons why we've chosen
> > Salt.
> > But later it turned out making that tarball needs some input from
> > "remote"
> > system ("grains" - things like what OS is there, various tools
> > versions etc), so
> > we've added an intermediate DispVM which gets all salt
> > configuration,
> > ask target VMs for "grains", then create a tarball and sends it
> > there.
> > Each target VM have own DispVM for that created on demand.
> > This way if anything compromise the code parsing "grains" (or any
> > related structure), it will not gets an access to neither dom0, nor
> > other VMs. See relevant ticket[1] for design discussion about this.
> > We need something with similar properties for Ansible. If there is
> > a
> > mode with uni-directional communication with target VM, it should
> > be
> > enough, otherwise a similar scheme as for Salt needs to be done.
> >
> > Manuel, would you be interested in working on this?
> >
> Over the weekend I actually thought over the problem, and wanted to
> have
> something as close as possible to the upstream Ansible for the same.
>
> The result is is availble at [1]. This has three major things.
>
> 1. One *qubes* connection plugin for Ansible
>This allows dom0 and any domU (with proper policy) to do things
> inside of a VM. Means installing packages, copy/fetch files etc.
>
> I have also opened a PR to the upstream Ansible to add this in the
> core.
>
> 2. To make 1 happen, I added a small qrexec service *qubes.Ansible*.
> To do things from dom0, we only need that service in the target
> AppVMs
> or templates. There is also a command line tool (basically service
> name changed from
> qvm-run-vm command) *qvm-ansible* which will be used by domU VMs to
> connect
> and do things inside of other VMs.
>
> 3. A pure Python Ansible module (named: qubesos) to
> create/destroy/manage state of the
> VMs.
>
> Now, for now I have tested point 3 only from dom0. Point was tested
> from both dom0 and domU VMs.
>
> The Python module will require a lot of other things to make it 100%
> compatible with
> standard qvm*/qubes-* tools.
>
> I have added examples in the repo. I managed to ran random playbooks
> (which I use
> in other places) using this. I would love to have feedback on this.
>
> Note: This does not use Salt anywhere.
>
> [1] https://github.com/kushaldas/qubes_ansible
>
>
> Kushal
Great to see work on this! While I haven't had time (yet) to play
around with some of the salt introductions given in this thread,
actually sticking with ansible would be my preferred solution ...
Can you summarize where your approach differs from
https://github.com/Rudd-O/ansible-qubes ?
Will it be possible to have an admin domU running ansible, that also
updates/configures dom0?
Sincerely, Joh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ba71c91816941e9033386c01cb26b3d1921ce300.camel%40graumannschaft.org.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-27-minimal: networking support?
On Mon, 2018-05-28 at 09:46 +0200, Johannes Graumann wrote: > On Mon, 2018-05-28 at 00:40 +0200, [799] wrote: > > Hello Johannes, > > > > On 05/28 12:00, Johannes Graumann wrote: > > > The fedora-27-minimal template from the repo does not appear to > > > have > > > networking support. What needs to be installed to remedy that? > > > > I have just migrated all my sys-AppVMs from a fedora-26-minimal to > > a > > fedora-28-minimal image. > > I also had some issues with networking and got it working after > > installing some more packages: > > > > When I build my standard-App-Template for daily use, the AppVM was > > unable to connect to the web. > > I had to install the following packages in the template to get > > networking: > > > > dnf install qubes-core-agent-networking > > > > I guess the same applies for fedora 27. > > That indeed was the missing item ... > I had studied the 4.0 section of https://www.qubes-os.org/doc/templat > es > /fedora-minimal/, but failed to identify this, as the corresponding > listing is somewhat confusing: "... qubes-core-agent-networking: > Networking support. Required if the template is to be used for a sys- > net or sys-firewall VM." I want networking, but NOT use the https://w > ww > .qubes-os.org/doc/templates/fedora-minimal/late as sys-net/-firewall Propose this: https://github.com/QubesOS/qubes-doc/pull/659 Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bf7415bc968d8ea51eb02670ae1960c23501af2f.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-27-minimal: networking support?
On Mon, 2018-05-28 at 00:40 +0200, [799] wrote: > Hello Johannes, > > On 05/28 12:00, Johannes Graumann wrote: > > The fedora-27-minimal template from the repo does not appear to > > have > > networking support. What needs to be installed to remedy that? > > I have just migrated all my sys-AppVMs from a fedora-26-minimal to a > fedora-28-minimal image. > I also had some issues with networking and got it working after > installing some more packages: > > When I build my standard-App-Template for daily use, the AppVM was > unable to connect to the web. > I had to install the following packages in the template to get > networking: > > dnf install qubes-core-agent-networking > > I guess the same applies for fedora 27. That indeed was the missing item ... I had studied the 4.0 section of https://www.qubes-os.org/doc/templates /fedora-minimal/, but failed to identify this, as the corresponding listing is somewhat confusing: "... qubes-core-agent-networking: Networking support. Required if the template is to be used for a sys- net or sys-firewall VM." I want networking, but NOT use the https://www .qubes-os.org/doc/templates/fedora-minimal/late as sys-net/-firewall Thank you! Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e58be6a930ac9f139949cfc18104a3794518f415.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] fedora-27-minimal: networking support?
Hello, The fedora-27-minimal template from the repo does not appear to have networking support. What needs to be installed to remedy that? Thank you for any hint. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2aed0122eac3084eaa01cae649520c95%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ProtonMail bridge
I cannot second that. They are responsive. Not super fast, but competent and responsive. Joh On Fri, 2018-04-20 at 03:35 -0700, ThierryIT wrote: > What I have already done ... No answers from them ... Like their > support, no existent :( > > Le vendredi 20 avril 2018 12:47:33 UTC+3, chipp...@gmail.com a > écrit : > > On Friday, April 20, 2018 at 1:50:37 AM UTC-4, ThierryIT wrote: > > > Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a > > > écrit : > > > > AHTON, > > > > Thank you for sharing what worked for you. My bridge was > > > > installed into the personal VM (Fedora-26). > > > > I understand what you are suggesting, and hope to try it > > > > out this weekend when I slow down again. > > > > > > > > Regards ~ > > > > > > Hi, > > > How did you get the Linux version of the Bridge ... Seems not to > > > be yet available ... Beta tester ? > > > > > > They offer a Beta version for paid subscribers I requested via > > E-mail, and they responded with a link to the download and > > installation instructions. > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c5ef3f43b90a91a419c4bb34a2bd71fbb349b26.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bitmask installation problem
On Mon, 2018-03-19 at 01:32 -0700, niepowie...@gmail.com wrote: > Hello, > > I'm trying make set up vpn with bitmask application. > > I tried install bitmask to debian template. > > have done steps listed on bitmask site as below in termainal: > > sudo apt install leap-archive-keyring > sudo sh -c 'echo "deb http://deb.leap.se/client release stretch" > > /etc/apt/sources.list.d/bitmask.list' > sudo apt update && sudo apt install bitmask > > But there is info as below > > Some packages could not be installed. This may mean that you have > requested an impossible situation or if you are using the unstable > distribution that some required packages have not yet been created > or been moved out of Incoming. > The following information may help to resolve the situation: > > The following packages have unmet dependencies: > bitmask : Depends: bitmask-core but it is not going to be installed >Depends: bitmask-qt but it is not going to be installed >Depends: bitmask-vpn but it is not going to be installed >Depends: bitmask-mail but it is not going to be installed > E: Unable to correct problems, you have held broken packages. > > How can I resolve this problem? Any advices? > Shouldn't you use 'apt-get' (or 'aptitude') instead of plain 'apt'? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1521470236.5485.118.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt management questions
On Mon, 2018-02-12 at 17:04 +0100, Johannes Graumann wrote: > On Wed, 2018-02-07 at 15:27 +0100, Johannes Graumann wrote: > > Gentlepeople, > > > > For a while I have been managing a qubes setup using a dedicated > > management VM and ansible via https://github.com/Rudd-O/ansible-qub > > es > > . > > As auditing that code is beyond me and as salt is integral to > > qubes, > > I > > was wondering whether that layout is currently possible using the > > salt > > management stack, in other words: can the management stack > > (currently) > > be used with a vm as the master to the entire system including > > dom0? > > > > Sincerely, Joh > > > > I understand this may be IT-people-level stuff ..., but can anyone > hint > at whether this is already possible and or where to look? > > Joh > Here https://www.qubes-os.org/news/2015/12/14/mgmt-stack/, Marek Marczykowski-Górecki sais (referring to the core rewrite back then ongoing for 4.)): + Then, based on this functionality, we will be able to create a + Management VM, which will allow secure, centralized management of + Qubes OS installations in an organization or company. But to do it + securely, we need to first finish some major rework of Qubes core + management code (“core3”), which is planned for Qubes 4.0. Then it + will be possible to implement Management VM in a way so that it will + have no access to user data, only ability to manage configuration of + (selected) VMs. This is exactly what I want - plus limited tor/net connectivity to track/backup my salt infrastructure in a gpg-encrypted git repo ... Are we there yet? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518641808.1064.495.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to set/hange propterty 'Qubes.default_dispvm'?
On Mon, 2018-02-12 at 09:10 -0800, brendan.h...@gmail.com wrote: > I had to reread the thread three times to realize that qvm-prefs and > qubes-prefs were different. :) > Indeed ... that is what happened to me too ... after changing the default dvm for all VMs via 'qvm-prefs' and globally via 'qubes-prefs' I was able to cull fedora-25 from my installation (other than dom0). Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518515862.16585.2.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt management questions
On Wed, 2018-02-07 at 15:27 +0100, Johannes Graumann wrote: > Gentlepeople, > > For a while I have been managing a qubes setup using a dedicated > management VM and ansible via https://github.com/Rudd-O/ansible-qubes > . > As auditing that code is beyond me and as salt is integral to qubes, > I > was wondering whether that layout is currently possible using the > salt > management stack, in other words: can the management stack > (currently) > be used with a vm as the master to the entire system including dom0? > > Sincerely, Joh > I understand this may be IT-people-level stuff ..., but can anyone hint at whether this is already possible and or where to look? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518451493.11154.3.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to set/hange propterty 'Qubes.default_dispvm'?
On Fri, 2018-02-09 at 08:11 +, Johannes Graumann wrote: > Hello, > Trying to purge all fedora 25 traces (aside from dom0) from my > system. > I have started to work my way through the dependencies following this > workflow: > 1) qvm-remove fedora-25-dvm > 2) journalctl -r > 3) qvm-prefs --set default_dispvm whonix-ws-dvm > It's kind of annoying that the 'qvm-remove' does not produce the > informative error that's redable from 'journalctl' ... but that > aside: I'm now stuck with the journalctl information > 'Cannot remove fedora-25-dvm, used by Qubes.default_dvm' > and fail to understand/find where that particular property is set, > respectively may be changed ... > > Thank you for any hints. Anybody? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518451353.5745.51.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to set/hange propterty 'Qubes.default_dispvm'?
Hello, Trying to purge all fedora 25 traces (aside from dom0) from my system. I have started to work my way through the dependencies following this workflow: 1) qvm-remove fedora-25-dvm 2) journalctl -r 3) qvm-prefs --set default_dispvm whonix-ws-dvm It's kind of annoying that the 'qvm-remove' does not produce the informative error that's redable from 'journalctl' ... but that aside: I'm now stuck with the journalctl information 'Cannot remove fedora-25-dvm, used by Qubes.default_dvm' and fail to understand/find where that particular property is set, respectively may be changed ... Thank you for any hints. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/30d642c0a20b5aec8633866457e400a2%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Salt management questions
Gentlepeople, For a while I have been managing a qubes setup using a dedicated management VM and ansible via https://github.com/Rudd-O/ansible-qubes. As auditing that code is beyond me and as salt is integral to qubes, I was wondering whether that layout is currently possible using the salt management stack, in other words: can the management stack (currently) be used with a vm as the master to the entire system including dom0? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518013657.2002.46.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 second candidate (rc2) has been released!
On Tue, 2017-10-24 at 05:36 -0700, Roy Bernat wrote: > On Tuesday, 24 October 2017 04:21:48 UTC-4, Marek Marczykowski- > Górecki wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > Hello, > > > > We have just released Qubes 4.0-rc2: > > > > https://www.qubes-os.org/news/2017/10/23/qubes-40-rc2/ > > > > - -- > > Best Regards, > > Marek Marczykowski-Górecki > > Invisible Things Lab > > A: Because it messes up the order in which people normally read > > text. > > Q: Why is top-posting such a bad thing? > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v2 > > > > iQEcBAEBCAAGBQJZ7qEQAAoJENuP0xzK19csfcsH/3z/p92uLx9e7tvLkjp0KFxl > > k4Dz2IG3WYWsPV7ddVqQEcqsuDwpoJFn5hPWlW5nCDALoXnyMWTxJbpmU+372MiQ > > IO6kWqOQWkAi1YxCQFbJQh6wtKFxtFqbObALfzOPIUxc3LGR630qk/Xoc1b0CzHm > > frq6o4ovbTJ7yz2sluhvk77pFz4dy8DVHmv6gi+YvrcsiC6MJovaqMPs8Xds7yPZ > > Q0ERU3QGFVRXyzOJXIrC58zVHVh3QvZvedJlpwVrGj+65Eira9T5cdqW+quieaT0 > > iMkc1YnpjbcUo5KtkKY7A9IVMd75sE0RrRu7Ruh/0mH84UWuqylGORXtBRqoq2k= > > =eTdP > > -END PGP SIGNATURE- > > Hi > > is it possible to update from rc1 to rc2 ? > i tried to install whonix with no success. > > ideas ? > > Roy > Follow the link and thou shall find "As a consequence of the partition layout change, it will be necessary for current 4.0-rc1 testers to perform a clean reinstall of 4.0-rc2 rather than attempting to upgrade in-place. We sincerely apologize for this inconvenience." Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1508849039.3892.54.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 4.0-rc1: qvm- remove incomplete (?) - All qubes functionality (qubesd) down as a result
On Wed, 2017-09-27 at 13:19 +0200, Johannes Graumann wrote: > Gentlepeople, > > I recently managed to install the community whonix templates into my > 4.0 setup and have since been striving to recreate the arrangements > of > proxyvms etc. I ran in 3.2. > > In this process I erroneously create a vm called 'sys-whonix-gw', > using > the whonix-gw template. I proceeded to remove this vm using 'qvm- > remove' and ever since all qubes functionality does not come up at > reboot. Investigating the output of 'systemctl status qubesd' et al, > I > became aware of an error thrown that reports 'sys-whonix-gw' as > missing > ... apparently there are remnants of that vm left in the system > despite > me calling 'qvm-remove'. > > Short of a reinstall, is there anything I can do to rescue this > situation? > > Thanks for any pointers. > > Sincerely, Joh Any hit at all? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1506617700.1805.22.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 4.0-rc1: qvm- remove incomplete (?) - All qubes functionality (qubesd) down as a result
Gentlepeople, I recently managed to install the community whonix templates into my 4.0 setup and have since been striving to recreate the arrangements of proxyvms etc. I ran in 3.2. In this process I erroneously create a vm called 'sys-whonix-gw', using the whonix-gw template. I proceeded to remove this vm using 'qvm- remove' and ever since all qubes functionality does not come up at reboot. Investigating the output of 'systemctl status qubesd' et al, I became aware of an error thrown that reports 'sys-whonix-gw' as missing ... apparently there are remnants of that vm left in the system despite me calling 'qvm-remove'. Short of a reinstall, is there anything I can do to rescue this situation? Thanks for any pointers. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1506511160.8970.41.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] missing commands/options for scripting in Qubes OS (3.2)
On Wed, 2017-09-27 at 06:12 -0400, 'One7two99' via qubes-users wrote: > Hello, > > while trying to script some basic tasks I found out that I am missing > some small features in the qvm-* scripts, I have looked at the code > of those script but it is to hard for me to understand exactly what > needs to be done to chance that. > Here my ideas, maybe someone with more skills is able to do so: > > *** qvm-shutdown *** > should have an option like "skip-if-not-running", so that the command > will not throw out the message "ERROR: VM already stopped" > Another options should be "skip-if-not-exist" > > *** qvm-restart *** > will shutdown and restart a VM. > should also have an option like "skip-if-not-running","start-if-not- > running", "skip-if-not-exist" and "wait". > (the usecase of those options are clear I guess :-) > I've written a script and saved it to /usr/bin which is only shutting > down and starting a VM, but not doing any error checking, nor does it > offer further options: > #! /bin/bash > qvm-shutdown --force --wait $1 > qvm-start $1 > > *** qvm-destroy *** > including options: "skip-if-not-exist" and "wait" > Will kill a running VM and remove it (basically qvm-kill and then > qvm-remove) > > *** qvm-check *** > should have two other options: > qvm-check shutdown > qvm-check exists > > Another great feature would be if dom0 gets an information when a > scripts has been finished in an AppVM if has been started via qvm- > run: > > currently I am forcing the user to monitor if a command has been > finished: > > qvm-run 'xterm -e " && '" > echo "WARNING: Only continue if the former command has been finished > (terminal windows has been closed)" > read -p "Press Enter to continue" > > Something like "--wait" would be great. I know that this might not be > that easy, but I guess there could be a way that the AppVM > communicates back to dom0. > > Maybe some of this is covered in Qubes 4.x, this would also be nice > to know, still I think it would also be great if this is available in > Qubes 3.2 > > I > [799] I strongly second these requests - the 'qvm-shutdown --skip-if-not- running' can in fact be found in this mailing list as an earlier request from myself. My entire qubes setup is ansible maintained and making scripting easier as proposed here would cut out many lines of code. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1506510585.8970.34.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Debian 9 templates
On Sun, 2017-09-10 at 23:19 +0200, cubit wrote: > 22. Jun 2017 12:37 by cu...@tutanota.com: > > > Is there existing any pre-made templates for Debian 9? > > > Halo > > Is there any news on Debian 9 template? > > Can also someone remind we the URL to check which templates are > installable, not /docs but there was a URL to the folder/repo with > all the templates for download > https://ftp.qubes-os.org/repo/yum/r4.0/templates-itl/rpm/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1505115993.4852.4.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes-usb-proxy on Archlinux?
On Thu, 2017-07-06 at 09:01 +0200, 'Olivier Médoc' via qubes-users wrote: > On 07/04/2017 08:40 AM, Johannes Graumann wrote: > > Hello, > > > > Can anyone give any pointers what needs to be done to have "qubes- > > usb- > > proxy" available in the ArchLinux template kindly provided by > > Olivier > > Medoc? Is there a howto on building this package anywhere? > > > > I have the template running nicely following Olivier's recent hints > > in > > the group (https://groups.google.com/d/msg/qubes-users/5EJxdzgeRLY/ > > rI5d > > otHTAQAJ), but would like to be able to pass usb device through to > > it - > > the Medoc-repo does not seem to contain the qubes-usb-proxy package > > ... > > > > Thank you for any hints. > > > > Sincerely, Joh > > > Hello, > > Are you talking about qubes-app-linux-usb-proxy repository [1] ? > > I don't think somebody worked on this package for archlinux yet. > > In order to implement it, you need to create a PKGBUILD and integrate > it into qubes builder. > > The simplest way is to copy on qubes-gui-common builder [2]. You need > to: > - Create inside qubes-app-linux-usb-proxy a archlinux directory > - Create a PKGBUILD file into this directory and adapt it to build > qubes-app-linux-usb-proxy > - Edit Makefile.builder inside qubes-app-linux-usb-proxy and add the > following line: > > ARCH_BUILD_DIRS := archlinux > > This should be sufficient to start building an archlinux package > using 'make app-linux-usb-proxy-vm' inside qubes-builder. > > The difficult part is then to test that everything work properly as > it is often required to adapt code in order to get it working > properly in archlinux. > > > [1] https://github.com/QubesOS/qubes-app-linux-usb-proxy > [2] https://github.com/QubesOS/qubes-gui-common Hello, Thank you for your pointers - I started exploring this: - created a fedora 25- based development machine - followed your docu at https://www.qubes-os.org/doc/building-archlinux -template/ - cloned qubes-app-linux-usb-proxy as a git submodule into the qubes- src directory I cannot build that module though: "No rule to make target 'app-linux- usb-proxy'" - what am I still misiing? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1499714330.4133.16.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Proxy for Archlinux Template
On Tue, 2017-05-30 at 09:19 +0200, Johannes Graumann wrote: > Hello, > > Does a package exist to make qvm-usb work with the community > Archlinux > template? > > Sincerely, Joh > Found this in the archives: https://groups.google.com/d/msg/qubes-users /Mk6F4ZKzfk4/-oJr0OseAQAJ ... same issue. a) is it as easy as cloning the https://github.com/QubesOS/qubes-app-li nux-usb-proxy repository and run setup.py? b) does the functionality remain unpackaged for archlinux? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1496303119.7373.1.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] USB Proxy for Archlinux Template
Hello, Does a package exist to make qvm-usb work with the community Archlinux template? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1496128784.13772.26.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] CLI: How to read out the currently set base image for disposable VMs?
On Sat, 2017-05-20 at 21:10 +0100, Unman wrote: > On Sat, May 20, 2017 at 09:28:48PM +0200, Johannes Graumann wrote: > > See subject line ;) > > > > Joh > > ls -l /var/lib/qubes/dvmdata/* > > This will show you which dvmTemplate is being used to generate the > disposableVMs > Many thanks - ansibling along ... Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1495538764.22099.5.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] CLI: How to read out the currently set base image for disposable VMs?
See subject line ;) Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1495308528.6576.0.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Accessing available applications from CLI?
On Tue, 2017-05-16 at 06:26 -0700, Patrik Hagara wrote: > On Fri, 2017-05-12 at 08:39 +0200, Johannes Graumann wrote: > > Is there a way to use the CLI to > > > > 1) access what apps a VM has available > > You can find the .desktop files for all available > programs here: > > /var/lib/qubes/vm-templates//apps.templates/ > > > 2) which of them should be shown in the menue? > > And when you enable a particular app in an AppVM, the > .desktop file template is copied over to > > /var/lib/qubes/appvms//apps/ > > and all instances of %VMNAME% from the template's > .desktop file get replaced by the AppVM's name. > > Sadly, I am not aware of any "proper" Qubes CLI tool > to facilitate the above steps. You can, however, > launch the GUI version of app selector -- it's called > `qubes-vm-settings`, and optionally takes a VM name > and the settings tab name as arguments, eg: > > qubes-vm-settings personal applications Thank you for your insight. I was hoping for more comfortable CLI tools, as I am managing my entire setup using ansible ... I shall go and investigate the files you point out. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1494950909.1714.1.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Accessing available applications from CLI?
On Fri, 2017-05-12 at 08:39 +0200, Johannes Graumann wrote: > Hi, > > Is there a way to use the CLI to > > 1) access what apps a VM has available > > and > > 2) which of them should be shown in the menue? > > Sincerely, Joh > No insight, anybody? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1494947077.1740.0.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Accessing available applications from CLI?
Hi, Is there a way to use the CLI to 1) access what apps a VM has available and 2) which of them should be shown in the menue? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1494571198.6221.20.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem accessing 'qvm-usb'-associated SmartCard reader as non-root user
On Thu, 2017-04-27 at 08:13 +0200, Johannes Graumann wrote: > Hello, > > As I am transitioning all aspects of my evolving setup into qubes, > I'm > stuck at making a SCR3310 smartcard reader (used to store my gpg > secret > key) usable in an AppVM based on fedora25-minimal (had tu upgrade, as > evolution-functionality I require is not in fedora24) and dedicated > to > run Evolution as the email/group ware client. > > 1) I have sys-usb running > 2) qvm-usb on dom0 shows the reader and I can connect it to the appvm > using the same tool. > 3) ROOT on the appvm can issue gpg2 --card-status just fine, but I > have > so far failed to make the reader accessible to the qubes-used user > 'user'. > > There's neither a debianish plugdev nor an usb group to add the user > to. > > I have provided an appropriate udev rule in the template vm that > should > associate the device with the group 'user', but that doesn't work > either ... > > Furhter tips? Any insight into where I err? > > Joh > As noone here chimed in, I took this to stackexchange (http://stackover flow.com/q/43770378/2103880), where I report details of the problem. Any insight? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1493847615.1189.1.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Problem accessing 'qvm-usb'-associated SmartCard reader as non-root user
Hello, As I am transitioning all aspects of my evolving setup into qubes, I'm stuck at making a SCR3310 smartcard reader (used to store my gpg secret key) usable in an AppVM based on fedora25-minimal (had tu upgrade, as evolution-functionality I require is not in fedora24) and dedicated to run Evolution as the email/group ware client. 1) I have sys-usb running 2) qvm-usb on dom0 shows the reader and I can connect it to the appvm using the same tool. 3) ROOT on the appvm can issue gpg2 --card-status just fine, but I have so far failed to make the reader accessible to the qubes-used user 'user'. There's neither a debianish plugdev nor an usb group to add the user to. I have provided an appropriate udev rule in the template vm that should associate the device with the group 'user', but that doesn't work either ... Furhter tips? Any insight into where I err? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1493273612.3133.1.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Automation of USB passthrough
Hi, Has anyone figured out a setup for qubes-usb-proxy-based USB- passthrough that will allow for automatic (and active) monitoring of sys-usb connections and VMs? I'm envisioning a situation where I tell the proxy setup that 1) if device X shows up and VM Y is running, the device should be connected to the VM. 2) If VM Y comes up and device X is present, the device should be connected to the VM 3) the connection should be removed automatically if either member disappears ... Is this possible? Where would one start? In a side note: is it possible to pass a single device (e.g. smart card reader) through to multiple VMs simultaneously? Thanks for any hints. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1492678478.1597.15.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: (Slightly) Off topic: Getting packages >= version in fedora-24 into a tmplate VM?
On Wed, 2017-04-19 at 16:07 -0600, Reg Tiangha wrote: > On 04/19/2017 04:01 PM, Johannes Graumann wrote: > > As a majorly debian & arch oriented person, I am faced with the > > situation that the fedora-24 contained version of evolution which I > > require for its EWS (Exchange) support, is broken with respect to > > another functionality that I need to work (CardDAV). In debian I > > would > > now go looking whether I could pull a successor version from > > testing or > > stable ... what can one do in a fedora universe? > > > > Sincerely, Joh > > > > You could try upgrading to Fedora 25 if that has the version you're > looking for. Clone your Template (so you can go back to the old one > if > there are any issues) and follow the instructions here: > > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ > > and just replace all instances of 23 and 24 with 24 and 25 > respectively > and it should work. Qubes does have a repository for Fedora 25 > packages > for VMs already, although there may be some issues with some packages > due to Fedora's shift from X to Wayland which is why I think there > isn't > an official Fedora 25 template yet. Thank you for sharing this strategy. I went through with this using a minimal template to reduce the impact with respect to disk acreage and now have evolution running properly in an appvm based on that template - just the gnome-keyring needs to be added on ... Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1492671763.1597.1.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] (Slightly) Off topic: Getting packages >= version in fedora-24 into a tmplate VM?
As a majorly debian & arch oriented person, I am faced with the situation that the fedora-24 contained version of evolution which I require for its EWS (Exchange) support, is broken with respect to another functionality that I need to work (CardDAV). In debian I would now go looking whether I could pull a successor version from testing or stable ... what can one do in a fedora universe? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1492639319.1662.2.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Manage VM parameters from the command line?
On Tue, 2017-04-18 at 21:28 +0200, Alex wrote: > On 04/18/2017 09:27 PM, nonse...@graumannschaft.org wrote: > > Hi, > > > > Us it possible to manage parameters (like what net vm to use) for > > individual vms from the command line? Lets say the system defaults > > to > > sys-whonix, but specific vms should use sys-net straight. .. > > > > Thanks for any hint. > > Please look into qvm-prefs (obviously, in dom0) Many thanks. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1492583513.1828.0.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Adding more users/pass phrases to Qubes default disk encryption?
On Sun, 2017-04-09 at 20:40 -0700, Andrew David Wong wrote: > On 2017-04-08 10:20, Johannes Graumann wrote: > > Hello, > > > > Are there any pointers at how to achieve adding more users/pass > > phrases to the disk encryption setup as produced by a default Qubes > > install? > > > > Sincerely, Joh > > > > This is not Qubes-specific, so you can do this with cryptsetup as you > normally would on a standard Linux distro. Trivial indeed (and figured out now). Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1492067147.7285.0.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HW RNG on dom0?
I am wondering whether 1) under QubesOS a (USB) HW RNG like http://www.bitbabbler.org/ is usable and if yes 2) where attaching it would make most sense? sys-net? dom0? Can Xen VM's be set up to feed on entropy provided by the host? Thanks for any hint. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1491827036.1975.26.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Adding more users/pass phrases to Qubes default disk encryption?
Hello, Are there any pointers at how to achieve adding more users/pass phrases to the disk encryption setup as produced by a default Qubes install? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1491672040.4473.10.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
