Re: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-10-26 Thread Sean Hunter 


On the move.  Sorry if I'm terse. 

On 26 Oct 2017, at 07:11, Sean Hunter <s...@uncarved.com> wrote:

> 
> One thing is that during the install it gave the attached message about ioMMU 
> so perhaps something related to that has changed?  I’m going to look at that 
> next.
> 
> It all worked on 4.0 rc 1 for whatever that’s worth.

It does indeed seem like the version of coreboot I’m running doesn’t support 
VT-d so isn’t compatible with 4.0 rc 2.  This is annoying as qubes 3.2 also 
doesn’t work (won’t install) so I think I’m stuck with downgrading to 4.0 rc 1 
(which worked fine) :(

https://forums.puri.sm/t/vt-d-not-enabled-in-bios-coreboot/1225

Sean

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6FEBBC97-C6D1-43E9-B138-5014F583072E%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: qubes 4.0 RC1 networking problems

2017-10-23 Thread Sean Hunter 
Fedora works just fine for me as the template for sys-net in 4rc1 here.

As a first step what I would do is if sys-net can get online, set sys-net as 
updatevm for dom0, apply all the dom0 updates, then open a terminal in whatever 
you’re using as template for sys-net and apply all updates there (first set 
sys-net as updatevm there too).  Then shutdown that template vm and restart 
sys-net and sys-firewall so they get the updates. 

Once that’s working remember to set the updatevms back to sys-firewall. 

Sean

Sent from my phone. Sorry if brief. 

> On 22 Oct 2017, at 23:15, Francesco Rmp  wrote:
> 
> Il giorno domenica 22 ottobre 2017 16:29:14 UTC-4, yura...@gmail.com ha 
> scritto:
>> On Sunday, October 22, 2017 at 5:27:17 PM UTC, Francesco Rmp wrote:
>>> Hello everyone,
>>> i've just installed qubes 4.0 RC1 on my ryzen system ( i couldn't get the 
>>> 3.2 to install because of the kernel compatibility).
>>> 
>>> The installation went smooth and i can boot fine in the system, but i'm 
>>> having some networking issues.
>>> 
>>> Making the long story short: i cant get any VM to go online.
>>> 
>>> I'm no that familiar with the networking in qubes, but i tried to do some 
>>> troubleshooting myself, and here is what i get.
>>> 
>>> - The sys-net VM works fine, it gets the IP from DHCP, gateway, DNS and 
>>> everything and this is the only VM that goes online. i can ping hosts and 
>>> communicate with the network. I didn't do anything fency in this VM but 
>>> using some terminal commads to check i could actually go online, and it 
>>> works.
>>> 
>>> This network fetches the IPs from my DHCP and is set to a 192.168.1.0/24
>>> 
>>> - the sys-firewall VM doesn't go online at all. I checked the VM 
>>> configuration in qubes manager, and according to the configuration, it 
>>> looks like it's using sys-net as its gateway, but still nothing.
>>> Curious that when i check in the terminal, it has a network interface with 
>>> class 10.xxx (i dont' remember exactly) and an additional interface for 
>>> each appVM that i spin up (this is fine).
>>> My question is.. how can this VM masquarade any traffic to the sys-net VM 
>>> if the class of the network interface is completely different and the 
>>> gateway is actually not set to the sys-net VM ip?
>>> 
>>> - As a consequence of the fact that the sys-firewall VM doesn't go online, 
>>> all the appVMs suffer the same problem.
>>> 
>>> Can anyone help me out in troubleshooting this problem?
>>> Am i right to assume that this is not an hardware problem? considering that 
>>> the physical network interface assigned to sys-net works fine?
>>> 
>>> thanks in advance for your kind reply and support.
>> 
>> 
>> Typically the Firewall AppVM is not happy to go online if there are problems 
>> with the sys-net AppVM. The issue is therefore likely in the sys-net AppVM, 
>> and not the firewall AppVM. For example if you take a fully functioning 
>> Qubes system, and you kill off the sys-net AppVM, while allowing the 
>> firewall AppVM to stay online, and then start up sys-net again, will cause 
>> issues with the Firewall AppVM. You'll have to shutdown the firewall AppVM 
>> and start it again, to establish a proper tied connection with the sys-net. 
>> Something similar is likely happening here, if there is something not 
>> properly working in your sys-net.
>> 
>> There are likely two reasons to the problems you face, that I can think of.
>> 
>> - The first issue is the planned premature release of Qubes 4 (kind of alpha 
>> release), does not always support PCI passthourgh too well, which might 
>> explain why your network card can't be passed through properly. Indeed it 
>> might work for a single VM, but if it can't communicate perfectly, it might 
>> cause the Firewall AppVM to bug out (A possibility). This major Qubes 4-RC1 
>> issue has very recently been fixed, as early as last week. But since you 
>> don't have networking, you can't fetch the patch that fixes it. You're in 
>> luck though, Qubes 4-RC2 is planned to be released tomorrow, as you can see 
>> here https://www.qubes-os.org/doc/releases/4.0/schedule/
>> It shouldn't be delayed once more, a major issue holding it back, is exactly 
>> the issue up above causing problems with PCI passthrough hardware in Qubes 
>> 4. If this still does not work,then you can try turn your Passthrough 
>> AppVM's into PV virtualization mode, instead of HVM mode, which Qubes 4 can 
>> do with a single command. I believe it should be in terminal dom0: QVM-prefs 
>> "AppVM name" -l
>> somewhere. I don't run Qubes 4 atm, so I can't check, but it should be easy 
>> to do, from what I've heard. 
>> 
>> - The other issue, that I can think of, is Ryzen. The kernel that almost 
>> fully supports Ryzen should be around version 9.12+. For example I've seen 
>> Qubes with Ryzen that only partially allow USB passthrough, but not fully 
>> passtrough, causing weird issues. Qubes does not run version 9.12 just yet 
>>

Re: [qubes-users] Reasonably secure laptop with touchscreen and enough ram for dictation in Windows App-VM?

2017-10-10 Thread Sean Hunter 
On Sat, Oct 07, 2017 at 05:01:37PM -0400, taii...@gmx.com wrote:
> https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
> Purism is a scam, don't buy from them - their laptops are as owner
> controlled and freedom respecting as a dell - their version of coreboot is a
> wrapper layer with all the hardware init done by a black box binary blob so
> it is worthless.

I see that reddit post from 2 years ago referred to a lot, and I know this is 
(for some reason) a very emotional topic.  However it doesn't seem to 
correspond to what I see when I dig under the surface, which is the purism guys 
merging changes into coreboot (eg 
https://review.coreboot.org/#/q/status:mergbranch:master 
topic:purism/librem13ed+project:coreboot+purism) and what I see on my own 
laptop, which is that it is SeaBios + coreboot .  I doubt it is perfect, but it 
is way better than a Dell.

If I look at https://puri.sm/faq/do-librem-devices-support-coreboot/ it says 
that 13v2 and 15v3 (what I have) come with coreboot pre-installed and for 
earlier versions they have instructions to update to coreboot.

Sean

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171008092438.GA1688%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] Mac-Spoofing Doesn’t Work

2017-10-10 Thread Sean Hunter 


Sent from my phone. Sorry if brief. 

> On 10 Oct 2017, at 04:39, Person  wrote:
> 
> I downloaded Fedora 25, and I’m still working out the MAC thing (so far so 
> good). I looked at the manual and didn’t really want to install Debian 9, so 
> am I able to keep my MAC private if I only use Fedora?
> 

Yes. I’m using Fedora for my sys-net (as is the standard install) and have mac 
spoofing on using the config below. I’m using 4.0 rc 1, but if you’re using 3.2 
I would think it’s possible as long as you can update NetworkManager enough. 
That may mean updating your sys-net template to fedora-25. 

Sean

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/AFF27262-CE82-4EEE-B2F4-1210A373FEAF%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mac-Spoofing Doesn’t Work

2017-10-09 Thread Sean Hunter 
On Sun, Oct 08, 2017 at 01:43:06PM -0400, Chris Laprise wrote:
> On 10/08/2017 05:34 AM, Sean Hunter wrote:
> > > 
> > Yup confirmed here - I've just tried turning on mac spoofing using the 
> > NetworkManager instructions and the fedora-25 template in 4.0rc1 and spoofs 
> > the mac address on sys-net fine for me.  One thing is it seems it is now 
> > preferred to use "wifi.assigned-mac-address" etc rather than 
> > "wifi.cloned-mac-address".  "cloned-mac-address" is deprecated.  I found 
> > this on the "nm-settings" manpage.
> 
> It seems that way on the man page, but the way it was explained to me on NM
> mailing list is that page is for the dbus NM interface and
> cloned-mac-address is deprecated there but it is still what they expect you
> to use in the config file. There was no page that fully explained the
> possible values for the config file itself.

OK well the config below seems to be working for me (ie my sys-net is currently 
using a randomised mac addr) on 4.0rc1. ymmv.

Sean


[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.assigned-mac-address=stable
ethernet.assigned-mac-address=stable

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171009183043.GA6624%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Adding a second monitor fails

2017-09-28 Thread Sean Hunter 
Works just fine for me on Qubes 4.0 rc 1

Sent from my phone. Sorry if brief. 

> On 28 Sep 2017, at 09:21, Coracle  wrote:
> 
> I'm getting the message here and elsewhere that Qubes OS doesn't yet support 
> extended desktops or multiple monitors. 
> 
> I want to build a navigation system for my boat based on Qubes OS. Modern nav 
> systems control the autopilot and display large amounts of information on 
> multiple monitors. Qubes OS offers not only a high level of security but also 
> seems to offer an opportunity to run incompatible applications 
> simultaneously. Not sure if this will mean anything to anyone here but I 
> would like to run TimeZero + Navionics vector charts on Windows in one Qube 
> simultaneously with OpenCPN + UKHO raster charts on Linux in a second Qube). 
> 
> Does anyone know whether Qube OS is eventually going to support multiple 
> monitors? 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/80273bb1-7431-4865-9619-a216d873b0fd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/369F944B-E3B2-41B8-909A-FCA8F1893457%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Impressions of the Purism Librem 15v3 for Qubes

2017-09-25 Thread Sean Hunter 
I want to start by saying I really like this laptop so far and it works great 
for me in qubes 4.0. I’m a (very) long term linux user but new to qubes. For 
the last 5 years I have used a macBook pro as my primary computer for personal 
and work, and am using this to replace that first for personal stuff and dev 
projects and then hopefully soon for my main work also. I also didn’t ever boot 
pureOs (their debian spin) so can’t comment on what that’s like. 

So a 15” mbp is my point of comparison and these are relatively minor issues 
which don’t stop me from using the laptop for everything I need (so far):
they added a numpad (that I don’t use) so you’re not centered on the screen 
when you type and there are extra keys to the right of the arrows. Annoying to 
me but many people wouldn’t notice or might even like the numpad
It won’t boot qubes R3.2 for some reason so I have to run R4.0. That’s fine for 
me although it means a somewhat rougher user experience as it’s not super 
polished yet
The keys for screen brightness, volume etc are hooked up using dark magic that 
doesn’t work in i3wm for some reason. On xfce they work just fine. At some 
point I’ll try to figure it out and if you don’t use i3 you may not care
 I haven’t got the acpi (or whatever it’s called now) settings quite right yet 
so it doesn’t shut down properly - It shuts everything down but leaves the 
screen backlight on, then I have to manually press and hold the power button 
for it to actually shut down. Likewise I can hibernate it, but it doesn’t come 
back from hibernation. Again, there’s probably a fix
I’m not crazy about the touchpad. It’s resonsive enough but the friction on the 
surface is a little high.  I guess macs have pampered me and I’ve become soft. 
It won’t drive my super-wide external monitor at full resolution so I am 
restricted to a “mere” 1900xsomething. 

If you’re not familiar with this laptop, some of the points in its favour are:
1. Free software ethos: comes with core boot and the hardware is user 
replaceable to an extent very unusual for a laptop
2. Security-minded: ME disabled, open-source bios and has hardware disable 
switches for mic and wifi

Let me know if you have specific questions and I’ll try to address

Sean

Sent from my phone. Sorry if brief. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/F58853A4-2B71-4DC8-87DA-6735126F74FD%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Anyone disabled the Intel ME yet?

2017-09-25 Thread Sean Hunter 



> On 25 Sep 2017, at 07:45, rysiek  wrote:
> 
> These are not really good options for laptops. :(

I am running Qubes 4.0 rc 1 on a librem purism 15v3. I believe (may be wrong) 
that it comes with ME disabled. Seems a great laptop so far with a couple of 
small annoyances which I’m happy to post to the list separately if people would 
find that helpful. 

Sean

Sent from my phone. Sorry if brief. 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/136A1245-F072-44E5-87FD-E67F8AEC5986%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Painless USB attach/detach

2017-09-24 Thread Sean Hunter 


> On 24 Sep 2017, at 14:26, Yethal <grzegorz.chodzi...@gmail.com> wrote:
> 
> W dniu niedziela, 24 września 2017 15:03:45 UTC+2 użytkownik Sean Hunter 
> napisał:
>> Yeah. Grep | cut -f1 from that script is similar to the awk line I use 
>> except that I also only print the first match (if there are multiple 
>> matches) whereas that script will print all of them which I think will cause 
>> problems if you have a device attached multiple timex. 
>> 
>> Sent from my phone. Sorry if brief. 
>> 
>>> On 24 Sep 2017, at 13:44, Yethal <grzegorz.chodzi...@gmail.com> wrote:
>>> 
>>> W dniu niedziela, 24 września 2017 13:45:19 UTC+2 użytkownik Sean Hunter 
>>> napisał:
>>>> 
>>>> [sean@dom0 ~]# qvm-usb
>>>> BACKEND:DEVID DESCRIPTIONUSED BY
>>>> fedora-25:1-1 QEMU_QEMU_USB_Tablet_42
>>>> p:1-1 QEMU_QEMU_USB_Tablet_42
>>>> sys-firewall:1-1  QEMU_QEMU_USB_Tablet_42
>>>> sys-usb:1-3   Yubico_Yubikey_4_OTP+U2F+CCID  
>>>> sys-usb:1-6   0489_e076  
>>>> vault:1-1 QEMU_QEMU_USB_Tablet_42
>>>> 
> 
> For that to happen I'd have to have more than one device greppable using the 
> same keyword (or regex) right?
> 

Yes that’s the case for the touchpad on my laptop for instance as you can see 
above. It’s built-in but usb-attached apparently.  Any case both my script and 
the other one are about the sane for most practical use cases I would think. No 
reason to switch if its working well. 

Cheers,

Sean


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/E4F5C397-361F-4A18-AAB9-21BD7CD724BE%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Painless USB attach/detach

2017-09-24 Thread Sean Hunter 
Yeah. Grep | cut -f1 from that script is similar to the awk line I use except 
that I also only print the first match (if there are multiple matches) whereas 
that script will print all of them which I think will cause problems if you 
have a device attached multiple timex. 

Sent from my phone. Sorry if brief. 

> On 24 Sep 2017, at 13:44, Yethal <grzegorz.chodzi...@gmail.com> wrote:
> 
> W dniu niedziela, 24 września 2017 13:45:19 UTC+2 użytkownik Sean Hunter 
> napisał:
>> Hey there,
>> 
>> I was trying out attaching usb devices to qubes and thought this might be 
>> useful to other people. If you have a device with a complicated description 
>> (eg a Yubikey) it can be a pain to figure out what device ID it's being 
>> attached to in sys-usb so you can use qvm-usb attach to send it to an AppVM.
>> [sean@dom0 ~]# qvm-usb
>> BACKEND:DEVID DESCRIPTIONUSED BY
>> fedora-25:1-1 QEMU_QEMU_USB_Tablet_42
>> p:1-1 QEMU_QEMU_USB_Tablet_42
>> sys-firewall:1-1  QEMU_QEMU_USB_Tablet_42
>> sys-usb:1-3   Yubico_Yubikey_4_OTP+U2F+CCID  
>> sys-usb:1-6   0489_e076  
>> vault:1-1 QEMU_QEMU_USB_Tablet_42
>> 
>> Typing qvm-usb, looking down for where my Yubikey is, then looking accross 
>> for the sys-usb:1-3 next to it, then typing qvm-usb attach somevm 
>> sys-usb:1-3 will get pretty old pretty fast.
>> 
>> Luckily, unix is awesome. I have created a couple of small shell functions 
>> which search the output of qvm-usb on the description and attach or detach. 
>> Thus:
>> [sean@dom0 ~]# usb-attach somevm Yubi
>> [sean@dom0 ~]# qvm-usb
>> BACKEND:DEVID DESCRIPTIONUSED BY
>> fedora-25:1-1 QEMU_QEMU_USB_Tablet_42
>> p:1-1 QEMU_QEMU_USB_Tablet_42
>> sys-firewall:1-1  QEMU_QEMU_USB_Tablet_42
>> sys-usb:1-3   Yubico_Yubikey_4_OTP+U2F+CCID  somevm
>> sys-usb:1-6   0489_e076  
>> vault:1-1 QEMU_QEMU_USB_Tablet_42
>> 
>> ...and likewise...
>> [sean@dom0 ~]# usb-detach somevm Yubi
>> 
>> If you like them you could put them (or something similar) in your ~/.bashrc 
>> in your dom0.
>> 
>> Here they are:
>> function usb-attach() {
>>qvm-usb attach "${1}" $( qvm-usb | awk "/${2}/"'{print $1;exit}' )
>> }
>> 
>> function usb-detach() {
>>qvm-usb detach "${1}" $( qvm-usb | awk "/${2}/"'{print $1;exit}' )
>> }
>> 
>> 
>> Cheers,
>> 
>> Sean
> 
> Great job! I use Micah Lee's script adapted to fit my usb devices
> https://micahflee.com/2016/12/qubes-tip-making-yubikey-openpgp-smart-cards-slightly-more-usable/
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/25a26bb2-70d3-43dc-823b-8ff0ddaa734f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/408D4BFD-3AD7-4803-8ACE-998D5959989E%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Painless USB attach/detach

2017-09-24 Thread Sean Hunter 




Hey there,
I was trying out attaching usb devices to qubes and thought this might be useful to other people. If you have a device with a complicated description (eg a Yubikey) it can be a pain to figure out what device ID it's being attached to in sys-usb so you can use qvm-usb attach to send it to an AppVM.
[sean@dom0 ~]# qvm-usb
BACKEND:DEVID DESCRIPTIONUSED BY
fedora-25:1-1 QEMU_QEMU_USB_Tablet_42
p:1-1 QEMU_QEMU_USB_Tablet_42
sys-firewall:1-1  QEMU_QEMU_USB_Tablet_42
sys-usb:1-3   Yubico_Yubikey_4_OTP+U2F+CCID  
sys-usb:1-6   0489_e076  
vault:1-1 QEMU_QEMU_USB_Tablet_42
Typing qvm-usb, looking down for where my Yubikey is, then looking accross for the sys-usb:1-3 next to it, then typing qvm-usb attach somevm sys-usb:1-3 will get pretty old pretty fast.
Luckily, unix is awesome. I have created a couple of small shell functions which search the output of qvm-usb on the description and attach or detach. Thus:
[sean@dom0 ~]# usb-attach somevm Yubi
[sean@dom0 ~]# qvm-usb
BACKEND:DEVID DESCRIPTIONUSED BY
fedora-25:1-1 QEMU_QEMU_USB_Tablet_42
p:1-1 QEMU_QEMU_USB_Tablet_42
sys-firewall:1-1  QEMU_QEMU_USB_Tablet_42
sys-usb:1-3   Yubico_Yubikey_4_OTP+U2F+CCID  somevm
sys-usb:1-6   0489_e076  
vault:1-1 QEMU_QEMU_USB_Tablet_42
...and likewise...
[sean@dom0 ~]# usb-detach somevm Yubi
If you like them you could put them (or something similar) in your ~/.bashrc in your dom0.
Here they are:
function usb-attach() {
qvm-usb attach "${1}" $( qvm-usb | awk "/${2}/"'{print $1;exit}' )
}

function usb-detach() {
qvm-usb detach "${1}" $( qvm-usb | awk "/${2}/"'{print $1;exit}' )
}

Cheers,
Sean





-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170924114417.GG3033%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.
Hey there,

I was trying out attaching usb devices to qubes and thought this might
be useful to other people.  If you have a device with a complicated
description (eg a Yubikey) it can be a pain to figure out what device ID
it's being attached to in sys-usb so you can use `qvm-usb attach` to
send it to an AppVM.  

```
[sean@dom0 ~]# qvm-usb
BACKEND:DEVID DESCRIPTIONUSED BY
fedora-25:1-1 QEMU_QEMU_USB_Tablet_42
p:1-1 QEMU_QEMU_USB_Tablet_42
sys-firewall:1-1  QEMU_QEMU_USB_Tablet_42
sys-usb:1-3   Yubico_Yubikey_4_OTP+U2F+CCID  
sys-usb:1-6   0489_e076  
vault:1-1 QEMU_QEMU_USB_Tablet_42
```

Typing `qvm-usb`, looking down for  where my Yubikey is, then looking
accross for the `sys-usb:1-3` next to it, then typing `qvm-usb attach
somevm sys-usb:1-3` will get pretty old pretty fast.

Luckily, unix is awesome.  I have created a couple of small shell
functions which search the output of qvm-usb on the description
and attach or detach.  Thus:


```
[sean@dom0 ~]# usb-attach somevm Yubi
[sean@dom0 ~]# qvm-usb
BACKEND:DEVID DESCRIPTIONUSED BY
fedora-25:1-1 QEMU_QEMU_USB_Tablet_42
p:1-1 QEMU_QEMU_USB_Tablet_42
sys-firewall:1-1  QEMU_QEMU_USB_Tablet_42
sys-usb:1-3   Yubico_Yubikey_4_OTP+U2F+CCID  somevm
sys-usb:1-6   0489_e076  
vault:1-1 QEMU_QEMU_USB_Tablet_42
```

...and likewise...

```
[sean@dom0 ~]# usb-detach somevm Yubi


If you like them you could put them (or something similar) in your
`~/.bashrc` in your dom0.

Here they are:

```
function usb-attach() {
qvm-usb attach "${1}" $( qvm-usb | awk "/${2}/"'{print $1;exit}' )
}

function usb-detach() {
qvm-usb detach "${1}" $( qvm-usb | awk "/${2}/"'{print $1;exit}' )
}

```

Cheers,

Sean



signature.asc
Description: PGP signature

[qubes-users] Salt vcpus bug in 4.0rc1

2017-09-24 Thread Sean Hunter 




Hi there,
I think changes to remove vcpu option etc from qvm-create in 4.0 haven't been synced into the saltstack modules yet.
If I create an x.top file like this
base:
  dom0:
  - x   
...and an x.sls file like this
x:
  qvm.present:
   - name: x
   - template: fedora-25
   - label: blue
   - mem: 4096
   - vcpus: 4
  
...and then try to create the vm by doing
$ sudo qubesctl top.enable x
$ sudo qubesctl state.highstate
...I get this error output, saying that it doesn't understand the vcpus option.
[ERROR   ] /usr/bin/qvm-check x 
== stderr ==
/usr/bin/qvm-create --template fedora-25 --label blue --vcpus 4 x 
usage: qvm-create [-h] [--verbose] [--quiet] [--class CLS]
  [--property NAME=VALUE] [--pool VOLUME_NAME=POOL_NAME]
  [-P POOL_NAME] [--template VALUE] [--label VALUE]
  [--help-classes]
  [--root-copy-from FILENAME | --root-move-from FILENAME]
  [VMNAME]
qvm-create: error: unrecognized arguments: --vcpus x
== stderr ==
/usr/bin/qvm-check x 
usage: qvm-check [-h] [--verbose] [--quiet] [--all] [--exclude EXCLUDE]
 [--running] [--paused] [--template]
 [VMNAME [VMNAME ...]]
qvm-check: error: no such domain: 'x'
 [0;31mlocal: [0;0m
 [0;31m-- [0;0m
 [0;31m  ID: x [0;0m
 [0;31mFunction: qvm.present [0;0m
 [0;31m  Result: False [0;0m
 [0;31m Comment: /usr/bin/qvm-check x 
  == stderr ==
  /usr/bin/qvm-create --template fedora-25 --label blue --vcpus 4 x 
  usage: qvm-create [-h] [--verbose] [--quiet] [--class CLS]
[--property NAME=VALUE] [--pool VOLUME_NAME=POOL_NAME]
[-P POOL_NAME] [--template VALUE] [--label VALUE]
[--help-classes]
[--root-copy-from FILENAME | --root-move-from FILENAME]
[VMNAME]
  qvm-create: error: unrecognized arguments: --vcpus x
  == stderr ==
  /usr/bin/qvm-check x 
  usage: qvm-check [-h] [--verbose] [--quiet] [--all] [--exclude EXCLUDE]
   [--running] [--paused] [--template]
   [VMNAME [VMNAME ...]]
  qvm-check: error: no such domain: 'x' None [0;0m
 [0;31m Started: 11:28:23.389119 [0;0m
 [0;31mDuration: 1446.122 ms [0;0m
 [0;31m Changes:[0;0m

...

Summary for local
 [0;0m
 [0;32mSucceeded: 7 [0;0m
 [0;31mFailed:1 [0;0m
 [0;36m
Total states run: 8 [0;0m
 [0;36mTotal run time:   3.415 s [0;0m
DOM0 configuration failed, not continuing
Removing that line makes it work. I searched on github and the qubes-devel list but didn't find anything. Should I just go ahead and make a new bug on github? I may have a dig through the code to see if I can fix it myself, although I'm new to both qubes and salt, so not making any promises. :)
Cheers,
Sean





-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170924105206.GA2404%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature