from:"haaber"

[qubes-users] sys-usb && flashing (arduino and others)

2024-09-01 Thread &#x27;haaber' via qubes-users


Dear all,

on a standard linux distro, flashing microcontrollers like arduino,
esp32, and many others  is quite straightforward.  Of course I may
mimick this on qubes: create a "flash" qube, give it acces rights to USB
controller, run alternatively sys-usb  or "flash" and flash as I would
on any other linux distro.

However I wonder what  would be the best "qubes way" to do it. I imagine
leaving sys-usb as it is (only qubes with HW access) and "forwarding"
data stream from a "flash" qube to sys-usb. One point here is that in
contrast with harddrives, mouses, keyboards etc these chips are usually
"silent": when you plug them on usb they do not communicate (they only
take power). Therfore  the "attach XXX" to qube YYY menu will not be
click-able, so I might need to do all "by hand" in a dom0  terminal?

Maybe some of you have already solved this question before me?


best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5ed1ca6-135c-413b-916d-48274265a62d%40web.de.

[qubes-users] NFC and other creative communications with your qubes-os

2024-04-20 Thread &#x27;haaber' via qubes-users


I have a simple question, around "things that you have" (like sec.
tokens, etc).

Many "fido tokens" (yubi, nitro, google) allow NFC communication, most 
computers as well, but i do not find anything in my qubes (maybe the
chips acts as USB client and my USB is down by default?)

=> Is there a solution to that? I am pretty sure I am not the first one
to meditate that question ...


Another, more creative idea could be to use the build-in fingerprint
scanner but feed it artificial "precalculated random fingerprints". 
They could work  as a second password that you have printed put on a
plastic card (using standard, "fingerprint forgery" ideas, i.e. via a
laser printer in a positive way) and carry it with you; They might even
use as one-time-tokens, if you precalulate a bunch of them :)

=> did someone ever hear of such ideas?


thanks, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/044ed16e-67cc-4b1c-a4bc-9ab2b4641082%40web.de.

Re: [qubes-users] Configure Network Qubes 4.2

2024-03-25 Thread &#x27;haaber' via qubes-users


Hi, after successfully installing Qubes 4.2 i am left all alone to
configure network (internet) Access.


I appreciate it very much if somebody could guide me to the right options.


The question is so vague, no one can reasonably answer it.

Does sys-net start on boot?

Does it have access to the hardware (qubes settings -> devices tab)?

Do we talk about ethernet / wireless? If wireless, are the needed
drivers in your sys-net linux distri?


and so forth

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/358c320a-15dd-4fd4-8486-b1c5c973d5a0%40web.de.

[qubes-users] [Qubes 4.1] issue with thunderbird after recent debian update

2024-02-26 Thread &#x27;haaber' via qubes-users


Hi,

since a recent update, thunderbird throws artefacts on xfce screen
(parts of its menu), that spawn virtual screen, survive log off & on
again, but disappear if VM is closed. And re-appear when thunderbird is
restarted. Very annoying! Am I alone with this type of glitch?


Thanks, best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fd0bfee-864c-4c14-a6d6-7200144fe994%40web.de.

Re: [qubes-users] Need help after a failed in-place upgrade attempt

2024-02-20 Thread &#x27;haaber' via qubes-users

Am Sa., 17. Feb. 2024 um 08:10 Uhr schrieb 'haaber' via
qubes-users :

Hi
> I tried to upgrade my Qubes OS system from 4.1.2 to 4.2.0
using the
> "qubes-dist-upgrade" script.
...
>
OK, I am not an expert on THIS question. Some general remarks: the
network card seems to work, right? So you need to check where
the chain
breaks.

- go to sys-net (open terminal via widget) type ping 8.8.8.8
and see if
you come out

Working.

- go to sys-firewall (terminal via widget) and do the same.

Working as well.

if these two work, and an app-vm has no network, its config
got lost.
Look at network settings of the corresponding appVM. It should be
sys-firewall in std setting, apart anon-whonix, of corse which
uses
sys-whonix.

Not working. - I changed the settings from "default
(sys-firewall) (current)" to "sys-firewall" in one App-VM ...

An additional / new info is, that an update check for 'dom0' does
no longer work !

all updates go via tor network (sys-whonix) by default. You could click
on the blue qube widget -> sys-wonix -> run terminal and see if
sys-whonix has network. But I guess not. Here is why:

https://www.qubes-os.org/doc/firewall/

I wild-guess that you are in a "half-state" where one part of the system
expects iptables, another one nftables ...

Did you download / start to download new (debian/fedora) Templates or
are they the "old" ones?

I did not see any other user jump to your help, and I am not good enough
to fix that alone for you. So honestly, at your place I would

(1) backup data (again)

(2) extract the list of manually installed packages in each of your
templates and stock them on your backup drive

("apt-mark showmanual > manual.packages.list" in a terminal is your
friend, no root priv needed)

(3) re-install a clean 4.2

(4) replay your manual installs of packages in your templates:

"cat manual.packages.list | apt-get install " or something of
this type should work (run as root)

(5) restore your data.

It's a pain and takes half a day, but I fear that it is, at the end of
the day, faster than any other solution...

good luck!

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a7ff17d0-029c-4c48-a0d2-7dc271c32b7c%40web.de.

Re: [qubes-users] Need help after a failed in-place upgrade attempt

2024-02-16 Thread &#x27;haaber' via qubes-users


Hi

I tried to upgrade my Qubes OS system from 4.1.2 to 4.2.0 using the
"qubes-dist-upgrade" script.

The upgrade failed - and - now the system is in a 'weird' state.

None of the Fedora- or Debian-based VM have 'external / public'
network access anymore.

The 'anon-whonix' VM however still does have 'external / public'
network access - and - the update of templates through the Qubes
Updater is also still working ...


OK, I am not an expert on THIS question. Some general remarks: the
network card seems to work, right? So you need to check where the chain
breaks.

- go to sys-net (open terminal via widget) type ping 8.8.8.8 and see if
you come out

- go to sys-firewall (terminal via widget) and do the same.

if these two work, and an app-vm has no network, its config got lost.
Look at network settings of the corresponding appVM. It should be
sys-firewall in std setting, apart anon-whonix, of corse which uses
sys-whonix.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42cd7c79-7c3c-41b1-bc8c-cf504952201a%40web.de.

Re: [qubes-users] time sync dysfunctional

2024-02-14 Thread &#x27;haaber' via qubes-users


Dear unman & qubes -community,


I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

   [INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard


Hi Bernhard
My first thought was that this  is a Whonix issue, but the fact that
`date` has the same 3 min offset speaks against that.
Let me get to a 4.1 box and I will see if I can help.
Do you have locales set differently in qube from in dom0?
What timezone is set in dom0?
What in the qube?
What in your Whonix gateway?


things are even more funny (or not) since sys-whonix itself displays the
correct time! The widget & other app-VM's are off by 3-4 minutes
constantly.

that is very confusing ...  best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3a00d4f-0c24-49ee-853c-5c9cf6df5a45%40web.de.

Re: [qubes-users] time sync dysfunctional

2024-02-06 Thread &#x27;haaber' via qubes-users

Hi Unman

I reply inline below.

On 2/6/24 11:45, 'haaber' via qubes-users wrote:

Hi,

I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

[INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays 10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard

Hi Bernhard
My first thought was that this is a Whonix issue, but the fact that
`date` has the same 3 min offset speaks against that.
Let me get to a 4.1 box and I will see if I can help.
Do you have locales set differently in qube from in dom0?
What timezone is set in dom0?

CET (UTC +1:00) according to timedatectl

What in the qube?

same, CET (UTC + 1:00)

What in your Whonix gateway?

the whonix netvm- is sys-whonix who connects to sys-firewall and finally
sys-net (classic setup). Was that your question? Whonix is still
whonix-16 (I know ..)

thank you, Bernhard

Re: [qubes-users] time sync dysfunctional

2024-02-06 Thread &#x27;haaber' via qubes-users


addendum: if I run "date" in a client VM it will give the right
timezone, but still has 3min of delay..

On 2/6/24 11:45, 'haaber' via qubes-users wrote:

Hi,

I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

  [INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7ad40dc-ff67-49e1-b4aa-5b1fecd92f1d%40web.de.

[qubes-users] time sync dysfunctional

2024-02-06 Thread &#x27;haaber' via qubes-users


Hi,

I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

  [INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85ce7c94-89e6-4d0e-af73-47538a29523b%40web.de.

[qubes-users] split-ssh question

2023-09-07 Thread haaber


I tried to configure split-ssh according to the tutorial on qubes pages,
in its simple version (just agent, but no keepass integration). But now
ssh offers *all* my private keys to *all* servers, which is odd, but
more annoying, it usually breaks connections after 3 "false" public keys
...

Clearly, I did something wrong, but I do not understand well-enough what
I should change.  Did some have/solve this problem already or have a
hint for me, please?  Thank you!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f18d9a2-692c-29cd-cc38-6a75b7f55480%40web.de.

[qubes-users] QubesIncoming folder in /tmp ??

2023-06-30 Thread haaber


Hi I was wondering if it would not me preferable (at least in some VM's)
to delocalise the QubesIncoming folder in /tmp to have it "cleaned up"
regularly. It's a pain to do so manually. Is there a problem doing so ? 
What would be the cleanest way to do it? A symlink ??  thank you, Bernhard



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/113ec415-6225-c6d6-4994-dc38a9d0737f%40web.de.

[qubes-users] debian-12 (bookwork) audio issue

2023-06-24 Thread haaber


Has someone solved the audio issue (on R4.1.2) that happens after an
upd=grade ofn debian-11 (bullseye) to 12 (bookworm)? Suddenly sound is
dead. Thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88d0f94c-a149-eb73-8096-782bf3bd%40web.de.

Re: [qubes-users] where may I find logs for USB controller

2023-06-22 Thread haaber


Hello friends,

I bought a PCIe USB controller card, which is advertised to work with
linux.
It is Sonnettech Allegro Pro 4 USB 3.2 Gen 2 Type-C.

On my fully updated system, lspci shows the other USB controllers, but
nothing about Allegro. So I wrote to Sonnenttech and they asked for
the logs to study them.

Due to the peculiar nature of Qubes that hides USB controllers from
dom0 (lsusb reports no USB device) I am confused about which logs may
be useful.



In the sys-usb "qube settings" go to devices and see if sys-usb is
allowed to "see" your device. Maybe you did that already, maybe not :)
Tell us.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bfe315e0-9555-d71e-b4a1-bdc661c0dded%40web.de.

[qubes-users] split firefox & thunderbird credentials?

2023-06-22 Thread haaber


I was wondering if the awesome split-ssh and split-gpg  family could be
extended by a split-mozilla brother, that outsources passwords to vault
without exposing them? The lack of such a feature obliges me *not* to
save them within the two apps, which is a terrible pain, of corse 

thanks in advance


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6189b50b-fa81-e0ca-a654-ace6bb229d0d%40web.de.

Re: [qubes-users] Re: ssh-split issue

2023-06-21 Thread haaber


remaining question: if I want vault to hold several SSH keys, should I best

(a) replace the single ssh-add command by   "ssh-add c /path/to/key1 &&
ssh-add -c /path/to/key2"

or

(b) create a ssh-add-my-keys.sh containing

ssh-add -c /path/to/key1

ssh-add -c /path/to/key2

ssh-add -c /path/to/key3

and modify the autostart line to

Exec=/path/to/ssh-add-my-keys.sh



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adbed0d3-62df-2bd9-d3d1-146122d4a018%40web.de.

Re: [qubes-users] Re: ssh-split issue

2023-06-21 Thread haaber


Solved. Stupid me!

> I re-checked, my /etc/qubes-rpc/policy/qubes.SSHagent says only

one line, namely

ssh-client vault ask

which I find odd (= I do not understand), since in the nomenclature of
the man-page, ssh-client=work not vault, right?


it is of course either

"@anyvm vault ask" or "work valut ask", right? That does it! Stupid me.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/512aa08f-45d7-6652-67d4-cade30ba567a%40web.de.

Re: [qubes-users] Re: ssh-split issue

2023-06-21 Thread haaber

Thank you.

>> We observe that the file /run/user/1000/openssh_agent is different
>> from /home/user/.SSH_AGENT_sshkeys. That may be a problem.

You seem to be running the "ssh-agent.service" in your work qube. This
is not part of the linked setup guide. There only one agent is running
and that is in the vault qube.

right, that was a remainder from various tests to debug. I killed it.
Actually, to revert everything to clean setup state, I restarted both
VM's, work and vault.

The "clients" (e.g. work qube) only redirect the communication via
socat, qubes RPC and the /home/user/.SSH_AGENT_vault file to the
ssh-agent in the vault qube.

thank you for clarification.

> Running the following command in the work qube should work:
> SSH_AUTH_SOCK=/home/user/.SSH_AGENT_vault ssh-add -L

error fetching identities: communication with agent failed

That is the answer, with a pop-up message from qubes "denied
qubes.SSHagent from work to vault". Something is odd ... now dom0 log
says "qrexec: qubes.SSHagent: work -> vault: denied: no matching rule
found". I re-checked, my /etc/qubes-rpc/policy/qubes.SSHagent says only
one line, namely

ssh-client vault ask

which I find odd (= I do not understand), since in the nomenclature of
the man-page, ssh-client=work not vault, right?

thank you, Bernhard

[qubes-users] Re: ssh-split issue

2023-06-21 Thread haaber


update: somewhere I wrote "vault", somewhere "sshkeys". Correcting this
does NOT resolve the problem :((

On 6/21/23 11:45, haaber wrote:

I tried to follow carefully the split-ssh instructions on

https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md


but I experience a stupid error. I did a "plain setup" without
keepass. So when I run

ssh-add -L       in vault it does work, and has 1 test-identity.

ssh-add -L       in work     it does not work "Error connecting to
agent: Connection refused"

even with "-v -v -v" I get no better hint. So I tried to follow the
traces;

1.) This happens when I ("manually") run

user@work:~$   bash -x /etc/qubes-rpc/qubes.SSHagent

++ qubesdb-read /name
+ notify-send '[work] SSH agent access from: dom0'
+ socat - UNIX-CONNECT:/home/user/.SSH_AGENT_sshkeys
2023/06/21 11:24:59 socat[1562] E connect(, AF=1
"/home/user/.SSH_AGENT_sshkeys", 34): Connection refused

you may observe that I wrote SSH with 3 capital letters, but I did so
everywhere (I hope :), inclusive the small script snipplets from
github page.


2.) This happens when I query the ssh agent:

systemctl --user status ssh-agent.service
● ssh-agent.service - OpenSSH Agent
 Loaded: loaded (/usr/lib/systemd/user/ssh-agent.service; static)
 Active: active (running) since Wed 2023-06-21 11:18:46 CEST;
22min ago
   Docs: man:ssh-agent(1)
   Main PID: 1513 (ssh-agent)
  Tasks: 1 (limit: 4618)
 Memory: 872.0K
    CPU: 3ms
 CGroup:
/user.slice/user-1000.slice/user@1000.service/app.slice/ssh-agent.service
 └─1513 ssh-agent -D -a /run/user/1000/openssh_agent

Jun 21 11:18:46 work systemd[654]: Started ssh-agent.service - OpenSSH
Agent.
Jun 21 11:18:46 work agent-launch[1515]:
dbus-update-activation-environment: setting
SSH_AUTH_SOCK=/run/user/1000/openssh_ag>
Jun 21 11:18:46 work agent-launch[1515]:
dbus-update-activation-environment: setting SSH_AGENT_LAUNCHER=openssh
Jun 21 11:18:46 work agent-launch[1513]:
SSH_AUTH_SOCK=/run/user/1000/openssh_agent; export SSH_AUTH_SOCK;
Jun 21 11:18:46 work agent-launch[1513]: echo Agent pid 1513;

We observe that the file /run/user/1000/openssh_agent  is different
from    /home/user/.SSH_AGENT_sshkeys. That may be a problem.

I tried to fix that temporarily with linking one to the other ("ln
-s") . Then ssh-add -L does not fail, but has no identities.



Here I am stuck. Any hints?  Thank you, Bernhard



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea7b96b0-2d22-3dbc-0f57-a6ff9a738039%40web.de.

[qubes-users] ssh-split issue

2023-06-21 Thread haaber


I tried to follow carefully the split-ssh instructions on

https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md

but I experience a stupid error. I did a "plain setup" without keepass.
So when I run

ssh-add -L       in vault it does work, and has 1 test-identity.

ssh-add -L       in work     it does not work "Error connecting to
agent: Connection refused"

even with "-v -v -v" I get no better hint. So I tried to follow the traces;

1.) This happens when I ("manually") run

user@work:~$   bash -x /etc/qubes-rpc/qubes.SSHagent

++ qubesdb-read /name
+ notify-send '[work] SSH agent access from: dom0'
+ socat - UNIX-CONNECT:/home/user/.SSH_AGENT_sshkeys
2023/06/21 11:24:59 socat[1562] E connect(, AF=1
"/home/user/.SSH_AGENT_sshkeys", 34): Connection refused

you may observe that I wrote SSH with 3 capital letters, but I did so
everywhere (I hope :), inclusive the small script snipplets from github
page.


2.) This happens when I query the ssh agent:

systemctl --user status ssh-agent.service
● ssh-agent.service - OpenSSH Agent
 Loaded: loaded (/usr/lib/systemd/user/ssh-agent.service; static)
 Active: active (running) since Wed 2023-06-21 11:18:46 CEST; 22min ago
   Docs: man:ssh-agent(1)
   Main PID: 1513 (ssh-agent)
  Tasks: 1 (limit: 4618)
 Memory: 872.0K
    CPU: 3ms
 CGroup:
/user.slice/user-1000.slice/user@1000.service/app.slice/ssh-agent.service
 └─1513 ssh-agent -D -a /run/user/1000/openssh_agent

Jun 21 11:18:46 work systemd[654]: Started ssh-agent.service - OpenSSH
Agent.
Jun 21 11:18:46 work agent-launch[1515]:
dbus-update-activation-environment: setting
SSH_AUTH_SOCK=/run/user/1000/openssh_ag>
Jun 21 11:18:46 work agent-launch[1515]:
dbus-update-activation-environment: setting SSH_AGENT_LAUNCHER=openssh
Jun 21 11:18:46 work agent-launch[1513]:
SSH_AUTH_SOCK=/run/user/1000/openssh_agent; export SSH_AUTH_SOCK;
Jun 21 11:18:46 work agent-launch[1513]: echo Agent pid 1513;

We observe that the file /run/user/1000/openssh_agent  is different from
   /home/user/.SSH_AGENT_sshkeys. That may be a problem.

I tried to fix that temporarily with linking one to the other ("ln -s")
. Then ssh-add -L does not fail, but has no identities.



Here I am stuck. Any hints?  Thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0bd9348b-4b84-297a-3c6b-53c0f4e9800a%40web.de.

Re: [qubes-users] suspend on Dell Latitude 3520 (i5, GeForce MX350)

2023-06-06 Thread haaber


> I'm trying out Qubes OS on a new Dell Latitude 3520 laptop. It has a
4-core i5 (cpu family: 6, model: 140) and it came with pre-installed
Ubuntu. Qubes installation from a USB drive went smooth using the R4.1.2
image; wifi and sound worked well out of the box. The first showstopper
is a problem with suspend support.

Try if a "software-suspend" via xfce button works better. That is my
personal workaround.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6083c8c6-2f54-cb35-ac62-0d5cbf6f66af%40web.de.

[qubes-users] Q4.1 xfce - "clicks in the void"

2023-06-05 Thread haaber


I often experience clicks that get lost "in the void" meaning that the
actual xfce windows does not seem to receive them.

Typical example: I use firefox, and a noscript pop-up ("load
anonymously") with a button to click on: but I can't. What helps then,
is changing the virtual screen (go away) and coming back: after this, 
the click arrives again at the destination window. Very annoying!

Am I alone with this problem???  Best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2afe0f52-d38d-e50a-297d-b1680d8a48a8%40web.de.

Re: [qubes-users] Re: Beginner questions

2023-05-24 Thread haaber


Hi


5) The question about autocomplete in the terminal has  been resolved. This was 
indeed not due to QubesOS but to the fact that

the bash-completion package is not pre-installed by default in Debian.
But this can be easily fixed:
https://unix.stackexchange.com/questions/312456/debian-apt-not-apt-get-autocompletion-not-working

I have a nice working auto-complete for dom0. It allows usual
qvm-commands (qvm-start, qvm-stop, etc) in dom0 terminal and
distinguishes between running and non-running VM's according to what the
command expects. Like:  qvm-shutdown [TAB] proposes only running VM's to
be shut down. etc.

Works like charm since qubes 3.2. You find the code attached.

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/023ce574-96ab-7f94-21d6-4726c1801ce1%40web.de.


qvm-autocomplete.sh
Description: Bourne shell script

Re: [qubes-users] qubes HCL report HP_EliteBook 845 G8

2023-05-04 Thread haaber


Dear all,

Update of my HCL report: suspend to memory via xfce button works fine,
but often sys-net is dead at wake-up. No harm: a simple qvm-start
sys-net resolves that quickly, in particular, sys-firewall takes it
easy.  Only lid-closing is more delicate: it hangs/crashes often -- so I
decided close lid *after*  "suspend to memory" via xfce button only.

best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/073859e0-3338-2ff5-5994-c6b796d01a27%40web.de.
---
layout:
  'hcl'
type:
  'notebook'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'unknown'
remap:
  'yes'
brand: |
  HP
model: |
  HP EliteBook 845 G8 Notebook PC
bios: |
  T82 Ver. 01.10.01
cpu: |
  AMD Ryzen 7 PRO 5850U with Radeon Graphics
cpu-short: |
  FIXME
chipset: |
  Advanced Micro Devices, Inc. [AMD] Renoir Root Complex [1022:1630]
chipset-short: |
  FIXME
gpu: |
  Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [1002:1638] (rev d1) (prog-if 
00 [VGA controller])
gpu-short: |
  FIXME
network: |
  Realtek Semiconductor Co., Ltd. RTL8822CE 802.11ac PCIe Wireless Network 
Adapter
memory: |
  32065
scsi: |

usb: |
  3
versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R4.1
  xen: |
4.14.5
  kernel: |
5.15.94-1
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---

[qubes-users] qubes HCL report

2023-04-24 Thread haaber


I have a brand new computer, qubes 4.1.2 installed smoothly, wireless
works out of the box. BIG smile!

Suspend not yet tested.

best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fa9593f-88bd-5424-740f-781a285fb760%40web.de.


Qubes-HCL-HP-HP_EliteBook_845_G8_Notebook_PC-20230425-084955.yml
Description: application/yaml

[qubes-users] networking in minimal-qube ??

2023-04-24 Thread haaber


I grabbed a debian-11-minimal, updated it & installed thunderbird into
it to have a mail-reading template.

It worked for some hours, but now it lost network access in its AppVM's.
When I restart the same appvm with debian-11 network is back.  Do I miss
a package ??


thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee583d5e-c3f7-7c54-4f44-40e0252cdd37%40web.de.

[qubes-users] Data recovery -- thin provisioned LVM metadata (?) problem

2023-04-24 Thread haaber

Dear all,

I had a lethally bad hardware failure on computer. Since I had to buy a
new machine this took a while, now I try to save some data: the old SSD
is attached to a brand-new qubes via usb adapter. I started

sudo pvscan and sudo vgscan --mknodes and sudo vgchange -ay as
manual says.

unexpected output:

PV /dev/mapper/OLDSSD VG qubes_dom0 lvm2 [238.27 GiB / <15.79
GiB free]
Total: 1 [238.27 GiB] / in use: 1 [238.27 GiB] / in no VG: 0 [0 ]
Found volume group "qubes_dom0" using metadata type lvm2
Check of pool qubes_dom0/pool00 failed (status:1). Manual repair
required!

1 logical volume(s) in volume group "qubes_dom0" now active

then I consulted dr. google for help, and found little help. This one

https://mellowhost.com/billing/index.php?rp=/knowledgebase/65/How-to-Repair-a-lvm-thin-pool.html

suggested to deactivate volumed so that a repair can work. Only swap was
active, I deactivated it. But repair does not work:

lvconvert --repair qubes_dom0/pool00
terminate called after throwing an instance of 'std::runtime_error'
what(): transaction_manager::new_block() couldn't allocate new block
Child 21255 exited abnormally
Repair of thin metadata volume of thin pool qubes_dom0/pool00 failed
(status:-1). Manual repair required!

So now I am struck and ask for help! This is not purely qubes-related, I
known, but I hope to find competent help within the community.

cheers, Bernhard

[qubes-users] DNS -- good practice ?

2023-03-15 Thread haaber


Hi all,

I have the impression that DNS questions should get more attention than
the often attract, with the purpose of caching, anonymity, censorship
prvention  & securing against DNS manipulation. Let me start my question
with a citation, that  -at the end- is not that surprising:

"more than two-thirds of the encrypted DNS resolvers manipulate at least
one domain’s DNS response, showing that the DNS manipulation in the
encrypted DNS is even more prevalent than that in the traditional DNS,
where only 11% of the resolvers have been identified to manipulate DNS
responses."

source:
https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1195&context=computerscience_fac_pubs

Somehow, people who feel that their traffic should be anonymous are
surveilled / manipulated with higher energy :) Of course you may answer
to use TOR at all times, but at the end of the day, that does not work
-- many sites either block or limit TOR traffic, etc.

And I ignore if TOR does use "cross checking requests" to detect
manipulation? The question of " best practice " seems non-trivial to me.
Setting up a DNS qube seems a good idea as such, but what kind of
software can trustworthily be run on such a qube??

Thank you for any helpful comment, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f87b2bf1-b87b-1dc3-337a-5b7c284ab67b%40web.de.

Re: [qubes-users] qubes update -- how to hold an old kernel ??

2022-06-14 Thread haaber


Dear Marek,

kernel testing would be so much easier if the xen.cfg would allow an
option likedefault=menuselect
to get a boot menu -- instead of
Maybe such a function exists already? If not that would be a feature
request!


That's the main reason why Qubes 4.1 doesn't use xen.cfg at all. There
is standard grub, where you have menu, editor etc.



Brilliant. And I'd love to re-install 4.1 for that. But the 5.x kernel
on the iso fails either on boot, or at latest while install... is there
a grub on the 4.1-iso as well? (i.e. possibility to manually add a
kernel like 4.19?) If so: is the procedure explained somewhere? 'Cause
grub-hacking is very unpleasant, as well :)   Thank you, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab2e8ed1-fc08-c3e8-adc3-6db8519a8873%40web.de.

Re: [qubes-users] qubes update -- how to hold an old kernel ??

2022-06-13 Thread haaber

Dear Marek,

kernel testing would be so much easier if the xen.cfg would allow an
option like

default=menuselect

to get a boot menu -- instead of

default=[5.16.whatever]

which makes it actually necessary to "hack" the xen.cfg via a
live-linux-usb intrusion if a kernel should fail to work ... that
produces an attack-vector & is annoying.

Maybe such a function exists already? If not that would be a feature
request!

Thank you, Bernhard

There are a couple more options to choose from - for LTS kernels we keep
some of them updated, even after the default is switched to the next
one. For R4.0 there is for example kernel-419. You can check available
options via `qubes-dom0-update --action=search kernel`.

Everything else either crashes dom0 (e.g., 5.15) or stalls sys-usb (e.g.
5.12.).

It says "00:14.0 USB controller problem", might be a usb3.0 problem,

tried

various things, nothing helped, my BIOS has no option to disable xHCI.

I am hesitant to ask, since it would require running unsigned code
(yuck!), but would you be comfortable doing a kernel git bisection?
That would allow figuring out exactly which commit caused the problem,
and would vastly improve the likelihood of the bug being fixed.

Aaehm... It is my work computer, i need it every day and can not risk
anything...
Is there a safe/standard procedure in qubes to compile the bisects, add
them to grub without removing the working kernel, etc.?

Not that I am aware of, sadly. Marek (CCd) might have suggestions.

For any tests, I usually place kernel+initramfs under some arbitrary
name that does not interfere with version-based entries. And do that by
installing kernel "manually", exactly to avoid dnf/rpm removing older
packages. For the grub entry, I usually edit
/boot/efi/EFI/qubes/grub.cfg manually (copy existing section and just
replace file names). But regenerating it with grub2-mkconfig should be
safe too.
This does require manual cleaning after testing is finished,
though...

Here is example script to build and install kernel in dom0:

#!/bin/sh

set -e
make olddefconfig
make -j2
kver=$(make kernelrelease)
sudo make modules_install
sudo cp arch/x86/boot/bzImage /boot/vmlinuz-test
sudo dracut -f --kver="$kver" /boot/initramfs-test.img

it can be launched from kernel sources.

[qubes-users] kernel problems.

2022-06-12 Thread haaber


On 6/11/22 08:55, Demi Marie Obenour wrote:

 Adding kernel.panic_on_oops=0 and kernel.panic_on_warn=0 to /etc/sysctl.conf
should do the trick.


I did that. The 5.16.18 kernel freezes, as all 5.x ones, but here is a
funny detail: I froze on login, and I just kept typing the password and
hit enter.Nothing happened. So I forced a cold boot. BUT: the journal
contains the line

Jun 12 21:27:49 dom0 runuser[3526]: pam_unix(runuser:session): session
opened for user USER by (uid=0)

and some other lines. Which means that the pwd was recognised and
accepted - and only the screen freezes. Which brings the suspecions
closed to the f*cked up intel graphics card. Alone, using modesetting
driver does not save 5.x kernels. So it is more complicated than that.

Bernhard



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ffdd6a5-b300-552c-08d0-22600cc27db7%40web.de.

Re: [qubes-users] qubes update -- how to hold an old kernel ??

2022-06-10 Thread haaber


Which kernel version do you need to hold?  You can update a subset of
packages by giving them as arguments to qubes-dom0-update, but I would
like to know what the forseeable problems are.


The reason is simple: all (!) 5.x xen kernels I tested so far
crash/freeze my system in less than 5 minutes, often only seconds (open
issue on github since 18 months). Therefore I keep a 4.19 kernel for xen
(only) -- until now the updater respected that: it installed some new
5.x kernel and kernel-latest. Every single time, I bravely try them out,
 and each time they crash: each time I can revert back to 4.19 by a
linux-life usb hack.

Last kernel update wants to remove my 4.19 kernel, and no way I can
accept that, given the history. ( again a curse on Intel and Dell for
their buggy hardware ).

best, Bernhard




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e20ee310-4d7a-c6d3-d71f-0a02dd5389fe%40web.de.

[qubes-users] qubes update -- how to hold an old kernel ??

2022-06-09 Thread haaber


Recent QSB made me run the qubes-update. Regrettably, it wants to remove
a kernel version that I need to hold (in case of foreseeable problems
with newer ones). How can I freeze that older version and forbid its
uninstall?

best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/768dacc5-75d6-cd28-0792-622d19078238%40web.de.

Re: [qubes-users] modifying Qubes ISO

2022-04-02 Thread haaber


On 3/30/22 8:05 PM, Demi Marie Obenour wrote:


Does using the modesetting driver instead of the intel driver help?  If
not, please report this as an i915 kernel driver bug.


it does not. The bug report is open & unresolved for > 1year

https://github.com/QubesOS/qubes-issues/issues/6397

Thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf3dd1c2-382e-dbe8-b4fb-3c7e6aebb4be%40web.de.

Re: [qubes-users] modifying Qubes ISO

2022-03-30 Thread haaber


Hi Haaber,

I used to have similar freezing problems with 4.0 on my Dell laptop.
I found that it was due to an upgrade to the intel-i915 driver in X.
Replacing the new version with an older version cured it for me.

However, I've had no trouble with Qubes 4.1.

A search for "linux xorg driver for i915" gives some idea of the
problems, but it is all a bit confusing.


ah. I extracted

xorg-x11-drv-intel-2.99.917-26.20160929.fc25.x86_64.rpm  (year=2016)
xorg-x11-drv-intel-2.99.917-32.20171025.fc25.x86_64.rpm  (year=2017)

from old qubes ISO's. How did you install / exchange them in the running
qubes system?

alternatively, I could also place one of these inside the qubes-4.1 ISO,
where we find actually

/Packages/xorg-x11-drv-intel-2.99.917-49.20210126.fc32.x86_64.rpm

Replacing this file is certainly more easy than changing the kernel of
the ISO itself :) Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/454b0e7a-9d65-8b8b-1414-8a5b4cb5a29a%40web.de.

Re: [qubes-users] modifying Qubes ISO

2022-03-30 Thread haaber

On 3/29/22 22:55, 'awokd' via qubes-users wrote:

haaber:

I need help to modify the Q4.1 installer ISO file. I did learn how to
pack & unpack isos. That is fine. The idea is a new install on a larger
SSD of Q4.1 instead of risky "upgarde" tentatives that finish less
clean. (benefit: if it fails I can go back to running Q4.0)

1) I naïvely placed a new kernel in /extrakernels but that does not seem
to impress the boot-loader. I find no way to select which kernel to boot.

Not entirely sure what you are trying to accomplish here. A Qubes 4.1
install ISO with a newer kernel? Can't you install 4.1 with a recent
prebuilt ISO and update the kernel after? If it's due to hardware
incompatibilities, I've seen some install and update on one system, then
move the hard drive to the one with newer hardware.

Thanks for your reply! Badly enough, I rather need a "kernel downgrade":
any xen kernel 5.x will freeze my Q4.0 system between seconds and some
minutes (a curse on Intel and Dell at this point for selling shit at
high prices). So my qubes runs for one year now in a "disaster mode"
with a 4.19 kernel for xen, and normal 5.x kernels in guest VM's (mainly
debian). The same happens when I try a fresh install with Q4.1: install
attempts with the std ISO fail 100% by system freeze before finishing
installand leave an unbootable SSD behind.

So, since Q4.0 works with this workaround, I'd like to do the same with
Q4.1 in an -otherwise- fresh install. It should it possible to replace
the kernel (which, after all, are just some executable files) by a
working one, right? Of course, the problem is that few people seem to
understand how exactly the boot-process works -- that has been
outsourced to 'savant scripts' long ago. At least I tried several dozens
of webpages on the subject, and I still don't see clear. Precise
documentation would be appreciable ...

If you're sure you need a custom ISO, I think you may need to build that
yourself. The 4.0 documentation is here
(https://www.qubes-os.org/doc/qubes-iso-building/), but 4.1 should be
similar. If you go this route, you'd have to figure out how the builder
determines which kernel to use and change it before completing the build.

I am afraid of that step. That would be the first time in my life that a
long build process actually finishes as planned ...

best, Bernhard

[qubes-users] qvm-kill -- bug ???

2022-03-25 Thread haaber


Hi observed that killing sys-net will kill all VM's that depend on it as
well, which was not the case little time ago. I consider this a bug, but
it has maybe some intention?? Thanks for comments.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8ae547a-99ec-580a-5698-b8a9e37acea7%40web.de.

[qubes-users] modifying Qubes ISO

2022-03-25 Thread haaber


I need help to modify the Q4.1 installer ISO file. I did learn how to
pack & unpack isos. That is fine. The idea is a new install on a larger
SSD of Q4.1 instead of risky "upgarde" tentatives that finish less
clean. (benefit: if it fails I can go back to running Q4.0)

1) I naïvely placed a new kernel in /extrakernels but that does not seem
to impress the boot-loader. I find no way to select which kernel to boot.

2) Then I tried to boggle with grub.cfg -- no succes either.

3) I wonder if I can copy the vmlinuz and initrd file from my (working)
Q4.0 and simply overwrite the corresponding files in /isolinux?

Subquestion:  initrd-5.10.90-1.fc32.qubes.img has 77M, my Q4.0 initrd
file only 23M. That sounds weird...


Each test means: open case, remove ssd, put ssd, test Q4.1 install (it
fails), reopen case, put all back, but then BIOS does no longer
recognise UEFI, so boot a life debian, go to a ethernetcable, install
efiboomgr, repair UEFI, reboot good'ol qubes -- restart.

I lost hours and start to get desparate  please help!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd075c2f-bfbd-9004-868c-dd099c8dfa34%40web.de.

[qubes-users] sys-usb problem: Unable to reset PCI device

2022-01-04 Thread haaber


Dear qubes users, I suddenly experience the following problem: sys-usb
won't start any more. It ran smoothly on debain-10/11-minimal for years.
It says

Start failed: internal error: Unable to reset PCI device :00:14.0:
internal error: libxenlight failed.

Precise errors are below. Any hints, please? I am stuck.

Thank you.

2022-01-02 22:34:15.627+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/10/0
2022-01-02 22:34:15.668+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 10
2022-01-03 17:13:23.330+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-03 17:18:48.724+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-03 17:28:34.904+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-03 17:28:35.045+: libxl: libxl_pci.c:1520:do_pci_remove:
xc_physdev_unmap_pirq irq=16: Invalid argument
2022-01-04 20:01:03.071+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-04 20:05:01.984+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-04 20:05:02.139+: libxl: libxl_pci.c:1520:do_pci_remove:
xc_physdev_unmap_pirq irq=16: Invalid argument
2022-01-04 20:06:52.453+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/14/backend/vif/15/0
2022-01-04 20:06:52.516+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 15
2022-01-04 20:06:54.686+: libxl:
libxl_device.c:983:libxl__initiate_device_generic_remove: backend
/local/domain/3/backend/vif/4/0 already removed, cleanup frontend only
2022-01-04 20:06:57.799+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/10/0
2022-01-04 20:06:57.850+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 10
2022-01-04 20:06:58.222+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/14/0
2022-01-04 20:06:58.270+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 14
2022-01-04 20:06:58.747+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/9/0
2022-01-04 20:06:58.794+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 9
2022-01-04 20:07:00.847+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/8/0
2022-01-04 20:07:00.883+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 8
2022-01-04 20:07:13.887+: libxl:
libxl_device.c:983:libxl__initiate_device_generic_remove: backend
/local/domain/4/backend/vif/7/0 already removed, cleanup frontend only
2022-01-04 20:07:39.004+: libxl:
libxl_linux.c:155:libxl__loopdev_cleanup: unable to release device
/dev/loop0: No such device or address
2022-01-04 22:07:31.083+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/9/0 not ready
2022-01-04 22:07:31.092+: libxl:
libxl_pci.c:1364:libxl__add_pcidevs: libxl_device_pci_add failed: -3
2022-01-04 22:07:31.092+: libxl:
libxl_create.c:1517:domcreate_attach_devices: unable to add pci devices
2022-01-04 22:07:41.165+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/9/0 not ready
2022-01-04 22:08:49.315+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/11/0 not ready
2022-01-04 22:08:49.315+: libxl:
libxl_pci.c:1364:libxl__add_pcidevs: libxl_device_pci_add failed: -3
2022-01-04 22:08:49.315+: libxl:
libxl_create.c:1517:domcreate_attach_devices: unable to add pci devices
2022-01-04 22:08:59.390+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/11/0 not ready

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/babdccf6-d34e-2e31-da31-8cddbe71d48b%40web.de.

Re: [qubes-users] Q: Thunderbird extension: "open URL in VM..."

2022-01-01 Thread haaber


On 1/1/22 9:54 AM, Andrew David Wong wrote:

As it seems, there is a Thunderbird extension (Qubes attachments)
allowing to open an attachment in a VM, but I'd like to have an
extension that allows to open an URL in a VMs web browser easily, too.


I'm not aware of an actual Thunderbird extension for it, but you can set
it up yourself by following the instructions here, for example:

https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/tips-and-tricks.md#opening-links-in-your-preferred-appvm




the text is slightly outdated by the fact that there is also the nice
command " qvm-open-in-dvm " - that is, I guess, what you want.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/483fc62a-3d51-5263-4c6c-94471253233d%40web.de.

Re: [qubes-users] How is the "update qube" selected/ how do I select it manually?

2021-12-21 Thread haaber


On 12/21/21 8:01 PM, r.wiesb...@web.de wrote:

it seems like the docs don't answer that, do they?

https://www.qubes-os.org/doc/how-to-update/

There is only a global setting for dom0 Updates, but how does it work
for other qubes?


Simply run the multiupdater.py script of Chris Laprise,
tas...@posteo.net, see  https://github.com/tasket

Frankly, to my point of view it outperforms the qubes updater.

best, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88635e4d-5288-89b4-1fbb-b11436803485%40web.de.

Re: [qubes-users] Re: usb keyboard not working on debian 11 template

2021-10-13 Thread haaber


Unman wrote:
qubes-input-proxy-sender is installed by default in the debian-11
template.
If you are using a minimal template, this is meant for advanced users,
but in any case, installation of qubes-input-proxy-sender is documented
at https://www.qubes-os.org/doc/templates/minimal/



Dear unman, do you suggest rather upgrading a debian-10-minimal to
debian-11-minimal, or re-installing a fresh one? In the 2nd case, what
is the preferred install command in dom0? I am a bit confused, since
there is good old qubes-dom0-update, there is salt, maybe another one.
Which is best/safest?   Cheers, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c14a54c3-ad77-36ca-6162-f94a29dfa423%40web.de.

Re: [qubes-users] how to modify qubes-installer-ISO

2021-09-24 Thread haaber





I would like to modify the qubes-iso (add a different kernel, maybe add
a wireless driver). Did someone here solve that already? A brief google
on the subject reveals that modifying ISO's is not straightforward ...
and touching the kernel may add extra difficulties.


https://www.qubes-os.org/doc/qubes-iso-building/ covers building the iso.
Adding a different kernel would be difficult, but I think you could stage
the wireless driver in one of the template builds it contains.



It is relatively easy to build a custom iso, and certainly to include
alternate kernel builds and drivers in the templates. (I assume that
this is what you want.)
If you use the stock templates, then you can customise them simply
enough by adjusting the build parameters, and packages, in (e.g.) 
builder-debian.



Thank you, awokd and unman. So I cannot just take the std installer,
unpack the iso, add/replace a kernel, and repack it? That is certainly a
bit naïve as approach, but since I can do the same with a working
xen/qubes why is the installer so different?  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7422745b-2af8-1bf2-13ca-62ff4f4cf9e2%40web.de.

Re: [EXT] Re: [qubes-users] resume from suspend issue after QSB-070

2021-09-04 Thread haaber

On 9/3/21 11:41 PM, Marek Marczykowski-Górecki wrote:

[...]I'm confused. I was under the impression that Qubes OS (after the QSB-043
patches) automatically disables hyper-threading for you such that you don't
have to know anything, do anything, or read any past QSBs.

[]

There are (at least) two ways to disable hyper-threading:
1. In system BIOS (if there is such option)
2. In software - by disabling every second thread of each core.

The QSB-043 uses the second method. It has is drawbacks, as the logic to
bring up and down CPUs is quite complex. And yes, there are known
issues[1] affecting suspend. Disabling hyper-threading in BIOS, prevents
Xen from starting those secondary threads at all, and so it doesn't need
to bring them down.

[]
This is kind of similar issue as the one discussed here. That's why it's
better to disable HT in BIOS - to not show those 8 CPUs at all. But from
the OS level, we don't have other choice, and we prefer a secure
default - that's why we disable HT at Xen level, to provide safer option
regardless of what user has set in the BIOS.

Couldn't xen/qubes set a boot warning to users that rely only on (2) to
encourage more strongly to disable by BIOS (1)? That seems a logic
measure to me. best, Bernhard

Re: [qubes-users] i915 driver problems

2021-09-02 Thread haaber



The current Intel driver, which does not work for me, is
xorg-x11-drv-intel-2.99.917-48.20200205.fc33.x86_64.rpm
Just use dnf to uninstall it.


actually Q4.0.4 ships with

xorg-x11-drv-intel-2.99.917-49.20210126.fc25.x86_64.rpm

which does not work for me either.



The one I installed using dnf is
xorg-x11-drv-intel-2.99.917-32.20171025.fc33.x86_64.rpm
and this does work OK.


this one is from Q4.0.1, qhereas Q4.0.0 ships

xorg-x11-drv-intel-2.99.917-26.20160929.fc25.x86_64.rpm


So you confirm that you install it in dom0 via

sudo dnf install xorg..whatever.rpm

(that requires deleting kernel-latest-qubes-vm, if present). Then you
need to do an update-grub or something similar to build the downgraded
version in the respective initramfs  ???

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d0e8fda-3077-3a24-0b81-490d33a7fa39%40web.de.

Re: [qubes-users] i915 driver problems

2021-09-01 Thread haaber

On 9/1/21 10:54 PM, Mike Keehan wrote:

On 9/1/21 8:29 PM, haaber wrote:

On 9/1/21 7:44 PM, Mike Keehan wrote:

On 9/1/21 1:36 PM, Bernhard wrote:

Hello, I wonder if some of you guys have the bad luck of an i915
graphics card and found some solutions. For me, no >= 5.4 xen kernel
works (freezes). So I still run it on 4.19 :)

I think it is the recent i915 driver update that causes the problem.
I had to remove it and download and install the previous version.
then I blacklisted the i915 driver so that dom0 would not update it.

I downloaded the 4.0 Qubes iso and extracted the driver from there, as I
knew it had always worked until the update.

I think there is a way to see what updates Qubes has performed, but I
can't remember how.

The current Intel driver, which does not work for me, is
xorg-x11-drv-intel-2.99.917-48.20200205.fc33.x86_64.rpm
Just use dnf to uninstall it.

The one I installed using dnf is
xorg-x11-drv-intel-2.99.917-32.20171025.fc33.x86_64.rpm
and this does work OK.

If you don't blacklist the driver in dnf, it will update it next
time you update dom0.

Wicked! That is very smart, thank you for the lesson! I am fighting
since 7 months with it without having had that simple & brilliant idea
:-) best, Bernhard

Re: [qubes-users] i915 driver problems

2021-09-01 Thread haaber


On 9/1/21 7:44 PM, Mike Keehan wrote:

On 9/1/21 1:36 PM, Bernhard wrote:

Hello, I wonder if some of you guys have the bad luck of an i915
graphics card and found some solutions.  For me, no >= 5.4 xen kernel
works (freezes). So I still run it on 4.19 :)


I think it is the recent i915 driver update that causes the problem.
I had to remove it and download and install the previous version.
then I blacklisted the i915 driver so that dom0 would not update it.

Screen does not freeze anymore.

Only "problem" is that the "Qubes Update" widget thinks there is
always an update to be made.  Just have to ignore it.

Mike.



Sound worth a trial (easily reversible, right?) Which version did you
install? And how find out the version of firmware installed? Thx, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f16b5fb-7340-84cf-bb80-b4627d711f76%40web.de.

Re: [qubes-users] resume from suspend issue after QSB-070

2021-08-31 Thread haaber




 [Andrew]
 But shouldn't hyperthreading have already been disabled ever since
 QSB-043?

 https://www.qubes-os.org/news/2018/09/02/qsb-43/

>>> I admit that I missed that one as well. Shame on me. Is there some way
>>> to detect active hyperthreading on boot && print out a big red
warning ?
>>>
>>> That seems a reasonable measure, especially for new-comers how cannot
>>> reasonably be asked to read all old QSB's first :)
>>>

> [ Markek ]
> There are (at least) two ways to disable hyper-threading:
> 1. In system BIOS (if there is such option)
> 2. In software - by disabling every second thread of each core.
>
> The QSB-043 uses the second method. It has is drawbacks, as the logic to
> bring up and down CPUs is quite complex. And yes, there are known
> issues[1] affecting suspend. Disabling hyper-threading in BIOS, prevents
> Xen from starting those secondary threads at all, and so it doesn't need
> to bring them down.
>
> [1]
https://github.com/QubesOS/qubes-issues/issues/6066#issuecomment-901843312


Thank you Marek. I only now disabled it in BIOS (my fault), and my
question was that software could point a warning to the user in case of
software disabling. I would have done it much faster then :-)

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f94e84e-abfa-cad5-7aff-0630b0202514%40web.de.

Re: [qubes-users] resume from suspend issue after QSB-070

2021-08-30 Thread haaber





Kind of answering my own question, but disabling hyperthreading
happened to
be a workaround for the resume from suspend issue.


But shouldn't hyperthreading have already been disabled ever since QSB-043?

https://www.qubes-os.org/news/2018/09/02/qsb-43/


I admit that I missed that one as well. Shame on me. Is there some way
to detect active hyperthreading on boot && print out a big red warning ?

That seems a reasonable measure, especially for new-comers how cannot
reasonably be asked to read all old QSB's first :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e960a4c1-1d50-a348-1d2c-da98b0780523%40web.de.

[qubes-users] whonix - tbb - noscript problem.

2021-07-19 Thread haaber


For annoying reasons (out of this group-scope) TBB does not come with
any adblocker and relies only on noscript.

For another annoying reason, whonix ships  noscript in a
default="javascript on" mode (even in "safest" mode) which forces me to
change that at every anon-whonix boot by hand.

For a third annoying reason, whonix does not want me to load TBB in the
template to configure NoScript once and for all correctly.


Question: Is there any way out of that (i.e. *persistent*  noscript
settings)?  Thank you!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6bfc1f5b-0baf-4505-7d4d-87cebacb9293%40web.de.

Re: [qubes-users] The safest way to search in files on an external hard drive

2021-07-09 Thread haaber


On 7/9/21 12:01 PM, Michael Singer wrote:


After decryption, my file system presents itself to me as an ordinary directory 
that I find somewhere under /media/xy. The encryption program used works in a 
way that the device in /dev/xvdi is always encrypted. Only what is currently 
accessed in the /media/xy folder is decrypted. Consequently, it does not work 
if I use the following command to create a loop that I then mount in another 
qube, because it will not be decrypted there:

$disp1: sudo losetup -r /dev/loop0 /dev/xvdi


Why not

sudo losetup -r /dev/loop0 /media/xy

?? That is what I do alwys, at works fine.  After that, the widget (for
example) allows to attach /dev/loop0 to other qubes.  Best

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23caef27-cc3a-5a7c-6f21-2e73af155c20%40web.de.

Re: [qubes-users] Tried to install google earth pro to debian qube, need help understanding error message

2021-06-13 Thread haaber

On 6/13/21 7:04 PM, Chrome wrote:

On Saturday, June 12, 2021 at 11:18:33 AM UTC-4 haa...@web.de wrote:

On 6/11/21 9:16 PM, Chrome wrote:
 > I bolded the relevant terminal text
 > *N: Download is performed unsandboxed as root as file
 > '/home/user/Downloads/google-earth-pro-stable_current_amd64.deb'
 > couldn't be accessed by user '_apt'. - pkgAcquire::Run (13:
Permission
 > denied)*
 > *

if you want to split download & install, run apt-get download as USER
not as root. Then, later, install with apt -i ./my-unsafe-deb-file.deb
Do such things better in a separate VM :)

Thank you for your reply. I'm rather inexperienced with Linux and these
sorts of issues. Could you give me the format of the command I need to
input? Also, I did not download google earth pro with apt at all,
instead, I downloaded it manually off the website and then tried to
install it. Does that affect your advice at all? Thank you and be well.

you can install any .deb file like that. Download whatever (zoom,
google-earth..) deb file in your unsafe VM, then open terminal and launch

sudo apt  install some-path/filename.deb   (*)

(don't copy (*)). Technically you can do this in a templateVM (with some
extra complications since no netVM in templates), but unless you use the
software every day & reboot often that is not my favourite solution.
Instead, I run it *once* in the AppVM: now, often apt needs to install
dependencies along with it. Copy the list of needed packages (or write
them down) and install all of them with

apt-get install PACKAGE

in your templateVM. These library files are clean and safe (a priori).
Now, once you reboot your AppVM the App is gone, but re-installing it
with the command (*) takes 15 secs and you data (logins, config files)
will survive from one install to the next.

Advantage of this procedure: no template is possibly breached with the
unsafe .deb file. Disadvantage: you loose 15 secs at every reboot of the
AppVM for reinstalling. For me its worth the pain.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a5a0d87-177d-b0b3-be5e-bfad2b3c69d5%40web.de.

Re: [qubes-users] Tried to install google earth pro to debian qube, need help understanding error message

2021-06-12 Thread haaber


On 6/11/21 9:16 PM, Chrome wrote:

I bolded the relevant terminal text
*N: Download is performed unsandboxed as root as file
'/home/user/Downloads/google-earth-pro-stable_current_amd64.deb'
couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission
denied)*
*


if you want to split download & install,  run apt-get download as USER
not as root. Then, later, install with apt -i ./my-unsage-deb-file.deb
Do such things better in a separate VM :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2be74d3-3daf-b59f-a2b5-e31e855dfabe%40web.de.

Re: [EXT] [qubes-users] The safest way to search in files on an external hard drive

2021-06-09 Thread haaber


On 6/9/21 10:46 PM, Ulrich Windl wrote:

On 5/31/21 4:55 PM, Michael Singer wrote:

Dear Qubes community,

I am looking for a really secure way to use Qubes for searching not
only a hard drive for file names, but for text that is in files.

The goal is to avoid an exploit in the searched files leading to a
takeover of the hard drive by malware.


If your app is working on the disk device and the app only has read
access to it, it'll be quite unlikely that the disk device will be changed.
Likewise if you mount the filesystem read-only, and the user running the
app is unable to re-mount, it's also quite unlikely that the disk will
be changed. You could even try to combine both methods (read-only mount
a read-only block device). However not all filesystems work on a
write-protected block device.


A variant: mount it RO in AppVM1, then attach it to AppVM2 (which by no
means can "remount -rw" it unless interVM-barriers are breached (and
game is over anyways).

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5400f1ce-88dd-354f-2420-4bf6a4b28020%40web.de.

Re: [qubes-users] notify-send

2021-06-09 Thread haaber


you someone remind me which qubes package contains the "notify-send"
command? Thank you



Not Qubes package - libnotify



alright, thank you.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa48c710-aad9-dc94-e9f0-5ebc431663af%40web.de.

[qubes-users] notify-send

2021-06-09 Thread haaber


Hello,

you someone remind me which qubes package contains the "notify-send"
command? Thank you

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/331ba714-f918-4e33-4a33-a12404740776%40web.de.

Re: [qubes-users] whonox update fails

2021-05-31 Thread haaber

On 6/1/21 3:22 AM, Andrew David Wong wrote:

On 5/31/21 1:56 PM, haaber wrote:

Updating whonix-gw-15
Error on updating whonix-gw-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-gw-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-gw-15: ERROR (exception list index out of range)

Updating whonix-ws-15
Error on updating whonix-ws-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-ws-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-ws-15: ERROR (exception list index out of range)

Any hints? Thank you.

It might be this:

https://github.com/QubesOS/qubes-issues/issues/6642

I'm basing this on seeing "exception list index out of range" mentioned
there too, but beyond that, I'm not certain.

Thank you Andrew. But since their "solution" seems to use Fedora instead
of Debian, one could also suggest re-installing qubes first to see if
the error persists, or changing the computer -- I exaggerate to
illustrate that this can not even be called a workaround :-))

Anyways. Whonix still allows manual update in terminal, maybe the
qubes-updater is overestimated anyways ... there were some nice scripts
under 3.2 for automatically updating all templates. Just have to find
hem again. Bernhard

[qubes-users] whonox update fails

2021-05-31 Thread haaber


Updating whonix-gw-15
Error on updating whonix-gw-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-gw-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-gw-15: ERROR (exception list index out of range)

Updating whonix-ws-15
Error on updating whonix-ws-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-ws-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-ws-15: ERROR (exception list index out of range)


Any hints?  Thank you.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6ec465c-c482-6669-4ffd-6e6d1ff2fa6d%40web.de.

Re: [EXT] [qubes-users] sys-net problems Intel 8265 / 8275

2021-05-26 Thread haaber


On 5/26/21 5:45 PM, Ulrich Windl wrote:


Do you have some hints how I could try to improve that? Best,  Bernhard



See what "journalctl -f" outputs in net-vm.


that gave an error message that helped to understand  that seemingly
mac-randomization-while-scanning and OpenWRT are a bad mixture ... I
deactivated it to test - and now it works. I guess that the
randomisation is a good thing as such, so I have to improve OpenWRT ?!

best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7bb30b0-c342-19e2-636e-98681b881ad1%40web.de.

Re: [qubes-users] Re: sys-net problems Intel 8265 / 8275

2021-05-25 Thread haaber


On 5/25/21 1:31 PM, Vít Šesták wrote:

Wi-Fi needs drivers and microcode. This might be source of some
troubles. Have you tried non-minimal template or Fedora template?


So here is something strange. Intel suggests on its webpage

https://www.intel.com/content/www/us/en/support/articles/05511/wireless.html

to install iwlwifi-8265-ucode-22.361476.0 but my debian-10 has another
version installed, namely

iwlwifi-8265-ucode-22.391740.0
iwlwifi-8265-ucode-36.9f0a2d68.0

That is very unusual: debian has a newer version than Intel ?? I am lost
now. Should I downgrade manually??  Best

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98f1ae42-b846-e7d3-0d28-3d72fb17d2f2%40web.de.

Re: [qubes-users] Re: sys-net problems Intel 8265 / 8275

2021-05-25 Thread haaber


On 5/25/21 1:31 PM, Vít Šesták wrote:

Wi-Fi needs drivers and microcode. This might be source of some
troubles. Have you tried non-minimal template or Fedora template?


Yes, to my knowledge firmware-iwlwifi in debian, and that is installed &
up to date. The same template did work, long while ago. It seems to have
"degraded through updates", even if that sounds not plausible.

Best

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0932423-f06f-2abf-149d-39ff979343a6%40web.de.

[qubes-users] sys-net problems Intel 8265 / 8275

2021-05-24 Thread haaber


I have an build-in Intel 8265 / 8275 wireless controller, and my
(debian-10-minimal based) sys-net has more and more problems to connect.
It starts to connect and then hangs. That is strange since it used to
run perfectly 2 years ago. But now it takes 1-5 minutes, sometime a
qvm-kill forced reboot (I use the std config with wpa_supplicant).
Usually 5Ghz networks do never finish the connection.

Do you have some hints how I could try to improve that? Best,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05b0a1f4-e360-ae28-2fe1-241d4e6f39c8%40web.de.

[qubes-users] bug ?

2021-05-17 Thread haaber


Hello, I followed a link in my mailVM-thunderbird, which configured to
open links inside a new tempVM. When I reboot the parent mailVM, the
child-disp-VM dies with it. This is not what I expected.

Is it some wanted behaviour or a bug? Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f831b553-deab-60ee-8b80-ba1d5cd8acca%40web.de.

[qubes-users] apropos: Dell DSA-2021-088

2021-05-05 Thread haaber


Hi, you probably saw this flaw that seems to be present on all Dell
machines >= 2009.

https://www.dell.com/support/kbdoc/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

it is not entirely clear if BIOS itself is flawed, but
 - the phrase " insufficient access control vulnerability"
 - a new BIOS update on April 27
suggest that a bit. Do you have some more detailed information? If so,
it touches many qubes users as well, which brings me to a more general
question:  Updating BIOS seems, generally, a security nightmare. Running
untrusted software from an untrusted OS on an USB-key enhances
likelihood of an evil-maid attack,  and, worse,  you are the maid !

I am curious on your comments / help suggestions.  Best,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aac5d82a-ffb6-5acc-ae71-86090b2e1334%40web.de.

Re: [qubes-users] Computer freezes when using google maps.

2021-04-21 Thread haaber


Hello,
When I go to maps.google.com in Chrome the PC freezes up. I then have to
long press the power button and restart the PC.
This error is reproducible for me and happens every time I try to use
Google Maps.
It happens mostly when you turn your map to satellite view.
Computer windows 10 HP ZBook G3 intel Xeon E3-1505M v5 with intel
graphics P530 a,d Nvidia Quadro M200M
Does anyone have a solution for this.
Thanks


No clue. Some natural questions ou might ask/answer:

Which xen-kernel (uname -a in dom0 term)?
Which op-system in AppVM (linux? if so which? what kernel?
 or windows ??)
Does it happen in one specific OpSystem, did you test with others?
Does it happen with Firefox?
Does it happen with Chromium in debian/fedora ?

etc

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8f02a7d-0981-c4e0-4694-aa32b08cb7a0%40web.de.

Re: [qubes-users] Recover data from 'private-cow.img'

2021-04-20 Thread haaber





The legacy 'file' storage driver just doesn't implement the required
functionality for 'qvm-volume revert' - one of the many reasons it
will be deprecated:

https://github.com/QubesOS/qubes-issues/issues/6399



Awesome! Thank yu for that hint. When/how will it be changed ?? That
seems quite troublesome to change the internal storage type within a
running system ... will need re-install in some further time??

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/305252a6-74a0-11ab-c826-6e9833086737%40web.de.

Re: [qubes-users] Recover data from 'private-cow.img'

2021-04-18 Thread haaber


I lost a somewhat important file from a software crash in an appvm.



However, '-cow.img' files contain no filesystem, but "binary patch"
data, thus can't be mounted or read directly or without their
corresponding'.img' files.


These are real disc-image files! There is a filesystem, but it is not in
sector 1 :) The trick is to mount it with an offset (see mount command).
To get the right offset, fdisk the file (it should have an old-style
MBR). If fdisk does not accept files (I forgot), try either cfdisk or
simple loop it in a device:

  losetup  /dev/loop42  imagefile.img
  fdisk -p /dev/loop42
  losetup -d /dev/loop42

This gives the starting sector of the partition, that is than handeld
over to mount as offset. And then you can grab data. Good luck!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6842d36d-0588-5d15-1958-21156d7c5573%40web.de.

[qubes-users] tribler blocks/disables sys-firewall ?

2021-03-21 Thread haaber


Hi, I made a small test-vm running only tribler (see
https://www.tribler.org/ for this software). It seems to slow down
sys-firewall so drastcally (example: ping 8.8.8.8 from sys-net 16ms,
from sys-firewall > 4000ms) that de-facto all internet traffic is
blocked. I experimentally short-circuited the firewall (unsafely using
directly sys-net as tribler-netvm), and all is fine. When I switch back,
it blocks  again. This clearly shows that both, tribler and sys-firewall
generate problems. Any ideas / help how to bugfix this ??  Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d53a868-ae5b-de01-5a48-042be75b9486%40web.de.

Re: [qubes-users] Replacing the wpa_supplicant wifi daemon with iwd

2021-03-18 Thread haaber


On 3/3/21 5:19 PM, 'qtpie' via qubes-users wrote:

Due to mysterious, unsolvable Wifi issues, I decided to replace the
wpa_supplicant wifi daemon with iwd.

  -- snip --

$ dnf remove wpa_supplicant
$ echo -e "[device] \nwifi.backend=iwd" | tee -a
/etc/NetworkManager/NetworkManager.conf
$ systemctl enable iwd.service
$ systemctl start iwd.service
$ systemctl restart NetworkManager


interesting. I tried that in my debian-minimal-net but I cannot start
iwd with systemctl. Errors similar to here

  https://bbs.archlinux.org/viewtopic.php?id=250220

but the proposed "solution" does not work. The thread suggests

  sudo cp /usr/lib/systemd/system/iwd.service /etc/systemd/system/

but that file does simply not exist, so I cannot copy it. So I stopped
that experiment for the moment. Maybe @unman has a suggestion for a
well-working debian-based 'minimal' solution without  networkmanager
and/or   wpa_applicant ?  Best,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6331118-ec61-9e6d-dc28-f1c1220c317c%40web.de.

Re: [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-17 Thread haaber

On 3/17/21 12:13 AM, Fabrizio Romano Genovese wrote:

Booting from a live version and switching to the old kernel solved it.
Has anyone else experienced something similar with kernel 5.11 or it is
just myself? I had a boot fuckup with kernel 5.10 as well a few weeks
ago, but I just waited for the next release and that solved it. I'd like
to understand if the situation is similar here or if it's a problem of
my machine, in which case I'll investigate deeper.

there are several issues. Like

https://github.com/QubesOS/qubes-issues/issues/6446
https://github.com/QubesOS/qubes-issues/issues/6397

but they might be unrelated, as well.

On Tuesday, March 16, 2021 at 5:29:53 PM UTC+1 rud...@rudd-o.com wrote:

You can mask the unit in the GRUB kernel command line with the
parameter:

systemd.mask=qube...@sys-net.service

And then you will be able to log in and fix the kernel issue
(without networking, of course).

You can also choose the older kernel in the GRUB menu.

On 16/03/2021 16.49, Fabrizio Romano Genovese wrote:

As the title says. I've upgraded to the latest kernel (5.11) on
qubes 4.0 and now boot is stuck. How do I get out of this? :)

Fab
--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/7ba1ae0f-4037-4a47-9bf4-aa9eae652a7dn%40googlegroups.com

--
Rudd-O
https://rudd-o.com/

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/772e2a89-da21-4f87-8977-0e171526978fn%40googlegroups.com
.

Re: [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-16 Thread haaber


On 3/16/21 4:49 PM, Fabrizio Romano Genovese wrote:

As the title says. I've upgraded to the latest kernel (5.11) on qubes
4.0 and now boot is stuck. How do I get out of this? :)



you go back: boot a life linux, mount your UEFI partition, search for
/efi/EFI/qubes/xen.cfg or  /efi/EFI/BOOT/xen.cfg and edit the first
line, by copying one of the available kernel-names from list below. It's
straightforward. Use nano editor, for example. Crtl-k cuts a line,
crtl-u pastes it back. A second crtl-u gives a clean second copy. that
way you avoid typing errors.  good luck

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40ac8c17-c7fe-969a-12f3-5002d8282407%40web.de.

[qubes-users] Re: Qubes OS 4.0.4 has been released!

2021-03-05 Thread haaber

Dear Andrew

thank you. My system (based on q4.0) is up-to-date. However I need to
test the

kernel-latest-5.10.16-1.3.fc32.qubes.x86_64.rpm

compile that marmarek put only in r4.1 repos. Could you push it please
into r4.0 as well or are they incompatible ??

cheers, Bernhard

Dear Qubes Community,

We're pleased to announce the release of Qubes OS 4.0.4! This is the
fourth stable release of Qubes 4.0. It includes many updates over the
initial 4.0 release, including:

- All 4.0 dom0 updates to date
- Fedora 32 TemplateVM
- Debian 10 TemplateVM
- Whonix 15 Gateway and Workstation TemplateVMs
- Linux kernel 5.4 by default

Qubes 4.0.4 is available on the downloads page:

https://www.qubes-os.org/downloads/

What is a point release?

A point release does not designate a separate, new version of Qubes OS.
Rather, it designates its respective major or minor release (in this
case, 4.0) inclusive of all updates up to a certain point. Installing
Qubes 4.0 and fully updating [1] it results in the same system as
installing Qubes 4.0.4.

What should I do?
-

If you installed Qubes 4.0, 4.0.1, 4.0.2, or 4.0.3 and have fully
updated [1], then your system is already equivalent to a Qubes
4.0.4 installation. No further action is required.

Regardless of your current OS, if you wish to install (or reinstall)
Qubes 4.0 for any reason, then the 4.0.4 ISO makes this more convenient
and secure, since it bundles all Qubes 4.0 updates to date. Please see
the installation guide [2] for detailed instructions.

Thank you to all the release candidate users for testing this release
and reporting issues [3]!

[1] https://www.qubes-os.org/doc/updating-qubes-os/
[2] https://www.qubes-os.org/doc/installation-guide/
[3] https://www.qubes-os.org/doc/reporting-bugs/

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2021/03/04/qubes-4-0-4/

Re: [qubes-users] Dom0 kernel panic

2021-03-04 Thread haaber


On 3/4/21 9:16 PM, frag face wrote:

Thanks for your answer Bernhard,

I wonder if I could make a  Qube-style backup of the qubes in my
hardrive instead of a rsync to restore/add them directly in the new
installed Qube system, kind of  lazy way ;)

BR


You can, with some extra work: The complete qubes-backup procdure is
explained online. It is, roughly speaking, a tar archive with special
checksum files to ensure pwds are correct.

I always to these backups by hand, to keep myself trained.

My method "sous-entend" that you "safe backup": in your life system
generate a container file (truncate -s 200G
/externalstorage/backup.luks), then losetup: (first losetup -f to get a
free slot, then bind it with losetup /dev/loopX
/externalstorage/backup.luks ), and cryptsetup luksFormat /dev/loopX
;cryptsetup luksOpen /dev/loopX BACKUP; mkfs.ext2 /dev/mapper/BACKUP ;
mount /dev/mapper/BACKUP /somemountpoint

For rsync'ing back inside qubes from subfolders you
- attach usb to dispVM1 (widget)
- lopsetup the container
- attach container mapper to dispVM2 (widget)
- there start same procedure as above at "luksOpen" step and then attach
the full decrypted backup to each VM with the widget, and rsync back the
correct subfolder in your home. You can use --exclude to avoid
"dot"-files ...   best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d54904c-68ee-6ecf-4d59-10cddbd8941c%40web.de.

Re: [qubes-users] What is the latest version of Qubes (on 23 February 2021)

2021-02-23 Thread haaber


On 2/23/21 12:58 PM, load...@gmail.com wrote:

I know about *'Qubes Release 4.0.3'* and *'**Qubes Release 4.0.4-rc2'*,
but I don't understand what is the version I have.


your "initial" qubes  release is marked in the file /etc/qubes-release


/kernel-qubes-vm.x86_64 1000:4.14.74-1.pvops.qubes
kernel-qubes-vm.x86_64  1000:4.19.15-1.pvops.qubes


these are outdated kernels. The stable kernels should be 5.x now, and if
they are 4.x it is certainly 4.19.(>150). I infer from this that
something is weird. Distinguish xen-kernel (package "kernel.x86_64") and
AppVM kernels containing "qubes-vm" it their name. They are different.


*So could anybody tell me is this the latest version of Qubes OS or
something happened with my update process?*



did you run as donoban suggested the update command
"sudo qubes-dom0-update --refresh"
inside a dom0-terminal ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab988faa-926c-fadc-2908-ae5276b1ab7c%40web.de.

Re: [qubes-users] Memory balancing very inefficient

2021-02-22 Thread haaber

Today I noticed that many VMs do get a lot more RAM than they actually
use. While using only about 200-300MB small vms like -net and -firewall
get gigabytes of memory and this seem to be the case even if memory is
running out (sum of all VMs approaches physical RAM size). Also dom0 is
using only about 700MB but gets 4GB.

1) does memory balancing take back memory from a VM at all?

apparently, as much as there is enough, each appVM gets MaxMem-size
(kernel param, usually 4G). When memory is gettng tight the qmemmman
manager does "balooning" whatever that is exactly.
This behaviour might be linked to errors (e.g. my qubes install does not
support 5.x xen kernels: crashes can be caused by "memory stress" and
even if not, they always finish by loads of qmemman log entries, before
deep freeze (not even a kernel panic, just sudden death)

2) how does it happen that VMS get assigned this ridiculously larger
amount of memory compare to their usage?

by design, as explained.

3) is there something that can be done besides manually setting limits
for all VMs?

Good question.

I current think about limiting all small VMs to 256MB and dom0 to 2 GB
of RAM (by GRUB parameter) lacking any idea for a better approch.

Tell us if that works! My qubes has no grub. But you can set kernel
params in /boot/efi/EFI/qubes/xen.cfg

[qubes-users] kernel crashes (?) 5.10.13

2021-02-08 Thread haaber


I am testing the above xen kernel. I experience random freezes of the
system, with no significant "last words" in the logs, if it is not many
many  qmemman notices like these (sorry for the length). Is this a known
issue?? Any hints to stabilite the system?   Cheers!




Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4551340032.0, total_available_memory=11504979715.02)
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]: left_memory=1402107746
acceptors_count=3
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4592266444.8, total_available_memory=11464053302.2)
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]: left_memory=1456607746
acceptors_count=3
Feb 08 18:15:43 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4648645427.2, total_available_memory=11407674319.81)
Feb 08 18:15:43 dom0 qmemman.daemon.algo[2055]: left_memory=1530113766
acceptors_count=3
Feb 08 18:15:44 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4691084083.2, total_available_memory=11365235663.81)
Feb 08 18:15:44 dom0 qmemman.daemon.algo[2055]: left_memory=1584279066
acceptors_count=3
Feb 08 18:15:45 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4732670771.2, total_available_memory=11323648975.81)
Feb 08 18:15:45 dom0 qmemman.daemon.algo[2055]: left_memory=1636414622
acceptors_count=3
Feb 08 18:15:56 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4683198054.4, total_available_memory=11373121692.6)
Feb 08 18:15:56 dom0 qmemman.daemon.algo[2055]: left_memory=1574288232
acceptors_count=3
Feb 08 18:17:26 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4724763443.2, total_available_memory=11331556303.8)
Feb 08 18:17:26 dom0 qmemman.daemon.algo[2055]: left_memory=1485460405
acceptors_count=3
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '5'
act=2198308027 pref=488608972.8 last_target=2198308027
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '4'
act=1670913193 pref=334349516.8 last_target=1670913193
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '0'
act=4294967296 pref=1453227212.8 last_target=4294967296
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '7'
act=4194304000 pref=1386774937.601 last_target=4194304000
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '3'
act=33554432 pref=108003328 last_target=33554432
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '6'
act=3646632184 pref=953799475.2 last_target=3646632184
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: xenfree=70069415
memset_reqs=[('5', 2153453877), ('4', 1629753095), ('3', 33554432),
('0', 4294967296), ('7', 4194304000), ('6', 3732745
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 5 to
2153453877
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 4 to
1629753095
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 3 to 33554432
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 0 to
4294967296
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 7 to
4194304000
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 6 to
3732745262
Feb 08 18:17:35 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17542515,
total_mem_pref=4765301145.6, total_available_memory=11291019331.4)
Feb 08 18:17:35 dom0 qmemman.daemon.algo[2055]: left_memory=1400321867
acceptors_count=3
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '5'
act=2153453877 pref=488608972.8 last_target=2153453877
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '4'
act=1629753095 pref=334349516.8 last_target=1629753095
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '0'
act=4294967296 pref=1453227212.8 last_target=4294967296
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '7'
act=4194304000 pref=1386774937.601 last_target=4194304000
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '3'
act=33554432 pref=108003328 last_target=33554432
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '6'
act=3732745262 pref=994337177.6 last_target=3732745262
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: xenfree=69971315
memset_reqs=[('5', 2110991693), ('4', 1591745932), ('3', 33554432),
('0', 4294967296), ('7', 4194304000), ('6', 3813300
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 5 to
2110991693
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 4 to
1591745932
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 3 to 33554432
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 0 to
4294967296
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 7 to
419430

Re: [qubes-users] Re: [PATCH v5.10] drm/i915/userptr: detect un-GUP-able pages early

2021-02-07 Thread haaber






No, but this patch has been superseded by the latest intel xorg driver.
To try it, just enable the current-testing repo and upgrade
xorg-x11-drv-intel to at least v2.99.917-49.20210126.

 sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing 
--action=upgrade xorg-x11-drv-intel

Discussion: 
https://github.com/QubesOS/qubes-issues/issues/6356#issuecomment-765952048


Hi, I get that type of message before complete qubes-crash, and I wonder
if it is linked. It happens almost sure in any video-conf, often while
browsing. And 5x day ...

Thank you!


Feb 07 11:06:45 dom0 kernel: [ cut here ]
Feb 07 11:06:45 dom0 kernel: i915 :00:02.0: drm_WARN_ON((val & (1 <<
30)) ==
 0)
Feb 07 11:06:45 dom0 kernel: WARNING: CPU: 3 PID: 3538 at
/home/user/rpmbuild/BU
ILD/kernel-latest-5.10.13/linux-5.10.13/drivers/gpu/drm/i915/display/intel_cdclk
.c:850 skl_get_cdclk+0x22b/0x2
Feb 07 11:06:45 dom0 kernel: Modules linked in: binfmt_misc loop
ebtable_filter
ebtables ip6table_filter ip6_tables iptable_filter vfat fat
snd_hda_codec_hdmi s
nd_soc_skl snd_soc_sst_ipc snd
Feb 07 11:06:45 dom0 kernel:  xen_acpi_processor xenfs ip_tables
dm_thin_pool dm
_persistent_data dm_bio_prison dm_crypt hid_multitouch rtsx_pci_sdmmc
mmc_core c
rct10dif_pclmul crc32_pclmul c
Feb 07 11:06:45 dom0 kernel: CPU: 3 PID: 3538 Comm: Xorg Tainted: G
   W
 5.10.13-1.fc25.qubes.x86_64 #1
Feb 07 11:06:45 dom0 kernel: Hardware name: Dell Inc. Latitude
7390/09386V, BIOS
 1.5.1 07/12/2018
Feb 07 11:06:45 dom0 kernel: RIP: e030:skl_get_cdclk+0x22b/0x2b0 [i915]
Feb 07 11:06:45 dom0 kernel: Code: 8b 6f 50 4d 85 ed 0f 84 88 00 00 00
e8 3e 57
56 c1 48 c7 c1 08 ac 3d c0 4c 89 ea 48 89 c6 48 c7 c7 a5 2b 40 c0 e8 e5
70 e0 c0
 <0f> 0b 8b 53 04 e9 11 fe ff
Feb 07 11:06:45 dom0 kernel: RSP: e02b:c90001ebb9e0 EFLAGS: 00010286
Feb 07 11:06:45 dom0 kernel: RAX:  RBX: c90001ebba0c
RCX: 00
27
Feb 07 11:06:45 dom0 kernel: RDX:  RSI: 888135cd8a80
RDI: 888135cd8a88
Feb 07 11:06:45 dom0 kernel: RBP: 888107ca R08: 0003
R09: 0001
Feb 07 11:06:45 dom0 kernel: R10:  R11: c90001ebb7d8
R12: 888107ca0808
Feb 07 11:06:45 dom0 kernel: R13: 888100da3350 R14: 
R15: 888107ca
Feb 07 11:06:45 dom0 kernel: FS:  78d3e66a9a40()
GS:888135cc() knlGS:
Feb 07 11:06:45 dom0 kernel: CS:  e030 DS:  ES:  CR0:
80050033
Feb 07 11:06:45 dom0 kernel: CR2: 7e6aae2db518 CR3: 00012049e000
CR4: 00050660
Feb 07 11:06:45 dom0 kernel: Call Trace:
Feb 07 11:06:45 dom0 kernel:  gen9_disable_dc_states+0x67/0x260 [i915]
Feb 07 11:06:45 dom0 kernel:  intel_power_well_enable+0x3e/0x50 [i915]
Feb 07 11:06:45 dom0 kernel:
__intel_display_power_get_domain.part.24+0x6f/0x90 [i915]
Feb 07 11:06:45 dom0 kernel:  intel_display_power_get+0x49/0x60 [i915]
Feb 07 11:06:45 dom0 kernel:  __gt_unpark+0x2c/0x70 [i915]
Feb 07 11:06:45 dom0 kernel:  __intel_wakeref_get_first+0x3b/0x80 [i915]
Feb 07 11:06:45 dom0 kernel:  i915_gem_do_execbuffer+0x170a/0x1e80 [i915]
Feb 07 11:06:45 dom0 kernel:  ? unix_stream_read_generic+0x97e/0xa00
Feb 07 11:06:45 dom0 kernel:  ? kmem_cache_free+0x2bd/0x2e0
Feb 07 11:06:45 dom0 kernel:  ? unix_stream_read_generic+0x97e/0xa00
Feb 07 11:06:45 dom0 kernel:  ? kmem_cache_free+0x2bd/0x2e0
Feb 07 11:06:45 dom0 kernel:  i915_gem_execbuffer2_ioctl+0xea/0x200 [i915]
Feb 07 11:06:45 dom0 kernel:  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0 [i915]
Feb 07 11:06:45 dom0 kernel:  drm_ioctl_kernel+0xb6/0x100 [drm]
Feb 07 11:06:45 dom0 kernel:  drm_ioctl+0x329/0x3b0 [drm]
Feb 07 11:06:45 dom0 kernel:  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0 [i915]
Feb 07 11:06:45 dom0 kernel:  __x64_sys_ioctl+0x8e/0xd0
Feb 07 11:06:45 dom0 kernel:  ? syscall_trace_enter.isra.18+0x163/0x1b0
Feb 07 11:06:45 dom0 kernel:  do_syscall_64+0x33/0x40
Feb 07 11:06:45 dom0 kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
Feb 07 11:06:45 dom0 kernel: RIP: 0033:0x78d3e3d3d6a7
Feb 07 11:06:45 dom0 kernel: Code: 00 00 00 48 8b 05 e1 27 2c 00 64 c7
00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8
10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3
Feb 07 11:06:45 dom0 kernel: RSP: 002b:7fff95e584a8 EFLAGS: 0246
ORIG_RAX: 0010
Feb 07 11:06:45 dom0 kernel: RAX: ffda RBX: 000e
RCX: 78d3e3d3d6a7
Feb 07 11:06:45 dom0 kernel: RDX: 7fff95e584e0 RSI: 40406469
RDI: 000e
Feb 07 11:06:45 dom0 kernel: RBP: 7fff95e584e0 R08: 000c
R09: 78d3e6770020
Feb 07 11:06:45 dom0 kernel: R10: 3fd0 R11: 0246
R12: 78d3dd779000
Feb 07 11:06:45 dom0 kernel: R13: 1000 R14: 7fff95e584e0
R15: 021b9730
Feb 07 11:06:45 dom0 kernel: ---[ end trace 528bf252a0c1a39e ]---

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To un

[qubes-users] BIG instability problems of qubes

2021-02-03 Thread haaber


Dear qubes community, I use qubes since its version 3, with many up's
and downs (more up's, happily). Since its version 4 it worked quite
stable, but this changed since some months. I am obliged to hard-reboot
my machine 5-10 times per day, versus a scheduled reboot every two-three
weeks before.

- Somehow the 5.4.x kernels (for xen) are instable on my machine. They
run smoothly my debian appvm's. No clue if the kernel its crashes, but
after 2-15   min the systems becomes unusable: the screen "hangs" and no
other way out than hard reboot. I have a rather std i7, I mention. HCL
attached. My problems:

- The last upgrade removed my last 4.9 xen kernel which would work fine
(how can I get that one back??) so I switched to 5.10 directly. The last
one braught by update won't work: under 5.10.11 kernel, NO WAY to boot a
debian-vm. Journalctl says:


Jan 29 21:39:55 dom0 qubesd[2087]: Start failed: internal error:
libxenlight failed to create new domain 'sys-net'
Jan 29 21:39:55 dom0 qmemman.daemon.algo[2095]:
balance_when_enough_memory(xen_free_memory=12370411092,
total_mem_pref=779203379.2, total_available_memory=15886175008.8)
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: stat: dom '0'
act=4294967296 pref=779203379.2 last_target=4294967296
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: stat:
xenfree=12422839892 memset_reqs=[('0', 4294967296)]
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: mem-set domain 0 to
4294967296



- when running zoom with 5.10.5 xen kernel inside a dedicated zoom-vm
(debian-10) inside firefox (no custom app). The system "hangs" screen
hangs, sound loops over last second, and that's it. I do not see any
special before the problem occurs (see down) but  there is something
strange while boot. It is displayed for each CPU separately.


Feb 02 16:14:43 dom0 kernel: [ cut here ]
Feb 02 16:14:43 dom0 kernel: WARNING: CPU: 1 PID: 0 at
/home/user/rpmbuild/BUILD/kernel-latest-5.10.5/linux-5.10.5/arch/x86/xen/enlighten_pv.c:660
get_trap_addr+0x81/0x90
Feb 02 16:14:43 dom0 kernel: Modules linked in: loop ebtable_filter
ebtables ip6table_filter ip6_tables iptable_filter vfat fat
snd_hda_codec_hdmi snd_soc_skl snd_soc_sst_ipc snd_soc_sst_dsp
Feb 02 16:14:43 dom0 kernel:  xen_acpi_processor xenfs ip_tables
dm_thin_pool dm_persistent_data dm_bio_prison dm_crypt hid_multitouch
nvme rtsx_pci_sdmmc mmc_core crct10dif_pclmul crc32_pcl
Feb 02 16:14:43 dom0 kernel: CPU: 1 PID: 0 Comm: swapper/1 Tainted: G
W 5.10.5-1.qubes.x86_64 #1
Feb 02 16:14:43 dom0 kernel: Hardware name: Dell Inc. Latitude
7390/09386V, BIOS 1.5.1 07/12/2018
Feb 02 16:14:43 dom0 kernel: RIP: e030:get_trap_addr+0x81/0x90
Feb 02 16:14:43 dom0 kernel: Code: b0 c4 e1 82 48 89 07 b8 01 00 00 00
85 f6 74 04 84 c0 75 16 b8 01 00 00 00 c3 48 8b 42 08 48 89 07 0f b6 42
10 83 f0 01 eb e2 <0f> 0b 31 c0 c3 cc cc cc cc
Feb 02 16:14:43 dom0 kernel: RSP: e02b:c9abfe08 EFLAGS: 00010002
Feb 02 16:14:43 dom0 kernel: RAX: 0001 RBX: 830d41d0
RCX: 82625558
Feb 02 16:14:43 dom0 kernel: RDX: 82625558 RSI: 0005
RDI: c9abfe10
Feb 02 16:14:43 dom0 kernel: RBP: 830da0f0 R08: 0001
R09: 
Feb 02 16:14:43 dom0 kernel: R10: 8249f900 R11: 82744648
R12: 830d9f20
Feb 02 16:14:43 dom0 kernel: R13: 001d R14: 8249f440
R15: 001d
Feb 02 16:14:43 dom0 kernel: FS:  ()
GS:888135c4() knlGS:
Feb 02 16:14:43 dom0 kernel: CS:  1e030 DS: 002b ES: 002b CR0:
80050033
Feb 02 16:14:43 dom0 kernel: CR2: 720f340010c6 CR3: 0261
CR4: 00050660
Feb 02 16:14:43 dom0 kernel: Call Trace:
Feb 02 16:14:43 dom0 kernel:  cvt_gate_to_trap+0x50/0xa0
Feb 02 16:14:43 dom0 kernel:  ? asm_exc_double_fault+0x30/0x30
Feb 02 16:14:43 dom0 kernel:  xen_convert_trap_info+0x60/0xa0
Feb 02 16:14:43 dom0 kernel:  xen_load_idt+0x46/0xa0
Feb 02 16:14:43 dom0 kernel:  load_current_idt+0x11/0x20
Feb 02 16:14:43 dom0 kernel:  cpu_init+0x148/0x410
Feb 02 16:14:43 dom0 kernel:  cpu_bringup+0x10/0x90
Feb 02 16:14:43 dom0 kernel:  xen_pv_play_dead+0x38/0x60
Feb 02 16:14:43 dom0 kernel:  do_idle+0x1c9/0x2b0
Feb 02 16:14:43 dom0 kernel:  cpu_startup_entry+0x19/0x20
Feb 02 16:14:43 dom0 kernel:  asm_cpu_bringup_and_idle+0x5/0x1000
Feb 02 16:14:43 dom0 kernel: ---[ end trace 011f03ca1c0f295f ]---
Feb 02 16:14:43 dom0 kernel: cpu 1 spinlock event irq 131
Feb 02 16:14:43 dom0 kernel: ACPI: \_PR_.PR01: Found 3 idle states
Feb 02 16:14:43 dom0 kernel: CPU1 is up
Feb 02 16:14:43 dom0 kernel: installing Xen timer for CPU 2
Feb 02 16:14:43 dom0 kernel: [ cut here ]

[IN RED COLOUR]
Feb 02 16:15:22 dom0 qmemman.systemstate[2401]: Xen free = 142013308 too
small for satisfy assignments! assigned_but_unused=117851537,
domdict={'6': {'no_progress': False, 'id': '6', 'mem_us


Feb 02 16:19:58 dom0 qmemman.daemon.algo[2401]:
balance_when_enou

SOLVED. Re: Aw: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-31 Thread haaber



It seems it ignores your mountpoint, you pass directly the hard disk and
EFI partition number (which should be the first) so in:
efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1
"placeholder /mapbs /noexitboot"

You only have to worry about /dev/sda
-
Thank you very much Donoban. I tried:
root@debian:~# efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d
/dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot"
efibootmgr: ** Warning ** : Boot0002 has same label Qubes
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: ,0001
Boot0001* UEFI: KingstonDataTraveler 2.0PMAP, Partition 1
  PciRoot(0x0)/Pci(0x14,0x0)/USB(8,0)/HD(1,MBR,0x51f9fa69,0x630,0x1700)
Boot0002* Qubes
  
HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder
 /mapbs /noexitboot
Boot0006* CD/DVD/CD-RW Drive    BBS(CDROM,CD/DVD/CD-RW Drive,0x0)
Boot0007* Onboard NIC    BBS(Network,IBA CL Slot 00FE v0112,0x0)
Boot* Qubes
  
HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder
 /mapbs /noexitboot
what you see is that Qubes was still in the UEFI "line" now at position
0002. I will have to try a reboot - don't like it, because it is a pain
in the neck to re-install wireless on debian; I hope that I downloaded
all packages I need on /boot of my life system ... otherwise I will
become silent for a while!    Cheers


I tried a reboot after an extra-emergeny backup (luks-by-hand training:)
and your efibootmgr command worked. qubes is back!  Thank you so much.

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d127edb5-6ecc-e4cf-814d-dbf602c30907%40web.de.

Aw: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-30 Thread haaber

 

 
 

Gesendet: Samstag, 30. Januar 2021 um 10:28 Uhr
Von: "donoban" 
An: qubes-users@googlegroups.com
Betreff: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

Hi,

On 1/30/21 8:43 AM, haa...@web.de wrote:
> I am surprised by the sizes -- files seem small. Do the seem correct?? 
> Are there files missing?? Could maybe someone check these md5sums, please?
>  

Probably the initramfs differ due different hardware or configuration.
vmlinuz image seems fine.

> (3) I could try the " efibootmgr " commands mentioned in UEFI
troubleshooting, but I do not understand them, and I am afraid to f*ck
it up even worse. If my harddrive-boot partition is mounted on /BOOT
instead of /boot , how would the command read, please??

It seems it ignores your mountpoint, you pass directly the hard disk and
EFI partition number (which should be the first) so in:
efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1
"placeholder /mapbs /noexitboot"

You only have to worry about /dev/sda
-

 

 

Thank you very much Donoban. I tried:

 

root@debian:~# efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot"
efibootmgr: ** Warning ** : Boot0002 has same label Qubes
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: ,0001
Boot0001* UEFI: KingstonDataTraveler 2.0PMAP, Partition 1    PciRoot(0x0)/Pci(0x14,0x0)/USB(8,0)/HD(1,MBR,0x51f9fa69,0x630,0x1700)
Boot0002* Qubes    HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot
Boot0006* CD/DVD/CD-RW Drive    BBS(CDROM,CD/DVD/CD-RW Drive,0x0)
Boot0007* Onboard NIC    BBS(Network,IBA CL Slot 00FE v0112,0x0)
Boot* Qubes    HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot
 

 

what you see is that Qubes was still in the UEFI "line" now at position 0002. I will have to try a reboot - don't like it, because it is a pain in the neck to re-install wireless on debian; I hope that I downloaded all packages I need on /boot of my life system ... otherwise I will become silent for a while!    Cheers

 






-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-559faab6-63c7-4cbe-bf49-42f2e860cf2b-1612026841940%403c-app-webde-bap06.

[qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-29 Thread haaber

The main line is in the title. I did a dom0 upgrade that installed kernel-latest. After reboot I got the freaky message

"No bootable device found, press F1... F2 .. F5.." -- it does not really say where it comes from, but it sounds like a BIOS message.

 

I have no idea where to start, so I give all I have here and ask for help. Please read quickly over it, any hint is appreciated.

(1) I did boot my computer with a live linux.

(2) The boot partition does exist. The qubes folder reads like this

 


-rwxr-xr-x 1 root root  24M Jan 29 17:57 initramfs-5.10.11-1.fc25.qubes.x86_64.img
-rwxr-xr-x 1 root root  24M Jan 12 15:27 initramfs-5.10.5-1.qubes.x86_64.img
-rwxr-xr-x 1 root root  23M Jan 24 09:41 initramfs-5.10.8-1.qubes.x86_64.img
-rwxr-xr-x 1 root root  24M Jan 24 09:39 initramfs-5.4.91-1.fc25.qubes.x86_64.img
-rwxr-xr-x 1 root root 7.9M Jan 29 17:57 vmlinuz-5.10.11-1.fc25.qubes.x86_64
-rwxr-xr-x 1 root root 7.9M Jan 12 15:27 vmlinuz-5.10.5-1.qubes.x86_64
-rwxr-xr-x 1 root root 7.9M Jan 24 09:41 vmlinuz-5.10.8-1.qubes.x86_64
-rwxr-xr-x 1 root root 6.9M Jan 24 09:39 vmlinuz-5.4.91-1.fc25.qubes.x86_64
-rwxr-xr-x 1 root root 2.0M Jan  4 00:43 xen-4.8.5-29.fc25.efi
-rwxr-xr-x 1 root root 1.4K Jan 29 20:57 xen.cfg
-rwxr-xr-x 1 root root 2.0M Jan  4 00:43 xen.efi

 

I am surprised by the sizes -- files seem small. Do the seem correct??  Are there files missing?? Could maybe someone check these md5sums, please?

 

1ff66a646f443da650caca5a71d14dc9  initramfs-5.10.11-1.fc25.qubes.x86_64.img
0ed0b625599395686c950b11ca626659  initramfs-5.10.5-1.qubes.x86_64.img
66ad105adc1bcf8543fde0be5e1cffa9  initramfs-5.10.8-1.qubes.x86_64.img
aa03e2e037aa2a173c4f9a2db6dd9096  initramfs-5.4.91-1.fc25.qubes.x86_64.img
36993c5ea1f93a37c548f8ac32b18baf  vmlinuz-5.10.11-1.fc25.qubes.x86_64
9669c095819240d8117f208748707b4c  vmlinuz-5.10.5-1.qubes.x86_64
3db1a8bdd97a608a5459ac5521052ab8  vmlinuz-5.10.8-1.qubes.x86_64
0834cc9a9bfbacb9cfc420f3b879bca7  vmlinuz-5.4.91-1.fc25.qubes.x86_64

 

If these files were corrupt, other error messages should appear, so it is, probably, somthing else. But still!

Next, my actual xen.cfg reads like this

 


[global]
default=5.4.91-1.fc25.qubes.x86_64

[5.10.5-1.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.10.5-1.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.10.5-1.qubes.x86_64.img
[5.4.91-1.fc25.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.4.91-1.fc25.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.4.91-1.fc25.qubes.x86_64.img
[5.10.11-1.fc25.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.10.11-1.fc25.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.10.11-1.fc25.qubes.x86_64.img

 

these all look OK, a part from 5.10.8. being present as files, but not in the boot menu, which is strange.

 
 


(3) I could try the " efibootmgr " commands mentioned in UEFI troubleshooting, but I do not understand them, and I am afraid to f*ck it up even worse. If my harddrive-boot partition is mounted on /BOOT instead of /boot  , how would the command read, please??


 

 

 

Thank you very much,  Bernhard





-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-9fc2348b-403a-4b48-a530-bda38d1047d6-1611992631199%403c-app-webde-bap08.

[qubes-users] Re: Qubes OS 4.0.4-rc2 has been released!

2021-01-24 Thread haaber


I have a kernel question. With last updates I have 3 kernels 5.4.x
installed and one 5.10.x (kernel-latest). It happens that the
5.4.x-kernels provoque freezes & sponaneous reboots. So I would like to
ask qubes to disregard these (5.4.x) and keep at least two 5.9.x or
5.10.x kernels when upgrading (and maybe some stable 4.x kernel as
backup in case). How can I do that?  Cheers.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08712453-a8b6-4cb0-b09a-26e834743915%40web.de.

Re: [EXT] Re: [qubes-users] wireless " intruder "

2021-01-07 Thread haaber


On 1/6/21 6:11 PM, Ulrich Windl wrote:

On 1/3/21 2:24 PM, haaber wrote:
...

Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.

I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.


Are there logs (the famous "last words")?


(my) mirage does not log. It has a fixed size of 32 MB, not much space
for logging .. and dom0 has no useful info on that incident.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/881aa0f7-a368-bf82-e556-f098c01ada07%40web.de.

Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2021-01-07 Thread haaber


I'm not sure exactly what you mean, but there's:


I mean: It seems you need the file manager to open the file just to
register it as handler; is there an alternative not using the file manager?


not that I know. But you can register it "by hand" by creating a .dsktop
file yourself (as I explained earlier). Put these lines

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/user/.local/bin/send-to-vm.sh %f
Name=Send a screenshot to VM
Comment=Custom definition for send-to-vm.sh

in a new file in ~/.local/share/applications/userapp-screenshot.desktop

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc5559fd-e70b-de8c-f81d-390b5f59c4c5%40web.de.

Re: [qubes-users] USB stick issue

2021-01-07 Thread haaber


Maybe it's related to recent updates, or my computer is starting to die:
Anyway: Today I had plugged in my USB stick and attached it successfully
to "vault". I had opened a file from it. The suddenly within one second,
I saw the stick being disconnected and reconnected, and the "vault"
failed to write the file.


that happens also when a "bad electrical connection" happens (worn out
usb plug, for example). Then the usb-"attach" breaks, but the virtual
device number (xvd..) i still blocked, so a reconnect increases the
number (from i to j to k). etc. That is not "expected" but happens.

I would power down sys-usb and vault and try again. And I would not take
data from usb into vault, rather from usb into a dispVM first, if you
need to grab data into vault: There you can still perform (integrity)
checks before copying them to vault...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5070d2c3-ecba-09ab-bf65-b93bce764862%40web.de.

Re: [qubes-users] Re: HCL -- Intel NUC10i7 issues with kernel-latest

2021-01-04 Thread haaber


On 1/4/21 11:39 PM, 'awokd' via qubes-users wrote:

tv.f...@gmail.com:


How did you install the 5.8.16 kernel? When I do something like

$ qubes-dom0-update kernel-lateat-5.8.16

it shows me the package, downloads it, but then it tells me "no package
kernel-latest-5.8.16 available" so I'm a bit confused.


EXAMPLE:

sudo qubes-dom0-update  kernel-latest-1000:5.9.14-1.qubes.x86_64
--enablerepo=qubes-dom0-unstable

simply change numbers to your wanted kernel version.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d746624b-301d-b079-4410-9a12369d6243%40web.de.

Re: [qubes-users] wireless " intruder "

2021-01-03 Thread haaber

On 1/3/21 1:04 PM, David Hobach wrote:

On 1/3/21 12:43 PM, haaber wrote:

Hello, I have a intriguing problem, partially qubes-related. I have a
"intruder" in my wifi network. I have no idea how to physically localise
that offensive antenna, but that is not a qubes subject (if you have any
ideas, they are welcome!). Of course I can just change the SSID and pwd,
but this is not the whole point:

When I portscan the offensive object using nmap (all ports are
filtered.) it counter-fires and kills off my mirage-firewall! That is
fancy. The network structure is

sys-net - mirage-firewall -qubes-firewall - dispVM

and nmap runs in dispVM. I am quite surprised and willing to "play" a
bit with this enemy, but I would need some help. In particular: How can
I log packets while scannning? Is there a way to find out how/why the
mirage firewall (0.7) dies? That suggests a weakness which is relevant
to many of us! Cheers, Bernhard

Your firewalls might interfere with the nmap replies and thus everything
is shown as filtered.

I did it in sys-net but they remain "filtered". That is not a
firewall-artefact.

Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.

I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.

P.S: I will see if I can use my phone as AP honypot using the same SSID
& pwd to find that antenna using signal strength (the idea is that I can
move it), but usually that is very hard, due to natural "shadows" and
reflections.

[qubes-users] wireless " intruder "

2021-01-03 Thread haaber


Hello, I have a intriguing problem, partially qubes-related. I have a
"intruder" in my wifi network. I have no idea how to physically localise
that offensive antenna, but that is not a qubes subject (if you have any
ideas, they are welcome!). Of course I can just change the SSID and pwd,
but this is not the whole point:

When I portscan the offensive object using nmap (all ports are
filtered.) it counter-fires and kills off my mirage-firewall!  That is
fancy. The network structure is

sys-net - mirage-firewall -qubes-firewall - dispVM

and nmap runs in dispVM. I am quite surprised and willing to "play" a
bit with this enemy, but I would need some help. In particular: How can
I log packets while scannning? Is there a way to find out how/why the
mirage firewall (0.7) dies? That suggests a weakness which is relevant
to many of us!Cheers,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05b44784-2fd3-4241-7e52-4afbfda7d036%40web.de.

Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2020-12-29 Thread haaber


On 12/29/20 7:02 PM, Ulrich Windl wrote:

Better:  create in dom0 a file containing:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


Save that as an executable script, such as "~/.local/bin/send-to-vm.sh".
Then, open dom0 file manager, right click any png, click open with other
application, and under "use a custom command" enter "send-to-vm.sh %s".


When trying, it seems my Dom0 does not have a file manager in the menu.
I had to run "thunar" manually from the terminal.

you are right.


Also: Wouldn't qvm-move-to-vm be preferrable (also replacing "Send" with
"Move")?

you are right again. It was a "proof of concept" code. Thank you for the
correction!



This "registers" the script in the application list.

Then, when you take a screenshot, instead of choosing "save", choose
"open with..." and see if your script shows up in the list of available
applications. If still not, you might have to write a simple .desktop
file in ~/.local/share/applications in order for it to show
up as an option.

Or write it by hand: like
 ~/.local/share/applications/userapp-screenshot.desktop  containing

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/user/.local/bin/send-to-vm.sh %f
Name=Send a screenshot to VM
Comment=Custom definition for SCREENSHOT.sh


cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/723ac154-6fb1-3469-b43e-9e960a0d630f%40web.de.

Re: [qubes-users] Disable lock screen / screenshot question

2020-12-23 Thread haaber

On 12/22/20 10:18 PM, Jarrah wrote:

How do you disable the automatic screen lock? I have the screensaver
disabled and the lock screen option unchecked but it still locks after a
few minutes.

For me, there is a "presentation mode" on the battery icon (which shows
on both desktop and laptop) that disables the screen lock.

Also when using the screenshot function in system tools, is it possible to
save to the AppVM file system you are currently using rather than to Dom0?
Or how do I access it once it is saved to Dom0?

You should be able to get them to your AppVM using `qvm-copy-to-vm ` from the terminal.

Better: create in dom0 a file containing:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"

Save that as an executable script, such as "~/.local/bin/send-to-vm.sh".
Then, open dom0 file manager, right click any png, click open with other
application, and under "use a custom command" enter "send-to-vm.sh %s".
This "registers" the script in the application list.

Then, when you take a screenshot, instead of choosing "save", choose
"open with..." and see if your script shows up in the list of available
applications. If still not, you might have to write a simple .desktop
file in ~/.local/share/applications in order for it to show
up as an option.

Re: [EXT] [qubes-users] crontab backups?

2020-12-21 Thread haaber


>
> Thank you for the response. It actually ended up that cron did not like
> executing a script, I just put the exact same line from the script
> directly into cron.cron is not anti-script as such. I experienced
problems using pipes (I guess a pipe spawns off a new thread, that does
not necessarily run under the same user)
> Now I just need to understand how to setup things to delete backups
> older than X

using "find". to find *files* "f" (in contrast with "d") older than 30
days that are called backup*.luks, it would be

  find   /path  -type f  -iname   backup\*.luks   -mtime +30   -print

the word "-print"   displays them.

Rem1: The first "*" must be backslashed in the find command, you don't
  want bash to expand it!

Rem2: careful with auto-delete (don't complain :)
  you replace -print by -delete



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4d46e1f-8f20-3a44-33fa-751d1afc6ef6%40web.de.

Re: [EXT] Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

2020-12-21 Thread haaber

On 12/21/20 1:08 AM, Ulrich Windl wrote:

On 12/20/20 4:17 PM, Morten Eyrich wrote:

Okay so if I have been using a https connection, then it's no
problem... ?

If they use a wrong certificate for a MITM attack they might decode your
connection... It means nobody between you and the "next endpoint" can
read your password, but how to ensure what the "next endpoint" really is?

Ulrich is right. First, look at the "certificate story". These are meant
ensuring that you can trust your endpoint. Certificates are
pre-installed in your browser, and one should check (and rarely does)
which ones to trust (and how much). Invented examples: If they are owned
by chinese or russian telecom company, do you trust it? State agencies
could intervene. Or british telecom (5eyes??). The actually used
hierarchical trust model might be a failure by design.

And then there are exploits. Example: some years ago Moxi Marlinspike
found the funny zero-byte error due to string handling: He proved that
you could buy for example the domain "com",0,"mand.org" and have the
trusted instances sign your subdomain google.com",0",mand.org" which
any firefox (at least) did recognise as valid certificate for google.com
since they considered the 0 byte as "end of string". You are not safe
from such type of exploits.

Conclusion as usual: if your life depends on it, do not trust https.

Re: [qubes-users] crontab backups?

2020-12-17 Thread haaber


On 12/17/20 2:32 PM, Stumpy wrote:

I havent played with crontab in forever, and I cant code at all, but I
really wanted to try to automate my backups a wee bit.

I made a basic script (qubackup) in the ~/ dom0 directory:
/home/bob/qvm-backup --yes --verbose --compress --passphrase-file
~/PASSPHRASE_FILE.txt /run/media/bob/drobo/backups/ anon-whonix
centos-7-minimal email chat work personal

and set crontab to run it every:
0 1 * * * /home/bob/qbackup

but it did not seem to work. I am able to run the script and the backup
will run but when i try to do it via cron then nada?

The crond seems to be running and crontab -l shows the schedule I pasted
above, Is there a reason this shouldn't work?


I am no cron-expert, but in my exoerience cron and scripts often mess.
One reason seems " pipes " in scripts that usually fail when cron'ed.
Have a look at these "|" in the script and re-code them pipe-free -- to
my opinion that would be a good starting point. cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e709611-53eb-c474-b795-2af5b440a18f%40web.de.

Re: [qubes-users] Re: QSB-063: Multiple Xen issues (XSA-115, XSA-325,XSA-350)

2020-12-16 Thread haaber


On 12/16/20 10:55 AM, 'Ilpo Järvinen' via qubes-users wrote:

On Wed, 16 Dec 2020, haaber wrote:


Dear Andrew,


    For Qubes 4.0:
    - Xen packages, version 4.8.5-28
    - Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1


how do I fetch 4.19.163-1 for example? I tried

sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64

but this gives "no package available". Same happens for 5.9.14-1. Also

sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64

fails. What am I missing??  Thank you.


The packages are likely still in security testing, not in the stable repo.
You need the enablerepo parameter. From the original announcement:


  For updates from the security-testing repository:
  $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing


right! Thank you. That brought indeed 4.19.163. But still

 sudo qubes-dom0-update --action=install
kernel-1000:5.9.14-1.qubes.x86_64 --enablerepo=qubes-dom0-security-testing

does not work. The main question seems: how do you get the correct
package name? Since a simple "update" does not install 5.9.14  but only
5.4.83 I have to ask for it "by hand", it seems.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f2ce1f4-2ee9-35bc-428f-14877aba6617%40web.de.

[qubes-users] Re: QSB-063: Multiple Xen issues (XSA-115, XSA-325, XSA-350)

2020-12-16 Thread haaber


Dera Andrew,


   For Qubes 4.0:
   - Xen packages, version 4.8.5-28
   - Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1


how do I fetch 4.19.163-1 for example? I tried

sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64

but this gives "no package available". Same happens for 5.9.14-1. Also

sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64

fails. What am I missing??  Thank you.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3eec0af-ca6a-8e98-239f-857222e2a385%40web.de.

[qubes-users] new xen kernel 5.xx

2020-12-16 Thread haaber


I have still instabilities with the xen kernels 5.x (sudden system
freeze). I also have a small /boot and hold only the last 3 kernels.
They are right now:

vmlinuz-4.19.155-1.pvops.qubes.x86_64
vmlinuz-5.4.78-1.qubes.x86_64
vmlinuz-5.4.83-1.qubes.x86_64

I would like to mark the (for me very stable) kernel 4.19.155 as "do not
erase while updating" and remove the (for me) useless kernel
vmlinuz-5.4.78-1.qubes.x86_64. How can I do that, please?  I fear to
make a mess when just "playing around". I also want to keep 5.x kernels
for appVM's (they work well).   Thank you!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c453cf15-c69f-8b5f-f7c6-64ce6742e588%40web.de.

Re: [qubes-users] Re: Please help test kernel 5.4 in anticipation of Qubes 4.0.4-rc2

2020-11-29 Thread haaber


I detected neither issues, all is working well. I'll continue to test
with my daily usage and report again in 2 days with more tests.

For users who want to test, the complete command is:

[xxx@dom0 ~]$ sudo qubes-dom0-update --action=upgrade
--enablerepo=qubes-dom0-current-testing kernel kernel-qubes-vm


I experienced regular complete freezes of xen (after 5-30 minues xen
would be dead) -- I had to downgrade the xen kernel back to 4.19.155 -
to be able to write this mail. HCL report attached.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e42ea8ad-86b6-a490-583f-e6808cbf506c%40web.de.


Qubes-HCL-Dell_Inc_-Latitude_7390-20201129-212036.yml
Description: application/yaml

Re: [qubes-users] Re: Are "smart" monitors/TVs a security issue?

2020-11-26 Thread haaber


For "native" thunderbolt monitors there certainly could be an issue! For
HDMI/DP, honestly, do not know how much a malicious device could do.


For "smart"-tv's please notice existence of ethernet-over-hdmi :) Often
these machines have microphones (for vocal commands). As well as the STB
that decodes your ip-TV. Better you own your hardware ... and harden
the linux on it :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/264cccae-bab2-3ba9-8094-0de5e60e8160%40web.de.

Re: [qubes-users] ARM in Qubes OS

2020-11-18 Thread haaber


On 11/16/20 3:55 PM, load...@gmail.com wrote:

*So, the question is the same: Are there plans to support ARM processors
in Qubes OS in the future?


no woman, no cry - and no xen, no qubes :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fee9e809-4159-bd4e-6163-907ff42c1e6f%40web.de.

Re: [qubes-users] QSB #61 Information leak via power sidechannel (XSA-351)

2020-11-14 Thread haaber


Hello,  Marek wrote in the QSB


   For Qubes 4.0: Xen packages, version 4.8.5-26
   For updates from the security-testing repository:
   $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing


I found out an unexpected behaviour. I always ran the command

sudo qubes-dom0-update --enablerepo=qubes-dom0-*-testing

to update the system, believing that "*" it would include the case
"security". This seems not the case!  After running the update with *
the xen state was still 4.8.25:

dnf list |grep xen
libvirt-daemon-driver-xen.x86_64   3.3.0-10.fc25
@qubes-dom0-cached
libvirt-daemon-xen.x86_64  3.3.0-10.fc25
@qubes-dom0-cached
python3-xen.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
qubes-libvchan-xen.x86_64  4.0.8-1.fc25
@qubes-dom0-cached
xen.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-hvm.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-hvm-stubdom-linux.x86_64   1.0.10-1.fc25
@qubes-dom0-cached
xen-hypervisor.x86_64  2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-libs.x86_642001:4.8.5-25.fc25
@qubes-dom0-cached
xen-licenses.x86_642001:4.8.5-25.fc25
@qubes-dom0-cached
xen-runtime.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached

Only running explicitly the command as Marek suggests, * replaced by
security would upgrade to 4.8.26. That is odd, isn't it?

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4237dc93-27d2-d785-31a3-53fa3e3e19e1%40web.de.

1 2 3 4 >

1 - 100 of 377 matches

Mail list logo