from:"liked2"

[qubes-users] saltstack: detect the os within a running target/state.sls

2023-08-24 Thread liked2


Hi!

Running grains['os'] in a target returns always "Fedora" and grains['id'] returns 
"dom0". For this reason I cannot branch in my state files for different os templates.
Executing this test in such a targeted state.sls:

test-grains-for-choosing-the-right-template:
  test.configurable_test_state:
    - name: "grains test"
    - changes: True
    - result: True
    - comment: {{ grains['os'] ~ ", " ~ grains['id'] ~ ", " ~ grains['osfullname'] ~ 
", " ~ grains['os_family'] }}

returns
grains['os']=Fedora, grains['os']=dom0, grains['osfullname']=Qubes, 
grains['osfamily']=RedHat

Any ideas why this happens? How to branch correctly in a state file depending 
on the os of the template?

Best, P!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af4cc3e7-e405-7079-0980-7c6c5c482e00%40gmx.de.

[qubes-users] Re: Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates

2022-04-08 Thread liked2

On 4/5/22 19:20, 'Johannes Graumann' via qubes-users wrote:

> However, I now realize that a proper Qubes template does not have
> standard internet access even when being updated, so that route is
> barred.
>
> How would you go about this? Just manual downloading the rpm and
> installing it into the template does the trick, but I'd vastly prefer a
> salty solution.

I'm using a salt solution to install zoom inspired by unman's script: 
https://github.com/unman/notes/blob/master/gpg_in_templates
like that in a debian template as a salt state:

install-zoom:
  cmd.run:
- names:
  - wget --no-verbose -e use_proxy=on -e https_proxy=127.0.0.1:8082 -O 
~/zoom_amd64.deb https://zoom.us/client/latest/zoom_amd64.deb
  - sudo apt-get install ~/zoom_amd64.deb -y

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35fe0e98-844f-743a-fdbf-b9a7b0d1fbbb%40gmx.de.

[qubes-users] what's the speciality of dvm template for sys-* in v4.1?

2022-03-19 Thread liked2



Hi!

I'm using disposable sys-* on my v4.1 laptop. If choosing debian as default 
template a debian-11-dvm is created and used as a template dvm for sys-*

Strange observations:

1. in the xfce-menu no "Disposable: debian-11-dvm" is created
2. if I create a new disposable template and assign it as a base for sys-usb, 
my touchpad stops working and I have to use an external USB-mouse (which is 
working)

What's special about this default debian-11-dvm?

Also if I rename debian-11-dvm to e.g. special-debian-11-dvm, there's still no 
entry in the xfce menu.

If I create a brand new dvm template called debian-11-dvm-NEW and compare the 
properties (qvm-prefs, qvm-features) of debian-11-dvm-NEW and debian-11-dvm 
they differ only in parts which are supposed to be different like IP etc.

Please share some details about this special dvm and how can I create such a 
dvm manually?

Best, P!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/70efd625-c65a-722e-e551-ef6a3e2537d6%40gmx.de.

[qubes-users] Re: Default firewall configuration for dns/icmp of VMs with restricted access

2021-12-21 Thread liked2



On 12/20/21 13:02, David Hobach wrote:
> Btw I still consider this hideous firewall GUI an anti-feature and would 
> wholeheartedly support anyone complaining about it at qubes-issues.
>
I don't agree to this statement as the GUI firewall does mitigate some risks if 
used. Only providing a command line interface would mean that some people 
wouldn't (have the ability to) use it. For those who are brave enough to use 
the command line, they probably also will manage to understand the implications 
of using the UI.


What else is wrong with the firewall GUI besides the fact of the both hidden 
dns/icmp specialities?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/932bb321-db37-746a-ea15-28867756597c%40gmx.de.

[qubes-users] Default firewall configuration for dns/icmp of VMs with restricted access

2021-12-19 Thread liked2

Hi!

In the default firewall setup if a VM is restricted via UI using "Limit 
outgoing Internet connections to ..." 2 rules are added before "drop all 
packages":

[prompt]$ qvm-firewall vm

NO  ACTION  HOSTPROTOCOL  PORT(S)  
SPECIAL TARGET  ICMP TYPE  EXPIRE  COMMENT
0   accept  www.qubes.org   tcp   443  -
  -  -   -
1   accept  -   - -dns  
   -  -   -
2   accept  -   icmp  --
   -  -   -

Namely:
accept dns
and
accept icmp

1. Is my assumption correct that by that it's possible to exfiltrate data to 
any destination server using dns/icmp?
2. What are practical solutions to mitigate that?
a) delete "accept dns/icmp" rules in the firewall and add the 
corresponding IPs to the restricted domains/ips in /etc/hosts of the vm?
b) using pihole as dns resolver and restrict the access there?
c) more useful solutions?

Thanks, P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3add8367-8dec-0bee-82c4-9e64eaa3ef7c%40gmx.de.

[qubes-users] keyserver in template with saltstack unreachable

2021-12-04 Thread liked2

Hi,

I'm using in my saltstack formulas creating of repositories in a debian 
template e.g.

add-repo:
 pkgrepo.managed:
  - name: deb http://repository.spotify.com stable non-free
  - file: /etc/apt/sources.list.d/spotify-client.list
  - humanname: spotify
  - keyid: 5E3C45D7B312C643
  - keyserver: keys.openpgpg.org
  - gpgkey: https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg
  - gpgcheck: 1

Unfortunately, I get this error after execution:
    ID: add-repo
  Function: pkgrepo.managed
  Name: deb http://repository.spotify.com stable non-free
    Result: False
   Comment: Failed to configure repo 'deb [trusted=yes] 
http://repository.spotify.com stable non-free': Error: key retrieval failed: 
Executing: /tmp/apt-key-gpghome.xyY44SvGz1/gpg.1.sh --batch --keyserver 
keys.openpgpg.org --logger-fd 1 --recv-keys 5E3C45D7B312C643
    gpg: keyserver receive failed: Network is unreachable

Any ideas how to fix that? Is that connected that templates are using a proxy 
for outbound connections which salt is not able to use for retrieving keys?
Btw. none of the options works: keyid + keyserver nor gpgkey. I just added both 
of the in the salt snipped.

Thanks! P.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ae6b375-48b6-20e8-f03c-8325efc51564%40gmx.de.

[qubes-users] headset recommendation for video conferencing with good audio quality

2021-11-16 Thread liked2



Hi!

I'd like to ask for recommendations for headset for video conferencing. It has 
been said that my bluetooth headset with slack or microsoft teams do have much 
worse audio quality with qubes than with windows.

Any recommendations from the community? Bonus for bluetooth headsets.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33622ae8-dd4e-0930-94e7-c52eb5f65296%40gmx.de.

[qubes-users] Re: best way to disable a linux service in a AppVM

2021-11-07 Thread liked2



On 11/6/21 18:06, unman wrote:
> On Sat, Nov 06, 2021 at 04:34:02PM +0000, liked2-mmb7mzph...@public.gmane.org 
> wrote:
>> On 11/6/21 16:23, badgateway wrote:
>>> Is it an option to clone your current template and disable the services 
>>> permanently in your new template?
>>>
>>
>> It is an option. But in this case I'd prefer the way using 
>> /rw/config/rc.local not to maintain another template.
>>
>> I've learned there must be 3 alternatives, otherwise you've not done enough 
>> research. Maybe there's a 3rd way?
>>
>
> There is indeed a third way, which fits nicely in to the Qubes
> framework, and is used by qvm-service. Instead of disabling the
> service, control it.
>
> If your service is foo.service:
> Create a folder foo.service.d, and create a file 10_qubes.conf with
> something like
> ```
> [Unit]
> ConditionPathExists=/var/run/qubes/service/foo
> After=qubes.sysinit.service
> ```
>
> Now you can control with `qvm-service --enable  foo` in qubes
> where you want the service to run.
>
> You could invert the sense of control by using
> ConditionPathExists=! but this may lead to confusion.
>

Thanks unman, that's exactly what I was looking for. Except, there's a 4th way. 
:)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66c2bbb6-e02c-89ef-95b7-f9425b4f9d51%40gmx.de.

[qubes-users] Re: best way to disable a linux service in a AppVM

2021-11-06 Thread liked2

On 11/6/21 16:23, badgateway wrote:
> Is it an option to clone your current template and disable the services 
> permanently in your new template?
>

It is an option. But in this case I'd prefer the way using /rw/config/rc.local 
not to maintain another template.

I've learned there must be 3 alternatives, otherwise you've not done enough 
research. Maybe there's a 3rd way?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6281e6d-6dd2-ee5b-1749-c5ce1544756a%40gmx.de.

[qubes-users] best way to disable a linux service in a AppVM

2021-11-06 Thread liked2

Hi!

What's the best way to disable a linux service "e.g. systemctl disable --now 
systemd-resolved.service &" in a AppVM. I don't want to disable the service in 
my template because it's used by other AppVMs.

Currently, I'm doing this in /rw/config/rc.local by "sleep 5s && sudo systemctl 
disable --now systemd-resolved.service &". But it's probably not the best way 
as it relies on the startup timing.

Thanks in advance and best, P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/641c2e37-6971-14b7-7ae1-631cb2956592%40gmx.de.

[qubes-users] poor quality of bluetooth headset

2021-09-26 Thread liked2



Hello!

I recently switched from Windows to qubes v4.0.3 to use a bluetooth headset 
with slack/ms teams. Unfortunately, the audio quality (especially of the mic) 
is very poor and much worse than with windows.

Changing some switches in /etc/bluetooth/main.conf hasn't really helped.

Any ideas for tuning bluetooth audio?

Best, P.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7df0ec9-a8df-a592-9110-c6d2145955e4%40gmx.de.

[qubes-users] troubleshooting Iris Xe problems

2021-07-18 Thread liked2

Hi!

I'm currently trying to troubleshoot my Iris Xe graphic card problems by 
following this guide:
https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/intel-igfx-troubleshooting.md

It advises to modify:
Edit /boot/efi/EFI/qubes/xen.cfg (e.g. sudo nano /boot/efi/EFI/qubes/xen.cfg)

Unfortunately, in my latest v4.1 beta installation with EFI there is no such 
file. Only files in /boot/efi/EFI/qubes are:
fonts
grub.cfg
grubx63.efi
xen-4.14.2.efi

None of the seems suitable. Any ideas?

Best, P.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1158b7df-240b-7896-4ab9-be03fddf78ee%40gmx.de.

[qubes-users] Screen is flashing when moving the mouse @qubes 4.1 alpha nighlty build 20210703

2021-07-07 Thread liked2

Hi!

I'm currently trying to install qubes on a Tuxedo InfinityBook Pro 14 v6 
(https://www.tuxedocomputers.com/en/Linux-Hardware/Linux-Notebooks/10-14-inch/TUXEDO-InfinityBook-Pro-14-Gen6.tuxedo#)
Main specs:
- i7-1165G7
- Iris Xe Graphics G7 (96EUs)
- Intel Wi-Fi 6 AX200

It's not possible to install Qubes v4.0.4. on this laptop (probably due to 
outdated Xen version).

Therefore I used the latest (alpha) version from here: 
https://qubes.notset.fr/iso/
1. Qubes-20210703-kernel-latest-x86_64.iso
2. Qubes-20210703-x86_64.iso

With both isos I managed to install Qubes, but 2 main issues are remaining:

1. If I move the mouse or if I'm using the trackpad the screen is flashing. 
Sometimes it's black for half a second is refreshing again if I continue moving 
the mouse.
2. No wifi is detected.

Any ideas to resolve 1 + 2 is very appreciated.

Thanks in advance!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fa1d3cb-0623-ed66-d24b-920b8f7450a5%40gmx.de.

[qubes-users] Re: recreate firewall qube

2021-05-16 Thread liked2

On 5/14/21 4:08 PM, unman wrote:
> On Fri, May 14, 2021 at 03:55:50PM +0100, liked2-mmb7mzph...@public.gmane.org 
> wrote:
>>
>>> With salt? `qubesctl state.apply qvm.sys-firewall` should do it.
>>>
>>> But sys-firewall is just a qube with networking enabled, "provides-network" 
>>> set to True and
>>> memory 500.
>>>
>>
>> Ok, maybe there's another issue. Currently I'm not able to expose a port to 
>> outside world (outside my qubes box) which was working 1/2 year ago but now 
>> it doesn't:
>> I've tried these scripts to do it:
>> - https://github.com/QubesOS/qubes-issues/issues/5693
>>  (https://gist.github.com/fepitre/941d7161ae1150d90e15f778027e3248)
>> - https://github.com/QubesOS/qubes-issues/issues/4028
>>  (https://github.com/niccokunzmann/qvm-expose-port)
>> - https://gist.github.com/jpouellet/d8cd0eb8589a5b9bf0c53a28fc530369
>>
>> In my vm-to-be-exposed I used besides the service I actually want to expose 
>> the following:
>> - python3 -m http.server
>> - netcat -lv port
>>
>> Connections in my local network to this AppVM using the IP of my qubes-NetVM 
>> all fail with a timeout. If I'm trying to connect from my qubes box to a 
>> simple ubuntu with an exposed port it works.
>>
>> That's why my hypothesis was that I messed up my firewall qube.
>>
>> Any ides how I could tackle down the problem?
>>
>
> Have you read https://www.qubes-os.org/doc/firewall ?
> What templates are you using for sys-net and sys-firewall?
>
> Start at sys-net - you should have a rule directing inbound traffic to
>  to sys-firewall.
> Open a terminal in sys-net, and observe the counters in PRE-ROUTING and
> FORWARD.
> Attempt to make a connection - the counters should increment.
>
> Do the same in sys-firewall.
> Again, when you try to make a connection, you should see the counters
> increment.
>
> Do the same in the target qube. Here you should see the counter
> increment in the filter chain.
>
> Stepping down the network chain like this will help you identify where
> your problem lies.
>

Thanks, these hints helped to find the reason: sleep-suspend somehow messes up 
sys-net. After restarting it, everything worked. Any idea which service I could 
restart instead of restarting the whole sys-net? Mess up of my wifi adapter I 
could "repair" by service wpa_supplicant restart. But iptable forward rules 
created by
- https://github.com/QubesOS/qubes-issues/issues/5693
(https://gist.github.com/fepitre/941d7161ae1150d90e15f778027e3248)
only work after a sys-net restart.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68d9fba3-75a8-a264-42b4-e7f0f70d980a%40gmx.de.

[qubes-users] Re: recreate firewall qube

2021-05-14 Thread liked2



> With salt? `qubesctl state.apply qvm.sys-firewall` should do it.
>
> But sys-firewall is just a qube with networking enabled, "provides-network" 
> set to True and
> memory 500.
>

Ok, maybe there's another issue. Currently I'm not able to expose a port to 
outside world (outside my qubes box) which was working 1/2 year ago but now it 
doesn't:
I've tried these scripts to do it:
- https://github.com/QubesOS/qubes-issues/issues/5693
(https://gist.github.com/fepitre/941d7161ae1150d90e15f778027e3248)
- https://github.com/QubesOS/qubes-issues/issues/4028
(https://github.com/niccokunzmann/qvm-expose-port)
- https://gist.github.com/jpouellet/d8cd0eb8589a5b9bf0c53a28fc530369

In my vm-to-be-exposed I used besides the service I actually want to expose the 
following:
- python3 -m http.server
- netcat -lv port

Connections in my local network to this AppVM using the IP of my qubes-NetVM 
all fail with a timeout. If I'm trying to connect from my qubes box to a simple 
ubuntu with an exposed port it works.

That's why my hypothesis was that I messed up my firewall qube.

Any ides how I could tackle down the problem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aedea0f3-69c5-00d0-bb43-cfb7b1023ab8%40gmx.de.

[qubes-users] recreate firewall qube

2021-05-14 Thread liked2

Hi,

in case I messed up my firewall qube:

1. What's the best way to re-create it with default settings?
2. Since 7 months saltstack states for sys-* were updated to support disposable 
sys-*: 
https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/sys-firewall.sls
    a) is this part of v4.0.4?
    b) how could I use it if it's part of v4.0.4?

Thanks in advance!
P.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f709d47b-f136-8383-db1a-de5ccf720550%40gmx.de.

[qubes-users] detect tcp/ip connections of executables due to qubes firewall restrictions

2021-05-06 Thread liked2

Hi!

Due to the current implementation/design of qubes firewall, it's hard to use 
domain names for firewall rules, because of "static" DNS resolution:
https://github.com/QubesOS/qubes-issues/issues/5225

To find out the "connection wishes/tries" of an executable, what's the 
recommendation to use them for firewall rules?
1.  Let's assume all network access except DNS is restricted from a 
AppVM. How can I find out which domains/IPs which executable is trying to 
use/connect to?
2. What are you're best practices to find out all IPs for a domain to 
white list them?

Best, P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0a608ac-554e-bcab-7557-77a51fe05140%40gmx.de.

[qubes-users] Re: Doing all DNS calls using DoH over Tor

2021-03-02 Thread liked2

On 2/28/21 11:51 PM, unman wrote:

On Sun, Feb 28, 2021 at 12:37:49PM +, liked2-mmb7mzph...@public.gmane.org
wrote:

On 8/2/20 11:46 AM, Kushal Das wrote:

Hi,

I wrote a blog post [0] explaining the steps required to move all the DNS calls
to any secure DoH server using Tor (to keep the calls anonymized). Here I am
modifying sys-firewall as the primary netwvm for the other AppVMs.

[0] https://kushaldas.in/posts/use-doh-over-tor-for-your-qubes-system.html

Kushal

Thanks Kushal!

I was using your setup successfully until changing the template from fedora 32
to fedora 33. Unfortunately, I cannot figure out why it stopped working.
Switching back to fedora 32 works again.

Any ideas?

Read the announcement about the Fedora33 template, and you'll see a
specific section on the handling of DNS, I think.

1) Marmarek reccomends in this comment:
https://www.zeit.de/wirtschaft/2021-02/einfamilienhaeuser-klimaschutz-debatte-eigenheim-gruene-
stadt-land?utm_source=pocket-newtab-global-de-DE
to add a .lan suffix.

2) Another suggestion is
https://www.zeit.de/wirtschaft/2021-02/einfamilienhaeuser-klimaschutz-debatte-eigenheim-gruene-
stadt-land?utm_source=pocket-newtab-global-de-DE

to disable systemd-resolved and enable NetworkManager.

I can't imagine how 1) would help with that setup. Are there suggestions how to
accomplish 2)?

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f00d731c-ed26-14aa-53e0-e3e4a6d90219%40gmx.de.

[qubes-users] Re: Doing all DNS calls using DoH over Tor

2021-02-28 Thread liked2


On 8/2/20 11:46 AM, Kushal Das wrote:

Hi,

I wrote a blog post [0] explaining the steps required to move all the DNS calls
to any secure DoH server using Tor (to keep the calls anonymized). Here I am
modifying sys-firewall as the primary netwvm for the other AppVMs.

[0] https://kushaldas.in/posts/use-doh-over-tor-for-your-qubes-system.html

Kushal



Thanks Kushal!

I was using your setup successfully until changing the template from fedora 32 
to fedora 33. Unfortunately, I cannot figure out why it stopped working. 
Switching back to fedora 32 works again.

Any ideas?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bfa63bf8-f671-cb95-d770-9be9d156488e%40gmx.de.

[qubes-users] Re: unable to attach the usb controller to win10 hvm

2021-02-07 Thread liked2


On 1/30/21 11:21 PM, 'awokd' via qubes-users wrote:

liked2-mmb7mzph...@public.gmane.org:


[user@dom0 ~]$ qvm-pci attach win10 --option no-strict-reset=true dom0:00_14.0



Is this a bug to be reported or does someone has ideas to resolve that?


According to the man page, the --option should be prior to the vmname so try 
that first. Also see if attaching via the GUI (with the no strict reset option 
selected) works any differently.



I could solve the issue:
After the install of the Windows Qubes Tools, the Xenbus VBD couldn't be 
properly activated by Win10. With this hint:
https://github.com/QubesOS/qubes-issues/issues/3585#issuecomment-544509860

I've updated the driver of Xenbus VBD with these Xen-drivers:
https://xenbits.xen.org/pvdrivers/win/8.2.2/xenvbd.tar

After that I could successfully mount the USB-Bus to this Win10 vm. Still the 
USB 3.0 Host was not working. I have to disable and re-enable it after every 
windows restart.

Any ideas to solve that are welcome!

Thanks awokd for the support.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7956e86a-33b9-e94c-b0e9-33f3407f13d6%40gmx.de.

[qubes-users] unable to attach the usb controller to win10 hvm

2021-01-30 Thread liked2


Hey!

I've windows tools installed in windows 10 and when I'm trying to attach the 
usb controller by:

[user@dom0 ~]$ qvm-pci attach win10 --option no-strict-reset=true dom0:00_14.0

I get these errors in journalctl:

Jan 30 20:22:52 dom0 libvirtd[2160]: 2021-01-30 20:22:52.571+: 2507: error 
: virPCIDeviceReset:1002 : internal error: Unable to reset PCI device 
:00:14.0: no FLR, PM reset or bus reset available
Jan 30 20:22:52 dom0 libvirtd[2160]: 2021-01-30 20:22:52.576+: 2507: error 
: libxlDomainAttachHostPCIDevice:3250 : internal error: libxenlight failed to 
attach pci device :00:14.0
Jan 30 20:22:52 dom0 libvirtd[2160]: 2021-01-30 20:22:52.576+: 2507: error 
: virPCIDeviceReset:1002 : internal error: Unable to reset PCI device 
:00:14.0: internal error: libxenlight failed to attach pci device 
:00:14.0
Jan 30 20:22:52 dom0 qubesd[2523]: unhandled exception while calling 
src=b'dom0' meth=b'admin.vm.device.pci.Attach' dest=b'win10 arg=b'dom0+00_14.0' 
len(untrusted_payload)=20
Jan 30 20:22:52 dom0 qubesd[2523]: Traceback (most recent call last):
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 275, in respond
Jan 30 20:22:52 dom0 qubesd[2523]: untrusted_payload=untrusted_payload)
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib64/python3.5/asyncio/futures.py", line 381, in __iter__
Jan 30 20:22:52 dom0 qubesd[2523]: yield self  # This tells Task to wait 
for completion.
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib64/python3.5/asyncio/tasks.py", line 310, in _wakeup
Jan 30 20:22:52 dom0 qubesd[2523]: future.result()
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib64/python3.5/asyncio/futures.py", line 294, in result
Jan 30 20:22:52 dom0 qubesd[2523]: raise self._exception
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib64/python3.5/asyncio/tasks.py", line 240, in _step
Jan 30 20:22:52 dom0 qubesd[2523]: result = coro.send(None)
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/admin.py", line 1276, in 
vm_device_attach
Jan 30 20:22:52 dom0 qubesd[2523]: yield from 
self.dest.devices[devclass].attach(assignment)
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib/python3.5/site-packages/qubes/devices.py", line 254, in attach
Jan 30 20:22:52 dom0 qubesd[2523]: device=device, 
options=device_assignment.options)
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib/python3.5/site-packages/qubes/events.py", line 231, in 
fire_event_async
Jan 30 20:22:52 dom0 qubesd[2523]: kwargs, pre_event=pre_event)
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib/python3.5/site-packages/qubes/events.py", line 166, in _fire_event
Jan 30 20:22:52 dom0 qubesd[2523]: effect = func(self, event, **kwargs)
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib/python3.5/site-packages/qubes/ext/pci.py", line 241, in 
on_device_pre_attached_pci
Jan 30 20:22:52 dom0 qubesd[2523]: device=device, vm=vm, options=options))
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib/python3.5/site-packages/qubes/app.py", line 101, in wrapper
Jan 30 20:22:52 dom0 qubesd[2523]: return attr(*args, **kwargs)
Jan 30 20:22:52 dom0 qubesd[2523]:   File 
"/usr/lib64/python3.5/site-packages/libvirt.py", line 563, in attachDevice
Jan 30 20:22:52 dom0 qubesd[2523]: if ret == -1: raise libvirtError 
('virDomainAttachDevice() failed', dom=self)
Jan 30 20:22:52 dom0 qubesd[2523]: libvirt.libvirtError: internal error: Unable 
to reset PCI device :00:14.0: internal error: libxenlight failed to attach 
pci device :00:14.0


Is this a bug to be reported or does someone has ideas to resolve that?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/103d51b6-3bda-4cea-4808-888b1dc23ea5%40gmx.de.

[qubes-users] Re: Firefox unresponsive script

2021-01-28 Thread liked2


On 1/28/21 5:31 PM, Shawn Creighton wrote:

Anyone else experience Firefox on Qubes freezing up with super high CPU usage? 
Happens to me about once a day, it will freeze for like 5 minutes and then a 
script warning like this will pop up. I'm not using any plugins or add-ons.


Unresponsive script: chrome://browser/content/places/browser Places 
Views.js: 115



If you've a i7-8550U CPU, it might be caused by this bug: 
https://github.com/QubesOS/qubes-issues/issues/4604

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/217e45c4-a457-7d3a-7b1d-2184dd8fbd4b%40gmx.de.

[qubes-users] Re: qvm-create-windows-qube 2.0

2021-01-11 Thread liked2

On 1/13/20 9:48 AM, 'Elliot Killick' via qubes-users wrote:

I'm working towards having this project be similar (or superior) to
VMWare's Windows "Easy Install" feature but on Qubes:
https://www.youtube.com/watch?v=1OpDXlttmE0

Regards,

Elliot

Thank you very much for this project. I tried it with the current win10x64 and
I'm currently stuck several times at the same step:
[i] Preparing Windows media for automatic installation...
[i] Starting creation of win10-orig_01
[i] Commencing first part of Windows installation process...
[i] Commencing second part of Windows installation process...
[i] Preparing Qubes Windows Tools for automatic installation...
[i] Installing Qubes Windows Tools...

During the windows tools installation the volume d: fails during formating with
ntfs. By trying to format it manually (format d: /fs:ntfs /Q) the following
message is displayed:
"QuickFormatting 2.0 GB
Starting offset of the thinly provisioned or DAX partition is not aligned to a
cluster boundary. Partition is 512 bytes aligned. To format with specified
cluster size, align the partition to 4 KB.
Format failed."

The installation of Windows Tools cannot be continued.

Any ideas how to resolve this?

[qubes-users] Re: A quick survey on usage patterns?

2020-12-28 Thread liked2


On 12/27/20 7:47 PM, Alex Smirnoff wrote:


Hi everyone,

anyone willing to share how do you use Qubes environment: tempaltes, VMs, etc?
I think besides "tinfoil hat" community many of us do still use traditional 
services like dropbox, g suite, signal, telegram etc.

How do you manage that? A signle VM for several apps? One VM per app? How do 
you print? How do you scan?



You can find here some user setups:
https://github.com/Qubes-Community/Contents/tree/master/docs/user-setups

You could also share your setup there.

Reddit offers also some setups:
https://www.reddit.com/r/Qubes/comments/eevf02/whats_your_user_setup_i_love_reading_about_how/
https://old.reddit.com/r/privacytoolsIO/comments/dq8haz/iyho_firefox_vs_tor_vs_brave_for_browser_selfhost/f6192p4/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d0f2d74-ddaf-0e76-a37f-7dd8768f7eec%40gmx.de.

[qubes-users] custom sys-usb end up with an error

2020-12-21 Thread liked2


Hi!

I've built my sys-usb now on a fedora32 template and a dvm setup (according to 
this manual: https://www.qubes-os.org/doc/disposablevm-customization/). Every 
usb-device works fine except the built-in camera. The camera is being detected 
during sys-usb-dvm startup, but when I try to connect it to another AppVM, I 
receive the message:

"Attaching device MyDevice to AppVm failed. Error: QubesException - Device attach 
failed: No device info received, connection failed, check backend side for details."

When I switch back my usb controller to the original sys-usb, I can use my 
camera by attaching it to AppVMs.

1. What is meant by backend? Is this the sys-usb or the AppVM I'm trying the 
camera attach to? Which log should I look at?
2. Any ideas how to resolve that issue or how to investigate?

Best, P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a7fd265-657e-a895-d136-9150d79ac554%40gmx.de.

[qubes-users] camera not connected after sys-usb switch

2020-12-13 Thread liked2


Hi!

I've switched my sys-usb to a minimal template and a dvm setup (according to this manual: 
https://www.qubes-os.org/doc/disposablevm-customization/). Everything works fine except 
the built-in camera. The camera is being detected during sys-usb-dvm startup, but when I 
try to connect it to another AppVM, I receive the message "Attaching device MyDevice 
to AppVm failed. Error: QubesException - Device attach failed: No device info received, 
connection failed, check backend side for details."

Am I missing some packages in the minimal template which are not listed here: 
https://www.qubes-os.org/doc/templates/minimal/#distro-specific-notes?

Best, P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6849cd2-e5e2-ebaf-b2e7-50da39506e60%40gmx.de.

[qubes-users] select vm to restore from a qvm-backup

2020-10-27 Thread liked2


Hi!

I'm looking for a possibility to restore only 1 AppVM from a system backup. I 
could find this by studying the parameters of qvm-backup-restore. Seems that it 
performs a whole system restore (only to choose between with or without dom0).

Any ideas or suggestions?

Best, P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a0fb20e-4c95-7158-e9f1-04494497e869%40gmx.de.

[qubes-users] Re: connecting an iPhone to a AppVM - 4 non-working attempts

2020-10-17 Thread liked2

On 5/5/20 12:16 AM, Sven Semmler wrote:

On Sun, May 03, 2020 at 10:01:40PM +0100, liked2-mmb7mzph...@public.gmane.org
wrote:

Signal processing controller: Intel Corporation Sunrise Point-LP Serial IO I2C
Controller #0

I happen to have the same chipset you have. But I have never attempted
to attach the Signal processing controller (dom0:00_15.0) to Windows ...
what's your use case?

To make your iPhone play nice with Windows/iTunes only the USB
controller (dom0:00_14.0) is required.

I installed the USB drivers from Lenovo as I'm assuming that there will be a
pass trough. Unfortunately, this doesn't work. Windows still is looking for
drivers and doesn't find them.

I am running the "Intel USB 3.0/3.1 eXtensible Host Controller Driver"
Version 5.0.4.43 downloaded directly from the Intel website.

https://downloadmirror.intel.com/22824/eng/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2.zip

/Sven

Thank you very much Sven. With these hints, I managed to sync the iPhone win a
win vm. The puzzle which was missing for me was that I had to detach the usb
controller from the sys-usb. After this I could successfully attach it to the
win vm. Followed by installing the drivers you suggested, the iPhone was found
and could be used.

Have you managed to enable Wi-Fi sync? My assumption was that I only have to
sync once using USB and could sync over wifi afterwards. Unfortunately, even
after enabling it in iTunes, the iPhone seems not to be found although both
devices are connected to the same wifi.

Thanks a lot again!

[qubes-users] change priority of running vms

2020-10-10 Thread liked2


Hi,

does xen/qubes offer an ability to adjust vCPU priorities dynamically or limit 
the vCPU usage for some VMs from dom0.

Similar to cpulimit or nice.

Use case: sometimes some VMs tend to consume to much cpu and block other VMs 
currently active. I'd like to reduce their CPU priority without shuting them 
down and decrease amount of vcpus.

Thanks in advance, P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a51308e3-057e-d508-98c4-9e5e22493a5c%40gmx.de.

[qubes-users] Re: [TemplateVM error] could not resolve host: github.com #2

2020-09-25 Thread liked2


On 2020-09-25 06:19, setemeraude-VwIFZPTo/vqstnjn9+b...@public.gmane.org wrote:



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello there,

I was following the instructions listed here
(https://www.qubes-os.org/doc/pentesting/kali/#katoolin4_0) to create a
kali template vm and ran into the following error for Qubes 4.0



I recently came across this blog which uses salt to setup a kali machine. I 
haven't tried this, but you might find it useful:
https://alan-mushi.github.io/asap/2020/01/18/qubes-os-salt-kali-template.html

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac6d9490-f844-14f2-83ee-0de72ce58b8a%40gmx.de.

[qubes-users] Re: Firewall issue

2020-09-22 Thread liked2


On 2020-09-22 13:24, unman wrote:


By default, no new inbound connections are allowed, only connected
traffic.



For opening inbound ports, I'm successfully using this qvm-portfwd-iptables 
script:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/973c12e1-5120-237f-fdeb-0989e783bde1%40gmx.de.

[qubes-users] Re: saltstack: user specific pillars in qubes

2020-09-13 Thread liked2

OK, it might have been better if you had NOT modified my example, as you
should then have been able to verify that user pillars can be referenced
in this way.
I always find it better to take one small step at a time when
troubleshooting or trying to learn something new.

In the new case, you are using the user environment. I would try the
following:
/srv/salt/user_salt/get.top
user:
target:
- get

/srv/salt/user_salt/get.sls
get file:
cmd.run:
- name: wget {{pillar['host'] }}

qubesctl --skip-dom0 --targets=target state.apply saltenv=user get

You might like to look at:
https://docs.saltstack.com/en/latest/ref/states/top.html#environments

New environments can be defined in
`/etc/salt/minions.d/f_defaults.conf`, but I rarely do this in Qubes.

unman, as always you pointed me into the right direction. The whole reason it
was not working as I missed up with the directories.

Instead of using:
/srv/user_salt

I was using:
/srv/salt/user_salt

That's why your first example didn't work in my environment and I had to adjust
it.

Now everything is running perfectly with user defined pillars!

Thank you very much!

[qubes-users] Re: saltstack: user specific pillars in qubes

2020-09-13 Thread liked2

On 2020-09-06 18:21, 'hut7no' via qubes-users wrote:

I personally have pillars in /srv/pillar/tops_d and added the top file
/srv/pillar/_tops/base/tops_d.top.
The top file includes relative paths from /srv/pillar/ with a dot instead of a
slash:
base:
'*':
- tops_d.statefile1
- tops_d.statefile2
- tops_d.statefile3
- tops_d.statefile4

I do not use any commandline arguments specifying pillars, just {%
salt['pillar.get']('pillar_variable') %} from the statefiles in /srv/salt.

Thanks hut7no.

I'm trying to find a solution using user defined directories as it's suggested
in /srv/salt/qubes/user-dirs.sls:
##
# qubes.user-dirs
# ===
#
# Install and maintain user salt and pillar directories for personal state
# configurations:
#
# Includes a simple locale state file
#
# User defined scripts will not be removed on removal of qubes-mgmt-salt
# by design nor will they be modified on any updates, other than permissions
# being enforced.
#
# Execute:
#
# qubesctl state.sls qubes.user-dirs
#
# Note:
# Using using custom ID's to prevent possible conflicts
##

But if I'll not manage to finding this out, I'll try your suggestion.

[qubes-users] Re: saltstack: user specific pillars in qubes

2020-09-13 Thread liked2





Have you enabled the pillar in /srv/salt/user_pillar/top.sls?

Example:

In /srv/salt/user_pillar/top.sls I have a stanza:
user:
   'target':
 - get

In /srv/salt/user_pillar/get.sls, I set the pillar:
host: www.qubes-os.org

Then I have the state and top files, get.sls and get.top:
get file:
   cmd.run:
 - name: wget {{pillar['host'] }}

base:
   target:
 - get


qubesctl --skip-dom0 --targets=target state.apply get



First of all I'd like to thank you for your answer unman.

I've tried your example (and after modifying it to be able to run it) I get 
exact the same error as before.

Here's the setup:


Have you enabled the pillar in /srv/salt/user_pillar/top.sls?

As far as I know, I have only to enable state.top files. But I have a file like 
you suggest located in /srv/salt/user_pillar/:


In /srv/salt/user_pillar/top.sls I have a stanza:
user:
   'target':
 - get


Ok!


In /srv/salt/user_pillar/get.sls, I set the pillar:
host: www.qubes-os.org


Ok!


/srv/salt/user_salt/get.sls
get file:
   cmd.run:
 - name: wget {{pillar['host'] }}


Ok!


/srv/salt/user_salt/get.top
base:
   target:
 - user_salt.get


This one I had to modify as the get.sls is located in "/srv/salt/user_salt/". 
Above is already the modified version (user_salt is prefixed). I also enabled this top 
file by executing:
sudo qubesctl top.enable user_salt.get

Now, let's run this:


qubesctl --skip-dom0 --targets=target state.apply get


When I'm executing this, I get the error logged in 
/var/log/qubes/mgmt-target.log:
calling 'state.apply'...
2020-09-13 10:08:14,729 output: target:
2020-09-13 10:08:14,730 output: - Rendering SLS 'base:user_salt.get' 
failed: Jinja variable 'salt.utils.context.NamespacedDictWrapper object' has no 
attribute 'host'

When I'm executing this (additional parameter 
--pillar-root=/srv/salt/user_pillar/):
sudo qubesctl --skip-dom0 --targets=target state.apply 
--pillar-root=/srv/salt/user_pillar/

The result is the same as I described before:
target: ERROR (exception list index out of range)

I also tried to modify the pillar top file to meet the different location:

In /srv/salt/user_pillar/top.sls I have a stanza:
user:
   'target':
 - user_pillar.get


But this haven't changed the results.

Any further suggestions to investigate are highly appreciated.

Best. P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a463be1f-eae0-2f74-8330-03404a65e042%40gmx.de.

[qubes-users] saltstack: user specific pillars in qubes

2020-08-30 Thread liked2


Hi!

What's the correct way to use user specific pillars in qubes salt stack?

My pillars are located in
/srv/salt/user_pillar/

To enable during a run them I'm running:
sudo qubesctl --show-output state.highstate --pillar-root=/srv/salt/user_pillar/

This works quite well, but when I'm running it towards a target:
sudo qubesctl --show-output --target myTarget state.highstate 
--pillar-root=/srv/salt/user_pillar/

I receive this error:
ERROR (exception list index out of range)


Any ideas to investigate? Should pillar files be enabled in a different way?


Thanks in advance! P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5911fd33-5772-148a-4e0f-77439388621f%40gmx.de.

[qubes-users] tor browser consumes a lot of CPU

2020-08-14 Thread liked2


Hi!

I experience the problem that starting the tor firefox (process firefox-real 
according to top) in whonix (whonix-ws-15-dvm) it starts consuming a lot of CPU 
without navigating to any URL, just showing the first welcome side, after 
approximatelly 5 mins. This continues until closing the dvm.

Any ideas?

Best! P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/52b884e6-56ef-63d6-1c8a-993330be8712%40gmx.de.

[qubes-users] Re: Qubes T-shirts, polos, and sweatshirts now available from HELLOTUX

2020-08-07 Thread liked2


On 2020-08-07 16:06, Claudio Chinicz wrote:

Great initiative! I'm happy and proud I've been using Qubes for an year and a 
half now.

Also, this user group is very active and has been helping people, new users as 
well as veterans and very technical people.

It's important to help fund this important Project, very relevant to all users.



There are additional ways to fund it. E.g. with regular (small) payments:
https://opencollective.com/qubes

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b21857c-2577-5375-ea7e-aa5e553a16bb%40gmx.de.

[qubes-users] recommended way to use "pip install" in TemplateVm

2020-08-01 Thread liked2


Hi!

What's the recommended way to use python installed modules with "pip install" 
in TemplateVm?

1. pip install --user does not work as /home/local/ ist not transfered to an 
AppVM
2. pip install --target=/user/local.orig/ doesn't work as it's messes up the 
dependencies

Any suggestions?

Thanks in adance, P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19f9b414-43b8-a636-9e23-c0d16c02599a%40gmx.de.

[qubes-users] saltstack: targeting AppmVm for managing firewall rules

2020-08-01 Thread liked2


Hi!

I‘ve created a sls for managing VM rules using cmd.run of qvm-firewall. 
Unfortunately, this only works if I‘m using this sls targeting dom0. If I put 
this sls as a target for a AppVm I get errors like these:

Targeted Vm:
ID: -
Function: -
Name: -
Comment: /bin/bash: qvm-firewall: command not found

or
Targeted Vm:
ID: -
Function: -
Name: -
Comment: The following requisites we’re not found: require: sls: 
my_sls_to_manage_firewall_rules

Any ideas how marking this work targeting the right AppVm?

best. P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b051dc38-76b7-48bc-b940-f74308c3c85c%40gmx.de.

[qubes-users] Re: A way to "write configurations" to SALT?

2020-07-21 Thread liked2


On 2020-07-21 12:14, Stumpy wrote:

I have been trying to figure out SALT in my spare time and every time I start I 
finish with watery eyes and a mushy brain... for me its hard to wrap my head 
around.

While I am not giving up per se it occurred to me, so i just thought id ask on 
the off chance its possible... Can one say setup an AppVM and configure it to 
ones own needs _then_  somehow write that configuration to SALT? While this 
seems unlikely I have to ask.

Thanks!



With a lot of unmans help, I managed to setup all of my fedora templates with 
the salt stack. Additionally, I managed to setup my DVMs with salt.

I'm still not sure it's the best way to go (instead of using (dom-cmd line), 
but it was interesting to dig into it. And it (seems to) work(s).

If you need any help, please feel free to ask questions. I going to try to 
support you as far as I can.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0673df1-80a7-7748-2e1a-ee63d884c0a8%40gmx.de.

[qubes-users] saltstack: dependencies during vm.create

2020-07-19 Thread liked2


Hi!

I'm trying to create a DVM from a TemplateVM which is also created in the same 
file. The DVM depends on the TemplateVM and that's why the creation fails. 
Running the script twice works.

My top files looks similar to:

base:
 dom0:
  - match: nodegroup
  - create-template-vm
  - create-dvm

I've played around with the "require" or "order" key words, but it doesn't work:

base:
 dom0:
  - match: nodegroup
  - create-template-vm
  - create-dvm
    - order: last

Error is:
Rendering exception occurred: Jinja error: mapping values are not allowed here; 
line 6

Any ideas to enforce an order during vm creation?

Thanks a lot in advance! P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71df3e7e-02c9-2b23-3113-452d97b3b731%40gmx.de.

[qubes-users] Re: How to create application shortcuts for Flatpak apps?

2020-07-17 Thread liked2


On 2020-07-16 13:56, Alex Lu wrote:

I have a couple AppVMs with flatpak apps installed on them (with a --
user flag) and I can't figure out how to do it. There is guide
explaining how to do it, but it expects you to have flatpak apps
installed in TemplateVM. Is it possible to do?



This might help:
https://github.com/QubesOS/qubes-issues/issues/2766#issuecomment-603925759

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e50b3969-ba2f-1129-aab8-6b143112eeb7%40gmx.de.

[qubes-users] Re: saltstack used to update firefox profile

2020-07-15 Thread liked2


On 2020-07-15 14:09, unman wrote:

I agree to use salt-KISS but, with using the command line in salt renders it 
somehow less useful from my point of view. For example I've to be careful not 
to execute that script twice etc.

Actually, in this case you*dont*  need to worry about that, because
afaik firefox will only keep the last entry and will prune the others.


You're right with the second try. I just mixed 2 solutions into 1 during 
copying.
This one fails basically with the same error.



Any other suggestions?



unman, as always very appreciated for your help. That did the trick.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac650b11-acff-e0d5-475c-2314e9c42768%40gmx.de.

[qubes-users] Re: pen testing / port forwarding guide?

2020-07-14 Thread liked2


On 2020-07-14 16:54, 'J.M. Porup' via qubes-users wrote:

hi,

Has anyone written a guide to setting up a Kali vm in Qubes for
pen testing?

I'm studying for the OSCP, and the Qubes firewall port forwarding
guide suggests a fragile and finicky setup that I'm reluctant to
rely on. Punching holes from sys-net to sys-firewall to vpn-vm to
an an appvm just to run `nc -nlvp ` seems... like a kludge, at
best.

Issue #4028 tracks this problem.

The alternatives seem to be 1) create a HVM with direct access
to hardware--no sys-net or firewall-vm--or 2) purchase a
dedicated laptop for this use case.

Any suggestions?

thanks,

jmp



I've been using this script for a long time for port forwarding:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

This one might also be useful:
https://gist.github.com/Joeviocoe/90ec9fd9a0769b4671a8ae9c87584187

Best. P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2de40b8b-74ea-a933-cbc7-8869eee7b7ca%40gmx.de.

[qubes-users] Re: saltstack used to update firefox profile

2020-07-13 Thread liked2


On 2020-07-13 13:48, unman wrote:

On Sun, Jul 12, 2020 at 05:55:56PM +0100, liked2-mmb7mzph...@public.gmane.org 
wrote:

Hi,

I'm trying to build up my AppVms with saltstack and currently stuck with 
updating my firefox profile because it's located in a randomly generated 
directory (where xxx are random alpha-numerics):
/home/user/.mozilla/firefox/xxx.default-release/prefs.js

1st try with file.append from saltstack seems not to work with wildcards:

/home/user/.mozilla/firefox/*.default-release/prefs.js:
?? file.append:
?? - text:
?? - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);

2nd try with a for loop also fails:

{% for file in salt[cmd.run']('ls -l 
/home/user/.mozilla/firefox/*.default-release/prefs.js') %}
{{ file }}
{ file.find type=f 
name='/home/user/.mozilla/firefox/*.default-release/prefs.js' }
?? file.append:
?? - text:
?? - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);
{% endfor %}


Do you have a 3rd working example/suggestion?


Thanks in advance! P.



I'm a great believer in keeping salt as simple as possible.
In this case:
```
echo 'user_pref("browser.startup.homepage", "https://www.qubes-os.org"; ); ' >> 
/home/user/.mozilla/firefox/*.default-release/prefs.js :
   cmd.run

```

If you *do* want complexity, your 1st try is a non-starter, as you've
discovered.
In the 2nd, I wouldn't use a variable name which is also the name of a
salt module. Nor would I use `ls` and `file.find` together - what's the
point? Otherwise that looks workable.



I agree to use salt-KISS but, with using the command line in salt renders it 
somehow less useful from my point of view. For example I've to be careful not 
to execute that script twice etc.

You're right with the second try. I just mixed 2 solutions into 1 during 
copying.

2a was using "ls":
{% for file in salt[cmd.run']('ls -l 
/home/user/.mozilla/firefox/*.default-release/prefs.js') %}
{{ file }}
file.append:
 - text:
   - user_pref("browser.startup.homepage", "https://www.qubes-os.org";);
{% endfor %}

Unfortunately, this fails with the error:
- Rendering SLS 'base:my_script' failed: Jinja syntax error: expected token 
',', got 'string'; line 1

2b was an attempt to use the find functionality, but I didn't manage to get 
this working. Error message is:
{ file.find type=f 
name='/home/user/.mozilla/firefox/*.default-release/prefs.js' }
  file.append:
- text:
  - user_pref("browser.startup.homepage", "https://www.qubes-os.org";);

This one fails basically with the same error.

Any other suggestions?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5c90b18-7159-d53c-b5cf-95e2ee13a061%40gmx.de.

[qubes-users] saltstack used to update firefox profile

2020-07-12 Thread liked2


Hi,

I'm trying to build up my AppVms with saltstack and currently stuck with 
updating my firefox profile because it's located in a randomly generated 
directory (where xxx are random alpha-numerics):
/home/user/.mozilla/firefox/xxx.default-release/prefs.js

1st try with file.append from saltstack seems not to work with wildcards:

/home/user/.mozilla/firefox/*.default-release/prefs.js:
  file.append:
    - text:
  - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);

2nd try with a for loop also fails:

{% for file in salt[cmd.run']('ls -l 
/home/user/.mozilla/firefox/*.default-release/prefs.js') %}
{{ file }}
{ file.find type=f 
name='/home/user/.mozilla/firefox/*.default-release/prefs.js' }
  file.append:
    - text:
  - user_pref("browser.startup.homepage", "https://www.ecosia.org/";);
{% endfor %}


Do you have a 3rd working example/suggestion?


Thanks in advance! P.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83355a10-4690-0abb-2f6d-5fe90a7a2ce6%40gmx.de.

[qubes-users] Re: salt - qvm.firewall

2020-05-25 Thread liked2


On 2020-05-23 23:28, liked2-mmb7mzph...@public.gmane.org wrote:

Hi!

I'm trying to setup some firewall rules on some AppVms. Unfortunately, I cannot 
find any documentation to do this with the salt stack. The only documentation I 
found is:
https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm

Any hints?

Thxs, P



For clarification: Goal is to block all outgoing connections except those which are permitted. This 
can be done conveniently for an AppVm by the "Qubes settings"->"Firewall 
rules". Is there any chance to do this with salt without firing qvm-firewall commands?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b243fd20-726a-9147-2ce0-9fd2fb6ec070%40gmx.de.

[qubes-users] Re: salt - dependencies in scripts

2020-05-23 Thread liked2

On 2020-05-23 14:09, unman wrote:

On Sat, May 23, 2020 at 12:19:02AM +0100, liked2-mmb7mzph...@public.gmane.org
wrote:

Hi!

As salt is the recommended way to manage the Appms and templates, I'm trying to
do so.

I successfully managed to create a top-script:

base:
dom0:
- match: nodegroup
- create-template
- create-appvm-for-template

'created-template':
- install-pkgs
- modify_config
- require: dom0

Unfortunately, the script fails on the first run, because step 2. requires step 1. done.
"Require" seems not to work here. After the second run, everything is fine.

Any hints highly appreciated. :)

Best, P

A top file is used for *targeting* - it maps hosts/groups and
configurations/states that should apply.
`Requires` is a condition between states, so should be used in *state*
files. (I didn't even know it could be used in a top file)

Put the require statement in one of your state files. (Look how it's
treated in the whonix state files.)

unman

1. Ok, what's your suggestion to create templates and AppVMs both of them?
Should I run multiple runs with targeting several top files? I thought the best
point of salt is to run just 1 command to setup the whole environment?

2. I tried to find the whonix state files, but I find only some python files in
/srv/salt/_grains/whonix.*

[qubes-users] salt - qvm.firewall

2020-05-23 Thread liked2


Hi!

I'm trying to setup some firewall rules on some AppVms. Unfortunately, I cannot 
find any documentation to do this with the salt stack. The only documentation I 
found is:
https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm

Any hints?

Thxs, P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/75befd3d-dd76-5270-e749-60cba07b9c38%40gmx.de.

[qubes-users] salt - dependencies in scripts

2020-05-22 Thread liked2


Hi!

As salt is the recommended way to manage the Appms and templates, I'm trying to 
do so.

I successfully managed to create a top-script:

base:
 dom0:
  - match: nodegroup
  - create-template
  - create-appvm-for-template

 'created-template':
   - install-pkgs
   - modify_config
   - require: dom0

Unfortunately, the script fails on the first run, because step 2. requires step 1. done. 
"Require" seems not to work here. After the second run, everything is fine.

Any hints highly appreciated. :)

Best, P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/44e2bf46-8ca3-8370-4cf8-c002ef080339%40gmx.de.

[qubes-users] Re: modifying files with salt

2020-05-19 Thread liked2


On 2020-05-19 02:03, unman wrote:

On Mon, May 18, 2020 at 09:01:02PM +0100, liked2-mmb7mzph...@public.gmane.org 
wrote:

Hi!

I'm trying to modify the /etc/fuse.conf

by using this sls file:

---
modify-config-files:
   file.replace:
 - path: /etc/fuse.conf
 - pattern: "# mount_max = 1000"
 - repl: "mount_max = 1000"
 - append_if_not_found: True
#- dry_run: True


Result is:
   Execute a packaged state run, the packaged state run will exist in a
   tarball available locally. This packaged state
   can be generated using salt-ssh.

   CLI Example:

   .. code-block:: bash

   salt '*' state.pkg /tmp/salt_state.tgz 
760a9353810e36f6d81416366fc426dc md5


The file /etc/fuse.conf is not changed afterwards.
Google couldn't help me to resolve that problem. Any hints here from saltstack 
pros?



I'd probably use file.uncomment in this case.

For file.replace try rewriting your file:

/etc/fuse.conf:
   file.replace:
 - pattern: ^#.*mount_max.*
 - repl: "mount_max = 1000"
 - append_if_not_found: True

That should work.



Thank you very much again. That worked.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a796b80a-9be7-25b6-5598-275ac2c4a2dd%40gmx.de.

[qubes-users] Re: Some VMs Stopped Opening Terminal

2020-05-19 Thread liked2


On 2020-05-19 14:40, 'Matt Drez' via qubes-users wrote:

Hey guys,

Some of my VMs won't open "Terminal", and "Files". If I go to the dom0 terminal 
and try to run
`qvm-run  terminal` then I get a `command failed with code: 127`

I can still run xterm though.

Any ideas as to why and how to fix it?


try either:
`qvm-run  xterm`

or
`qvm-run  gnome-terminal`

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f2ac25b0-5d58-0245-ccfb-1219968a28df%40gmx.de.

[qubes-users] modifying files with salt

2020-05-18 Thread liked2


Hi!

I'm trying to modify the /etc/fuse.conf

by using this sls file:

---
modify-config-files:
  file.replace:
- path: /etc/fuse.conf
- pattern: "# mount_max = 1000"
- repl: "mount_max = 1000"
- append_if_not_found: True
#- dry_run: True


Result is:
  Execute a packaged state run, the packaged state run will exist in a
  tarball available locally. This packaged state
  can be generated using salt-ssh.

  CLI Example:

  .. code-block:: bash

  salt '*' state.pkg /tmp/salt_state.tgz 
760a9353810e36f6d81416366fc426dc md5


The file /etc/fuse.conf is not changed afterwards.
Google couldn't help me to resolve that problem. Any hints here from saltstack 
pros?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fdcf7056-9ee1-bb78-c36a-6b95a738a8c7%40gmx.de.

[qubes-users] Re: using salt - how to debug?

2020-05-18 Thread liked2

On 2020-05-17 17:08, unman wrote:

On Sun, May 17, 2020 at 09:55:00AM +0100, liked2-mmb7mzph...@public.gmane.org
wrote:

You haven't included AppVmTobeChanged as a target:
qubesctl --show-output --targets=AppVmTobeChanged state.highstate

You should check that you aren't getting a mistaken dom0 call.

That made the trick. Thanks unman!

One step forward, but still a way to go:
Currently I'm struggling to use pillars in my scripts. I have my scripts in
/srv/salt/user_salt
/srv/salt/user_pillar

Trying to enable a script containing some constants doesn't work because they
cannot be found.
The only way to use pillars for me is passing them at the command line:
qubesctl ... pillar='{"name": "value"}'

But in this case I get errors in some scripts like this:
TypeError encountered executing state.highstate: highstate() takes from 0 to 1
positional arguments but 2 were given

after executing this commandline:
sudo qubesctl --show-output --target AppVmTobeChanged state.highstate pillar='{"name":
"value"}'

Best case I'd manage to include pillars in my scripts. Any ideas how?

Can you post examples of the pillars you have written?
What exactly are you trying to do?

My current goal is to automate the update of a fedora template as soon as a new
one is available.
I'm trying to achieve this by these steps:
1. creating a clone of the default template
2. update this template with packages for a special purpose template

Details:
I created a top file like this:

/srv/salt/user_salt/create_my_special_purpose_template.top
base:
dom0:
- match: nodegroup
- user_salt.create-template-clone

't-fedora-*-template-clone':
- user_salt.install-pkgs-for-special-purpose-template

/srv/salt/user_salt/create_my_special_purpose_template.top

1. creating a clone of the default template is done by this file
/srv/salt/user_salt/create-template-clone.sls
create-template-clone:
qvm.clone:
- name: t-fedora-{{ pillar['version'] }}-special-purpose-template
- source: fedora-{{ pillar['version'] }}-minimal

/srv/salt/user_salt/create-template-clone.sls

2. update this template with packages for a special purpose template
/srv/salt/user_salt/install-pkgs-for-special-purpose-template.sls

install-packages:
pkg.installed:
- pkgs:
- nano
- refresh: True
/srv/salt/user_salt/install-pkgs-for-special-purpose-template.sls

In step 2 I'm trying to use pillars to be less dependent from the fedora
version.

When I'm running the command:
sudo qubesctl --show-output --target t-fedora-31-template-clone state.highstate
pillar='{"version": "31"}'

I get the error:
TypeError encountered executing state.highstate: highstate() takes from 0 to 1
positional arguments but 2 were given

That's why I'm trying to include pillars at least as a file, but don't manage
to include them, so that they could by used by step 1.

Thank you very much by reading this long story... :) And if you've suggestion
to solve it I even more appreciate it. :))

[qubes-users] Re: using salt - how to debug?

2020-05-17 Thread liked2






You haven't included AppVmTobeChanged as a target:
qubesctl --show-output --targets=AppVmTobeChanged state.highstate

You should check that you aren't getting a mistaken dom0 call.



That made the trick. Thanks unman!

One step forward, but still a way to go:
Currently I'm struggling to use pillars in my scripts. I have my scripts in
/srv/salt/user_salt
/srv/salt/user_pillar

Trying to enable a script containing some constants doesn't work because they 
cannot be found.
The only way to use pillars for me is passing them at the command line:
qubesctl ... pillar='{"name": "value"}'

But in this case I get errors in some scripts like this:
TypeError encountered executing state.highstate: highstate() takes from 0 to 1 
positional arguments but 2 were given

after executing this commandline:
sudo qubesctl --show-output --target AppVmTobeChanged state.highstate pillar='{"name": 
"value"}'


Best case I'd manage to include pillars in my scripts. Any ideas how?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1dda186c-6270-028b-198a-c0fe039e9d63%40gmx.de.

[qubes-users] using salt - how to debug?

2020-05-14 Thread liked2


Hi!

I'm trying to get salt examples running but failing at the simplest one.

I've a enabled top-file:

base:
  dom0:
- doSmth

  AppVmTobeChanged:
- doSmthDifferent
-
top file was enabled by: qubesctl top.enable ...

But "doSmthDifferent" will never be executed, when I call: qubesctl 
--show-output state.highstate

Any hints where to look at? How to debug it?

Current references:
https://www.qubes-os.org/doc/salt/
https://github.com/unman/notes/blob/master/salt/Index

Best, P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/60f159f9-3bed-fec9-f3c0-2f522b172936%40gmx.de.

[qubes-users] Re: What's your flow for new templateVM?

2020-05-13 Thread liked2





 From another post:
I ran some training a few years back, and the notes are here:
https://github.com/unman/notes/tree/master/salt

They start with the simplest use of `qubesctl`, and work up to quite
complex configurations, but should be easy to understand.
There are examples in (naturally) "examples".



Let's assume I'm managing all my configuration in /srv/salt/myConfig

From this post, it seems that these directories are not backuped by default by 
the qubes-backup:
https://groups.google.com/forum/#!searchin/qubes-users/doesn$27t$20fully$20restore%7Csort:date/qubes-users/FiGImnZ87sY/yK5h7gcsAgAJ

How do you backup them? By linking from /home? Copying all to /home before a 
backup? What's the best practice?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e8abd43-619b-d688-8339-bdb3c6268e25%40gmx.de.

[qubes-users] Re: What's your flow for new templateVM?

2020-05-12 Thread liked2

On 2020-05-11 16:11, unman wrote:

On Mon, May 11, 2020 at 10:52:32AM -0400, Stumpy wrote:

On 2020-05-11 10:26, 'Ryan Tate' via qubes-users wrote:

Saw the new f31 templateVM (thanks for that) and just curious how folks
generally migrate to a new templateVM.

I manually maintain this big text list of packages and just use that to
manually update the fresh templateVM to what I need. There's typically
also some non package installs, which I include basic pointers for
(think downloaded rpms and so forth), as well as some outside repos to
add (e.g. keybase). There's also typically some packages I forgot to put
on the list, which I can usually suss out by going through the bash
history for the old template, although often there's one or two that
slip through the cracks, which I find out about eventually and it's not
a huge deal.

I'm particularly curious if anyone does anything more sophisticated than
that, using salt or some other automated deploy system to prep new
template images.

Thanks for any tips!

Ditto, would really be interested as well, I have a similar system but i am
sure there are better ways to do it.

Salt it - if you get used to using salt, it's simple to use.
If you want to install a package, don't open the template and install it
there, edit the install.sls file to include the package, and run
`qubesctl --skip-dom0 --targets= state.apply install`

What's the advantage of using Salt in comparison to 'qvm-run ...' commands
bundled to a script to manage template modifications? In this case you've also
a executable documentation.
What's I'm missing?

[qubes-users] Re: connecting an iPhone to a AppVM - 4 non-working attempts

2020-05-03 Thread liked2

Start failed: internal error: Unable to reset PCI device :00:15.0: no FLR,
PM reset or bus reset available, see /var/log/libvirt/libxl/libxl-driver.log
for details:
2020-04-29 21:03:20.397+: libxl: libxl_pci.c:1202:libxl__device_pci_reset:
The kernel doesn't support reset from sysfs for PCI device :00:14.0

How have you've chosen the correct USB controller?

I only got one. ;-) But it has the same issue yours has ... most of them
do. Try this:

qvm-pci attach win --persistent --option no-strict-reset=True dom0:00_15.0

Assuming your controller is dom0:00_15.0 and your qube is called 'win'.

Sven thank you so much getting closer to the goal which I've been already
investigating for weeks. For now I managed to attach my
Signal processing controller: Intel Corporation Sunrise Point-LP Serial IO I2C
Controller #0

to my windows 7 box. After running "qvm-pci attach win --option no-strict-reset=True
dom0:00_15.0" I get a message in windows that a new device is found. Unfortunately,
windows cannot find drivers for it. In your previous message you warned already to
install USB 3.0 drivers. I installed the USB drivers from Lenovo as I'm assuming that
there will be a pass trough. Unfortunately, this doesn't work. Windows still is looking
for drivers and doesn't find them.

Any ideas to resolve that?

[qubes-users] Re: Fedora 30 approaching EOL, Fedora 31 TemplateVM available, Fedora 32 TemplateVM in testing

2020-05-03 Thread liked2





Fedora 32 TemplateVM in testing
===

For advanced users, a new Fedora 32 TemplateVM is currently available in
the `qubes-templates-itl-testing` repository for both Qubes 4.0 and 4.1.
We would greatly appreciate testing and feedback [6] from the community
regarding this template.


What's the expectation for Fedora 32 to reside in testing templates before it's 
moved to official repos?
I'm asking because it might be worth waiting for Fedora 32 before moving first 
to Fedora 31. This is of course only reasonable if it will be before EOL of 
Fedora 30.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac118387-994c-8607-d637-a5c88ca57378%40gmx.de.

[qubes-users] Re: connecting an iPhone to a AppVM - 4 non-working attempts

2020-04-29 Thread liked2





On Tue, Apr 28, 2020 at 01:37:58PM +0100, liked2-mmb7mzph...@public.gmane.org 
wrote:

1. Connecting using USB pass-through: https://www.qubes-os.org/doc/usb-devices/

doesn't work. Device doesn't appear in windows due to lack of usb_proxy in 
qubes-windows-tools (https://www.qubes-os.org/doc/windows-tools/)


You could temporarily assign your USB controller to the Windows qube.
This will work for sure (I've done the iTunes/Sync/Restore this way).



Right. That was my 5th non-working attempt, because I get this error, when 
trying to attach my USB controler from my Lenovo L380:

Start failed: internal error: Unable to reset PCI device :00:15.0: no FLR, 
PM reset or bus reset available, see /var/log/libvirt/libxl/libxl-driver.log 
for details:
2020-04-29 21:03:20.397+: libxl: libxl_pci.c:1202:libxl__device_pci_reset: 
The kernel doesn't support reset from sysfs for PCI device :00:14.0

How have you've chosen the correct USB controller?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2fae031-cd88-aa82-8dab-6de8d202d904%40gmx.de.

[qubes-users] connecting an iPhone to a AppVM - 4 non-working attempts

2020-04-28 Thread liked2

Hi !

Has anyone managed to connect an iPhone to an AppVM. That's the only reason I
use an additional laptop (without qubes) to be able to make backups of the
iPhone with iTunes.

setup: qubes os v4.0.3, AppVM: windows7.

Attempts so far:
1. Connecting using USB pass-through: https://www.qubes-os.org/doc/usb-devices/
> doesn't work. Device doesn't appear in windows due to lack of usb_proxy in
qubes-windows-tools (https://www.qubes-os.org/doc/windows-tools/)

2. iTunes support sync by wifi but only if you've managed to connect the iPhone
once by usb. So what I tried was to setup everything in virtualbox (usb
passthourgh works there) and convert the vbox-filessystem to a AppVm. (see
https://www.qubes-os.org/doc/standalone-and-hvm/)
> Doesn't work, because qubes v4.0 uses thin pools and is not file based
anymore. So I don't manage to use the converted file.

3. Rootkovksa proposed using reactos for iTunes, but there's no progress since
years: https://github.com/QubesOS/qubes-issues/issues/2809

4. Trying to install windows+iTunes at qubes first and then overwrite the
iTunes installation with one that was already been connected with usb on
another machine (to use wifi sync) doesn't work. Seems that I'm still missing
to replace something.

Any suggestions or hints are very appreciated!!!

Best! P.

[qubes-users] kali template upgrade error

2019-12-26 Thread liked2


Hi!

I get the following error while upgrading a kali template which was working for 
at least 1 year:


dpkg: error processing archive 
/var/cache/apt/archives/kali-themes_2020.1.0_all.deb (--unpac
k):
 trying to overwrite '/etc/xdg/Trolltech.conf', which is also in package 
qubes-gui-agent 4.0
.27-1+deb10u1
Errors were encountered while processing:
 /var/cache/apt/archives/kali-themes_2020.1.0_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)


Any ideas how to solve it?

Thanks in advance!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8921bdc3-091c-f8f2-4373-f639864ab732%40gmx.de.

[qubes-users] Re: Shutting down a VM when applications close

2019-11-29 Thread liked2


On 2019-11-27 12:52, tetrahedra via qubes-users wrote:

DispVMs shut down automatically when the launched application closes.

Is it possible to enable this for certain applications in certain AppVMs
as well?

For example I may not want my "resource-heavy-apps-vm" to keep running
after MemoryHungryApp closes, because that ties up half my system RAM.

How would I configure "resource-heavy-apps-vm" to shutdown automatically
when MemoryHungryApp closes?



You could also use a feature of qubes to shutdown a VM after a certain time. 
You can find steps to enable it to a particular vm in this thread:
https://groups.google.com/forum/#!topic/qubes-users/lyABSZGmKdM

Now it also works for debian templates.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c22daf1f-7b83-1716-e5b9-2c1b483f1941%40gmx.de.

[qubes-users] Re: Issue with activating ALFA usb drivers

2019-11-21 Thread liked2


On 2019-11-21 20:58, Cyber Secure Labs Limited wrote:

Hi,

I am experiencing issues with attaching WLAN card. I have attached / imported 
it into the Debian9 vm and have issued the command lsusb - this shows that the 
VM detected. However, issuing the command: sudo iwconfig I am getting wireless 
device not connected. Am I doing something to activate the wireless card.

The type of wireless card is Realtek RTL8812AU

The specs can be located here:

https://www.alfa.com.tw/service_1_detail/13.htm


Can you please advise on what course of actions that needs to be taken to shift 
this thing into gear.


This might help:

https://www.reddit.com/r/Qubes/comments/aljbjo/howto_qubes_4_alfa_awus036ac_80211ac_usb_30_wifi/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46d49569-948a-5c64-5ce1-c2ffbff9088e%40gmx.de.

[qubes-users] using headphone/mic jack

2019-11-01 Thread liked2


Hi!

I'd like to use the headphone/mic jack in my laptop for input and output. How 
would I connect it to a AppVM so that it can be used as microphone?

Thanks, Pete

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b929844-d68d-e721-05ff-42d28f8073f5%40gmx.de.

[qubes-users] Re: Qube R4: Portforwarding (for torrent)

2019-10-24 Thread liked2

On 2019-10-24 16:49, 'anarcomnor' via qubes-users wrote:

Hello dear qubers!

I've been following this guide on how to
open a port to the outside world with the intention of allowing Transmission to
connect, but I'm struggling. Transmission does not find any peers and testing the
port says it's closed. I've been following the guide very carefully and done the
commands with both tcp and udp protocols. The port has been opened in the router.

One thing I've been somewhat confused about is which interface I should use
when entering the commands. The examples always use eth0, but in my case the
physical NIC is called wls7 (even though it actually sometimes changes to wls6,
which doesn't make it easier, but let's just say it's wls7).

As far as I understand wls7 is only used when applying rules in sys-net since
it is only VM that can actually connect to it, so I'm hoping that's correct.

I've tried switching things around, hoping to more or less stumble on a
configuration that works, but nothing seems to. Now I'm somewhat worried that
there are rules in place that might be conflicting and that this might actually
be the cause of my issue now.

The way it's set up is I have a qube called Transmission connecting to
sys-firewall which again connects to sys-net.

Can anyone help me out here?

I found this script very useful:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

[qubes-users] Re: persistance of change by iptables for portforwarding

2019-10-06 Thread liked2

On 2019-10-05 16:42, Chris Laprise wrote:

On 10/5/19 10:35 AM, liked2-mmb7mzph...@public.gmane.org wrote:

Hi!

I found a script to ease the setup of port forwarding, which uses iptables:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

Can anyone assess how persistant these changes are? I've noticed that internal
qube IPs as well IPs in my private networks change, so that I'm not sure
whether the changes applied by the script above will
- survive a reboot of qubes?
- survive a reboot of netvm?
- survive a rebbot of the AppVm which is used as routing target?

Thxs in advance! Pete.

Depending on the type of VM you probably want to modify one of the following:

/rw/config/qubes-ip-change-hook
/rw/config/qubes-firewall.d
/rw/config/qubes-firewall-user-script

The qubes-firewall.d is a directory where you can add multiple scripts.

See https://www.qubes-os.org/doc/config-files/

This means that the used tools in the script like
- iptables-save
- iptables

are not persistent and will be gone after reboot of qubes/AppVm/NetVm, right?
I'd like to know whether it's necessary to clean up every time or whether a
reboot is sufficient to clear the port forwarding.

[qubes-users] persistance of change by iptables for portforwarding

2019-10-05 Thread liked2


Hi!

I found a script to ease the setup of port forwarding, which uses iptables:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

Can anyone assess how persistant these changes are? I've noticed that internal 
qube IPs as well IPs in my private networks change, so that I'm not sure 
whether the changes applied by the script above will
- survive a reboot of qubes?
- survive a reboot of netvm?
- survive a rebbot of the AppVm which is used as routing target?

Thxs in advance! Pete.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aacc7e23-d7a7-011b-f1c0-677d0abf7a09%40gmx.de.

[qubes-users] Re: SSH to QUBES VM

2019-09-14 Thread liked2

On 9/14/19 10:39 AM, 'awokd' via qubes-users wrote:
> Aly Abdellatif:
>> Hello everyone,
>>
>> Could some please tell how can I configure a Vm in Qubes with SSH.
>>
>> I would like to be able to connect to this VM from another computer using 
>> ssh.
>
> https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world
>
>

There's script on github which helped my a lot to automize the procedure 
described above:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d8add538-3b01-a633-4272-66396b23df93%40gmx.de.

[qubes-users] Re: error starting a dvm [SOLVED]

2019-09-14 Thread liked2

On 9/13/19 4:29 PM, liked2-mmb7mzph...@public.gmane.org wrote:
> Hi
>
> seems that I scruwed up my vms. I've a script which creates, performs some 
> tasks and deletes afterwards some dvms. During debugging I seem to often 
> pressed CRTL+C so that probably some qubes script were interrupted. :(
>
> Now I'm getting the following error after creating a new DVM and trying to 
> start it:
>
> Start failed: operation failed: domain 'MyDVM' already exists with uuid 
> 63f9fc91-e16c-4f17-0f22-c1a2d1fbc5c5, see 
> /var/log/libvirt/libxl/libxl-driver.log for details
>
> The logs do not contain any details. Any ideas how I can fix it again? 
> Creating and deleting the DVM haven't helped.
>
> Thanks in advance, Pete
>

Could solve the issue by doing:
virsh -c xen:/// undefine MyDVM

Not sure whether it's clean now or some other parts are still left. But at 
least I can launch my vms again.

This issue helped for resolving:
https://github.com/QubesOS/qubes-issues/issues/1910

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eaf7f7a0-8021-e4f6-2fb1-fdddf58926c5%40gmx.de.

[qubes-users] error starting a dvm

2019-09-13 Thread liked2

Hi

seems that I scruwed up my vms. I've a script which creates, performs some 
tasks and deletes afterwards some dvms. During debugging I seem to often 
pressed CRTL+C so that probably some qubes script were interrupted. :(

Now I'm getting the following error after creating a new DVM and trying to 
start it:

Start failed: operation failed: domain 'MyDVM' already exists with uuid 
63f9fc91-e16c-4f17-0f22-c1a2d1fbc5c5, see 
/var/log/libvirt/libxl/libxl-driver.log for details

The logs do not contain any details. Any ideas how I can fix it again? Creating 
and deleting the DVM haven't helped.

Thanks in advance, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/abbb9503-1dd1-8126-3d47-40648704b855%40gmx.de.

[qubes-users] errors using snap installed programs

2019-08-29 Thread liked2

Hi!

I've used this instructions to install 2 programs using snap:
https://github.com/QubesOS/qubes-issues/issues/2766

Unfortunatelly, it happens on a regulary basis (weekly), that starting these 
apps results in the following error:
[user@b ~]$ slack
internal error, please report: running "slack" failed: cannot find installed 
snap "slack" at revision 17: missing file 
/var/lib/snapd/snap/slack/17/meta/snap.yaml
[user@b ~]$ snap slack
error: unknown command "slack", see 'snap help'.

I know that there's a fix in testing for classic confinments:
https://github.com/QubesOS/qubes-issues/issues/4798

But the same happens also with non-classic confinments.

The workaround is to re-install the snap programs. Unfortunatelly, with this 
you lose all settings of the progs.

Any suggestions or ideas?

Best, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ea4e927-022f-2c8d-5e43-8c709a2f0682%40gmx.de.

[qubes-users] Inspecting modifications on the COW root filesystem

2019-08-19 Thread liked2

Hi!

According to the architecture spec, the root filesystem is backed up by a COW 
device to "allow" write-access to the read-only root filesystem:
https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf 
(4.1)

Is there a possibility to investigate which files were modified or added (maybe 
also deleted?) und this writable root filesystem overlay? I'd like to look only 
at the write-only overlay without seeing the read-only files.

It can be usefull to
- investigate changes of programs which modify the system to work properly
- find misbehaving programs

Thanks, Pete.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de1f0aac-c2d6-b9dd-d2ba-a48eb2edbf78%40gmx.de.

[qubes-users] Re: Caching update packages for templates

2019-08-11 Thread liked2

On 8/10/19 2:10 AM, unman wrote:
> On Thu, Aug 08, 2019 at 05:33:48AM -0700, drogo wrote:
>> Thanks!  I'll keep an eye on that thread/issue.
>>
>> I gave rustybird's qubes-update-cache a try on my laptop and it seemed to
>> work well. I also came a cross a way to implement squid transparently on my
>> firewall (pfSense), which I'll give a try later on since I've got many
>> systems to update besides qubes and tend to update everything all at once
>>
>> Thanks again!
>>
>> On Wednesday, August 7, 2019 at 11:38:15 PM UTC-4, Andrew David Wong wrote:
>>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA512
>>>
>>> On 07/08/2019 7.55 PM, drogo wrote:
 Is there an easy way to enable caching for template update
 packages? It's annoying to have to download hundred of megs over
 and over while updating templates. I see there's already a proxy
 configured and listening on port 8082, so can I just enable caching
 of those packages somewhere in Qubes' networking stream to speed up
 those downloads?

 Thanks.

>>>
>>> Please have a look at this issue:
>>>
>>> https://github.com/QubesOS/qubes-issues/issues/1957
>>>
>>> - --
>>> Andrew David Wong (Axon)
>>> Community Manager, Qubes OS
>>> https://www.qubes-os.org
>>>
>
> Please don't top post.
>
> I use apt-cacher-ng as a caching proxy - set it to listen on 8082 and
> it's a plugin replacement for tinyproxy.
> Debian and Ubuntu work out the box - Fedora needs a minor config
> change.
> It's very lightweight and you can spin it up as needed.
> I have salt if you want to try it.
>

Hi unman, I'd like to test the salt. I couldn't find it in your git-repo. Could 
you point me to the location?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb25170d-6dc6-344b-285c-cf8c50977403%40gmx.de.

[qubes-users] Re: destop-like window when opening nemo in a debian based vm

2019-07-28 Thread liked2

On 7/28/19 3:51 PM, unman wrote:
> On Sun, Jul 28, 2019 at 09:36:09AM +0100, liked2-mmb7mzph...@public.gmane.org 
> wrote:
>> Hi!
>>
>> when I'm opening the file manager "nemo" in a debian based vm an additional 
>> window is started which seems to be something like a "desktop"-window. I 
>> cannot close it, it's empty except I put a file into ~/Desktop/ etc.
>>
>> How to avoid this additional window to be displayed?
>>
>> Cheers, Pete
>>
>
> start it with 'nemo --no-desktop'
> You can change the .desktop file in the template to include this option,
> and then qvm-sync-appmenus to feed that change in to the Qubes menu.
>

You made it! Thank you very much.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f49bc08-8525-d4e9-cd14-2a34380d9fb2%40gmx.de.

[qubes-users] destop-like window when opening nemo in a debian based vm

2019-07-28 Thread liked2

Hi!

when I'm opening the file manager "nemo" in a debian based vm an additional 
window is started which seems to be something like a "desktop"-window. I cannot 
close it, it's empty except I put a file into ~/Desktop/ etc.

How to avoid this additional window to be displayed?

Cheers, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69f55e9d-fccc-842a-52f2-4a2201100015%40gmx.de.

[qubes-users] Re: dom0 updates not visible?

2019-07-07 Thread liked2

On 7/7/19 5:32 PM, qubes-lists-sgozh3hwpm2stnjn9+b...@public.gmane.org wrote:
>
>
> unman:
>> On Sun, Jul 07, 2019 at 01:40:00PM +, 
>> qubes-lists-sgozh3hwpm2stnjn9+b...@public.gmane.org wrote:
>>> Hi,
>>>
>>> I fear I have an issue with dom0 updates.
>>>
>>> I noticed that there is a newer release
>>> for
>>> qubes-mgmt-salt-dom0-virtual-machines (4.0.16)
>>>
>>> but I still have:
>>>
>>> qubes-mgmt-salt-dom0-virtual-machines-4.0.15-1.fc25.noarch
>
>
>>
>> This is, unfortunately, a known issue.
>> You can manually install the "SKIPPED" packages by using dnf install.
>> Your "dnf clean all" has scuppered that.
>> Just try the update again, and if the same packages are downloaded, just
>> install them yourself.
>
>
> but the relevant package qubes-mgmt-salt-dom0-virtual-machines
> is not even listed as skipped.
>

I'm also interested in that. Last week I discovered that I'm using the kernel 
4.14.119 whereas 4.19 is already used by others according to this mailing list.
How to find the skipped packages and how to update qubes to the _real_ latest 
version?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1719d5ce-1b5c-040a-b86f-8f90f35e4e5a%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] latest qubes kernel

2019-06-22 Thread liked2

Hi,

I'm reading here about the latest 4.19 kernel in qubes. When I'm looking for 
new kernels, I get:
[dom0 ~]$ sudo qubes-dom0-update --action=list kernel-qubes-vm
Installed Packages
kernel-qubes-vm.x86_64   1000:4.14.103-1.pvops.qubes   installed
kernel-qubes-vm.x86_64   1000:4.14.116-1.pvops.qubes   installed
kernel-qubes-vm.x86_64   1000:4.14.119-2.pvops.qubes   installed


When I'm
[dom0 ~]$ rpm -qa 'kernel-qubes-vm*'
kernel-qubes-vm-4.14.116-1.pvops.qubes.x86_64
kernel-qubes-vm-4.14.103-1.pvops.qubes.x86_64
kernel-qubes-vm-4.14.119-2.pvops.qubes.x86_64

[dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable  
--action=list kernel-qubes-vm*
Installed Packages
kernel-qubes-vm.x86_64   1000:4.14.103-1.pvops.qubes   installed
kernel-qubes-vm.x86_64   1000:4.14.116-1.pvops.qubes   installed
kernel-qubes-vm.x86_64   1000:4.14.119-2.pvops.qubes   installed
find: '/var/lib/qubes/dom0-updates/var/cache': No such file or director

Any advices how to update to the latest stable kernel?

Best, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f34a7cd-fee2-f6ee-e72b-4745de81fd3e%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: apps from whonix-ws-14-dvm fail to start irregularly

2019-05-19 Thread liked2

On 5/19/19 6:42 PM, 'awokd' via qubes-users wrote:
> liked2-mmb7mzph...@public.gmane.org:
>>
>>
>> Hi!
>>
>>  From time to time I cannot start the Tor browser in a whonix-ws-14-dvm. 
>> While other applications/vms start. The notification window shows 3 windows 
>> quite fast one after another:
>>
>> dvm ist starting
>> dvm started
>> dvm halted
>
> This often happens to me when running low on available RAM. In a dom0 
> terminal when you have this problem, check to see how much is free with `xl 
> top` and shut down unused VMs.
>

I can confirm, that closing other VMs does help. The interesting part is that 
there are other AppVms with same RAM requirements (400 MB initial and 4000 MB 
max) and they start smoothly whereas whonix-ws does not start up until a lot of 
AppVms were closed.

Is it some kind of RAM fragmentation issue and whonix-ws needs more contigous 
RAM?
How can I investigate this issue in more detail? Where to look at?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/245a5576-9386-90dc-6f8c-8697ba93869f%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] apps from whonix-ws-14-dvm fail to start irregularly

2019-05-19 Thread liked2




Hi!

>From time to time I cannot start the Tor browser in a whonix-ws-14-dvm. While 
>other applications/vms start. The notification window shows 3 windows quite 
>fast one after another:

dvm ist starting
dvm started
dvm halted

during the start I see the following in the journalctl:


1st start:

2019-05-03T19:52:35+0100 dom0 audit[10963]: USER_START pid=11952 uid=0 
auid=4195927205 ses=4195927205 msg='op=PAM:session_open 
grantors=pam_keyinit,pam_limits,pam_unix acct="username" 
exe="/usr/sbin/runuser" hostname=? addr=? terminal=? res=success'
2019-05-03T19:52:35+0100 dom0 qubesd[3086]: unhandled exception while calling 
src=b'dom0' meth=b'admin.vm.property.Get' dest=b'disp6999' arg=b'qid' 
len(untrusted_payload)=0
2019-05-03T19:52:35+0100 dom0 qubesd[3086]: Traceback (most recent call last):
2019-05-03T19:52:35+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 264, in respond
2019-05-03T19:52:35+0100 dom0 qubesd[3086]: self.send_event)
2019-05-03T19:52:35+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 125, in __init__
2019-05-03T19:52:35+0100 dom0 qubesd[3086]: self.dest = 
self.app.domains[dest.decode('ascii')]
2019-05-03T19:52:35+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/app.py", line 467, in __getitem__
2019-05-03T19:52:35+0100 dom0 qubesd[3086]: raise KeyError(key)
2019-05-03T19:52:35+0100 dom0 qubesd[3086]: KeyError: 'disp6999'
2019-05-03T19:52:35+0100 dom0 runuser[10963]: pam_unix(runuser:session): 
session closed for user username

2nd start:

2019-05-03T19:57:10+0100 dom0 qubesd[3086]: unhandled exception while calling 
src=b'dom0' meth=b'admin.vm.property.Get' dest=b'disp3127' arg=b'qid' 
len(untrusted_payload)=0
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: Traceback (most recent call last):
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 264, in respond
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: self.send_event)
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 125, in __init__
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: self.dest = 
self.app.domains[dest.decode('ascii')]
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/app.py", line 467, in __getitem__
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: raise KeyError(key)
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: KeyError: 'disp3127'
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: unhandled exception while calling 
src=b'dom0' meth=b'admin.vm.device.block.Available' dest=b'disp3127' arg=b'' 
len(untrusted_payload)=0
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: Traceback (most recent call last):
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 264, in respond
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: self.send_event)
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 125, in __init__
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: self.dest = 
self.app.domains[dest.decode('ascii')]
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/app.py", line 467, in __getitem__
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: raise KeyError(key)
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: KeyError: 'disp3127'
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: unhandled exception while calling 
src=b'dom0' meth=b'admin.vm.List' dest=b'disp3127' arg=b'' 
len(untrusted_payload)=0
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: Traceback (most recent call last):
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 264, in respond
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: self.send_event)
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 125, in __init__
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: self.dest = 
self.app.domains[dest.decode('ascii')]
2019-05-03T19:57:10+0100 dom0 qubesd[3086]:   File 
"/usr/lib/python3.5/site-packages/qubes/app.py", line 467, in __getitem__
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: raise KeyError(key)
2019-05-03T19:57:10+0100 dom0 qubesd[3086]: KeyError: 'disp3127'
2019-05-03T19:57:10+0100 dom0 runuser[12557]: pam_unix(runuser:session): 
session closed for user username


Should I create a github bug report for that? If yes, which information should 
I provide?

Cheers, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://group

[qubes-users] Re: dark colour mode

2019-05-19 Thread liked2

On 5/18/19 9:38 PM, Chris Laprise wrote:
> On 5/18/19 4:04 PM, liked2-mmb7mzph...@public.gmane.org wrote:
>> Hi,
>>
>> is there a dark mode ("inverted" colors e.g. during night sessions) which 
>> can be activated in Qubes? Or is this template based and I should look out 
>> for debian/fedora solutions?
>
> In Qubes its 2-tiered: the dom0 side and the appVM side.
>
> For dom0, you will get the best results from KDE since XFCE doesn't respond 
> well to dark palette settings and its frame colors are hard-coded. You can 
> simply go to KDE System Settings -> Color and choose a palette like Breeze 
> Dark. The other thing I like to set are the Qubes border colors, since the 
> defaults are too bright for a dark desktop. I have a script that will dim the 
> borders, or you can change the values to your own preference:
>
> https://github.com/tasket/Qubes-scripts/blob/master/kde-color.sh
>
> For domU / appVMs, you can turn on the Gnome setting for a dark palette 
> either with gnome-tweak-tool or by adding the following two lines to the file 
> /home/user/.config/gtk-3.0/settings.ini:
>
> [Settings]
> gtk-application-prefer-dark-theme=1
>
> This won't change a few other gtk apps, for instance 'gnome-terminal'; You'll 
> have to go to terminal's Preferences and change 'Theme variant' to Dark.
>
> If you decide to use KDE in appVMs, you can change the palette with the 
> System Settings tool like in dom0, only you will have to also set the 
> 'XDG_CURRENT_DESKTOP' variable in the template to 'KDE'. You can do this by 
> creating a file /etc/profile.d/qubes_kde.sh and add the following line:
>
> export XDG_CURRENT_DESKTOP=KDE
>
> I've found that switching the template to KDE allows me to cover application 
> palettes more completely than remaining with the default Gnome setup because 
> KDE will attempt to control the palettes of Gnome/Gtk apps but the opposite 
> hasn't been true in my experience.
>

Thank you very much for this detailled answer, Chris! I managed to enable that 
in debian-AppVms. There's a great feature in compiz 
(http://wiki.compiz.org/Plugins/Neg) to enable inversion of colours with a 
simple shortcut. Unfortunatelly, I don't know how this relates to the window 
managers. Is there a simple possibility to negate colours on demand?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a9b132f-9e75-1d5a-d26a-7e6152de7de6%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] dark colour mode

2019-05-18 Thread liked2

Hi,

is there a dark mode ("inverted" colors e.g. during night sessions) which can 
be activated in Qubes? Or is this template based and I should look out for 
debian/fedora solutions?

Cheers, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b74b6f1-f395-d5a7-920d-660d63793635%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: how to use app-shutdown-idle

2019-05-10 Thread liked2

On 5/10/19 11:30 AM, 'qubeslover' via qubes-users wrote:
>
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Sunday, May 5, 2019 2:17 PM,  wrote:
>
>> On 5/4/19 12:13 PM, 'qubeslover' via qubes-users wrote:
>>
>>> Sent with ProtonMail Secure Email.
>>> ‐‐‐ Original Message ‐‐‐
>>> On Friday, May 3, 2019 8:27 PM, 
>>> liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2...@public.gmane.org wrote:
>>>
>>>> On 5/2/19 10:55 AM, 'qubeslover' via qubes-users wrote:
>>>>
>>>>> ‐‐‐ Original Message ‐‐‐
>>>>> On Wednesday, May 1, 2019 11:19 AM, 
>>>>> liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2ibg-xmd5yjdbdmrexy1tmh2...@public.gmane.org
>>>>>  wrote:
>>>>>
>>>>>> On 5/1/19 4:38 AM, Thierry Laurion wrote:
>>>>>>
>>>>>>> On Mon, Apr 29, 2019, 04:36 , 
>>>>>>> >>>>>>  
>>>>>>> mailto:liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2ibg-xmd5yjdbdmrexy1tmh2...@public.gmane.org>
>>>>>>>  wrote:
>>>>>>>
>>>>>>> Hi!
>>>>>>>
>>>>>>> According to https://github.com/QubesOS/updates-status/issues/782 
>>>>>>> the script "app-shutdown-idle" is included in the latest stable 
>>>>>>> templates.
>>>>>>> How to enable/use it? Unfortunately, I couldn't find any 
>>>>>>> documentation in https://github.com/QubesOS/qubes-app-shutdown-idle to 
>>>>>>> use it.
>>>>>>>
>>>>>>>
>>>>>>> "The mechanism is opt-in - enable |shutdown-idle| service in qube 
>>>>>>> settings to use it."
>>>>>>> Which litterally means what it says.
>>>>>>
>>>>>> [dom0]$ qvm-service --enable AppVmName shutdown-idle
>>>>>> did not the trick. The vms stay running even if all windows are closed. 
>>>>>> Additionally, I couldn't find anywhere the setting 
>>>>>> 'qubesidle.idleness_monitor' mentioned in the second link to adjust the 
>>>>>> timeout.
>>>>>> Any help how to do and where to enable it is appreciated.
>>>>>
>>>>> Hi,
>>>>> (more or less) same problem here. On my laptop shutdown-idle only works 
>>>>> with Fedora-based VMs. It has never worked with Debian/Whonix-based VMs.
>>>>
>>>> Could you describe please in a bit more detail how you enable this 
>>>> service. For me the commandline above does not work even for Fedora 
>>>> templates. The questions are as following:
>>>>
>>>> 1.  which commandline do you use to enable it?
>>>> 2.  Does the service setting apply to a running AppVm or do I have to 
>>>> restart it to be enabled?
>>>> 3.  where can I find the timeout property 'qubesidle.idleness_monitor'?
>>>> 4.  Is the service setting a persistent setting or do I need an autostart 
>>>> script in dom0 for that?
>>>
>>> Hi,
>>>
>>> 1.  In a fedora-29 template type "sudo dnf install qubes-idle"
>>>
>>> 2.  Create a fedora-29 based VM (let's call it "shutdown", it is just a 
>>> test)
>>>
>>> 3.  Shutdown's "Qubes Setting" -> Services -> Type shutdown-idle in the bar 
>>> and click on +
>>>
>>> 4.  Open a terminal in the Qube we called 'shutdown' and close it.
>>>
>>>
>>> 4b. If you want to check that qubes-idle-watcher is running type in the 
>>> terminal ps aux | grep qubes-idle-watcher : you should see something like 
>>> this running:
>>> user 764 0.3 1.6 243856 25340 ? S 13:07 0:00 /usr/bin/python3 
>>> /usr/bin/qubes-idle-watcher
>>>
>>> 5.  Close the terminal in the qubes.
>>>
>>> 6.  After 15 minutes (without any windows open) the qubes 'shutdown' should 
>>> automatically shutdown :-)
>>>
>>>
>>> This works just perfectly in fedora-based VMs but it is not working in 
>>> Debian/Whomix-based VMs.
>>> Cheers
>>
>> Qubeslover, thank you very much for the detailled explanation. I managed it 
>> to enable! Now, I'm a qubeslover-lover. :)
>>
>
> Glad it has been helpful. I have a question. Have you managed to run 
> shutdown-idle in a Fedora-based VM? Or in a Debian-based one? In this latter, 
> if I type 'ps aux | grep qubes' I notice the the process 'qubes-idle-watcher' 
> is not running (and even if I launch it manually it does not work).
>
> Cheers
>

It runs for Fedora-based VMs like a charm. In Debian I encounter the same like 
described by you: this process is not running.
I haven't tried the testing packages as proposed by unman.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7809aa00-85e7-2e3a-229b-50f874db93a1%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: how to use app-shutdown-idle

2019-05-05 Thread liked2

On 5/4/19 12:13 PM, 'qubeslover' via qubes-users wrote:
>
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Friday, May 3, 2019 8:27 PM,  wrote:
>
>> On 5/2/19 10:55 AM, 'qubeslover' via qubes-users wrote:
>>
>>> ‐‐‐ Original Message ‐‐‐
>>> On Wednesday, May 1, 2019 11:19 AM, 
>>> liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2...@public.gmane.org wrote:
>>>
>>>> On 5/1/19 4:38 AM, Thierry Laurion wrote:
>>>>
>>>>> On Mon, Apr 29, 2019, 04:36 , 
>>>>> >>>>  mailto:liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2...@public.gmane.org> wrote:
>>>>>
>>>>> Hi!
>>>>>
>>>>> According to https://github.com/QubesOS/updates-status/issues/782 the 
>>>>> script "app-shutdown-idle" is included in the latest stable templates.
>>>>> How to enable/use it? Unfortunately, I couldn't find any 
>>>>> documentation in https://github.com/QubesOS/qubes-app-shutdown-idle to 
>>>>> use it.
>>>>>
>>>>>
>>>>> "The mechanism is opt-in - enable |shutdown-idle| service in qube 
>>>>> settings to use it."
>>>>> Which litterally means what it says.
>>>>
>>>> [dom0]$ qvm-service --enable AppVmName shutdown-idle
>>>> did not the trick. The vms stay running even if all windows are closed. 
>>>> Additionally, I couldn't find anywhere the setting 
>>>> 'qubesidle.idleness_monitor' mentioned in the second link to adjust the 
>>>> timeout.
>>>> Any help how to do and where to enable it is appreciated.
>>>
>>> Hi,
>>> (more or less) same problem here. On my laptop shutdown-idle only works 
>>> with Fedora-based VMs. It has never worked with Debian/Whonix-based VMs.
>>
>> Could you describe please in a bit more detail how you enable this service. 
>> For me the commandline above does not work even for Fedora templates. The 
>> questions are as following:
>>
>> 1.  which commandline do you use to enable it?
>> 2.  Does the service setting apply to a running AppVm or do I have to 
>> restart it to be enabled?
>> 3.  where can I find the timeout property 'qubesidle.idleness_monitor'?
>> 4.  Is the service setting a persistent setting or do I need an autostart 
>> script in dom0 for that?
>>
>
> Hi,
> 1. In a fedora-29 template type "sudo dnf install qubes-idle"
>
> 2. Create a fedora-29 based VM (let's call it "shutdown", it is just a test)
>
> 3. Shutdown's "Qubes Setting" -> Services -> Type shutdown-idle in the bar 
> and click on +
>
> 4. Open a terminal in the Qube we called 'shutdown' and close it.
>
> 4b. If you want to check that qubes-idle-watcher is running type in the 
> terminal ps aux | grep qubes-idle-watcher : you should see something like 
> this running:
>
> user   764  0.3  1.6 243856 25340 ?S13:07   0:00 
> /usr/bin/python3 /usr/bin/qubes-idle-watcher
>
> 5. Close the terminal in the qubes.
>
> 6. After 15 minutes (without any windows open) the qubes 'shutdown' should 
> automatically shutdown :-)
>
> This works just perfectly in fedora-based VMs but it is not working in 
> Debian/Whomix-based VMs.
>
> Cheers
>

Qubeslover, thank you very much for the detailled explanation. I managed it to 
enable! Now, I'm a qubeslover-lover. :)

Btw. I looked again through the docs and cannot find any places from which I 
could collect the knowledge you provided here. Only URLs regarding this topic I 
could find are:
https://www.qubes-os.org/doc/qubes-service/
https://github.com/QubesOS/updates-status/issues/782
https://github.com/QubesOS/qubes-app-shutdown-idle

Am I missing an important source for docs or is this (simply) "advanced qubes 
experience"?

@Andrew: I could create a manual for this. Where to put it best?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f4bcdac-9d7f-5a26-15fa-c4f000a48ea9%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: how to use app-shutdown-idle

2019-05-03 Thread liked2

On 5/2/19 10:55 AM, 'qubeslover' via qubes-users wrote:
>
>
>
>
>
> ‐‐‐ Original Message ‐‐‐
> On Wednesday, May 1, 2019 11:19 AM,  
> wrote:
>
>> On 5/1/19 4:38 AM, Thierry Laurion wrote:
>>
>>> On Mon, Apr 29, 2019, 04:36 , 
>>> >> mailto:liked2-mmb7mzph...@public.gmane.org> wrote:
>>>
>>> Hi!
>>>
>>> According to https://github.com/QubesOS/updates-status/issues/782 the 
>>> script "app-shutdown-idle" is included in the latest stable templates.
>>> How to enable/use it? Unfortunately, I couldn't find any documentation 
>>> in https://github.com/QubesOS/qubes-app-shutdown-idle to use it.
>>>
>>>
>>> "The mechanism is opt-in - enable |shutdown-idle| service in qube settings 
>>> to use it."
>>> Which litterally means what it says.
>>
>> [dom0]$ qvm-service --enable AppVmName shutdown-idle
>> did not the trick. The vms stay running even if all windows are closed. 
>> Additionally, I couldn't find anywhere the setting 
>> 'qubesidle.idleness_monitor' mentioned in the second link to adjust the 
>> timeout.
>>
>> Any help how to do and where to enable it is appreciated.
>>
>
> Hi,
> (more or less) same problem here. On my laptop shutdown-idle only works with 
> Fedora-based VMs. It has never worked with Debian/Whonix-based VMs.

Could you describe please in a bit more detail how you enable this service. For 
me the commandline above does not work even for Fedora templates. The questions 
are as following:
1. which commandline do you use to enable it?
2. Does the service setting apply to a running AppVm or do I have to restart it 
to be enabled?
3. where can I find the timeout property 'qubesidle.idleness_monitor'?
4. Is the service setting a persistent setting or do I need an autostart script 
in dom0 for that?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ab7958a-ca78-8e3a-36cc-ef9a574fdf2a%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: how to use app-shutdown-idle

2019-05-01 Thread liked2

On 5/1/19 4:38 AM, Thierry Laurion wrote:
> On Mon, Apr 29, 2019, 04:36 ,  > wrote:
>
> Hi!
>
> According to https://github.com/QubesOS/updates-status/issues/782 the 
> script "app-shutdown-idle" is included in the latest stable templates.
> How to enable/use it? Unfortunately, I couldn't find any documentation in 
> https://github.com/QubesOS/qubes-app-shutdown-idle to use it.
>
> "The mechanism is opt-in - enable |shutdown-idle| service in qube settings to 
> use it."
> Which litterally means what it says.

[dom0]$ qvm-service --enable AppVmName shutdown-idle
did not the trick. The vms stay running even if all windows are closed. 
Additionally, I couldn't find anywhere the setting 'qubesidle.idleness_monitor' 
mentioned in the second link to adjust the timeout.

Any help how to do and where to enable it is appreciated.

>
>
> Best, Pete
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscribe-/jypxa39uh5tlh3mboc...@public.gmane.org 
> .
> To post to this group, send email to 
> qubes-users-/jypxa39uh5tlh3mboc...@public.gmane.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/fae7f7e6-7983-6b87-065f-fa79e149cfec%40gmx.de.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscribe-/jypxa39uh5tlh3mboc...@public.gmane.org 
> .
> To post to this group, send email to 
> qubes-users-/jypxa39uh5tlh3mboc...@public.gmane.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/CAAzJznzQd7NL5Ew-OQNW67X-fxCQkEMZDAjZP7VUNuPG5N%2BGgQ%40mail.gmail.com
>  
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d0fbf83-ea3f-6257-480b-363c4b86752f%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [SOLVED] attaching an usb wifi adapter to kali-appvm fails

2019-04-29 Thread liked2

On 4/28/19 11:05 PM, 'awokd' via qubes-users wrote:
> liked2-mmb7mzph...@public.gmane.org:
>> Hi!
>>
>> I'm trying to add an usb wifi adapter to several AppVms. With AppVms based 
>> on fedora or debian it works. But it fails to attach at a Kali based AppVm 
>> built according to instructions of 
>> https://www.qubes-os.org/doc/pentesting/kali/#kali-linux-templatevm-from-a-debian-template--
>>
>> with the following error message
>>
>> [dom0]$ qvm-usb attach kali sys-usb:X-Y
>> Device attach failled:
>>
>> Any ideas?
>>
>> Best, Pete
>>
> You need to install qubes-usb-proxy in your kali template.
>

That made the trick. Thank you very much!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de9a8af2-04fc-d98d-76a1-9fdfe4575ef1%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to use app-shutdown-idle

2019-04-29 Thread liked2

Hi!

According to https://github.com/QubesOS/updates-status/issues/782 the script 
"app-shutdown-idle" is included in the latest stable templates.
How to enable/use it? Unfortunately, I couldn't find any documentation in 
https://github.com/QubesOS/qubes-app-shutdown-idle to use it.

Best, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fae7f7e6-7983-6b87-065f-fa79e149cfec%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] attaching an usb wifi adapter to kali-appvm fails

2019-04-28 Thread liked2

Hi!

I'm trying to add an usb wifi adapter to several AppVms. With AppVms based on 
fedora or debian it works. But it fails to attach at a Kali based AppVm built 
according to instructions of 
https://www.qubes-os.org/doc/pentesting/kali/#kali-linux-templatevm-from-a-debian-template--

with the following error message

[dom0]$ qvm-usb attach kali sys-usb:X-Y
Device attach failled:

Any ideas?

Best, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41d9dc73-ae10-0838-e783-372031ca6a8f%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to use "app-shutdown-idle" - shutting down a qube if not used

2019-04-28 Thread liked2

Hi!

According to https://github.com/QubesOS/updates-status/issues/782 the script 
"app-shutdown-idle" is included in the latest stable templates.
How to enable/use it? Unfortunately, I couldn't find any documentation in 
https://github.com/QubesOS/qubes-app-shutdown-idle to use it.

Best, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c1284936-dca2-eb2a-b1fe-36d9eb326cc4%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] bottlenecks during qvm-backup

2019-04-23 Thread liked2

Hi,

is there a possibility to find the bottlenecks during a qvm-backup? A backup of 
~100GB with compression takes several hours. During the time the (4) cpu cores 
(xentop) are not used well and the harddisk (iotop) is also idling a lot. I'm 
creating a backup to a usb attached ext3 formated harddrive.

How to find out which components are responsible for the slow process?

Best, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e301711a-da65-1f09-54cf-8ddd92278d05%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: resize of private volume: dvm vs. named dvm

2019-03-30 Thread liked2

On 3/30/19 2:56 AM, unman wrote:

> In the first case you are creating a disposableVM, based on a a DVM
> Template, fedora-28-dvm
> In the second case you are creating a DVM Template, which will be used
> as the basis for disposableVMs.
>
> That is the difference, and it's why you cant resize the named dvm - the
> named dvm takes its properties from the underlying DVM Template.
>
> unman
>

Thanks for the clarification, unman! :)

What's the reason that for creating a dvm, we have to go the way: template -> 
AppVm (dvm-template) -> dvm
Why is it conceptionally not possible to create a dvm directly from a template: 
template -> dvm?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e2b85ab-0688-e8ab-c1de-0a2945ae81dd%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] resize of private volume: dvm vs. named dvm

2019-03-29 Thread liked2

Hi,

there seem to be a difference between a dvm and a named dvm.
By named dvm a mean a dvm created like explained here: 
https://github.com/Qubes-Community/Contents/blob/master/docs/common-tasks/opening-urls-in-vms.md#using-named-dispvms
e.g. qvm-create -C DispVM -t fedora-28-dvm -l red dstVM

By dvm I mean a vm which was created like explained here: 
https://www.qubes-os.org/doc/disposablevm-customization/#creating-a-new-dvm-template
e.g.
[user@dom0 ~]$ qvm-create --template debian-9 --label red custom-dvm
[user@dom0 ~]$ qvm-prefs custom-dvm template_for_dispvms True
[user@dom0 ~]$ qvm-features custom-dvm appmenus-dispvm 1

When I try to resize the private volume it works with a dvm but not in a named 
dvm. Resizing is ignored in a named dvm. Resizing is done by
qvm-volume resize dvm:private XGB

What am I doing wrong?

Thanks in advance, Pete

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05fba7e5-0651-7842-87a5-3e8f432018b2%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: packages for conversion of pdfs to trusted pdfs

2019-03-28 Thread liked2

On 3/27/19 12:35 AM, unman wrote:
> On Tue, Mar 26, 2019 at 11:33:46PM +0000, liked2-mmb7mzph...@public.gmane.org 
> wrote:
>> On 3/26/19 12:46 AM, 22rip-2xk3N/kkaK1Wk0Htik3J/w...@public.gmane.org wrote:
>>> I am not sure of why this is happening in your case but have you tried 
>>> creating a new -dvm again? Does the issue persist?
>>>
>> What do you mean exactly by creating a new -dvm again?
>>
>> It happens every time I use the dvm based on the minimal template. If I 
>> switch back to a dvm based on fedora-29, I can use the feature again. The 
>> issue persists also after reboot. Is there more needed that the stated 
>> pre-requisites?
>
> You have installed the qubes-pdf-converter package, (And all strange
> packages that it brings)?
>

uman, installing that package made the trick. Thank you very much!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/387b2297-8e06-997d-8447-ecc681b18efc%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: packages for conversion of pdfs to trusted pdfs

2019-03-26 Thread liked2

On 3/26/19 12:46 AM, 22rip-2xk3N/kkaK1Wk0Htik3J/w...@public.gmane.org wrote:
> I am not sure of why this is happening in your case but have you tried 
> creating a new -dvm again? Does the issue persist?
>
What do you mean exactly by creating a new -dvm again?

It happens every time I use the dvm based on the minimal template. If I switch 
back to a dvm based on fedora-29, I can use the feature again. The issue 
persists also after reboot. Is there more needed that the stated pre-requisites?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d26c10a7-ad15-5146-66dc-3967a5c677f1%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: using dvm name

2019-03-25 Thread liked2

On 3/25/19 8:53 PM, 'awokd' via qubes-users wrote:
> liked2-mmb7mzph...@public.gmane.org wrote on 3/25/19 7:26 PM:
>> Hi,
>>
>> I'd like to start a dvm and afterwards use it's randomized name (e.g. 
>> disp) to make some magic happen in this dvm. Can anyone advise how to 
>> get the dvm name of a previously started dvm?
>
> See 
> https://github.com/Qubes-Community/Contents/blob/master/docs/common-tasks/opening-urls-in-vms.md.
>
>

That's exactly what I was looking for! Thank you very much.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17219b3b-9005-3ddf-c569-c197b5fd89c7%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] packages for conversion of pdfs to trusted pdfs

2019-03-25 Thread liked2


Hi,

I've created a dvm based on fedora-29-minimal and set it as a default dvm for a AppVm. With the 
current setup I cannot use "Convert to Trusted PDF" feature. The error message is 
"The remote party return invalid no of pages, aborting!".

I've checked the pre-requisites according to 
https://github.com/QubesOS/qubes-app-linux-pdf-converter/blob/master/qpdf-convert-server
and both packages - poppler-utils (pdftocairo, pdfinfo) and ImageMagick 
(convert) are available in the dvm-template.

Has anyone an idea what's missing to use the conversion of pdf files?

Thanks, Pete

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4798690d-d512-7afa-e909-6f607e45b5cf%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] using dvm name

2019-03-25 Thread liked2


Hi,

I'd like to start a dvm and afterwards use it's randomized name (e.g. disp) 
to make some magic happen in this dvm. Can anyone advise how to get the dvm 
name of a previously started dvm?

Thanks in advance, Pete

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3de90898-6885-b1d1-d9a8-b2471f10449a%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: backup of files in a qube without networking to an internet service

2019-02-20 Thread liked2

On 2/19/19 6:22 PM, Chris Laprise wrote:
> On 2/19/19 10:41 AM, liked2-mmb7mzph...@public.gmane.org wrote:
>> Hi,
>>
>> assume there are files stored in a qube without networking. Furthermore 
>> assume there's a secured backup server located in the internet. This server 
>> is only a storage of client-side (before data is sent over the wire) 
>> encrypted files.  What options do you imagine to backup those files (skip 
>> the client-side encryption) to the server?
>>
>> I can imagine the following options:
>> 1. enable temporary the network with firewall restricted to the server for  
>> the (previously offline) qube
>>   Advantage: no inter-vm copying of files.
>>  Disadvantage: firewall rules must be setup correctly to avoid to bypass 
>> any other traffic like icmp/dns etc. I can imaging a potential information 
>> leakage due to enabling network access.
>> 2. copy files temporary to another qube (dvm?) with a firewalled internet 
>> connection
>>  Advantage: files not being backed up can stay secured in the 
>> non-network cube. Leakage of data is reduced in comparison to 1.
>>  Disadvantage: can take time and needs additional disk ressources
>>
>> I've learned that you should always find at least 3 options, otherwise you 
>> haven't thought hard enough. Which options am I missing?
>>
>> Which option would you prefer and why?
> 
> Another disadvantage of #1 is that connecting the net to the source qube 
> exposes it to attack.
> 
> Had you thought about using qvm-backup? Also, I'm working on a fast 
> incremental backup tool that's suitable for Qubes:
> 
> https://github.com/tasket/sparsebak
> 

I've checked qvm-backup. It's an appropriate solution if you don't care about 
disk space and bandwitdth of the network connection. Saving of a subset of 
files due to remote space and bandwidth resouces will not work well with 
qvm-backup.

Also incremental backup is not really possible with qvm-backup.

Regarding the solution you're working on: If I get it right, it's meant to be a 
disk->disk backup? What I'm looking for is an incremental client-side encrypted 
backup, similar to the tool duplicati. Also a poor man solution with 
git+rsync+veracrypt would be possible.
Can you imagine how sparsebak could be combined with truecrypt? Is there 
compression support?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/896ea488-3af7-f14e-248e-2fde78eada7f%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

1 2 >

1 - 100 of 103 matches

Mail list logo