---
layout: post
title: "Reproducible builds for Debian: a big step forward"
categories: articles
author: Frédéric Pierret
---
In all of these efforts, we are really satisfied that the [Reproducible
Builds Project](https://reproducible-builds.org/) has decided to use our
work and results as
Andrew David Wong:
We've had the current setup for a long time. Why should we consider
migrating now? We've considered it in the past and decided against it at
the time, so what's changed? The answer is that there are new and
increasing demands on the documentation, the main two being
Demi Marie Obenour:
LVM2 seems to focus on high throughput at the expense of ease of
recovery, checksumming, and the time needed to create a snapshot.
What are the advantages and disadvantages of each of them, and what
would be the best default going forward?
Disadvantage of sticking with
Andrew David Wong:
Demi M. Obenour has discovered several issues in the RPM package
manager:
- CVE-2021-20271[1] RPM: Signature checks bypass via corrupted RPM
package
- CVE-2021-3421[2] RPM: unsigned signature header leads to string
injection into an RPM database
- CVE-2021-20266[3]
Michael Carbone:
> On 6/13/20 8:58 AM, Marek Marczykowski-Górecki wrote:
>> On Fri, Jun 12, 2020 at 01:32:28PM -0400, Michael Carbone wrote:
>>> On 6/12/20 1:19 PM, Michael Carbone wrote:
>>> https://qubes-os.discourse.group
>>
>> Thanks for setting it up Michael!
>>
>> I wonder about adding "how
Marek Marczykowski-Górecki:
Anyway R4.0.2 is broken. When the fix is ready, I think we should
substitute it with a fixed version ASAP. But I'm not sure how to name
it:
- R4.0.3 - next point release, just earlier one
- R4.0.2.1 - point release of a point release, since the change is very
> Hi all,
>
> TL;DR: I propose dropping support (new updates) for Debian 8 (jessie) in
> Qubes 4.0.
FWIW, +1 here to not supporting oldoldstable in general.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of
'Andrzej Andrzej' via qubes-devel:
> I know that I can do it myself but I think it is a functionality that would
> be useful to many other Qubes OS users and as a fan of this system I want to
> help in its development and not rummage in my system with not share my ideas
> with others.
>
>
ok4u2 via qubes-devel:
Hello
I am trying to learn more and use AEM
However the readme file on the qubes web site
Is unavailable
Is there another copy somewhere ?
https://github.com/QubesOS/qubes-antievilmaid
--
You received this message because you are subscribed to the Google Groups
StefanUrkel:
> Hi - I'd prefer to use Qubes OS for its improved security model over a
> Linux distribution such as Debian, but the one thing stopping me from
> adopting it full-time as my primary workstation is that I want to be able
> to use GPU pass-through to have some VMs to do some light
Insurgo Technologies Libres/Open Technologies:
> with the to be certified QubesOS PrivacyBeast X230.
Nice.
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Fidel Ramos:
On Thursday, May 16, 2019 9:41 AM, Chris Laprise wrote:
On 5/15/19 6:24 PM, Marek Marczykowski-Górecki wrote:
Only Intel processors are affected.
I think the pattern showing AMD to be more conscientious in their
processor designs is now undeniable. Even if its only a matter
Teqleez Motley wrote on 2/13/19 3:49 PM:
Hi all,
In the GUI qubes backup tool, when making a new backup, there is this info
right below where one enters the optional password:
"Save settings as default backup profile: [X](tick box)"
"WARNING: password will be saved in dom0 in plain text."
Two
ubayd...@gmail.com wrote on 11/12/18 3:48 PM:
On Wednesday, July 25, 2012 at 9:50:34 PM UTC-4, Steven Collins wrote:
Dell Latitude E6520 with i7-2760QM CPU. VT-d works fine (has to be
enabled in BIOS). If you have nVidia graphics you may need to enable
Optimus in BIOS also, even though help
Zrubi wrote on 10/8/18 6:53 AM:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
It seems the recent kernel don't like me...
I have an issue started moths ago with my WiFi netvm after resume.
Were the issue is that this vm just crashing badly. The crash is
related to suspend/resume for
Elias Mårtenson wrote on 9/25/18 5:46 AM:
When installing an operating system in a HVM, sometimes the disk image will not
be recognised (some specific exampled include Hurd and Haiku, and I believe the
same is true for ReactOS).
It seems as though Xen exposes the disk image using a mechanism
matt egler:
Qubes OS version:
$4.0
Basically I have a router that my wifi is connected to and I am trying to learn
how to successfully Port forward in msfconsole from qubes 4.0 Obviously there
is a net-vm ans a sys-usb vm and it is hard to see whether or not my
applications are working due
robertaspig...@gmail.com:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Restarting this thread from the Github issue.
I too am a fan of the KVM approach.
I strongly support applying for the Open Tech Fund. The next deadline is
November 1st, 2018. Personally, I think this is an incredibly
On Wed, September 12, 2018 11:26 pm, Andrew Clausen wrote:
> Hi all,
>
>
> I would propose two images: one minimal one with Fedora only (without
> Debian or Whonix), and the other with everything.
>
>
> Being able to install from DVD is important, because it's much easier to
> audit read-only
On Wed, September 5, 2018 6:45 am, miguel.j...@gmail.com wrote:
> On Tuesday, September 4, 2018 at 7:47:48 AM UTC+10, Marek
> Marczykowski-Górecki wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>>
>> Applied, thanks!
>>
>>
>
> I know these are just commented out lines, but they
On Thu, April 19, 2018 8:50 pm, Chris Laprise wrote:
> On 04/19/2018 04:22 PM, viq wrote:
>
>> I'm somewhat experienced with salt, are there any areas where
>> additional set of eyes/hands would be useful?
>>
>> Sorry, my python skills are slowly approaching what could be called
>> "basic", so
On Mon, April 2, 2018 5:48 am, Raptor Engineering Sales wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> Raptor Engineering can provide access the hardware needed to make this
> happen at no cost, plus some degree of support for issues encountered. We
> just need people willing to
On Sun, March 25, 2018 4:14 pm, Thierry Laurion wrote:
> Le dimanche 25 mars 2018 12:09:24 UTC-4, Thierry Laurion a écrit :
>>
>> I'm not sure I follow.
>> Xen doesn't support Power architecture. Does it?
>> https://unix.stackexchange.com/questions/91368/xen-hw-virtualization-on-
>>
On Fri, March 16, 2018 2:50 pm, taii...@gmx.com wrote:
> As always I suggest encouraging the xen developers to accept help (from
> raptor and IBM) to port xen to POWER
When I felt them out on it, I got the impression they were welcoming help
from anybody on porting Xen to POWER.
On Fri, March 16, 2018 5:42 am, Elias Mårtenson wrote:
> Qubes 4, latest updates from testing.
>
>
> Sometimes (I'd guess perhaps 50% of the times) when I start a VM, the
> widget doesn't notice that the VM has finished starting, and instead the
> icon keeps spinning and the associated menu
On Thu, March 8, 2018 10:52 am, Elias Mårtenson wrote:
> As far as I understand, qvm-revert-template-changes has been removed in
> Qubes 4 (at least I can't find it), and the alternative solution is to
> manually create an LVM clone that you can revert to later if needed.
>
> I have to admit that
On Tue, March 6, 2018 7:45 am, Elias Mårtenson wrote:
> On Tuesday, 6 March 2018 15:30:33 UTC+8, awokd wrote:
>> Is
>> sys-usb based on the fedora-26 template? Does the behaviour still occur
>> if you switch sys-usb to the debian-9 template?
>
> No devices are assigned to the template. In fact,
On Tue, March 6, 2018 3:26 am, Elias Mårtenson wrote:
> Running Qubes4 with the latest testing updates on dom0 and the templates.
>
>
> After booting my laptop (Dell Latitude E7470) my sys-usb has two USB
> devices registered: The integrated webcam, and an 8087:0a2b (the USB root
> hub, I
On Sat, February 24, 2018 11:20 am, Marek Marczykowski-Górecki wrote:
> The problem is that '$' keywords in some places (like call argument, or
> original target specification) are not meant to be expanded _at all_. And
> since '$' is a special character in shell used for variables, it's enough
>
On Fri, February 23, 2018 10:27 pm, Reg Tiangha wrote:
> And a side question about qubes-builder: Does it build in a chroot? I'd
> like to attempt to backport a build environment that has a
> retpoline-enabled version of gcc, and I'm wondering if I could just bypass
> qubes-builder entirely and
On Wed, February 21, 2018 11:35 am, 'Tom Zander' via qubes-devel wrote:
> The point of a variable that is passed from a VM to the dom0 qrexec
> daemon is that your source VM doesn't have to know about who is $adminVM
> or what is the actually started dispVM's name. QRexec daemon (in dom0)
>
On Wed, February 21, 2018 4:41 pm, qubenix wrote:
>> So let me be blunt as this is likely the last email from me to qubes
>>
> anyway;
>
> Bye, I'm happy to see you go away finally. It was killing me inside that
> you were working on the new gui controller. Fuck off back to bcash.
Tom had some
On Sun, February 11, 2018 2:41 am, Chris Laprise wrote:
>> Ideally the command/work-around would be available from dom0 without
>> the user having to figure out what UpdateVM he happens to be using.
>> Suggestions?
>>
>
> Debian doesn't have the required toolset for full rpm support, so I
> think
[No responses from qubes-users, trying here next!]
https://github.com/QubesOS/qubes-issues/issues/3553
Like the title says, Debian based UpdateVM does not support --action=list
or reinstall. Error message says:
ERROR: yum version installed in VM host does not suppport --downloadonly
option
On Fri, February 9, 2018 6:52 pm, Ivan Mitev wrote:
> @ bowabos & awokd
>
>
> On 02/09/18 20:19, bowa...@gmail.com wrote:
> So, do you think I should try to submit a PR for some of
> the info present on the wiki page ?
I think bowabos is already in process of doing this, but I can't find the PR?
On Fri, February 9, 2018 6:10 pm, awokd wrote:
> On Fri, February 9, 2018 5:56 pm, Ivan Mitev wrote:
>
>
>
>
>> I saw on qubes-users that you're updating the official documentation,
>> that's great.
>
> Not only me! Some of the documents have already been updated, and others
> are being addressed
On Fri, February 9, 2018 5:56 pm, Ivan Mitev wrote:
> I saw on qubes-users that you're updating the official documentation,
> that's great.
Not only me! Some of the documents have already been updated, and others
are being addressed by people with more knowledge in those areas.
> I *really*
On Thu, February 8, 2018 4:50 pm, Ivan Mitev wrote:
>
> IMHO a public wiki - official or not - should not replace the current
> documentation: someone may add unsecure instructions (willingly or not)
> and there will always be users who blindingly copy/paste instructions.
That and divergence
On Fri, February 9, 2018 7:33 am, bowa...@gmail.com wrote:
> On Friday, 9 February 2018 06:50:05 UTC, joev...@gmail.com wrote:
>
>> Fedora templates have a weird issue where the packet counter on the
>> sys-net nat FORWARD chain does not increment. The PREROUTING chain does
>> increment.
I saw
On Wed, February 7, 2018 10:38 pm, Yuraeitha wrote:
>
> Have you ever experienced crashes while running search files on disk from
> the Windows menu? If so, maybe we can turn off the search function to
> avoid any issues?
Disk activity seems to trigger it for me too. I still get the occasional
On Tue, January 23, 2018 2:05 pm, 'Tom Zander' via qubes-devel wrote:
>
> Now should Qubes Air roll-out I can foresee building a desktop that is
> VERY
> different from today.
I caught this too. No reason the cloud can't be on-prem and composed of
IoT devices.
--
You received this message
On Sat, January 20, 2018 11:54 am, Andrew Clausen wrote:
>
> I buy a fresh USB DVD device with every secure laptop I buy. I don't
> reuse them, because I don't want a mistake made with one of them to
> contaminate another laptop. So I've got lots of them lying around the
> house!
Please also
On Wed, January 17, 2018 11:14 pm, Marek Marczykowski-Górecki wrote:
>
> Oh, there may be also third option: do not upgrade Xen version in 3.2
> and apply Meltdown mitigation patches for PV on Xen 4.6. Apparently
> development of those patches went much much faster than we (and Xen
> Security
On Sat, January 13, 2018 9:07 pm, Andrew David Wong wrote:
> On 2018-01-13 13:39, Mohit Goyal wrote:
>>
>> Question 1: What is your development environment ?
> I'll let the devs answer this one. Just wanted to point you to this
> link if you haven't seen it yet:
>
>
On Fri, January 12, 2018 1:12 pm, 'Tom Zander' via qubes-devel wrote:
> On Friday, 12 January 2018 11:21:27 GMT 'awokd' via qubes-devel wrote:
>
>> Securing this sounds hard,
>>
>
> My thinking is that using something like git controls setting files
> executables bit
On Thu, January 11, 2018 2:57 pm, Andrew David Wong wrote:
Some random questions:
> The Xen Security Team did _not_
> previously share information about these problems via their (non-public)
> security pre-disclosure list, of which the Qubes Security Team is a
> member.
What good is a
On Sat, January 6, 2018 5:22 pm, Marek Marczykowski-Górecki wrote:
> You need to chroot into chroot-fc25 and switch to 'user' to compile it.
> There you have all build dependencies installed. You can enable debug
> using menuconfig. So, the easiest way to get Xen debug build is:
>
> sudo chroot
On Wed, December 27, 2017 10:05 am, Frédéric Pierret (fepitre) wrote:
>
> For those who are interested, I will put a builder conf until end of the
> day.
I'd like to see it! Where should I look?
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
48 matches
Mail list logo
