[qubes-devel] Re: Port Forward using iptables broken?
https://github.com/QubesOS/qubes-issues/issues/3556
> An idea: Debian don't have nftables installed by default, so
> qubes-firewal fallback to iptables. But not on Fedora - there nftables
> is used. This applies to both sys-net and sys-firewall.
>
> A quick test:
>
> 1. List rules:
>
> nft list table ip qubes-firewall
>
> 2. Add rule accepting traffic from eth0:
>
> nft add rule ip qubes-firewall forward meta iifname eth0 accept
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
That did it!
Thanks so much for the quick resolve.
This was my results from `nft list table ip qubes-firewall`
```
table ip qubes-firewall {
chain forward {
type filter hook forward priority 0; policy drop;
ct state established,related accept
ip saddr 10.137.0.6 jump qbs-10-137-0-6
}
chain qbs-10-137-0-6 {
accept
drop
}
}
```
`nft add rule ip qubes-firewall forward meta iifname eth0 accept`
adds `iifname eth0 accept` to the bottom of chain forward
Is it intended that fedora uses both iptables and nft?
Are there any security implications for allowing iifname eth0 accept (in my
case for fedora-26, ens5)?
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/c3a67dfd-663e-4a34-86a8-256c9d8fa153%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Feb 09, 2018 at 11:11:50AM -0800, brendan.h...@gmail.com wrote: > On Wednesday, February 7, 2018 at 8:13:42 PM UTC-5, Marek > Marczykowski-Górecki wrote: > > For anyone interested, here is instruction how to setup build > > environment: > > https://github.com/QubesOS/qubes-builder-windows/ > > > > I know Rafał "Omeg" used Visual Studio for development, but I have no > > idea if anything special was needed there. I see vs2012, vs2013, vs2015 > > etc directories in relevant repositories. > > Hi Marek, > > If you have time... > > Just FYI, the instructions you linked to above no longer work. I say this > based on more than several hours of trying to figure out how to build the > tools. I get all the way, without errors or warnings, to the last step, which > is `make qubes`. That step throws an error about rpm not being installed: "No > rule to make target 'please.install.rpm.and.try.again', needed by > 'check.rpm'. Stop." Hmm, exactly this issue should be fixed by: https://github.com/QubesOS/qubes-builder-windows/commit/5a637757d69dc952b0d19ef0cb86574ba54e0717 Check if you have qubes-builder/qubes-src/builder-windows/builder.conf, with that content. Or, maybe something have changed in cygwin in the meantime? What is the output of "uname -o" command? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlp+uU4ACgkQ24/THMrX 1yw4ogf+MdN914rsdJV65ROfwFzHFhYRdEdG2KSH+GrrdTmdORI26IG1E4Z4qSwK aB9sTDnwb2+qkjv9yVDYM3qpL7GGyfp2TgbFwFwEFrs3L07ryc7eWW1mhNcq+Wgn aCPAVOQDN8gNm/GjC3hr22aJPfe/S+XKw3I5f3xegfN49M08jKpiI2U+6jkK0BTW okMh+wFFWfIgiOadoFPHwdD4fEq7pMDBcGwuZadIx9LXNRU6F52HH0sBN8eV1cZg 2a2h8vLClriEvqb3lM3Nr8AQ8+F+R2+SQc1pcF4RC0y/6qXQB8byVx9Oig/Rs6tE v8cOGsTOSMlo2PnuUBFeeEr124jEnw== =aHm1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180210012014.GU2070%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Port Forward using iptables broken?
On Friday, 9 February 2018 19:02:09 UTC-5, Alex Dubois wrote: > On Friday, 9 February 2018 23:59:52 UTC, Alex Dubois wrote: > > On Friday, 9 February 2018 16:36:14 UTC, joev...@gmail.com wrote: > > > Yes, thanks for pointing out the typos. They are only mistakes in this > > > post. I use a script running in dom0 to generate pretty much everything. > > > The same script works when debian-8 is used. The interface is different > > > depending on the template > > > > I confirm I have the same issue. > > Please however note that I have another PCI NIC connected to an AppVM (My > > qubes also act as a firewall for home network) and we have no issue > > connecting outbound. > > Outbound connection as you know do not need the PRE-ROUTING rules, so also > > the problem is seen on the FORWARD rule, I suspect more the PRE-ROUTING > > rule is at fault and does not do its job. > > I'll try to dig into this, however I won't have much time this week... > > Also, could you clarify if you've tested on FirewallVM and if here again > Debian is OK and Fedora not. This might rule out issues with physical cards > (which I suspect is not the problem as PRE-ROUTING does get the packet). Yes, if the template on sys-net is changed to Debian-8, but sys-firewall (FirewallVM) is left with fedora... sys-net does send the packet to sys-firewall, which then appears the same way... PREROUTING sees it, but FORWARD does not. Thanks. P.S. Debian-9 has issues as well, but I didn't test thoroughly with that. And I think Fedora-25 was working prior to some updates. I do enable testing repos for these templates, but don't know what package is the culprit and don't know how to rollback. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/f0164b14-9f80-4f6f-aab1-3988fd15bd87%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Port Forward using iptables broken?
On Friday, 9 February 2018 23:59:52 UTC, Alex Dubois wrote: > On Friday, 9 February 2018 16:36:14 UTC, joev...@gmail.com wrote: > > Yes, thanks for pointing out the typos. They are only mistakes in this > > post. I use a script running in dom0 to generate pretty much everything. > > The same script works when debian-8 is used. The interface is different > > depending on the template > > I confirm I have the same issue. > Please however note that I have another PCI NIC connected to an AppVM (My > qubes also act as a firewall for home network) and we have no issue > connecting outbound. > Outbound connection as you know do not need the PRE-ROUTING rules, so also > the problem is seen on the FORWARD rule, I suspect more the PRE-ROUTING rule > is at fault and does not do its job. > I'll try to dig into this, however I won't have much time this week... Also, could you clarify if you've tested on FirewallVM and if here again Debian is OK and Fedora not. This might rule out issues with physical cards (which I suspect is not the problem as PRE-ROUTING does get the packet). -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/6557ef0f-529c-4377-8a04-b69aa90fcb96%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Port Forward using iptables broken?
On Friday, 9 February 2018 16:36:14 UTC, joev...@gmail.com wrote: > Yes, thanks for pointing out the typos. They are only mistakes in this post. > I use a script running in dom0 to generate pretty much everything. The same > script works when debian-8 is used. The interface is different depending on > the template I confirm I have the same issue. Please however note that I have another PCI NIC connected to an AppVM (My qubes also act as a firewall for home network) and we have no issue connecting outbound. Outbound connection as you know do not need the PRE-ROUTING rules, so also the problem is seen on the FORWARD rule, I suspect more the PRE-ROUTING rule is at fault and does not do its job. I'll try to dig into this, however I won't have much time this week... -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/66d8d330-8cb0-4b6e-baea-53ba34004a20%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Friday, 9 February 2018 19:20:40 UTC, awokd wrote: > On Fri, February 9, 2018 6:52 pm, Ivan Mitev wrote: > > @ bowabos & awokd > > > > > > On 02/09/18 20:19, bowa...@gmail.com wrote: > > > So, do you think I should try to submit a PR for some of > > the info present on the wiki page ? > > I think bowabos is already in process of doing this, but I can't find the PR? > > > Or may I send a link of the wiki page > > to the qubes-users@ ML first (so that people don't loose time going > > through the same issues), > > This shouldn't hurt, but please also mention what you said about it being > an unofficial staging area and content will be moved to the official docs, > etc. > > > and then wait that nobody has problems with the > > current set of install instructions before submitting a PR ? > > I wouldn't wait on future ones. If you've verified them yourself, go ahead > and submit. > > >> I second that, Ivan you've done a lot of work. I am not used to > >> opensource collaboration, so please feedback on my social "skills", I > >> feel I've jump the guns. So apologies. > > > > no problem at all - it seems that we're several people trying to install > > windows HVM on R4 and we all publish our findings at the same time ! > > I don't think anyone jumped the gun. > > I see adubois also has a PR out here for Windows doc patches, do they > cover the current wiki content? > https://github.com/QubesOS/qubes-doc/pull/578 This pull request cover just the minimum so that Windows can be installed (qvm-create + correct VM shell configuration). But if someone running R4 should be able to install win7 now without issues. QWT is not covered. I will have only limited capacity to help this week but will happily give a shot at reviewing the all Windows section after. However I will do that after fixing my Yubikey integration solution that I have promised to someone https://github.com/adubois/qubes-app-linux-yubikey -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/e5c732f8-b65e-4657-a266-42386385b767%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Fri, February 9, 2018 6:52 pm, Ivan Mitev wrote: > @ bowabos & awokd > > > On 02/09/18 20:19, bowa...@gmail.com wrote: > So, do you think I should try to submit a PR for some of > the info present on the wiki page ? I think bowabos is already in process of doing this, but I can't find the PR? > Or may I send a link of the wiki page > to the qubes-users@ ML first (so that people don't loose time going > through the same issues), This shouldn't hurt, but please also mention what you said about it being an unofficial staging area and content will be moved to the official docs, etc. > and then wait that nobody has problems with the > current set of install instructions before submitting a PR ? I wouldn't wait on future ones. If you've verified them yourself, go ahead and submit. >> I second that, Ivan you've done a lot of work. I am not used to >> opensource collaboration, so please feedback on my social "skills", I >> feel I've jump the guns. So apologies. > > no problem at all - it seems that we're several people trying to install > windows HVM on R4 and we all publish our findings at the same time ! I don't think anyone jumped the gun. I see adubois also has a PR out here for Windows doc patches, do they cover the current wiki content? https://github.com/QubesOS/qubes-doc/pull/578 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/0fef413a97e65666ecea56b3a25b1de4.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Wednesday, February 7, 2018 at 8:13:42 PM UTC-5, Marek Marczykowski-Górecki wrote: > For anyone interested, here is instruction how to setup build > environment: > https://github.com/QubesOS/qubes-builder-windows/ > > I know Rafał "Omeg" used Visual Studio for development, but I have no > idea if anything special was needed there. I see vs2012, vs2013, vs2015 > etc directories in relevant repositories. Hi Marek, If you have time... Just FYI, the instructions you linked to above no longer work. I say this based on more than several hours of trying to figure out how to build the tools. I get all the way, without errors or warnings, to the last step, which is `make qubes`. That step throws an error about rpm not being installed: "No rule to make target 'please.install.rpm.and.try.again', needed by 'check.rpm'. Stop." Granted, I think the reason is that in addition to the documented step of copying windows-tools.conf to builder.conf, there are probably some other configuration changes (not listed) to make the windows build environment work...but I don't know what they are. Using a new stable, up to date Win7 HVM install on Qubes R4, I followed the instructions without problems using the following variations to resolve some issues: - changing to a user account without spaces in it for better mingw32 pathname resolution. - hosting qubes-builder directory initially in the user download directory as well as later in C:\DEV - installing free VS2013 community release in either the standard location [hybrid of C:\program files and C:\program files (x86)] as well as in c:\vs2013 -- as documented, copying windows-tool.conf to builder.conf Lastly, while trying to figure out what the gap is in the instructions that lead to "make qubes", the last line, failing I tried: -- copying in all of the various files from that repository into the qubes-builder directory (no filename conflicts, basically a folder tree merge), and attemping to swap makefiles, etc. -- looking for conflicting pathnames to VS2013 in the qubes files, etc. and fixing them to match my current environment. What obvious thing am I missing? Thanks, Brendan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/1f35d245-dedd-409b-9fce-c1d2ef01958f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
@ bowabos & awokd On 02/09/18 20:19, bowa...@gmail.com wrote: On Friday, 9 February 2018 18:10:24 UTC, awokd wrote: On Fri, February 9, 2018 5:56 pm, Ivan Mitev wrote: I saw on qubes-users that you're updating the official documentation, that's great. Not only me! Some of the documents have already been updated, and others are being addressed by people with more knowledge in those areas. I *really* don't want to sound like I'm duplicating some of your work, or making your work harder. You're definitely not doing either. See https://github.com/QubesOS/qubes-issues/issues/3495 . I'm listing items (Windows 7 docs for a relevant example) that I'm skipping because I haven't used it enough to provide good documentation. My main concern was that *somebody* was going to push stuff from the wiki to the docs, and it not just sit out there confusing users with two knowledge sets. :) OK :) I just read issue #3495, you have a lot more knowledge of the official docs than I do. So, do you think I should try to submit a PR for some of the info present on the wiki page ? Or may I send a link of the wiki page to the qubes-users@ ML first (so that people don't loose time going through the same issues), and then wait that nobody has problems with the current set of install instructions before submitting a PR ? I second that, Ivan you've done a lot of work. I am not used to opensource collaboration, so please feedback on my social "skills", I feel I've jump the guns. So apologies. no problem at all - it seems that we're several people trying to install windows HVM on R4 and we all publish our findings at the same time ! On the documentation side, from my point of view, the security side on this area of the doc needs to be reviewed to address the iso in Dom0 (we should not do or encourage it) I also though of that. I'll try to test with --cdrom and the iso in an untrusted VM (it just worked for the tools so I don't know why I had to use a loop device on dom0). -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/a9631d61-8a85-e279-d27e-a746af8264ba%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Friday, 9 February 2018 18:10:24 UTC, awokd wrote: > On Fri, February 9, 2018 5:56 pm, Ivan Mitev wrote: > > > > > I saw on qubes-users that you're updating the official documentation, > > that's great. > > Not only me! Some of the documents have already been updated, and others > are being addressed by people with more knowledge in those areas. > > > I *really* don't want to sound like I'm duplicating some of > > your work, or making your work harder. > > You're definitely not doing either. See > https://github.com/QubesOS/qubes-issues/issues/3495 . I'm listing items > (Windows 7 docs for a relevant example) that I'm skipping because I > haven't used it enough to provide good documentation. > > My main concern was that *somebody* was going to push stuff from the wiki > to the docs, and it not just sit out there confusing users with two > knowledge sets. :) I second that, Ivan you've done a lot of work. I am not used to opensource collaboration, so please feedback on my social "skills", I feel I've jump the guns. So apologies. On the documentation side, from my point of view, the security side on this area of the doc needs to be reviewed to address the iso in Dom0 (we should not do or encourage it) - -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ce9b653c-dcb2-4b12-bd29-1d0a882790dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Fri, February 9, 2018 6:10 pm, awokd wrote: > On Fri, February 9, 2018 5:56 pm, Ivan Mitev wrote: > > > > >> I saw on qubes-users that you're updating the official documentation, >> that's great. > > Not only me! Some of the documents have already been updated, and others > are being addressed by people with more knowledge in those areas. And to give credit where it's due, Andrew David Wong and Marek have also been instrumental in filling in my knowledge gaps. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/745ddfb49d4aa7f195c98bb52f24a386.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Friday, 9 February 2018 17:56:49 UTC, Ivan Mitev wrote: > On 02/09/18 18:05, 'awokd' via qubes-devel wrote: > > On Thu, February 8, 2018 4:50 pm, Ivan Mitev wrote: > > > >> > >> IMHO a public wiki - official or not - should not replace the current > >> documentation: someone may add unsecure instructions (willingly or not) > >> and there will always be users who blindingly copy/paste instructions. > > > > That and divergence between the two sets of documentation, possibly by > > neglecting one or the other. > > > >> My idea behind a public wiki was to have a "staging" area that would > >> lower the bar for writing official documentation (eg. understanding pull > >> requests isn't needed), as well as easing "community" testing/debugging > >> (like providing workarounds or step-by-step instructions like now with > >> Windows HVMs). > > > > This sounds good; should avoid divergence. > > I fully agree about the divergence issue, that's why I plan to delete > the content on the public page(s) after it's pulled in the official docs. > > >> If after some time the instructions are deemed good > >> enough, then they could be pulled into the official docs and removed from > >> the wiki. > > > > Will you be handling that step by submitting PRs against the official > > docs? How frequently? > > I've set up the windows HVM wiki page to help other people struggling > with the issues I've been through. It's a bit of an experiment and it > would be interesting to see if other users contribute content to this > specific page, or even add other pages (the latter would be an > indication that something is either missing or difficult to find in the > official docs). > > tl;dr; I don't really know how it'll work out, how frequently PRs would > have to submitted - and whether I'll submit them myself or other users > step in, etc. > > I saw on qubes-users that you're updating the official documentation, > that's great. I *really* don't want to sound like I'm duplicating some > of your work, or making your work harder. The wiki page is 100% public > so feel free to delete stuff and/or import it in the official document > at your convenience. > > BTW I've eventually managed to successfully install Windows 7 in R4 and > I've updated the wiki page accordingly. I see that user > bowa...@gmail.com also managed to install a win7 VM with exactly the > same commands, so maybe we've reached a working set of install > instructions and I could submit a PR (or you could copy/paste the > instructions in the official docs). > IMHO, given that people are now trying R4 and Windows HVMs (there's for > instance a post on qubes-users@ by Alex a sec ago) it would be helpful > to post the link of the updated official doc or the temporary wiki page > to the qubes-users@ ML. > > Let me know what you think... > > Best, > Ivan Hi, I just saw this post. Apologies, I had already submitted a PR https://groups.google.com/forum/#!topic/qubes-devel/tBqwJmOAJ94 with the minimal change to get the install working. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/7eeb11a8-a6d0-46e7-8da2-c6a8ef162d4b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Fri, February 9, 2018 5:56 pm, Ivan Mitev wrote: > I saw on qubes-users that you're updating the official documentation, > that's great. Not only me! Some of the documents have already been updated, and others are being addressed by people with more knowledge in those areas. > I *really* don't want to sound like I'm duplicating some of > your work, or making your work harder. You're definitely not doing either. See https://github.com/QubesOS/qubes-issues/issues/3495 . I'm listing items (Windows 7 docs for a relevant example) that I'm skipping because I haven't used it enough to provide good documentation. My main concern was that *somebody* was going to push stuff from the wiki to the docs, and it not just sit out there confusing users with two knowledge sets. :) -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/1ad9cac489c152d1daf53725799072ba.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On 02/09/18 18:05, 'awokd' via qubes-devel wrote: On Thu, February 8, 2018 4:50 pm, Ivan Mitev wrote: IMHO a public wiki - official or not - should not replace the current documentation: someone may add unsecure instructions (willingly or not) and there will always be users who blindingly copy/paste instructions. That and divergence between the two sets of documentation, possibly by neglecting one or the other. My idea behind a public wiki was to have a "staging" area that would lower the bar for writing official documentation (eg. understanding pull requests isn't needed), as well as easing "community" testing/debugging (like providing workarounds or step-by-step instructions like now with Windows HVMs). This sounds good; should avoid divergence. I fully agree about the divergence issue, that's why I plan to delete the content on the public page(s) after it's pulled in the official docs. If after some time the instructions are deemed good enough, then they could be pulled into the official docs and removed from the wiki. Will you be handling that step by submitting PRs against the official docs? How frequently? I've set up the windows HVM wiki page to help other people struggling with the issues I've been through. It's a bit of an experiment and it would be interesting to see if other users contribute content to this specific page, or even add other pages (the latter would be an indication that something is either missing or difficult to find in the official docs). tl;dr; I don't really know how it'll work out, how frequently PRs would have to submitted - and whether I'll submit them myself or other users step in, etc. I saw on qubes-users that you're updating the official documentation, that's great. I *really* don't want to sound like I'm duplicating some of your work, or making your work harder. The wiki page is 100% public so feel free to delete stuff and/or import it in the official document at your convenience. BTW I've eventually managed to successfully install Windows 7 in R4 and I've updated the wiki page accordingly. I see that user bowa...@gmail.com also managed to install a win7 VM with exactly the same commands, so maybe we've reached a working set of install instructions and I could submit a PR (or you could copy/paste the instructions in the official docs). IMHO, given that people are now trying R4 and Windows HVMs (there's for instance a post on qubes-users@ by Alex a sec ago) it would be helpful to post the link of the updated official doc or the temporary wiki page to the qubes-users@ ML. Let me know what you think... Best, Ivan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/1ad298f0-1164-f560-0f1e-66ce1e441458%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Saturday, 3 February 2018 18:58:14 UTC, Yuraeitha wrote: > On Saturday, February 3, 2018 at 5:06:20 AM UTC+1, Andrew David Wong wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > On 2018-02-02 17:19, Yuraeitha wrote: > > > > > > It seems omeg who has been maintaining Qubes-Windows-Tools the last > > > few years, has gone inactive > > > > He is instead working on other projects for ITL's corporate clients, > > so "inactive" is not quite accurate. > > > > > https://github.com/QubesOS/qubes-installer-qubes-os-windows-tools > > > and thus far, it looks like no one else has picked up the project. > > > > > > > Correct. > > > > > If it is not planned to be done any time soon, then that's alright, > > > I can live with that. I'm already immensely grateful for everything > > > the Qubes team has done. But it's not so easy for everyone though, > > > some people are more heavily reliant on Windows than others for > > > certain applications. > > > > > > This post is NOT a complaint or anything of the sorts, but instead > > > a question to settle expectations on the correct path, instead of > > > looking every day for a new update, which can be a lot of > > > uncertainty or for some people even anxiety and frustrations, when > > > on Qubes 4 without a means to get Windows 7 installed. Essentially > > > people who need Windows and would love to get Qubes 4, are caught > > > in-between without any idea when or even if Windows 7 will be > > > supported anytime in the near-term future. > > > > > > In other words, just knowing it won't be anytime soon is in a way > > > also very good news, because it puts expectations in the right > > > place instead of uncertainty. Any such news-update on what is going > > > on with it and what to expect, would be appreciated. > > > > > > > As far as I know, Qubes Windows Tools continues to remain on > > indefinite hold. We welcome anyone from the community with the > > requisite skills to take over development (or just pitch in here and > > there). > > > > > Also, I'm not entirely sure regarding the code itself, but it > > > should be somewhat close to Qubes 4 in the current > > > Qubes-Windows-Tools? For example the Qubes 3.2. Win7 restored from > > > backup in Qubes 4, seems to more or less work, somewhat smoothly, > > > but not perfect. If so, maybe someone else can help with bringing > > > Qubes-Windos-Tools to Qubes 4? Unfortunately I have no coding > > > skills of this sort though, otherwise I'd give it a shot. > > > > > > > Sorry, I don't know. > > > > - -- > > Andrew David Wong (Axon) > > Community Manager, Qubes OS > > https://www.qubes-os.org > > > > -BEGIN PGP SIGNATURE- > > > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlp1NS0ACgkQ203TvDlQ > > MDCZYw//X/AlrUieQTF4ebMSab60xahi5erwpQc87Yzvb7WLLYBEnmY19d60M8IT > > oOr6p3zroDc+VvwBW4vIcp4S7RUNIDbIyppulW+6eiFunQK8kZGpks+RKfntxwEq > > Z8MCFeVNCedn43AGc6DCOLFrSsQVUR0LKVGIcI/Lhoe60zdvoMofnlF2hHRzWqvb > > 9UYuu/Kiqyy8RVyNq1LSNJ4/5jIIFDoxk12Wngc3s22OU5/u6I2vlnUHHwDC/X6n > > kbWSa8ltdKIOpglWxf34G7G60kdQVLfqw88mFzGUMk02EOeGkErMuG39wzCCGWyA > > 0Yp+KWeUaTH7mzUVTHR4G0uuWlFx7IaXUWOSJVmuSjItCQ4s7qbZ8A78ajN1aLYd > > JhhVnM8jzDF8zkrAd6Ez+zRVa9im/m1puck3uNb8Ou6VD0FnRWowl6iz0ijRhXsF > > A6qgr4jiGqqp3OSvxActu32KbW2ogxrDQThztcJgY1DuhDF/Y6YBHRI9I92udQ6r > > +A5OKoIKe3cskntkF5lrSawqVtyD+lxuT00gwwJrolj1ixdHt8ufyezvJxDYZJac > > UIu4y95w4H28YoxCY5bmoMIB5ncl4kskKs7qFpNbVHs4d8GsW1NcT2fxNzslGtsV > > D7muRf9n/gX3Ui5wNwwjP0gVMD6RrsY4wRdt4Jzk87VVdJIEiXM= > > =LLLN > > -END PGP SIGNATURE- > > Thanks Andrew, this was exactly what I was looking for, much appreciated. > > I'm gonna settle in for a plan B as listed below, although it looks really > interesting if Elias will be looking into it. Maybe Marek or someone else > with insight into the code can help a little bit to get started? > > But for the time being, I might try install Qubes 3.2. as a plan B to create > some temporary unlicensed clean Win7 Qubes backup's, and see if I can > transfer them to various of other Qubes 4 systems. This is mostly needed for > my friends though, and I still need to figure out if this is allowed within > the use-cases of the Windows 7 license or not, they will use their own > licenses. > > This method is a bit cumberstone if the code inside the Win7 installed on > Qubes 3.2. is buggy and creates unreliable issues, like unreliable transfer > of data integrity. Hopefully nothing bad will happen. > > Also need different types of Windows 7 copies for different types of > licenses, which is a bit problematic, but not impossible. > > For now this temporary plan B, this might be a work around to get a new clean > Win7 on multiple of different Qubes 4 systems, although a bit cumberstone, > and uncertain possibility of data integrity risk. Hi All, Thanks for your help in the thread. On R4, in order to get Win7SP1 64Bit Pro installed I did qvm-create win7 --class StandaloneVM --property
[qubes-devel] Re: Port Forward using iptables broken?
Yes, thanks for pointing out the typos. They are only mistakes in this post. I use a script running in dom0 to generate pretty much everything. The same script works when debian-8 is used. The interface is different depending on the template -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/380a0e4e-281b-482c-8f3a-224ec8b812cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Are there currently anyone assigned to update Qubes-Windows-Tools?
On Thu, February 8, 2018 4:50 pm, Ivan Mitev wrote: > > IMHO a public wiki - official or not - should not replace the current > documentation: someone may add unsecure instructions (willingly or not) > and there will always be users who blindingly copy/paste instructions. That and divergence between the two sets of documentation, possibly by neglecting one or the other. > My idea behind a public wiki was to have a "staging" area that would > lower the bar for writing official documentation (eg. understanding pull > requests isn't needed), as well as easing "community" testing/debugging > (like providing workarounds or step-by-step instructions like now with > Windows HVMs). This sounds good; should avoid divergence. > If after some time the instructions are deemed good > enough, then they could be pulled into the official docs and removed from > the wiki. Will you be handling that step by submitting PRs against the official docs? How frequently? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ec574595f27d4bf164c93297fcb55be1.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Port Forward using iptables broken?
On Fri, February 9, 2018 7:33 am, bowa...@gmail.com wrote: > On Friday, 9 February 2018 06:50:05 UTC, joev...@gmail.com wrote: > >> Fedora templates have a weird issue where the packet counter on the >> sys-net nat FORWARD chain does not increment. The PREROUTING chain does >> increment. I saw this too when trying to follow the port forwarding example in https://www.qubes-os.org/doc/firewall/ . Mentioned it on qubes-users. @adubois is researching as well. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/a0e9be2905297c310d37344fca346ee0.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
