Re: [qubes-users] Bad GPG Signature is Good on 2nd Try?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-05 19:23, entr0py wrote:
> Andrew David Wong:
>> On 2016-08-05 16:21, entr0py wrote:
>>> After downloading Qubes 3.1 iso, I attempted to verify with Release 3 
>>> Signing Key:
>> 
>>> user@host:~/Downloads$ gpg --verify Qubes-R3.1-x86_64.iso.asc gpg:
>>> assuming signed data in `Qubes-R3.1-x86_64.iso' gpg: Signature made Wed
>>> 09 Mar 2016 03:40:56 AM UTC gpg:using RSA key
>>> 0xCB11CA1D03FA5082 gpg: BAD signature from "Qubes OS Release 3 Signing
>>> Key" [unknown]
>> 
>> 
>>> I verified the hash .DIGESTS:
>> 
>>> user@host:~/Downloads$ gpg --verify Qubes-R3.1-x86_64.iso.DIGESTS gpg: 
>>> Signature made Wed 09 Mar 2016 11:35:48 AM UTC gpg:
>>> using RSA key 0xCB11CA1D03FA5082 gpg: Good signature from "Qubes OS
>>> Release 3 Signing Key" [unknown]
>> 
>> 
>>> I compared checksums:
>> 
>>> user@host:~/Downloads$ sha1sum Qubes-R3.1-x86_64.iso 
>>> 990b7765ee209b42b3cad78673463daae769c729  Qubes-R3.1-x86_64.iso
>> 
>>> user@host:~/Downloads$ cat Qubes-R3.1-x86_64.iso.DIGESTS | grep 
>>> 990b7765ee209b42b3cad78673463daae769c729 
>>> 990b7765ee209b42b3cad78673463daae769c729 *Qubes-R3.1-x86_64.iso
>> 
>> 
>>> So tried verifying the .iso again:
>> 
>>> user@host:~/Downloads$ gpg --verify Qubes-R3.1-x86_64.iso.asc 
>>> Qubes-R3.1-x86_64.iso gpg: Signature made Wed 09 Mar 2016 03:40:56 AM
>>> UTC gpg:using RSA key 0xCB11CA1D03FA5082 gpg: Good
>>> signature from "Qubes OS Release 3 Signing Key" [unknown]
>> 
>> 
>>> What am I missing? Is the 2nd argument necessary even though gpg found
>>> the signed data properly the first time?
>> 
>> 
>> Is it possible that the ISO hadn't completely finished downloading when
>> you tried to verify it the first time?
>> 
>> 
>> 
> 
> I don't think so, because then it would have had the .part extension. Is
> there a long write after the download completes?
> 

That probably depends on things like your hardware and which filesystem you're
using.

> RAM / HD limitations? 4.7 GB iso vs 1.0 GB RAM, 10 GB Private storage.
> 
> Not sure it's important but kinda unnerving to be producing different
> results :/
> 

Well, it should only be unnerving if you know with certainty that GnuPG is
returning different results on the *exact same* sequence of bits. Since you
didn't hash the ISO before the first (failed) verification attempt, we don't
have any evidence that that's the case. It's much more likely that the bits
changed (e.g., due to write caching, as you suggested).

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXpU/DAAoJENtN07w5UDAwleAP/RHsRdSvgeDMsH/PMmzHuWK2
BNH8vTD2kTb/ojO1XSgJu7jPTs9LJmmTf7+LuO4PqDpnWyssZYXcNDMtEnoojFvi
MIdBuRwdUS0ayYX8aUVWG5NF6XhqMhrojGdWiJ1RhvE3had7BbYmTOwNi+JAZF9Y
nuQTQYt4mBzOR/z9JfPmd+acfHBXc7TyAB0APKNU42r+wVTJ70vVuWIioXdhtqup
F6CgmpspJGxXKkogAtbekIpigRTFOqC9ShADTAY3gKDtSXmHD8jpEQBAJtFvpyNW
9DtkesEjMbbDc7wOutKMk1pT7feb7Zpks7WSnyads6OL+ilWoqdn0NoD43X+K97A
95OwSBnZY3d5uFZcXLY59OdCEOQdeS8jzn8C7rk7Z/3s+P+Cq17mfKD53WHPIglI
M9s3ahsI8D+iukNo/KsU+gZJfKWc8rAWi0I7vd4geSd0pGC3sWAPkWsY7IZhRpS+
cOLn7/3qzHoyOr2vU/5rc6LGEMF2sCCicy9Y/EI6HsZKZZYdI6mdaBfqyvrOTpMF
XWFE2uOO/+UoHZ6t+ZDkzDOlBZdbhvZmb/UaoGfjHqIjiuYwL5nKdRk4LHP6U0ZK
2je5DW6lOE22M752MtV/Xv/kQtaQM/nxyIJxMI6Etu6vKZIFMMYGpvGzQaPOWrGN
ZbL/7LFKvJt/UsMBC2VO
=P+iK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5548e639-89c8-74f1-6966-46d4e230308a%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Bad GPG Signature is Good on 2nd Try?

[entr0py]

Andrew David Wong:
> On 2016-08-05 16:21, entr0py wrote:
>> After downloading Qubes 3.1 iso, I attempted to verify with Release 3
>> Signing Key:
> 
>> user@host:~/Downloads$ gpg --verify Qubes-R3.1-x86_64.iso.asc gpg: assuming
>> signed data in `Qubes-R3.1-x86_64.iso' gpg: Signature made Wed 09 Mar 2016
>> 03:40:56 AM UTC gpg:using RSA key 0xCB11CA1D03FA5082 gpg:
>> BAD signature from "Qubes OS Release 3 Signing Key" [unknown]
> 
> 
>> I verified the hash .DIGESTS:
> 
>> user@host:~/Downloads$ gpg --verify Qubes-R3.1-x86_64.iso.DIGESTS gpg:
>> Signature made Wed 09 Mar 2016 11:35:48 AM UTC gpg:using
>> RSA key 0xCB11CA1D03FA5082 gpg: Good signature from "Qubes OS Release 3
>> Signing Key" [unknown]
> 
> 
>> I compared checksums:
> 
>> user@host:~/Downloads$ sha1sum Qubes-R3.1-x86_64.iso 
>> 990b7765ee209b42b3cad78673463daae769c729  Qubes-R3.1-x86_64.iso
> 
>> user@host:~/Downloads$ cat Qubes-R3.1-x86_64.iso.DIGESTS | grep
>> 990b7765ee209b42b3cad78673463daae769c729 
>> 990b7765ee209b42b3cad78673463daae769c729 *Qubes-R3.1-x86_64.iso
> 
> 
>> So tried verifying the .iso again:
> 
>> user@host:~/Downloads$ gpg --verify Qubes-R3.1-x86_64.iso.asc
>> Qubes-R3.1-x86_64.iso gpg: Signature made Wed 09 Mar 2016 03:40:56 AM UTC 
>> gpg:using RSA key 0xCB11CA1D03FA5082 gpg: Good signature
>> from "Qubes OS Release 3 Signing Key" [unknown]
> 
> 
>> What am I missing? Is the 2nd argument necessary even though gpg found the
>> signed data properly the first time?
> 
> 
> Is it possible that the ISO hadn't completely finished downloading when you
> tried to verify it the first time?
> 
> 
> 

I don't think so, because then it would have had the .part extension. Is there 
a long write after the download completes?

RAM / HD limitations? 4.7 GB iso vs 1.0 GB RAM, 10 GB Private storage.

Not sure it's important but kinda unnerving to be producing different results :/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82efc921-c394-63b7-1f5b-cad9fbad45b2%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Device attached failed with USB3

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Aug 05, 2016 at 04:43:02PM -0700, kotot...@gmail.com wrote:
> Hi,
> 
> When attaching a USB3 hard-drive to the untrusted VM I get the following 
> error:
> 
> dom0$ qvm-usb -a untrusted sys-usb:4-1
> ERROR: Device attach failed: sh: printf: I/O error
> 
> untrusted$ dmesg
> <...>
> [ 7482.281057] vhci_hcd: connection closed
> [ 7482.281166] vhci_hcd: stop threads
> [ 7482.281197] vhci_hcd: release socket
> [ 7482.281219] vhci_hcd: disconnect device
> [ 7489.228732] vhci_hcd: Failed attach request for unsupported USB speed: 
> super-speed
> 
> sys-usb$ dmesg
> <...>
> [ 7627.651333] usbip-host 3-2: recv a header, 0
> [ 7627.651449] usbip-host 3-2: lock for reset
> [ 7634.596562] usbip-host 4-1: stub up
> [ 7634.601226] usbip-host 4-1: recv a header, 0
> [ 7634.705358] usbip-host 4-1: reset SuperSpeed USB device number 3 using 
> xhci_hcd
> [ 7634.716919] usbip-host 4-1: device reset
> 
> Any ideas? I'm using Qubes 3.2RC2.

Unfortunately drivers we use (usbip) doesn't support USB3.0 yet.

Anyway, for hard drivers, you should use block attach (qvm-block
command).

https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-5
 Stating with Qubes 3.2, it is possible to attach a single USB device to
any Qube. While this is useful feature, it should be used with care,
because there are many security implications from using USB devices and
USB passthrough will expose your target qube for most of them. *If
possible, use use method specific for particular device type (for
example block devices described above), instead of this generic one.*

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXpSXoAAoJENuP0xzK19csyBoH+QFiQKphsMQxV09d88GF4u4D
kb4c6eLtx/W6mJ7m0PVyejkXExIaWej0Y1XyQsFAshcw1dpku/OLlFV7GE9gBJ9d
Gu0GK/JIjGnULgKmP2F+6mp4KbF5RpzdfFzAakeTWrmgWyNBVRO7a/ick9e/rvvN
1cjf4RMRcNTBiFuFlThRXppT66CmGSCVmxc2G0ufNTgEmVMRtGK7VMw5U2+5wcoy
TWzDGgKc1JU1/Yj9XdDFOtCf4MlqMiEP19H6vXhYKkJoDIVCi2+Pktl8HTmB7VMg
Sjk0+3cyFgnsV/zj2vs6eUm+Be1hl4oWWgCSrHu4ORD26K4S3dF9pYTp6n/OD3w=
=hNr7
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160805234855.GW32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Device attached failed with USB3

[kototamo]

Hi,

When attaching a USB3 hard-drive to the untrusted VM I get the following error:

dom0$ qvm-usb -a untrusted sys-usb:4-1
ERROR: Device attach failed: sh: printf: I/O error

untrusted$ dmesg
<...>
[ 7482.281057] vhci_hcd: connection closed
[ 7482.281166] vhci_hcd: stop threads
[ 7482.281197] vhci_hcd: release socket
[ 7482.281219] vhci_hcd: disconnect device
[ 7489.228732] vhci_hcd: Failed attach request for unsupported USB speed: 
super-speed

sys-usb$ dmesg
<...>
[ 7627.651333] usbip-host 3-2: recv a header, 0
[ 7627.651449] usbip-host 3-2: lock for reset
[ 7634.596562] usbip-host 4-1: stub up
[ 7634.601226] usbip-host 4-1: recv a header, 0
[ 7634.705358] usbip-host 4-1: reset SuperSpeed USB device number 3 using 
xhci_hcd
[ 7634.716919] usbip-host 4-1: device reset

Any ideas? I'm using Qubes 3.2RC2.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a089818-9785-4311-991a-d4a57b7391f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Poor performance when reading external DVD

[kototamo]

> In VLC try to change output mode to x11,  that dropped my cpu use by 60% to 
> 20%.

It did help. Thank you so much!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2ea6dbb-d7f0-4bab-b1d7-bb0ac7aa9383%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Poor performance when reading external DVD

[raahelps]

In VLC try to change output mode to x11,  that dropped my cpu use by 60% to 20%.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cabee3c5-82c0-4596-b9de-b91156a269a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Poor performance when reading external DVD

[kototamo]

When testing with Xine I got bad performance and this error message:

"The amount of dropped frame is too high, your system might be slow, not 
properly optimized or just too loaded".

I have an integrated intel card for video, how can I check it is properly 
configured?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4eaa723-e0ec-42d7-9a22-88c63edd10ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Poor performance when reading external DVD

[kototamo]

It seems to be related to VLC because mplayer works nicely! Very good news. 
Here the command for history:

$ mplayer -zoom -fs -vo x11 dvd:// -dvd-device /dev/sr0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62f785d0-4368-467c-8e9d-4b53170dd3be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Upgrading from Qubes 3.1 to 3.2 fail

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Aug 03, 2016 at 09:35:45AM +0200, donoban wrote:
> On 08/02/2016 10:57 PM, Marek Marczykowski-Górecki wrote:
> > 
> > Could you paste also list of packages in dom0 (rpm -qa)? This
> > should allow me to reproduce the problem.
> > 
> > 
> 
> Yes Marek! Here is it:
> https://paste.debian.net/786712
> 
> The only think that I did on both install was installing Xfce after
> the default KDE install (or maybe xfce was already installed?), I am
> not sure.
> 
> I hope it helps.

I've added additional step to the instruction[1] for Debian-based UpdateVM:

If you are using Debian-based VM as UpdateVM (sys-firewall by default),
you need to download few more packages manually, but do not install them
yet:

sudo qubes-dom0-update systemd-compat-libs perl-libwww-perl
perl-Term-ANSIColor perl-Term-Cap gdk-pixbuf2-xlib speexdsp
qubes-mgmt-salt-admin-tools
(...)
Transaction Summary
===
Install 15 Packages (+ 31 Dependent packages)
Upgrade  4 Packages (+200 Dependent packages)

Total download size: 173 M
Is this ok [y/d/N]: n
Exiting on user command
Your transaction was saved, rerun it with:
  yum load-transaction /tmp/yum_save_tx.

Please let me know if that helps.

[1] https://www.qubes-os.org/doc/upgrade-to-r3.2/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXpNp4AAoJENuP0xzK19csRlYH/1C3pqb5UVcpXSTGKD0QriKf
P9QYza6aPFbJkqLXlmNQQpYifO7Le/JGcByQfBWYRWkyz8F0bj6ccUr6VQ4Zf/VM
ZQXE9opp/pDO/UVE7LFuzzkK9coKecdFrlc1cUfHM/RnYc/PQ4Iz1iCdQg849m+M
4HGUmWV7LoDnlama+OOC3cMhBTNfLvqfi1tj/ot1/DRLligu6ylMcjEe+7IkNivq
PdIvkuPjml91AjZ0+Up6OW9upCa0qmjUjDbkUQqghqCLRsdtMLBZbg0ibpYVEJ5H
xOqTXrXxvh7W9Qc+edt1rDTcQTFoPyMgbxlzTRBEh+ewTuJ+1NtwZCRZA16gQz4=
=wR9Q
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160805182703.GS32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: External USB DVD fails to attach to the VM

[kototamo]

I found the solution by reading this: https://www.qubes-os.org/doc/usb/

and not this https://www.qubes-os.org/doc/assigning-devices/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/337ac69b-c527-4ead-964c-c45a60aeb9cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] External USB DVD fails to attach to the VM

[kototamo]

Hi,

I'm using an optical DVD reader/burner and attached it to one of the VM:

dom0$ qvm-block -l
sys-usb:sr0 Slim_USB_Burner (0782852) 6GiB (attached to 'my-new-vm' as 'xvdi')

It fails to show up in the VM:

[user@my-new-vm ~]$ ls -alh /dev/xvdi
ls: cannot access /dev/xvdi: No such file or directory

Also lsusb returns nothing:
dom0$ lsub -v
dom0$

I also tried to attach the whole USB controller to the VM, it didn't solve the 
problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f9edb83-9e5b-474c-a90a-17af48beec44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fedora Minimal ProxyVPN template?

[eliwu]

VPN Services usually offer a number of different sites/cities to connect to.  I 
am trying to set up a minimalist bare-bones Fedora23 template that I can base 
all of my ProxyVM's off of (via cloning), such that I only have to change the 
.ovpn file within each Proxy in the /rw/config/openvpn folder (and name the 
ProxyVM accordingly).  
This would allow me to choose to have a quick way to easily have a distinct 
proxyvm for each appvm that I can change at will w/o taking up excess memory.  

Does anyone have this set-up (or a better idea)?  If you do, care to share what 
packages you have pared it down to?  

Inspired by Olivier Médoc's post below..
https://groups.google.com/d/msg/qubes-users/LkGNj-mCVHI/e0N0FeLFCQAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0dca587-1e2d-498a-88d4-b6b9ad9da017%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] disposableVM not really disposable

[HW42]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Marek Marczykowski-Górecki:
> On Fri, Aug 05, 2016 at 11:57:38AM +0200, Marek Marczykowski-Górecki wrote:
>> On Wed, Jul 27, 2016 at 10:38:52AM +0100, cubit wrote:
>>> 26. Jul 2016 23:14 by marma...@invisiblethingslab.com:
>>>
 Check file list in /var/lib/qubes/appvms/fedora-23-dvm. Especially date
 and permissions of volatile.img there.

>>>
>>>
>>>
>>>
>>> It's actually fedora-23-stable-dvm based off a copy of the template
>>>
>>>
>>>
>>>
>>> Here is the file list,  there is one noticeable difference when
>>> comparing it to fedora-23-dvm folder.For my template
>>> volatile.img is chmod 600  while it is 644 in fedora-23-dvm.
>>> Changing the permissions to match 644 does not change anything, the
>>> problem still exists

@cubit: What is the output of 'sudo sh -c umask' in dom0?

>> Change it to 664 (same as other files there) - so qubes group will have
>> write access.
> 
> What are permissions on the directory itself?
> 
> 
>> (...)
> 
>>> -rw-rw-r-- 1 user qubes1669 Jun  2 20:15 disp8.conf
>>> -rw-rw-r-- 1 user qubes1670 Jun  2 20:15 disp9.conf
>>> -rw-rw-r-- 1 user qubes   309223442 Jul 21 09:49 dvm-savefile
>>> -rw-rw-r-- 1 user qubes1925 Jul 21 09:49 fedora-23-stable-dvm.conf
>>> lrwxrwxrwx 1 user qubes  55 Mar 31 16:15 icon.png -> 
>>> /usr/share/icons/hicolor/128x128/devices/appvm-gray.png
>>> -rw-rw-r-- 1 user qubes   1 Jul 21 09:49 netvm-id.txt
>>> -rw-rw 1 user qubes  2147483648 Jul 21 09:49 private.img
>>> -rw-rw-r-- 1 user qubes1024 Jul 21 09:49 saved-cows.tar
>>> -rw--- 1 root qubes 12348030976 Jul 26 20:00 volatile.img
>>> -rw-rw-r-- 1 user qubes  70 Mar 31 16:15 whitelisted-appmenus.list

One case in which this happens is when the root user has a restrictive
umask. Then prepare-volatile-img.sh creates a file as show above.
qubes-prepare-saved-domain.sh then fails siletly to include volatile.img
into saved-cows.tar.

This can be simply fixed by not running prepare-volatile-img.sh as root
(see attached patch, sudo is no longer necessary there).

But I'm not sure if this is the problem in the reported cases.
Especially this should be rather easily noticed since you can't start
a dispvm when another is still running.

What are the reasons for using bsdtar instead of tar? I tried to make
the script to fail in this case but bsdtar justs prints a warning on
permission errors and still exits with 0 (in contrast to GNU tar).
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXpJl2AAoJEOSsySeKZGgWFFIQALrQQB4n7uGNpsbdlopX166W
8sqACeMwJ5eozMt8uZ0g6IalfCUW58YSKCYPtepUxN1I7S3hxVBHQcx0M3q2yxhJ
LMmsAv7YdzFOxEr1oS+2UsmHJfuhCJjWMYEoIjTgskSVzB1Gd8vENptSPGUZedd9
IOYxfxIzahhx/2jYd5YdilqtW94Nr8iGCGVAqCnibE0oac16y5NTmSa4WP0gv4ou
QBuj5ejm7VrUDbsexdzxOVR33AeGv4kize+PT23WDVM8Fjr3Nt60zUhFRVUY6eSD
eSFmXw/re+KR9wweUiQBhtDk8WFFMkzSEBeh0Qxfs3SN7x2LeRLjIn+n5ns55TFA
wIRMkfGykyAC9k468bkjcE4pUJs8EfTnKc6yNmFVn68Jxpip3R90hb4orgtdLEQc
OeP7XERg/s78QDgjPod3CnroMKy7wTFQxsCgAFHpDiQKVNCSfQvGURMwcz/Mw37t
+FAnCK85BMgKF0CsTHWoF+KXmTI5VqyrbfFElKHxtuJ+yQCJfWj0JyqudQ5Ff7Sd
u9dZY1txUD5NJ3mPHISLRGzPEzdm/O1YDsNMEPu8ofGOK+fKDsQWlQWeXBVhD5pn
7SU/NXUvVjo5jK6Ii22QIch1IVehWdcjYahMpCOdZcR5kDoerksnYkWosUo/giO7
O2o/oh3+rIqIit705cTF
=cWHQ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2065e306-d473-706a-a000-14c11ae76540%40ipsumj.de.
For more options, visit https://groups.google.com/d/optout.
From 469a88067fb724a27d8a912c398a4fa9ef9e46eb Mon Sep 17 00:00:00 2001
From: HW42 
Date: Fri, 5 Aug 2016 15:44:05 +0200
Subject: [PATCH] prepare-volatile-img.sh: don't run as root

This is no longer necessary since volatile.img is formated inside the
VM. This also fixes DispVM creation if the user sets a restrictive umask
for root. Maybe related to #2200.
---
 linux/aux-tools/prepare-volatile-img.sh | 4 
 1 file changed, 4 deletions(-)

diff --git a/linux/aux-tools/prepare-volatile-img.sh b/linux/aux-tools/prepare-volatile-img.sh
index 40e22f5..b32142b 100755
--- a/linux/aux-tools/prepare-volatile-img.sh
+++ b/linux/aux-tools/prepare-volatile-img.sh
@@ -1,9 +1,5 @@
 #!/bin/sh
 
-if [ "`id -u`" != "0" ]; then
-	exec sudo $0 $*
-fi
-
 set -e
 
 if ! echo $PATH | grep -q sbin; then
-- 
2.8.1



0001-prepare-volatile-img.sh-don-t-run-as-root.patch.sig
Description: PGP signature

[qubes-users] Re: black screen after installation v3.1 on dell XPS 15

[j7wtah2m6dj8]

Op donderdag 4 augustus 2016 17:04:24 UTC+2 schreef kelo:
> is it a dell xps 15 9950 , the newest edition?
> 
> if yes does your network card get detected by qubes 3.1 and work properly?
> 
> do you have any issues with a 4k display?

No it's a rather old machine. 5 years old. I don't own a 4k display.
But I see the cursor blinking and than the screen goes black. I think 
one can call it "warm black". (as read in the discussions over here).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3b6ff57-28b3-4905-9587-ba52fe3a528c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] disposableVM not really disposable

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jul 27, 2016 at 10:38:52AM +0100, cubit wrote:
> 26. Jul 2016 23:14 by marma...@invisiblethingslab.com:
> 
> > Check file list in /var/lib/qubes/appvms/fedora-23-dvm. Especially date
> > and permissions of volatile.img there.
> >
> 
> 
> 
> 
> It's actually fedora-23-stable-dvm based off a copy of the template
> 
> 
> 
> 
> Here is the file list,  there is one noticeable difference when comparing it 
> to fedora-23-dvm folder.    For my template volatile.img is chmod 600  while 
> it is 644 in fedora-23-dvm.   Changing the permissions to match 644 does not 
> change anything, the problem still exists

Change it to 664 (same as other files there) - so qubes group will have
write access.

(...)

> -rw-rw-r-- 1 user qubes    1669 Jun  2 20:15 disp8.conf
> -rw-rw-r-- 1 user qubes    1670 Jun  2 20:15 disp9.conf
> -rw-rw-r-- 1 user qubes   309223442 Jul 21 09:49 dvm-savefile
> -rw-rw-r-- 1 user qubes    1925 Jul 21 09:49 fedora-23-stable-dvm.conf
> lrwxrwxrwx 1 user qubes  55 Mar 31 16:15 icon.png -> 
> /usr/share/icons/hicolor/128x128/devices/appvm-gray.png
> -rw-rw-r-- 1 user qubes   1 Jul 21 09:49 netvm-id.txt
> -rw-rw 1 user qubes  2147483648 Jul 21 09:49 private.img
> -rw-rw-r-- 1 user qubes    1024 Jul 21 09:49 saved-cows.tar
> -rw--- 1 root qubes 12348030976 Jul 26 20:00 volatile.img
> -rw-rw-r-- 1 user qubes  70 Mar 31 16:15 whitelisted-appmenus.list

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEbBAEBCAAGBQJXpGMTAAoJENuP0xzK19cs3nQH92oO91qw15Sa0f8jTAWbFtGX
pzVsXwH2i5jd9ctMufe6kqzAua32Bhuzyouj89F5XfD2CHUGpIA6W998P46RtxNG
FGDpyT20gKSpdfZlfpwwZGDlDCp4cbfiep15cSnC+yLhr8knTUBTlP+co9rXUyhk
7a/Ut7C8YknTLogkuHl7zfwodpi6ZUS+Iae4/4H2BJKMTeTS+Z0/OgpQUuI8aOXH
oESm6aTqkcrync2kLx8XZBkaBoXWdgj7W/Ram4bKNUO6p+k7oA7DrnpwRNsikt3M
0g0Yx97AN6qeZfsUgjqP219GqM0AqzN55k6nfLDkn12HkJSbLh+a5bvlY9LPuQ==
=pj6H
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160805095738.GN32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: PS2 Mouse with adaptor

[Herbies]

I have a few problem setting up usv mouse proxyvm.
Which STEP/GUIDE did you followed?

Thanks you.


On 08/03/2016 09:19 PM, raahe...@gmail.com wrote:
> On Tuesday, August 2, 2016 at 8:57:52 AM UTC-4, Herbies wrote:
>> Hi,
>>
>> Qubes advice to use ps2 mouse and keyboard but is impossible to find one
>> in local shop.
>>
>> I have bought some usb/ps2 adapter to connet usb keyboard and mouse to
>> my ps2 port. My keyboard is working well, but I have tried several model
>> of mouse unsuccessfully.
>>
>> Do you know the reason because my usb mouses fail to function while
>> connected to the adapter?
>>
>> Any other suggestion?
>>
>> Thanks you
> 
> imo,  it is not as important to have pci mouse as it is for keyboard.   I 
> just use a usb to pci adapter for keyboard.  and Use a usb mouse with the 
> qubes mouse proxy from usbvm.  For extra security set lockscreen.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3170361-d781-6bdc-3508-1761220ec9d1%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] disposableVM not really disposable

[Herbies]

Same issue here.
Solved by entering on the template fedora-23-dispvm (or the name you are
using)

I have opened FF for addon updates.
run command touch. qubes-disp.customized as you can find here

https://www.qubes-os.org/doc/dispvm-customization/

Than use the command qvm-create-default-dvm

And you should start with empty tempaltes.


Hope it help you

On 07/27/2016 11:38 AM, cubit wrote:
> 26. Jul 2016 23:14 by marma...@invisiblethingslab.com:
> 
>> Check file list in /var/lib/qubes/appvms/fedora-23-dvm. Especially date
>> and permissions of volatile.img there.
>>
> 
> 
> 
> 
> It's actually fedora-23-stable-dvm based off a copy of the template
> 
> 
> 
> 
> Here is the file list,  there is one noticeable difference when comparing it 
> to fedora-23-dvm folder.For my template volatile.img is chmod 600  while 
> it is 644 in fedora-23-dvm.   Changing the permissions to match 644 does not 
> change anything, the problem still exists
> 
> 
> 
> 
> 
> total 503544
> -rw-rw-r-- 1 user qubes1671 Jun  3 11:18 disp10.conf
> -rw-rw-r-- 1 user qubes1671 Jun  3 11:33 disp11.conf
> -rw-rw-r-- 1 user qubes1671 Jun  4 19:58 disp12.conf
> -rw-rw-r-- 1 user qubes1671 Jun  4 19:59 disp13.conf
> -rw-rw-r-- 1 user qubes1671 Jun  4 20:01 disp14.conf
> -rw-rw-r-- 1 user qubes1671 Jul 14 18:25 disp15.conf
> -rw-rw-r-- 1 user qubes1671 Jul 14 18:26 disp16.conf
> -rw-rw-r-- 1 user qubes1671 Jul 14 18:27 disp17.conf
> -rw-rw-r-- 1 user qubes1671 Jul 14 18:28 disp18.conf
> -rw-rw-r-- 1 user qubes1671 Jul 14 18:34 disp19.conf
> -rw-rw-r-- 1 user qubes1669 Jul 26 15:08 disp1.conf
> -rw-rw-r-- 1 user qubes1671 Jul 14 18:53 disp20.conf
> -rw-rw-r-- 1 user qubes1671 Jul 15 12:44 disp21.conf
> -rw-rw-r-- 1 user qubes1671 Jul 17 07:27 disp22.conf
> -rw-rw-r-- 1 user qubes1671 Jul 18 08:55 disp23.conf
> -rw-rw-r-- 1 user qubes1671 Jul 18 09:20 disp24.conf
> -rw-rw-r-- 1 user qubes1671 Jul 18 13:30 disp25.conf
> -rw-rw-r-- 1 user qubes1671 Jul 18 16:25 disp26.conf
> -rw-rw-r-- 1 user qubes1671 Jul 18 20:48 disp27.conf
> -rw-rw-r-- 1 user qubes1671 Jul 18 20:56 disp28.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 11:47 disp29.conf
> -rw-rw-r-- 1 user qubes1669 Jul 26 15:58 disp2.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 15:23 disp30.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 15:31 disp31.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 15:35 disp32.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 15:36 disp33.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 15:44 disp34.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 15:52 disp35.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 16:19 disp36.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 17:02 disp37.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 17:14 disp38.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 18:13 disp39.conf
> -rw-rw-r-- 1 user qubes1669 Jul 26 17:25 disp3.conf
> -rw-rw-r-- 1 user qubes1671 Jul 19 20:07 disp40.conf
> -rw-rw-r-- 1 user qubes1671 Jul 20 08:07 disp41.conf
> -rw-rw-r-- 1 user qubes1671 Jul 20 16:30 disp42.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 09:49 disp43.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 12:00 disp44.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 12:01 disp45.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 12:02 disp46.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 12:05 disp47.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 12:05 disp48.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 12:06 disp49.conf
> -rw-rw-r-- 1 user qubes1669 Jul 26 18:34 disp4.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 14:15 disp50.conf
> -rw-rw-r-- 1 user qubes1671 Jul 21 15:09 disp51.conf
> -rw-rw-r-- 1 user qubes1671 Jul 22 09:23 disp52.conf
> -rw-rw-r-- 1 user qubes1671 Jul 22 09:24 disp53.conf
> -rw-rw-r-- 1 user qubes1669 Jul 26 18:51 disp5.conf
> -rw-rw-r-- 1 user qubes1669 Jul 26 19:59 disp6.conf
> -rw-rw-r-- 1 user qubes1669 May 30 12:16 disp7.conf
> -rw-rw-r-- 1 user qubes1669 Jun  2 20:15 disp8.conf
> -rw-rw-r-- 1 user qubes1670 Jun  2 20:15 disp9.conf
> -rw-rw-r-- 1 user qubes   309223442 Jul 21 09:49 dvm-savefile
> -rw-rw-r-- 1 user qubes1925 Jul 21 09:49 fedora-23-stable-dvm.conf
> lrwxrwxrwx 1 user qubes  55 Mar 31 16:15 icon.png -> 
> /usr/share/icons/hicolor/128x128/devices/appvm-gray.png
> -rw-rw-r-- 1 user qubes   1 Jul 21 09:49 netvm-id.txt
> -rw-rw 1 user qubes  2147483648 Jul 21 09:49 private.img
> -rw-rw-r-- 1 user qubes1024 Jul 21 09:49 saved-cows.tar
> -rw--- 1 root qubes 12348030976 Jul 26 20:00 volatile.img
> -rw-rw-r-- 1 user qubes  70 Mar 31 16:15 whitelisted-appmenus.list
> 
> 
> 
>  
> 

-- 
You received this message because you are subscribed to the Google 

Re: [qubes-users] Re: Android Emulator

[Alex]

On 08/04/2016 07:51 PM, Torsten Grote wrote:
> I tried it now and it works, but is barely usable, because it is 
> very(!!!) slow. On top of running ARM emulation in an AppVM, I needed
> to turn on software graphic rendering, because hardware rendering
> didn't work.
Yeah, it's quite slow, but depending on your app it may suffice - my
apps are "companions" for business applications, so there are no speed
requirements nor fancy graphics to display.

> It would be nice if Android guests would be officially supported by 
> Qubes OS, but until that's the case, maybe there's a way of running 
> Android guests in the meantime.
> 
> An Android image comes with these files:
> 
> kernel-qemu ramdisk.img system.img userdata.img
> 
> Shouldn't it be possible somehow to create a XEN guest VM with these 
> files mounted, so Android can actually boot?
While an Android x86 HVM guest may boot, would it work as an emulator
suitable for debugging? There may be some work to do to route tcp port
5554 from the debuggee (server) to the debugger.

I don't think a PV situation could easily work, because Qubes would like
to have its tools installed in the VM to be able to compose windows
coming from all the VMs in the system, while Android does not easily
allow for such a modification. But an HVM may boot, with its own
windowed fullscreen.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/109e5728-9aca-4f36-3629-0c493f40852a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature