Re: [qubes-users] Feedback and errors on installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-05 20:34, Benoit Georgelin wrote: > Hi users of the Qubes Os list, > > This weekend I decided to install this Os that I have been > following for a while . After trying once, without spending too > much time (1h) and fail to install, I decided to give it another > try. > > I spend the weekend trying to figure how to install the system. > Here is my feedback and my errors because unfortunately I could not > make it work . > > 1- Install media : USB > > I did use an USB Key for my installation media. > > First problem, my computer (Toshiba Satellite P50) use EFI I'm > aware 3.0 does not support EFI , I did try 3.1 and 3.2-rc3 Both > case , dd if=image of=/dev/usb boot to a grub shell > > So to get from grub shell to grub install : > > set root=hd0.1 linuxefi /EFI/BOOT/vmlinuz root=live:/dev/sdb1 > initrdefi /EFI/BOOT/initrd.img boot > > That, gave me the possibilité to boot the installer and "install" > the OS > > 2- USB key cannot be use as the installation media If I want to use > the usb as the install media, that is what is expected, here is the > error : > > Installation Source : Error setting up base repository > > So, yes, not possible to use the USB key as the source of the > installation media. > > I have to use another USB-KEY with the Qubes Os iso file , plugged > at the right time to be able to use it. > > 3- Installation process lead to no-bootable device > > I tried automatic partitionning, manual partitionning , btrfs or > ext4 partition, nothing After the installation ends , disk boot > failure, please insert ... > > But, 2 times, over maybe 10 , I have got the system booting after > the installation end. And the only two times it worked , the boot > process crashed and could not boot the device anymore > > 4- Installation finished, boot with the usb-key plugged in to get a > grub terminal and boot my Qubes Os with grub shell command > > So yes, this is all it take to me to boot up the system Some will > say that it's a good security to avoid anyone booting the system, > but I would like to have a normal boot process :) > > 5- Not able to finalise installation > > At the first boot, QubesOs ask for the first configuration . In my > case 100% of the time I could get to this operation failed with the > error that you can see on that picture : > > https://pbs.twimg.com/media/Cro4G4vWYAA2reD.jpg > > > So the installation first configuration process crash, I can't do > it. > > After , I'm able to login with my user into dom-0 Inside dom-0 I > cannot do anything because the configuration does not exist and > because I don't know what to do to solve that. > > I don't really know if all of this is "hardware specific" issues, > but I don't think so. The computer is few years old The disk is an > SSD brand new > > The installation process does everything correctly , I mean no > errors and "normal" process that lead to a disk boot failure . I > can see the disk have the bootable flag , /boot partition is here > /boot/efi partition too > > I someone have any suggestion I'll be happy to try it stable > version 3.1 and 3.2 have exactly the same behavior 3.2 does not > allow BTRFS partitioning so I went for ext4 > > I hope the feedback will give some input to QubesOs team and others > users > > Cheers, Benoit > Just as a quick check: Did you verify the ISO prior to dd-ing it to the USB drive? https://www.qubes-os.org/doc/verifying-signatures/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXzlh/AAoJENtN07w5UDAwhhcP/iBBYg3cYV0PHH4XCfL6XCiQ sPN8vFhcy+5MKN/waENLVCV4KV/VMxypX5pKJBHZkeL0wUamYjiHOhBGnFSDhlo2 TWi1EFRSuHK5xTbliyBGSyJY+cQY1YwW7/NGWl2QQuvhXcP5wEenqoMspFHV5rG7 A9UVoGynU4G4b36Uf6STZhKiHfgVAF7xIhZ57h7Ml2YGe/HusTdb2vfqaRtF00Ty lTdUR4kmbSa1JCzOSnkM6EaHo4lkG2pMg9zBkbqTfMkm//KPHYYEfgV0TcSmqRra OcN+pBd+2xx7NIRlXi4h42rCeaUYVM9MuEFfKbUG/krAJkDsyvBoagknPAgDwHSo 9rwzip1JtXsgYOaG3aptp5iN/nB7gQ94MhxNh/2bvjqINw0WVd+uEKwZl95QUgPm NyBxRru5j1APe2tUYs39MdxIww1Q+OSeimUDunNQZj2WuInLl0MALkxTH2n5Yir0 wDLLZGHaAXgjNbasO3/tITFEzQcdGO+fuO8AB3/uD0kAY+ENRjnoEOqbbXg3+sTN dEWsd0GJTDpNz2B/pyfiX+nF9vWwtubIRlqz866OpcPS7gVHc72/eUj6DkzEpmHc BqS+p4Tljoz54T8tzNWHTmQ/b4iVFggY9YBrFVGKQfDL1KNu+L0GBtMMk1gXVMf+ 4dufMrllVMQAMdgYVfRA =lfpO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90cc672f-0dfd-1d1b-3508-c4f64b390c61%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows Tools - mouse
Mouse cursor in Windows Tools Seamless Mode is clunky. On the screen it's only displayed half the time. Otherwise there is nothing there. sometimes moving the mouse displays nothing as the mouse moves, sometimes it's a shimmering cursor, sometimes I see only glimpses of it. But when it's NOT on a Windows Tools Seamless GUI windows, it's fine, it's solid as can be. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/684e1b5c-603d-4f2c-a03f-c2925c01099a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to share data between 2 Qubes installations via USB in a sensible way?
On Monday, 5 September 2016 20:33:22 UTC+10, David Hobach wrote: > Yes, but can you attach data from a single drive to multiple VMs > automatically? I guess no? Yes you can, it is scriptable. > But that's what this was all about... > In short: I like to plug in my USB drive and have all the data I need > from that drive in all VMs in a matter of seconds (& in a secure way). > > So I guess there was a misuderstanding. > > Other than that I mostly agree with your Opsec standards. > > At best I also wouldn't need to keep that drive secure, but since > there's hardware attacks around I better do it anyway. The real issue is that with Qubes, it doesn't write back immediately when the device is attached, not does it update very well. I can mount my drive under a VM, but Dom0 won't see the changes I made in DomU until I unmount an dallow the changes to be written, then unmount from Dom0, then remount in Dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/776e8f10-52d2-42e4-b630-c0dc9f4a35f5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Feedback and errors on installation
Hi users of the Qubes Os list, This weekend I decided to install this Os that I have been following for a while . After trying once, without spending too much time (1h) and fail to install, I decided to give it another try. I spend the weekend trying to figure how to install the system. Here is my feedback and my errors because unfortunately I could not make it work . 1- Install media : USB I did use an USB Key for my installation media. First problem, my computer (Toshiba Satellite P50) use EFI I'm aware 3.0 does not support EFI , I did try 3.1 and 3.2-rc3 Both case , dd if=image of=/dev/usb boot to a grub shell So to get from grub shell to grub install : set root=hd0.1 linuxefi /EFI/BOOT/vmlinuz root=live:/dev/sdb1 initrdefi /EFI/BOOT/initrd.img boot That, gave me the possibilité to boot the installer and "install" the OS 2- USB key cannot be use as the installation media If I want to use the usb as the install media, that is what is expected, here is the error : Installation Source : Error setting up base repository So, yes, not possible to use the USB key as the source of the installation media. I have to use another USB-KEY with the Qubes Os iso file , plugged at the right time to be able to use it. 3- Installation process lead to no-bootable device I tried automatic partitionning, manual partitionning , btrfs or ext4 partition, nothing After the installation ends , disk boot failure, please insert ... But, 2 times, over maybe 10 , I have got the system booting after the installation end. And the only two times it worked , the boot process crashed and could not boot the device anymore 4- Installation finished, boot with the usb-key plugged in to get a grub terminal and boot my Qubes Os with grub shell command So yes, this is all it take to me to boot up the system Some will say that it's a good security to avoid anyone booting the system, but I would like to have a normal boot process :) 5- Not able to finalise installation At the first boot, QubesOs ask for the first configuration . In my case 100% of the time I could get to this operation failed with the error that you can see on that picture : https://pbs.twimg.com/media/Cro4G4vWYAA2reD.jpg So the installation first configuration process crash, I can't do it. After , I'm able to login with my user into dom-0 Inside dom-0 I cannot do anything because the configuration does not exist and because I don't know what to do to solve that. I don't really know if all of this is "hardware specific" issues, but I don't think so. The computer is few years old The disk is an SSD brand new The installation process does everything correctly , I mean no errors and "normal" process that lead to a disk boot failure . I can see the disk have the bootable flag , /boot partition is here /boot/efi partition too I someone have any suggestion I'll be happy to try it stable version 3.1 and 3.2 have exactly the same behavior 3.2 does not allow BTRFS partitioning so I went for ext4 I hope the feedback will give some input to QubesOs team and others users Cheers, Benoit -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/464418968.1157842.1473132849344.JavaMail.zimbra%40georgelin.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Networking between Linux and Windows VMs
On Monday, September 5, 2016 at 10:23:42 PM UTC, Daniel Wilcox wrote: > Hi Micah, you're taking the opposite the usual strategy I do on my extra > firewall vms -- by adding a rule rather than removing one. Could you try on > the appropriate firewall vm: > > iptables -D FORWARD 3 # where rule 3 should be the rule to drop all packets > between the vif interfaces > Before opening up your firewallVM, please narrow down the issue to either the firewallVM or dev_win10 by completely disabling Windows Firewall. It's questionable whether you're gaining any protection from Windows Firewall anyway (wrt Qubes philosophy). Go to Control Panel > Windows Firewall > Turn Windows Firewall on or off: First, confirm that `Block all incoming connections` is unchecked! As a paranoid user, you might have set this and then forgotten. Then, `Turn off Windows Firewall` for *both* profiles. No reboot. Initiate RDP session from dev. > This should be equivalent to what you're doing but might be worth a check. > Also I'm sure you've noticed whenever the firewall vm has a change to its > rules, it'll reload and we have to re-execute this (anyone have ideas for > that btw?). https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4 (see "qubes-firewall-user-script") -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d0c4c13-3460-4fdc-b206-bd754d5cafb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Request for test: Re: [qubes-users] Fedora 24?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 23, 2016 at 09:31:46PM +0200, Niels Kobschaetzki wrote: > On 16/06/23 00:28, Marek Marczykowski-Górecki wrote: > > On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote: > > > Hi, > > > > > > what would I need to do to update an existing Fedora-template or install > > > a new template to/with Fedora24? > > > > > > Will Fedora24-templates come with Qubes 3.2? > > > > In Qubes 3.2 we build packages also for Fedora 24. There is no prepared > > template available, and packages aren't tested yet, but it should be > > possible to upgrade using something similar to: > > https://www.qubes-os.org/doc/fedora-template-upgrade-21/ > > Just replace 23 with 24 and probably use dnf instead of yum. > > It seems that the commands might work but the packages in the Qubes-repo > have still dependency-problems with Fedora 24. It seems I need to wait > for 3.2. > And I am not eager to do an allowerasing or some force installing which > burnt me in the past (not with Qubes but in general). > > The error messages are: > Error: package python3-dnf-plugins-qubes-hooks-3.1.16-1.fc23.x86_64 requires > python(abi) = 3.4, but none of the providers can be installed. package > qubes-gui-vm-3.1.5-1.fc23.x86_64 requires pulseaudio = 7.1, but none of the > providers can be installed. > package xen-qubes-vm-2001:4.6.0-13.fc23.x86_64 requires xen-libs = > 2001:4.6.0-13.fc23, but none of the providers can be installed. > package qubes-core-vm-3.1.16-1.fc23.x86_64 requires > python3-dnf-plugins-qubes-hooks, but none of the providers can be installed. > package qubes-core-vm-systemd-3.1.16-1.fc23.x86_64 requires qubes-core-vm, > but none of the providers can be installed > (try to add '--allowerasing' to command line to replace conflicting > packages) I've just tried this and successfully upgraded Fedora 23 to Fedora 24 template. TL;DR version: 1. Clone fedora-23 to fedora-24-test. 2. Open terminal in fedora-24-test. 3. Run "dnf upgrade --releasever=24". 4. Shutdown the template. 5. Switch (some of?) VMs to this template. Some basic tests are ok. Please, if any of you have a chance, test such template. If that would work, we'll build full template for convenience. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzf6RAAoJENuP0xzK19cslMwH/37T/x0gSoVd3wS52cPibhlU aKgyRW1DCs/cYaBhiTLI3yk5FANbhedqmNB1NQ8hdNIus7s0qtRHdHWv25DH4Dd6 b/qvJlOsB1xWI+EIhkr+1Bxw58MVRXYD6LWB+Z0jaH0fco4tCdb6s7Xls5Dt5OJ4 3UUZQAPvrZ42oh5WEd+brY/48AmNSS10YTkuKJD9/rfh1g6BxHMC/dNAwIH+dJWQ WjuDdX6V5AKV11F1fbS7cGOJiVsv5v7ohJdglDNC8B2bQNwDiQ7+u4ScBVDn96+o BzDntrIG8U1dN6PuAW6nxG361+mF4SXzTz7L/X1TIsswnVN3Ize/AxKYoHDxj8s= =O9Wf -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160905232400.GA8182%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Networking between Linux and Windows VMs
On 09/05/2016 02:44 PM, Connor Page wrote: > they should be connected to the same firewallvm, not netvm. iptables in > netvms are set up differently. They are connected to the same firewallvm. And I've successfully gotten networking working between two Linux VMs using this firewallvm. It's just not working with one of the VMs being a Windows HVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5eddbdaf-ca4e-cf63-b739-1229acc0f052%40micahflee.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Networking between Linux and Windows VMs
they should be connected to the same firewallvm, not netvm. iptables in netvms are set up differently. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3955b649-e8b3-495d-8a4c-7315f3c2909f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] yubikey challenge-response
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Sep 05, 2016 at 12:57:33PM -0700, Peter Ihasz wrote: > Hi! > > Unfortunately, I can't login with yubikey and yubikey linked password. > > Here is my config: > > 1, > yubikey linked password: apple > > echo -n "apple" | openssl dgst -sha1 > yubikey linked password: d0be2dc421be4fcd0172e5afceea3970e2f3d940 > > yubikey-personilization-gui > > LOGGING START,9/4/16 9:10 PM > Challenge-Response: HMAC-SHA1,9/4/16 9:10 > PM,2,,,04c21478245c36861b9f946e0d9388d5ebbb909d,,,0,0,0,0,0,0,0,0,0,1 > > usbvm name: sys-usb > > > 2, > in doom0 > chmod 755 yubikey-auth > /usr/local/bin/yubikey-auth > > #!/bin/sh > > key="$1" > > if [ -z "$key" ]; then > echo "Usage: $0 []" > exit 1 > fi > > # if password has given, verify it > if [ -n "$2" ]; then > # PAM appends \0 at the end > hash=`head -c -1 | openssl dgst -sha1 -r | cut -f1 -d ' '` > if [ "x$2" != "x$hash" ]; then > exit 1 > fi > fi > > challenge=`head -c64 /dev/urandom | xxd -c 64 -ps` > # You may need to adjust slot number and USB VM name here > response=`qvm-run -u root --nogui -p sys-usb "ykchalresp -2 -x $challenge"` > > correct_response=`echo $challenge | xxd -r -ps | openssl dgst -sha1 -macopt > hexkey:$key -mac HMAC -r | cut -f1 -d ' '` > > test "x$correct_response" = "x$response" > exit $? > > 3, > > /etc/pam.d/kscreensaver (KDE desktop environment) > > auth [success=done default=ignore] pam_exec.so expose_authtok quiet > /usr/local/bin/yubikey-auth 04c21478245c36861b9f946e0d9388d5ebbb909d > d0be2dc421be4fcd0172e5afceea3970e2f3d940 Do you have anything in logs in dom0 (check `sudo journalctl -eb`)? Do you have ykchalresp installed in template of sys-usb? It's part of ykpers package. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzdD3AAoJENuP0xzK19csyxwH/1u0FQINHo0Bs7a3uTzfi5Wl jyoknwt9vA3b0V/AMLKIfz4g7+hoEocbachW+BRNl+KAvHJ4ZcEUzyugHq0F7OO/ mGhi6f4EiF/NPYG8zNwWkvy2MGinCbuTwjI52AzYV5Wb3efk+JUyCRB0VfHgoQtl SLbRvPavN3h3LkZWdA6OHfQXHyiDJVVM9jikg4bLhFlDc4Jx3XOGB6Ocbj6F2A5X fWHEDlTvWFvud3U+nln0ALlICwlktEm4Oy99UgYnCt9QXslGW08bzSAAiVXOpKbo izjvf2F84sT2Vt5D39uGdB4/F8dy+AQS7F9Pi2En5NE4Jm5PZJD9vE3BfnS40Ic= =QeHk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160905200926.GK13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] yubikey challenge-response
Hi! Unfortunately, I can't login with yubikey and yubikey linked password. Here is my config: 1, yubikey linked password: apple echo -n "apple" | openssl dgst -sha1 yubikey linked password: d0be2dc421be4fcd0172e5afceea3970e2f3d940 yubikey-personilization-gui LOGGING START,9/4/16 9:10 PM Challenge-Response: HMAC-SHA1,9/4/16 9:10 PM,2,,,04c21478245c36861b9f946e0d9388d5ebbb909d,,,0,0,0,0,0,0,0,0,0,1 usbvm name: sys-usb 2, in doom0 chmod 755 yubikey-auth /usr/local/bin/yubikey-auth #!/bin/sh key="$1" if [ -z "$key" ]; then echo "Usage: $0 []" exit 1 fi # if password has given, verify it if [ -n "$2" ]; then # PAM appends \0 at the end hash=`head -c -1 | openssl dgst -sha1 -r | cut -f1 -d ' '` if [ "x$2" != "x$hash" ]; then exit 1 fi fi challenge=`head -c64 /dev/urandom | xxd -c 64 -ps` # You may need to adjust slot number and USB VM name here response=`qvm-run -u root --nogui -p sys-usb "ykchalresp -2 -x $challenge"` correct_response=`echo $challenge | xxd -r -ps | openssl dgst -sha1 -macopt hexkey:$key -mac HMAC -r | cut -f1 -d ' '` test "x$correct_response" = "x$response" exit $? 3, /etc/pam.d/kscreensaver (KDE desktop environment) auth [success=done default=ignore] pam_exec.so expose_authtok quiet /usr/local/bin/yubikey-auth 04c21478245c36861b9f946e0d9388d5ebbb909d d0be2dc421be4fcd0172e5afceea3970e2f3d940 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/404d53fa-3ed8-40e7-92df-fe399b744eb0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Changing default user from "user" to something else in AppVMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Sep 05, 2016 at 11:48:50AM -0700, John Toohey wrote: > Hi, > Just starting with Qubes and have 3.0 installed and running. I have some old > scripts that rely on my username being the logged in user. I've tried to use > qvm-prefs -s to set the user name from the root console, but it doesn't work. > What is the correct way to set the user name that AppVMs use be default when > they are created? In short: sorry, not possible. Most of tools (like ssh, irc etc) support setting default username to something else than logged in user. You can also try changing $USER and/or $LOGNAME environment variables. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzcDdAAoJENuP0xzK19csc48H/jJr6Y/lHf4Z2Uvo2EBcLuTY QOEy9Z0yXbLCupiN4TDJTEwWiikdkT9am+8Ze/MB+zRBO3tXXDqTjsle9x5YtWqc usrEaBGTxEGyG8QZI7mSslutLnXpYxngChDVjtYM1Nqq46UEN+929qYxbdXzpXDm trPJ4q/w7o+qBB1xlRy36g94dA3Yn8LdOB4x0u1QXJVATYirfcdRIculVD5DmE+J zWxDLkdr/IRtSERQFpkl02sLIUbXGyXkFU0y7U7C8Kz4UFba0ymcK38Ni5ETMBZc Fas8G91F90jCHiAPoPV0AAYp1kdbY0JZ0jFssfhVu2/ZA2LR566fAsKOAoedQ9A= =4dZZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160905190044.GJ13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to share data between 2 Qubes installations via USB in a sensible way?
On Monday, June 27, 2016 at 7:22:26 PM UTC+2, David Hobach wrote: > (qvm-block can mount files from one VM to > another) If this is true, why is it not a massive security issue? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c900a29-bc58-4ac0-b7f5-1687c016fd7c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Changing default user from "user" to something else in AppVMs
Hi, Just starting with Qubes and have 3.0 installed and running. I have some old scripts that rely on my username being the logged in user. I've tried to use qvm-prefs -s to set the user name from the root console, but it doesn't work. What is the correct way to set the user name that AppVMs use be default when they are created? ~JT -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f2204c8-3102-4339-a89d-d0cea07a7211%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.1 and 3.2 beta both fail in post-install configuration
On Sunday, September 4, 2016 at 2:45:03 PM UTC-4, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Sun, Sep 04, 2016 at 11:42:24AM -0700, Bob Newell wrote: > > Hello, > > I tried installing both Qubes 3.1 and Qubes 3.2 on my Lenovo T420S. Both > > exhibit the same problem, during the first-boot setup, after clicking ok > > from the checkboxes (I didn't change the defaults), there is an extremely > > lengthy error message generated. I think all of it was captured in the > > messages I read with journalctl. The bottom line is my VMs weren't > > generated. If I try to create a debian or fedora VM from the Q menu nothing > > happens. If I try to create a disposable VM for firefox with the shortcut I > > get "DVM savefile creation failed." Any suggestions? > > > > here are my messages: http://hastebin.com/ixifaqenad.md > > How are you booting the system? It looks like you have modified > bootloader configuration to load Linux directly, excluding Xen. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXzGuqAAoJENuP0xzK19cs8cAH/iC16M2FiB0wjxJyRZus2F0S > bLCjQtVsBEuI8/3VId1tkiDm30bIg8yGWPjz2WxU4DaRwiWpyWWGBcf/db0mRdWk > Qj7ogPyLLPU1/JET+3BSmwHoamX69LogUfv/CXVc4dtMreO2nLDAfROP7eIshTL5 > abPrYWIKVvTx1b7yJQ9Q+b2b+FWheMvfe7K3kBjF7bqGaI+ur8W5/9DZVuR7XsiS > DgGRxzatlrxfAH7+53qu3S6fFAlYTGrUk1JQxHpURlwMn1+3GgYlHRfxEDKIS6uZ > wp/eo9AVCa/ObESaJDE90b8tkRVkIPPFXaNDlZLMseL3F2lhHsYKVwfMP5nTcaY= > =a8g/ > -END PGP SIGNATURE- All I did was manually boot into ubuntu to restore my grub setting that got overwritten. Maybe that wiped out some Xen stuff that was in Qubes' grub setting. Is there a way to write Qubes' grub to a partition instead of the MBR? One of my biggest beefs with Anaconda is that it just overwrites your MBR and doesn't ask you where you want it. I would prefer to install any distro's grub to a partition and chainload it, that way, booting another linux distribution and updating a kernel doesn't wipe out any established boot settings. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b86896d4-4ddd-4d70-bcff-6a1c8287fc89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] xdg and /etc/qubes/autostart
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Sep 05, 2016 at 11:26:03AM +0200, Achim Patzner wrote: > Am 05.09.2016 um 11:17 schrieb Marek Marczykowski-Górecki: > > On Mon, Sep 05, 2016 at 10:31:17AM +0200, Achim Patzner wrote: > > > Is there any documentation regarding xdg and overrides in > > > /etc/qubes/autostart? I didn't find anything telling me what to put into > > > an override file in order to restrict something to exactly one VM > > > 8sys-usb in this case)... Are there any examples? > > > > If you just want to start something in one VM, use the standard XDG way > > to do that - place files in ~/.config/autostart (as ~ is not shared > > across VMs). > > Wouldn't that require to have someone log in? I'm talking about ~/.config/autostart in VM. It is handled at VM startup (or more precisely - when GUI connects). Yes, this do mean it is executed only if someone is logged in to dom0. > > As for /etc/qubes/autostart docs - there should be README.txt. > > There is a README telling to put additional entries into > /etc/qubes/autostart but it does not mention anything about _what_ to > put there. There is even an example... Ah, you mean possible values for OnlyShowIn and NotShowIn? Indeed it isn't documented anywhere, I think. But you can look at a lot of examples there. Possible values: - X-QUBES - any VM - X-AppVM - any AppVM (excludes TemplateVM, ProxyVM, NetVM) - X-NetVM - X-ProxyVM - X-TemplateVM - X-UpdateableVM (TemplateVM or StandaloneVM) - X-NonUpdateableVM (template based VMs) > Besides: Imagine you wanted to install solaar on sys-usb and start it on > boot. What would you do to get it running without launching it by hand? I see solaar fedora package comes with a file in /etc/xdg/autostart. So in fact you want to _disable_ it in non-sys-usb VMs, right? So two steps: 1. Disable it everywhere: /etc/qubes/autostart/solaar.desktop.d/30_qubes.conf: [Desktop Entry] NotShowIn=X-QUBES; 2. Enable it in sys-usb: ln -s /etc/xdg/autostart/solaar.desktop ~/.config/autostart/ The second one works because overrides in /etc/qubes/autostart are applied only to files in /etc/xdg/autostart and not ~/.config/autostart (as indicated in README). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzT4MAAoJENuP0xzK19csEPcH/3wRj+ReHgu8RJPju6Dn4yWO YNyw384ydVmUYA1NMTbrlojhU0Dgb9Nd7l9T1xgo/Gj8ytPu75bqCAekTveqMmgL 1loKa1NljHcqPLHT6RJLWcGR9vgF9efTQUUc1yxIzW3UIVNi8rPftC3LpJ9UcgEH vuV4WoQrzp/qJnkO0NWSDpJEgbkepeetUuL4s30vFLoAZh05MbNOL+7EjuMmTKUE OpEPDa+RJlAaaygNUB0mz1V51Z7WeJkEQnlplOQZCShXQKtSo79SFi+qltorPbbS f67ZY8vm9sYi/eaghDHskzXv3/GELl/2RCJoIWvIFnOF2mBFz0JiCsvtvgv58+I= =wG54 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160905094235.GD13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-05 01:20, Drew White wrote: > On Monday, 5 September 2016 17:51:11 UTC+10, Andrew David Wong > wrote: >> >> The closest thing available is the qubes-hcl repo: >> >> https://github.com/QubesOS/qubes-hcl >> >> This contains all the HCL reports listed on >> https://qubes-os.org/hcl/ (just the .yml files). > > > Hi Andrew, > > I did get those, but I figured there may have been some that were > changed or overwritten by newer versions or later versions too. > > Thus I was hoping there was an easy way to get them all, for all > the ones that have ever been uploaded, thus for the same hardware > but different versions of Qubes. Instead of the same PC with only > displaying the latest data available. > > Is there any way that something such as this would be gather-able > from this forum? > > Sincerely, Drew. > As far as I know, there's no "easy" way to get that (in the sense of being able to download a single ZIP file, for example). However, there are two options you may wish to consider: 1. Since Git is a version control system, it stores past states of these files. For any given file, you can restore any prior version that was committed to this repo. 2. We ask users who submit HCL reports to include "HCL" in the subject lines of their emails, so searching for that phrase should, in principle, turn up (almost) all HCL reports that have ever been submitted (along with some other things, like this thread ;) ). It might be possible to programmatically download all the attachments from this list of search results (e.g., using something like wget). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXzS2WAAoJENtN07w5UDAwWaQP/2jjX/ezv2v2Oyyz2mzLl58B ijEe+Tk4SLqtSZ6LbfH3faGnShgKdbViTJ+6j8k0Jubpp5gnjdtdl6m9qWBP9SMY ZAy5MhRIdU5Q0jid1Xdxbi/eyO2fVol1bi8I4dV1lLrGcv51qxBldDVbXEYbae6A 95W3csps6CfgOC0kLPftQ6aBmxB0kYQAjTf65Q1ZfoclTZlyd7NbPQZ0v/YAdyyl ToWs0C7qfaKJJYUeI33jV4n8W7UG2rVzEwPm+Qk0AHhd5t5DrO6FUymoznwzrk+5 k4N4RXaOORz9eZwaJERcaEHR4xr2xih4i+BftXRyz5NVW/KIu7Z5WtzUNXJlHZyq PR54tjN24bBSeR7YDAKn8GgV6AxWqh4z4U+HpjhBp+7yzV9rEl8rrJnrJ0LiloKx OwT4lHSui1mQd83JorrB/zzO2QIOUJbMNlso1VRpCARviKMXyebN7bUcY9RCVDac qNEOTd2XQC1k6PZCfZ/6CIxBhmuQknKDjN2XSWR6SzOOydAH9s1dhNG86pTffQPs ka+kDQ2jV9LFdEmKTJkV2Osb64OULBtvlLhR9493nI+RxJeETabVzfWzi+bBQO2c 6nVxFyuTbxf/tGHYME8pjMWBS+Zp6PwEi3I2uGQp0iYBchW1fvrnc2uoQ3QiVjJz +X5M86TvNp/VP2hxG0Xs =7cXN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/05fece31-059f-3df4-f50d-2c60a3004f2c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL
On Monday, 5 September 2016 17:51:11 UTC+10, Andrew David Wong wrote: > > The closest thing available is the qubes-hcl repo: > > https://github.com/QubesOS/qubes-hcl > > This contains all the HCL reports listed on https://qubes-os.org/hcl/ > (just the .yml files). Hi Andrew, I did get those, but I figured there may have been some that were changed or overwritten by newer versions or later versions too. Thus I was hoping there was an easy way to get them all, for all the ones that have ever been uploaded, thus for the same hardware but different versions of Qubes. Instead of the same PC with only displaying the latest data available. Is there any way that something such as this would be gather-able from this forum? Sincerely, Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2be19f92-b5f3-488b-9ea1-09d2f093278a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-04 21:47, Drew White wrote: > Is it possible that I can get a copy of every HCL report that has > ever been posted in here please? > > I'm asking to know if there is a single location, or whether I have > to go through the entire thing to find them? > > Thanks. > The closest thing available is the qubes-hcl repo: https://github.com/QubesOS/qubes-hcl This contains all the HCL reports listed on https://qubes-os.org/hcl/ (just the .yml files). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXzSPkAAoJENtN07w5UDAwQ5kP/i1ViAsIqEbk6a6SbhIJ4HnE jzNkomvjcg9xS4mEKNYHd/OM/RxrDolu1Y5qttAv4IhGf3gdD0V24lugm8XaOoqD edo53PnW5U6zcMPaDh9neoDeiwf7ThIdVTzdc+6AAxc+fOiBdlhHOc3ncULDuhqP ZhrhXese0tylIJdBB1QUdhvBc132lIUTUciSWDg68BLW87bTbEz440ib8pky4o+1 Gqn/eAnsIxIcNJo9s5kYcYr3fcngkOJur4gVABR7IT3/GyAO1qOO5to2liawTFik c67zcdNU0E8VwRO6lJGQitdlt79M+Pn8FQrMUGe18mTaEiVb5cluVHkAPI/+sCz5 bqWNtXK+MSovZBIQeWUoShIk/qF2FQEhZ1RH2egHfQNl+/DX3ZkcyrWv4UZRq3GC OSPHPedtjZo+AqCyRF+JEOEXg+C3fPj/qsYt2vuXBc0fRBPnLSfhedKu/Eochf0G 8Y5c8TmSPQBLYF0PNvQDTRyOGWyBuIzUkw6zjpOHQbzHydp7v4l6W6Gd1wnHs/AB vh1dvp+vKP9f0EozhQbIiPdB/93IUh33yQ5tBhWQ8T2Rjqd18nZqh/TcxZYN2xqi aH/KCQS6suk7gHtqp2Ri94xzWJ5YC9S6JZFpJENYlljB7Ala/8nGQUD+EvnCrKXI AaYunHZ6uQMnwEcTHcuU =MrXS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e48c4cfd-3bb4-3d20-d191-5c8e0a888bb8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Recovery Disk & Suggest Live Linux CD to recovery system like WinPE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-04 10:27, Eva Star wrote: > Are there some live recovery CDs as we have on windows (Windows > PE)? > > I notice that qubes have some recovery console, but it's hard to > understand how to use it (maybe some examples at Documentation and > "Recovery page" at documentation? Some basic examples... How to add > utilities to it? What utilities we already have on this console? > How to use them? Please, add the page to docs about it... > > Now, I'm searching the way to run some LiveLinuxCD to reencrypt my > drive. So, this LiveCD must have 1) cryptsetup / > cryptsetup-reencrypt tool. > For reasons similar to those Connor gives, it might be better to rely on some kind of dedicated "Linux rescue distro" instead. It's likely that the utilities and documentation would be much more robust and up-to-date. If we tried to do this in our own documentation, it would probably quickly become out of date and end up not being very useful in the long run (assuming we could even find anyone to contribute the requested documentation in the first place). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXzSG0AAoJENtN07w5UDAwkbIP/0dyfXH8u0MLLYddr+Twd+p5 qSYeNpM/uxNrp/Azx+bkf09iu5w0CdCQAIgwfEovvSslANX+4ABgmGqwR7MlGiCN lfQlLd1LQNPdQQbgzWLY8x+FMLcSgipYQcKE5ip9/UPYCtpPfzE5q3+UsYsgEijV OwnVF1wDvFz0GqHh+iKuT3TUxGxqqx96/jjXp8EZ8ZfmDseCvm5VMvZ4fFnTL4hB tXMx2QW0g9sR2w0maZxM+jPMbj4r68eTPuVAgZyQeJiB7VquhXMUgm7DMZJ5KWEE JpglYYFHuJRfWPJolPqVxT3XZN5T78lb5yPdORs//6K2P4qQ35nlrICNZXqUJwzh qEDeqFUGcZAB60K+Xu1sttEhNrf1cs51+OJvNFCTma995N5nar36p8k1QQj6wdIF 0ZO73vns4NOOYQZ3RDI3Oo59LiF5ZgC63d1lv36C8i7qOKzDXpyv7gxvIUmwwh5Y aDi8CxQAdDLpOGlWPNTwwVrFmqPjrYOnhPp65wurqFQC3fWV/vTZVsJb7eI31ErZ kJCTdZXF/yiL6zCtw7LculR95v9ezpjJZv6RawGhN40SClZHE2/nB82UZtji5qo5 AcUhja1GAQ3yR/81OKs+APQoo77PBan1Nj8CvYt0IuA2Z4WMSEY0BJYnOgkluYdl arr/W2/txUsxdic/ZXam =95Rw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1742d7a0-704b-a40c-d9ea-2ea75727be97%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qube OS install hangs on "ENABLING IO-APIC IRQs" step
I am able to create Qubes R3.1 USB drive using Rufus, but when I try to boot from it, it get stuck at "(XEN) ENABLING IO-APIC IRQs" step. See the attached pic. I have HP Z220 CMT Workstation with both VTx and VTd enabled. Any suggestions to unblock this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/be9b5ad2-5419-4ec6-b961-6f8becc11d54%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
