[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[Reg Tiangha]

On 06/27/2017 04:50 PM,
0spinbo...@gmail.com wrote:
> It seems building works fine on fc23. Wonder what changed between 6/17 and 
> today that fc25 no longer compiles kernels, though.
>
> Wasn't using any patches from the hardening project. 

I just spun up a FC25 BuildVM and *no* kernels (I even tried 4.4 and
4.9) compile any more on that machine (but they do with the same config
on FC23).

There was a change to the kernel.spec file a few weeks ago to work
around a buggy dracut on FC25 for R4.0 and I think that's what's causing
it (the script seems to die in that code chunk) and maybe reverting it
to the old version might help, but I won't have time to look at this
again for another couple of days. I've noticed that Marek has continued
to do work on that file since the last time it was synchronized so maybe
if I sync up with that version, it might work again.

For now though, things seem to work fine with an FC23 build VM, so I'd
suggest sticking with that for now.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oivcfg%242cp%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes dom0 display issues: The default resolution is stuck at 800 x 600

[cooloutac]

On Tuesday, June 27, 2017 at 2:31:26 AM UTC-4, mo.nad...@gmail.com wrote:
> Yeah, just realised I wasn't very specific. The laptop has a 1080p screen so 
> I wanted to use Qubes at the laptop screen's native resolution. What's weird 
> is the installer works at its native resolution but the actual OS doesn't.

Have you tried change the resolution simply from the desktop menu?  Check the 
onboard gpu enabled in the bios?

I have no other suggestions except the ones i mentioned previously.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b1b0619-3725-4850-85a9-6cd34491a6d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Best Laptop For Qubes

[cooloutac]

On Tuesday, June 27, 2017 at 12:06:35 AM UTC-4, tai...@gmx.com wrote:
> On 06/26/2017 11:41 PM, cooloutac wrote:
> 
> > On Monday, June 26, 2017 at 11:14:32 PM UTC-4, tai...@gmx.com wrote:
> >> On 06/26/2017 10:57 PM, cooloutac wrote:
> >>
> >>> On Monday, June 26, 2017 at 10:43:26 PM UTC-4, tai...@gmx.com wrote:
>  On 06/26/2017 10:30 PM, cooloutac wrote:
> 
> >> An intel gpu on an opteron server board? and you wonder why I question
> >> your expertise.
> >>
> > maybe it was a xeon lol,  point is I think server boards are for servers, I 
> > don't immediately think compatibility.
> If you don't know what you are talking about don't just throw stuff out 
> there, you can have your opinion but that isn't a fact and it shouldn't 
> be stated as such.
> It isn't right to put down good hardware for no reason like what you are 
> doing.
> When I was a young teenager and I first joined the internet I did the 
> same thing until people told me to stop, then I learned for real - they 
> appreciated that and so did the tens of thousands of people I have 
> helped on various forums over the years. I hope you will do the same.
> 
> There is no actual difference between "server" and "desktop" 
> CPU's/chipsets, it is 100% marketing and artificial market segmentation.
> Intel/AMD don't run two production lines they simply burn fuses to turn 
> features off or on for that market segment. They also sell 4 and 8 core 
> cpus but they only make 8 core cpus, if an 8 has two broken cores 
> instead of throwing it away 4 are shut off and it is sold as a quad core.
> >
> > You keep accusing purism of being overpriced  then post about a 100 dollar 
> > keyboard,  and now 500 dollar mobos?  Its like you keep trying to prove my 
> > point security is only for rich people.  lol
> A G34/C32 cpu is only around $30, whereas you'd pay $500 for a xeon with 
> equivalent performance
> A KCMA-D8 is $330 not $500.
> 
> I built my libre computer for $500 total, I fail to see how that is 
> comparable to a closed source computer (purism) that costs thousands of 
> dollars - if they were actually free that would be a fine price to pay 
> but they aren't so you're spending twice as much as a dell or system 76 
> for no reason.
> 
> I have had my Model M keyboard for 10 years, before I bought this I had 
> to buy a new $30 keyboard every 3 years as they would break or the 
> letters would wear off and they would look gross so I have saved money. 
> I will never have to replace it as it will never break. It feels much 
> better to type on and my hands stopped hurting too.
> 
> I don't understand why people will balk at spending money on slightly 
> higher fixed costs (what you don't replace every pc upgrade, keyboard 
> chair etc) when they spent thousands on a new gaming pc every few years.

its common sense to me man. Server boards are designed for servers.  I gave 
some tips on how to get something compatible which I think is priority.  
Another one is to research the board on linux forums and see if its used alot 
or not or if it has problems.  

 Its like wanting to use centos as a gaming os.  is it possible?  probably, 
anything is possible,  but is it practical?

But Jean brings up good points whats "best" is subjective. 

 But I have to say talking someone out of buying Purism that supports Qubes and 
free hardware like you want, calling it overpriced, and then recommending 
expensive as hell server boards and 100 dollar keyboards as a little strange.  
I mean you balked first.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2b2ace1-a05d-4f5a-b47b-748196aa9586%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[Unman]

On Tue, Jun 27, 2017 at 06:03:28PM -0700, Ken J wrote:
> Hi Unman,
> 
> That might be the case more times than not (working on my search
> skills) :) I want to start by thanking you for your work. Amazing
> 
> I was a bit confused throughout this process because had the ./setup
> telling me to make install-deps, make get-sources, make qubes-vm, make
> template. I've got https://www.qubes-os.org/doc/qubes-builder/ telling me
> something different. Then there's
> https://www.qubes-os.org/doc/templates/ubuntu/ telling don't worry it's
> easy with no instruction. Then there is this thread telling me if I have an
> issue please bump to master and try something else. My build fails and like
> the poor sap that I am I have no idea if it's me, my setup, qubes, or
> trump.
> 
> Maybe I'm using all of the wrong search terms, qubes + ubuntu + debootstrap
> + mount, no clue what the answer is all I got that looked remotely close to
> my search was this thread.
> 
> On Tue, Jun 27, 2017 at 5:54 PM, Unman  wrote:
> 
> > On Wed, Jun 28, 2017 at 01:44:03AM +0100, Unman wrote:
> > > On Tue, Jun 27, 2017 at 08:29:24AM -0700, kennethjohns...@gmail.com
> > wrote:
> > > > On Friday, March 3, 2017 at 7:07:07 AM UTC-8, Unman wrote:
> > > > > > As soon as the PRs are merged I'll post to the list, and you can
> > try it
> > > > > > then. (Or you could merge them yourself of course, and try the
> > build.)
> > > > > > Testing and feedback would be much appreciated.
> > > > > >
> > > > > > I've been using Xenial for a while and it seems fine.
> > > > >
> > > > > PRs are merged, to master if nor 3.2
> > > > >
> > > > > This means that both Xenial and Trusty should build straight.
> > > > >
> > > > > Set up a build environment as per docs.
> > > > >
> > > > > git clone  https://github.com/QubesOS/qubes-builder
> > > > > cd qubes-builder
> > > > > ./setup (select builder-debian and trsut/xenial variants, deselect
> > > > > fed23)
> > > > > edit builder.conf, changing RELEASE:=3.2 to RELEASE:=master
> > > > > make switch-branch (to get latest and greatest versions of
> > components)
> > > > > make qubes-vm
> > > > > make template
> > > > >
> > > > > cheers
> > > > >
> > > > > unman
> > > >
> > > > Is this still usable today? I switched the branch to master and I went
> > from having a failure in debootstrap at the make template stage to a
> > failure at the make qubes-vm stage.
> > > >
> > > > To be clear the debootstrap.log was showing an entry "chroot: failed
> > to run command 'mount': No such file or directory" where I could see mount
> > was in the /bin dir when I mounted and checked.
> > > >
> > > > This issue in make qubes-vm appears to happen because core-agent-linux
> > cannot find files.
> > > > ...
> > > > make[1]: Entering directory `/home/user/qubes-src/core-agent-linux'
> > > > dh_install --fail-missing
> > > > cp: cannot stat 
> > > > 'debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf':
> > No such file or directory
> > > > dh_install: cp -a debian/tmp/lib/systemd/system/
> > avahi-daemon.service.d/30_qubes.conf debian/qubes-core-agent//lib/
> > systemd/system/avahi-daemon.service.d/ returned exit code 1
> > > > make[1]: *** [override_dh_install] Error 2
> > > > make[1]: Leaving directory `/home/user/qubes-src/core-agent-linux'
> > > > ...
> > > >
> > > > One thing I tried doing in an prior run was git checkout v3.2.18 as
> > per https://github.com/QubesOS/qubes-core-agent-linux/releases/tag/v3.2.18
> > running on a hunch that the 4.0 code is messing with something which did
> > indeed work and it continued on. v3.2.18 is the last v3 release you guys
> > have. But shortly after it failed in another module. I followed the same
> > steps, checked out a v3 version and it continued on. did that I think one
> > more time and make qubes-vm finishes.
> > > >
> > > > Now I run make template and fails in debootstrap same as initially.
> > > >
> > > > Is there an Ubuntu guide out there that is relevant and works? I have
> > been scouring the web for 3 days now trying to get a trusty and xenial
> > template built.
> > >
> > > I think you need to work on your search skills :-)
> > > The same question was asked on this list 3 days ago.
> > > The mount error arises because 'mount' isn't on the path - copy the
> > > export PATH statement from template_debian/vars.sh to
> > > template_qubuntu/vars.sh, and you should be good to go.
> > >
> > > The build on master is crocked for the moment.
> > > Note that the PRs are all merged to 3.2, and you can therefore build on
> > > 3.2 without any problem.
> > > The simplest way to do this is to set RELEASE := 3.2 , and then 'make
> > > switch-branch'.
> > >
> > > There's really no need for a special Ubuntu guide - the standard
> > > instructions for using qubes-builder in
> > > www.qubes-os.org/doc/qubes-builder explain the basics.
> > > Obviously if you just want to build a template, then 'make qubes-vm' and
> > > 'make template' suffice.
> > 

Re: [qubes-users] How to pass Applications to appvm.

[Unman]

On Tue, Jun 27, 2017 at 04:36:20AM -0700, Finsh wrote:
> Hello,
>  i do have a few programs installed in my debain 8 /9 templates (i use deb9 
> for Closed Source programs), which i want to pass to my appvms:
> the programs are for example for debian 8: "wipe" debian 9: "Spotify"
> 
> How do i pass them on to the Applicationlist, qvm-sync doesnt work.
> 
> greetings
> 

Have you looked at this?
www.qubes-os.org/doc/managing-appvm-shortcuts/

You probably need to create a new desktop file in
/usr/share/applications in the Template.
You can copy an existing file and just adapt it to whatever command is
needed to run the application.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628011928.apfilr24vrookzlw%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[Ken J]

Hi Unman,

That might be the case more times than not (working on my search
skills) :) I want to start by thanking you for your work. Amazing

I was a bit confused throughout this process because had the ./setup
telling me to make install-deps, make get-sources, make qubes-vm, make
template. I've got https://www.qubes-os.org/doc/qubes-builder/ telling me
something different. Then there's
https://www.qubes-os.org/doc/templates/ubuntu/ telling don't worry it's
easy with no instruction. Then there is this thread telling me if I have an
issue please bump to master and try something else. My build fails and like
the poor sap that I am I have no idea if it's me, my setup, qubes, or
trump.

Maybe I'm using all of the wrong search terms, qubes + ubuntu + debootstrap
+ mount, no clue what the answer is all I got that looked remotely close to
my search was this thread.

On Tue, Jun 27, 2017 at 5:54 PM, Unman  wrote:

> On Wed, Jun 28, 2017 at 01:44:03AM +0100, Unman wrote:
> > On Tue, Jun 27, 2017 at 08:29:24AM -0700, kennethjohns...@gmail.com
> wrote:
> > > On Friday, March 3, 2017 at 7:07:07 AM UTC-8, Unman wrote:
> > > > > As soon as the PRs are merged I'll post to the list, and you can
> try it
> > > > > then. (Or you could merge them yourself of course, and try the
> build.)
> > > > > Testing and feedback would be much appreciated.
> > > > >
> > > > > I've been using Xenial for a while and it seems fine.
> > > >
> > > > PRs are merged, to master if nor 3.2
> > > >
> > > > This means that both Xenial and Trusty should build straight.
> > > >
> > > > Set up a build environment as per docs.
> > > >
> > > > git clone  https://github.com/QubesOS/qubes-builder
> > > > cd qubes-builder
> > > > ./setup (select builder-debian and trsut/xenial variants, deselect
> > > > fed23)
> > > > edit builder.conf, changing RELEASE:=3.2 to RELEASE:=master
> > > > make switch-branch (to get latest and greatest versions of
> components)
> > > > make qubes-vm
> > > > make template
> > > >
> > > > cheers
> > > >
> > > > unman
> > >
> > > Is this still usable today? I switched the branch to master and I went
> from having a failure in debootstrap at the make template stage to a
> failure at the make qubes-vm stage.
> > >
> > > To be clear the debootstrap.log was showing an entry "chroot: failed
> to run command 'mount': No such file or directory" where I could see mount
> was in the /bin dir when I mounted and checked.
> > >
> > > This issue in make qubes-vm appears to happen because core-agent-linux
> cannot find files.
> > > ...
> > > make[1]: Entering directory `/home/user/qubes-src/core-agent-linux'
> > > dh_install --fail-missing
> > > cp: cannot stat 
> > > 'debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf':
> No such file or directory
> > > dh_install: cp -a debian/tmp/lib/systemd/system/
> avahi-daemon.service.d/30_qubes.conf debian/qubes-core-agent//lib/
> systemd/system/avahi-daemon.service.d/ returned exit code 1
> > > make[1]: *** [override_dh_install] Error 2
> > > make[1]: Leaving directory `/home/user/qubes-src/core-agent-linux'
> > > ...
> > >
> > > One thing I tried doing in an prior run was git checkout v3.2.18 as
> per https://github.com/QubesOS/qubes-core-agent-linux/releases/tag/v3.2.18
> running on a hunch that the 4.0 code is messing with something which did
> indeed work and it continued on. v3.2.18 is the last v3 release you guys
> have. But shortly after it failed in another module. I followed the same
> steps, checked out a v3 version and it continued on. did that I think one
> more time and make qubes-vm finishes.
> > >
> > > Now I run make template and fails in debootstrap same as initially.
> > >
> > > Is there an Ubuntu guide out there that is relevant and works? I have
> been scouring the web for 3 days now trying to get a trusty and xenial
> template built.
> >
> > I think you need to work on your search skills :-)
> > The same question was asked on this list 3 days ago.
> > The mount error arises because 'mount' isn't on the path - copy the
> > export PATH statement from template_debian/vars.sh to
> > template_qubuntu/vars.sh, and you should be good to go.
> >
> > The build on master is crocked for the moment.
> > Note that the PRs are all merged to 3.2, and you can therefore build on
> > 3.2 without any problem.
> > The simplest way to do this is to set RELEASE := 3.2 , and then 'make
> > switch-branch'.
> >
> > There's really no need for a special Ubuntu guide - the standard
> > instructions for using qubes-builder in
> > www.qubes-os.org/doc/qubes-builder explain the basics.
> > Obviously if you just want to build a template, then 'make qubes-vm' and
> > 'make template' suffice.
> > Otherwise, there's the illustrated guide to building an Arch Template in
> > the docs.
> >
> > unman
> >
>
> And an update shows me you'd worked this out for yourself - good stuff.
>



-- 
Regards,
Ken B. Johnson

-- 
You received this message because you are 

Re: [qubes-users] Containing Twitter sessions

[J.M. Porup]

On Thu, Jun 22, 2017 at 11:40:44AM -0400, Ryan Tate wrote:
> I am perplexed by the challenge of containing Twitter use in Qubes.
> 

> 
> If I had to pick from the default VMs, I would probably put Twitter in 
> “untrusted” due to the risks on the read side, even though the account itself 
> is sensitive and ideally you would not put such write capabilities in a "wild 
> west” environment like “untrusted." Perhaps better is to just make a 
> “twitter” vm to keep the damage of any compromise contained to the Twitter 
> account itself. Most ideal, in the future, would be to combine this last 
> approach with a Qubes browser add-on and force each non-twitter link to open 
> in another VM, either disposable or the “untrusted”.
> 
> (Has anyone figured out a better approach?)

Hi Ryan,

I use Twitter in a Whonix Workstation template-based Disposable VM.

Open links in a different disposable VM.

hth
jmp

-- 
J.M. Porup
www.JMPorup.com

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170622154957.GB909%40fedora-23-dvm.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[Unman]

On Wed, Jun 28, 2017 at 01:44:03AM +0100, Unman wrote:
> On Tue, Jun 27, 2017 at 08:29:24AM -0700, kennethjohns...@gmail.com wrote:
> > On Friday, March 3, 2017 at 7:07:07 AM UTC-8, Unman wrote:
> > > > As soon as the PRs are merged I'll post to the list, and you can try it
> > > > then. (Or you could merge them yourself of course, and try the build.)
> > > > Testing and feedback would be much appreciated.
> > > > 
> > > > I've been using Xenial for a while and it seems fine.
> > > 
> > > PRs are merged, to master if nor 3.2
> > > 
> > > This means that both Xenial and Trusty should build straight.
> > > 
> > > Set up a build environment as per docs.
> > > 
> > > git clone  https://github.com/QubesOS/qubes-builder
> > > cd qubes-builder
> > > ./setup (select builder-debian and trsut/xenial variants, deselect
> > > fed23)
> > > edit builder.conf, changing RELEASE:=3.2 to RELEASE:=master
> > > make switch-branch (to get latest and greatest versions of components)
> > > make qubes-vm
> > > make template
> > > 
> > > cheers
> > > 
> > > unman
> > 
> > Is this still usable today? I switched the branch to master and I went from 
> > having a failure in debootstrap at the make template stage to a failure at 
> > the make qubes-vm stage. 
> > 
> > To be clear the debootstrap.log was showing an entry "chroot: failed to run 
> > command 'mount': No such file or directory" where I could see mount was in 
> > the /bin dir when I mounted and checked.
> > 
> > This issue in make qubes-vm appears to happen because core-agent-linux 
> > cannot find files.
> > ...
> > make[1]: Entering directory `/home/user/qubes-src/core-agent-linux'
> > dh_install --fail-missing
> > cp: cannot stat 
> > 'debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf': No 
> > such file or directory
> > dh_install: cp -a 
> > debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf 
> > debian/qubes-core-agent//lib/systemd/system/avahi-daemon.service.d/ 
> > returned exit code 1
> > make[1]: *** [override_dh_install] Error 2
> > make[1]: Leaving directory `/home/user/qubes-src/core-agent-linux'
> > ...
> > 
> > One thing I tried doing in an prior run was git checkout v3.2.18 as per 
> > https://github.com/QubesOS/qubes-core-agent-linux/releases/tag/v3.2.18 
> > running on a hunch that the 4.0 code is messing with something which did 
> > indeed work and it continued on. v3.2.18 is the last v3 release you guys 
> > have. But shortly after it failed in another module. I followed the same 
> > steps, checked out a v3 version and it continued on. did that I think one 
> > more time and make qubes-vm finishes. 
> > 
> > Now I run make template and fails in debootstrap same as initially. 
> > 
> > Is there an Ubuntu guide out there that is relevant and works? I have been 
> > scouring the web for 3 days now trying to get a trusty and xenial template 
> > built.
> 
> I think you need to work on your search skills :-) 
> The same question was asked on this list 3 days ago.
> The mount error arises because 'mount' isn't on the path - copy the
> export PATH statement from template_debian/vars.sh to
> template_qubuntu/vars.sh, and you should be good to go.
> 
> The build on master is crocked for the moment.
> Note that the PRs are all merged to 3.2, and you can therefore build on
> 3.2 without any problem. 
> The simplest way to do this is to set RELEASE := 3.2 , and then 'make
> switch-branch'.
> 
> There's really no need for a special Ubuntu guide - the standard
> instructions for using qubes-builder in
> www.qubes-os.org/doc/qubes-builder explain the basics.
> Obviously if you just want to build a template, then 'make qubes-vm' and
> 'make template' suffice.
> Otherwise, there's the illustrated guide to building an Arch Template in
> the docs.
> 
> unman
> 

And an update shows me you'd worked this out for yourself - good stuff.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628005430.d6vfoyxq24brwut7%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] usb-sys

[Unman]

On Tue, Jun 27, 2017 at 02:42:02PM -0700, Steven Walker wrote:
> I am running qubes off of a flash drive. Could this be causing this?
> 
> I just set it up and rebooted. I didn't attach any drive to it yet. And I was 
> not able to boot back into the desktop afterwards.
> 

When you create a sys-usb, by default USB controllers are hidden from
dom0 - since you are trying to boot from a device attached to one of
them, it isn't going to work.
You can remove the rd.qubes.hide_all_usb option from the grub command
and you should then be able to boot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628005049.ictqyxw7nmun2lsv%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[Unman]

On Tue, Jun 27, 2017 at 08:29:24AM -0700, kennethjohns...@gmail.com wrote:
> On Friday, March 3, 2017 at 7:07:07 AM UTC-8, Unman wrote:
> > > As soon as the PRs are merged I'll post to the list, and you can try it
> > > then. (Or you could merge them yourself of course, and try the build.)
> > > Testing and feedback would be much appreciated.
> > > 
> > > I've been using Xenial for a while and it seems fine.
> > 
> > PRs are merged, to master if nor 3.2
> > 
> > This means that both Xenial and Trusty should build straight.
> > 
> > Set up a build environment as per docs.
> > 
> > git clone  https://github.com/QubesOS/qubes-builder
> > cd qubes-builder
> > ./setup (select builder-debian and trsut/xenial variants, deselect
> > fed23)
> > edit builder.conf, changing RELEASE:=3.2 to RELEASE:=master
> > make switch-branch (to get latest and greatest versions of components)
> > make qubes-vm
> > make template
> > 
> > cheers
> > 
> > unman
> 
> Is this still usable today? I switched the branch to master and I went from 
> having a failure in debootstrap at the make template stage to a failure at 
> the make qubes-vm stage. 
> 
> To be clear the debootstrap.log was showing an entry "chroot: failed to run 
> command 'mount': No such file or directory" where I could see mount was in 
> the /bin dir when I mounted and checked.
> 
> This issue in make qubes-vm appears to happen because core-agent-linux cannot 
> find files.
> ...
> make[1]: Entering directory `/home/user/qubes-src/core-agent-linux'
> dh_install --fail-missing
> cp: cannot stat 
> 'debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf': No such 
> file or directory
> dh_install: cp -a 
> debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf 
> debian/qubes-core-agent//lib/systemd/system/avahi-daemon.service.d/ returned 
> exit code 1
> make[1]: *** [override_dh_install] Error 2
> make[1]: Leaving directory `/home/user/qubes-src/core-agent-linux'
> ...
> 
> One thing I tried doing in an prior run was git checkout v3.2.18 as per 
> https://github.com/QubesOS/qubes-core-agent-linux/releases/tag/v3.2.18 
> running on a hunch that the 4.0 code is messing with something which did 
> indeed work and it continued on. v3.2.18 is the last v3 release you guys 
> have. But shortly after it failed in another module. I followed the same 
> steps, checked out a v3 version and it continued on. did that I think one 
> more time and make qubes-vm finishes. 
> 
> Now I run make template and fails in debootstrap same as initially. 
> 
> Is there an Ubuntu guide out there that is relevant and works? I have been 
> scouring the web for 3 days now trying to get a trusty and xenial template 
> built.

I think you need to work on your search skills :-) 
The same question was asked on this list 3 days ago.
The mount error arises because 'mount' isn't on the path - copy the
export PATH statement from template_debian/vars.sh to
template_qubuntu/vars.sh, and you should be good to go.

The build on master is crocked for the moment.
Note that the PRs are all merged to 3.2, and you can therefore build on
3.2 without any problem. 
The simplest way to do this is to set RELEASE := 3.2 , and then 'make
switch-branch'.

There's really no need for a special Ubuntu guide - the standard
instructions for using qubes-builder in
www.qubes-os.org/doc/qubes-builder explain the basics.
Obviously if you just want to build a template, then 'make qubes-vm' and
'make template' suffice.
Otherwise, there's the illustrated guide to building an Arch Template in
the docs.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628004403.2wyrhu2jjwb5htia%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[Ken J]

Sorry to keep bombarding. But I figured the issue out. /proc wasn't being
mounted because debootstrap wasn't looking in /bin for it. It was looking
everywhere else (for some reason). /bin is not in the PATH.

This:
https://github.com/QubesOS/qubes-builder-debian/blob/master/template_debian/vars.sh#L11

Needs to be added here:
https://github.com/QubesOS/qubes-builder-debian/blob/master/template_qubuntu/vars.sh
as well.

This happens because I was using Fedora24 qube to build the template. I'm
assuming if I used a debian-8 vm this wouldn't have happened.

Just wanted to update for anyone having an issue with building ubuntu
templates. And also for anyone using Fedora to build a template.

P.S while writing this I was prepping a pull request. Found that unman is
too badass and fast. Already was on it!

On Tue, Jun 27, 2017 at 1:00 PM, Ken J  wrote:

> Some other notes to add. After doing some more debugging:
>
> #!/bin/bash
> sudo mount /home/user/qubes-builder/qubes-src/linux-template-
> builder/prepared_images/xenial.img /mnt/
>
>
> # mknod on each file and they already exist so they need to be deleted.
> Also possible that the
> # mount failure possible below causes everything to exit without properly
> cleaning up.
> # Files to delete
> sudo rm /mnt/dev/null
> sudo rm /mnt/dev/zero
> sudo rm /mnt/dev/full
> sudo rm /mnt/dev/random
> sudo rm /mnt/dev/urandom
> sudo rm /mnt/dev/tty
> sudo rm -rf /mnt/dev/pts/
> sudo rm -rf /mnt/dev/shm/
> sudo rm /mnt/dev/ptmx
>
> # [pid 17064] [7fac5cb258e7] symlink("/proc/self/fd",
> "/home/user/qubes-builder/qubes-src/linux-template-builder/mnt/dev/fd/fd")
> = -1 ENOENT (No such file or directory)
> #[pid 17064] [7fac5cb241f0] write(2, "ln: ", 4) = 4
> #[pid 17064] [7fac5cb241f0] write(2, "failed to create symbolic link
> '"..., 104) = 104
> #[pid 17064] [7fac5cb241f0] write(2, ": No such file or directory",
> 27) = 27
> #[pid 17064] [7fac5cb241f0] write(2, "\n", 1) = 1
> #[pid 17064] [7fac5cb340f7] lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal
> seek)
> #[pid 17064] [7fac5caa733b] close(0) = 0
> #[pid 17064] [7fac5caa733b] close(1) = 0
> #[pid 17064] [7fac5caa733b] close(2) = 0
> #[pid 17064] [7fac5caf9da8] exit_group(1) = ?
> #[pid 17064] [] +++ exited with 1 +++
>
> # Possibly proc wasn't properly mounted
>
> sudo umount /mnt
>
>
> I edited the builder-debian/template_debian/01_install_core.sh to add an
> strace -f -i to the debootstrap command @ line 47:
>
> COMPONENTS="" $DEBOOTSTRAP_PREFIX strace -i -f debootstrap \
> --arch=amd64 \
> --include="ncurses-term,locales,tasksel,$eatmydata_maybe" \
> --components=main \
> 
> --keyring="${SCRIPTSDIR}/../keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg"
> \
> "${DIST}" "${INSTALLDIR}" 
> "file://${INSTALLDIR}/${TMPDIR}/dummy-repo"
> 2>/tmp/fuck.txt && \
> return 0
>
>
>
> On Tue, Jun 27, 2017 at 8:29 AM,  wrote:
>
>> On Friday, March 3, 2017 at 7:07:07 AM UTC-8, Unman wrote:
>> > On Fri, Feb 10, 2017 at 11:15:18PM +, Unman wrote:
>> > > On Fri, Feb 10, 2017 at 10:04:54AM -0800, damien.wa...@gmail.com
>> wrote:
>> > > > Le jeudi 9 février 2017 12:41:42 UTC+1, Unman a écrit :
>> > > > > On Thu, Feb 09, 2017 at 02:37:36AM -0800, wrote:
>> > > > > > Hi,
>> > > > > >
>> > > > > > I am new into qubes (few months) and find it great. But I need
>> a distro with newer packages (debian jessie was fine until I ran in issues
>> with encfs compatibility).
>> > > > > >
>> > > > > > So I wanted to build an ubuntu template but I did not found
>> clear instructions.
>> > > > > >
>> > > > > > using https://github.com/QubesOS/qubes-builder and the setup
>> script, I do not get ubuntu to choose in the menu.
>> > > > > >
>> > > > > > On this forum, there is few posts about it but using privaze
>> repo.
>> > > > > >
>> > > > > > I really need help on this :-)
>> > > > > >
>> > > > > > Best regards,
>> > > > > >
>> > > > > > Damien
>> > > > > >
>> > > > >
>> > > > > Hi Damien,
>> > > > >
>> > > > > The Ubuntu builds are referenced in setup as Trusty and Xenial.
>> > > > >
>> > > > > I've just put in a series of Pull Requests that should allow
>> > > > > straightforward builds of both.
>> > > > > Wait a little while for them to be merged.
>> > > > >
>> > > > > It should then be a matter of:
>> > > > > git clone  https://github.com/QubesOS/qubes-builder
>> > > > > cd qubes-builder
>> > > > > ./setup
>> > > > > make qubes-vm
>> > > > > make template
>> > > > >
>> > > > > Copy generated Template to dom0 and install - there's a handy
>> script
>> > > > > provided to do this for you.
>> > > > >
>> > > > > I'll let you know when the PRs are merged. Focus at the moment is
>> on
>> > > > > the GSOC applications.
>> > > > >
>> > > > > unman
>> > > >
>> > > > Hi, thank you !
>> > > >
>> > > > Is there a way I may support you? maybe I can test it?
>> > > >
>> > > >
>> 

Re: [qubes-users] Ubuntu Template

[Unman]

On Sun, Jun 25, 2017 at 03:09:34PM +0100, Unman wrote:
> On Sun, Jun 25, 2017 at 04:31:15AM -0700, Michael MENG wrote:
> > 
> > I was trying to build the Ubuntu 16.04 Xenial+Desktop template
> > using qubes-builder with help from these instructions:
> > 
> > https://www.reddit.com/r/Qubes/comments/5vzg04/idiots_guide_to_installing_qbuntu_ubuntu_1604/
> > 
> > Everything was alright until the `make template` step where it would
> > fail on the following: 
> > 
> > makefile:294: recipe for target 'template-local-xenial+desktop' failed
> > 
> 
> Some of the recent commits have broken the Ubuntu builds.
> I'll provide patches soon.
> 
> unman

PR submitted - until it's merged just copy the PATH line from
/builder-debian/template_debian/vars.sh in to template_qubuntu/vars.sh:

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628000338.pkzbi2ywgfkkc562%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Dell E5470

[William Carter]

Attached!

=
Bill Carter
PGP KeyID 83CB9201

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAA%3DeDfxSRsQ%3DQkpf3ernye9zu5hZUt4rwJKHGHrG5L6ww5AO6A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Latitude_E5470-20170627-195439.yml
Description: application/yaml

Re: [qubes-users] Qubes Community Event in Cologne, Germany on July 15th

[Jean-Philippe Ouellet]

On Mon, Jun 26, 2017 at 9:10 AM, Robert Mittendorf
 wrote:
> Hello fellow Qubes users,
>
> the "Kölner Kreis", a group of regulars that are interested in IT-Security
> and IT-Forensics, will organize a "Qubes Community Event" in Cologne on July
> 15th 10.00 - 16.00.
>
> Major objective of this event is to "spread the word", say we want to
> introduce Qubes OS to new people and after this introduction there will be
> an install party. As this is not intend as a international community meet-up
> and for the sake of simplicity this event will be in German. The invitation
> with further details (in German) is attached to this email.
> If a community member that does not speak German but English happens to be
> in Cologne on that day (s)he is warmly welcome to join us and share user
> experiences, of course.
>
>
> for the Kölner Kreis,
> Robert Mittendorf

Awesome! Wish I could attend :)

One suggestion from my experience with Qubes at installfests: it saves
lots of time to have a flash drive with Qubes itself installed on it
(not the installer, but an installed system) to be able to check
hardware support before they touch their disk. Make that install
without sys-usb (and no rd.qubes.hide_all_usb boot arg). Also, you
should be aware of this outstanding bug [1], to avoid potential data
loss.

Another suggestion: when I presented about Qubes at a local conference
I set up a laptop with no personal data whatsoever which served to
showcase the abilities of Qubes and which I was happy to pass around
to whoever wanted to try it out themselves, without worrying at all
about what they might do to/with it. This first-hand experience alone
was enough to convince several hesitant people to make the jump, and
they are now running Qubes themselves. That laptop also had a windows
7 VM with the Qubes windows tools installed, and that had some "wow
factor" for several people.

Cheers,
Jean-Philippe

[1]: https://github.com/QubesOS/qubes-issues/issues/2835

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_Bc5%3D1DeYtk8ni-b7_mqZ9FPq2_fuRR488gwaD6H%3D2Aog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Are System 76 Computers compatible wot Qubes OS

[Graham Cathcart]

System 76 are cheaper and faster than Purism, so I'm wondering if they are
compatible.  Doesn't anyone know?  Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAXpqwPG3RbZdfKkY1me6%2BN7uzOAiM%3DQ9zy_tPk%3D4DH9fCsRkg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] I have a question about qubes

[Graham Cathcart]

Trying to figure out how.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAXpqwOiSAKnRUf-7WA7HEh%2BVTZsFbZjr8ETRb1EeVwZj2RSdw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[0spinboson]

On Tuesday, June 27, 2017 at 10:42:51 PM UTC+2, Reg Tiangha wrote:
> On 2017-06-27 1:53 PM, Reg Tiangha wrote:
> > On 2017-06-27 1:37 PM,
> > 0spinboson wrote:
> > 
> >> Thanks. Was already up to date, though, and all gzip-related options were 
> >> enabled (as before). Only change was a new package req 
> >> (elfutils-libelf-devel).
> >> As for new info, I have frustratingly little to offer:
> >> -
> >>  mkdir -p 
> >> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18
> >> + 
> >> PATH=/sbin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/user/.local/bin:/home/user/bin
> >> + dracut --nomdadmconf --nolvmconf --kmoddir 
> >> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64/lib/modules/4.11.7-18.pvops.qubes.x86_64
> >>  --modules 'kernel-modules qubes-vm-simple' --conf /dev/null --confdir 
> >> /var/empty -d 'xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot' 
> >> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
> >>  4.11.7-18.pvops.qubes.x86_64
> >> Kernel version 4.11.7-18.pvops.qubes.x86_64 has no module directory 
> >> /lib/modules/4.11.7-18.pvops.qubes.x86_64
> >> ldconfig: need absolute file name for configuration file when using -r
> >> dracut: ldconfig might need uid=0 (root) for chroot()
> >> ++ lsinitrd 
> >> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
> >>  usr/lib/modules/4.11.7-18.pvops.qubes.x86_64/modules.dep
> >> + modules_dep=
> >> + '[' -z '' ']'
> >> ++ mktemp -d
> >> + tmpdir=/tmp/tmp.0U02gQXJIH
> >> + zcat 
> >> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
> >> + cpio -imd -D /tmp/tmp.0U02gQXJIH
> >>
> >> gzip: 
> >> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs:
> >>  not in gzip format
> >> cpio: premature end of archive
> >> + exit 1
> >> error: Bad exit status from /var/tmp/rpm-tmp.MAZxNe (%install)
> >> 
> >> (If there is a way to get more (relevant) information, you'll have to tell 
> >> me where to (start) look(ing), sorry.)
> >>
> > 
> > 
> > Curious:  What is your build environment for this kernel? I only ever
> > use/test FC23 because that's what my dom0 runs, but there have been
> > issues when the compile environment is different (ex. FC25).
> > 
> > I've only ever gotten gzip errors if I completely remove gzip support
> > from my config options, but I've only seen it appear at boot and not at
> > compile time.
> > 
> 
> Also, are you using the 4.11 patches from the Hardened Kernel project? I
> remember rpm generation failing one time (can't remember the exact error
> message) with one version of their patches (it patched in properly and
> successfully compiled, but just died when it came to generating the
> rpms), which eventually got fixed in a later revision. If you're using
> them but haven't updated it recently, their latest version is 4.11.7.a:
> 
> https://github.com/copperhead/linux-hardened/releases
> 
> I also have a branch that tracks just that, which is essentially the
> same as my devel-4.11 branch but just adds in and updates the
> linux-hardened patches as those get released, mainly for convenience:
> 
> https://github.com/rtiangha/qubes-linux-kernel/tree/devel-4.11-hard

It seems building works fine on fc23. Wonder what changed between 6/17 and 
today that fc25 no longer compiles kernels, though.

Wasn't using any patches from the hardening project. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5c7979e-9338-45f9-aa6d-7f51aaa65f02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] usb-sys

[Steven Walker]

I am running qubes off of a flash drive. Could this be causing this?

I just set it up and rebooted. I didn't attach any drive to it yet. And I was 
not able to boot back into the desktop afterwards.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6698b28-2335-4fc7-93af-1cd7325b07b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[Reg Tiangha]

On 2017-06-27 1:53 PM, Reg Tiangha wrote:
> On 2017-06-27 1:37 PM,
> 0spinbo...@gmail.com wrote:
> 
>> Thanks. Was already up to date, though, and all gzip-related options were 
>> enabled (as before). Only change was a new package req 
>> (elfutils-libelf-devel).
>> As for new info, I have frustratingly little to offer:
>> -
>>  mkdir -p 
>> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18
>> + 
>> PATH=/sbin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/user/.local/bin:/home/user/bin
>> + dracut --nomdadmconf --nolvmconf --kmoddir 
>> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64/lib/modules/4.11.7-18.pvops.qubes.x86_64
>>  --modules 'kernel-modules qubes-vm-simple' --conf /dev/null --confdir 
>> /var/empty -d 'xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot' 
>> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
>>  4.11.7-18.pvops.qubes.x86_64
>> Kernel version 4.11.7-18.pvops.qubes.x86_64 has no module directory 
>> /lib/modules/4.11.7-18.pvops.qubes.x86_64
>> ldconfig: need absolute file name for configuration file when using -r
>> dracut: ldconfig might need uid=0 (root) for chroot()
>> ++ lsinitrd 
>> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
>>  usr/lib/modules/4.11.7-18.pvops.qubes.x86_64/modules.dep
>> + modules_dep=
>> + '[' -z '' ']'
>> ++ mktemp -d
>> + tmpdir=/tmp/tmp.0U02gQXJIH
>> + zcat 
>> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
>> + cpio -imd -D /tmp/tmp.0U02gQXJIH
>>
>> gzip: 
>> /home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs:
>>  not in gzip format
>> cpio: premature end of archive
>> + exit 1
>> error: Bad exit status from /var/tmp/rpm-tmp.MAZxNe (%install)
>> 
>> (If there is a way to get more (relevant) information, you'll have to tell 
>> me where to (start) look(ing), sorry.)
>>
> 
> 
> Curious:  What is your build environment for this kernel? I only ever
> use/test FC23 because that's what my dom0 runs, but there have been
> issues when the compile environment is different (ex. FC25).
> 
> I've only ever gotten gzip errors if I completely remove gzip support
> from my config options, but I've only seen it appear at boot and not at
> compile time.
> 

Also, are you using the 4.11 patches from the Hardened Kernel project? I
remember rpm generation failing one time (can't remember the exact error
message) with one version of their patches (it patched in properly and
successfully compiled, but just died when it came to generating the
rpms), which eventually got fixed in a later revision. If you're using
them but haven't updated it recently, their latest version is 4.11.7.a:

https://github.com/copperhead/linux-hardened/releases

I also have a branch that tracks just that, which is essentially the
same as my devel-4.11 branch but just adds in and updates the
linux-hardened patches as those get released, mainly for convenience:

https://github.com/rtiangha/qubes-linux-kernel/tree/devel-4.11-hard



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oiufvf%24g9q%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[Ken J]

Some other notes to add. After doing some more debugging:

#!/bin/bash
sudo mount
/home/user/qubes-builder/qubes-src/linux-template-builder/prepared_images/xenial.img
/mnt/


# mknod on each file and they already exist so they need to be deleted.
Also possible that the
# mount failure possible below causes everything to exit without properly
cleaning up.
# Files to delete
sudo rm /mnt/dev/null
sudo rm /mnt/dev/zero
sudo rm /mnt/dev/full
sudo rm /mnt/dev/random
sudo rm /mnt/dev/urandom
sudo rm /mnt/dev/tty
sudo rm -rf /mnt/dev/pts/
sudo rm -rf /mnt/dev/shm/
sudo rm /mnt/dev/ptmx

# [pid 17064] [7fac5cb258e7] symlink("/proc/self/fd",
"/home/user/qubes-builder/qubes-src/linux-template-builder/mnt/dev/fd/fd")
= -1 ENOENT (No such file or directory)
#[pid 17064] [7fac5cb241f0] write(2, "ln: ", 4) = 4
#[pid 17064] [7fac5cb241f0] write(2, "failed to create symbolic link
'"..., 104) = 104
#[pid 17064] [7fac5cb241f0] write(2, ": No such file or directory", 27)
= 27
#[pid 17064] [7fac5cb241f0] write(2, "\n", 1) = 1
#[pid 17064] [7fac5cb340f7] lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal
seek)
#[pid 17064] [7fac5caa733b] close(0) = 0
#[pid 17064] [7fac5caa733b] close(1) = 0
#[pid 17064] [7fac5caa733b] close(2) = 0
#[pid 17064] [7fac5caf9da8] exit_group(1) = ?
#[pid 17064] [] +++ exited with 1 +++

# Possibly proc wasn't properly mounted

sudo umount /mnt


I edited the builder-debian/template_debian/01_install_core.sh to add an
strace -f -i to the debootstrap command @ line 47:

COMPONENTS="" $DEBOOTSTRAP_PREFIX strace -i -f debootstrap \
--arch=amd64 \
--include="ncurses-term,locales,tasksel,$eatmydata_maybe" \
--components=main \

--keyring="${SCRIPTSDIR}/../keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg"
\
"${DIST}" "${INSTALLDIR}"
"file://${INSTALLDIR}/${TMPDIR}/dummy-repo" 2>/tmp/fuck.txt && \
return 0



On Tue, Jun 27, 2017 at 8:29 AM,  wrote:

> On Friday, March 3, 2017 at 7:07:07 AM UTC-8, Unman wrote:
> > On Fri, Feb 10, 2017 at 11:15:18PM +, Unman wrote:
> > > On Fri, Feb 10, 2017 at 10:04:54AM -0800, damien.wa...@gmail.com
> wrote:
> > > > Le jeudi 9 février 2017 12:41:42 UTC+1, Unman a écrit :
> > > > > On Thu, Feb 09, 2017 at 02:37:36AM -0800, wrote:
> > > > > > Hi,
> > > > > >
> > > > > > I am new into qubes (few months) and find it great. But I need a
> distro with newer packages (debian jessie was fine until I ran in issues
> with encfs compatibility).
> > > > > >
> > > > > > So I wanted to build an ubuntu template but I did not found
> clear instructions.
> > > > > >
> > > > > > using https://github.com/QubesOS/qubes-builder and the setup
> script, I do not get ubuntu to choose in the menu.
> > > > > >
> > > > > > On this forum, there is few posts about it but using privaze
> repo.
> > > > > >
> > > > > > I really need help on this :-)
> > > > > >
> > > > > > Best regards,
> > > > > >
> > > > > > Damien
> > > > > >
> > > > >
> > > > > Hi Damien,
> > > > >
> > > > > The Ubuntu builds are referenced in setup as Trusty and Xenial.
> > > > >
> > > > > I've just put in a series of Pull Requests that should allow
> > > > > straightforward builds of both.
> > > > > Wait a little while for them to be merged.
> > > > >
> > > > > It should then be a matter of:
> > > > > git clone  https://github.com/QubesOS/qubes-builder
> > > > > cd qubes-builder
> > > > > ./setup
> > > > > make qubes-vm
> > > > > make template
> > > > >
> > > > > Copy generated Template to dom0 and install - there's a handy
> script
> > > > > provided to do this for you.
> > > > >
> > > > > I'll let you know when the PRs are merged. Focus at the moment is
> on
> > > > > the GSOC applications.
> > > > >
> > > > > unman
> > > >
> > > > Hi, thank you !
> > > >
> > > > Is there a way I may support you? maybe I can test it?
> > > >
> > > >
> > > > Best regards,
> > > >
> > > > Damien
> > > >
> > >
> > > As soon as the PRs are merged I'll post to the list, and you can try it
> > > then. (Or you could merge them yourself of course, and try the build.)
> > > Testing and feedback would be much appreciated.
> > >
> > > I've been using Xenial for a while and it seems fine.
> >
> > PRs are merged, to master if nor 3.2
> >
> > This means that both Xenial and Trusty should build straight.
> >
> > Set up a build environment as per docs.
> >
> > git clone  https://github.com/QubesOS/qubes-builder
> > cd qubes-builder
> > ./setup (select builder-debian and trsut/xenial variants, deselect
> > fed23)
> > edit builder.conf, changing RELEASE:=3.2 to RELEASE:=master
> > make switch-branch (to get latest and greatest versions of components)
> > make qubes-vm
> > make template
> >
> > cheers
> >
> > unman
>
> Is this still usable today? I switched the branch to master and I went
> from having a failure in debootstrap at the make template stage to a
> failure at the make qubes-vm stage.
>
> To be clear the 

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[0spinboson]

On Tuesday, June 27, 2017 at 8:28:55 PM UTC+2, Reg Tiangha wrote:
> On 06/27/2017 08:09 AM, Epitre wrote:
> > Le mardi 27 juin 2017 12:40:00 UTC+2, 0spin...@gmail.com a écrit :
> >> Anyone have an idea why, since 4.11.7, I am always getting a "initramfs 
> >> not in gzip format" error?
> > Hi, same problem for me with 4.11.7. I also tried to select only AMD family 
> > (my type of processor) and it results the same.
> >
> 
> I just tried 4.11.7 for myself on my machine, and it works fine in both
> dom0 and in VMs.
> 
> So, if you're using my development branch, make sure to run 'git pull'
> to ensure everything is synced up (for example, if you haven't done it
> in a while, then you may not have the XSA 216 security patches applied
> to your kernel that were released last week):
> 
> https://github.com/rtiangha/qubes-linux-kernel/tree/devel-4.11
> 
> Otherwise, make sure your config file has these options set (use 'make
> menuconfig' and search for them to ensure they're set correctly):
> 
> CONFIG_HAVE_KERNEL_GZIP=y
> 
> CONFIG_RD_GZIP=y
> 
> CONFIG_DECOMPRESS_GZIP=y
> 
> 
> If that still doesn't work, then more information is needed. But for
> now, try the above and see if that works.

Thanks. Was already up to date, though, and all gzip-related options were 
enabled (as before). Only change was a new package req (elfutils-libelf-devel).
As for new info, I have frustratingly little to offer:
-
 mkdir -p 
/home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18
+ 
PATH=/sbin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/user/.local/bin:/home/user/bin
+ dracut --nomdadmconf --nolvmconf --kmoddir 
/home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64/lib/modules/4.11.7-18.pvops.qubes.x86_64
 --modules 'kernel-modules qubes-vm-simple' --conf /dev/null --confdir 
/var/empty -d 'xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot' 
/home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
 4.11.7-18.pvops.qubes.x86_64
Kernel version 4.11.7-18.pvops.qubes.x86_64 has no module directory 
/lib/modules/4.11.7-18.pvops.qubes.x86_64
ldconfig: need absolute file name for configuration file when using -r
dracut: ldconfig might need uid=0 (root) for chroot()
++ lsinitrd 
/home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
 usr/lib/modules/4.11.7-18.pvops.qubes.x86_64/modules.dep
+ modules_dep=
+ '[' -z '' ']'
++ mktemp -d
+ tmpdir=/tmp/tmp.0U02gQXJIH
+ zcat 
/home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs
+ cpio -imd -D /tmp/tmp.0U02gQXJIH

gzip: 
/home/user/rpmbuild/BUILDROOT/kernel-4.11.7-18.pvops.qubes.x86_64//var/lib/qubes/vm-kernels/4.11.7-18/initramfs:
 not in gzip format
cpio: premature end of archive
+ exit 1
error: Bad exit status from /var/tmp/rpm-tmp.MAZxNe (%install)

(If there is a way to get more (relevant) information, you'll have to tell me 
where to (start) look(ing), sorry.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ba1dd86-75a5-4625-ae40-c283d66a7c72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Screen brightness

[Reg Tiangha]

On 06/26/2017 04:25 PM, Unman wrote:
> On Mon, Jun 19, 2017 at 06:20:14PM -0700, Bob wrote:
>> Is there any way to turn down screen brightness, either via terminal or 
>> system settings? The closest thing I can find is System Tools -- Power 
>> Manager --Display. That gives options regarding adjusting brightness after 
>> inactivity, but I am wondering if it's possible to set the default 
>> brightness?
>>
>> Thanks.
>>
> A quick search ("fedora change brightness") throws up a number of
> solutions if you cant do this with  monitor or Function keys -
> suggestions include installing xbacklight and booting with various
> acpi_backlight options. I would try those first.
> I don't think there's anything Qubes specific here - you need to find a
> solution that works with Fedora and (if you need to install software)
> install it in dom0, since that provides the graphics.
> To install software in dom0 you use the 'qubes-dom0-update' command,
> which needs to be run as root. This will download the software in the
> updateVM and then transfer it in to dom0 - this is necessary because
> dom0 has no networking.
>
If you're using XFCE and you have the Power Management tray icon in your
Notification Tray, you can also right-click on it and it'll bring up a
screen brightness slider that you can adjust, if your machine supports
it (for example, it doesn't appear on my desktop but it does on my
notebook).



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oiu883%24ufs%242%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[Reg Tiangha]

On 06/27/2017 08:09 AM, Epitre wrote:
> Le mardi 27 juin 2017 12:40:00 UTC+2, 0spin...@gmail.com a écrit :
>> Anyone have an idea why, since 4.11.7, I am always getting a "initramfs not 
>> in gzip format" error?
> Hi, same problem for me with 4.11.7. I also tried to select only AMD family 
> (my type of processor) and it results the same.
>

I just tried 4.11.7 for myself on my machine, and it works fine in both
dom0 and in VMs.

So, if you're using my development branch, make sure to run 'git pull'
to ensure everything is synced up (for example, if you haven't done it
in a while, then you may not have the XSA 216 security patches applied
to your kernel that were released last week):

https://github.com/rtiangha/qubes-linux-kernel/tree/devel-4.11

Otherwise, make sure your config file has these options set (use 'make
menuconfig' and search for them to ensure they're set correctly):

CONFIG_HAVE_KERNEL_GZIP=y

CONFIG_RD_GZIP=y

CONFIG_DECOMPRESS_GZIP=y


If that still doesn't work, then more information is needed. But for
now, try the above and see if that works.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oiu84e%24ufs%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2: No Internet Connection, neither with Wi-Fi, neither with Ethernet. HELP PLEASE!

[helpplshelp]

Yea, reinstalled the OS and followed the same steps, internet working  
like a charm now!!!

THANK EVERYBODY !! YOU SAVED ME !! REALLY !!!


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170627172944.Horde.rqN0wR7dxxntBJryxSgsWd_%40www.vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best Laptop For Qubes

[helpplshelp]

Anybody tried qubes on Alienware yet?

Quoting qubesgr...@gmail.com:


--
You received this message because you are subscribed to the Google  
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,  
send an email to qubes-users+unsubscr...@googlegroups.com.

To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit  
https://groups.google.com/d/msgid/qubes-users/3f643bd6-e539-464f-8879-b3dd26b475d5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.





-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170627123146.Horde.svpVvc8uaWOwxvd_wGaAOG2%40www.vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2: No Internet Connection, neither with Wi-Fi, neither with Ethernet. HELP PLEASE!

[helpplshelp]

BOTH (wi-fi and ethernet) problems FIXED!
THANK YOU GUYS!!! YOU ROCK
___
THE WI-FI PROBLEM FIX:
___
I have been lucky enough to type in the wrong wi-fi password to find a  
fix for the bug. After that I did many other tests to find out the  
smallest amount of steps to fix the bug.


The bug was fixed by removing the wi-fi connection in the sys-net  
Network Connections, and re-adding the wi-fi by inserting first a  
wrong wi-fi password, and then the right wi-fi password.

In case a user has the same problem I wrote some more detailed steps below:

The bug was fixed in this way: when you connect to the wi-fi and it  
doesn't work, meaning, you go to sys-net terminal and for example use  
"ping google.com -c 5" and it returns "ping: unknown host google.com"  
e.g. it doesn't have internet connection, you simply go to your  
'Network Connections' of sys-net and delete your wi-fi connection  
(going in the top right corner in your Qubes panel>right click on the  
internet connections icon>edit connections>click on your wi-fi  
connection>select delete>press the confirmation delete button (note:  
you don't necessarily have to remove the ethernet wired connection if  
you have one)), at this point re-connect to the available wi-fi, and  
insert A WRONG PASSWORD. Once the password wi-fi reappers because the  
psw you typed is wrong, you insert the correct one. Done, your  
internet connection should work now, try in the sys-net terminal "ping  
google.com -c 5" and you should be able to ping google.

___
ETHERNET PROBLEM FIX:
___
To user 'cooloutac':
Thank you for answering as well. Although I did not need to remove the  
ethernet controllers to make the Wi-fi work in the end, I tried to do  
so to make the ethernet work by removing the Wi-fi network card from  
the devices list as you suggested.

MY MAN
IT WORKED!!! IT WORKED
I changed the devices in the sys-net settings, left only the ethernet  
card, rebooted, when desktop loaded the message "CONNECTION  
ESTABLISHED" appeared.

Went to sys-terminal, pinged google, it worked.

YOU GUYS ROCK THANK BOTH OF YOU A MILLION  
TIMES!!

___
Now that the internet connection problem is gone, I'm going to  
reinstall the whole system again, to set up my original qubes project.
Once it's done and internet is gonna work I'll post one more time so  
the thread can be closed.

THANKS AGAIN GUYS U ROCK!!! I'M SO HAPPY!!! THANK YOU THANK YOU THANK YOU!



-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170627121017.Horde.vykHyX26bBLBeHSRTx3QFcp%40www.vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best Laptop For Qubes

[Peter Thurner]

I see purism was discussed in this thread before - hence nvm :)


On 06/27/2017 06:03 PM, Peter Thurner wrote:
> I'm running qubes on a Thinkpad T520 - the Laptop is way to big in my
> opinion. I build 16 GB RAM into it with a 500GB SSD and it runs qubes
> quite smoothly.
>
> What do you guys think about this Laptop?
>
> https://puri.sm/products/librem-13/
>
> With the i7 and 16 GB RAM it costs around 2k USD. Seems kind of legit in
> my opinion. One has to buy an additional 3G card though, if one wants
> one (and then one wont be able to add a second SSD).
>
>
> On 06/27/2017 05:22 PM, Chris Laprise wrote:
>> On 06/27/2017 01:16 AM, Jean-Philippe Ouellet wrote:
>>> I have friends happily running qubes on other thinkpads (X230, T430,
>>> and various editions of the X1 carbon), and even one happily running
>>> qubes on a macbook. One friend ran it on a dell and gave up due to bad
>>> hw support (graphics & suspend/resume issues) and no patience for
>>> messing with kernel versions, etc. YMMV.
>> Dell were the most notorious cost-cutters for a long time. But in all
>> fairness, I think one must discern between the consumer and business
>> product lines when discussing compatibility issues and quality.
>>
>> So even though I have a warm spot for Thinkpads, I also recognize that
>> other 'primary' PC brands -- namely Dell and HP -- have business
>> laptops that fare well. And I can't imagine why anyone would want to
>> spend hours and days of their time trying to get
>> understandably-finnicky software like Qubes running on whatever
>> consumer models happen to be laying around. (Well, I can imagine, but
>> I know it has to do with an unexamined delusion that "PC hardware"
>> represents some kind of blank slate that Windows just happens to run
>> on instead of the reality that they are Windows-focused and full of
>> undocumented shortcuts and bugs that greatly impact non-Windows systems.)
>>
> Mit freundlichen Grüßen,
>
>
> Peter Thurner
>
> --
>
> Blunix GmbH - Consulting for Linux Hosting 24/7
>
> Glogauer Straße 21
> 10999 Berlin, Germany
>
> P: +49 30 / 120 839 90
> W: https://www.blunix.org
>
> AG Charlottenburg, HRB 174906 B
> CEO: Brian Wiborg & Peter Thurner
>

Mit freundlichen Grüßen,


Peter Thurner

--

Blunix GmbH - Consulting for Linux Hosting 24/7

Glogauer Straße 21
10999 Berlin, Germany

P: +49 30 / 120 839 90
W: https://www.blunix.org

AG Charlottenburg, HRB 174906 B
CEO: Brian Wiborg & Peter Thurner

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9939580-3316-76a4-0b61-a9bd67ceda99%40blunix.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best Laptop For Qubes

[Peter Thurner]

I'm running qubes on a Thinkpad T520 - the Laptop is way to big in my
opinion. I build 16 GB RAM into it with a 500GB SSD and it runs qubes
quite smoothly.

What do you guys think about this Laptop?

https://puri.sm/products/librem-13/

With the i7 and 16 GB RAM it costs around 2k USD. Seems kind of legit in
my opinion. One has to buy an additional 3G card though, if one wants
one (and then one wont be able to add a second SSD).


On 06/27/2017 05:22 PM, Chris Laprise wrote:
> On 06/27/2017 01:16 AM, Jean-Philippe Ouellet wrote:
>> I have friends happily running qubes on other thinkpads (X230, T430,
>> and various editions of the X1 carbon), and even one happily running
>> qubes on a macbook. One friend ran it on a dell and gave up due to bad
>> hw support (graphics & suspend/resume issues) and no patience for
>> messing with kernel versions, etc. YMMV.
>
> Dell were the most notorious cost-cutters for a long time. But in all
> fairness, I think one must discern between the consumer and business
> product lines when discussing compatibility issues and quality.
>
> So even though I have a warm spot for Thinkpads, I also recognize that
> other 'primary' PC brands -- namely Dell and HP -- have business
> laptops that fare well. And I can't imagine why anyone would want to
> spend hours and days of their time trying to get
> understandably-finnicky software like Qubes running on whatever
> consumer models happen to be laying around. (Well, I can imagine, but
> I know it has to do with an unexamined delusion that "PC hardware"
> represents some kind of blank slate that Windows just happens to run
> on instead of the reality that they are Windows-focused and full of
> undocumented shortcuts and bugs that greatly impact non-Windows systems.)
>

Mit freundlichen Grüßen,


Peter Thurner

--

Blunix GmbH - Consulting for Linux Hosting 24/7

Glogauer Straße 21
10999 Berlin, Germany

P: +49 30 / 120 839 90
W: https://www.blunix.org

AG Charlottenburg, HRB 174906 B
CEO: Brian Wiborg & Peter Thurner

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04ca17fa-c723-347f-4bdb-3ba701c9f540%40blunix.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Community Event in Cologne, Germany on July 15th

[Chris Laprise]

On 06/26/2017 09:10 AM, Robert Mittendorf wrote:

Hello fellow Qubes users,

the "Kölner Kreis", a group of regulars that are interested in
IT-Security and IT-Forensics, will organize a "Qubes Community Event" in
Cologne on July 15th 10.00 - 16.00.

Major objective of this event is to "spread the word", say we want to
introduce Qubes OS to new people and after this introduction there will
be an install party. As this is not intend as a international community
meet-up and for the sake of simplicity this event will be in German. The
invitation with further details (in German) is attached to this email.
If a community member that does not speak German but English happens to
be in Cologne on that day (s)he is warmly welcome to join us and share
user experiences, of course.


Wish I could be there!

Some advice from a long-time Linux enthusiast: Set your prospective 
users' expectations carefully as you are working with the compatibility 
quirks of Linux multiplied-by Xen (both projects which focus on server 
hardware).


Urging attendees to bring machines from more compatible product lines 
can help keep the experience a positive one.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ace69324-6140-2a5d-16fd-e0b07ac4e1af%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best Laptop For Qubes

[Chris Laprise]

On 06/27/2017 01:16 AM, Jean-Philippe Ouellet wrote:

I have friends happily running qubes on other thinkpads (X230, T430,
and various editions of the X1 carbon), and even one happily running
qubes on a macbook. One friend ran it on a dell and gave up due to bad
hw support (graphics & suspend/resume issues) and no patience for
messing with kernel versions, etc. YMMV.


Dell were the most notorious cost-cutters for a long time. But in all 
fairness, I think one must discern between the consumer and business 
product lines when discussing compatibility issues and quality.


So even though I have a warm spot for Thinkpads, I also recognize that 
other 'primary' PC brands -- namely Dell and HP -- have business laptops 
that fare well. And I can't imagine why anyone would want to spend hours 
and days of their time trying to get understandably-finnicky software 
like Qubes running on whatever consumer models happen to be laying 
around. (Well, I can imagine, but I know it has to do with an unexamined 
delusion that "PC hardware" represents some kind of blank slate that 
Windows just happens to run on instead of the reality that they are 
Windows-focused and full of undocumented shortcuts and bugs that greatly 
impact non-Windows systems.)


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d5ca068-19a6-28f2-df9a-95e985b555fa%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ubuntu template

[kennethjohnson6]

On Friday, March 3, 2017 at 7:07:07 AM UTC-8, Unman wrote:
> On Fri, Feb 10, 2017 at 11:15:18PM +, Unman wrote:
> > On Fri, Feb 10, 2017 at 10:04:54AM -0800, damien.wa...@gmail.com wrote:
> > > Le jeudi 9 février 2017 12:41:42 UTC+1, Unman a écrit :
> > > > On Thu, Feb 09, 2017 at 02:37:36AM -0800, wrote:
> > > > > Hi,
> > > > > 
> > > > > I am new into qubes (few months) and find it great. But I need a 
> > > > > distro with newer packages (debian jessie was fine until I ran in 
> > > > > issues with encfs compatibility).
> > > > > 
> > > > > So I wanted to build an ubuntu template but I did not found clear 
> > > > > instructions.
> > > > > 
> > > > > using https://github.com/QubesOS/qubes-builder and the setup script, 
> > > > > I do not get ubuntu to choose in the menu.
> > > > > 
> > > > > On this forum, there is few posts about it but using privaze repo.
> > > > > 
> > > > > I really need help on this :-)
> > > > > 
> > > > > Best regards,
> > > > > 
> > > > > Damien
> > > > > 
> > > > 
> > > > Hi Damien,
> > > > 
> > > > The Ubuntu builds are referenced in setup as Trusty and Xenial.
> > > > 
> > > > I've just put in a series of Pull Requests that should allow
> > > > straightforward builds of both.
> > > > Wait a little while for them to be merged. 
> > > > 
> > > > It should then be a matter of:
> > > > git clone  https://github.com/QubesOS/qubes-builder
> > > > cd qubes-builder
> > > > ./setup
> > > > make qubes-vm
> > > > make template
> > > > 
> > > > Copy generated Template to dom0 and install - there's a handy script
> > > > provided to do this for you.
> > > > 
> > > > I'll let you know when the PRs are merged. Focus at the moment is on
> > > > the GSOC applications.
> > > > 
> > > > unman
> > > 
> > > Hi, thank you !
> > > 
> > > Is there a way I may support you? maybe I can test it?
> > > 
> > > 
> > > Best regards,
> > > 
> > > Damien
> > > 
> > 
> > As soon as the PRs are merged I'll post to the list, and you can try it
> > then. (Or you could merge them yourself of course, and try the build.)
> > Testing and feedback would be much appreciated.
> > 
> > I've been using Xenial for a while and it seems fine.
> 
> PRs are merged, to master if nor 3.2
> 
> This means that both Xenial and Trusty should build straight.
> 
> Set up a build environment as per docs.
> 
> git clone  https://github.com/QubesOS/qubes-builder
> cd qubes-builder
> ./setup (select builder-debian and trsut/xenial variants, deselect
> fed23)
> edit builder.conf, changing RELEASE:=3.2 to RELEASE:=master
> make switch-branch (to get latest and greatest versions of components)
> make qubes-vm
> make template
> 
> cheers
> 
> unman

Is this still usable today? I switched the branch to master and I went from 
having a failure in debootstrap at the make template stage to a failure at the 
make qubes-vm stage. 

To be clear the debootstrap.log was showing an entry "chroot: failed to run 
command 'mount': No such file or directory" where I could see mount was in the 
/bin dir when I mounted and checked.

This issue in make qubes-vm appears to happen because core-agent-linux cannot 
find files.
...
make[1]: Entering directory `/home/user/qubes-src/core-agent-linux'
dh_install --fail-missing
cp: cannot stat 
'debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf': No such 
file or directory
dh_install: cp -a 
debian/tmp/lib/systemd/system/avahi-daemon.service.d/30_qubes.conf 
debian/qubes-core-agent//lib/systemd/system/avahi-daemon.service.d/ returned 
exit code 1
make[1]: *** [override_dh_install] Error 2
make[1]: Leaving directory `/home/user/qubes-src/core-agent-linux'
...

One thing I tried doing in an prior run was git checkout v3.2.18 as per 
https://github.com/QubesOS/qubes-core-agent-linux/releases/tag/v3.2.18 running 
on a hunch that the 4.0 code is messing with something which did indeed work 
and it continued on. v3.2.18 is the last v3 release you guys have. But shortly 
after it failed in another module. I followed the same steps, checked out a v3 
version and it continued on. did that I think one more time and make qubes-vm 
finishes. 

Now I run make template and fails in debootstrap same as initially. 

Is there an Ubuntu guide out there that is relevant and works? I have been 
scouring the web for 3 days now trying to get a trusty and xenial template 
built.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/51fb134f-5177-485b-a7d9-d98e4497ac87%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Best Laptop For Qubes

[Chris Laprise]

On 06/27/2017 01:34 AM, Jean-Philippe Ouellet wrote:

As for the Raptor Talos and POWER in general, yes, I totally agree
it's leaps and bounds better than other commodity options, but I
couldn't afford one, it wouldn't fit in my backpack, and even if it
would I'm also not interested in carrying around a car battery just to
power my CPU for 5 minutes. I'd love to be proven wrong, but I don't
see it as a realistic option.


Lol... That was my impression of Talos as well: A bit monstrous in the 
physical aspects.


How did POWER diverge from PowerPC so radically in this respect? Is the 
latter technically moribund or patent-encumbered?




This is somewhat offtopic from Qubes, but oh well. That's where this
topic has drifted to, and the essay-rant is already written, so too
bad :P


I'm always glad to see the question of hardware platforms raised with 
Qubes, esp when discussing compatibility. There is no strictly 
compatible system for Qubes and this makes me think the project should 
eventually get into the business of detailed hardware specification... 
what ideal Qubes hardware looks like.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc78874d-1b8b-f36a-59e7-219170a5255c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[Epitre]

Le mardi 27 juin 2017 12:40:00 UTC+2, 0spin...@gmail.com a écrit :
> Anyone have an idea why, since 4.11.7, I am always getting a "initramfs not 
> in gzip format" error?

Hi, same problem for me with 4.11.7. I also tried to select only AMD family (my 
type of processor) and it results the same.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e0685bd-2244-4db1-9f85-5f400ede4676%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] usb-sys

[Steven Walker]

I setup a sys-usb using

qubesctl top.enable qvm.sys-usb
qubesctl state.highstate

Both in sudo

It reboots to emergency mode

How do I fix this?

Thanks,

Steve 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/64350a41-b530-4b63-807f-ae420bdbb62f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Best Laptop For Qubes

[qubesgroup]

Anyone?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3316e14a-368a-456f-b467-49828b2df923%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to pass Applications to appvm.

[Finsh]

Hello,
 i do have a few programs installed in my debain 8 /9 templates (i use deb9 for 
Closed Source programs), which i want to pass to my appvms:
the programs are for example for debian 8: "wipe" debian 9: "Spotify"

How do i pass them on to the Applicationlist, qvm-sync doesnt work.

greetings

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/371579d3-4afa-471c-82b1-de03e4aabd6c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[0spinboson]

Anyone have an idea why, since 4.11.7, I am always getting a "initramfs not in 
gzip format" error?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4adbb4b5-d1f0-4203-a192-1e7c002c5371%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: what does qubes do to protect sys-usb?

[pixel fairy]

On Monday, June 26, 2017 at 7:25:23 PM UTC-7, cooloutac wrote:

> anyone know whats the safest model kb's to use?

if your using a laptop, then your laptops pointing input devices are probably 
safest. next would be usb keyboards or ps2 keyboard through a usb converter. 

qubes does have special support for mouse and keyboard specifically for dom0, 
so this should protect the host from those input devices doing other things. 
havent read that code yet.

i hope that keyboards and mice are not easily flashed with firmware, especially 
from the host its plugged into. but, this is possible with at least some flash 
drives, because thats how badusb works.

theres a counter project called goodusb which might be good for sys-usb. 
https://github.com/daveti/GoodUSB its from 2 years ago

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49c1e8fc-2b26-42ce-983a-92707c818ef2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes dom0 display issues: The default resolution is stuck at 800 x 600

[mo . nadat . 2699]

Yeah, just realised I wasn't very specific. The laptop has a 1080p screen so I 
wanted to use Qubes at the laptop screen's native resolution. What's weird is 
the installer works at its native resolution but the actual OS doesn't.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6ab594e-9dc6-46f6-bf0c-0ccee71b50e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Best Laptop For Qubes

[qubesgroup]

How does Purism's Coreboot 'wrapper layer' compare to using Lenovo Bios, 
American Trends etc? Do we know that closed source BIOSes do not contain 
keyloggers to capture encryption passwords?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb6c5162-97fb-4742-a25a-ec114c13512e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Long-time Beta Users, do you wipe or upgrade?

[Jean-Philippe Ouellet]

On Thu, Jun 22, 2017 at 11:21 AM, Eric Duncan  wrote:
> Currently running Qubes 3.2 on one machine.  Have a need to install it on 
> another.
>
> To all of you long-term beta users of 3.x and now 4.x...
>
> 1a) Are upgrades simple to RTM versions of Qubes?
>
> Or 1b) Do you wipe and format each time a beta or RC comes out?
>
> I'm debating install Qubes 4.0 beta/rc, and going for the upgrade.
>
>
> Alternatively... Is there a way to use some type of "Testing" repo for Qubes? 
>  Something like rolling updates of Debian Testing does?
>
> I was perfectly happy with Debian Testing on a previous build, until I moved 
> to Arch which was a bit more stable with its rolling releases.
>
> I wouldn't mind installing a "rolling release" of Qubes under a Testing repo, 
> if there is one.
>
> Thanks!

Upgrading vs. reinstalling do not result in the same final system
state. I am nearly certain there are yet-unknown corner cases. This is
even true within the same Qubes release [1].

By upgrading R3.1 -> R3.2 I've ended up with a somehow messed up pam
config preventing any graphical logins, an application menu with stale
and broken entries, broken sound (residual xfce volumed not un-muting
the master channel bug), degraded trackpad drivers (leftover synaptics
drivers configured to take precedence over libinput) and undoubtedly
other things I didn't notice. I now reinstall and restore VMs every
time.

Upgrading is "supported" [2], but personally I think we should just
drop support for upgrading all together and force people to back up
their AppVMs and restore them onto the new install. People should be
doing backups anyway, re-importing with paranoid mode allows making a
clean break from potential old compromises, and upgrading isn't
actually as well tested as people may be lead to believe by the
existence of the upgrade docs.

Good luck,
Jean-Philippe

[1]: https://github.com/QubesOS/qubes-issues/issues/2742
[2]: https://www.qubes-os.org/doc/upgrade-to-r3.2/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_A2y%2Bi4bSsQSeKrQWpsVvmuZuKj4ew5DkJzxWjYMPC59Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.