date:20190125

On 1/26/19 5:22 AM, John S.Recdep wrote:
> 
> When I remove the whonix templates I get about 12 errors complaining
> about /var/lib/qubes/vm-templates/whonix-ws-14/app.tempicons
>   /vm-whitelisted-appmenus.list
> 
> etc
> 
> no such file or directory
> 
> 
> I suppose just another one of those  mystery errors to ignore ?
> 



sh**t now I am getting the correct whonix 2019 started but it fails with
 "Disk quota exceeded"dnf clean packages  0 files removed   so what
now  please

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/760d0277-ca5b-0c63-b58d-5ce08cc4890b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: QSB #46: APT update mechanism vulnerability

somewhere in this large thread it probably states there is an error in
the original whonix install invocation right ?

if one just uses community-testing they end up with 2018 version

so use the --enablerepo=qubes*testing   instead  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04b3d0f9-034a-1675-c41b-7a5f070b9bd8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: QSB #46: APT update mechanism vulnerability



When I remove the whonix templates I get about 12 errors complaining
about /var/lib/qubes/vm-templates/whonix-ws-14/app.tempicons
  /vm-whitelisted-appmenus.list

etc

no such file or directory


I suppose just another one of those  mystery errors to ignore ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc4a2f0f-b966-0339-f88f-9e1b2112c6f0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: looking for quickest way to copy text from dom0-Terminal to another VM

2019-01-25 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 25/01/2019 8.02 PM, Eric wrote:
> Personally I will not instal anything into dom0 that is not from an
> ITL authorised repo.
> 
> Is a real PITA that the inter appVM cut and paste does not work for
> dom0 - can there be a switch somewhere that says I am going to be
> careful and do it?  Feature request?
> 
> Only for package names into dom0 and error text out when things
> don't work - like just recently.
> 
> Thanks, Eric
> 

Please take a look at this issue:

https://github.com/QubesOS/qubes-issues/issues/3571

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxL1O0ACgkQ203TvDlQ
MDCmqhAApZ0H2QZCSVrNVYyhH/Ux8Q0TZW3aVySP+YROwmAvydSg66VC0zsxIkak
OxjDKMePe6GV778n3gsuumLuJYiousmFLJD6d5RzTuFRJoqR0V1Y9NhpRVtvS4Fz
aypfmxWZI6cR4j6u1oEp5gBXfwv9JlqOh4bznttnBgS/XYmgufGjzRqGqSCVdpCq
nET42h4akiAz6Dlf/kUNhohbFVRHXnrye9Q4JoIr50tZNUhXxfOIGIXfKRXTOv6N
wSkjLhkqCkkCK7zJvwZtayCh4OL4162XRikFT7lfc5cx9vHVkweeImm4jRD4mbV0
UIasOFq8rxrobpcVdzExdTnGWFKX1kdQ1XdSrrFVl58e6A1VMgw8/mp1G4coN8Cs
lRYZB3O9NHv3zGW9rvUVBhHjrvbM22DsVOoJyACyMmDJZwq4RvHj4slRy+i8PZ13
PPeJHcKMoG6H6TuVEz6jKyiv+XXq90Ak2WEbE/P7XwTzJhrPV3WyIoy1oEaujwZh
W47+ne/1J0mBqxfviFhDa1yUUdHNAXlB/y6U6iqYRU+msQ30mDQY5wgLhoqZqJSD
0qV9PPF0qa5aCWxmVDlfiF7pqemqEOFToh6GS32NI3v9zIDNQhVdDivgznXrzBJv
m8m5SpA60Uo2R4DOwYFjZ4ir3xSLGIH8mTgCufaBf9BHmb3YWs8=
=O/Ws
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cc475ba-7f30-6520-e46e-e238e5ebc5a5%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: looking for quickest way to copy text from dom0-Terminal to another VM

2019-01-25 Thread Eric

Personally I will not instal anything into dom0 that is not
from an ITL authorised repo.

Is a real PITA that the inter appVM cut and paste does not
work for dom0 - can there be a switch somewhere that says I
am going to be careful and do it?  Feature request?

Only for package names into dom0 and error text out when
things don't work - like just recently.

Thanks, Eric

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99b.5c4bbfb0%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: looking for quickest way to copy text from dom0-Terminal to another VM

799 wrote on Sat, 26 January 2019 00:40
> Hello,
> 
> Feel free to use this script, which needs xclip to be
> installed in dom0 and
> also the AppVM.
>  
> https://github.com/one7two99/my-qubes/blob/master/home/bin/q
> vm-xclip-from-vm
> 
> There is also a never version which can copy from/to
> dom0 in one command.
> Haven't uploaded it to GitHub yet.
> Not that nice as the qubes clipboard but it does its job
> and I have always
> a dom0 terminal open.
> --

Thank you 799, that sounds very interesting. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99a.5c4bb37e%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: looking for quickest way to copy text from dom0-Terminal to another VM

haaber wrote on Sat, 26 January 2019 00:01
> On 1/25/19 9:04 PM, gone wrote:
> I am annoyed by the same thing, but maybe there is a
> security
> consideration I do not know. So I copy a text with
> mouse, cat it in a
> txt file and copy-to-vm it away in my mail-vm for
> example. Don't know if
> there is faster. Bernhard
> --

Thanks Bernhard, that's what I also did so far, however it's
not very convenient.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/999.5c4bb1da%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] looking for quickest way to copy text from dom0-Terminal to another VM

2019-01-25 Thread 799

Hello,

Am Fr., 25. Jan. 2019, 21:04 hat gone  geschrieben:

> 1st of all, I have read this:
> https://www.qubes-os.org/doc/copy-from-dom0/
>
> Maybe I just draw a mental blank but I can't find a really
> quick way to copy text (not files) from dom0-Terminal to
> another VM (into a post like this for instance). I thinking
> of some easy and logical keyboardcshortcuts like the ones
> that exist for copying text between domUs.
>

Feel free to use this script, which needs xclip to be installed in dom0 and
also the AppVM.
https://github.com/one7two99/my-qubes/blob/master/home/bin/qvm-xclip-from-vm

There is also a never version which can copy from/to dom0 in one command.
Haven't uploaded it to GitHub yet.
Not that nice as the qubes clipboard but it does its job and I have always
a dom0 terminal open.

- O

>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vqwM2jx2DtB5cW-%2BXf83vDS%3DiGswTnxaD%2B4gCrySV6FA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] clock nightmare

2019-01-25 Thread haaber





which I read that I have to check that  the right service installed
in sys-net. Now here are the services in sys-net's
/var/run/qubes-service

-rw-r--r-- 1 root root 0 Jan 24 17:54 network-manager -rw-r--r-- 1
root root 0 Jan 24 17:54 qubes-firewall -rw-r--r-- 1 root root 0
Jan 24 17:54 qubes-network -rw-r--r-- 1 root root 0 Jan 24 17:54
qubes-update-check -rw-r--r-- 1 root root 0 Jan 24 17:54
qubes-updates-proxy


I'm using a (custom) debian template for sys-net, but I have the same
content as you. I also checked the GUI where I can see a service called:
clocksync


Aha! That was it. The qubes-sync-time.timer was active since yesterday
(when I installed ntpdate), but this one missed! I'll see if I can
contribute to the DOC with that!

Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73e94c51-deee-4535-2e98-f7ae640496f8%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] looking for quickest way to copy text from dom0-Terminal to another VM

2019-01-25 Thread haaber


On 1/25/19 9:04 PM, gone wrote:

1st of all, I have read this:
https://www.qubes-os.org/doc/copy-from-dom0/

Maybe I just draw a mental blank but I can't find a really
quick way to copy text (not files) from dom0-Terminal to
another VM (into a post like this for instance). I thinking
of some easy and logical keyboardcshortcuts like the ones
that exist for copying text between domUs.
When I've  marked some arbitrary textlines in the dom0
terminal and then use "copy" from the right-clic-menu, how
can I go on most easily?


I am annoyed by the same thing, but maybe there is a security
consideration I do not know. So I copy a text with mouse, cat it in a
txt file and copy-to-vm it away in my mail-vm for example. Don't know if
there is faster. Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c093ba4b-ec0f-8fe7-fdb0-7b2f90def220%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-25 Thread john s.



>>
>> Tasket,
>>
>> Does this mean that a upgrade to testing  is as good as   uninstalling -
>> re-installing templates ?
> 
> Yes. Everything in the template's root and private volumes is wiped
> before the new package is added.
> 
> However we found out this doesn't work for Whonix if your updatevm is
> set to sys-whonix. For debian-9 its fine.


.but, otherwise Marek's original Patch howto  remains  OK  for
whonix-14  Q4.0 ?


>> I guess your cloning debian-9-nonpatch'd just in case the upgrade fails
>> , which you'd rather do  than  reinstall  fresh clean
>> debian-9-new-apt-version?
> 
> Its less hassle to qvm-clone to a backup, then run the upgrade.

less hassle meaning than new Templates , ?because one would not then
need to add back any useradded packagesor  both ?






-- 
A895 0C7C A244 8E2E FD77 A3DB 180B 7D4D D158 F8B6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46e7687e-99ed-b513-df07-7321ac5fbd9a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Cannot add new user to Thunderbird address book

2019-01-25 Thread John Goold

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

There is only one issue in my complete transition to a Qubes system.
This is the first.

When I attempt to add a "New Contact" to Thunderbird's address book,
the "OK" button will change to show it is selected, but does not do
anything. The same happens when I attempt to update an existing contact.

Qubes 4.0.1; Thunderbird 60.4.0 (64-bit)

Note: My migration involved copying ~/.thunderbird//abook.mab
from my laptop and replacing the one in my "personal" qube. I checked
its permissions and it is writable.

All my existing contacts show up and are usable. I am at a bit of a loss
.

- --
John
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEe8Wcf7Po7bts2Rl4jWN9/rQYsRwFAlxLdxoACgkQjWN9/rQY
sRyFwgf/Wj+axAr0SirQCvnZB+hsobtkBPvKabxGbhPx4xQwYKsK//ChsDtQvTAx
oBYxc7DjRO3APyZdFJYVSNCRVjKNwAXbSfGQ2Xm0wa9yCdx3KYtsMJMabgYqpvzK
ddmnIXKTTxScHwVe4CB262APau+0BP8XZxhTm0x2UPAS+rGy8TSXmJRwhcluCTZr
Ex0aqZ8dd3gJVPAvxi0b/o2NYtOk4xHdl268DI/2xC8KpyRWolP/RY+0/1rksyU6
SwKapLByvorzy4K8n2bk6XBb6qh6W0/hnqI9FhY9LapsjRzndSMTktdvVXuaxeF9
IKGGADERdSoRrqQGdlr3w2Ne3Su1Lw==
=mq0q
-END PGP SIGNATURE-

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8e48194b-9e58-ba39-ff65-720cc5e48e15%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability


On 01/25/2019 03:01 PM, John S.Recdep wrote:

On 1/23/19 9:52 PM, Chris Laprise wrote:

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:


Patching
=

If you are a Qubes user, you should remove all APT-based (including
Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
ones. You can do this by performing the following steps on each such
TemplateVM:



A shortened update procedure for debian-9:

1. If your "debian-9" template is customized or contains data, you may
wish to back it up with qvm-clone first...

[dom0]$ qvm-clone debian-9 d9-backup

2. Run the upgrade command...

[dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
--enablerepo=qubes*testing --action=upgrade

This will display package info as it begins downloading. The package
version-date should begin with "4.0.1-20190123" or later.

3. Shutdown all VMs so the upgrade can take effect...

[dom0]$ qvm-shutdown --all --wait --timeout=30

This method also works with whonix-gw-14 and whonix-ws-14 templates.



Tasket,

Does this mean that a upgrade to testing  is as good as   uninstalling -
re-installing templates ?


Yes. Everything in the template's root and private volumes is wiped 
before the new package is added.


However we found out this doesn't work for Whonix if your updatevm is 
set to sys-whonix. For debian-9 its fine.




I guess your cloning debian-9-nonpatch'd just in case the upgrade fails
, which you'd rather do  than  reinstall  fresh clean
debian-9-new-apt-version?


Its less hassle to qvm-clone to a backup, then run the upgrade.




btw, somewhere in this thread I think I saw  howto  find which debian-9
  useradded  packages  were installed,  but maybe someone could confirm
how please


That was the post from Fidel Ramos:

https://groups.google.com/d/msgid/qubes-users/DM9_q5vgod4jYvlICr67Wg1SpGKDv2BNytlGZBHx2Tmd6J6w9DmZ2s__jTMhGtfAHvjigwMnaFYKLLhkEQHliA%3D%3D%40fidelramos.net


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed68420f-2fb6-a2d6-f11d-8bfa681c83fc%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] looking for quickest way to copy text from dom0-Terminal to another VM

1st of all, I have read this:
https://www.qubes-os.org/doc/copy-from-dom0/

Maybe I just draw a mental blank but I can't find a really
quick way to copy text (not files) from dom0-Terminal to
another VM (into a post like this for instance). I thinking
of some easy and logical keyboardcshortcuts like the ones
that exist for copying text between domUs.
When I've  marked some arbitrary textlines in the dom0
terminal and then use "copy" from the right-clic-menu, how
can I go on most easily?

 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/991.5c4b6bb3%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

On 1/23/19 9:52 PM, Chris Laprise wrote:
> On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:
> 
>> Patching
>> =
>>
>> If you are a Qubes user, you should remove all APT-based (including
>> Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
>> ones. You can do this by performing the following steps on each such
>> TemplateVM:
> 
> 
> A shortened update procedure for debian-9:
> 
> 1. If your "debian-9" template is customized or contains data, you may
> wish to back it up with qvm-clone first...
> 
> [dom0]$ qvm-clone debian-9 d9-backup
> 
> 2. Run the upgrade command...
> 
> [dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
> --enablerepo=qubes*testing --action=upgrade
> 
> This will display package info as it begins downloading. The package
> version-date should begin with "4.0.1-20190123" or later.
> 
> 3. Shutdown all VMs so the upgrade can take effect...
> 
> [dom0]$ qvm-shutdown --all --wait --timeout=30
> 
> This method also works with whonix-gw-14 and whonix-ws-14 templates.
> 

Tasket,

Does this mean that a upgrade to testing  is as good as   uninstalling -
re-installing templates ?

I guess your cloning debian-9-nonpatch'd just in case the upgrade fails
, which you'd rather do  than  reinstall  fresh clean
debian-9-new-apt-version?


btw, somewhere in this thread I think I saw  howto  find which debian-9
 useradded  packages  were installed,  but maybe someone could confirm
how please

rec

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1fca1c4-4c8f-9dfc-b79c-906904141b65%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

On 01/25/2019 02:03 PM, gone wrote:

Chris Laprise wrote on Wed, 23 January 2019 21:52

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki
wrote:

A shortened update procedure for debian-9:

This method also works with whonix-gw-14 and
whonix-ws-14 templates.

This worked very well on the debian-9 template and thanks
again for it. But when I try that method for whonix-gw-14
template I get the following errors:

@dom0 ~]$ sudo qubes-dom0-update qubes-template-whonix-gw-14
--enablerepo=qubes*testing --action=upgrade
WARNING: Replacing a template will erase all files in
template's /home and /rw !
Template VM halted
Attempting to operate on template of UpdateVM... backing up
whonix-gw-14 to whonix-gw-14-backup-20190125-mhQ
qvm-clone: error: VM name must be shorter than 32
characters
ERROR: Unable to make backup of UpdateVM template!

This looks like a qubes-dom0-update bug.

I had already cloned the template (using a shorter name ;-)
) before starting this command. So this automatic backup
could be omitted in order to bring it forth if there exists
some option for that or an option to assign a custom name to
this automated backup file.

Or do I have to switch the default upgrade template for dom0
to something else instead of whonix-gw-14 before performing
the update action?

You can try to change the updatevm as a workaround. If downloading the
template without Tor is OK you can just change it to sys-firewall or
similar VM.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/99f69f5c-c651-31b3-4a00-25377ca3a830%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

Chris Laprise wrote on Wed, 23 January 2019 21:52
> On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki
> wrote:
> 
> A shortened update procedure for debian-9:
> 
> .
> 
> This method also works with whonix-gw-14 and
> whonix-ws-14 templates.
> 
> --

This worked very well on the debian-9 template and thanks
again for it. But when I try that method for whonix-gw-14
template I get the following errors:

@dom0 ~]$ sudo qubes-dom0-update qubes-template-whonix-gw-14
--enablerepo=qubes*testing --action=upgrade
WARNING: Replacing a template will erase all files in
template's /home and /rw !
Template VM halted
Attempting to operate on template of UpdateVM... backing up
whonix-gw-14 to whonix-gw-14-backup-20190125-mhQ
qvm-clone: error: VM name must be shorter than 32
characters
ERROR: Unable to make backup of UpdateVM template!

I had already cloned the template (using a shorter name ;-)
) before starting this command. So this automatic backup
could be omitted in order to bring it forth if there exists
some option for that or an option to assign a custom name to
this automated backup file.

Or do I have to switch the default upgrade template for dom0
to something else instead of whonix-gw-14 before performing
the update action? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98f.5c4b5d8b%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Archlinux template for Qubes R4 build is working

2019-01-25 Thread Foppe de Haan

For me, the template builds just fine, but thunderbird-qubes and the GUI )file 
transfer agent integrated with thunar are missing. (invoking these via the CLI 
works fine, though.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6d450f3-6b3f-4a5f-b715-53b043c059fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: clock nightmare

On 1/24/19 6:11 AM, haaber wrote:
> Hello, could someone please help me out of the clock nightmare? dom0
> keeps setting itself at -1day, and helpless sys-whonix follows, which
> disturbs tor, the time stamp of this email ETC.
> Concrete question: in which timezone should live  respectively dom0  and
> whonix-* ? How/Where do I configure TZ without messing all up? Thank
> you, Bernhard
> 

I know this may not be the solution you want, but I ended up just
changing sys-net template to debian-9   , then all was well

I did the change to the  private/  dir  but so far haven't tested it fwiw

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9cec4c99-7f58-76c4-19a3-cb12d3d1d4fc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] QSB #46: APT update mechanism experience

Hi, I am just sharing my experience from the update mechanism process described
here:
http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/news/2019/01/23/qsb-46/

Note please, that all downloads of the new patched templates were provided
through fedora based VMs, to mitigate the potential compromise issue with the
debian based templates and VMs based on it. Deletion of the 2018
debian-tempaltes went smooth.

All worked quite smoothly, with few exceptions. I followed the guide and point
4 didnt work for me by default. As an example I update the whonix-gw-14
template here:

$ sudo qubes-dom0-update \ --enablerepo=qubes-templates-community-testing \
qubes-template-whonix-gw-14

a) returned error that the testing repo isnt enabled
b) after enabling it, it started download the 2108 version

I worked around it in a following way in dom0:

a)
$ sudo nano /etc/yum.repos.d/qubes-templates.repo

#now just enable
[qubes-tempates-community]
enabled = 1

#now just enable
[qubes-tempates-community-testing]
enabled = 1

In case you set up qubes to update the system through Tor, don't forget to
comment out the .onion baseurl, and uncomment the clearnet baseurl and metalink
respectively.

b) in the table provided, I just put the
qubes-template-whonix-gw-14-4.0.1-201901231238 directly to the command ans it
worked well.
$ sudo qubes-dom0-update \ --enablerepo=qubes-templates-community-testing \
qubes-template-whonix-gw-14-4.0.1-201901231238

This pointed to the right download of the 2019 version and prevented the 2018
version to be downloaded. For the other templates, see the table provided in
the guide. Just change it and you are fine.

Guide says that within 2 weeks there will be a migration of the testing content
to a stable part, so there can possibly be some adjustments.

Also after updating the whonix-gw-14 and whonix-ws-14 there will be no
sys-whonix and anon-whonix recreated. You need to do it manually. Thanks to
marmarek for the help with that!

If you wish to keep your existing anon-whonix, just rename it, like
anon-whonix-old. You can than transfer securely the data from the
anon-whonix-old to the new one easily. If you dont rename it, the new
anon-whonix will not be created with the command. The sys-whonix should be
deleted already so it can be created fresh :)

With following command creates the new sys-whonix and anon-whonix based on the
patched 2019 template version.
in dom0:
sudo qubesctl state.sls qvm.anon-whonix

Follow the same logic with whonix-ws-14 and debian templates.
Good luck!

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/LX4sO4G--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora-26 template unable to update

2019-01-25 Thread Mike Keehan

On Fri, 25 Jan 2019 02:47:50 -0800
edalva...@riseup.net wrote:

> I've been struggling to update my Fedora-26 template for a while. So
> far none of the various bug-reports I've found on the issue seem to
> help. 
> 
> I've checked that all URL's in /etc/yum.repos.d/qubes-r4.repo use
> https as suggested. 
> 
> CONTENT OF /etc/yum.repos.d/qubes-r4.repo (disabled repos not shown):
> 
> _ name = Qubes OS Repository for VM (updates)_
> _ baseurl = https://yum.qubes-os.org/r4.0/current/vm/fc$releasever_
> _ #baseurl =
> http://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r4.0/current/vm/fc$releasever_
> _ gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary_
> _ skip_if_unavailable=False_
> _ gpgcheck = 1_
> _ enabled=1_
> 
> WHEN UPDATING, it doesn't look like DNF gets any fresh data:
> 
> [user@fedora-26 ~]$ sudo dnf -v update
>  Loaded plugins: builddep, config-manager, copr, debug,
> debuginfo-install, download, generate_completion_cache,
> needs-restarting, playground, qubes-hooks, repoclosure, repograph,
> repomanage, reposync
>  DNF version: 2.7.5
>  cachedir: /var/cache/dnf
>  repo: using cache for: updates
>  updates: using metadata from Tue May 29 13:05:48 2018.
>  repo: using cache for: fedora
>  not found deltainfo for: Fedora 26 - x86_64
>  not found updateinfo for: Fedora 26 - x86_64
>  fedora: using metadata from Wed Jul  5 22:31:38 2017.
>  repo: using cache for: qubes-vm-r4.0-current
>  not found deltainfo for: Qubes OS Repository for VM (updates)
>  not found updateinfo for: Qubes OS Repository for VM (updates)
>  qubes-vm-r4.0-current: using metadata from Wed Jan 23 16:47:03 2019.
>  Last metadata expiration check: 0:08:48 ago on Fri Jan 25 11:08:50
> 2019.
>  --> Starting dependency resolution
>  --> Finished dependency resolution  
>  Dependencies resolved.
>  Nothing to do.
>  Complete!
> 
> I've tried cleaning and refreshing:
> 
>  [user@fedora-26 ~]$ sudo dnf clean all
>  53 files removed
>  [user@fedora-26 ~]$ sudo dnf -v update --best --allowerasing
> --refresh --releasever=26
>  Loaded plugins: builddep, config-manager, copr, debug,
> debuginfo-install, download, generate_completion_cache,
> needs-restarting, playground, qubes-hooks, repoclosure, repograph,
> repomanage, reposync
>  DNF version: 2.7.5
>  cachedir: /var/cache/dnf
>  Fedora 26 - x86_64 - Updates703 kB/s |  22 MB
> 00:31
>  updates: using metadata from Tue May 29 13:05:48 2018.
>  Fedora 26 - x86_64  742 kB/s |  53 MB
> 01:13
>  not found deltainfo for: Fedora 26 - x86_64
>  not found updateinfo for: Fedora 26 - x86_64
>  fedora: using metadata from Wed Jul  5 22:31:38 2017.
>  Qubes OS Repository for VM (updates) 53 kB/s | 204 kB
> 00:03
>  not found deltainfo for: Qubes OS Repository for VM (updates)
>  not found updateinfo for: Qubes OS Repository for VM (updates)
>  qubes-vm-r4.0-current: using metadata from Fri Jan 25 00:45:03 2019.
>  Last metadata expiration check: 0:00:00 ago on Fri Jan 25 11:26:26
> 2019.
>  Completion plugin: Generating completion cache...
>  --> Starting dependency resolution
>  --> Finished dependency resolution  
>  Dependencies resolved.
>  Nothing to do.
>  Complete! 
> 
> Any suggestions on this? I really dislike to sit on a outdated
> system :/
> 
> 
> Best regards, 
> Ed Alvarez
> 

Fedora 26 reached end-of-life last year.  You need to install Fedora 28
at least, or Fedora 29.

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190125160857.116f3d27.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

Jan 25, 2019, 4:26 PM by marma...@invisiblethingslab.com:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Fri, Jan 25, 2019 at 04:20:50PM +0100, > qubes-...@tutanota.com 
> >  wrote:
>
>> Jan 25, 2019, 4:13 PM by >> marma...@invisiblethingslab.com 
>> >> :
>>
>> > On Fri, Jan 25, 2019 at 04:04:02PM +0100, > >> qubes-...@tutanota.com 
>> > >>  > qubes-...@tutanota.com 
>> > >> >>  wrote:
>> >
>> >> Thank you. Will the existing anon-whonix be recreated together with 
>> >> sys-whonix as well? I have an anon-whonix AppVM already existing. Should 
>> >> I back it up or chenge its name to prevent data loss?
>> >>
>> >
>> > No, if anon-whonix already exists, it will not be recreated.
>> > But note anon-whonix is based on whonix-ws-14 template, which is also
>> > affected. You should update it to unaffected version using one of the
>> > methods described in the QSB.
>>
>> Hi, I updated the whonix-gw-14 and whonix-ws-14 as well. I am planning to 
>> use the pre-update AppVMs as a backup and transfer necessary data to the 
>> newly created post-update AppVMs. Than delete them.
>> In this case, I can just rename the anon-whonix AppVM and the new 
>> anon-whonix will be created, right?
>>
>
> Yes, exactly.
>
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
>
> iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxLKqcACgkQ24/THMrX
> 1yxYaAgAjuiGQxpY2tyiH62706bMQ7FejCNPdoBXwL5RzM7j6/5hYlA7cUa/L5fn
> Z4q/7F2k9olSQFDvobZ/PJw+cvaV8lFfNWUnSiIkgCVQ5VxZxCHmWR/QWoBf4oRE
> 7CGWOgT89u1jTUO595IQ3LSq7ixT5DhqhwRYc0JuWYHL0vYIMJJ3+e5X2/Y0bnNr
> 6DbR9EuY9F6PsLTwXLG1/Bf8XdA7MIaKVhkVQvAcvUFHvdjJIXzBT4HigjclXFzI
> AMgAvtEYJXiygylwlrC3fMprDYSSMmv2yDyaBMN9oQ1Q3Aw+hnb+X8unLebV5F8X
> hzLmEdXJ7KJJCIipvFzriOEckXqWxQ==
> =GgX4
> -END PGP SIGNATURE-
>

Thank you, all working well.


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20190125152631.GJ1429@mail-itl 
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4jA4r--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-25 Thread Marek Marczykowski-Górecki

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jan 25, 2019 at 04:20:50PM +0100, qubes-...@tutanota.com wrote:
> Jan 25, 2019, 4:13 PM by marma...@invisiblethingslab.com:
> 
> > On Fri, Jan 25, 2019 at 04:04:02PM +0100, > qubes-...@tutanota.com 
> > >  wrote:
> >
> >> Thank you. Will the existing anon-whonix be recreated together with 
> >> sys-whonix as well? I have an anon-whonix AppVM already existing. Should I 
> >> back it up or chenge its name to prevent data loss?
> >>
> >
> > No, if anon-whonix already exists, it will not be recreated.
> > But note anon-whonix is based on whonix-ws-14 template, which is also
> > affected. You should update it to unaffected version using one of the
> > methods described in the QSB.
>
> Hi, I updated the whonix-gw-14 and whonix-ws-14 as well. I am planning to use 
> the pre-update AppVMs as a backup and transfer necessary data to the newly 
> created post-update AppVMs. Than delete them.
> In this case, I can just rename the anon-whonix AppVM and the new anon-whonix 
> will be created, right?

Yes, exactly.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxLKqcACgkQ24/THMrX
1yxYaAgAjuiGQxpY2tyiH62706bMQ7FejCNPdoBXwL5RzM7j6/5hYlA7cUa/L5fn
Z4q/7F2k9olSQFDvobZ/PJw+cvaV8lFfNWUnSiIkgCVQ5VxZxCHmWR/QWoBf4oRE
7CGWOgT89u1jTUO595IQ3LSq7ixT5DhqhwRYc0JuWYHL0vYIMJJ3+e5X2/Y0bnNr
6DbR9EuY9F6PsLTwXLG1/Bf8XdA7MIaKVhkVQvAcvUFHvdjJIXzBT4HigjclXFzI
AMgAvtEYJXiygylwlrC3fMprDYSSMmv2yDyaBMN9oQ1Q3Aw+hnb+X8unLebV5F8X
hzLmEdXJ7KJJCIipvFzriOEckXqWxQ==
=GgX4
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190125152631.GJ1429%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

Jan 25, 2019, 4:13 PM by marma...@invisiblethingslab.com:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Fri, Jan 25, 2019 at 04:04:02PM +0100, > qubes-...@tutanota.com 
> >  wrote:
>
>> Thank you. Will the existing anon-whonix be recreated together with 
>> sys-whonix as well? I have an anon-whonix AppVM already existing. Should I 
>> back it up or chenge its name to prevent data loss?
>>
>
> No, if anon-whonix already exists, it will not be recreated.
> But note anon-whonix is based on whonix-ws-14 template, which is also
> affected. You should update it to unaffected version using one of the
> methods described in the QSB.
>
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
>
> iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxLJ7MACgkQ24/THMrX
> 1yyaCgf/c6fzqF6MahYzCVd0F+KxHiTrG9mtkCDti/HnFWh+uMkwHiROMDibnrZg
> 0Zqy4N00vqV4fiH5UhlvAvHPS8R+naVoJ5X/9lMxrjJSBNPmMNsMW03qFFBjbBVp
> OPyfKPk+pfZOW6Cmo5FsU3/qYQ3z3g6b3t8S59CRGuCEFub7wBBdTEB+2E2PM8Cg
> dLYVTaKU3gP6XLkIM1i/F3DWrRl7LE1/xQ1qatUQQMCEt7ydT54m3LSOgqfmA/e2
> VK2q8TTKCYj+gDI7SvJ53T4ndb6CQ+9u0deQ0Akmiq8ZgdsmO/avc5uCF6VOu0Mq
> e3R8bktGFlm8wu/pCkSq474xKEMMaA==
> =ttQ8
> -END PGP SIGNATURE-
>
Hi, I updated the whonix-gw-14 and whonix-ws-14 as well. I am planning to use 
the pre-update AppVMs as a backup and transfer necessary data to the newly 
created post-update AppVMs. Than delete them.
In this case, I can just rename the anon-whonix AppVM and the new anon-whonix 
will be created, right?


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20190125151356.GI1429@mail-itl 
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4aLYE--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] clock nightmare

2019-01-25 Thread Zrubi

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 1/24/19 11:47 AM, haaber wrote:

> I use Qubes since 3.2 and feel quite comfortable :) Your message is
> just discouraging though.

Sorry, I don't wanted to discourage for sure.

> which I read that I have to check that  the right service installed
> in sys-net. Now here are the services in sys-net's
> /var/run/qubes-service
> 
> -rw-r--r-- 1 root root 0 Jan 24 17:54 network-manager -rw-r--r-- 1
> root root 0 Jan 24 17:54 qubes-firewall -rw-r--r-- 1 root root 0
> Jan 24 17:54 qubes-network -rw-r--r-- 1 root root 0 Jan 24 17:54
> qubes-update-check -rw-r--r-- 1 root root 0 Jan 24 17:54
> qubes-updates-proxy

I'm using a (custom) debian template for sys-net, but I have the same
content as you. I also checked the GUI where I can see a service called:
clocksync

Not sure what it is trigger, but I also have a running systemd timer
related to this:

> user@WiFi:~$ systemctl status qubes-sync-time.timer ●
> qubes-sync-time.timer - Update system time each 6h Loaded: loaded
> (/lib/systemd/system/qubes-sync-time.timer; enabled; vendor preset:
> enabled) Active: active (waiting) since Wed 2019-01-02 18:44:41
> CET; 3 weeks 1 days ago


Hope that's help.

- -- 
Zrubi
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxLKO4ACgkQVjGlenYH
FQ1qFQ/+IsDL24RLJ3ENF8I2IQyQsi+YZyK9+6BXVVhHUVAUflpOzmT2PNgyZyXg
EZmSziocLTK6gNJitYbOlwQiH2WdnKClZTcLiR/IYeHLkrWPQ3a8NDaOPdYaKgkg
nQA1Z/M9VKLFeaNmXAr61LmPWJsjdD6BENem1Jk6jzngurTG9IPheyGuzR02L26E
O/xPX8Vzl6nLmcC6SsDJ9O8+Ey/8ImHq30TMWyxZKXIqmKvL4aDcwAnW85ymLjZW
tQTOytXnjCNfqW5lZgHLJaau82/A7UdRD8W3VLR0g85myd0FewjlbXUuZ+klFOdX
ZD+ZuC08DrZhJLIJpQY0poON5iKBrYciDP1Dj/DutMcUg16FkJOsYzzzubceB8l+
0KXTBbJLALS9MUhVXKWVrXYTPTZ/EhAP3HeZHwtjs0EIoatg8oZeKbrKJTnseYfh
8s3GQHaSZ0Wx22MYzmmSfpyL/KTDLL692whV3GFAGxfdaoJt5eJQDf6ELH274two
LBm8Q/+XaNF6aMSc1sUenYmuWMh+GD2f/kl3nXGARRZHVj02H0JMhQq8/EYAttDs
EJJiQm6ELusMRXDmprBvb0qc8VMdjn39pEQv6FDfI4vo692yLEbmdhV9bw1dsZic
SJdHBjB8Qv3klASfxZGbOQJdczALNtPwkuVxHmF6pCdKokZ4iDY=
=SSOQ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f8627bf-1118-752d-4393-0df58497cb5d%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-25 Thread Marek Marczykowski-Górecki

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jan 25, 2019 at 04:04:02PM +0100, qubes-...@tutanota.com wrote:
> Thank you. Will the existing anon-whonix be recreated together with 
> sys-whonix as well? I have an anon-whonix AppVM already existing. Should I 
> back it up or chenge its name to prevent data loss?

No, if anon-whonix already exists, it will not be recreated.
But note anon-whonix is based on whonix-ws-14 template, which is also
affected. You should update it to unaffected version using one of the
methods described in the QSB.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxLJ7MACgkQ24/THMrX
1yyaCgf/c6fzqF6MahYzCVd0F+KxHiTrG9mtkCDti/HnFWh+uMkwHiROMDibnrZg
0Zqy4N00vqV4fiH5UhlvAvHPS8R+naVoJ5X/9lMxrjJSBNPmMNsMW03qFFBjbBVp
OPyfKPk+pfZOW6Cmo5FsU3/qYQ3z3g6b3t8S59CRGuCEFub7wBBdTEB+2E2PM8Cg
dLYVTaKU3gP6XLkIM1i/F3DWrRl7LE1/xQ1qatUQQMCEt7ydT54m3LSOgqfmA/e2
VK2q8TTKCYj+gDI7SvJ53T4ndb6CQ+9u0deQ0Akmiq8ZgdsmO/avc5uCF6VOu0Mq
e3R8bktGFlm8wu/pCkSq474xKEMMaA==
=ttQ8
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190125151356.GI1429%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

Thank you. Will the existing anon-whonix be recreated together with sys-whonix 
as well? I have an anon-whonix AppVM already existing. Should I back it up or 
chenge its name to prevent data loss?


Jan 25, 2019, 4:36 AM by a...@qubes-os.org:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 24/01/2019 9.03 PM, Andrew David Wong wrote:
>
>> On 24/01/2019 7.53 AM, >> qubes-...@tutanota.com 
>> >>  wrote:
>>
>>> hi, I reinstalled successfully the whonix-ws-14, whonix-gw-14 and debian-9 
>>> templates as described here: >>> 
>>> https://www.qubes-os.org/news/2019/01/23/qsb-46 
>>> >> 
>>> https://www.qubes-os.org/news/2019/01/23/qsb-46 
>>> 
>>>
>>> With this kind of installation no sys-whonix is created by default. I 
>>> created therefore a new AppVM named sys-whonix, based on template 
>>> whonix-gw-14, NetVM set to sys-firewall. After running Connection Wizard it 
>>> stops at 5% if connecting directly to Tor, or at 10% if connecting with 
>>> Bridges. It stops in the bootstrap phase connecting to a relay directory. 
>>> Whonix check say gave up waiting. In the Arm it keeps popping up duplicates 
>>> hidden. 
>>> After few moments it tells me (when using bridges): [WARN] Proxy Client: 
>>> unable to connect to IP-address:443 "general SOCKS server failure" .
>>>
>>> Is there any setting in the original sys-whonix that is missing if the 
>>> sys-whonix I just created manually? 
>>> What is the solution for this issue? 
>>> I live in non-censored area, clearnet internet connection is working 
>>> smoothly.
>>> Thank you!
>>>
>>
>>
>> The correct way to (re)create sys-whonix is:
>>
>>  $ sudo qubesctl state.sls qvm.anon-whonix
>>
>> For details, see: >> https://www.whonix.org/wiki/Qubes/Install 
>> 
>>
>> We neglected to include this in the QSB.
>>
>
> PR: > https://github.com/QubesOS/qubes-secpack/pull/26 
> 
>
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org 
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxKhCkACgkQ203TvDlQ
> MDAH0g/9EeSTQHx5WqS99WEbtAay4G1oYoyA/ES0VZG0BRdzWCNvQRsYgsytT6pR
> 0jPUXHopUZ9I+CBxc4FBq+UjcjsqdYkUEmU9tahbCXAcFGfSatc66k/kY94Z5G3Y
> VZJUlxuDqLqYC+LqFdAcgmBy9a47hdmnoLWo6FzBR4uynyuK8CBV10cF8n3HSS78
> tpqeH4TYEFwqAp11QBmIdo+k7D8zjO0T1S0FyJl9yxQx62igwjC5LbredCSQ34mp
> MogR4ci4RPDEn2iRyNSFDDJHvQ4nqR9DMe/LXDCJhy56WBL+ynpySCdGnrKx764s
> pK5Z+yC25VWXeJzkhmu2Lo3M2DYdLmd/9Qrkn8gCmIaloKRui5Y20X70RYTwvvdw
> k2CBShPJtqAEcmOY3fKfpwa42re26eFXNp+flPnWAYxxdUOTZE2p534poZwp4h7x
> KMM5+rofC0r7YP2QKY5+iZ3us7uUTCDUataZUQXWJ4iq3b8ZwckFCt+LleP3VD74
> 686Hes0iYVTuP2UdnTQGGbDNIgSE6J7CSMdr95DK5iDZjdefG+jgnd+rWPS3b8FQ
> SY5bwDYefS3Sv7tL8InldAMgkrkxmJv3naaHpVvlJZ0/d3TxPEuXYgWylDpeTAzG
> ZRoPV2ArLHQameUdIhwTELNAvjMeWw9CDEdMaxCcjidrzWgbgqE=
> =c2zv
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4XV38--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability


On 01/24/2019 10:12 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 23/01/2019 3.52 PM, Chris Laprise wrote:

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:


Patching
=

If you are a Qubes user, you should remove all APT-based (including
Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
ones. You can do this by performing the following steps on each such
TemplateVM:



A shortened update procedure for debian-9:

1. If your "debian-9" template is customized or contains data, you may
wish to back it up with qvm-clone first...

[dom0]$ qvm-clone debian-9 d9-backup

2. Run the upgrade command...

[dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
--enablerepo=qubes*testing --action=upgrade

This will display package info as it begins downloading. The package
version-date should begin with "4.0.1-20190123" or later.



Will this step work with templates where installed_by_rpm = false?


No, that's why I wrote "debian-9" template and referenced the package name.

I'm just now starting to address my non-rpm templates that were 
originally cloned from the old debian-9. Probably will make new clones 
of upgraded debian-9, apply customizations (its great to have them 
written down), then use my 'findpref' script to switch all the relevant 
VMs to the new template at once.


Alternately, if you know LVM commands you could just duplicate the 
upgraded template's root volume into target (non-rpm) templates using 
'lvcreate' and maybe zero-out the target private volume with 
'blkdiscard' for extra safety. If I had a lot of specific Qubes settings 
on the target template VMs I might have chosen this option.


Also see Fidel Ramos' advice about duplicating existing package 
selections in the upgraded template.


Finally, if anyone suspects that malware may have taken hold in their 
VMs because the old template was exploited (or other reason), my 
Qubes-VM-hardening project installs a service that activates at VM 
startup before any private-volume scripts are executed. This can 
immunize the VM against malware persistence and also provides a shell 
that can examine VM contents at the moment the private volume is first 
mounted:


https://github.com/tasket/Qubes-VM-hardening

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5081a8e-5e2e-8be8-e312-638f0b529e60%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0.x - Linux kernel 4.19.15 package available in testing repository

2019-01-25 Thread Marek Marczykowski-Górecki

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jan 25, 2019 at 01:58:59PM +0100, Patrik Hagara wrote:
> On 1/24/19 5:18 PM, Patrik Hagara wrote:
> > On 1/20/19 1:57 AM, Marek Marczykowski-Górecki wrote:
> >> Hi all,
> >>
> >> There is updated "kernel" package available in current-testing
> >> repository - it's a Linux long term support 4.19.x series, as an update
> >> over 4.14.x before. Since the upgrade switches to the next major LTS
> >> branch, I'll keep it in current-testing repository longer than usual 1-2
> >> weeks. This also applies to kernel package for VMs: kernel-qubes-vm.
> >> Please report new issues the usual way, at qubes-issues[1], or
> >> simply by replying here. In either case, please mark it clearly it
> >> happens after updating to 4.19, preferably including a link to the
> >> update:
> >> https://github.com/QubesOS/updates-status/issues/850
> >>
> >> 4.19.x kernel was already available as kernel-latest package for some
> >> time. Users of kernel-latest will see the update to 4.19.15 too, but
> >> kernel-latest soon will carry 4.20.x kernel version.
> >>
> >> [1] https://github.com/QubesOS/qubes-issues/issues
> >>
> >>
> > 
> > I get weird graphical artifacts with the new kernel after ~an hour of
> > usage. Windows from AppVMs turn all white sometimes when switching
> > workspaces in i3wm. Events like mousing over an interactive table rows
> > in a browser (when the current row gets highlighted) return that
> > particular section of the window back to normal (but not the whole
> > window, for that I need to trigger a repaint of the whole window by eg.
> > making it full-screen and immediately switching back to non-full-screen).
> 
> The only error message I've been able to find so far is in dom0 Xorg log:
> 
> > (EE) intel(0): Failed to submit rendering commands (Bad address),
> disabling acceleration.

This is very likely related. Normally I'd say "Bad address" indicate
user-space issue, but the only thing changed is the kernel version... It
may be also that some kernel API have changed and the driver is using
parts that weren't there before.

Anyway, I've looked into 'intel' X driver sources and the version we
currently have (2.99.917) is the latest one. On the other hand, there
was over 800 commits since that release and some of them may be related.
For example maybe this: https://bugs.freedesktop.org/show_bug.cgi?id=105886

This suggests you may want to try enabling or disabling composition, if
i3wm supports it.

> Duckduckgo-ing the error message yielded a few [1][2] Arch Linux bug
> reports describing the same symptoms. The first bug report also has a
> kernel patch [3] linked, which supposedly fixes the issue (haven't tried
> it).

That patch is from 2014, already included in 3.19+

> [1] https://bugs.archlinux.org/task/43143
> [2] https://bugs.archlinux.org/task/55732
> [3]
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d472fcc8379c062bd56a3876fc6ef22258f14a91
> 
> Cheers,
> Patrik

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxLGisACgkQ24/THMrX
1yyRKwf9G9TX89Bh2aePabdq7k40zDEHK68sKmsbL7xcm0JpfsdXHK/MuM+B4AyJ
BT7PrEIr8n1wXc++EArbtwapIPldICAhnBRK4fFdazHmtgAeW5S1GztAFisa4EaD
w0AWDoLLVg4DR7AcwFi1EXse4jgT0/CSYkHIENM0QRl4uevEV6lKlpN4lS8Rgjm8
cUCXajC5RCLT3RVDUTzufUOxLLt/syRzGVtBsgJqCwvVdnOxArZqlEJgSI7wq9lN
HR6OSv1ETGdlubxegn2LsAtqLvHXD+vnV11hgT4EvSZhHTfcbOI8FJdsnU8YxNY1
vsHV3L772QpTm3+jZ05X8AxJLEYrHA==
=XaRm
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190125141611.GH1429%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Backup stops when the backup file reaches 3Gb

2019-01-25 Thread Mike Keehan

On Thu, 24 Jan 2019 11:29:50 +
unman  wrote:

> On Thu, Jan 24, 2019 at 01:00:15AM -0500, Chris Laprise wrote:
> > On 01/23/2019 08:15 PM, js...@bitmessage.ch wrote:  
> > > Mike Keehan:  
> > > > Hi,
> > > > 
> > > > I'm using Qubes Backup to save some of my qubes into another VM.
> > > > The backup VM has 18 Gb of storage available, but whenever the
> > > > backup file reaches 3Gb, the backup process just hangs.
> > > > 
> > > > No CPU usage, no error messages, just stops.  The backup window
> > > > shows 40% complete, but never moves any further (different % for
> > > > different combinations of qubes in the backup list).
> > > > 
> > > > After waiting a considerable time (well, 5-10 minutes), hitting
> > > > Cancel in the backup window does cancel it.  The rest of the
> > > > system is continuing to work without problem.  Happens every
> > > > time I try to use Qubes backup.
> > > > 
> > > > The Qubes Disk Space widget shows less than 50% disk used
> > > > overall, the backupVM shows only 18% disk used when the 3Gb
> > > > file has been saved.
> > > > 
> > > > I'm stumped.
> > > > 
> > > > Mike.  
> > > 
> > > Hi,
> > > 
> > > You may have to wait longer than 5-10 minutes. I experience
> > > something similar when doing a full backup, except it's worse
> > > because i'm backing up like 2.5TB. It appears to hang for several
> > > hours at a time (and this happens more than once), but it does
> > > eventually make visible progress again. The whole process takes
> > > over 24 hours. This is why i do full backups very infrequently.
> > > 
> > > For you it shouldn't take nearly as long because it's a lot less
> > > data, but the progress appearing to hang for a while seems to be
> > > normal.
> > > 
> > > I'm using 3.2 tho, and i know they made changes to the backup
> > > mechanism under the hood in 4.0, so i'm not sure if this issue
> > > still applies in 4.0.  
> > 
> > Marek,
> > 
> > Isn't this the null bytes bug in GNU tar?
> > 
> > https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net
> > 
> > It would be a good idea to update this in dom0. My own backup tool
> > uses GNU tar as well.
> > 
> > -- 
> > 
> > Chris Laprise, tas...@posteo.net
> > https://github.com/tasket
> > https://twitter.com/ttaskett
> > PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886  
> 
> It seems a little early to judge.
> 
> Mike - it looks from your comment as if you have been trying with
> subsets of the qubes? Can you confirm if these are running or stopped.
> 
> Like jsnow, I'm regularly able to backup far more than 3G without
> issue, so it looks as if there's something particular about this
> scenario. It would be helpful if you could confirm the issue when all
> qubes you are backing up are stopped.
> Then try bisecting the qubes backup group - keep bisecting if you hit
> the problem again until you either find the problematic qubes or have
> backed them all up.
> 

OK, progress:)

I can backup a list of stopped qubes, running out to a 10Gb file without
any issues.  They all verify OK too.  However, backing up running qubes
exhibits the problem.  

Starting up one of these qubes and trying to backup causes the progress
indicator to stop at some point, BUT, the data is still being backed up
to disk, and continues flowing for some time.  When the data flow stops,
then I have to cancel the backup operation.  However, verifying the
backup works OK - file size reported is correct, and the verify process
finishes successfully.  I haven't tried to actually restore one of
these yet.

I tried recording the process status of both dom0 and the backup vm
during the backups, but could not see any particular process dying when
the progress updater stopped moving.  The tar processes stopped in dom0
but I guess that was because they had finished creating the private.img
files.

So it looks like backing up a live VM causes the backup process to fail
at some point, but not before the data is actually backed up.  

It doesn't look like a tar null issue as the data does get to disk OK.
It's just the control of the backup process getting out of step
somewhere.

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190125135255.23ddcca0.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R.I.S.K.S. - Relatively Insecure System for Keys and Secrets (for Qubes OS)

2019-01-25 Thread 19hundreds


I just published R.I.S.K.S. (https://19hundreds.github.io/risks-workflow 
). The source repo is 
https://github.com/19hundreds/risks-workflow 
 .


I've been searching for a viable system for managing my own secrets since a 
while and I'm still on it.


Inspired by Snowden's experience with journalists, projects like Enough 
(https://enough.community/ ) and determined to 
contribute the way I can against digital abuses (monitoring, tapping etc.) I 
decided to sum up what I know in a step-by-step guide providing a reasonable 
setup (hopefully) for defending user's secrets.


I don't know if many feel the need for such a guide but I crafted it in the 
hope to be helpful to the vast majority of the audience.



I'd greatly appreciate any feedback, comment, critic and advice driven to 
improve R.I.S.K.S.

---
1900



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4F0AN--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Don't give focus to new windows in certain work-spaces