Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy
Thanks very much -- the details helped a lot. Case closed. On Tuesday, February 13, 2024 at 5:21:05 AM UTC-8 Rusty Bird wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Boryeu Mao: > > > For R4.1.2 I had some RPC calls with + and - characters in the file > > > name. These are considered as invalid characters to be part of service > > > names in the new qrexec policy format (e.g. in > > > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I > > > wonder if there is any way to keep these characters in explicitly > > > specifying the calls. > > > Correction - only + is considered as invalid character. > > Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz > actually specified the policy for a qrexec service named 'foo' called > with one argument 'bar+baz'. > > (Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a > specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if > that doesn't exist /etc/qubes-rpc/foo for a general implementation. > That is still the same in R4.2.) > > In the new policy format this would be written as a line starting with > > foo +bar+baz > > Note the whitespace before the first '+' character, which makes it a > little bit clearer what's going on. > > Rusty > -BEGIN PGP SIGNATURE- > > iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo > aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 > QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv > Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b > 377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ > JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX > Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4 > kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK > Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv > Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri > jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD > rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ > 4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN > 7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0= > =hsTB > -END PGP SIGNATURE- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a1134c89-61d2-470f-b5cb-bebe2971bc72n%40googlegroups.com.
Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Boryeu Mao: > > For R4.1.2 I had some RPC calls with + and - characters in the file > > name. These are considered as invalid characters to be part of service > > names in the new qrexec policy format (e.g. in > > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I > > wonder if there is any way to keep these characters in explicitly > > specifying the calls. > Correction - only + is considered as invalid character. Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz actually specified the policy for a qrexec service named 'foo' called with one argument 'bar+baz'. (Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if that doesn't exist /etc/qubes-rpc/foo for a general implementation. That is still the same in R4.2.) In the new policy format this would be written as a line starting with foo +bar+baz Note the whitespace before the first '+' character, which makes it a little bit clearer what's going on. Rusty -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b 377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4 kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ 4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN 7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0= =hsTB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZctpKVnrYXENkrU3%40mutt.
[qubes-users] Fedora 39 templates available; Fedora 38 approaching EOL
Dear Qubes Community, New Fedora 39 templates are now available in standard, [minimal](https://www.qubes-os.org/doc/templates/minimal/), and [Xfce](https://www.qubes-os.org/doc/templates/xfce/) varieties. In addition, Fedora 38 is currently [scheduled](https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html) to reach EOL ([end-of-life](https://fedoraproject.org/wiki/End_of_life)) on 2024-05-14 (approximately three months from now). Please upgrade all of your Fedora templates and standalones by that date. For more information, see [Upgrading to avoid EOL](https://www.qubes-os.org/doc/how-to-update/#upgrading-to-avoid-eol). There are two ways to upgrade a template to a new Fedora release: - *Recommended*: [Install a fresh template to replace an existing one.](https://www.qubes-os.org/doc/templates/fedora/#installing) *This option may be simpler for less experienced users.* After you install the new template, redo all desired template modifications and [switch everything that was set to the old template to the new template](https://www.qubes-os.org/doc/templates/#switching). You may want to write down the modifications you make to your templates so that you remember what to redo on each fresh install. To see a log of package manager actions, open a terminal in the old Fedora template and use the `dnf history` command. - *Advanced*: [Perform an in-place upgrade of an existing Fedora template.](https://www.qubes-os.org/doc/templates/fedora/in-place-upgrade/) This option will preserve any modifications you've made to the template, *but it may be more complicated for less experienced users.* Please note that no user action is required regarding the OS version in dom0 (see our [note on dom0 and EOL](https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol)). This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2024/02/13/fedora-39-templates-available-fedora-38-approaching-eol/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a18436a-3608-4617-a18f-9cb0b22883cc%40qubes-os.org.
Re: [qubes-users] The Star Labs StarBook is Qubes-certified!
Looking to get myself a new laptop...I have been using the Carbon X1 (Gen. 5) for about 6-7 years. It has treated me well but fear it is about to crash (I recently saw a Fan error). I don't know if I have the energy to make a laptop from a refub again, thinking a new laptop with Qubes installed. Definitely appreciate the security but not over the top security is needed. I'd like to use this new computer for the next 5-10 years again. Needs to work with Qubes 4.2...willing to spend a little extra for a good reliable system. I am US based so if I can save a little $$, thats also OK... Liking this Starlabs piece but would also consider, Librem, maybe NitroPad(but thinking 64GB memory for this new one). Any turn-key solutions recommendations? On Wednesday, January 10, 2024 at 12:32:30 PM UTC-6 Ulrich Windl (Google) wrote: > I had a look and was surprised: A German keyboard layout would cost almost > 400€ extra (while 16 GB more RAM cost only about 80€). Also the CPUs seem > rather slow (1.2 GHz), and no option for recent AMD CPUs. > The configuration interesting for me would have been around 1700€ with s > weak CPU and possibly weak graphics, too. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7091c1aa-3069-4335-ad52-fb7686c2a482n%40googlegroups.com.
