Re: [qubes-users] xdg-open works in dvm, but qvm-open-in-dvm from other qube does not

['justanotherquber' via qubes-users]

On Thu, May 02, 2024 at 02:44:09PM -, qubist wrote:
> That's secondary, but in case you are interested, mpv gives better playback:
> 
> https://forum.qubes-os.org/t/improving-video-playback-speed/21906/8
It does not seem to play back better to me, as well at most, especially not 
with the aggressive frame-dropping that is turned on by default.
It's even more aggressive than setting framedropping to hard on mplayer.
I decided to use --framedrop=no to have it get more out of sync instead. 
Thank you for the suggestion though, I might decide to switch to mpv. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20240502163707.GC1058%40mail2-dvm.

Re: [qubes-users] xdg-open works in dvm, but qvm-open-in-dvm from other qube does not

['justanotherquber' via qubes-users]

I also tried an untouched version of debian 12 minimal with updates and only 
mplayer added from apt.
There was no mimeapps.list file in /usr/share/applications, /etc/xdg/, 
$HOME/.config or $HOME/.local/share/applications.
I tried xdg-mime default mplayer.desktop video/x-matroska as the non-root user.
Still didn't work. Maybe because there wasn't a mplayer.desktop file in 
/usr/share/applications like in fedora.
I copy over mplayer.desktop without a MimeType field from the original debian 
12 miminal media qube and move it to $HOME/.local/share/applications.
This gives the same error as the original media qube.
I add MimeType=video/x-matroska to the desktop file and re-run the xdg-mime 
command.
I still get the same error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20240502144133.GB1058%40mail2-dvm.

Re: [qubes-users] xdg-open works in dvm, but qvm-open-in-dvm from other qube does not

['justanotherquber' via qubes-users]

> Trying to copy the file first and then 'xdg-open TEST.pdf' in the
> target VM, I get the same series of errors:
> 
> $ xdg-open TEST.pdf 
> xdg-mime: mimetype argument missing
> Try 'xdg-mime --help' for more information.
> /usr/bin/xdg-open: 882: x-www-browser: not found
> /usr/bin/xdg-open: 882: firefox: not found
> /usr/bin/xdg-open: 882: iceweasel: not found
> /usr/bin/xdg-open: 882: seamonkey: not found
> /usr/bin/xdg-open: 882: mozilla: not found
> /usr/bin/xdg-open: 882: epiphany: not found
> /usr/bin/xdg-open: 882: konqueror: not found
> /usr/bin/xdg-open: 882: chromium: not found
> /usr/bin/xdg-open: 882: chromium-browser: not found
> /usr/bin/xdg-open: 882: google-chrome: not found
> /usr/bin/xdg-open: 882: www-browser: not found
> /usr/bin/xdg-open: 882: links2: not found
> /usr/bin/xdg-open: 882: elinks: not found
> /usr/bin/xdg-open: 882: links: not found
> /usr/bin/xdg-open: 882: lynx: not found
> /usr/bin/xdg-open: 882: w3m: not found
> xdg-open: no method available for opening 'TEST.pdf'
> 
> Then I tried this:
> 
> https://unix.stackexchange.com/a/59088
> 
> but it changed nothing. Tested with an mp4 file - same result.
> 
I did get xdg-open itself to work. Although all the different files and tools 
confused me a lot.
I added the lines to mimeapps.list directly, although I think xdg-mime default 
alone worked for me too.
I added a [Added Associations] line with the same entries as [Default 
Applications].
Not really sure what this does though.
The mimeapps.list file I use is in /etc/xdg/ (global), so I set it from the 
template. 
Sometimes I've had to add a MimeType field (something like 
MimeType=video/mp4;video/x-matroska;video/webm) to the .desktop file being 
used, before running xdg-mime, to get it to work.
> And there it is: xdg-open wrongly detects gnome3 which is not
> installed. Then I checked:
> 
> $ printenv | grep XDG_CURRENT_DESKTOP
> XDG_CURRENT_DESKTOP=X-QUBES ## NOT XFCE, which is the correct value
XDG_CURRENT_DESKTOP isn't even set for me, I use i3 though
> 
> After:
> 
> $ export XDG_CURRENT_DESKTOP=XFCE
I added export XDG_CURRENT_DESKTOP=XFCE to my template, shut it down and ran 
qvm-open-in-dvm to open a file in it.
> 
> xdg-open works as expected in the current session.
> 
It started and shut down. I get the same error in journalctl on qvm-open-in-dvm.
> To have "Open in VM" work as well, obviously the above must be set
> persistently.
> 
> Speculation 1 (needs checking and confirmation):
> 
> Since I see in a fedora-xfce-template-based qubes the
> XDG_CURRENT_DESKTOP=XFCE, I suppose it is somehow set when XFCE itself
> is installed (and not just thunar), so perhaps the fact of the Debian
> template being "-minimal" (and not "-xfce") is related to this issue
> and one needs to set this thing manually to make it work properly.
> 
> Speculation 2 (if the above is wrong):
> 
> It might be Debian specific.
I downloaded Fedora 39 minimal, it didn't have mplayer, so I tried updating and 
installing only kmplayer.
It seems to install a lot of plasma, Qt stuff, about 200MB in total.
After installing kmplayer it qvm-open-in-dvm didn't work.
With journalctl in the fedora based vm it shows the same failed to connect to 
bus error as debian started with.
After that it seems to just give an mime error, like the one you showed earlier.
cat /usr/share/applications/mimeapps.list shows org.gnome.Totem as the default 
application.
XDG_CURRENT_DESKTOP was set to X-QUBES, as with you.
I copied mimeapps.list to /etc/xdg/ in the template and replaced

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20240502143625.GA1058%40mail2-dvm.

[qubes-users] xdg-open works in dvm, but qvm-open-in-dvm from other qube does not

['justanotherquber' via qubes-users]

Hi, I've been trying to get a dvm to open media files in mplayer in a 
disposable qube.
Starting the disposable media qube from dom0 with qvm-run --dispvm media-dvm 
--service -- qubes.StartApp+st works.
Copying files(same as the ones used to test qvm-open-in-vm/qvm-open-in-dvm) to 
the vm with qvm-copy works.
Opening the copied files with xdg-open or qubes-open works in the dvm.
Opening media files in mplayer in the disposable qube with qvm-open-in-dvm used 
to work. 
It stopped working after I switched the media qube's template from 
debian-11-minimal to debian-12-minimal.
I used qubesctl with state.highstate to get the new template to be in the same 
state as the previous template.
I checked journalctl -f in the media dvm while running qvm-open-in-vm from the 
vm that usually calls qvm-open-in-dvm.
The media dvm consistently gives the same errors:
May 01 10:04:54 disp7040 systemctl[914]: Failed to connect to bus: No medium 
found
May 01 10:04:56 disp7040 qubes.OpenInVM+-browse-disp[925]: cat: write error: 
Bad file descriptor
May 01 10:04:56 disp7040 qubes.OpenInVM+-browse-disp[925]: 
May 01 10:04:56 disp7040 qubes.OpenInVM+-browse-disp[925]: 
May 01 10:04:56 disp7040 qubes.OpenInVM+-browse-disp[925]: MPlayer interrupted 
by signal 13 in module: unknown
This is was using a mplayer binary I built myself.
If I use remove that and let it use a version from apt I get a sligthly 
different set of errors:
May 01 10:26:46 disp7040 systemctl[1234]: Failed to connect to bus: No medium 
found
May 01 10:26:48 disp7040 qubes.OpenInVM+-browse-disp[1246]: cat: write error: 
Bad file descriptor
May 01 10:26:48 disp7040 qubes.OpenInVM+-browse-disp[1246]: do_connect: could 
not connect to socket
May 01 10:26:48 disp7040 qubes.OpenInVM+-browse-disp[1246]: connect: No such 
file or directory
May 01 10:26:48 disp7040 qubes.OpenInVM+-browse-disp[1246]: Failed to open LIRC 
support. You will not be able to use your remote control.
May 01 10:26:48 disp7040 qubes.OpenInVM+-browse-disp[1246]: 
May 01 10:26:48 disp7040 qubes.OpenInVM+-browse-disp[1246]: 
May 01 10:26:48 disp7040 qubes.OpenInVM+-browse-disp[1246]: MPlayer interrupted 
by signal 13 in module: unknown
The vm that calls qvm-open-in-dvm can successfully open media files in other 
vms.
Thanks in advance for any ideas you might have.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20240501090352.GA930%40mail2-dvm.

[qubes-users] NFC and other creative communications with your qubes-os

['haaber' via qubes-users]

I have a simple question, around "things that you have" (like sec.
tokens, etc).

Many "fido tokens" (yubi, nitro, google) allow NFC communication, most 
computers as well, but i do not find anything in my qubes (maybe the
chips acts as USB client and my USB is down by default?)

=> Is there a solution to that? I am pretty sure I am not the first one
to meditate that question ...


Another, more creative idea could be to use the build-in fingerprint
scanner but feed it artificial "precalculated random fingerprints". 
They could work  as a second password that you have printed put on a
plastic card (using standard, "fingerprint forgery" ideas, i.e. via a
laser printer in a positive way) and carry it with you; They might even
use as one-time-tokens, if you precalulate a bunch of them :)

=> did someone ever hear of such ideas?


thanks, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/044ed16e-67cc-4b1c-a4bc-9ab2b4641082%40web.de.

Re: [qubes-users] 'locking' a vm possible? (to prevent accidental shutdown)

['Rusty Bird' via qubes-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Rusty Bird:
> Boryeu Mao:
> > An attempt to shutdown `sys-firewall` in `Qube Manager` receive a warning 
> > about running processes in the qube; similarly on command line 
> > `qvm-shutdown sys-firewall` fails with an error.  Is it possible to 
> > designate an appVM to behave similarly so it won't get shutdown 
> > accidentally?
> 
> Not as a user-facing feature AFAIK. But you could use the qubes.ext
> Python entry point
> 
> https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/__init__.py#L57-L59
> 
> to add another "domain-pre-shutdown" event handler like this one
> (yours could e.g. check if the VM has a certain tag):
> 
> https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/audio.py#L65-L75

Sorry, that second link should have been:

https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/audio.py#L31-L38

Rusty
-BEGIN PGP SIGNATURE-

iQKTBAEBCAB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmYdQPRfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0
QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv
Kt9fGw/+JHmmCw+Ly/YXJ5uYJknlH/Z8hpViEwPnIGuuz7dkiHYa53BeKg+ub035
EOt0Z2ir8NuhHGXdN77A4j1PA6gXypEBme3sxDoP0uHv1Tc3GSAgbR4NzF0qucxy
EQisGL7LAw05raT5vFv8eWsHwfR1OHAupXZKJzHfjX3CBUce51K2N/eyPiuoX4es
m/1lpLmLWJgXAk2MgvwNop4coRiexLuXGWYpeG+64SrDmB0oJhFZ+8rhUig5UZ41
ImpkZl+cbFIxVL+j0tcWLlaDt8yTIJzR2lw0afOvHZcqNHlNo2OPSm4HiMfrThVP
9oAAU5fvTLQtnVJ0Qw49/wm6nr2IFuR3J3Zkz4PA0jVzxuXL6OGzjLuJuFlj01Sj
qxK3oU9dsN2cXCkp0k8gq39UAyHZwaeViFnAxKNm/U/ykRlFhLiloTF3ZvJYl7Vv
1N54BKKY5RjjtVsBgbDfKVcfSR4UwNt6v2PECfp+l7SpJb4XFiCNb9AoU2UoPQjj
icOPXw8r7AAMZdm+ANuMhTivGIi+7HR4MQ4xKRmD1bJ1qhQPGyuq+6loYJQQX+r4
1evr5+hCbQjapWN5IA7mRSgzaUEPC0Yrc5Ttirw81dbuCIPyv+B2c8LwQDvcorIR
A5EhArjwq1nY1N1ArMUKVf5+ONcIu7K56fjnMxyZXer3zExcYyA=
=mP8j
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Zh1A9DYFnKTnQt_z%40mutt.

Re: [qubes-users] 'locking' a vm possible? (to prevent accidental shutdown)

['Rusty Bird' via qubes-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Boryeu Mao:
> An attempt to shutdown `sys-firewall` in `Qube Manager` receive a warning 
> about running processes in the qube; similarly on command line 
> `qvm-shutdown sys-firewall` fails with an error.  Is it possible to 
> designate an appVM to behave similarly so it won't get shutdown 
> accidentally?

Not as a user-facing feature AFAIK. But you could use the qubes.ext
Python entry point

https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/__init__.py#L57-L59

to add another "domain-pre-shutdown" event handler like this one
(yours could e.g. check if the VM has a certain tag):

https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/audio.py#L65-L75

Rusty
-BEGIN PGP SIGNATURE-

iQKTBAEBCAB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmYdP79fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0
QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv
Kt/s0A//d0ks6I+il3Y/rnG5IINmEUMC8yKdTQM9E/xQQZlqSZOUHh4OSkdZB6ON
N/Iv1skUvVRuUxF8kFJ9M88FYH8X+fZsWr9ZQ18xPk+oQuQBarWTgT+TeprGj8CX
WSG1dfzyFs/m5DuE4M0xvzV9efIyfA80hRl/5VwLYLscMas2Dkvfcc8yWcdDkoY7
zKcI9jZzkUPfA5gAp92NWH10kYBdWlMYiqRLW22OT+Xe/dkohs/a80B1smKRZf7D
K9sF4CXauJxqxV8m+wMO8yma1jBEBoijkPZxf3m/z4SNl+cfcvLRvy+zV41dsTca
nkfvP2LflDWCpJFsdK77GQPGvx7ojX09ExAXu56kZJiQAn+rWFcX8edI+E+RQ0Z/
UMZ9a8Juj3s/myNEGr+MrhrdQ5qvUEafCOVBpLJG65xAw0B7eAAqG/vbboucaaVy
pQMFcYCyPxMzlMZQz82JHpzGiVscislC8naMYFneM9jsSL2K9D+P99tlHIziKt9w
dwUwvbuUOJtaZm94YMIbJkUaSK9BDInx49LAlzA5pAtRX4CMHY2YzYkLEUis2oAe
Ynj620eSnEwmPPa4sS97T+dnuO94S32UZrDLzYu7FZn4Rm5Gp6vq5pgbxXqkp8id
BdRn5dzQI6l4fijl+6FgfMTSZzVBNr7svjuGY8D0v3OfbywnT9Y=
=3CXB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Zh0_v3dVrNYbjzcT%40mutt.

Re: [qubes-users] Star Labs StarBook certified with intel only?

['జిందం వాఐి' via qubes-users]

On 2024-03-26 23:05, 'జిందం వాఐి' via qubes-users wrote:

On 2024-03-26 22:18, Andrew David Wong wrote:

On 3/25/24 11:25 AM, 'జిందం వాఐి' via qubes-users wrote:


As you can see, only Intel processors are listed. I'm not personally 
aware of any changes since then, but when it comes to Qubes-certified 
hardware, you should always consult the vendor's website for the 
latest information.


thanks for headsup, i will contact them


* contacted vendor
* hardware is certified for intel only
* my query and vendor reply_
https://support.starlabs.systems/conversations/starbook-qubesos-certification-intel-amd-or-both/perma?token=06aab71bb3930
* hope this helps



--
regards,
జిందం వాఐి [ jindam, vani ]
web_ jindam.neocities.org
[matrix]_ @jindam:oikei.net


--
regards,
జిందం వాఐి [ jindam, vani ]
web_ jindam.neocities.org
[matrix]_ @jindam:oikei.net

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c4341b68c14f0f9822a12cab904743e%40disroot.org.

Re: [qubes-users] Star Labs StarBook certified with intel only?

['జిందం వాఐి' via qubes-users]

On 2024-03-26 22:18, Andrew David Wong wrote:

On 3/25/24 11:25 AM, 'జిందం వాఐి' via qubes-users wrote:


As you can see, only Intel processors are listed. I'm not personally 
aware of any changes since then, but when it comes to Qubes-certified 
hardware, you should always consult the vendor's website for the latest 
information.


thanks for headsup, i will contact them


--
regards,
జిందం వాఐి [ jindam, vani ]
web_ jindam.neocities.org
[matrix]_ @jindam:oikei.net

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef689eaffdd99ccdb995f9847ee4db9a%40disroot.org.

[qubes-users] Star Labs StarBook certified with intel only?

['జిందం వాఐి' via qubes-users]

* i see an option to purchase
laptop for amd also on their
website
* is this certified with only
intel?

--
regards,
జిందం వాఐి [ jindam, vani ]
web_ jindam.neocities.org
[matrix]_ @jindam:oikei.net

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ccfaea3acfd69873fb339ebf90d74178%40disroot.org.

Re: [qubes-users] Configure Network Qubes 4.2

['Bapak Ireng' via qubes-users]

Sorry, i discuss in the Qubes Communityfaster responses, better 
systemthen google groups

Bapak Ireng schrieb am Montag, 25. März 2024 um 16:32:33 UTC+1:

> i tried sudo /usr/libexec/initial-setup/initial-setup-graphical
>
> and the following is the output / result:
>
>
>
>
> i tried to sent pictures, but google did not let me sent them. Sh
>
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f09b820-5a8d-4ba3-804a-142aa513f828n%40googlegroups.com.

Re: [qubes-users] Configure Network Qubes 4.2

['Bapak Ireng' via qubes-users]

i tried sudo /usr/libexec/initial-setup/initial-setup-graphical

and the following is the output / result:




i tried to sent pictures, but google did not let me sent them. Sh






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af6316e9-b3a7-461a-9fac-2ff5bd66f324n%40googlegroups.com.

Re: [qubes-users] Configure Network Qubes 4.2

['haaber' via qubes-users]

Hi, after successfully installing Qubes 4.2 i am left all alone to
configure network (internet) Access.


I appreciate it very much if somebody could guide me to the right options.


The question is so vague, no one can reasonably answer it.

Does sys-net start on boot?

Does it have access to the hardware (qubes settings -> devices tab)?

Do we talk about ethernet / wireless? If wireless, are the needed
drivers in your sys-net linux distri?


and so forth

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/358c320a-15dd-4fd4-8486-b1c5c973d5a0%40web.de.

[qubes-users] Configure Network Qubes 4.2

['Bapak Ireng' via qubes-users]

Hi, after successfully installing Qubes 4.2 i am left all alone to 
configure network (internet) Access. 

I appreciate it very much if somebody could guide me to the right options.

Best regards, Bapak Hitam

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e187f48-3bc5-4153-9703-fdb84bc38f1bn%40googlegroups.com.

Re: [qubes-users] Re: Qubes 4.2: Attach usb audio device to appvm

['Rune Philosof' via qubes-users]

It was not fixed...
Apparently just an example of how random it is.
It was working for an hour or so. Now it is back to mic not working, just
sending out that beep beep sound.

On Wed, Mar 20, 2024 at 9:16 AM 'Rune Philosof' via qubes-users <
qubes-users@googlegroups.com> wrote:

> Installing a new template fixed it.
> I installed fedora-39 and switched to it.
>
> The old template had been upgraded in-place several times, back from
> fedora-36, I think.
> Maybe something is missing in the upgrade from 4.1 to 4.2, or in the
> instructions on how to upgrade existing templates to 4.2.
>
>
> On Wednesday, March 20, 2024 at 8:17:25 AM UTC+1 Rune Philosof wrote:
>
>> Now it is more consistent in how it is not working.
>> Audio output is connected properly.
>> But microphone is still not working. It does not capture any sound from
>> the microphone, but it does repeat a ticking sound. I have attached a 3
>> second recording of the ticking sound.
>>
>> I have not changed any audio settings.
>> I have tested with two different usb soundcards.
>> It worked in Qubes 4.1.
>>
>> I wonder what has changed in the audio setup from Qubes 4.1 to 4.2.
>>
>> On Thursday, February 29, 2024 at 12:23:30 PM UTC+1 Rune Philosof wrote:
>>
>>> After upgrading to 4.2 my audio device does not work.
>>>
>>> I plug in a usb audio device, then attach that usb device to an appvm
>>> and try to use it in e.g. meet.google.com.
>>> For some reason it only works for the audio microphone or the speaker,
>>> not both.
>>> Example:
>>> 1. I attach the usb device to the appvm.
>>> 2. meet.google.com automatically switches to the new microphone, but I
>>> cannot hear anything and the speaker list does not show the usb device.
>>> 3. I then detach from the appvm and reattach the usb device to the same
>>> appvm.
>>> 4. meet.google.com does not show the usb device in the list of
>>> microphones. but somehow the "default" speaker now outputs through the usb
>>> device.
>>>
>>> In 4.1 it would either work for both mic and speaker or for none.
>>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/NDRrrYrLkpQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/f66bbd6a-ad20-4c30-a005-32bad82c8282n%40googlegroups.com
> <https://groups.google.com/d/msgid/qubes-users/f66bbd6a-ad20-4c30-a005-32bad82c8282n%40googlegroups.com?utm_medium=email_source=footer>
> .
>


-- 
Med venlig hilsen / Best regards

Rune Philosof
Software developer

+45 28 45 64 08
r...@abtion.com


Vesterbrogade 15, 3
1620 København V

Sverigesgade 18
5000 Odense C

https://abtion.com

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAL8J5gaHuuvugFkwSEOTc6n2VnfzE0U-1yngaFu3zxqBAn2aZg%40mail.gmail.com.

Re: [qubes-users] Inconsistency between `qvm-template list` and `qvm-template-gui`

['unman' via qubes-users]

Without seeing the screenshot, I think I know the issue.
They are from the same repository.
qvm-template lists *all* the template in the repo, whereas
qvm-template-gui filters to only show the most recent supported
versions.
-- 
I never presume to speak for the Qubes team.  
When I comment in the mailing lists I speak for myself.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Zfq6MxZ7JMd5HZqM%40thirdeyesecurity.org.

[qubes-users] Re: Qubes 4.2: Attach usb audio device to appvm

['Rune Philosof' via qubes-users]

Installing a new template fixed it.
I installed fedora-39 and switched to it.

The old template had been upgraded in-place several times, back from 
fedora-36, I think.
Maybe something is missing in the upgrade from 4.1 to 4.2, or in the 
instructions on how to upgrade existing templates to 4.2.


On Wednesday, March 20, 2024 at 8:17:25 AM UTC+1 Rune Philosof wrote:

> Now it is more consistent in how it is not working.
> Audio output is connected properly.
> But microphone is still not working. It does not capture any sound from 
> the microphone, but it does repeat a ticking sound. I have attached a 3 
> second recording of the ticking sound.
>
> I have not changed any audio settings.
> I have tested with two different usb soundcards.
> It worked in Qubes 4.1.
>
> I wonder what has changed in the audio setup from Qubes 4.1 to 4.2.
>
> On Thursday, February 29, 2024 at 12:23:30 PM UTC+1 Rune Philosof wrote:
>
>> After upgrading to 4.2 my audio device does not work.
>>
>> I plug in a usb audio device, then attach that usb device to an appvm and 
>> try to use it in e.g. meet.google.com.
>> For some reason it only works for the audio microphone or the speaker, 
>> not both.
>> Example:
>> 1. I attach the usb device to the appvm.
>> 2. meet.google.com automatically switches to the new microphone, but I 
>> cannot hear anything and the speaker list does not show the usb device.
>> 3. I then detach from the appvm and reattach the usb device to the same 
>> appvm.
>> 4. meet.google.com does not show the usb device in the list of 
>> microphones. but somehow the "default" speaker now outputs through the usb 
>> device.
>>
>> In 4.1 it would either work for both mic and speaker or for none.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f66bbd6a-ad20-4c30-a005-32bad82c8282n%40googlegroups.com.

Re: [qubes-users] Windows 10 and Qubes OS Dualboot

['Marcelo' via qubes-users]

Hi one7two99,

I have Qubes and Linux already installed in different partitions in legacy 
mode and both work fine. Now I need to install windows 10 (to run Fusion 
360 for personal use). I don't want to install it as a qube as my hardware 
is not very powerful. I don't need Bitlocker. Could you please help? All 
info I've found is for installing qubes after windows.

Thanks
Regards

Marcelo

On Monday 27 January 2020 at 18:38:02 UTC-3 one7two99 wrote:

> Hello Maria,
>
> Yes it is perfectly possible to run Windows 10 and Qubes in a dual boot 
> environment.
>
> I have spent several hours when I was researching how to put everything 
> together but mainly because I wanted to have the following setup:
>
> - CoreBoot
>
> - Dualboot with Windows 10 and Qubes
>
> - Bitlocker Encryption (to be compliant to my corporate standards)
>
>
> As I often spent some time to get everything working like I want it to 
> be, I keep notes and those might also be a good starting point for you:
>
>
> https://github.com/one7two99/my-qubes/blob/master/docs/coreboot/howto-dualboot-qubes-win-coreboot-bitlocker.md
>
> If you need further help, do not hesitate to contact, I can also 
> translate my notes to english, if it will help you.
>
>
> Regarding a Laptop for Qubes I can and will always suggest the Lenovo 
> Thinkpad X230 with 16 GB RAM and a SSD. It is working perfect with 
> Qubes, can be Coreboot'ed and you can also plugin a LTE-card which will 
> also work great with Qubes.
>
> - one7two99
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f816b64-3140-43b4-bd80-8f7cb71e2d75n%40googlegroups.com.

Re: [qubes-users] HCL - Beelink SER5 Ryzen 7 5800H AMD Integrated Graphics (RX Vega 8)

['bozoslivehere' via qubes-users]

Suspend works
On Monday, March 4th, 2024 at 2:33 PM, 'bozoslivehere' via qubes-users 
 wrote:

> ---layout:
>   'hcl'
> type:
>   'Mini PC'
> hvm:
>   'yes'
> iommu:
>   'yes'
> slat:
>   'yes'
> tpm:
>   '2.0'
> remap:
>   'yes'
> brand: |
>   AZW
> model: |
>   SER
> bios: |
>   5800H603
> cpu: |
>   AMD Ryzen 7 5800H with Radeon Graphics
> cpu-short: |
>   FIXME
> chipset: |
>   Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex [1022:1630]
> chipset-short: |
>   FIXME
> gpu: |
>   Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon 
> Vega Mobile Series] [1002:1638] (rev c5) (prog-if 00 [VGA controller])
> gpu-short: |
>   FIXME
> network: |
>   Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit 
> Ethernet Controller [10ec:8168] (rev 15)
>   Intel Corporation Wi-Fi 6 AX200 [8086:2723] (rev 1a)
> memory: |
>   29618
> scsi: |
> 

> usb: |
>   4
> certified:
>   'no'
> versions:
>   - works:
>       'FIXME:yes|no|partial'
>     qubes: |
>       R4.2.0
>     xen: |
>       4.17.2
>     kernel: |
>       6.1.62-1
>     remark: |
>       FIXME
>     credit: |
>       FIXAUTHOR
>     link: |
>       FIXLINK
> 

> 

> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/gbc92TxqDjODOV7Paes3zsLMjLiaQ1rTcC9qg6bK8k8PKyQ3bxOJLrli4QgnVJ6mOzSAoUHRRgCGgNXlqzVtn0QP_FRvRUY0SWZMPhM78i4%3D%40protonmail.com.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EGB9Fy7Bx8dUd9xqNv11QMV4_1IZ0NgwuH5bxjWQJcyhD3ANVb1h-sTcc71pImk-bFxiVeEzsc53_bwRYcys2wW79tI-MdkY96T-M4p1YhE%3D%40protonmail.com.


publickey - bozoslivehere@protonmail.com - 0x25C30629.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

[qubes-users] HCL - Beelink SER5 Ryzen 7 5800H AMD Integrated Graphics (RX Vega 8)

['bozoslivehere' via qubes-users]

---layout:
  'hcl'
type:
  'Mini PC'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  '2.0'
remap:
  'yes'
brand: |
  AZW
model: |
  SER
bios: |
  5800H603
cpu: |
  AMD Ryzen 7 5800H with Radeon Graphics
cpu-short: |
  FIXME
chipset: |
  Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex [1022:1630]
chipset-short: |
  FIXME
gpu: |
  Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon 
Vega Mobile Series] [1002:1638] (rev c5) (prog-if 00 [VGA controller])
gpu-short: |
  FIXME
network: |
  Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit 
Ethernet Controller [10ec:8168] (rev 15)
  Intel Corporation Wi-Fi 6 AX200 [8086:2723] (rev 1a)
memory: |
  29618
scsi: |

usb: |
  4
certified:
  'no'
versions:
  - works:
      'FIXME:yes|no|partial'
    qubes: |
      R4.2.0
    xen: |
      4.17.2
    kernel: |
      6.1.62-1
    remark: |
      FIXME
    credit: |
      FIXAUTHOR
    link: |
      FIXLINK

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/gbc92TxqDjODOV7Paes3zsLMjLiaQ1rTcC9qg6bK8k8PKyQ3bxOJLrli4QgnVJ6mOzSAoUHRRgCGgNXlqzVtn0QP_FRvRUY0SWZMPhM78i4%3D%40protonmail.com.


Qubes-HCL-AZW-SER-20240302-173628.yml
Description: application/yaml


publickey - bozoslivehere@protonmail.com - 0x25C30629.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Ethernet socket device not available in Network Connections

['unman' via qubes-users]

[quote] 
my sys-net is also sys-usb because I used the USB ethernet adapter so I
think this is the problem but I don't know how to fix.
[/quote]
I doubt that this is the problem.
Have you assigned the device to sys-net in the "devices" tab of sys-net
settings.
When sys-net boots up, can you run `sudo journalctl -b ` in sys-net and look for
any entries relating to networking devices.
It may be that you need specific drivers for the NIC, so knowing what it
is would be a help.

-- 
I never presume to speak for the Qubes team.  
When I comment in the mailing lists I speak for myself.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZeO5oqfRsyO49pVY%40thirdeyesecurity.org.

[qubes-users] Qubes 4.2: Attach usb audio device to appvm

['Rune Philosof' via qubes-users]

After upgrading to 4.2 my audio device does not work.

I plug in a usb audio device, then attach that usb device to an appvm and 
try to use it in e.g. meet.google.com.
For some reason it only works for the audio microphone or the speaker, not 
both.
Example:
1. I attach the usb device to the appvm.
2. meet.google.com automatically switches to the new microphone, but I 
cannot hear anything and the speaker list does not show the usb device.
3. I then detach from the appvm and reattach the usb device to the same 
appvm.
4. meet.google.com does not show the usb device in the list of microphones. 
but somehow the "default" speaker now outputs through the usb device.

In 4.1 it would either work for both mic and speaker or for none.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bff4746d-a10d-482a-a913-dc82cf5e1ab6n%40googlegroups.com.

[qubes-users] [Qubes 4.1] issue with thunderbird after recent debian update

['haaber' via qubes-users]

Hi,

since a recent update, thunderbird throws artefacts on xfce screen
(parts of its menu), that spawn virtual screen, survive log off & on
again, but disappear if VM is closed. And re-appear when thunderbird is
restarted. Very annoying! Am I alone with this type of glitch?


Thanks, best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fd0bfee-864c-4c14-a6d6-7200144fe994%40web.de.

Re: [qubes-users] issue with URL handler in Thunderbird: started VM receives truncated URL

['Skyler Ferris' via qubes-users]

[quote="Ulrich_Windl1, post:8, topic:24602"]
I kind of disagree: When passing the URL as "$1", it is passed as one 
single parameter. The user cannot be expected to know to how much more 
levels of shell script the parameter will be passed to, so any deeper 
layers have to keep the single parameter. That is: Every layer of shell 
script may not remove one level of quotes. Anything else is just an 
unreliable mess IMHO.
[/quote]

I want to make sure we're on the same page about exactly why the quotes 
are removed, because it sounds like you're attributing this to 
`qvm-run-vm`, when in fact it is the bash invocation in the script itself.

When bash (as in, the instance of bash spawned by the `#!/bin/bash` at 
the top of the `run-vm-firefox` script) reads the line `qvm-run-vm 
'$dispvm' /bin/firefox "$1"`, it interprets the quotes to mean "this is 
one single argument and the quotations are not a part of that argument". 
So the script does not send the quotation marks to `qvm-run-vm`. It 
could quote all arguments automatically and there are good 
justifications for doing so but it would not be a strict improvement. 
For example, even with double quotes globbing is disabled and some 
callers might want to use this feature.

[quote="Demi, post:7, topic:24602"]
I suggest escaping single quotes in the $1 and adding a "--" before it.
This prevents command injection attacks via a malicious URL.

So the result might be

```bash
#!/bin/bash --
exec qvm-run-vm @dispvm /bin/firefox -- "'${1//\'/\'\\\'\'}'"
```
[/quote]

I believe this is a script improvement. The URL is not trusted data and 
these safeguards do not have an impact on valid inputs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed25f83c-7ca3-410a-84f0-e42baba56544%40protonmail.com.

Re: [qubes-users] issue with URL handler in Thunderbird: started VM receives truncated URL

['Skyler Ferris' via qubes-users]

Just realized I sent this as "reply" instead of "reply all". Sorry for 
the spam, Ulrich, but I want to make sure this is visible to others who 
might have a similar problem.

I think the problem is that the URL doesn't end up getting quoted on the 
other end. When this is sent:

[quote="Ulrich_Windl1, post:3, topic:24602"]
#!/bin/bash
qvm-run-vm '$dispvm' /bin/firefox "$1"
[/quote]

The VM will end up getting the URL value with no quotes, because the 
quotes in that script are only for the local bash interpreter, not sent 
to `qvm-run-vm`. The whole expression is quoted in the exec line, but 
bash will interpret the line so the ampersand causes a background 
process to start instead of being incorporated in the URL.

I'm not sure if this is a problem in `qvm-run-vm`. Some people might 
want to take advantage of the shell interpretation. And since the caller 
is able to run any arbitrary shell command anyway, problems like leaking 
environment variables aren't particularly relevant (they have permission 
to see that if they have permission to run arbitrary commands, and 
output is returned to the caller by design).

I would guess that updating the `run-vm-firefox` command to quote the 
URL within the double-quotes will fix it. [Also note that the `$` is 
deprecated, as described in this 
article](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/#security-in-symbols).
 
The new symbol is `@`; I have only used in in policy files, but I assume 
that it will work here too so long as you are running 4.1 or newer. So 
the new file would look like this:

```bash
#!/bin/bash
qvm-run-vm '@dispvm' /bin/firefox "'$1'"
```

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bbcc208-8883-46c9-befe-788ed663553c%40protonmail.com.

Re: [qubes-users] issue with URL handler in Thunderbird: started VM receives truncated URL

['Stuart Perkins' via qubes-users]

On Thu, 22 Feb 2024 22:19:21 +0100
Ulrich Windl  wrote:

>On 2/22/24 22:15, Ulrich Windl wrote:
>> On 2/22/24 21:54, 'Stuart Perkins' via qubes-users wrote:  
>>>
>>> On Thu, 22 Feb 2024 21:25:18 +0100
>>> Ulrich Windl  wrote:
>>>  
>>>> Hi!
>>>>
>>>>
>>>> I managed to configure Thunderbird to run any links via a DVM. However
>>>> today I realized that URLs with parameters are truncated (Qubes-OS 4.2)
>>>> after the first parameter it seem.
>>>>
>>>> For example I have the URL
>>>> ../viewtopic.php?f=21=196913=1023049=1023049
>>>>
>>>> When I view it in Firefox, the URL bar has only .../viewtopic.php?f=21
>>>>
>>>> Unfortunately I have no idea how to debug or fix that.
>>>>
>>>>
>>>> Kind regards,
>>>>
>>>> Ulrich
>>>>  
>>> Easy work around. Setup your "default browser" to be "open in vm".
>>>  
>> I'm confused: The URL _is_ opened in a VM; the issue is that the URL 
>> being passed in truncated after the first parameter it seems.
>>
>> https and https content type is redirected to a "run-vm-firefox" that 
>> contains:
>>
>> #!/bin/bash
>> qvm-run-vm '$dispvm' /bin/firefox "$1"
>>
>> I would guess that qvm-run-vm has a quoting problem.
>>
>>
>> I see that qvm-run-vm passes the parameter correctly to 
>> /usr/lib/qubes/qrun-in-vm.
>>
>> I don't know python, but these lines seems to have a problem:
>>
>> cmd = ' '.join(sys.argv[1:])
>> sys.stdout.write("exec bash -c '%s' || exit 127\n" % cmd.replace("'", 
>> "'\\''"))
>>  
>
>Here's my test result:
>
>$ sh -x /usr/bin/qvm-run-vm @dispvm 
>"../viewtopic.php?f=21=196913=1023049=1023049"
>+ getopt -o htd --long help,no-gui,dispvm -n /usr/bin/qvm-run-vm -- 
>@dispvm ../viewtopic.php?f=21=196913=1023049=1023049
>+ OPTS= -- '@dispvm' '../viewtopic.php?f=21=196913=1023049=1023049'
>+ eval set --  -- '@dispvm' 
>'../viewtopic.php?f=21=196913=1023049=1023049'
>+ set -- -- @dispvm ../viewtopic.php?f=21=196913=1023049=1023049
>+ [ 3 -gt 0 ]
>+ shift
>+ break
>+ [  != 1 ]
>+ [ 2 -lt 2 ]
>+ [  = 1 ]
>+ [  != 1 ]
>+ VMNAME=@dispvm
>+ shift
>+ service=qubes.VMShell
>+ [  != 1 ]
>+ service=qubes.VMShell+WaitForSession
>+ exec /usr/lib/qubes/qrexec-client-vm @dispvm 
>qubes.VMShell+WaitForSession /usr/lib/qubes/qrun-in-vm 
>./viewtopic.php?f=21=196913=1023049=1023049
>bash: line 1: ../viewtopic.php?f=21: No such file or directory
>

Presuming xfce4...

bash-5.2# pwd
/home/user/.config
bash-5.2# cat mimeapps.list
[Default Applications]
text/html=qvm-open-in-dvm.desktop
x-scheme-handler/http=qvm-open-in-dvm.desktop
x-scheme-handler/https=qvm-open-in-dvm.desktop
x-scheme-handler/about=qvm-open-in-dvm.desktop
x-scheme-handler/unknown=qvm-open-in-dvm.desktop
application/pdf=org.gnome.Evince.desktop
application/sql=org.gnome.TextEditor.desktop

[Added Associations]
text/plain=org.gnome.gedit.desktop;
application/pdf=gimp.desktop;pdfmod.desktop;org.gnome.Evince.desktop;
image/jpeg=gimp.desktop;display-im6.q16.desktop;
image/png=gimp.desktop;
application/sql=org.gnome.TextEditor.desktop;
bash-5.2# 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20240222174150.235b3f21%40yahoo.com.

Re: [qubes-users] issue with URL handler in Thunderbird: started VM receives truncated URL

['Stuart Perkins' via qubes-users]

On Thu, 22 Feb 2024 21:25:18 +0100
Ulrich Windl  wrote:

>Hi!
>
>
>I managed to configure Thunderbird to run any links via a DVM. However 
>today I realized that URLs with parameters are truncated (Qubes-OS 4.2) 
>after the first parameter it seem.
>
>For example I have the URL 
>../viewtopic.php?f=21=196913=1023049=1023049
>
>When I view it in Firefox, the URL bar has only .../viewtopic.php?f=21
>
>Unfortunately I have no idea how to debug or fix that.
>
>
>Kind regards,
>
>Ulrich
>

Easy work around. Setup your "default browser" to be "open in vm".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20240222155458.67e22852%40yahoo.com.

[qubes-users] Qubes OS 4.2: no more access to local ports?

[nonsense via qubes-users]

I have for years done my development work using dedicated AppVMs that run 
podman (https://podman.io/) containers based on images from bioconductor 
(https://bioconductor.org/help/docker/) for project isolation and 
reproducibility - images are pushed on a per project basis into the registry of 
the gitlab instance I use.

The containers run a server instance of posit's RStudio IDE 
(https://posit.co/products/open-source/rstudio-server) and are started mapping 
a local (AppVM) port to the corresponding container port (8787, both). In the 
AppVM, a browser is then pointed at localhost:8787 to access the IDE and work 
in the container.

After upgrading to QubesOS 4.2 I appear no longer able to operate like that. 
Containers start just fine, but the browser cannot connect to the IDE.
Is this a result of the new firewall engine? How to fix it? How to debug?

Thank you for any pointers?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CEFA1A9C-2A3A-4580-98C2-801DEDB93A52%40graumannschaft.org.

Re: [qubes-users] Need help after a failed in-place upgrade attempt

['haaber' via qubes-users]

Hi



Am Sa., 17. Feb. 2024 um 08:10 Uhr schrieb 'haaber' via
qubes-users :

Hi
> I tried to upgrade my Qubes OS system from 4.1.2 to 4.2.0
using the
> "qubes-dist-upgrade" script.
...
>
OK, I am not an expert on THIS question. Some general remarks: the
network card seems to work, right? So you need to check where
the chain
breaks.

- go to sys-net (open terminal via widget) type ping 8.8.8.8
and see if
you come out


Working.

- go to sys-firewall (terminal via widget) and do the same.


Working as well.

if these two work, and an app-vm has no network, its config
got lost.
Look at network settings of the corresponding appVM. It should be
sys-firewall in std setting, apart anon-whonix, of corse which
uses
sys-whonix.


 Not working. - I changed the settings from "default
(sys-firewall) (current)" to "sys-firewall" in one App-VM ...

An additional / new info is, that an update check for 'dom0' does
no longer work !



all updates go via tor network (sys-whonix) by default. You could click
on the blue qube widget -> sys-wonix -> run terminal and see if
sys-whonix has network. But I guess not. Here is why:

https://www.qubes-os.org/doc/firewall/

I wild-guess that you are in a "half-state" where one part of the system
expects iptables, another one nftables ...

Did you download / start to download new (debian/fedora) Templates or
are they the "old" ones?



I did not see any other user jump to your help, and I am not good enough
to fix that alone for you. So honestly, at your place I would

(1) backup data (again)

(2) extract the list of manually installed packages in each of your
templates and stock them on your backup drive

    ("apt-mark showmanual > manual.packages.list" in a terminal is your
friend, no root priv needed)

(3) re-install a clean 4.2

(4) replay your manual installs of packages in your templates:

    "cat  manual.packages.list | apt-get install  " or something of
this type should work (run as root)

(5) restore your data.

It's a pain and takes half a day, but I fear that it is, at the end of
the day,  faster than any other solution...

good luck!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a7ff17d0-029c-4c48-a0d2-7dc271c32b7c%40web.de.

Re: [qubes-users] Need help after a failed in-place upgrade attempt

['haaber' via qubes-users]

Hi

I tried to upgrade my Qubes OS system from 4.1.2 to 4.2.0 using the
"qubes-dist-upgrade" script.

The upgrade failed - and - now the system is in a 'weird' state.

None of the Fedora- or Debian-based VM have 'external / public'
network access anymore.

The 'anon-whonix' VM however still does have 'external / public'
network access - and - the update of templates through the Qubes
Updater is also still working ...


OK, I am not an expert on THIS question. Some general remarks: the
network card seems to work, right? So you need to check where the chain
breaks.

- go to sys-net (open terminal via widget) type ping 8.8.8.8 and see if
you come out

- go to sys-firewall (terminal via widget) and do the same.

if these two work, and an app-vm has no network, its config got lost.
Look at network settings of the corresponding appVM. It should be
sys-firewall in std setting, apart anon-whonix, of corse which uses
sys-whonix.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42cd7c79-7c3c-41b1-bc8c-cf504952201a%40web.de.

Re: [qubes-users] Updating fedora-38: "b'warning: runaway fork() in Lua script\n'"

['mov' via qubes-users]

On Friday, February 16th, 2024 at 6:32 PM, Ulrich Windl  
wrote:

> 
> 
> Hi!
> 
> 
> I saw these messages when upading fedora-38 today. I didn't run QuebesOS
> for a while, so there were a lot of updates, but "runaway fork()"
> worries me a bit...

I've seen these messages too, during updates, for what it's worth - I also 
don't know what they're about.

- mov

> 
> 
> Kind regards,
> 
> Ulrich
> 
> ---
> 
> Updating fedora-38
> b'warning: runaway fork() in Lua script\n'
> b'warning: runaway fork() in Lua script\n'
> b'warning: runaway fork() in Lua script\n'
> b'warning: runaway fork() in Lua script\n'
> b'warning: runaway fork() in Lua script\n'
> b'Generating grub configuration file ...\nFound linux image:
> /boot/vmlinuz-6.6.11-100.fc38.x86_64\nFound initrd image:
> /boot/initramfs-6.6.11-100.fc38.x86_64.img\nfgrep: warning: fgrep is
> obsolescent; using grep -F\nFound linux image:
> /boot/vmlinuz-6.6.9-100.fc38.x86_64\nFound initrd image:
> /boot/initramfs-6.6.9-100.fc38.x86_64.img\nfgrep: warning: fgrep is
> obsolescent; using grep -F\nFound linux image:
> /boot/vmlinuz-6.6.11-100.fc38.x86_64\nFound initrd image:
> /boot/initramfs-6.6.11-100.fc38.x86_64.img\nfgrep: warning: fgrep is
> obsolescent; using grep -F\nFound linux image:
> /boot/vmlinuz-6.6.9-100.fc38.x86_64\nFound initrd image:
> /boot/initramfs-6.6.9-100.fc38.x86_64.img\nfgrep: warning: fgrep is
> obsolescent; using grep -F\nfgrep: warning: fgrep is obsolescent; using
> grep -F\nAdding boot menu entry for UEFI Firmware Settings ...\ndone\n'
> b'warning: runaway fork() in Lua script\n'
> b'warning: runaway fork() in Lua script\n'
> b'warning: runaway fork() in Lua script\n'
> b'warning: runaway fork() in Lua script\n'
> 
> Installed packages:
> cirrus-audio-firmware ['202401152.fc38']
> intel-audio-firmware ['202401152.fc38']
> nxpwireless-firmware ['202401152.fc38']
> tiwilink-firmware ['202401152.fc38']
> Updated packages:
> kernel-modules-core 6.6.8100.fc38', '6.6.9100.fc38', '6.6.11100.fc38 ->
> 
> 6.6.9100.fc38', '6.6.11100.fc38', '6.7.4100.fc38
> kernel-core 6.6.8100.fc38', '6.6.9100.fc38', '6.6.11100.fc38 ->
> 
> 6.6.9100.fc38', '6.6.11100.fc38', '6.7.4100.fc38
> kernel-modules 6.6.8100.fc38', '6.6.9100.fc38', '6.6.11100.fc38 ->
> 
> 6.6.9100.fc38', '6.6.11100.fc38', '6.7.4100.fc38
> kernel 6.6.8100.fc38', '6.6.9100.fc38', '6.6.11100.fc38 ->
> 
> 6.6.9100.fc38', '6.6.11100.fc38', '6.7.4100.fc38
> linux-firmware-whence 202312111.fc38 -> 202401152.fc38
> 
> xorg-x11-server-common 1.20.1428.fc38 -> 1.20.1429.fc38
> 
> xen-licenses 4.17.25.fc38 -> 4.17.26.fc38
> 
> amd-gpu-firmware 202312111.fc38 -> 202401152.fc38
> 
> amd-ucode-firmware 202312111.fc38 -> 202401152.fc38
> 
> atheros-firmware 202312111.fc38 -> 202401152.fc38
> 
> brcmfmac-firmware 202312111.fc38 -> 202401152.fc38
> 
> intel-gpu-firmware 202312111.fc38 -> 202401152.fc38
> 
> mt7xxx-firmware 202312111.fc38 -> 202401152.fc38
> 
> nvidia-gpu-firmware 202312111.fc38 -> 202401152.fc38
> 
> realtek-firmware 202312111.fc38 -> 202401152.fc38
> 
> linux-firmware 202312111.fc38 -> 202401152.fc38
> 
> python3-dnf-plugins-qubes-hooks 4.2.271.fc38 -> 4.2.281.fc38
> 
> vim-filesystem 9.1.0311.fc38 -> 9.1.0762.fc38
> 
> vim-data 9.1.0311.fc38 -> 9.1.0762.fc38
> 
> tzdata 2023d1.fc38 -> 2024a1.fc38
> 
> perl-Module-CoreList 5.202312301.fc38 -> 5.202401291.fc38
> 
> ncurses-base 6.43.20230114.fc38 -> 6.47.20230520.fc38
> 
> glibc-gconv-extra 2.3716.fc38 -> 2.3718.fc38
> 
> ncurses-libs 6.43.20230114.fc38 -> 6.47.20230520.fc38
> 
> glibc 2.3716.fc38 -> 2.3718.fc38
> 
> bash 5.2.211.fc38 -> 5.2.261.fc38
> 
> glibc-common 2.3716.fc38 -> 2.3718.fc38
> 
> glibc-langpack-en 2.3716.fc38 -> 2.3718.fc38
> 
> systemd-libs 253.141.fc38 -> 253.152.fc38
> 
> gstreamer1 1.22.81.fc38 -> 1.22.91.fc38
> 
> alsa-lib 1.2.102.fc38 -> 1.2.112.fc38
> 
> grub2-common 2.06108.fc38 -> 2.06114.fc38
> 
> libdrm 2.4.1171.fc38 -> 2.4.1201.fc38
> 
> gstreamer1-plugins-base 1.22.81.fc38 -> 1.22.91.fc38
> 
> gstreamer1-plugins-good 1.22.81.fc38 -> 1.22.91.fc38
> 
> gstreamer1-plugins-good-qt 1.22.81.fc38 -> 1.22.91.fc38
> 
> gstreamer1-plugins-bad-free-libs 1.22.83.fc38 -> 1.22.91.fc38
> 
> audit-libs 3.1.25.fc38 -> 3.1.28.fc38
> 
> at-spi2-core 2.48.31.fc38 -> 2.48.41.fc38
> 
> atk 2.48.31.fc38 -> 2.48.41.fc38
> 
> libidn2 2.3.42.fc38 -> 2.3.71.fc38
> 
> systemd-networkd 253.141.fc38 -> 253.152.fc38
> 
> systemd-pam 253.141.fc38 -> 253.152.fc38
> 
> systemd-resolved

Re: [qubes-users] time sync dysfunctional

['haaber' via qubes-users]

Dear unman & qubes -community,


I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

   [INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard


Hi Bernhard
My first thought was that this  is a Whonix issue, but the fact that
`date` has the same 3 min offset speaks against that.
Let me get to a 4.1 box and I will see if I can help.
Do you have locales set differently in qube from in dom0?
What timezone is set in dom0?
What in the qube?
What in your Whonix gateway?


things are even more funny (or not) since sys-whonix itself displays the
correct time! The widget & other app-VM's are off by 3-4 minutes
constantly.

that is very confusing ...  best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3a00d4f-0c24-49ee-853c-5c9cf6df5a45%40web.de.

Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy

['Rusty Bird' via qubes-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Boryeu Mao:
> > For R4.1.2 I had some RPC calls with + and - characters in the file 
> > name.  These are considered as invalid characters to be part of service 
> > names in the new qrexec policy format (e.g. in 
> > /etc/qubes/policy.d/30-user.policy).  Using wild card * works, but I 
> > wonder if there is any way to keep these characters in explicitly 
> > specifying the calls.

> Correction - only + is considered as invalid character.

Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz
actually specified the policy for a qrexec service named 'foo' called
with one argument 'bar+baz'. 

(Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a
specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if
that doesn't exist /etc/qubes-rpc/foo for a general implementation.
That is still the same in R4.2.)

In the new policy format this would be written as a line starting with

foo +bar+baz

Note the whitespace before the first '+' character, which makes it a
little bit clearer what's going on.

Rusty
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0
QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv
Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b
377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ
JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX
Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4
kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK
Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv
Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri
jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD
rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ
4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN
7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0=
=hsTB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZctpKVnrYXENkrU3%40mutt.

Re: [qubes-users] time sync dysfunctional

['haaber' via qubes-users]

Hi Unman

I reply inline below.


On 2/6/24 11:45, 'haaber' via qubes-users wrote:

Hi,

I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

   [INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard


Hi Bernhard
My first thought was that this  is a Whonix issue, but the fact that
`date` has the same 3 min offset speaks against that.
Let me get to a 4.1 box and I will see if I can help.
Do you have locales set differently in qube from in dom0?
What timezone is set in dom0?

CET (UTC +1:00) according to timedatectl

What in the qube?

same, CET (UTC + 1:00)

What in your Whonix gateway?


the whonix netvm- is sys-whonix who connects to sys-firewall and finally
sys-net (classic setup). Was that your question? Whonix is still
whonix-16 (I know ..)


thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac592d47-fe37-4e4e-a47e-bc627bf694ab%40web.de.

Re: [qubes-users] time sync dysfunctional

['unman' via qubes-users]

On Tue, Feb 06, 2024 at 01:08:09PM +0100, 'haaber' via qubes-users wrote:
> addendum: if I run "date" in a client VM it will give the right
> timezone, but still has 3min of delay..
> 
> On 2/6/24 11:45, 'haaber' via qubes-users wrote:
> > Hi,
> > 
> > I am still on Q4.1 (no time to do a full install now). Since a few days,
> > my time ran large out of sync, despite the swdate displaying normal
> > functioning. I rebooted, I restarted swdate. Its log says:
> > 
> >   [INFO] date output: 10:44:44
> > 
> > (which is London time, but otherwise correct), my set-to-Berlin-time
> > clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
> > I'd guess a user-malconfig, but 3min ??
> > 
> > do you have some hints on that?
> > 
> > Thank you, Bernhard
> > 
Hi Bernhard
My first thought was that this  is a Whonix issue, but the fact that
`date` has the same 3 min offset speaks against that.
Let me get to a 4.1 box and I will see if I can help.
Do you have locales set differently in qube from in dom0?
What timezone is set in dom0?
What in the qube?
What in your Whonix gateway?

--
I never presume to speak for the Qubes team.  
When I comment in the mailing lists I speak for myself.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZcJOtWudrPFmk8qe%40thirdeyesecurity.org.

Re: [qubes-users] time sync dysfunctional

['haaber' via qubes-users]

addendum: if I run "date" in a client VM it will give the right
timezone, but still has 3min of delay..

On 2/6/24 11:45, 'haaber' via qubes-users wrote:

Hi,

I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

  [INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7ad40dc-ff67-49e1-b4aa-5b1fecd92f1d%40web.de.

[qubes-users] time sync dysfunctional

['haaber' via qubes-users]

Hi,

I am still on Q4.1 (no time to do a full install now). Since a few days,
my time ran large out of sync, despite the swdate displaying normal
functioning. I rebooted, I restarted swdate. Its log says:

  [INFO] date output: 10:44:44

(which is London time, but otherwise correct), my set-to-Berlin-time
clock displays  10:42 which is 1h and 3min wrong. If it was 1h exactly,
I'd guess a user-malconfig, but 3min ??

do you have some hints on that?

Thank you, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85ce7c94-89e6-4d0e-af73-47538a29523b%40web.de.

[qubes-users] HCL Purism Librem mini V2 with Qubes 4.2

[code9n via qubes-users]

Hi,

HCL:

---
layout:
'hcl'
type:
'Desktop'
hvm:
'yes'
iommu:
'yes'
slat:
'yes'
tpm:
'no'
remap:
'yes'
brand: |
Purism
model: |
librem_mini_v2
bios: |
PureBoot-Release-20
cpu: |
Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
cpu-short: |
FIXME
chipset: |
Intel Corporation Comet Lake-U v1 4c Host Bridge/DRAM Controller [8086:9b61] 
(rev 0c)
chipset-short: |
FIXME
gpu: |
Intel Corporation CometLake-U GT2 [UHD Graphics] [8086:9b41] (rev 02) (prog-if 
00 [VGA controller])

gpu-short: |
FIXME
network: |
Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet 
Controller [10ec:8168] (rev 07)

memory: |
65410
scsi: |
Samsung SSD 870 Rev: 1B6Q
usb: |
1
certified:
'no'
versions:
- works:
'yes'
qubes: |
R4.2.0
xen: |
4.17.2
kernel: |
6.1.62-1
remark: |
Everything seems fine
credit: |
code9n
link: | FIXLINK

.cpio attached.

Thanks for 4.2
On Sunday, January 21st, 2024 at 09:45, qubes-users@googlegroups.com 
 wrote:

> [qubes-users@googlegroups.com](https://groups.google.com/forum/#!forum/qubes-users/topics)
> [Google Groups](https://groups.google.com/forum/#!overview) 
> https://groups.google.com/forum/#!overview
> [Today's topic summary]
> [View all topics](https://groups.google.com/forum/#!forum/qubes-users/topics)
>
> -  [problem with 4.2 rc5 installation source](#group_thread_0) - 1 Update
> []
> [problem with 4.2 rc5 installation 
> source](http://groups.google.com/group/qubes-users/t/2d918d15d2aebc4e)
> Kai : Jan 20 02:26PM -0800
>
> Thank you to everyone who has helped me in the last mails.
>
> I have finally decided to buy a NovaCustomes Laptop that is Qubes certified
> and as expected, that works very well with Qubes 4.2.
> [...more](http://groups.google.com/group/qubes-users/msg/1949463a81fdf)
>
> [Back to top](#digest_top)
>
> You received this digest because you're subscribed to updates for this group. 
> You can change your settings on the [group membership 
> page](https://groups.google.com/forum/#!forum/qubes-users/join).
> To unsubscribe from this group and stop receiving emails from it send an 
> email to qubes-users+unsubscr...@googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fD3uWIfDS2n70LKl7Fs9ECBCdjM1bf2gFtuqgn6TjFXN9jCajii2IL0iL4Qiw0qU9DYlHJoxp1j1wG2REIGn4PCumbrxgDriDBnjm8vHJHQ%3D%40protonmail.com.


Qubes-HCL-Purism-librem_mini_v2-20240121-180500.cpio.gz
Description: application/gzip

[qubes-users] LUKS and Yubikey in 4.2?

['Jeremy Hansen' via qubes-users]

Can a librem key or yubikey be used to unlock a LUKS filesystem at boot in 4.2? 
Wasn’t the issue previously related to dom0 being too old?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b67011fa-b4e1-4490-9e2c-88a4f3e9d550%40Canary.


signature.asc
Description: PGP signature

[qubes-users] HCL - ASUS Expertbook B9400CEA

['Greg Wojcieszczuk' via qubes-users]

---
layout:
  'hcl'
type:
  'Notebook'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  '2.0'
remap:
  'yes'
brand: |
  ASUSTeK COMPUTER INC.
model: |
  ASUS EXPERTBOOK B9400CEA_B9400CEA
bios: |
  B9400CEA.311
cpu: |
  11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation 11th Gen Core Processor Host Bridge/DRAM Registers 
[8086:9a14] (rev 01)

chipset-short: |
  FIXME
gpu: |
  Intel Corporation TigerLake-LP GT2 [Iris Xe Graphics] [8086:9a49] 
(rev 01) (prog-if 00 [VGA controller])


gpu-short: |
  FIXME
network: |
  Intel Corporation Wi-Fi 6 AX201 [8086:a0f0] (rev 20)
memory: |
  16073
scsi: |

usb: |
  3
certified:
  'no'
versions:
  - works:
  'FIXME:yes|no|partial'
    qubes: |
  R4.2.0
    xen: |
  4.17.2
    kernel: |
  6.1.62-1
    remark: |
  FIXME
    credit: |
  FIXAUTHOR
    link: |
  FIXLINK

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23095980-a277-4c7d-ae18-30ad97068448%40unixos.org.

Re: [qubes-users] Re: Qubes 4.2: qubes-tunnel not working after upgrade (cannot resolve hostname)

[r.wiesbach via qubes-users]

Hi,

Part of the answer may be that Q4.2 switched from iptables to nftables
and qubes-tunnel has not been adapted for this
(However I am not sure whether this holds for fedora38 templates that
were in-place upgrades from 4.1 to 4.2 or only for "native" 4.2
templates obtained from the server.):
https://forum.qubes-os.org/t/can-t-get-the-qubesos-contrib-qubes-tunnel-to-work-in-4-2/22054

Anyways, using the openvpn command directly results in the same "cannot
resolve" issue, even if qubes-tunnel service is not started.

So I created a new AppVM (as ProxyVMs and NetVMs cannot be selected in
Q4.2 "create Qube") that provides networking and followed Readme.md of
https://github.com/1cho1ce/Qubes-vpn-support/tree/replace-iptables-with-nftables
- I was asked for the credentials during install step and again during
the setup step

openvpn command and ping are successful now.

After following the steps, no "LINK IS UP" popup appears. There is no
service for any of the two names involved. Somewhere near the bottom of
readme.md I find that confusingly the service name is qubes-vpn-handler.

In its status I get: ExecStartPre=/usr/lib/qubes/qubes-vpn-setup
--check-firewall (code=exited, status=1/FAILURE)

If I run /usr/lib/qubes/qubes-vpn-setup --check-firewall
manually, no output is shown.

VPN troubleshooting still references iptables, which seems to not apply
for Q 4.2 anymore
https://www.qubes-os.org/doc/vpn-troubleshooting/

So what is wrong here? how can I make vpn leak-proof again with Qubes 4.2?

On 1/7/24 22:49, r.wiesbach via qubes-users wrote:


Hi,

The forum post does not use qubes-tunnel and I do not use wireguard
(but openVPN) - so I do not see how this post solves my issue?!

On 1/6/24 12:06, code9n wrote:

Hi,
  This is on the Forum:

https://forum.qubes-os.org/t/wireguard-vpn-setup/19141

cheers,

On Saturday 6 January 2024 at 00:16:40 UTC r.wie...@web.de wrote:

Hi there,

vpnVM and netVM both in-place upgrades from Q4.1 (and worked fine
there). Template is fedora 38.
NetVM is online, ping of vpn server hostname is fine within netVM.
Ping and dig do not work within vpnVM, but afair that is intended
(leak
prevention of qubes-tunnel)

I tried to restart qubes-tunnel servcie, tried to restart vpnVM.
tried
to disconnect and reconnect. I tried to reboot QubesOS.

Did something change between 4.1 and 4.2 regarding DNS handling?
Do I
need to configure a policy file or something?

Thanks

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d4f11ed1-dcfe-45ef-b318-49b7416a6801n%40googlegroups.com
<https://groups.google.com/d/msgid/qubes-users/d4f11ed1-dcfe-45ef-b318-49b7416a6801n%40googlegroups.com?utm_medium=email_source=footer>.

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e75483d0-c5bf-49c9-98e3-e1933d4fb320%40web.de
<https://groups.google.com/d/msgid/qubes-users/e75483d0-c5bf-49c9-98e3-e1933d4fb320%40web.de?utm_medium=email_source=footer>.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/585fcc3c-c02a-4b71-b46b-f468a6c70517%40web.de.

Re: [qubes-users] Re: Qubes 4.2: qubes-tunnel not working after upgrade (cannot resolve hostname)

[r.wiesbach via qubes-users]

Hi,

The forum post does not use qubes-tunnel and I do not use wireguard (but
openVPN) - so I do not see how this post solves my issue?!

On 1/6/24 12:06, code9n wrote:

Hi,
  This is on the Forum:

https://forum.qubes-os.org/t/wireguard-vpn-setup/19141

cheers,

On Saturday 6 January 2024 at 00:16:40 UTC r.wie...@web.de wrote:

Hi there,

vpnVM and netVM both in-place upgrades from Q4.1 (and worked fine
there). Template is fedora 38.
NetVM is online, ping of vpn server hostname is fine within netVM.
Ping and dig do not work within vpnVM, but afair that is intended
(leak
prevention of qubes-tunnel)

I tried to restart qubes-tunnel servcie, tried to restart vpnVM.
tried
to disconnect and reconnect. I tried to reboot QubesOS.

Did something change between 4.1 and 4.2 regarding DNS handling? Do I
need to configure a policy file or something?

Thanks

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d4f11ed1-dcfe-45ef-b318-49b7416a6801n%40googlegroups.com
<https://groups.google.com/d/msgid/qubes-users/d4f11ed1-dcfe-45ef-b318-49b7416a6801n%40googlegroups.com?utm_medium=email_source=footer>.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e75483d0-c5bf-49c9-98e3-e1933d4fb320%40web.de.

[qubes-users] Qubes 4.2: qubes-tunnel not working after upgrade (cannot resolve hostname)

[r.wiesbach via qubes-users]

Hi there,

vpnVM and netVM both in-place upgrades from Q4.1 (and worked fine
there). Template is fedora 38.
NetVM is online, ping of vpn server hostname is fine within netVM.
Ping and dig do not work within vpnVM, but afair that is intended (leak
prevention of qubes-tunnel)

I tried to restart qubes-tunnel servcie, tried to restart vpnVM. tried
to disconnect and reconnect. I tried to reboot QubesOS.

Did something change between 4.1 and 4.2 regarding DNS handling? Do I
need to configure a policy file or something?

Thanks

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d75ac64-7f10-4744-a5a4-39e80172793a%40web.de.

[qubes-users] HCL - Framework 13 AMD Ryzen 7840U

['Shigeru Kawaguchi' via qubes-users]

Major issue is that the touchpad does not work.Suspend/wake does work fine.Have not tested much beyond the above.Thanks.



-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3A7D27BC-14B4-4CF4-916D-EF6E2B0BF009%40lamb.org.


Qubes-HCL-Framework-Laptop_13__AMD_Ryzen_7040Series_-20231108-213610.yml
Description: application/yaml

Shigeru KAWAGUCHI LambEmail shig...@lamb.orgPhone +1-202-250-3811Mobile +1-202-949-0110Fax +1-202-380-3696Callsign KC3JNIGpg 6A28 3807 A60B FDB9 C67A FCDC 8B50 753B 28C6 4719 Address 12927 Kitchen House Way, Germantown, MD 20874 USAWebsite https://www.lamb.orgDeus vult ergo sumus If my people, among whome my Name is called vpon, do humble them felues, & praye, and feke my prefence, and turne from their wicked wayes, then wil I heare in heauen, and be merciful to their finne, and wil heale their land. – 2 Chronicles 7:14 [Geneva Bible 1560] The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. 





-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3A7D27BC-14B4-4CF4-916D-EF6E2B0BF009%40lamb.org.

[qubes-users] HCL - Lenovo ThinkPad T480

['Yanase Yuki' via qubes-users]

Most features works flawlessly.
I did not test suspend / sleep.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZTTv5cvsscEXj1AC%40localhost.
---
layout:
  'hcl'
type:
  'Notebook'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  '2.0'
remap:
  'yes'
brand: |
  LENOVO
model: |
  20L5CTO1WW
bios: |
  N24ET44W (1.19 )
cpu: |
  Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM 
Registers [8086:5914] (rev 08)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation UHD Graphics 620 [8086:5917] (rev 07) (prog-if 00 [VGA 
controller])
gpu-short: |
  FIXME
network: |
  Intel Corporation Ethernet Connection (4) I219-LM [8086:15d7] (rev 21)
  Intel Corporation Wireless 8265 / 8275 [8086:24fd] (rev 78)
memory: |
  32647
scsi: |
  CT1000MX500SSD1  Rev: 043 
usb: |
  1
certified:
  'no'
versions:
  - works:
  'FIXME:yes|no|partial'
qubes: |
  R4.2.0-rc4
xen: |
  4.17.2
kernel: |
  6.1.57-1
remark: |
  FIXME
credit: |
  FIXAUTHOR
link: |
  FIXLINK

Re: [qubes-users] Re: Issue with "Qubes release 4.2.0-rc3" | USB Installation Media not detected in UEFI BIOS

['Jarrah' via qubes-users]

I actually had a similar issue. It ended up being a BIOS that refused to 
detect rc3 is ISO format. Mounting the ISO and copying the files over to 
a FAT formatted USB got around the boot issue but the qubes installer 
doesn't see it's root partition then.


The working solution was to insert both the FAT formatted USB and the 
ISO one (just burned using DD). That way there's an EFI partition for 
the UEFI to boot and a proper Qubes USB for the installer to use. Not 
pretty, but it worked.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/acc6bbef-47be-4eb7-1d4c-5a2a93d77c25%40undef.tools.

[qubes-users] HCL - ThinkPad X1 Carbon Gen 10

[gluonium via qubes-users]

Works out of the box:
 - networking (usb2lan)
 - keyboard backlight
 - build-in bluetooth
 - sound  
 
 Works after tweaking:
 - sceen is flickering unless adding "i915.enable_psr=0" in  
/boot/efi/EFI/qubes/xen.cfg, more details: 
https://wiki.archlinux.org/title/intel_graphics#Screen_flickering
 - build-in wifi isn't working unless installing drivers in sys-net  e.g. 
from here: github.com/q3aql/drivers-linux-firmware
 
 Haven't managed to get it working:
 - sleep / suspend
 - build-in camera

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Nfl1cEf--B-9%40tuta.io.


Qubes-HCL-LENOVO-21CB00B9GE-20231002-163736.yml
Description: application/yaml

[qubes-users] slock issue

['justanotherquber' via qubes-users]

Hi guys,
I recently tried to switch from i3lock to slock, but when I run 'sudo ./slock' 
(it needs suid/sgid) I get this error:
slock: crypt: Invalid argument
I installed libxcrypt-compat, which slock needed.
It's supposed to be compatible with libcrypt(not found). 
journalctl -f only shows successes while running the command.
I tried to remove i3lock in case of conflict, but i3-settings-qubes depends on 
it.
I tried to compile slock without any patches, same error when running that.
I managed to get it to run with the PAM_auth patch, which replaces the use of 
shadow, but I couldn't unlock slock with my password, so that doesn't really 
help me.
Is there a trick to it or does it simply not work on Qubes/Fedora?
Thanks in advance for any replies.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20230918110633.GA1188%40mail2-dvm.

[qubes-users] HCL - HP ZBook 17 G4

['crypto_pipao' via qubes-users]

---
layout:
'hcl'
type:
'notebook'
hvm:
'yes'
iommu:
'yes'
slat:
'yes'
tpm:
'unknown'
remap:
'yes'
brand: |
HP
model: |
HP ZBook 17 G4
bios: |
P70 Ver. 01.44
cpu: |
Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz
cpu-short: |
FIXME
chipset: |
Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM 
Registers [8086:5910] (rev 05)
chipset-short: |
FIXME
gpu: |
Intel Corporation HD Graphics 630 [8086:591b] (rev 04) (prog-if 00 [VGA 
controller])
NVIDIA Corporation GM206GLM [Quadro M2200 Mobile] [10de:1436] (rev a1) (prog-if 
00 [VGA controller])
gpu-short: |
FIXME
network: |
Intel Corporation Ethernet Connection (2) I219-LM (rev 31)
Intel Corporation Wireless 8265 / 8275 (rev 78)
memory: |
16035
scsi: |
SAMSUNG MZ7LN256 Rev: 1H3Q
usb: |
1
versions:

- works:
'FIXME:yes|no|partial'
qubes: |
R4.1
xen: |
4.14.6
kernel: |
6.4.7-1
remark: |
FIXME
credit: |
FIXAUTHOR
link: |
FIXLINK

---

I don't install driver of the graphic's card NVIDIA GM206GLM (Quadro M2200 
Mobile) in Dom0 but it work fine in sys-gui-gpu with generic/proprietary 
drivers.

Envoyé avec la messagerie sécurisée [Proton Mail.](https://proton.me/)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a72zLyL_11hF4aBQI7Db0VMECj06M8ZasHANUTAEj-YyHTFLf7fL63IvTCDODMe3xCew-0goy6F-DKXaZbZBmm_hI_UlhRBasUBikBXUcSI%3D%40protonmail.com.

Re: [qubes-users] split-ssh question

['unman' via qubes-users]

On Fri, Sep 08, 2023 at 08:10:44AM +0200, haaber wrote:
> I tried to configure split-ssh according to the tutorial on qubes pages,
> in its simple version (just agent, but no keepass integration). But now
> ssh offers *all* my private keys to *all* servers, which is odd, but
> more annoying, it usually breaks connections after 3 "false" public keys
> ...
> 
> Clearly, I did something wrong, but I do not understand well-enough what
> I should change.  Did some have/solve this problem already or have a
> hint for me, please?  Thank you!
> 

I dont think you did anything wrong.
I think what you are looking for is something like my split-ssh-agent -
This allows you to have multiple keys, allocated as you will between different
agents on the ssh back-end.
>From each calling qube, you specify (in policy) what agent should be
called, and this is passed through to the ssh back-end to serve up the
appropriate keys.

You can find it at https://github.com/unman/qubes-ssh-agent or a
packaged version for easy installation at https://qubes.3isec.org/tasks.html
If you dont use it, it should give you one idea of how you might go on. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZP3nIme3BRQK%2BktD%40thirdeyesecurity.org.

Re: [qubes-users] Error installing Debian-12 template

[qubes-lists]

+1
Same problem here.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d44e2700-5ba2-0cec-6725-3aad2ee3433d%40riseup.net.

Re: [qubes-users] saltstack: detect the os within a running target/state.sls

['unman' via qubes-users]

On Thu, Aug 24, 2023 at 11:26:30AM +0200, lik...@gmx.de wrote:
> Hi!
> 
> Running grains['os'] in a target returns always "Fedora" and grains['id'] 
> returns "dom0". For this reason I cannot branch in my state files for 
> different os templates.
> Executing this test in such a targeted state.sls:
> 
> test-grains-for-choosing-the-right-template:
>   test.configurable_test_state:
>     - name: "grains test"
>     - changes: True
>     - result: True
>     - comment: {{ grains['os'] ~ ", " ~ grains['id'] ~ ", " ~ 
> grains['osfullname'] ~ ", " ~ grains['os_family'] }}
> 
> returns
> grains['os']=Fedora, grains['os']=dom0, grains['osfullname']=Qubes, 
> grains['osfamily']=RedHat
> 
> Any ideas why this happens? How to branch correctly in a state file depending 
> on the os of the template?
> 
> Best, P!
> 

When you use qubesctl it acts in the following order - dom0, templates,
template based qube. Unless you specifically exclude dom0, the state
will be applied to dom0.

You havent said what command you entered, which would have been useful,
but my guess is that you used `qubesctl state.apply ...`
If you want to target a template, then you should use:
`qubesctl --skip-dom0 --targets=LIST_OF_TARGETS .`

If you want a state file to be used BOTH for dom0 and templates, you can
use a "defensive" approach - there are examples of this at
http://github.com/unman/shaker
Use a jinja block like - {% if grains['nodename'] != 'dom0' %}
This will ensure that non-dom0 stuff gets correctly applied, while
making sure that those parts of the state dont get applied to dom0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZOh%2Bxvf2ReSaLmeP%40thirdeyesecurity.org.

Re: [qubes-users] HCL - ASUS Vivobook X1503ZA

['Gandalfen' via qubes-users]

I had to disable both intel VDM and secure boot via UEFI/BIOS to make the 
installation start.

Everything seems to work fine But:

1- wake from suspend is not working even after i followed the documentation's 
potential fix (screen stays blank until hard reset/shutdown)
2- TPM status is not found in the .yml, not sure if it's due to lack of TPM 2.0 
support as i didn't test the TPM manually.

I apologize as I have not included the .yml file in the first post so here it's 
in this post

If any further information is needed please inform me

 Original Message 
On Aug 21, 2023, 2:02 PM, 'Gandalfen' via qubes-users - qubes-users at 
googlegroups.com wrote:

> ---
> layout:
> 'hcl'
> type:
> 'notebook'
> hvm:
> 'yes'
> iommu:
> 'yes'
> slat:
> 'yes'
> tpm:
> 'unknown'
> remap:
> 'yes'
> brand: |
> ASUSTeK COMPUTER INC.
> model: |
> Vivobook_ASUSLaptop X1503ZA_X1503ZA
> bios: |
> X1503ZA.305
> cpu: |
> 12th Gen Intel(R) Core(TM) i7-12700H
> cpu-short: |
> Intel i7-12700H
> chipset: |
> Intel Corporation Device [8086:4641] (rev 02)
> chipset-short: |
> Intel [8086:4641] (rev 02)
> gpu: |
> Intel Corporation Device [8086:46a6] (rev 0c) (prog-if 00 [VGA controller])
>
> gpu-short: |
> Intel Iris Xe Graphics
> network: |
> MEDIATEK Corp. Device 7961
> memory: |
> 16076
> scsi: |
>
> usb: |
> 1
> versions:
>
> - works:
> 'partial'
> qubes: |
> R4.1
> xen: |
> 4.14.5
> kernel: |
> 6.4.7-1
> remark: |
> Disabled secure boot and VMD in UEFI, Works but does not wake from suspend
> credit: |
> Gandalfin
> link: |
> FIXLINK
>
> ---
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> [https://groups.google.com/d/msgid/qubes-users/169261574502.6.9546733988854435634.168624131%40simplelogin.com](https://groups.google.com/d/msgid/qubes-users/169261574502.6.9546733988854435634.168624131%40simplelogin.com?utm_medium=email_source=footer).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/169269292982.7.2257225405946807838.169076547%40simplelogin.com.


Qubes-HCL-ASUSTeK_COMPUTER_INC_-Vivobook_ASUSLaptop_X1503ZA_X1503ZA-20230821-105329.yml
Description: Binary data

[qubes-users] HCL - ASUS Vivobook X1503ZA

['Gandalfen' via qubes-users]

---
layout:
'hcl'
type:
'notebook'
hvm:
'yes'
iommu:
'yes'
slat:
'yes'
tpm:
'unknown'
remap:
'yes'
brand: |
ASUSTeK COMPUTER INC.
model: |
Vivobook_ASUSLaptop X1503ZA_X1503ZA
bios: |
X1503ZA.305
cpu: |
12th Gen Intel(R) Core(TM) i7-12700H
cpu-short: |
Intel i7-12700H
chipset: |
Intel Corporation Device [8086:4641] (rev 02)
chipset-short: |
Intel [8086:4641] (rev 02)
gpu: |
Intel Corporation Device [8086:46a6] (rev 0c) (prog-if 00 [VGA controller])

gpu-short: |
Intel Iris Xe Graphics
network: |
MEDIATEK Corp. Device 7961
memory: |
16076
scsi: |

usb: |
1
versions:

- works:
'partial'
qubes: |
R4.1
xen: |
4.14.5
kernel: |
6.4.7-1
remark: |
Disabled secure boot and VMD in UEFI, Works but does not wake from suspend
credit: |
Gandalfin
link: |
FIXLINK

---

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/169261574502.6.9546733988854435634.168624131%40simplelogin.com.


Qubes-HCL-ASUSTeK_COMPUTER_INC_-Vivobook_ASUSLaptop_X1503ZA_X1503ZA-20230821-105329.cpio.gz
Description: application/gzip

Re: [qubes-users] HCL - Gigabyte B650E Aorus Master - AMD Ryzen 9 7950X

['Edwin Török' via qubes-users]

On Thu, 2023-08-10 at 21:36 +, 51li...@ileg.al wrote:
> Its interesting, since my amd legion is testing machine, i never use
> sys-usb, and yeah i found that usb passthrough lead system to reboot.
> can you provide a more detail about step by step what have you done ?
> 

At install time untick the 'sysusb' creation, and then create sysusb by
hand and attach just 1 USB controller at a time (following the
instructions here
https://www.qubes-os.org/doc/usb-qubes/#how-to-create-a-usb-qube-for-use-with-a-usb-keyboard)

Another way to find out which device is causing the system to poweroff
is to use any other VM (e.g. 'personal'), change it to HVM, and go to
the devices tab in settings and try passing through one controller at a
time, and make a note which one worked and which one didn't.
If it works, power off the VM, remove the device from it and try the
other ones in turn.
If the machine gets instantly powered off instead then make a note
about the broken device.

I'll write some step-by-step examples once I got it working a bit more
reliably, but for now the next device that is misbehaving sometimes is
the network card:

0e:00.0 Network controller: MEDIATEK Corp. MT7922 802.11ax PCI Express
Wireless Network Adapter

Sometimes it just keeps printing messages that it is waiting after FLR,
and the boot doesn't actually finish (or maybe I didn't wait long
enough, I gave up after half a minute after it has printed a few retry
messages about FLR).
Other times it works reliably (it seems to misbehave if I boot into
Qubes directly after the machine has been powered off, but seems to
work if I first boot into native Fedora and then reboot into Qubes).

Best regards,
--Edwin

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc0382033f36b0bc7ed70d6cd3bc17cb7d6383de.camel%40etorok.net.

Re: [qubes-users] HCL - Gigabyte B650E Aorus Master - AMD Ryzen 9 7950X

['Edwin Török' via qubes-users]

On Wed, 2023-08-09 at 20:53 +0100, Edwin Török wrote:
> On Mon, 2023-08-07 at 21:45 +0100, 'Edwin Török' via qubes-users
> wrote:
> > 
> >   Must NOT use a USB qube. Using a USB qube results in an
> > instant
> > host reboot as soon as the USB qube is booted (same issue happen on
> > KVM
> > when attempting to pass through any USB controller, even if the
> > controller is in an IOMMU group of its own). There is a newer BIOS
> > with
> > newer AGESA available, I'll have to retry using that. Using
> > permissive
> > mode or non-strict PCI reset doesn't help:
> 
> New BIOS doesn't help, but I found one source of the host reboot: bus
> reset of the USB3 controller PCI device.
> 
> /sys/bus/pci/devices/:13:00.0/reset_method has 'bus',
> and its parent /sys/bus/pci/devices/:00:08.3/reset_method has
> 'pm'.
> No FLR on these (which is confirmed by 'lspci' it says FLReset-).
> 
> Changing 'bus' to 'pm', and performing an unbind from
> /sys/bus/pci/drivers/xhci_hcd, and then echoing '1' to 'reset' seems
> to
> survive and it no longer causes the system to power off.
> (now I don't know whether the problem is with reseting the device, or
> resetting the parent's secondary bus, IIUC even if parent device's
> reset method is pm, secondary bus will still be reset if that is what
> the child does).
> 
> Note that all the other USB controller's reset_method is already
> 'pm'.
> 
> All but one USB controller is in D3hot (which is expected), the other
> is D0. Is a bus reset of a device in D3hot even valid?

I tried plugging a USB device in the controller so it went to D0 and
changes reset method to pm on its own, but that didn't help.

However I found out that I *can* pass-through 2/4 USB controllers,
these ones are safe to pass through:
```
+-02.1-[06-10]00.0-[07-10]--+-00.0-[08]--
   |   +-0c.0-[0f]00.0 
Advanced Micro Devices, Inc. [AMD] Device [1022:43f7]
+-08.1-[12]--+-00.0  Advanced Micro Devices, Inc. [AMD/ATI] Raphael
[1002:164e]
   |+-00.3  Advanced Micro Devices, Inc. [AMD]
Device [1022:15b6]
```

These ones are NOT safe to pass through, they result in instant power
off of the host, followed by a poweron couple of seconds later:
```
+-08.1-[12]--+-00.0  Advanced Micro Devices, Inc. [AMD/ATI] Raphael
[1002:164e]
   |+-00.4  Advanced Micro Devices, Inc. [AMD]
Device [1022:15b7]
+-08.3-[13]00.0  Advanced Micro Devices, Inc. [AMD] Device
[1022:15b8]
```

This is very weird because 12.03 and 12.04 are quite similar from a
topology point of view.

I'm not sure what Qubes could do to detect or avoid this situation, but
perhaps just hiding the USB controllers that are in D3hot instead of
passing them through is the safer option?
But even that becomes unsafe if I plug a USB device into 12.04.

Anyway I have a workaround now to at least pass some of my USB devices
through, and I have my Yubikey working in my 'vault' VM.

Best regards,
--Edwin

> 
> Although changing the 'reset_method' still doesn't make device pass-
> through work: attempting to pass it through still causes a host
> reboot
> (although more like a poweroff followed by a powerup than a warm
> reboot, I tried disabling various options in the BIOS but it still
> powers off directly, e.g. the PSP/SMU debug mode appeared promising
> but
> didn't help).
> 
> Best regards,
> --Edwin

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f88f1793125271923f2b884139d3a336a608599b.camel%40etorok.net.

Re: [qubes-users] HCL - Gigabyte B650E Aorus Master - AMD Ryzen 9 7950X

['Edwin Török' via qubes-users]

On Mon, 2023-08-07 at 21:45 +0100, 'Edwin Török' via qubes-users wrote:
> 
>   Must NOT use a USB qube. Using a USB qube results in an instant
> host reboot as soon as the USB qube is booted (same issue happen on
> KVM
> when attempting to pass through any USB controller, even if the
> controller is in an IOMMU group of its own). There is a newer BIOS
> with
> newer AGESA available, I'll have to retry using that. Using
> permissive
> mode or non-strict PCI reset doesn't help:

New BIOS doesn't help, but I found one source of the host reboot: bus
reset of the USB3 controller PCI device.

/sys/bus/pci/devices/:13:00.0/reset_method has 'bus',
and its parent /sys/bus/pci/devices/:00:08.3/reset_method has 'pm'.
No FLR on these (which is confirmed by 'lspci' it says FLReset-).

Changing 'bus' to 'pm', and performing an unbind from
/sys/bus/pci/drivers/xhci_hcd, and then echoing '1' to 'reset' seems to
survive and it no longer causes the system to power off.
(now I don't know whether the problem is with reseting the device, or
resetting the parent's secondary bus, IIUC even if parent device's
reset method is pm, secondary bus will still be reset if that is what
the child does).

Note that all the other USB controller's reset_method is already 'pm'.

All but one USB controller is in D3hot (which is expected), the other
is D0. Is a bus reset of a device in D3hot even valid?

Although changing the 'reset_method' still doesn't make device pass-
through work: attempting to pass it through still causes a host reboot
(although more like a poweroff followed by a powerup than a warm
reboot, I tried disabling various options in the BIOS but it still
powers off directly, e.g. the PSP/SMU debug mode appeared promising but
didn't help).

Best regards,
--Edwin

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7cc0221505a19385893017a4d04800607e02802.camel%40etorok.net.

[qubes-users] HCL - Gigabyte B650E Aorus Master - AMD Ryzen 9 7950X

['Edwin Török' via qubes-users]

Architecture:    x86_64
  CPU op-mode(s):    32-bit, 64-bit
  Address sizes: 48 bits physical, 48 bits virtual
  Byte Order:    Little Endian
CPU(s):  32
  On-line CPU(s) list:   0-31
Vendor ID:   AuthenticAMD
  Model name:    AMD Ryzen 9 7950X 16-Core Processor
    CPU family:  25
    Model:   97
    Thread(s) per core:  2
    Core(s) per socket:  16
    Socket(s):   1
    Stepping:    2
    Frequency boost: enabled
    CPU(s) scaling MHz:  52%
    CPU max MHz: 5879.8818
    CPU min MHz: 3000.
    BogoMIPS:    8999.60
    Flags:   fpu vme de pse tsc msr pae mce cx8 apic sep
mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx
mmxext f
 xsr_opt pdpe1gb rdtscp lm constant_tsc
rep_good amd_lbr_v2 nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl
pni pclmul
 qdq monitor ssse3 fma cx16 sse4_1 sse4_2
x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm
extapic cr
 8_legacy abm sse4a misalignsse 3dnowprefetch
osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext
perfctr_llc m
 waitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba
perfmon_v2 ibrs ibpb stibp ibrs_enhanced vmmcall fsgsbase bmi1 avx2
smep bmi2
  erms invpcid cqm rdt_a avx512f avx512dq
rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw
avx512vl xs
 aveopt xsavec xgetbv1 xsaves cqm_llc
cqm_occup_llc cqm_mbm_total cqm_mbm_local avx512_bf16 clzero irperf
xsaveerptr rdpr
 u wbnoinvd cppc arat npt lbrv svm_lock
nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter
pfthreshold 
 avic v_vmsave_vmload vgif x2avic v_spec_ctrl
vnmi avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq
avx512_vnn
 i avx512_bitalg avx512_vpopcntdq rdpid
overflow_recov succor smca fsrm flush_l1d
Virtualization features: 
  Virtualization:    AMD-V
Caches (sum of all): 
  L1d:   512 KiB (16 instances)
  L1i:   512 KiB (16 instances)
  L2:    16 MiB (16 instances)
  L3:    64 MiB (2 instances)
NUMA:    
  NUMA node(s):  1
  NUMA node0 CPU(s): 0-31
Vulnerabilities: 
  Itlb multihit: Not affected
  L1tf:  Not affected
  Mds:   Not affected
  Meltdown:  Not affected
  Mmio stale data:   Not affected
  Retbleed:  Not affected
  Spec store bypass: Mitigation; Speculative Store Bypass disabled
via prctl
  Spectre v1:    Mitigation; usercopy/swapgs barriers and
__user pointer sanitization
  Spectre v2:    Mitigation; Enhanced / Automatic IBRS, IBPB
conditional, RSB filling, PBRSB-eIBRS Not affected
  Srbds: Not affected
  Tsx async abort:   Not affected
edwin ~ [4.14.1] ❯ cat /mnt/home/edwin/Qubes-HCL-
Gigabyte_Technology_Co___Ltd_-B650E_AORUS_MASTER-20230807-162029.yml 
---
layout:
  'hcl'
type:
  'Desktop'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  '2.0'
remap:
  'yes'
brand: |
  Gigabyte Technology Co., Ltd.
model: |
  B650E AORUS MASTER
bios: |
  F3c
cpu: |
  AMD Ryzen 9 7950X 16-Core Processor
cpu-short: |
  FIXME
chipset: |
  Advanced Micro Devices, Inc. [AMD] Device [1022:14d8]
chipset-short: |
  FIXME
gpu: |
  Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 [Radeon RX 5600
OEM/5600 XT / 5700/5700 XT] [1002:731f] (rev c0) (prog-if 00 [VGA
controller])
  Advanced Micro Devices, Inc. [AMD/ATI] Raphael [1002:164e] (rev c1)
(prog-if 00 [VGA controller])
gpu-short: |
  FIXME
network: |
  Intel Corporation Ethernet Controller I225-V [8086:15f3] (rev 01)
  MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter
[14c3:0616]
  0616]
memory: |
  64663
scsi: |
  SanDisk SDSSDXPS Rev: 00RL
  TOSHIBA MG09ACA1 Rev: 0104
  TOSHIBA HDWD130  Rev: ACF0
usb: |
  4
certified:
  'no'
versions:
  - works:
  'partial'
    qubes: |
  4.2.0-alpha
    xen: |
  4.17.1
    kernel: |
  6.1.35-1
    remark: |
  Must create a GPT partition table on the boot media with 'gdisk',
see https://github.com/QubesOS/qubes-issues/issues/8395
  Must ensure that installation target is NOT 4Kn, had to reformat
NVME namespace to 512 byte, see
https://github.com/QubesOS/qubes-issues/issues/7398#issuecomment-1668545707
  Must enable IOMMU in BIOS (default is Auto which doesn't work.
Enable it under 'Misc settings and AMD CBS -> NBIO settings').
  Must NOT use a USB qube. Using a USB qube results in an instant
host reboot as soon as the USB qube is booted (same issue happen on KVM
when attempting to pass through any USB controller, even if the
controller is in an IOMMU group of its own). There is a newer BIOS with
newer AGESA available, I'll h

[qubes-users] How to use lvms from a disk with a valid Qubes installation as qubes in another Qubes pc?

['Qru' via qubes-users]

In my desktop Qubes system the mainboard died. So I bought a new one. 
Unfortunately I didn't make a backup for some days.
After building the new hardware system my Qubes installation from the old ssd 
doesn't start there.
(Somehow the system freezes or at least the keyboard is being switched off just 
before I have to input the disk password.)

So I created a new Qubes installation on an USB stick, which works quite well 
in the new system (both are Qubes 4.1.)
Running this new installation I can still access my old ssd. I see all the lvms 
from my old installation (I have around 100 qubes, so about 250 lvms).
I can rename the vg, activate and mount each lvm and access all data. But I 
cannot use the lvms as qubes. They don't appear with qvm-ls.

How can I make use of these lvms?

I want to have them recognized as qubes. Then I want to make a full Qubes 
backup off all my cubes. And after a new Qubes installation I want to restore 
them.
I could backup the lvms in a non Qubes way. But then again I would have the 
problem to make them known as qubes to my new system.

I read all the documentation, especially "How to back up, restore, and 
migrate", "How to mount a Qubes partition from another OS" and "Secondary 
storage".
But this didn't answer my questions. I can access the data but I cannot use the 
old qubes as qubes in a new system.

How can this be accomplished?

Any help is highly appreciated.
- Qru

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L4jvIaUKh4b4L-Jz8fii1D1PAfMri9aqTOBCwTdg5AMscbTZd_k3d-3VeLWVwegpSiD4np5-8IwsyME3E_ceCAX3gUBcBG3bbpbCrYVPScY%3D%40proton.me.

Re: [qubes-users] QubesIncoming folder in /tmp ??

['unman' via qubes-users]

On Fri, Jun 30, 2023 at 12:27:41PM +0200, haaber wrote:
> Hi I was wondering if it would not me preferable (at least in some VM's)
> to delocalise the QubesIncoming folder in /tmp to have it "cleaned up"
> regularly. It's a pain to do so manually. Is there a problem doing so ? 
> What would be the cleanest way to do it? A symlink ??  thank you, Bernhard
> 
I use this in rc.local:
```
mkdir /home/user/QubesIncoming
chown user:user /home/user/QubesIncoming
mkdir /tmp/QubesIncoming
chown user:user /tmp/QubesIncoming
mount --bind /tmp/QubesIncoming /home/user/QubesIncoming
```

I dont think the chown calls are needed, but I put them in , and have
not removed them.
Works as you would expect.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZJ9%2B%2BrugSSu6AW6W%40thirdeyesecurity.org.

Re: [qubes-users] Re: ssh-split issue

[1b6c8d73d15b.qubeslist via qubes-users]

On 21/06/2023 11:49, haaber wrote:
>> We observe that the file /run/user/1000/openssh_agent  is different
>> from/home/user/.SSH_AGENT_sshkeys. That may be a problem.

Running the following command in the work qube should work:
SSH_AUTH_SOCK=/home/user/.SSH_AGENT_vault ssh-add -L

You seem to be running the "ssh-agent.service" in your work qube. This 
is not part of the linked setup guide. There only one agent is running 
and that is in the vault qube.


The "clients" (e.g. work qube) only redirect the communication via 
socat, qubes RPC and the /home/user/.SSH_AGENT_vault file to the 
ssh-agent in the vault qube.


See: 
https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md#in-the-appvm-ssh-client


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ac70fb1-8854-7d38-a9ca-1f13c487736a%40xafy.de.

Re: [qubes-users] How to make sys-firewall broadcast a local qube as the system-wide DNS server?

['unman' via qubes-users]

On Tue, Jun 06, 2023 at 01:24:18PM -0500, Leo28C wrote:
> I managed to set up a pi-hole qube and make it my network's DNS
> filtering/caching server. Ironically, it works flawlessly across my network
> EXCEPT it completely breaks DNS for all other qubes in the same system. On
> Debian-based qubes I figured out I can simply edit /etc/resolv.conf, while
> making sure sys-firewall lets the two qubes talk to each other, as a
> workaround. However this is a hacky per-qube solution and doesn't persist
> across qube restarts. It would be nice to simply have sys-firewall relay
> the information to all of its client qubes automatically. Any idea how to
> do this?
> 
> Thanks in advance!
> 
You dont need to change the settings per qube at all.
You haven't said *where* the pi-hole qube is located in your qubes
network, or what the nature of the breakage is.
I assume from what you say it is attached to sys-firewall.

You can do this by editing the PR-QBS chain in nat table in
sys-firewall.
By default, this forwards all DNS traffic to 10.139.1.1 and 10.139.1.2
using dnat. Flush that chain and replace it with dnat rules to the IP
address of your Pi-hole qube.
You could do this in /rw/config/qubes-firewall-user-script or by script
in /rw/config/qubes-firewall.d

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZIHekYeyI0BY5uUa%40thirdeyesecurity.org.

[qubes-users] Re: HCL - cirrus7 nimbini v3 (NUC12WSHv5)

['sonnenfinsternis' via qubes-users]

After more than a week of intensive use, I haven't noticed any problems so far. 
The "cirrus7 nimbini v3" (or presumably all NUC12WSHv5) seemed to be suitable 
hardware for anyone who wants to use QubesOS as a desktop system. 
Do I still have to submit something to be included in the HCl or do I just need 
some more patience ;-) 
Kind regards from an enthusiastic QubesOS fan :)

--- Original Message ---
On Wednesday, May 24th, 2023 at 11:51 PM, sonnenfinsternis 
 wrote:


> Here's my review of the cirrus7 nimbini v3, which is largely based on the 
> Intel NUC 12 (NUC12WSHv5). QubesOS with the "kernel latest" option runs 
> great. Most importantly, it is a dream to work on a fanless computer that 
> still runs completely silent under heavy load despite various Qubes running 
> in parallel including several standalone machines.
> 
> Best regards :-)
> Eichennarr
> 
> ---
> layout:
> 'hcl'
> type:
> 'mini pc'
> hvm:
> 'yes'
> iommu:
> 'yes'
> slat:
> 'yes'
> tpm:
> 'unknown'
> remap:
> 'yes'
> brand: |
> cirrus7
> model: |
> nimbini v3 (NUC12WSHv5)
> bios: |
> WSADLV57.0087.2023.0306.1817
> cpu: |
> 12th Gen Intel(R) Core(TM) i5-1250P
> cpu-short: |
> i5-1250P
> chipset: |
> Intel Corporation Device [8086:4621] (rev 02)
> chipset-short: |
> FIXME
> gpu: |
> Intel Iris Xe 80U
> gpu-short: |
> FIXME
> network: |
> Intel Wi-Fi 6E AX211
> memory: |
> 65092
> scsi: |
> 
> usb: |
> 4
> versions:
> 
> - works:
> yes
> qubes: |
> R4.1
> xen: |
> 4.14.5
> kernel: |
> 6.1.12-1
> remark: |
> works with kernel latest
> credit: |
> Eichennarr
> link: |
> FIXLINK
> 
> ---

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/jdzlEY6whbd2mfjTslSTwrq9NFcuQe5iweTJ11-aXUIhbawrYTef9-HKmubZfhh9V235fPH_gfc4u1zBHeCuTOTL1W1ZfVs1-sNuD_qRdZs%3D%40protonmail.ch.

[qubes-users] HCL report motherboard MSI MEG x670e ACE

['R D T' via qubes-users]

Here is my HCL report for the motherboard MSI MEG x670e ACE.

Booting even the installer works only with the x2apic=false flag set in
both xen and linux lines in grub. Automatic creation of networking related
qubes (sys-firewall and sys-net) during first configuration after install
crashes the pc.
Displayport is working, video seems to be working at least from an initial
test. Usb devices work and attach successfully to qubes.
Creation of new qubes works.
Will have to attempt to manually create networking qubes and report back.
I should also note that the motherboard is running a beta bios version due
to a problem with vsoc voltage being set too high and not properly capped
leading sometimes to frying 7000 series cpus with expo profiles enabled.
Best regards,
rickyjumb

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/168569294942.7.16578028694072641953.136828018%40simplelogin.com.


Qubes-HCL-Micro_Star_International_Co___Ltd_-MS_7D69-20230602-065754.yml
Description: application/yaml

Re: [qubes-users] Trying my luck

[Qubes]

Ulrich Windl (Google) wrote:
Just wondering: Is the remote end Windows, and could some virus scanner block 
the rename request? You know Windows has kind of strange locking rules.


No the SMB server is running on OmniOS which is Illumos kernel.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c50703f7-a6ae-b659-a618-cbb5ccdf905e%40ak47.co.za.

Re: [qubes-users] Trying my luck

[Qubes]

Qubes wrote:

Qubes wrote:
I am just trying my luck here with an issue that i have been unable to 
resolve on my Qubes system for a long time now. I have been looking 
into this problem quite a bit but i cannot seem to find a solution 
anywhere. Perhaps someone on this list has experienced the same and 
has found a solution.


When i open a text file that is located on a network share with gedit, 
gedit is unable to save the file. When I click the save button, or 
`Ctrl + s`, i can see gedit creates a temporary file named 
".goutputstream-AO9U51" on the network share and in gedit i get a 
message "Could not create a backup file while saving 
"/home/user/data/test/file-name.txt"". If i launch gedit from cli i 
see a message on cli when saving the file "Hit unhandled case 27 
(Error renaming temporary file: Resource temporarily unavailable) in 
parse_error."


I definitely have permissions on the network share as i can copy files 
to it, delete, create directories, etc. I can also open a LibreOffice 
document and save it. The problem appears to be specific to gedit. 
Also, it happens with both a Fedora and Debian based VM.


In addition that i forgot to mention is, i can open edit and save the 
same txt files with vi and it works.


I have read reports [1][2][3][4][6] dating as far back as 12 years with 
the sshfs protocol (an abandoned project) being implicated as well.


On issue 438 [3] that was reported on Gitlab it is reported that "As far 
as I can tell, the problem is in the way glib saves a file by writing to 
a temporary file and renaming to the final name." and "I'll take a more 
serious look later but I'd start with gio/glocalfileoutputstream.c and 
particularly the function _g_local_file_output_stream_really_close which 
contains the error string "Error renaming temporary file".".


A duplicate issue 565 [5] to issue 438 [3] was opened and there a patch 
is provided that is said to fix this issue although i have not tried it 
because i don't know how to.


**Question:** Would anybody perhaps know how and where to do the patch, 
attached for reference, on Fedora/Debian. As far as I can tell the patch 
needs to be done on the client since the problem originates from the client.


[1]: 
https://askubuntu.com/questions/13843/gedit-sshfs-wont-save-vi-saves-fine
[2]: 
https://unix.stackexchange.com/questions/52951/gedit-wont-save-a-file-on-a-virtualbox-share-text-file-busy

[3]: https://gitlab.gnome.org/GNOME/glib/-/issues/438
[4]: https://github.com/rclone/rclone/issues/2130
[5]: https://gitlab.gnome.org/GNOME/glib/-/issues/565
[6]: 
https://illumos.topicbox.com/groups/omnios-discuss/Tc4c6b72d6386f9fb/resource-temporarily-unavailable-when-saving-to-cifs-share-on-r151038


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41c6de8b-c200-0178-9cd9-c06809f94bfa%40ak47.co.za.
From 179812d0847af191e709539041a57d5779d847ed Mon Sep 17 00:00:00 2001
From: TW 
Date: Wed, 27 Jun 2012 19:35:33 +0200
Subject: [PATCH] gio: workaround for renaming files on filesystems not
 supporting it

This is a workaround for samba and "Virtual Box shared" filesystem which does not support renaming opened files and react on such attempt with ETXTBSY. It is also a solution proposal for:

Bug 678994 - Unable to overwrite files on vbox shared mounted filesystems
---
 gio/glocalfileoutputstream.c | 90 +++-
 1 file changed, 63 insertions(+), 27 deletions(-)

diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index a310fcd..60e5f43 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -223,6 +223,7 @@ _g_local_file_output_stream_really_close (GLocalFileOutputStream *file,
 {
   GLocalFileStat final_stat;
   int res;
+  int smb_cifs_rename_workaround = 0;
 
 #ifdef HAVE_FSYNC
   if (file->priv->sync_on_close &&
@@ -318,17 +319,44 @@ _g_local_file_output_stream_really_close (GLocalFileOutputStream *file,
   if (g_cancellable_set_error_if_cancelled (cancellable, error))
 	goto err_out;
 
-  /* tmp -> original */
-  if (g_rename (file->priv->tmp_filename, file->priv->original_filename) != 0)
-	{
-  int errsv = errno;
 
-	  g_set_error (error, G_IO_ERROR,
-		   g_io_error_from_errno (errsv),
-		   _("Error renaming temporary file: %s"),
-		   g_strerror (errsv));
-	  goto err_out;
-	}
+  res = g_rename (file->priv->tmp_filename, file->priv->original_filename);
+
+  /* tmp -> original */
+  if (res != 0 && errno == ETXTBSY)
+  {
+	  // try to close the fd first and retry renaming
+	  if (fs

Re: [qubes-users] Trying my luck

[Qubes]

Qubes wrote:
I am just trying my luck here with an issue that i have been unable to 
resolve on my Qubes system for a long time now. I have been looking into 
this problem quite a bit but i cannot seem to find a solution anywhere. 
Perhaps someone on this list has experienced the same and has found a 
solution.


When i open a text file that is located on a network share with gedit, 
gedit is unable to save the file. When I click the save button, or `Ctrl 
+ s`, i can see gedit creates a temporary file named 
".goutputstream-AO9U51" on the network share and in gedit i get a 
message "Could not create a backup file while saving 
"/home/user/data/test/file-name.txt"". If i launch gedit from cli i see 
a message on cli when saving the file "Hit unhandled case 27 (Error 
renaming temporary file: Resource temporarily unavailable) in parse_error."


I definitely have permissions on the network share as i can copy files 
to it, delete, create directories, etc. I can also open a LibreOffice 
document and save it. The problem appears to be specific to gedit. Also, 
it happens with both a Fedora and Debian based VM.


In addition that i forgot to mention is, i can open edit and save the 
same txt files with vi and it works.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/55f71abc-061c-b3a5-c94a-f909aeaa3416%40ak47.co.za.

[qubes-users] Trying my luck

[Qubes]

I am just trying my luck here with an issue that i have been unable to 
resolve on my Qubes system for a long time now. I have been looking into 
this problem quite a bit but i cannot seem to find a solution anywhere. 
Perhaps someone on this list has experienced the same and has found a 
solution.


When i open a text file that is located on a network share with gedit, 
gedit is unable to save the file. When I click the save button, or `Ctrl 
+ s`, i can see gedit creates a temporary file named 
".goutputstream-AO9U51" on the network share and in gedit i get a 
message "Could not create a backup file while saving 
"/home/user/data/test/file-name.txt"". If i launch gedit from cli i see 
a message on cli when saving the file "Hit unhandled case 27 (Error 
renaming temporary file: Resource temporarily unavailable) in parse_error."


I definitely have permissions on the network share as i can copy files 
to it, delete, create directories, etc. I can also open a LibreOffice 
document and save it. The problem appears to be specific to gedit. Also, 
it happens with both a Fedora and Debian based VM.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/768240c6-a0f9-387c-3d4d-67847e4dec4e%40ak47.co.za.

Re: [qubes-users] Re: Beginner questions

['sonnenfinsternis' via qubes-users]

--- Original Message ---
On Friday, May 26th, 2023 at 4:24 AM, 'Stuart Perkins' via qubes-users 
 wrote:


> Bottom post is the standard on this list. See my response at the bottom... :)
> 
> On Thu, 25 May 2023 19:02:23 +
> "'sonnenfinsternis' via qubes-users" qubes-users@googlegroups.com wrote:
> 
> > Sounds helpful, I'll try it when I get a chance, thanks :) After reading 
> > this [1], I can now even use my USB mouse directly after booting, without 
> > having to assign it to dom0 first. So slowly but surely I'm warming up to 
> > QubesOS. A wonderful system :) Now if I can just find a way to see how much 
> > processor load and memory is currently being used globally, I'll have all 
> > the pressing open construction sites taken care of for the time being. Over 
> > the weekend I will switch to a QubesOS installation as my new device for 
> > daily use. I am excited and glad that this project exists with this great 
> > community :)
> > 
> > 1: https://www.qubes-os.org/doc/usb-qubes/#usb-mice
> > 
> > --- Original Message ---
> > On Thursday, May 25th, 2023 at 8:39 AM, haaber haa...@web.de wrote:
> > 
> > > Hi
> > > 
> > > > 5) The question about autocomplete in the terminal has been resolved. 
> > > > This was indeed not due to QubesOS but to the fact that
> > > 
> > > the bash-completion package is not pre-installed by default in Debian.
> > > But this can be easily fixed:
> > > https://unix.stackexchange.com/questions/312456/debian-apt-not-apt-get-autocompletion-not-working
> > > 
> > > I have a nice working auto-complete for dom0. It allows usual
> > > qvm-commands (qvm-start, qvm-stop, etc) in dom0 terminal and
> > > distinguishes between running and non-running VM's according to what the
> > > command expects. Like: qvm-shutdown [TAB] proposes only running VM's to
> > > be shut down. etc.
> > > 
> > > Works like charm since qubes 3.2. You find the code attached.
> > > 
> > > Bernhard
> > > 
> > > --
> > > You received this message because you are subscribed to the Google Groups 
> > > "qubes-users" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an 
> > > email to qubes-users+unsubscr...@googlegroups.com.
> > > To view this discussion on the web visit 
> > > https://groups.google.com/d/msgid/qubes-users/023ce574-96ab-7f94-21d6-4726c1801ce1%40web.de.
> 
> 
> Welcome to Qubes OS. Personally, I love it. Even with the occasional awkward 
> way of doing something which is "point and click" on other OS's. The added 
> security of separation of programs and data plus template based VM's is 
> great. I've been a Qubes OS fan since 3.2. Add in a coreboot'd platform and 
> it is about the most secure PC available on the planet. A friend of mine who 
> built me such a laptop...2 actually (Lenovo T520 and a T420) was asked by the 
> country of Spain to build them 40. He has since dropped off the radar for 
> some reason. My current platform is marginally Qubes compatible...a Lenovo 
> W540...with no SSD it is very slow to come up, but works well once running. I 
> don't believe it can be coreboot'd though, so I will be creating another T420 
> for daily use. I am limited to pre "blob" architectures if I want coreboot 
> with no "blobs"...encrypted microcode "black box" portions of the BIOS, but 
> that is really separate from Qubes OS. I actually wore out the T520 and 
> previous T420 I had...but mine is "on" 16 hours a day or more...sometimes I 
> just leave it on when I go to bed...that is not really a surprise.
> 
> I found myself synthesizing the basic concept of template VM's manually with 
> VirtualBox before I discovered Qubes.
> 
> In a Dom0 terminal, the command "xentop" will list running qubes and the 
> resources they are consuming. It is a faster refresh than the GUI Qube 
> Manager.
> 
> Stuart
> 42 years in IT.
> 
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/20230525222440.694ef12c%40yahoo.com.

Oh, I overlooked that. I will from now on also always answer below 0:-)

I did not know "xentop" yet, thanks. I had given up looking in the dom0 
terminal, since "top" does not display globally, but only from the vie

Re: [qubes-users] Re: Beginner questions

['Stuart Perkins' via qubes-users]

Bottom post is the standard on this list.  See my response at the bottom...  :)

On Thu, 25 May 2023 19:02:23 +
"'sonnenfinsternis' via qubes-users"  wrote:

>Sounds helpful, I'll try it when I get a chance, thanks :) After reading this 
>[1], I can now even use my USB mouse directly after booting, without having to 
>assign it to dom0 first. So slowly but surely I'm warming up to QubesOS. A 
>wonderful system :) Now if I can just find a way to see how much processor 
>load and memory is currently being used globally, I'll have all the pressing 
>open construction sites taken care of for the time being. Over the weekend I 
>will switch to a QubesOS installation as my new device for daily use. I am 
>excited and glad that this project exists with this great community :)
>
>1: https://www.qubes-os.org/doc/usb-qubes/#usb-mice
>
>--- Original Message ---
>On Thursday, May 25th, 2023 at 8:39 AM, haaber  wrote:
>
>
>> Hi
>>   
>> > 5) The question about autocomplete in the terminal has been resolved. This 
>> > was indeed not due to QubesOS but to the fact that  
>> 
>> the bash-completion package is not pre-installed by default in Debian.
>> But this can be easily fixed:
>> https://unix.stackexchange.com/questions/312456/debian-apt-not-apt-get-autocompletion-not-working
>> 
>> I have a nice working auto-complete for dom0. It allows usual
>> qvm-commands (qvm-start, qvm-stop, etc) in dom0 terminal and
>> distinguishes between running and non-running VM's according to what the
>> command expects. Like: qvm-shutdown [TAB] proposes only running VM's to
>> be shut down. etc.
>> 
>> Works like charm since qubes 3.2. You find the code attached.
>> 
>> Bernhard
>> 
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to qubes-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/qubes-users/023ce574-96ab-7f94-21d6-4726c1801ce1%40web.de.
>>   
>

Welcome to Qubes OS.  Personally, I love it.  Even with the occasional awkward 
way of doing something which is "point and click" on other OS's.  The added 
security of separation of programs and data plus template based VM's is great.  
I've been a Qubes OS fan since 3.2.  Add in a coreboot'd platform and it is 
about the most secure PC available on the planet.  A friend of mine who built 
me such a laptop...2 actually (Lenovo T520 and a T420) was asked by the country 
of Spain to build them 40.  He has since dropped off the radar for some reason. 
 My current platform is marginally Qubes compatible...a Lenovo W540...with no 
SSD it is very slow to come up, but works well once running.  I don't believe 
it can be coreboot'd though, so I will be creating another T420 for daily use.  
I am limited to pre "blob" architectures if I want coreboot with no 
"blobs"...encrypted microcode "black box" portions of the BIOS, but that is 
really separate from Qubes OS.  I actually wore out the T520 and previous T420 
I had...but mine is "on" 16 hours a day or more...sometimes I just leave it on 
when I go to bed...that is not really a surprise.

I found myself synthesizing the basic concept of template VM's manually with 
VirtualBox before I discovered Qubes.

In a Dom0 terminal, the command "xentop" will list running qubes and the 
resources they are consuming.  It is a faster refresh than the GUI Qube Manager.

Stuart
42 years in IT.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20230525222440.694ef12c%40yahoo.com.

Re: [qubes-users] Re: Beginner questions

['sonnenfinsternis' via qubes-users]

Sounds helpful, I'll try it when I get a chance, thanks :) After reading this 
[1], I can now even use my USB mouse directly after booting, without having to 
assign it to dom0 first. So slowly but surely I'm warming up to QubesOS. A 
wonderful system :) Now if I can just find a way to see how much processor load 
and memory is currently being used globally, I'll have all the pressing open 
construction sites taken care of for the time being. Over the weekend I will 
switch to a QubesOS installation as my new device for daily use. I am excited 
and glad that this project exists with this great community :)

1: https://www.qubes-os.org/doc/usb-qubes/#usb-mice

--- Original Message ---
On Thursday, May 25th, 2023 at 8:39 AM, haaber  wrote:


> Hi
> 
> > 5) The question about autocomplete in the terminal has been resolved. This 
> > was indeed not due to QubesOS but to the fact that
> 
> the bash-completion package is not pre-installed by default in Debian.
> But this can be easily fixed:
> https://unix.stackexchange.com/questions/312456/debian-apt-not-apt-get-autocompletion-not-working
> 
> I have a nice working auto-complete for dom0. It allows usual
> qvm-commands (qvm-start, qvm-stop, etc) in dom0 terminal and
> distinguishes between running and non-running VM's according to what the
> command expects. Like: qvm-shutdown [TAB] proposes only running VM's to
> be shut down. etc.
> 
> Works like charm since qubes 3.2. You find the code attached.
> 
> Bernhard
> 
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/023ce574-96ab-7f94-21d6-4726c1801ce1%40web.de.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ghDIY56OTqypK0u10MIiEMqaI9sDzcAVb7In4BOJ2wboKq5kLQ0P8ityQD6dRGulKYEpDWCIM_75cIoF5GHhPdqeWCrSJd5mcE1rbYcGuzc%3D%40protonmail.ch.

[qubes-users] Re: HCL - cirrus7 nimbini v3 (NUC12WSHv5)

['sonnenfinsternis' via qubes-users]

I forgot to attach the yml file. Sorry!

--- Original Message ---
On Wednesday, May 24th, 2023 at 11:51 PM, sonnenfinsternis 
 wrote:


> Here's my review of the cirrus7 nimbini v3, which is largely based on the 
> Intel NUC 12 (NUC12WSHv5). QubesOS with the "kernel latest" option runs 
> great. Most importantly, it is a dream to work on a fanless computer that 
> still runs completely silent under heavy load despite various Qubes running 
> in parallel including several standalone machines.
> 
> Best regards :-)
> Eichennarr
> 
> ---
> layout:
> 'hcl'
> type:
> 'mini pc'
> hvm:
> 'yes'
> iommu:
> 'yes'
> slat:
> 'yes'
> tpm:
> 'unknown'
> remap:
> 'yes'
> brand: |
> cirrus7
> model: |
> nimbini v3 (NUC12WSHv5)
> bios: |
> WSADLV57.0087.2023.0306.1817
> cpu: |
> 12th Gen Intel(R) Core(TM) i5-1250P
> cpu-short: |
> i5-1250P
> chipset: |
> Intel Corporation Device [8086:4621] (rev 02)
> chipset-short: |
> FIXME
> gpu: |
> Intel Iris Xe 80U
> gpu-short: |
> FIXME
> network: |
> Intel Wi-Fi 6E AX211
> memory: |
> 65092
> scsi: |
> 
> usb: |
> 4
> versions:
> 
> - works:
> yes
> qubes: |
> R4.1
> xen: |
> 4.14.5
> kernel: |
> 6.1.12-1
> remark: |
> works with kernel latest
> credit: |
> Eichennarr
> link: |
> FIXLINK
> 
> ---

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oGEvIb__nU8T7im80hRH0HyuAK5o-E7gxP6Ex0LnkhL0NaK2u16YAxlts8SdTbDGpKSXFkH3l8BFpybf3hCT6g7N29iLgFZX81pK33-qnBc%3D%40protonmail.ch.


Qubes-HCL-Intel_R__Client_Systems-NUC12WSHv5-20230524-223156.yml
Description: application/yaml

[qubes-users] HCL - cirrus7 nimbini v3 (NUC12WSHv5)

['sonnenfinsternis' via qubes-users]

Here's my review of the cirrus7 nimbini v3, which is largely based on the Intel 
NUC 12 (NUC12WSHv5). QubesOS with the "kernel latest" option runs great. Most 
importantly, it is a dream to work on a fanless computer that still runs 
completely silent under heavy load despite various Qubes running in parallel 
including several standalone machines.

Best regards :-)
Eichennarr

---
layout:
  'hcl'
type:
  'mini pc'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'unknown'
remap:
  'yes'
brand: |
  cirrus7
model: |
  nimbini v3 (NUC12WSHv5)
bios: |
  WSADLV57.0087.2023.0306.1817
cpu: |
  12th Gen Intel(R) Core(TM) i5-1250P
cpu-short: |
  i5-1250P
chipset: |
  Intel Corporation Device [8086:4621] (rev 02)
chipset-short: |
  FIXME
gpu: |
  Intel Iris Xe 80U
gpu-short: |
  FIXME
network: |
  Intel Wi-Fi 6E AX211
memory: |
  65092
scsi: |

usb: |
  4
versions:

- works:
yes
  qubes: |
R4.1
  xen: |
4.14.5
  kernel: |
6.1.12-1
  remark: |
works with kernel latest
  credit: |
Eichennarr
  link: |
FIXLINK

---

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Q_i_As0bHmEZamFHxeUPHXSib7W3-W1TNAmwfB98J79p1NznD73wi27Q9bFxOhLI_6ougZkvC3YkNJgA5O2A0NaJrV7aaEr48JLN_1Gu8g4%3D%40protonmail.ch.

Re: [qubes-users] HCL - TUXEDO InfinityBook S 15 Gen7

['sonnenfinsternis' via qubes-users]

Thanks for quickly adding my data to the list :-)

--- Original Message ---
On Thursday, May 11th, 2023 at 2:32 AM, Sven Semmler  
wrote:


> Thank you Eichennarr for your HCL report, which is online now!
> 
> /Sven
> 
> --
> https://keys.openpgp.org/vks/v1/by-fingerprint/DA5975C9ABC40C833B2F620B2A632C537D744BC7
> 
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/c9d56257-3daf-7656-2e0c-325c94f9ff26%40SvenSemmler.org.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8UJOjuL2wsgemPxZnojoDE-C0eNb9XGXXLPRC3EugUV0uJ78PppNs9QAhUPnNvbnXE__l20Wwj5h8Dkd_JRGLQGIFccfAxdEwn_ST-BCbAo%3D%40protonmail.ch.

Re: [qubes-users] Re: Beginner questions

['sonnenfinsternis' via qubes-users]

First of all, thank you Kamil Aronowski for the long answer. There was a lot in 
it that helped me. :)

It might be clearest if I sort my answer by the numbering of my original 
questions:

1) I am still looking for a way to display the real global processor load and 
the real total global RAM usage in Qubes. Unfortunately I haven't found 
anything yet -_-.

2) I'll just stick with the existing ready-made templates for Linux then. If 
there is a clickable solution at some point, I would still be very interested 
in it though!

3) Too bad, but could have been. Then we just stick to opening qvm-template-gui 
via the terminal in dom0. It's not witchcraft, I just thought that maybe I 
missed the link in the GUI.

4) Interesting, thanks!

5) The question about autocomplete in the terminal has been resolved. This was 
indeed not due to QubesOS but to the fact that the bash-completion package is 
not pre-installed by default in Debian. But this can be easily fixed: 
https://unix.stackexchange.com/questions/312456/debian-apt-not-apt-get-autocompletion-not-working
Best regards :)
--- Original Message ---
On Tuesday, May 9th, 2023 at 7:57 PM, 'Kamil Aronowski' via qubes-users 
 wrote:

> Thanks for being part of our community!
>
> I don't know everything but can provide some hints.
>
>> 2) I have a Windows Qube as a standalone VM. The integration works fine 
>> thanks to qubes-windows-tools. But is there something similar for standalone 
>> Linux VMs? Assuming there is a LinuxMint in a standalone qube: What is the 
>> best way to exchange files or pass the clipboard to other "normal" Qubes? 
>> Via a USB stick? Surely there is a software solution :slight_smile:
>
> I haven't seen an ISO file or such a friendly distribution of the tools Qubes 
> uses for integration for Linux qubes. The tools do run in AppVMs (run `sudo 
> ps aux | grep qubes` to see for yourself) and if they were to be ported to 
> the target distro, I assume we'll be home then.
>
> There's the [qubes-builder](https://github.com/QubesOS/qubes-builder) 
> framework the developers wrote that can do this but this assumes building the 
> tools for the supported distros. I can't provide further assistance because 
> while the project is great and I was able to compile the officially supported 
> templates along with everything they require, I failed when trying to add an 
> unsupported system - some old Fedora and Debian releases.
>
>> 3) How do I know that there is a new template, e.g. Fedora 38? Do I have to 
>> check this myself regularly under qvm-template-gui? And while we are at it: 
>> Do I reach qvm-template-gui also somehow with the mouse over the gui?
>
> Currently it looks like it needs to be ran from commandline but I can help 
> writing a `.desktop` shortcut/launcher for this.
>
>> 4) I got to thinking when I saw that there is his fedora-37-xfce template. 
>> Is it possible to start the desktop in an app VM based on it? Does this 
>> actually work in general in a qube that is not a standalone installation? Or 
>> can I always start only individual programs?
>
> Yes and no.
>
> Keep in mind that Qubes has these tools and a custom X11 config provided for 
> this integration. They would have to be rewritten for a proper support, I 
> guess.
>
> Maybe it's a good idea to connect to a qube remotely via VNC or something and 
> instantiate an xfce4-session there. But in a regular case this will cause 
> visual mess. I'll attach a screenshot for this.
>
>> 5) And why does the tab completion in the terminal often not work in the 
>> Debian templates? Especially when installing software with "sudo apt install 
>> xyz" I have problems, because I have to know exactly what the packages are 
>> called.
>
> Seems like this is Debian-related and outside of the scope of Qubes 
> community. Maybe its `bash-completion` doesn't work as intended? I'd contact 
> the Debian team directly for that, since I suppose the same would be 
> happening even if installing Debian on a bare-matal environment.
>
>> I hope that I have not outed myself as a complete idiot with these 
>> questions. But I honestly haven't been able to figure them out for myself so 
>> far, so I wanted to put them up for debate here. Maybe there are other 
>> newbies like me with similar questions.
>
> No, you haven't. We're humans and have limited resources, especially when 
> coming to a new project. And just because something is intuitive for one 
> person, doesn't mean it will be intuitive for another one.
> We're here to assist each other and have a great time.
>
> On Tuesday, May 9, 2023 at 11:34:19 AM UTC+2 sonnenfinsternis wrote:
>
>> Hi there :)
>>
>> I've only been using QubesOS for

Re: [qubes-users] Time and date of appVM

[Qubes]

Qubes wrote:

Qubes wrote:

Qubes wrote:

Qubes wrote:

Qubes wrote:
I have noticed than when my computer wakes up from sleep the dom0 
date and time updates as soon as my computer gets net connectivity, 
but my appVMs can take a loong time before their date and time 
also update. Is there any explanation for this and maybe a way to 
fix it?


Ok I can sync it manually in the appVM using `sudo qvm-sync-clock`. 
So the question is how can I set it to run more frequently in the 
appVM?


Update: When my computer wakes from sleep the appVMs never update 
their time. The only way is to manually run `sudo-qvm-sync-clock` or 
reboot the VM. Why do I see this behavior? I am sure date and time 
should sync everywhere automatically. Without the need, which looks 
to be the only solution currently, to create a small script that is 
executed at VM startup and it goes into a loop and runs 
`sudo-qvm-sync-clock` every 30 seconds.


  This is a serious problem, VMs don't sync their time on 4.2. Can 
anybody provide meaningful input?



Is there nothing I can do here?

Is it just me and my system or are you also seeing this?

I have resolved the issue of my VMs not syncing their time. It is 
actually quite interesting, because although VMs are set to 
automatically sync their time every 6 hours as is explained [here][1] a 
certain set of conditions caused the clocks on my VMs to 'never' sync. 
Other users can quite easily experience the same situation without 
realizing it.


I have filed [bug report 
8217](https://github.com/QubesOS/qubes-issues/issues/8217) for this.


To fix my issue I defined a custom clock sync definition in

`sudo vim /etc/systemd/system/qubes-sync-time.timer`

and added

```
[Timer]
OnUnitActiveSec=10s
```


[1]: 
https://github.com/Qubes-Community/Contents/blob/master/docs/system/clock-time.md#tweaking-time-synchronization-defaults


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c5a1c40-0534-90cc-ca5f-55ba9da2a50c%40ak47.co.za.

[qubes-users] dom0 backup/restore

[Qubes]

The documentation on [how to backup, restore and 
migrate](https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/) 
says,


"When backing up dom0 using the Qubes backup tool (explained below), 
only the home directory is backed up. Therefore, if there are files 
outside of the home directory you wish to save, you should copy them 
into the home directory prior to creating a backup."


However, when I use the Qubes backup tool it shows the size of the dom0 
backup is going to be 7.1 GB, but other than about 20 MB of screenshots 
in `/home/Pictures/` I don't have anything in `/home/`.


Why then does the Qubes backup tool report the dom0 backup is going to 
be 7.1 GB. What is it then backing up?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d75d54d9-cc15-4597-d77e-cd84c0223840%40ak47.co.za.

Re: [qubes-users] KDE on 4.1

[Qubes]

'unman' via qubes-users wrote:
On Tue, Jul 19, 2022 at 01:26:13PM +0200, Qubes wrote:

Qubes wrote:

'unman' via qubes-users wrote:

On Tue, Jul 19, 2022 at 08:41:40AM +0200, Qubes wrote:

The procedure to install KDE in 4.1 doesn't seem to work, is
that expected
behavior?


Yes, the group isn't present.
qubes-dom0-update kde-settings-qubes



Is this the way of installing KDE now which means the documentation must
be updated or is this just a workaround?



Also, would the correct procedure to remove KDE still be as per the
documentation,

"sudo dnf remove kdelibs plasma-workspace"

dnf remove kde-settings-qubes

The [documentation](https://www.qubes-os.org/doc/kde/) still shows the 
procedure for removing KDE as `sudo dnf remove kdelibs 
plasma-workspace`. Shouldn't this be updated to `sudo dnf remove 
kde-settings-qubes`?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6af6926f-6672-d77d-c2d8-9d9d85874810%40ak47.co.za.

Re: [qubes-users] Best practice VPN in Qubes

['taran1s' via qubes-users]

Demi Marie Obenour:

On Sat, May 13, 2023 at 10:57:00AM +, Qubes OS Users Mailing List wrote:

Andrew David Wong:

On 5/12/23 4:31 AM, 'taran1s' via qubes-users wrote:

If anon-whonix AppVM is set to use mullvad-VPN that is connected to sys-whonix 
it doesn't connect to internet. If one uses Debian or Fedora based AppVM and 
runs vanilla Firefox, it works like a breeze.

Any ideas how to solve this?



I think that's by design. Whonix does that to protect you from accidentally 
compromising your own privacy.




The answer below was meant to you David. I misidentified Patrick as the 
author of the answer.





Thank you for the answer Patrick. It is possible. The question is how does
one use VPN over Tor in this case with Torbrowser that doesn't compromise
the privacy (see the use case below please).
The use case is to connect to a service like Twitter that is not Tor
friendly from a static non-tor IP address (VPN), but at the same time hide
my real IP address from the VPN provider by using Tor before I connect to
the VPN.



Some services, like Twitter even if they have onion site keep forcing me to
reset password periodically, reminding me that there is a suspicious
behavior (just by connecting from Tor, not even posting anything) in an
endless loop.



I would like to use the anon-whonix-twitter AppVM Torbrowser specifically
for connection to that particular account only and nothing else, no other
apps or even websites ever used in that anon-whonix-twitter AppVM.



Do you have any advice how to enable Torbrowser in the anon-whonix-twitter
to work in the VPN over Tor scenario?


I would use the onion service and deal with the Twitter-side brokenness.



So you would propose to drop the VPN entirely from the equation, use 
twitter's onion service and just use normal sys-whonix networking in the 
anon-whonix-twitter AppVM.


The issue I face is not much of a laziness to deal with the annoyance 
but with the requests for additional, looped identity checks like sms (I 
can deal with that from time to time, but not always), continuous 
password changes and similar craziness. They want to "protect me", omg. 
I have set the 2FA but still the same.


Funny part is that one even doesn't need to have any activity on the 
account that could be suspicious, because there is no activity at all. 
The issue is purely the fact of connection through their own onion 
service. Which would be funny if it wasn't sad.


Are there any significant drawbacks to use Torbrowser in the VPN over 
Tor scenario? Just in case they lock me out or something., for my 
protection of course.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e18aa56b-8ffe-b14d-e3df-9efec275d6f3%40mailbox.org.

[qubes-users] sys-gui

[Qubes]

When i installed `sys-gui` on my system the `SaltStack` formula 
downloaded and installed fedora-36-xfce. Do i need to do anything more 
than download the `fedora-37-xfce` template and switching the template 
for `sys-gui` to the new template?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58dbf781-0be6-aae5-75ca-6b9acd26a941%40ak47.co.za.

Re: [qubes-users] Best practice VPN in Qubes

['taran1s' via qubes-users]

Andrew David Wong:

On 5/12/23 4:31 AM, 'taran1s' via qubes-users wrote:

If anon-whonix AppVM is set to use mullvad-VPN that is connected to sys-whonix 
it doesn't connect to internet. If one uses Debian or Fedora based AppVM and 
runs vanilla Firefox, it works like a breeze.

Any ideas how to solve this?



I think that's by design. Whonix does that to protect you from accidentally 
compromising your own privacy.



Thank you for the answer Patrick. It is possible. The question is how 
does one use VPN over Tor in this case with Torbrowser that doesn't 
compromise the privacy (see the use case below please).


The use case is to connect to a service like Twitter that is not Tor 
friendly from a static non-tor IP address (VPN), but at the same time 
hide my real IP address from the VPN provider by using Tor before I 
connect to the VPN.


Some services, like Twitter even if they have onion site keep forcing me 
to reset password periodically, reminding me that there is a suspicious 
behavior (just by connecting from Tor, not even posting anything) in an 
endless loop.


I would like to use the anon-whonix-twitter AppVM Torbrowser 
specifically for connection to that particular account only and nothing 
else, no other apps or even websites ever used in that 
anon-whonix-twitter AppVM.


Do you have any advice how to enable Torbrowser in the 
anon-whonix-twitter to work in the VPN over Tor scenario?



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dfa9007-6f21-3032-a1e1-395f719d0457%40mailbox.org.

Re: [qubes-users] Fedora 36 reaches EOL on 2023-05-16

['Stuart Perkins' via qubes-users]

On Thu, 11 May 2023 15:20:17 -0700
Andrew David Wong  wrote:

>Dear Qubes Community,
>
>The Fedora Project has 
>[announced](https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/4GXBZJSGQ2PEKIBM2APCTLXBS6IDKSOP/)
> that Fedora 36 will reach EOL 
>([end-of-life](https://fedoraproject.org/wiki/End_of_life)) on 2023-05-16. We 
>strongly recommend that all users 
>[upgrade](https://www.qubes-os.org/doc/templates/fedora/#upgrading) their 
>Fedora templates and standalones to [Fedora 
>37](https://www.qubes-os.org/news/2023/03/03/fedora-37-templates-available/) 
>no later than 2023-05-16.
>
>We provide fresh Fedora 37 template packages through the official Qubes 
>repositories, which you can install in dom0 by following the standard 
>[installation 
>instructions](https://www.qubes-os.org/doc/templates/fedora/#installing). 
>Alternatively, we also provide step-by-step instructions for [performing an 
>in-place 
>upgrade](https://www.qubes-os.org/doc/templates/fedora/in-place-upgrade/) of 
>an existing Fedora template. After upgrading your templates, please remember 
>to [switch all qubes that were using the old template to use the new 
>one](https://www.qubes-os.org/doc/templates/#switching).
>
>For a complete list of template releases that are supported for your specific 
>Qubes release, see our [supported template 
>releases](https://www.qubes-os.org/doc/supported-releases/#templates).
>
>Please note that no user action is required regarding the OS version in dom0. 
>For details, please see our [note on dom0 and 
>EOL](https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
>
>
>This announcement is also available on the Qubes website:
>https://www.qubes-os.org/news/2023/05/11/fedora-36-reaches-eol-on-2023-05-16/
>

Wonderful warning.  Nothing like advance notice.  :/

Following the procedure here...

https://www.qubes-os.org/doc/templates/fedora/in-place-upgrade/

It kind of works, but there is an issue.

Trying to attach the cache space image gets the error that it is not "exposed" 
so I had to work around it.  Perhaps due to the fact that I don't use LVM on my 
machine...and the install put the bulk of the available storage in 
/var/lib/qubes, which is NOT exposed.  I don't wish to add the additional layer 
of LVM complication to an already encrypted system.

I have a 700gb image I used to contain a 600gb image where I collect files for 
archive purposes.  I mount the 700gb image in dom0 at a mount point in /mnt, 
and create the cache image in that space to attach to which ever Qube I desire. 
 After doing the losetup, I use the device menu to attach it to the Qube.  This 
works.

Since I have modified the fedora-36 template to add claws-mail, gimp and 
dosbox-x (I use an old editor that requires it to be usable), it is best to 
upgrade in place after clone.  I have two fedora-36 templates...one with no 
modifications and one with the aforementioned software additions.  The 
unmodified one is used by sys-net, sys-firewall and such.

Qubes 4.1 with Xfce desktop, Lenovo w540.

Stuart

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20230512103948.4c7b7cd8%40yahoo.com.

Re: [qubes-users] Best practice VPN in Qubes

['taran1s' via qubes-users]

I managed to make run the tasket guide even for VPN over Tor. The only 
issue I didn't solve is that it is not working with Torbrowser in 
anon-whonix AppVM.


If anon-whonix AppVM is set to use mullvad-VPN that is connected to 
sys-whonix it doesn't connect to internet. If one uses Debian or Fedora 
based AppVM and runs vanilla Firefox, it works like a breeze.


Any ideas how to solve this?

Leo28C:

I followed this guide: https://micahflee.com/2019/11/using-mullvad-in-qubes/
(works with others too not just Mullvad)

On Wed, May 10, 2023 at 9:51 AM 'taran1s' via qubes-users <
qubes-users@googlegroups.com> wrote:


Hi,

What is the best practice for setting up a VPN proxy in Qubes these days
(for Mullvad, VPN over Tor)?

I found two versions for setup of VPN proxy in Qubes:

The first one is from tasket called Qubes-vpn-support. The last version
is dated Dec 2020: https://github.com/tasket/Qubes-vpn-support/tree/v1.4.4

Second one is directly from Mullvad dated March 6th 2023 and so it seems
more fresh.
https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/

I plan to use VPN over Tor with Mullvad. Which guide would you recommend
to use for this case and why?

Thank you a ton!

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/35163750-58a0-66fd-d46c-8f755051f59c%40mailbox.org
.





--
Kind regards
taran1s

gpg: 12DDA1FE5FB39C110F3D1FD5A664B90BD3BE59B3

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/47054e41-8891-cab3-0159-64a4a17e5191%40mailbox.org.

[qubes-users] Best practice VPN in Qubes

['taran1s' via qubes-users]

Hi,

What is the best practice for setting up a VPN proxy in Qubes these days 
(for Mullvad, VPN over Tor)?


I found two versions for setup of VPN proxy in Qubes:

The first one is from tasket called Qubes-vpn-support. The last version 
is dated Dec 2020: https://github.com/tasket/Qubes-vpn-support/tree/v1.4.4


Second one is directly from Mullvad dated March 6th 2023 and so it seems 
more fresh.

https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/

I plan to use VPN over Tor with Mullvad. Which guide would you recommend 
to use for this case and why?


Thank you a ton!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35163750-58a0-66fd-d46c-8f755051f59c%40mailbox.org.

[qubes-users] Beginner questions

['sonnenfinsternis' via qubes-users]

Hi there :)

I've only been using QubesOS for two weeks and so far I'm totally thrilled! 
Thanks to all who contribute to this wonderful project :-) 
But there are a few questions that I have not been able to clarify online or 
with friends, so I would like to try here:

1) Is there somewhere in the GUI an overview of the real processor load of the 
device? I think the percentage display in the upper right corner of the Qube 
overview shows this relative to the allocated cores. The task manager in dom9, 
however, only shows the load of dom0. Or have I misunderstood this?

2) I have a Windows Qube as a standalone VM. The integration works fine thanks 
to qubes-windows-tools. But is there something similar for standalone Linux 
VMs? Assuming there is a LinuxMint in a standalone qube: What is the best way 
to exchange files or pass the clipboard to other "normal" Qubes? Via a USB 
stick? Surely there is a software solution :)

3) How do I know that there is a new template, e.g. Fedora 38? Do I have to 
check this myself regularly under qvm-template-gui? And while we are at it: Do 
I reach qvm-template-gui also somehow with the mouse over the gui?

4) I got to thinking when I saw that there is his fedora-37-xfce template. Is 
it possible to start the desktop in an app VM based on it? Does this actually 
work in general in a qube that is not a standalone installation? Or can I 
always start only individual programs?

5) And why does the tab completion in the terminal often not work in the Debian 
templates? Especially when installing software with "sudo apt install xyz" I 
have problems, because I have to know exactly what the packages are called.

I hope that I have not outed myself as a complete idiot with these questions. 
But I honestly haven't been able to figure them out for myself so far, so I 
wanted to put them up for debate here. Maybe there are other newbies like me 
with similar questions.

Regards and thanks for reading :)

Eichennarr

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fRNrzab0LEa2j5bsfaZicNCklhV2LUH8YfOZj5tL_pTkklftQD7hHj7FVQ2WItPz6Ri6RADX3NOzhYNkQhe7XZzMvbpkVlZrCqlvLr8SNs%3D%40protonmail.ch.

[qubes-users] HCL - TUXEDO InfinityBook S 15 Gen7

['sonnenfinsternis' via qubes-users]

Here is my report on the TUXEDO InfinityBook S 15 Gen7. Great laptop, but 
honestly it is quite annoying in the long run that the fan blows so loud when 
you work in many Qubes in parallel :-(
Greetings!
Eichennarr

---
layout:
  'hcl'
type:
  'notebook'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'unknown'
remap:
  'yes'
brand: |
  TUXEDO
model: |
  TUXEDO InfinityBook S 15 Gen7
bios: |
  1.07.09RTR2
cpu: |
  12th Gen Intel(R) Core(TM) i7-1260P
cpu-short: |
  Intel Core i7-1260P
chipset: |
  Intel Corporation Device [8086:4621] (rev 02)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation Device [8086:46a6] (rev 0c) (prog-if 00 [VGA controller])
gpu-short: |
  Intel Iris Xe Graphics G7 96EUs
network: |
  Intel Corporation Wi-Fi 6 AX200 (rev 1a)
  Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit 
Ethernet Controller (rev 15)
memory: |
  65240
scsi: |

usb: |
  3
versions:

- works:
'yes'
  qubes: |
R4.1
  xen: |
4.14.5
  kernel: |
6.1.12-1
  remark: |
All very slow with the default settings. But after a new installation with 
the option kernel latest everything works smoothly!
  credit: |
Eichennarr
  link: |
FIXLINK

---

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EYG7ourMqffnb9w-08hMuyUwdWJkhyuVEEI2OlVTdrb1jo0YtulNmiVTWpKJ9qTorg73szrOMeaJmHW81HDiqG1bFtqAkjvtiLkf7FkkjGY%3D%40protonmail.ch.


Qubes-HCL-TUXEDO-TUXEDO_InfinityBook_S_15_17_Gen7-20230509-094307.yml
Description: application/yaml

Re: [qubes-users] Time and date of appVM

[Qubes]

Qubes wrote:

Qubes wrote:

Qubes wrote:

Qubes wrote:
I have noticed than when my computer wakes up from sleep the dom0 
date and time updates as soon as my computer gets net connectivity, 
but my appVMs can take a loong time before their date and time 
also update. Is there any explanation for this and maybe a way to 
fix it?


Ok I can sync it manually in the appVM using `sudo qvm-sync-clock`. 
So the question is how can I set it to run more frequently in the appVM?


Update: When my computer wakes from sleep the appVMs never update 
their time. The only way is to manually run `sudo-qvm-sync-clock` or 
reboot the VM. Why do I see this behavior? I am sure date and time 
should sync everywhere automatically. Without the need, which looks to 
be the only solution currently, to create a small script that is 
executed at VM startup and it goes into a loop and runs 
`sudo-qvm-sync-clock` every 30 seconds.


  This is a serious problem, VMs don't sync their time on 4.2. Can 
anybody provide meaningful input?



Is there nothing I can do here?

Is it just me and my system or are you also seeing this?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9005303-c449-b4c8-73b7-43305243ef95%40ak47.co.za.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

[Qubes]

Qubes wrote:
Is this normal/expected behavior?

As has been discussed in this thread, making changes in `/etc/skel` in a 
template of an existing VM does not propagate to the VM. However, if you 
change the VMs template to a different template it seems like 
`/etc/skel` is copied to `/home/user` when the VM boots, even though it 
is not a new VM. I don't understand the documentation in this way.


I checked this now. This not the case, it was because of a test I was 
doing with another thread "Injecting configuration files into appVM when 
it's created/started for the first time". The test I was doing did 
something unexpected that made it appear as if `/etc/skel` was copied to 
a VM when the Template changes when in fact it does not.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5a6598f-137b-db4b-a176-e0377d4a2ff5%40ak47.co.za.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

[Qubes]

Qubes wrote:

Vít Šesták wrote:
    Perhaps my search terms are just out of whack, but I have had a good
    look around and I cannot find a system wide location for
    `~/.config/qt5ct/qt5ct.conf` that controls the Style and Icon 
Theme for

    example.


It's easy to find.

1. Me: Do you know a system-wide file for ~/.config/qt5ct/qt5ct.conf?
ChatGPT: Yes, the system-wide configuration file for 
~/.config/qt5ct/qt5ct.conf is typically located at 
/etc/xdg/qt5ct/qt5ct.conf. This file contains the default settings for 


I tried `/etc/xdg/qt5ct/qt5ct.conf` and it didn't work. I also tried 
`/etc/xdg/qt5ct.conf` (just to try my luck) but it also doesn't work. I 
will try it again just to double check, maybe my midnight oil lamp was 
already running out of oil when I did try and I made a mess of it.


Ok so just to provide feedback, I have tried this again. The default is 
in fact located at `/etc/xdg/qt5ct/qt5ct.conf`, but it is only applied 
if `~/.config/qt5ct/qt5ct.conf` does not exist, with caveats. In fact 
what happens is if `~/.config/qt5ct/qt5ct.conf` does not exist 
`/etc/xdg/qt5ct/qt5ct.conf` is copied to `~/.config/qt5ct/`. Which kind 
of solves the problem.


If the file exists you can delete it and just close all of you Qt 
applications and open them again. With the first one that you open it 
will check if `~/.config/qt5ct/qt5ct.conf` exists and if not make a copy 
of `/etc/xdg/qt5ct/qt5ct.conf`.


This still does not allow a seamless edit to `/etc/xdg/qt5ct/qt5ct.conf` 
(in the Template) that will just apply to all VMs, but it does make it 
easier.


I had a look at `strings /usr/lib64/libQt5Gui.so.5.15.9|grep '^QT_'` but 
I don't see a variable name that indicates to me it has anything to do 
with the path of `qt5ct.conf`. Thank you for the suggestion I have 
learnt something new today.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2330fbd-e579-4639-afbe-de396679ff9f%40ak47.co.za.

Re: [qubes-users] Colourful prompt

[Qubes]

Qubes wrote:

'unman' via qubes-users wrote:

On Thu, May 04, 2023 at 05:01:38AM -0700, Andrew David Wong wrote:

On 5/3/23 4:02 AM, Qubes wrote:
I have noticed on Fedora, the cli prompt itself is not colourful 
although the rest of the output is. Is there a way to get the prompt 
itself in colour as well? The prompt on Debian is in colour, it 
makes it easier to find things when the prompt is in colour aswell.




Since this is not a Qubes-specific question, you might have better 
luck searching the web for how to do this in Fedora (or Linux in 
general) or asking in a Fedora (or general Linux) venue.



I wonder if this *is* Qubes specific, as it is stated that the Debian
prompt is in color. (Implicit, I think, is the suggestion that the color
matches the window decorations.)
OP - is that what you see? That the prompt is consistent with the window
decoration set by Qubes?



No the colour of the prompt does not follow the window decoration, I was 
wondering if this isn't maybe a problem only on Fedora on Qubes and not 
Fedora in general. I don't have a Fedora standalone I can check on. I 
just found it odd that the prompt on Debian would be in colour (Green, 
and it is real easy to find in between a lot of other output) and on 
Fedora it is the same colour as the text you type. But as I was 
re-reading my reply here I just had another look over and I just 
discovered that the prompt on some of the Fedora VMs is in colour, also 
a bright green, and some of them are default text colour. So in essense 
it doesn't have anything to do with Qubes. I am a little confused though 
because I can swear some of the VMs that I previously check where the 
prompt was the default text colour now has a colourful prompt. (head 
scratch head scratch)


It must be because of a dependency that gets installed along the way 
because booting the vanilla Fedora-37 template it does not have a 
colourful prompt. I don't install anything specific for this myself. 
Glad we cleared that up :-)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b540c0d6-c835-9f9f-eac7-5a08604e3748%40ak47.co.za.

Re: [qubes-users] The NovaCustom NV41 Series laptop is Qubes-certified!

[Qubes]

Leo28C wrote:
On Wed, May 3, 2023 at 5:12 AM Andrew David Wong <mailto:a...@qubes-os.org>> wrote:


nor can we control whether physical hardware is modified (whether
maliciously or otherwise) *en route* to the user.


Actually you could:

1) Laminate product with `warranty void if removed` stickers of various 
brands and types
2) Send PGP-signed high-res photo of sticker placement to buyer before 
shipping
3) Buyer receives product and compares sticker placement to the photo to 
verify integrity



This is a great idea, you should contact Nova and propose it to them.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c28ae291-97e6-a918-68de-e6e7f6dc5e44%40ak47.co.za.

Re: [qubes-users] Colourful prompt

[Qubes]

'unman' via qubes-users wrote:

On Thu, May 04, 2023 at 05:01:38AM -0700, Andrew David Wong wrote:

On 5/3/23 4:02 AM, Qubes wrote:

I have noticed on Fedora, the cli prompt itself is not colourful although the 
rest of the output is. Is there a way to get the prompt itself in colour as 
well? The prompt on Debian is in colour, it makes it easier to find things when 
the prompt is in colour aswell.



Since this is not a Qubes-specific question, you might have better luck 
searching the web for how to do this in Fedora (or Linux in general) or asking 
in a Fedora (or general Linux) venue.


I wonder if this *is* Qubes specific, as it is stated that the Debian
prompt is in color. (Implicit, I think, is the suggestion that the color
matches the window decorations.)
OP - is that what you see? That the prompt is consistent with the window
decoration set by Qubes?



No the colour of the prompt does not follow the window decoration, I was 
wondering if this isn't maybe a problem only on Fedora on Qubes and not 
Fedora in general. I don't have a Fedora standalone I can check on. I 
just found it odd that the prompt on Debian would be in colour (Green, 
and it is real easy to find in between a lot of other output) and on 
Fedora it is the same colour as the text you type. But as I was 
re-reading my reply here I just had another look over and I just 
discovered that the prompt on some of the Fedora VMs is in colour, also 
a bright green, and some of them are default text colour. So in essense 
it doesn't have anything to do with Qubes. I am a little confused though 
because I can swear some of the VMs that I previously check where the 
prompt was the default text colour now has a colourful prompt. (head 
scratch head scratch)


I do see this in .bashrc on Debian and there is nothing of it in .bashrc 
on Fedora. There is in fact a lot of stuff in .bashrc on Debian that is 
not there on Fedora.


.bashrc

===truncated===

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi

===truncated===

I have copied it over to .bashrc on Fedora and uncommented 
`force_color_prompt=yes` but it makes no difference.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62120076-9be6-1d62-4831-a3f638d3414f%40ak47.co.za.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

[Qubes]

Is this normal/expected behavior?

As has been discussed in this thread, making changes in `/etc/skel` in a 
template of an existing VM does not propagate to the VM. However, if you 
change the VMs template to a different template it seems like 
`/etc/skel` is copied to `/home/user` when the VM boots, even though it 
is not a new VM. I don't understand the documentation in this way.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd3a4b52-cb34-be7d-f22b-8dcb9246dff9%40ak47.co.za.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

[Qubes]

Vít Šesták wrote:
Perhaps my search terms are just out of whack, but I have had a good
look around and I cannot find a system wide location for
`~/.config/qt5ct/qt5ct.conf` that controls the Style and Icon Theme for
example.


It's easy to find.

1. Me: Do you know a system-wide file for ~/.config/qt5ct/qt5ct.conf?
ChatGPT: Yes, the system-wide configuration file for 
~/.config/qt5ct/qt5ct.conf is typically located at 
/etc/xdg/qt5ct/qt5ct.conf. This file contains the default settings for 


I tried `/etc/xdg/qt5ct/qt5ct.conf` and it didn't work. I also tried 
`/etc/xdg/qt5ct.conf` (just to try my luck) but it also doesn't work. I 
will try it again just to double check, maybe my midnight oil lamp was 
already running out of oil when I did try and I made a mess of it.


the Qt5 Configuration Tool and is used as a fallback configuration file 
if no user-specific configuration is found.


Note that the location of the system-wide configuration file may vary 
depending on your specific Linux distribution or operating system. You 
can use the locate or find command to search for the file on your system.


2. Verify by Google by searching "/etc/xdg/qt5ct/qt5ct.conf" (including 
quotes). It seems that this location is real.


Even more frustrating I cannot
find a list of the environment variables that I can potentially use. I
only know of the `QT_QPA_PLATFORMTHEME=qt5ct` which I currently use and
`QT_STYLE_OVERRIDE=` [3][4] which you can set to either `adwaita` or
`kvantum` However there may be an environment variable one can use to
set the path to the `qt5ct.conf`, but such a list alludes me.



1. Look where it is used:
sudo grep -rl QT_QPA_PLATFORMTHEME /usr
/usr/share/doc/qgnomeplatform-qt6/README.md
/usr/share/doc/gnupg2/NEWS
/usr/share/doc/qgnomeplatform-qt5/README.md
/usr/lib64/libQt5Gui.so.5.15.9
/usr/lib64/libQt6Gui.so.6.4.3

2. Look in the binary:
strings /usr/lib64/libQt6Gui.so.6.4.3 | grep '^QT_'



Thanks I will check this.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48389e46-b8e0-bf48-bfc0-bafe439dcf05%40ak47.co.za.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

[Qubes]

Cristian Margine wrote:
Most software has a default config location. You can search it on 
archwiki(qubes is using fedora, but in general the arch wiki list paths that 
work on all distros as location where the configuration for a program must be 
placed), ask chatgpt or search on google for the default config location for 
that program. It might be in /etc or somewhere in /usr/.



Perhaps my search terms are just out of whack, but I have had a good 
look around and I cannot find a system wide location for 
`~/.config/qt5ct/qt5ct.conf` that controls the Style and Icon Theme for 
example. I have looked around on Archwiki [1] as well but there is no 
mention of a global conf file for Qt5. Qt4 on the other hand does 
support a global conf file [2], `/etc/xdg/Trollech.conf`, which I have 
tried using but Qt5 does not look at it. Even more frustrating I cannot 
find a list of the environment variables that I can potentially use. I 
only know of the `QT_QPA_PLATFORMTHEME=qt5ct` which I currently use and 
`QT_STYLE_OVERRIDE=` [3][4] which you can set to either `adwaita` or 
`kvantum` However there may be an environment variable one can use to 
set the path to the `qt5ct.conf`, but such a list alludes me.


I also canot find a system wide location for Krusader configuration file 
`~/.config/krusaderrc`.


From there the need arises to inject files into already running VMs. 
For future VMs this problem is solved with `/etc/skel` but my problem is 
with running VMs.


[1]: 
https://wiki.archlinux.org/title/Qt#Configuration_of_Qt_5_applications_under_environments_other_than_KDE_Plasma

[2]: https://wiki.archlinux.org/title/Qt#Styles_in_Qt_4
[3]: 
https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications#Adwaita
[4]: 
https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications#Kvantum


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a7a0fa1-9436-553f-6445-738835375fb9%40ak47.co.za.

Re: [qubes-users] Colourful prompt

['unman' via qubes-users]

On Thu, May 04, 2023 at 05:01:38AM -0700, Andrew David Wong wrote:
> On 5/3/23 4:02 AM, Qubes wrote:
> > I have noticed on Fedora, the cli prompt itself is not colourful although 
> > the rest of the output is. Is there a way to get the prompt itself in 
> > colour as well? The prompt on Debian is in colour, it makes it easier to 
> > find things when the prompt is in colour aswell.
> > 
> 
> Since this is not a Qubes-specific question, you might have better luck 
> searching the web for how to do this in Fedora (or Linux in general) or 
> asking in a Fedora (or general Linux) venue.
> 
I wonder if this *is* Qubes specific, as it is stated that the Debian
prompt is in color. (Implicit, I think, is the suggestion that the color
matches the window decorations.)
OP - is that what you see? That the prompt is consistent with the window
decoration set by Qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZFOgEprkEoVo25%2Bv%40thirdeyesecurity.org.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

['unman' via qubes-users]

On Wed, May 03, 2023 at 04:19:00PM +, Qubes wrote:
> > 'unman' via qubes-users wrote:
> > On Wed, May 03, 2023 at 12:53:00PM +, Qubes wrote:
> > 
> > > Is there a sane way to update existing `*.conf` files on VMs that are
> > > already running?
> > > Is there a not-so-labour-intensive way to solve this problem?
> > 
> > Use salt - it's easy to apply to existing qubes, as well as template.
> > You can (if you wish) store the config file whole, or just the changes
> > that you want to make, as part of the install.
> > It also has the advantage of being self documenting.
> > 
> I have looked over salt, albeit briefly, but it definitely does not look
> like something that someone with no knowledge of salt can just jump in and
> use.  You have mentioned this a lot so perhaps the best person here to ask
> is you. Can you maybe recommend a salt for 'dummies' guide?
> 
I have some notes at https://github.com/unman/notes which take you
through simple steps with many examples of using salt in Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZFMc9rIv4VwnBPg7%40thirdeyesecurity.org.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

[Qubes]

'unman' via qubes-users wrote:
On Wed, May 03, 2023 at 12:53:00PM +, Qubes wrote:


Is there a sane way to update existing `*.conf` files on VMs that are
already running?
Is there a not-so-labour-intensive way to solve this problem?


Use salt - it's easy to apply to existing qubes, as well as template.
You can (if you wish) store the config file whole, or just the changes
that you want to make, as part of the install.
It also has the advantage of being self documenting.

I have looked over salt, albeit briefly, but it definitely does not look 
like something that someone with no knowledge of salt can just jump in 
and use.  You have mentioned this a lot so perhaps the best person here 
to ask is you. Can you maybe recommend a salt for 'dummies' guide?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ea4f3c0-ec14-a515-1cf2-20eef567bd50%40ak47.co.za.

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

['unman' via qubes-users]

On Wed, May 03, 2023 at 12:53:00PM +, Qubes wrote:

> Is there a sane way to update existing `*.conf` files on VMs that are
> already running?
> Is there a not-so-labour-intensive way to solve this problem?

Use salt - it's easy to apply to existing qubes, as well as template.
You can (if you wish) store the config file whole, or just the changes
that you want to make, as part of the install.
It also has the advantage of being self documenting.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZFKNmZMMJjV2eD40%40thirdeyesecurity.org.

Re: [qubes-users] Time and date of appVM

[Qubes]

Qubes wrote:

Qubes wrote:

Qubes wrote:
I have noticed than when my computer wakes up from sleep the dom0 
date and time updates as soon as my computer gets net connectivity, 
but my appVMs can take a loong time before their date and time 
also update. Is there any explanation for this and maybe a way to fix 
it?


Ok I can sync it manually in the appVM using `sudo qvm-sync-clock`. So 
the question is how can I set it to run more frequently in the appVM?


Update: When my computer wakes from sleep the appVMs never update their 
time. The only way is to manually run `sudo-qvm-sync-clock` or reboot 
the VM. Why do I see this behavior? I am sure date and time should sync 
everywhere automatically. Without the need, which looks to be the only 
solution currently, to create a small script that is executed at VM 
startup and it goes into a loop and runs `sudo-qvm-sync-clock` every 30 
seconds.


 This is a serious problem, VMs don't sync their time on 4.2. Can 
anybody provide meaningful input?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/651672d7-f28c-c96c-f243-dbc9e139a40f%40ak47.co.za.