Re: [qubes-users] Dividing Qubes Into Separate Networks (FAILED)
- On May 11, 2020, at 10:16 AM, qubes-users qubes-users@googlegroups.com wrote: > Here is full summary of where I am at. Could someone please provide guidance > with this? Thank you very much. > > > Qubes OS version > Qubes OS R4.0 > > Affected component(s) or functionality > Networking > > Brief summary > I tried to separate everything into to two subnets meanings 2 NICs, 2 gateways > (sys-net), 2 firewalls. Everything works on the network before the new gw and > after it. All qubes can communicate to the firewall. After the gateway > everything works properly on the physical network as designed and can get out > to the internet if I connect any client other to it but the new gateway. > > The main gateway remains functional but the new one can't get on the network, > hence the whole chain doesn't work. > > To Reproduce > Steps to reproduce the behavior (I tried 3 different way, same results): > First Version: > Simply clone the main gateway from Qubes Manager. > > Second Version: > From dom0 (as root) under /srv/formulas/base/virtual/machines/formula > duplicate > and edit the following two files: sys-net.top and sys-net.sls and run qubesctl > state.apply qvm/sys-net2 to create a new sys-net from scratch. > > Third version: > Create new stanadlone VM, mark "provides networking" > > Expected behavior > My hope was that once I have a new sys-net I can just assign the other NIC to > it > and connect to the network just like the main gateway > > Actual behavior > If I leave the advanced network manager on DHCP then the gw is not getting and > IP from the server. (If I connect any other non-Qubes clients they get an IP > right away). If I set the IP manually then it "takes it" but I still cannot > get > on the network, and can't get online. > > Additional context > The physical setup is this: modem <--> pfsense firewall <--> Unifi Switch <--> > Server Running Qubes > > The server has two built in NICs, one PCI and one WiFi. It might be important > that if I assign all 3 (not in use) NICs to the 2nd gw then only 1 has a mac > address. The other 2 show up as ens[0-9] but I don't see a mac > > The network is setup so that the main gw on Qubes is on the main LAN segment > on > the network. The 2nd gw has a designated VLAN setup > > Solutions you've tried > 1) To make sure everything works on the server running Qubes and the network > itself I used a live boot Linux and tried all NICs. Every NIC was able to > connect to both the main LAN and the separate VLAN using both DHCP and manual > IP settings. > > 2) As I listed above I tried cloning the 2nd gw from the main one and I tried > creating from scratch > > 3) I tried editing the gw network settings though nmcli and the GUI > > 4) I booted the server with a Fedora 31 live USB, set network setting > manually, > copied out the /etc/sysconfig/network-scripts/ifcfg-interface-name and > manually > entered all those through nmcli > > Just to reiterate once more, the network setup outside of Qubes is 100% > functional. If I connect any machines to any segment of network to any port on > the switch they always work as intended. > > -- Hello. I have a similar setup but without a VLAN - never been a fan. I have a 4-port pfsense router (community edition on a Protectli appliance), a couple of small unmanaged switches and a couple of ubiquiti APs. I cloned sys-net & sys-firewall to, say, sys-net-play & sys-firewall-play. My Qubes box has 2 wired NICs - one is assigned the default network, the other play. I added a new DHCP scope to the pfsense for play (typical consumer class c), tossed a couple of firewall rules on the pfsense box for both subnets to prevent traffic between them. Each LAN has its own switch and AP. >From my Qubes box, I can assign either network to any VM. In fact, I do just >that to remote control some hobby gear I have on the play net. I am wondering it you might need to use two wired NICs. DG -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/105947273.20643.1589227917080.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Qubes better dove tailed for Journalists, and Human Rights Workers.
- On May 9, 2020, at 4:02 PM, Steve Coleman wrote: > On Fri, May 8, 2020 at 7:13 PM Catacombs < ggg...@gmail.com > wrote: >> A Journalist or a Human Rights investigator, I think are more comfortable >> with >> ease of use, not secure. > There is always a trade-off between security and usability for sure. One > trade-off for the non geek users is to enable networking in the software > template so that you can run the "Software" application to pick and choose > your > required desktop applications. The journalist may not know how to use DNF at > the command line but the Software installer will clearly let them pick and > choose from several decent word processors. If only the Software application > used the same proxy method to search the repository for packages then turning > on the networking would not be necessary. The average desktop user would have > a > much easier time installing what they need. > The main thing for them to *not do* is to run any applications in the template > VM itself. Never test things in the template unless you absolutely need to > pre-configure something, and if so, do it with networking turned off if you > have that choice. Clearly this is not easy for a non-geek, but it can be made > a > little easier. >> So, I bet this has been talked about before. As I was doing the upgrade to >> Fedora 31, I realized a Journalist is not likely to be very happy doing that. >> After that, I had to search to find a Text Editor, (Gedit is what I used) A >> Journalist would expect that the things > LibreOffice is what you want for journalists. >> Then I tried to watch a Video. Gee guys, a Journalist just expects this >> stuff to >> work. I , on the other hand, am concerned our mythical investigator not >> realizing the possible security implications of opening what kind of app, >> when. > If you enable rpmfusion repos you will be able to access more video codecs, > but > again that is a security trade-off. > What you can do is have one template with all the DRMed codecs providing for > one > or two AppVMs or DVMs that can run the videos, while keeping the remaining > AppVMs for investigations more secure without all the extra risky additions. > You just have to train them how to open the video URLs in one of the special > VMs. >> Tech people do not think like Journalists of Human Rights Workers, nor vice >> versa. > Perhaps not, but very likely we are trainable. There are some that are both tech and investigators. I personally found Qubes to be a solution I wish I had found long before I did. In fact, for me it was easier to move from Windows (and DOS before that) to Linux as my primary work environment via Qubes rather than just a standalone linux box or VM because it provided two solutions in one - move away from Windows and provide multiple more secure and isolated environments for my work. The technology landscape and associated threat vectors are very fluid and Qubes is part of the foundation for dealing with that. I even go so far as to suggest that Qubes should actually be the default OS for any computer user, but that is unrealistic of course. I cringe at the occasional post that suggests or implies that Qubes is difficult. My background is almost exclusively M$ with the odd *nix appliance thrown in, hardly the foundation for moving essentially cold-turkey to Qubes that, for me, is based on an unfamiliar hypervisor and linux vms. It is a tool, albeit one that is a bit specialized to emphasize security. And like any tool, you have to learn how to use it to maximize its intended purpose. It's not rocket surgery or brain science, but it's also not a toaster. That said, I personally feel that moving to LibreOffice and Thunderbird in the Windows environment many years ago made the transition much easier and more familiar. My prior profession also required that I maintain some level of proficiency at the command/terminal prompt. That can be a big hurdle for people considering the transition to Qubes from Windows. That said, I still struggle with some tasks in Linux for which I have not developed any "muscle memory" for - yet. But it gets easier daily. I see a lot of posters attempting to use Qubes in much the same manner as they might a standalone box and sometimes with less than sterling results. All of that adds to the knowledge base of Qubes, but everything that I have read tells me that being a reasonably secure OS on a computer in a connected, information-centric production environment (as in, making a living) is the primary purpose for its creation. It serves that purpose well in my view. It'll likely not be a gaming box, a screaming video or CAD rendering beast or even support bleeding-edge hardware. Qubes is a serious tool in the very serious and uncompromising world where the bar for what is considered dangerous information is lowered on a daily basis. -- You received this message because you are subscribed to the
Re: [qubes-users] Re: Password not working a day after reinstall
- On May 6, 2020, at 7:03 AM, Anil anilekla...@gmail.com wrote: > It turned out that the password was set to something other than the m > that Mullvad used. I definitely didn't change it. I remember from > earlier when I had read discussion on this list about Mullvad that the > password is m, which not easy to forget. Even after I added two more > countries today, I had set the password as m. > > So, I guess, there isn't much hope for security or privacy on this > particular laptop at least. Either I use it for some purpose and > accept the risks or I use something more like to be secure/private. > > They keyboard problem has started again. Perhaps I should learn a bit > or astrology. > > On Wed, 6 May 2020 at 13:42, Anil wrote: >> >> Today I am not able to connect to VPN at all. I tried configurations for >> three >> countries, have set the DNS to Mullvad DNS. Connects to Internet, but does >> connect to VPN. Even for normal Internet, I had to change the DNS. This DNS >> thing also has become a regular problem. Every I have to change DNS several >> times and hope it will work. >> >> On Wed, 6 May 2020 at 12:29 AM, Anil wrote: >>> >>> > did you try asking the internet about this problem? >>> > like, reading the first google hit for >>> > "dell xps 9370 keyboard problems"? >>> >>> 25 years ago the first thing I would have done would have been to look >>> for answers in books, computer magazines etc. >>> 10 years ago, I would have googled it. Even 2 years ago I would have >>> googled it. >>> >>> For the last two years, there have been such an avalanche of problems >>> that I have to think of other possibilities beyond those discussed on >>> the thread. >>> >>> See, the keyboard has been working perfectly for months. It was >>> working perfectly yesterday and again whole day after reinstall. >>> Problems pop up suddenly and then they often go away for no reason, >>> even without changing BIOS etc. >>> >>> If it was about just one device, I would still google it. As a matter >>> of fact (don't put that in quotes in the reply) I still do daily for >>> various problems. That's how I installed Mullvad, the first time I >>> have installed it. For the last two years (or somewhat more), the same >>> kind of problems appear on all devices that I use: feature phone, >>> Android smartphone, iPhone, iPad, Macbook, Windows laptop, Linux >>> laptop, Qubes OS laptop. Different hardwares, different OS's. >>> >>> > seems like that hardware just might be subfunctional by design >>> > in general, no "compromise" required. >>> > >>> > so for the keyboard to work, unplug _all_ cables (data, dock, power) >>> > _and_ pick a bios version that matches your current astrological >>> > alignment. if you are lucky, then it might work. >>> > changes in room temperature might require a different bios version. >>> > >>> >>> It is (in)glorious. Perhaps the message is just "Remove" (hardware?), >>> as you suggested. It's a pretty bleak scenario, if you look at it in >>> general, not as a developer or niche user. >>> >>> Room temperature is a whole different story by itself. There are many >>> stories linked to it. >>> >>> Regards, >>> >>> अनिल एकलव्य >>> (Anil Eklavya) >> >> -- >> अनिल एकलव्य >> (Anil Eklavya) > > > > -- > अनिल एकलव्य > (Anil Eklavya) > Have you considered the possibility of RFI (radio frequency interference) in your immediate environment? It is a persistent issue with amateur radio operators, especially for those that use a computer interface for digital modes. Some of the symptoms you describe with your keyboard sound similar to those described by amateur radio operators. USB ports, specifically the connecting cables, need RF chokes to prevent interference. Peripheral device switching power supplies (wall-warts, power bricks et al) sometimes do not have any RF choking (usually a molded bulge or a snap-on ferrite bead with one or two loops of the cord around it, either of which would be located close to where the power plugs into the device) at all. You can use the search term "rf in the shack" to give you insight to the issue and solutions. Alternately, I know from personal experience that some laptops themselves (looking at you Dell) are very noisy from an RF perspective (specifically the screen) as well as some laptop switching power supplies. Many people do not realize how much RF pollution there is in a technology-based society nor are there always ways to mitigate it. An example of the latter would be RF noise from the electrical power grid itself, such as a transformer. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1625010593.49058.1588776964216.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Storing AppVMs on Secondary Drives
- On Apr 21, 2020, at 12:31 PM, qubes-users wrote: > Am Dienstag, 21. April 2020 17:47:58 UTC+2 schrieb unman: >> On Tue, Apr 21, 2020 at 05:56:33AM +0200, 'J??rg Widmann' via qubes-users >> wrote: >> > Hello, >> > I'm trying to add a second HDD to my system. I followed the guide on >> > https://www.qubes-os.org/doc/secondary-storage/ , everything but the last >> > step seems to work. >> > qvm-pool --add poolhd0_qubes lvm_thin -o >> > volume_group=qubes,thin_pool=poolhd0,revision_to_keep=2 >> > usage: qvm-pool [--verbose] [--quiet] [--help] [-o options] >> > [-l | -i POOLNAME | -a NAME DRIVER | -r NAME | -s POOLNAME >> > | --help-drivers] >> > qvm-pool: error: failed to add pool poolhd0_qubes: Got empty response from >> > qubesd. See journalctl in dom0 for details. >> > journalctl: >> > dom0 qubesd[31119]: permission denied for call >> > b'admin.pool.Add'+b'lvm_thin' (b'dom0' ??? b'dom0') with payload of 75 >> > bytes >> "permission denied" - try call with sudo ? > Am Dienstag, 21. April 2020 17:47:58 UTC+2 schrieb unman: >> On Tue, Apr 21, 2020 at 05:56:33AM +0200, 'J??rg Widmann' via qubes-users >> wrote: >> > Hello, >> > I'm trying to add a second HDD to my system. I followed the guide on >> > https://www.qubes-os.org/doc/secondary-storage/ , everything but the last >> > step seems to work. >> > qvm-pool --add poolhd0_qubes lvm_thin -o >> > volume_group=qubes,thin_pool=poolhd0,revision_to_keep=2 >> > usage: qvm-pool [--verbose] [--quiet] [--help] [-o options] >> > [-l | -i POOLNAME | -a NAME DRIVER | -r NAME | -s POOLNAME >> > | --help-drivers] >> > qvm-pool: error: failed to add pool poolhd0_qubes: Got empty response from >> > qubesd. See journalctl in dom0 for details. >> > journalctl: >> > dom0 qubesd[31119]: permission denied for call >> > b'admin.pool.Add'+b'lvm_thin' (b'dom0' ??? b'dom0') with payload of 75 >> > bytes >> "permission denied" - try call with sudo ? > yes I have tried with sudo, same error > -- Make sure you're not trying to use existing names for the new pool, vol, etc. That's probably not the issue - just tossing that out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/257391883.81394.1587498134013.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Update issue of whonix-15 and debian-10 templates
- On Mar 13, 2020, at 8:19 AM, taran1s tara...@mailbox.org wrote: > Hi, all, > > I am trying to update whonix-ws-15 and whonix-gw-15, but it fails to do > anything. All fedora-30 templates, and dom0, are updating just fine. > > In my Qubes Manager I see an update arrow for both whonix templates gw > and ws. > > Using Qubes Updater it starts disp-mgmt-dvm and than starts the > whonix-xx-15 just fine. In my Nyx I but don't see any traffic running. > The update seems to finish with a green tick but the green update arrow > in the Qubes Manager remains and requires an update. > In the Details tab of the Qubes Updater I get only this, I dont see any > details as before (or as when updating Fedora-30 template): > > Updating whonix-gw-15 > > whonix-gw-15: > > > Once I try to update the whonix templates directly with sudo apt update, > I get "14 packages can be upgraded. Run 'apt list --upgradable' to see > them." > > I get a bit similar results for my debian-10 template. After I execute > the sudo apt update in debian-10 template, it doesn't show any traffic > in the Nyx, it ends with the green tick in the Qubes Updater and it > tells me that "1 package can be upgraded. Run 'apt list --upgradable' to > see it." > > > The issue started after the latest dom0 update. I tried to even onionize > the templates update process but it remains the same. > > How should I proceed? Is the qubes updater broken for Debian based > templates? > > Should I run sudo apt update && sudo apt dist-upgrade in the related > qubes templates? > > Thank you for help! I have this same issue with whonix-xx-15. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/357189578.76044.1584116304755.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Forgot to RTFM and now getting errors in whonix during update? (and deb template "qubes-core-agent-passwordless-root" error)
I have a similar issue with whonix 15 templates now as well but have done nothing to the templates. - On Mar 15, 2020, at 12:28 PM, Stumpy stu...@posteo.net wrote: > On 2020-03-13 18:11, Stumpy wrote: >> On 2020-03-13 18:05, Stumpy wrote: >>> I had tried to install bisq on my whonix ws template and for "some >>> reason" (which i later found out when i did read the whonix docs) it >>> wasnt working. I now have the issue that when i try to update i get >>> the following: >>> >>> user@host:~$ sudo apt update && sudo apt upgrade >>> Hit:1 https://packages.riot.im/debian buster InRelease >>> >>> Hit:2 tor+https://deb.debian.org/debian-security buster/updates InRelease >>> Hit:3 https://deb.qubes-os.org/r4.0/vm buster InRelease >>> Hit:4 https://updates.signal.org/desktop/apt xenial InRelease >>> Hit:5 tor+https://deb.whonix.org buster InRelease >>> Hit:6 tor+https://deb.debian.org/debian buster InRelease >>> Reading package lists... Done >>> Building dependency tree >>> Reading state information... Done >>> All packages are up to date. >>> Reading package lists... Done >>> Building dependency tree >>> Reading state information... Done >>> Calculating upgrade... Done >>> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. >>> 1 not fully installed or removed. >>> After this operation, 0 B of additional disk space will be used. >>> Do you want to continue? [Y/n] y >>> Setting up bisq (1.2.7) ... >>> Adding shortcut to the menu >>> xdg-desktop-menu: No writable system menu directory found. >>> dpkg: error processing package bisq (--configure): >>> installed bisq package post-installation script subprocess returned >>> error exit status 3 >>> Errors were encountered while processing: >>> bisq >>> E: Sub-process /usr/bin/dpkg returned an error code (1) >>> >>> >>> Its not clear to me how i can clean up things and resolve this error? >>> >> >> >> Oh, and a similar but separate issue is on my debian template, i cant >> figure if i messed something up or not but when i try to install things >> i am getting an qubes-core-agent-passwordless-root error: >> >> user@debian-10:~/QubesIncoming/disp6616$ sudo apt update && sudo apt >> upgrade && sudo apt install lutris >> Get:1 >> http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ >> InRelease [1,504 B] >> Hit:2 https://deb.qubes-os.org/r4.0/vm buster InRelease >> Hit:3 https://deb.debian.org/debian buster InRelease >> Get:4 >> http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ >> Packages [823 B] >> Hit:5 https://deb.debian.org/debian-security buster/updates InRelease >> Fetched 2,327 B in 3s (873 B/s) >> Reading package lists... Done >> Building dependency tree >> Reading state information... Done >> All packages are up to date. >> Reading package lists... Done >> Building dependency tree >> Reading state information... Done >> Calculating upgrade... Done >> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. >> 1 not fully installed or removed. >> Need to get 30.3 kB of archives. >> After this operation, 0 B of additional disk space will be used. >> Do you want to continue? [Y/n] y >> Get:1 https://deb.qubes-os.org/r4.0/vm buster/main amd64 >> qubes-core-agent-passwordless-root amd64 4.0.51-1+deb10u1 [30.3 kB] >> Fetched 30.3 kB in 2s (15.8 kB/s) >> Reading package lists... Done >> Building dependency tree >> Reading state information... Done >> The following additional packages will be installed: >> cabextract curl fluid-soundfont-gm fluid-soundfont-gs >> gir1.2-gdesktopenums-3.0 gir1.2-gnomedesktop-3.0 lib32gcc1 libc6-i386 >> libcurl4 libmspack0 mesa-utils p7zip python3-evdev >> python3-yaml >> Suggested packages: >> fluidsynth timidity p7zip-full python-evdev-doc >> The following packages will be REMOVED: >> qubes-core-agent-passwordless-root >> The following NEW packages will be installed: >> cabextract curl fluid-soundfont-gm fluid-soundfont-gs >> gir1.2-gdesktopenums-3.0 gir1.2-gnomedesktop-3.0 lib32gcc1 libc6-i386 >> libcurl4 libmspack0 lutris mesa-utils p7zip python3-evdev >> python3-yaml >> 0 upgraded, 15 newly installed, 1 to remove and 0 not upgraded. >> 1 not fully installed or removed. >> Need to get 128 MB of archives. >> After this operation, 174 MB of additional disk space will be used. >> Do you want to continue? [Y/n] y >> Get:1 >> http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ >> lutris 0.5.4 [1,778 kB] >> Get:2 https://deb.debian.org/debian buster/main amd64 libmspack0 amd64 >> 0.10.1-1 [49.9 kB] >> Get:3 https://deb.debian.org/debian buster/main amd64 cabextract amd64 >> 1.9-1 [35.0 kB] >> Get:4 https://deb.debian.org/debian-security buster/updates/main amd64 >> libcurl4 amd64 7.64.0-4+deb10u1 [331 kB] >> Get:5 https://deb.debian.org/debian-security buster/updates/main amd64 >> curl amd64 7.64.0-4+deb10u1 [264 kB] >> Get:6 https://deb.debian.org/debian buster/main amd64 fluid-soundfont-gm >> all 3.1-5.1 [120 MB] >> Get:7
Re: [qubes-users] Appvm freezes whole system on startup?!
- On Mar 7, 2020, at 11:32 AM, Stumpy stu...@posteo.net wrote: > On 2020-03-07 11:34, donov...@unseen.is wrote: >> >> >> - On Mar 7, 2020, at 5:15 AM, Stumpy stu...@posteo.net wrote: >> >>> On 2020-03-06 08:16, Stumpy wrote: I shutdown an appvm then tried to start it back up, but now, when i try to start it up, my monitor goes white (with a very thin outline of the appvm that i started, and then nothing. I cant kill it, change workspaces, access menus, nada. I have tried to open a few things on that appvm but no matter what it seems to crash whether its FF or xterm etc, all freeze my sys at which point i have to restart. How can i recover from this? or at least salvage the data in this appvm? I am running a fully updated ver of qubes, the appvm is deb10. >>> >>> >>> I have checked and confirmed that all my deb10 appvms freeze my system. >>> While i can recover the data I really need to have working appvms as >>> there are some things that are harder to run on fedora than deb. >>> >>> Is anyone else having a similar problem? >>> >>> I even tried to install a new template but got this: >>> @dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl >>> qubes-template-debian-10 >>> Using sys-whonix as UpdateVM to download updates for Dom0; this may take >>> some time... >>> No Match for argument qubes-template-debian-10 >>> Nothing to download >>> >>> >>> Any help on how to diagnose/resolve this would really be appreciated as >>> i really dont know where to start. >>> >>> -- >> I had a similar issue re-installing the deb template and I had success using >> "sudo qubes-dom0-update --action=reinstall qubes-template-debian-10". >> > > Thanks for that. Just to check though, would that remove my current > template? or keep the current and install a new one? > > -- I do not know as I had deleted my deb template to make space on my primary drive. You might clone your existing (to be safe if you need anything from it) and see if it does delete the original on reinstall. I do know my install squawked because it detected that there was not an existing deb template domain. However, the install ran anyway, so it may in fact delete the existing domain. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/784499623.111887.1583603471430.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Appvm freezes whole system on startup?!
- On Mar 7, 2020, at 5:15 AM, Stumpy stu...@posteo.net wrote: > On 2020-03-06 08:16, Stumpy wrote: >> I shutdown an appvm then tried to start it back up, but now, when i try >> to start it up, my monitor goes white (with a very thin outline of the >> appvm that i started, and then nothing. I cant kill it, change >> workspaces, access menus, nada. >> >> I have tried to open a few things on that appvm but no matter what it >> seems to crash whether its FF or xterm etc, all freeze my sys at which >> point i have to restart. >> >> How can i recover from this? or at least salvage the data in this appvm? >> >> I am running a fully updated ver of qubes, the appvm is deb10. >> > > > I have checked and confirmed that all my deb10 appvms freeze my system. > While i can recover the data I really need to have working appvms as > there are some things that are harder to run on fedora than deb. > > Is anyone else having a similar problem? > > I even tried to install a new template but got this: > @dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl > qubes-template-debian-10 > Using sys-whonix as UpdateVM to download updates for Dom0; this may take > some time... > No Match for argument qubes-template-debian-10 > Nothing to download > > > Any help on how to diagnose/resolve this would really be appreciated as > i really dont know where to start. > > -- I had a similar issue re-installing the deb template and I had success using "sudo qubes-dom0-update --action=reinstall qubes-template-debian-10". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1443149593.109320.1583598865160.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Serial ports in Qubes appvms
- On Mar 6, 2020, at 4:24 PM, qubes-users qubes-users@googlegroups.com wrote: > donov...@unseen.is: >> I'd like to use serial console (via a serial port on the mobo and appropriate >> cable) into a piece of equipment using an appVM. I tried using dmesg, but >> dom0 >> term says "operation not permitted". >> >> DM >> > Don't believe Xen/Qubes supports serial (or parallel) port redirection. > Options would be to use some basic package in dom0 directly on the > serial port, get a PCI card with serial ports on it and redirect the > card to the AppVM, or a USB to serial adapter and redirect that. > > Not sure how you're trying to use dmesg, but you probably have to sudo > to use a /dev/tty serial device directly in dom0. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > > -- It might not support redirection and for now I can live with that. However, I keep forgetting about having to use sudo, and using "sudo dmesg | grep ttyS" got me a listing of some serial ports. And agetty is in dom0, and that will suffice for now I think. I'm not talking to the device yet, but I'm further along in terms of knowledge. Thank you. DM -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/507181742.81195.1583536522151.JavaMail.zimbra%40unseen.is.
[qubes-users] Serial ports in Qubes appvms
I'd like to use serial console (via a serial port on the mobo and appropriate cable) into a piece of equipment using an appVM. I tried using dmesg, but dom0 term says "operation not permitted". DM -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/174968702.79097.1583532726998.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Error attemtping to reinstall Debian 10 templateVM
- On Feb 25, 2020, at 4:06 PM, donov...@unseen.is wrote: > - On Feb 25, 2020, at 3:46 PM, Chris Laprise tas...@posteo.net wrote: > >> On 2/25/20 4:12 PM, donov...@unseen.is wrote: >>> Specifically, I issue the "|$ sudo qubes-dom0-update >>> qubes-template-debian-10"and I get red lettering and "error could not >>> delete old database at >>> /var/lib/qubes/dom0-updates/home/user/.rpmold." where changes >>> if I repeat the command and that error appears. Other times I get red >>> lettering without that specific error and (via sys-whonix) it downloads >>> the info it needs and then I get "No Match for argument >>> qubes-template-debian-10 nothing to download". >>> | >>> | >>> | >>> |If I try "|$ sudo qubes-dom0-update qubes-template-debian-9"||- same >>> thing "No Match for argument qubes-template-debian-9 nothing to download".| >> >> Hi donovan, >> >> Those qubes-dom0-update commands should work. However, dnf occasionally >> forgets about packages bc of problems in its cache. To clear dnf caches, >> run this in dom0: >> >> sudo qubes-dom0-update --action="clean all" >> being "no such domain 'Debian-10'" >> Then re-run your template install: >> >> sudo qubes-dom0-update qubes-template-debian-10 >> >> -- >> Chris Laprise, tas...@posteo.net >> https://github.com/tasket >> https://twitter.com/ttaskett >> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > Chris, > > Thanks for quick reply. Ran the above command aaand oops: > > ERROR: yum version installed in VM host does not support --downloadonly option > ERROR: only 'install' and 'upgrade' actions supported (clean all not) > > DG > Some progress. Using "sudo qubes-dom0-update --clean" did the trick for cleaning the dnf cache. Using "sudo qubes-dom0-update --action=reinstall qubes-template-debian-10" got my reinstall done. It squawked about there being "no such domain 'debian-10'", but it ran through the reinstall fine. Now I need to figure out how to clean up the primary drive a bit as I think I used a lot more drive space than can be accounted for by the install. However, I have Debian now, so I can build my production VM! Lots to learn. Turned off my Windows box and dove into the deep end. DG -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1622729412.22121.1582737152987.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Error attemtping to reinstall Debian 10 templateVM
- On Feb 25, 2020, at 3:46 PM, Chris Laprise tas...@posteo.net wrote: > On 2/25/20 4:12 PM, donov...@unseen.is wrote: >> Specifically, I issue the "|$ sudo qubes-dom0-update >> qubes-template-debian-10"and I get red lettering and "error could not >> delete old database at >> /var/lib/qubes/dom0-updates/home/user/.rpmold." where changes >> if I repeat the command and that error appears. Other times I get red >> lettering without that specific error and (via sys-whonix) it downloads >> the info it needs and then I get "No Match for argument >> qubes-template-debian-10 nothing to download". >> | >> | >> | >> |If I try "|$ sudo qubes-dom0-update qubes-template-debian-9"||- same >> thing "No Match for argument qubes-template-debian-9 nothing to download".| > > Hi donovan, > > Those qubes-dom0-update commands should work. However, dnf occasionally > forgets about packages bc of problems in its cache. To clear dnf caches, > run this in dom0: > > sudo qubes-dom0-update --action="clean all" > > Then re-run your template install: > > sudo qubes-dom0-update qubes-template-debian-10 > > -- > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 Chris, Thanks for quick reply. Ran the above command aaand oops: ERROR: yum version installed in VM host does not support --downloadonly option ERROR: only 'install' and 'upgrade' actions supported (clean all not) DG -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1880034831.441281.1582668414171.JavaMail.zimbra%40unseen.is.
[qubes-users] Error attemtping to reinstall Debian 10 templateVM
All, This is interesting. My original installation of Qubes had Debian 9. I upgraded it to Debian 10 following the Qubes documentation. No issues at all. In learning and working with Qubes I found I needed more drive space, so I deleted Debian. Having installed secondary storage for AppVMs and moving some over to it, I can reinstall a Debian 10 templateVM. Except now it won't. Specifically, I issue the " $ sudo qubes-dom0-update qubes-template-debian-10 " and I get red lettering and "error could not delete old database at /var/lib/qubes/dom0-updates/home/user/.rpmold." where changes if I repeat the command and that error appears. Other times I get red lettering without that specific error and (via sys-whonix) it downloads the info it needs and then I get "No Match for argument qubes-template-debian-10 nothing to download". If I try " $ sudo qubes-dom0-update qubes-template-debian-9 " - same thing "No Match for argument qubes-template-debian-9 nothing to download". My backups don't have any version of a Debian templateVM (grrr). A fresh install is plan B, but some insight would be educational. Thanks! DG -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/871230426.439406.1582665149474.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Using secondary storage
- Original Message - From: donov...@unseen.is To: "awokd" Sent: Wednesday, February 12, 2020 3:13:33 PM Subject: Re: [qubes-users] Using secondary storage Do'h. I was using sbc (sierra bravo charlie) not sdc (sierra delta charlie). Used the fdisk and further confirmed that sdc was correct. Thanks! DG - Original Message - Per the doc, the example "Assum[es] the secondary hard disk is at /dev/sdb". This may not be true in your case. Determine the appropriate /dev for your secondary hard drive with "sudo fdisk -l | more" (the physical device you want will not have a number on the end; ones with numbers appended are partitions on the physical device), then adjust the command line accordingly. Welcome to GNU/Linux! -- Thanks to all of you that replied. I was able to get this setup once I stopped making typing and syntax errors. DG -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1265243062.128292.1581697365652.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Using secondary storage
Do'h. I was using sbc (sierra bravo charlie) not sdc (sierra delta charlie). Used the fdisk and further confirmed that sdc was correct. Thanks! DG - Original Message - Per the doc, the example "Assum[es] the secondary hard disk is at /dev/sdb". This may not be true in your case. Determine the appropriate /dev for your secondary hard drive with "sudo fdisk -l | more" (the physical device you want will not have a number on the end; ones with numbers appended are partitions on the physical device), then adjust the command line accordingly. Welcome to GNU/Linux! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/205454040.61453.1581565837258.JavaMail.zimbra%40unseen.is.
Re: [qubes-users] Using secondary storage
Brendan, That was the issue - I was using sbc (sierra bravo charlie) not sdc (sierra delta charlie). It is the latter. After correcting the typo, subsequent commands per instructions worked without error until I got to adding the new pool with qvm-pool and the python script(s) had a fit with something. Probably a typo or lack of understanding, but I need to look at it in the AM with a fresher set of eyes. Copy/paste is still a bit tricky - but it's by design - otherwise I'd drop it in here. DG - Original Message - From: "brendan hoar" To: "qubes-users" Sent: Wednesday, February 12, 2020 8:23:43 PM Subject: [qubes-users] Using secondary storage I see reference to both /dev/sdc and /dev/sbc in your post. Which is it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36d150f9-ad00-4cfb-9643-2f713da3f108%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1126972345.61432.1581565751550.JavaMail.zimbra%40unseen.is.
[qubes-users] Using secondary storage
I am attempting to setup some secondary storage per https://www.qubes-os.org/doc/secondary-storage/ and when I run " sudo cryptsetup luksFormat --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 --verify-passphrase /dev/sdc" I get "Device /dev/sbc doesn't exist or access denied". It's there in a dom0 terminal when I type "ls /dev/sb*" I am assuming sba is the boot raid1 and sbb is the ROM drive. My boot drive is an SSD RAID1 on an Intel embedded controller, standard stuff. The drive I want to add is attached to an embedded LSI SAS controller. I can attach the sbc device to a VM easy enough but it seems I am missing a step to make it dom0 aware. I am running an up-to-date Qubes 4.x installed on a SuperMicro serverboard, Xeon something or other (4-core, 3.4GHz) with 32GB RAM (retired ESXi host). I think it is booting with GRUB. FULL DISCLOSURE: I am a *nix newbie really. I've played with embedded *nix, built my share of ESXi boxes and what not, but not really dug into the nuts and bolts of it like I've have been since installing Qubes, which I think is fantastic for its purpose. I want to commit to Qubes as my primary box but I really need to understand it first, especially, ahem, disaster recovery. I have not run a Linux desktop for any significant length of time prior to this either - mostly M$ (since the IBM model 5150), a wee bit of OS/2 Warp (the best multi-node PCBoard BBS host evah!) and a brief fling with the Mac OS before they went to Intel chips. Yes, I could just go buy a bigger pair of SSDs and restore a backup to them, but then I won't really learn anything and I'll be a wee bit poorer for it. Thanks. DG -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1242880289.44777.1581540738832.JavaMail.zimbra%40unseen.is.
