t; 10.138.38.234 } drop
> iifname != "vif*" accept
> meta l4proto { tcp, udp } iifgroup 2 oifgroup 1 flow add @qubes-accel
Take a look at the "Firewall antispoofing in ingress hook" thread, it
goes even further for some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Jun 03, 2024 at 08:08:22AM -, qubist wrote:
> On Sun, 2 Jun 2024 20:34:33 +0200 Marek Marczykowski-Górecki wrote:
>
> > sys-net is [...] the sandbox that may become compromised due to
> > direct network access.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Jun 01, 2024 at 04:04:33PM -, qubist wrote:
> On Fri, 31 May 2024 23:18:51 +0200 Marek Marczykowski-Górecki wrote:
>
> > That's always the case. After all, your ingress rules are managed by
> > userspace too.
&
le (no need
for that monitoring mechanism to keep working).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmZaPrsACgkQ24/THMrX
1yyJ8wgAg6pN3GfeqUYsXhnnflE/lNERsyo8DJ/6Y94OUZLFNZsQpFaM5vz0E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, May 23, 2024 at 04:30:46PM -, qubist wrote:
> On Thu, 23 May 2024 15:53:39 +0200 Marek Marczykowski-Górecki wrote:
>
> > There will be some intentional discrepancies, that document describes
> > a network using IPv6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, May 23, 2024 at 12:33:02PM -, qubist wrote:
> On Thu, 23 May 2024 12:04:18 +0200 Marek Marczykowski-Górecki wrote:
>
> > I mean one of them will drop packets that would be allowed by the
> > other. So, no traff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, May 23, 2024 at 09:39:55AM -, qubist wrote:
> On Thu, 23 May 2024 02:08:20 +0200 Marek Marczykowski-Górecki wrote:
>
> > As for the implementation, few remarks:
> > - - you create separate chain per IP, each with pol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Apr 27, 2024 at 01:52:19PM -, qubist wrote:
> On Tue, 23 Apr 2024 12:04:22 +0200 Marek Marczykowski-Górecki wrote:
>
> > Have you measured it? I'd say it's up to ones who propose a change to
> > justify it.
e
> secondary screen is on DP-2 (while there is only one physical
> DisplayPort). No idea if this is a bug or even related in any way.
It's probably related how those connectors are routed, maybe there is
some internal converter. But could be also mislabeled outputs in the
dr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Apr 23, 2024 at 11:57:14AM -, qubist wrote:
> On Tue, 23 Apr 2024 13:42:25 +0200 Marek Marczykowski-Górecki wrote:
>
> > xendriverdomain daemon (xl devd), when the vif interface is
> > created/removed.
>
> Tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Apr 23, 2024 at 11:22:06AM -, qubist wrote:
> On Tue, 23 Apr 2024 12:20:57 +0200 Marek Marczykowski-Górecki wrote:
>
> > You mean using something else than vif-route-qubes network script (or
> > some other way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Apr 23, 2024 at 11:16:56AM -, qubist wrote:
> On Tue, 23 Apr 2024 12:04:22 +0200 Marek Marczykowski-Górecki wrote:
>
> > Care to open a pull request then?
>
> A few things:
>
> 1. The customizations I am workin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Apr 23, 2024 at 05:33:14AM -, qubist wrote:
> On Mon, 22 Apr 2024 21:24:36 +0200 Marek Marczykowski-Górecki wrote:
>
> > It's about the pixel count as seen by the applications, which may not
> > necessarily be th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Apr 23, 2024 at 10:15:56AM -, qubist wrote:
> On Tue, 23 Apr 2024 12:07:12 +0200 Marek Marczykowski-Górecki wrote:
>
> > Yes, the key part is "on the same subnet". Each VM-VM link is
> > effectively a sep
s uniqueness :)
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmYniFAACgkQ24/THMrX
1ywSuwgAk2YpFfGWkH7umkloeLwBuBo+IlNu5AxjP7gji2WSQZpZKLW4hDJAKO/K
+c/5zbvh/TORyT2/4KB/RxpilvpRsgGLPdFf8f36coUGywDu8Gk3EX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Apr 23, 2024 at 08:40:04AM -, qubist wrote:
> On Mon, 22 Apr 2024 22:41:40 +0200 Marek Marczykowski-Górecki wrote:
>
> > The "antispoof" chain is hooked via the "raw" priority, which happens
> >
ly
as firewall can see whole IP packets (not for example only their
fragments). Theoretically it might be moved a bit earlier, but I don't
think it saves much processing, but on the other hand you may run into
some issues since not all packet fields are available at this stage yet.
- --
Best Reg
quot;ip" property needs to be
unique).
[1]
https://github.com/QubesOS/qubes-core-admin/blob/main/qubes/vm/mix/net.py#L192
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Apr 22, 2024 at 05:18:28PM -, qubist wrote:
> Thanks. Had a closer look now.
>
> On Mon, 22 Apr 2024 18:42:16 +0200 Marek Marczykowski-Górecki wrote:
>
> > What matters is the pixel count, not pixel size.
>
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Apr 22, 2024 at 04:37:54PM -, qubist wrote:
> On Mon, 22 Apr 2024 15:48:02 +0200 Marek Marczykowski-Górecki wrote:
>
> > If you don't set the value at all, VM will allocate based on currently
> > connected display
manually at all.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmYmapIACgkQ24/THMrX
1yy7IggAi7ksQ5QEG3hrwZIAvrZWeC3gvpfhw0iyqXxpnWo87IgfjSeElT5QHh8H
8WCQmj3BahldgcSfWvJeGJ5wuPiB+qpVQeX5emydC2XfENmyG8b3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Apr 22, 2024 at 01:01:55PM -, qubist wrote:
> On Mon, 22 Apr 2024 13:31:03 +0200 Marek Marczykowski-Górecki wrote:
>
> > VMs do not see nor care what display is connected.
>
> But what I am pasting is from dom0. Or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Apr 22, 2024 at 10:38:56AM -, qubist wrote:
> On Mon, 22 Apr 2024 00:01:30 +0200 Marek Marczykowski-Górecki wrote:
>
> > It doesn't matter what your display is using, the memory allocated in
> > VM for the fram
using, the memory allocated in VM
for the frame buffer is 32-bits per pixel.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmYljLoACgkQ24/THMrX
1yyBjQf/dtV0qWxhSK0CXl+YSe5CxeZRygU8fyWikqHFfvd3z61
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, Apr 05, 2024 at 08:25:57PM -0400, Demi Marie Obenour wrote:
> On Sat, Apr 06, 2024 at 01:29:06AM +0200, Marek Marczykowski-Górecki wrote:
> > On Fri, Apr 05, 2024 at 02:16:32PM -0400, Demi Marie Obenour wrote:
> > > On Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, Apr 05, 2024 at 02:16:32PM -0400, Demi Marie Obenour wrote:
> On Thu, Apr 04, 2024 at 10:43:33PM +0200, Marek Marczykowski-Górecki wrote:
> > On Thu, Apr 04, 2024 at 03:44:40PM -0400, Demi Marie Obenour wrote:
> > > Shoul
not when coming from dom0: qubes.Service from dom0
> will not search for /etc/qubes-rpc/qubes.Service+, but qubes.Service+
> will.
I'd say they should behave the same - the "qubes.Service" call should
search for /etc/qubes-rpc/qubes.Service+ first.
- --
Best Regards,
Marek
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Mar 25, 2024 at 12:34:18PM -, qubist wrote:
> On Mon, 25 Mar 2024 12:45:17 +0100 Marek Marczykowski-Górecki wrote:
>
> > IMO the main advantage of the single table approach is purely
> > port-based rules (UDP or TCP
t
want to use IP address in those too), and rarely for custom-forward.
In any case, changing it now is not an option. It would mean changing
the API for custom rules, which was a huge pain for users migrating to
R4.2, and we are not going to do that _again_ now.
- --
Best Regards,
Marek
rom upstream git together makes the process much
easier.
You can see it in the commit that moves it:
https://github.com/QubesOS/qubes-vmm-xen/pull/181/commits/f22008ff1f41a91213383b6ce532548bf2c26b4c
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
i
ill break stuff). I'd prefer the approach
that prevents installing non-essential packages in the first place, so
dependencies still can do their job. Minimal templates are built with
"no-recommends" option[2] already. But maybe there is some place that
doesn't use that properl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Mar 02, 2024 at 12:53:21PM -0500, Demi Marie Obenour wrote:
> On Sat, Mar 02, 2024 at 01:54:33PM +0100, Marek Marczykowski-Górecki wrote:
> > On Sat, Mar 02, 2024 at 10:58:26AM +0100, Simon Gaiser wrote:
> > > Demi Marie O
.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmXjIhMACgkQ24/THMrX
1yzxTQf/c9hEJy0mOYJ+YfoXpV3I7oO77OgwSeoCrWhk8skGxBbeZuyIdchhvOWw
rLDa57Hr+UTmmtSb+N62E6ZEkSn3arvCCMingOIGYlvY0IYlGdXrr7XLN4Mn
CI passthrough to PVH. But I'm not sure what
is the state of vPCI supporting non-dom0 VMs, and how much work is
still needed for virtio for PVH (and also PCI passthrough for PVH, which
is another thing interesting for us). Or maybe some of it is completed
alr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Feb 21, 2024 at 11:41:54PM -0500, Demi Marie Obenour wrote:
> On Thu, Feb 22, 2024 at 04:24:49AM +0100, Marek Marczykowski-Górecki wrote:
> > On Mon, Feb 19, 2024 at 10:47:45PM +0100, PeakUnshift wrote:
> > > Hello,
> &g
probably the
easiest way is to setup something like qubes.VMShell. But remember it
gives sys-gui-gpu unlimited access to dom0 - be careful what you install
in the template for that qube and in the qube itself.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
--
n/QSBs/qsb-100-2024.txt>
## [Marek
Marczykowski-Górecki](https://www.qubes-os.org/team/#marek-marczykowski-górecki)'s
PGP signature
```
- -BEGIN PGP SIGNATURE-
iQIzBAABCAAdFiEELRdx/k12ftx2sIn61lWk8hgw4GoFAmW5Di0ACgkQ1lWk8hgw
4GphzQ//Ta+g8Y7Cjmx0w+byISlTHoxao
etImageRGBA" color=orange];
> "dev" -> "sys-git" [label="qubes.Filecopy" color=orange];
> }
> ```
>
> It doesn't show any rule allowing "qusal.GitInit", but it does exist:
> ```
> $ qrexec-policy-graph --include-ask --sour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Oct 24, 2023 at 09:54:21AM +, Ben Grande wrote:
> On 23-10-24 00:36:26, Marek Marczykowski-Górecki wrote:
> > On Mon, Oct 23, 2023 at 09:24:13PM +, Ben Grande wrote:
> > > Hello.
> > >
> > &g
ernals/
> - https://www.qubes-os.org/doc/qrexec-internals/
I don't think there is one-step solution, but you can get policy
resolved by using `qrexec-policy` in the 3-arg form (skipping domain id
and process ident). Then, you'll get the result in key=value format,
including resolved tar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Aug 26, 2023 at 06:40:32PM +0200, Marek Marczykowski-Górecki wrote:
> On Fri, Aug 25, 2023 at 04:52:52PM +0200, Marek Marczykowski-Górecki wrote:
> > On Mon, Aug 21, 2023 at 08:49:21PM +, Ben Grande wrote:
> > > On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, Aug 25, 2023 at 04:52:52PM +0200, Marek Marczykowski-Górecki wrote:
> On Mon, Aug 21, 2023 at 08:49:21PM +, Ben Grande wrote:
> > On 23-08-20 14:01:53, Marek Marczykowski-Górecki wrote:
> > > On Fri, Aug 11, 2023 at 02:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Aug 21, 2023 at 08:49:21PM +, Ben Grande wrote:
> On 23-08-20 14:01:53, Marek Marczykowski-Górecki wrote:
> > On Fri, Aug 11, 2023 at 02:17:00PM +, Ben Grande wrote:
> > > Status:
> > > - Missing chan
.
While at it, please add new files to packaging
(debian/qubes-core-qrexec.install, rpm_spec/qubes-qrexec.spec.in). Right
now packages fail to build.
> - Missing review of the last commit quoted above.
The last commit looks fine.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things L
> )
> > -return
> >
> > self.included_paths[key].add(included_path)
> >
> > --
> > Benjamin Grande
>
> Reminding of unreviewed patch.
Pylint complained about duplicated POLICYPATH, so I ad
try:
> > +os.chown(temp_path, uid, gid)
> > +except PermissionError:
> > +pass
> > temp_path.rename(path)
> >
> > # Remove
> > --
> > Benjamin Grande
> >
>
> Reminding of unreviewed patch.
ent 4.1 bug reports
> > from that point onward were assigned to this "Release 4.1 updates"
> > milestone instead. (In some cases, some bugs that the devs knew they
> > wouldn't fix in time for the 4.1 release might've been assigned
sources and spam the user with notifications
about the refusal.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmSoHKoACgkQ24/THMrX
1yx2oggAiuA6Pfwqoavx8pgEO2W8xuZZLBi9saB
an
> email to qubes-devel+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-devel/ZHMh0fQxcKHG70gP%40personal-mutt.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAE
gt; temp_path.write_bytes(data)
> > +temp_path.chmod(0o664)
> > temp_path.rename(path)
> >
> > # Remove
> > --
> > Benjamin Grande
>
> Perhaps it should also set the ownership to root:qubes?
Yes, I think so.
- --
Best
of params, but it currently doesn't. I did not understand why
> !include can raise the exception and !include-dir, that has the same
> code, doesn't.
I can't confirm it, for me both fail. Which qrexec package versions do
you have?
- --
Best Regards,
Marek Marczykowski-Górec
e9 Mon Sep 17 00:00:00 2001
> From: Ben Grande
> Date: Fri, 26 May 2023 08:54:46 +
> Subject: [PATCH] Fix python3-qrexec missing on qubes-core-qrexec
>
> Signed-off-by: Ben Grande
Thanks, applied.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, May 25, 2023 at 11:24:15PM +, Ben Grande wrote:
> On 23-05-26 00:57:04, Marek Marczykowski-Górecki wrote:
> > On Thu, May 25, 2023 at 10:18:43PM +, Ben Grande wrote:
> > > On 23-05-25 11:45:45, Demi Marie Obenour
t; > https://codeberg.org/ben.grande.b/qubes-tools/src/branch/main/qubes-policy-lint
> >
> > That should definitely be doable.
That should already be the case, qubes-core-qrexec should be installed
in domU too.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Thin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, May 24, 2023 at 10:29:07AM +, Ben Grande wrote:
> On 23-05-19 14:52:57, Marek Marczykowski-Górecki wrote:
> > Hi,
> >
> > Those look very useful!
> >
> > I have one comment to qubes-policy-edit-terminal
mit those to the core-qrexec repository?
> Attached is my public keys for signing for code (0x00C64E14F51F9E56) and
> mail (0x1B7314BF0CCC9687).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCA
move", name, token)
> +self.call("policy.include.Remove", name, token)
>
> def policy_get_files(self, name: str):
> result = self.call("policy.GetFiles", name)
> --
> Benjamin Grande
>
- --
Bes
as?
Theoretically it would allow using tags with arbitrary names, including
comas. But we don't allow them anyway, so yes, can be comas.
Any other places where you found it inconsistent?
> * Make tools faster with output, if possible.
> E.g. `qvm-volume list`
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 28, 2022 at 01:40:31AM -0500, Demi Marie Obenour wrote:
> On Mon, Nov 28, 2022 at 04:02:50AM +0100, Marek Marczykowski-Górecki wrote:
> > Hello,
> >
> > Since some time already, new repositories in QubesOS github
gems/bin:$PATH"' >> ~/.bashrc
> source ~/.bashrc
> gem install jekyll bundler
> find . -name gem # '/home/user/.local/share/gem/'
> bundle config set --local path '/home/user/.local/share/gem/'
> git clone -b new-master --recursive
> https://github.co
he reasoning is that any existing build/devel environment for
R4.1 should remain functional as long as R4.1 is supported. But any new
environment for R4.2 should use new branch names already.
Example R4.2's builder.conf qubes-builder (v1) is updated already. The
one for qubes-builderv2 will be updated
7;
> git clone -b new-master --recursive
> https://github.com/QubesOS/qubesos.github.io.git; cd qubesos.github.io.rtd/
> bundle install
> bundle exec jekyll serve --incremental
>
>
>
> All the best,
>
> m
>
>
>
> On 10/4/22 12:29, Marek Marc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Oct 24, 2022 at 11:24:46PM +0200, Marek Marczykowski-Górecki wrote:
> Hi all,
>
> I'll be removing R4.0 repositories from yum.qubes-os.org shortly. As
> README there states, the archive is at
> https://qubes.notset
ot supported anymore.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmNXAp4ACgkQ24/THMrX
1yzeGQf9FW9DUptd1wuenc6Rjmr/++WGtME5IL0SCI7lYLpnyt91B6P587tqU7e/
c0WYL82PkdndueIpux1uGGinNlM2GECWofrquVosyt16
re there any thoughts on the current situation?
> What would be the best way forward, and how can we contribute to the
> effort?
Are those by any chance using kernel-latest? There are numerous issues
with 5.19.x kernel, but I believe the default (5.15.x) isn't affected.
- --
>
> 5. weblate - localization platform should be the way to go imho (sry not a
> big fan of transifex rn, weblate is OS etc,
> some more objective analysis will follow), there are several issues to be
> clarified, wip, tails guys need good questions to work with
> - will b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Sep 27, 2022 at 01:15:56AM +0200, Marek Marczykowski-Górecki wrote:
> On Mon, Sep 26, 2022 at 11:33:22PM +0200, mm wrote:
> > Hi Marek,
> >
> >
> > On 9/26/22 00:01, Marek Marczykowski-Górecki wrote:
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Sep 26, 2022 at 11:33:22PM +0200, mm wrote:
> Hi Marek,
>
>
> On 9/26/22 00:01, Marek Marczykowski-Górecki wrote:
> > Hi M,
> >
> > In fact, I'm working on translation-utilz right now too. Marta used he
ot; group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-devel+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-devel/75e76fab-da0d-058f-c8e9-4db4006c15ed%40mai
he website footer,
https://www.qubes-os.org/intro/ or similar.
But generally, IMO better have every doc page linked to the main index.
> Regarding the old translation markdown workflow - it is still there, and can
> be brushed off the dust.
>
> P.S. I just realized th
g.html#builtin-themes
> [9] https://www.sphinx-doc.org/en/master/usage/theming.html
> [10] https://sphinx-rtd-theme.readthedocs.io/en/stable/configuring.html
> [11] https://sphinx-themes.org/#themes
> [12] https://docs.readthedocs.io/en/stable/guides/adding-custom-css.html
> [13] htt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Jul 19, 2022 at 07:40:00PM -0400, Demi Marie Obenour wrote:
> On Wed, Jul 13, 2022 at 03:35:46PM +0200, Marek Marczykowski-Górecki wrote:
> > This indeed makes migration easier, and is exactly the thing we should
> > recomm
ut possible to
disable) that does the step 3 automatically. Either if the split-gpg2
homedir doesn't exist or if secret keys in the default keyring are newer
than in split-gpg2's.
I'm not sure about the last point - it may make key management a bit
easier (for example for th
that private volume?
Take a look at this doc:
https://www.qubes-os.org/doc/mount-lvm-image/
But also, if you haven't restarted that template too many times, you
may be able to revert the last update:
https://www.qubes-os.org/doc/volume-backup-revert/
- --
Best Regards,
Marek Marczykowski-Gór
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Apr 20, 2022 at 12:32:56PM +, Rusty Bird wrote:
> Marek Marczykowski-Górecki:
> > On Mon, May 10, 2021 at 11:56:51AM +, Rusty Bird wrote:
> > > Marek Marczykowski-Górecki:
> > > > On Mon, May 10, 2021 a
it doesn't rely on dom0 being in any usable state. But since that may be
inconvenient at times, you can get shell in initramfs using 'rd.break'
on the kernel cmdline. Or, if you just want to avoid staring any VM, use
'qubes.skip_autostart' option.
- --
Best Regards,
Marek
/issues/7148
https://github.com/QubesOS/qubes-issues/issues/7164
There are few other issues that we will fix, while at it.
I'll update the schedule shortly.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQ
ward-changing-guest-distros
[5] https://github.com/QubesOS/qubes-issues/issues/6877
[6] https://github.com/QubesOS/qubes-issues/issues/6366#issuecomment-767635670
[7] https://github.com/QubesOS/qubes-issues/issues/7130
[8] https://www.qubes-os.org/news/2020/03/18/gui-domain/
[9]
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Dec 16, 2021 at 01:27:43AM +0100, Manuel Amador (Rudd-O) wrote:
> On 16/12/2021 01.07, Marek Marczykowski-Górecki wrote:
> > Here is how qrexec policy prompt is doing it:
> > https://github.com/QubesOS/qubes-core-qrexec/blo
ew 4.1 style, instead of base64
> over pipes. Currently the implementation uses a custom-made dialog — a very
> nice one, if I do say so myself — in the spirit of the feature request
> #5853.
:)
> On 14/12/2021 15.28, Marek Marczykowski-Górecki wrote:
> > I think it looks ok. Regardi
the GUI
domain to display the prompt. We do this for normal policy prompts.
Anyway, it's of course up to you whether you support GUI domain or
not...
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Nov 17, 2021 at 08:00:37PM +, Zrubi wrote:
> On 11/17/21 19:48, Marek Marczykowski-Górecki wrote:
>
> > > the folder name has a typo:
> > > qubes-udates-proxy vs. qubes-updates-proxy
> >
> > >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Nov 17, 2021 at 07:37:28PM +, Zrubi wrote:
> On 11/17/21 19:27, Marek Marczykowski-Górecki wrote:
>
> > Try `systemctl status qubes-updates-proxy` there.
>
> user@sys-firewall ~]$ sudo systemctl status qubes-updat
hows up
> by
> `systemctl list-units`
>
> Any advice what to check?
Try `systemctl status qubes-updates-proxy` there.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Nov 17, 2021 at 06:40:01PM +, Zrubi wrote:
> On 11/17/21 18:19, Marek Marczykowski-Górecki wrote:
> > On Wed, Nov 17, 2021 at 05:05:01PM +, Zrubi wrote:
>
> > > user@dom0 ~]$ sudo grep sys-net /etc/libvirt/l
t I recommend creating a new file with lower number and putting your
rule there - it will take precedence over later rules).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmGVR6MACgkQ24/THMrX
1yzFWgf9F7u73
, and willing to
share?
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmFuxJwACgkQ24/THMrX
1yyCawgAgDWRPueH/smmNRngYN3mPIHYxhQmvPhUElRl/JR4pYAk9l4btibOZ/4R
LwCXppeaTZaa9rIl6wG6peFiEfVd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Oct 11, 2021 at 10:35:11AM -0400, Demi Marie Obenour wrote:
> On Mon, Oct 11, 2021 at 04:28:01PM +0200, Marek Marczykowski-Górecki wrote:
> > On Mon, Oct 11, 2021 at 09:13:18AM -0400, Demi Marie Obenour wrote:
> > > On Fr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Oct 11, 2021 at 09:13:18AM -0400, Demi Marie Obenour wrote:
> On Fri, Oct 08, 2021 at 02:21:58AM +0200, Marek Marczykowski-Górecki wrote:
> > On Fri, Oct 08, 2021 at 02:12:08AM +0200, Simon Gaiser wrote:
> > >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, Oct 08, 2021 at 03:26:11AM +0200, Simon Gaiser wrote:
> Marek Marczykowski-Górecki:
> > Yes, I'd consider making split-gpg2 a socket-based service (with one
> > process handling several requests, to avoid process startup
74b31b3/agent/qrexec-agent-data.c#L215
> [3]: https://github.com/HW42/qubes-app-linux-split-gpg2
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmFfjyYACgkQ24/THMr
//dev.qubes-os.org/projects/core-admin/en/latest/qubes-events.html#handling-events-with-variable-signature
But that's for rST input, I'm not sure if the same will work with MD
input (likely yes).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
Dear Qubes Community,
We have just published Qubes Security Bulletin (QSB) 071: Fatal options
filtering flaw in Split GPG. The text of this QSB is reproduced below.
This QSB and its accompanying signatures will always be available in the
Qubes Security Pack (qubes-secpack).
View QSB-071 in the q
and retry.
> > Also is there a vm image of a proven good qubes-buidl system, as the build
> > system
> > is very sensitive to moon phase and moisture :-)
Yeah, that is a bit tricky indeed. But a VM image would hide issues we
should fix anyway...
- --
Best Regards,
M
ssion denied)
> make[1]: ***
> [/home/build/src/qubes-builder/qubes-src/builder-rpm/Makefile-legacy.rpmbuilder:37:
>
> /home/build/src/qubes-builder/chroot-dom0-fc33/home/user/.prepared_base]
> Error 1
>
> Any ideas?
Yes, one: https://github.com/QubesOS/qubes-issues/i
t version of this package or
> should I build it myself?
That's the way currently. I'm still debugging issues with
https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/pull/39,
will upload new package after that.
- --
Best Regards,
Marek Marcz
tegory for testing R4.1 [2]. It is also possible to creating a thread
on the forum via email - by sending a message to testing-4.1 at
forum.qubes-os.org.
[1] https://github.com/QubesOS/qubes-issues/issues
[2] https://forum.qubes-os.org/c/user-support/testing-4-1/24
- --
Best Regards
d"
That is expected, I think. Full support for USB devices is in progress:
https://github.com/QubesOS/qubes-issues/issues/5802
> I suspect the problem is that more files in the cab need to be installed
> but are missing. Does anyone know what files are needed, w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, May 10, 2021 at 11:56:51AM +, Rusty Bird wrote:
> Marek Marczykowski-Górecki:
> > On Mon, May 10, 2021 at 10:27:38AM +, Rusty Bird wrote:
> > > I was trying to check on the status of the Arch Linux template, b
filter?
Likely yes, for some weird reason. I've asked github support to restore
it.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmCZEcoACgkQ24/THMrX
1yx6Mgf/cSsfJuvZFeJQWxUSrSQUBRMa0YZ
1 - 100 of 962 matches
Mail list logo