[qubes-users] Re: Making archlinux template: on make autoreconf not found but it is installed

[Facundo Curti]

El martes, 2 de agosto de 2016, 12:25:38 (UTC), Facundo Curti  escribió:
> Hi there. Someone can help me?
> I'm trying to make an archlinux template on qubes 3.2. But i'm having 
> troubles to compile.
> 
> When I do:
> $ make vmm-xen-vm
> 
> I get:
> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not found
> 
> But autoreconf is already installed:
> $ whereis autoreconf
> autoreconf: /usr/bin/autoreconf /usr/share/man/man1/autoreconf.1.gz
> 
> Here is the complete output:
> 
> [user@development qubes-builder]$ make vmm-xen-vm
> Currently installed dependencies:
> git-2.5.5-1.fc23.x86_64
> rpmdevtools-8.9-1.fc23.noarch
> rpm-build-4.13.0-0.rc1.13.fc23.x86_64
> createrepo-0.10.3-3.fc21.noarch
> debootstrap-1.0.81-1.fc23.noarch
> dpkg-dev-1.17.25-6.fc23.noarch
> python-sh-1.11-1.fc23.noarch
> dialog-1.3-4.20160424.fc23.x86_64
> --> Archlinux dist-prepare-chroot (makefile):
>   --> Checking mounting of dev/proc/sys on build chroot...
>   --> Synchronize resolv.conf, in case it changed since last run...
> -> Building vmm-xen (archlinux) for archlinux vm (logfile: 
> build-logs/vmm-xen-vm-archlinux.log)
> --> build failed!
> ==> Retrieving sources...
>   -> Found xen-4.6.1.tar.gz
>   -> Found series-vm.conf
>   -> Found apply-patches
> ==> WARNING: Skipping all source file integrity checks.
> ==> Extracting sources...
>   -> Extracting xen-4.6.1.tar.gz with bsdtar
> bsdtar: Failed to set default locale
> ==> Starting build()...
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/qemu-tls-1.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/qemu-tls-2.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.qubes/xen-shared-loop-losetup.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.qubes/xen-no-downloads.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.qubes/xen-hotplug-external-store.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.qubes/xen-tools-qubes-vm.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/libxc-fix-xc_gntshr_munmap-semantic.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/libvchan-Fix-cleanup-when-xc_gntshr_open-failed.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/0101-libvchan-create-xenstore-entries-in-one-transaction.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/0001-configure-Fix-when-no-libsystemd-compat-lib-are-avai.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/0001-libxc-prefer-using-privcmd-character-device.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/0001-tools-hotplug-Add-native-systemd-xendriverdomain.ser.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.security/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.libxl/0001-libxl-trigger-attach-events-for-devices-attached-bef.patch
> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i 
> ./patches.misc/0001-systemd-use-standard-dependencies-for-xendriverdomai.patch
> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not found
> ==> ERROR: A failure occurred in build().
>     Aborting...
> /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: 
> recipe for target 'dist-package' failed
> make[2]: *** [dist-package] Error 2
> Makefile.generic:139: recipe for target 'packages' failed
> make[1]: *** [packages] Error 1
> Makefile:208: recipe for target 'vmm-xen-vm' failed
> make: *** [vmm-xen-vm] Error 1
> 
> 
> Some ideas? :P

Someone? :S
I'm still having the problem. I tried making everything from fresh in a new VM, 
but i get the same error :P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/64becca4-2d05-4628-8dcc-6254305a5757%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?

[Manuel Amador (Rudd-O)]

On 08/02/2016 06:10 PM, grzegorz.chodzi...@gmail.com wrote:
>
> Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g 
> gaming motherboards can update itself over Ethernet connection, reinstall 
> itself from scratch and sometimes contains a built-in mini-linux. If you do 
> not need such bonuses then legacy BIOS will do just fine.
>

How do you / how can I identify these malevolent mobos?


-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c85cede-2538-0f56-d011-f38e1eb09181%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Battery Life Qubes 3.2 rc2

[Iestyn Best]

That's great to hear Peter.

Things are getting better all the time. Great work Qubes team.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4ba6fd7-7ca0-44b1-93e8-cb37e56ec777%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question about Whonix / Tor Browser / exploits

[Jeremy Rand]

neilhard...@gmail.com:
> I have a question about Whonix/Tor Browser exploits.
> 
> I have played around a bit with Metasploit to see how browser exploits work.
> 
> They basically rig a web page with exploits, and then it does what's known as 
> "arbitrary code execution", to open up a "remote shell".
> 
> As far as I can tell.. the remote shell is running in the browser's RAM. They 
> are essentially hi-jacking the browser's RAM, and using it to run their own 
> remote shell.
> 
> The hacker then usually loads a file from the remote shell, onto the 
> computer's hard drive, in order to obtain persistence... As soon as the 
> browser tab closes, the remote shell is gone, hence why they need persistence.
> 
> So my question is about persistence.
> 
> Is it possible to simply remove the hard drive altogether from Whonix, to 
> prevent them achieving persistence...?
> 
> I know that TAILS simply doesn't have a hard drive at all.
> 
> Would this be useful to have in Whonix..? To remove the hard drive 
> altogether, perhaps in VM Settings in QUBES...?
> 
> Or is it possible to run a Xen exploit purely in the browser's RAM anyway...? 
> Thus, they don't even need a hard drive because they can just run the exploit 
> in RAM anyway...?
> 
> So the main question is really whether they can run the Xen exploit in RAM 
> anyway or not If not, then surely removing the hard drive itself 
> would be useful...?
> 
> Hopefully you understand my question.

It's possible to use Whonix as a DisposableVM (although it's not the
default configuration of a fresh Qubes installation), so in theory any
exploit placed in the VM will disappear when the VM is closed.  This
would, presumably, mitigate persistent malware placed via Firefox
exploits, but won't help against malware that combines a Firefox exploit
with a Xen exploit.  It still seems like an improvement against the
default configuration.

Cheers,
-Jeremy Rand

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49652994-14ed-c71c-3f0a-9c595d304940%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] MicroSD assigned to dom0 and not to sys-usb

[Jeremy Rand]

Marek Marczykowski-Górecki:
> On Mon, Aug 01, 2016 at 07:35:26PM +, 468ezc+5r0fnwy87qeag via 
> qubes-users wrote:
>> Hi,
> 
>> My MicroSD while attached is assigned to dom0 and not sys-usb as is 
>> supposed. Notwithstanding, USB devices are still assigned to sys-usb.
> 
>> Is this the intended behavior? Doesn't this increases, in the same manner as 
>> usb devices does, the surface attack in dom0?
> 
> Your (micro)SD card reader is probably not a USB device, but PCI device.
> Yes, it's better to assign it to some VM - sys-usb is ok. You can do
> this in VM settings - "Devices" tab.

Seems to me that assigning the SD controller to a different VM than
sys-usb would eliminate some attack vectors, since if they're assigned
to the same VM, IOMMU won't prevent software accessing the SD card from
attacking software accessing the USB devices (and vice versa).  A
doomsday scenario that comes to mind is when the USB controller is being
used to connect to the Internet via a phone tether, and the SD card is
storing some high-value data.  (My doomsday imagination is limited;
perhaps there are better doomsday scenarios.)

Is my intuition on this corect?

Of course, using a separate VM means increased RAM usage, which may or
may not be worth it.

Cheers,
-Jeremy Rand

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33219161-b369-6ddc-b4b2-f9e75310881d%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: What do you think about the idea of a FileVM?

[Andrew "Arthur" Summers]

I'm seriously taking this thread on a tangent, but are there any FOSS GUIs
that have been specifically built for Xen? Heck, any free proprietary GUIs?
I see paid options, abandoned projects, and cross-hypervisor solutions
(those don't tend to be great), but one reason I never delved into Xen is
that I couldn't figure out a good, free, standard GUI for management. I
figured that's one reason Qubes built one from scratch, but something
pre-existing would likely have OVA import functions.

Alright, now I'm starting to ramble...

On Tue, Aug 2, 2016, 9:01 PM Drew White  wrote:

> On Tuesday, 2 August 2016 08:43:43 UTC+10, fmu...@gmail.com  wrote:
> > I don't know about OVAs, but I imported a Virtualbox VM. If you search
> for virtualbox you'll find the post with the procedure. Maybe this link
> will work: https://groups.google.com/forum/#!topic/qubes-users/YQyRSoRQWCU
>
> I've been working on getting the OVAs decoded and imported for a while
> now. The primary issue us the fact that they can be OVA versions 1,2,3,
> etc.. And this causes issues within Qubes when it's decoded and put in.
>
> OVA1 is easy and just works. OVA2 is a little more tricky though.
>
> Qubes itself can't accomplish this because it can't do the later versions
> of the OVAs, however in my manager I have been adding in the software and
> configurations to allow for importing many different machines, including
> P2V support, but that is currently only for linux clients.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgb8MpgQHRp5hL6bzFLcEDbfzwZ9n%3D%2B6UZ8Jr5XD3hNOOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to encrypt Qubes OS?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-02 17:00, jamiesmithdat...@gmail.com wrote:
> HI!
> 
> I have tried to figure stuff out on my own, but as a very non-techy person,
> I find it hard!
> 
> What's the best way to secure my install of Qubes OS? I want to boot from
> a USB device on my PC when I want to use Qubes - is it possible to encrypt
> this USB and then boot from it?
> 
> Or... is there a way to create encrypted volumnes inside Qubes itself?
> Sorry to sound so newb-like, Im getting there just need some help as I want
> to move away from Tails and use something more secure!
> 
> Cheers ,
> 
> Jamie
> 

Qubes OS uses full disk encryption (FDE) by default:

https://www.qubes-os.org/doc/user-faq/#does-qubes-use-full-disk-encryption-fde

You can also manually configure your encryption settings, if you like:

https://www.qubes-os.org/doc/encryption-config/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXoVV+AAoJENtN07w5UDAwPMwP/irWB17ia1PdFTVLaIvPmSKP
ELbFTv/bcgYkpSltvqLa19s7mpBmdgYHw4QP22kfgIS+ZoeRopo3AdXwbgqCu+sJ
3DBQZ3KpApqSb8fjEOvmwpcw+yjDi/ZXb9SLGmtyA/UcvBxtjspaLWeLFGfBKVqY
6+9aZ9kqi3Idf9Gi7gtcus9dCB6i/Js7lGYZRo8/p8KJteKThgQq/txkwPOG7CdP
CUGiWHH2bzCGQgzfNhgOzXdImj/3OLjvvX25Xz8lEoEmVJWe8sEydrQMnBSOArgo
U4pxdkigTR9FRP+wLE6zN/fmwSXf4tyMm1ALNGKr5hLRlYA5EG/CitjOG0NWqmGR
LuFC15AAHQyQ12aZesxGva9s1HALHZ7xhabKf7LC/WNdnaRcQg7GvUr6G0jPDcxg
03Nvs7QeVj5/wXrBcMQiEDzHcCQ3bYCkQkFgf8BraBeFru6nMX9DarvTIu3jiOLZ
+tFEYVlkgos/t375edOhhz/OB2lou7/aV72HLUdrp7adjzcsKYuBTDcwXnwwe9EU
lkXOgCJe7uFnsoOn9+XCy+k6b7S+HX4eeB4jGG+DOT08Bv7VNkPR4k9JXnJA1DEW
z8/V6m4xVEAYkP+RtU5OpJViqFqpWBa5o5KNPWxWSK9lmZOfXpPxunKjqohuOQoH
/zun5EvdrCOISHK49tCS
=VHKW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c0d4f024-b2a3-c009-3930-af96dc2e4b16%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to encrypt Qubes OS?

[Franz]

On Tue, Aug 2, 2016 at 9:00 PM,  wrote:

> HI!
>
> I have tried to figure stuff out on my own, but as a very non-techy
> person, I find it hard!
>
> What's the best way to secure my install of Qubes OS? I want to boot from
> a USB device on my PC when I want to use Qubes - is it possible to encrypt
> this USB and then boot from it?
>

Just following standard Qubes installation you are being asked to encrypt
your disk giving two times a proper password. So i do not understand you
question; isn't that enough for you?

>
> Or... is there a way to create encrypted volumnes inside Qubes itself?


That is usually done in a Vault VM which is not connected to network and is
dedicated to just that.  You can organize yourself there in the same way
you would do in any normal linux distribution.


> Sorry to sound so newb-like, Im getting there just need some help as I
> want to move away from Tails and use something more secure!
>

> Cheers ,
>
> Jamie
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/895bcc21-5fe0-403b-a4b2-0f81a2755695%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qDsA79v%2B3sR8odMkNT5098rXPBggpBCnarNjhNQOF1Agg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Attaching a webcam from sys-usb to other appvm

[Franz]

On Tue, Aug 2, 2016 at 8:19 PM, Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-08-02 09:29, 46co2u+d7n6f69py4nlk via qubes-users wrote:
> > Hi,
> >
> > Is this possible and how can it be done? Unfortunately I didn't find any
> > how to explaining this.
> >
> >
> > Thank you
> >
>
> Sorry, that's not supported:
>
> "Other devices, such as USB webcams, will also work, but they will be
> accessible only from the USB qube itself, as explained above."
>
> https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-3
>
>
>
but isn't the last paragraph of your link actually mentioning that a USB
webcam can be "attached" to a "conferences qube", even if only under 3.2?

Well I do not have yet 3.2, but this seems interesting. May you please
elaborate a little bit about the use cases of this last paragraph?

It seems something totally different from the old USB controller
assignment. So what is that? Or even more interesting; for what purpose may
we use it?

Best
Fran

Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXoSqaAAoJENtN07w5UDAwIlgQAMVyrVZVlQZFfL5BYFar/5Z2
> sSNuJFHZDDKKS62njgi8bIn0ud1AUhk8tWdttBnccGxi1Tftsl1Z/Dr50s9UbEXP
> O/wXSgzeM3STzXqrjxskqsPhVHlqxs28sdPBz6dVnn12af1ripSG4AOR9DffQpmG
> xCwcl8M86wpmSOmb6xNTGS0ZE/q7b0c+DVUvHKxHLw4+nh5PIW0vOemkvaccK4cp
> BHRpFcKDigOA+JpXLVGWDt+89FWlyNcLa50o7mlI8g1D8IBSvn64gsdxxlf6lzwa
> a6LrnYCRiciA41kLgQGvg+nM4iNxs8XxSnxygwuyT1j91yRLWorY7CqFNjmih44x
> cS7i9V9ZuAXbuWxzSbJy5jmBDM2izmRiN5mEUr5d7jNdSgN/hachQlTBQgy4Q0E4
> E/9uOuvhJROtED2NxW2kJuZl2RGf4QGx7Hs15bwWk3qD07IE2Wf+WuFszSmIHhS1
> M+zScVxLzEMPtFk6bsyBNFCSa4+22MtdfhWMgdIPeRdcJuLB9uZFtf359p36DVCF
> yQD4LBuDKWjiQcoKQKvFfNmfz9COB2luWWhy+yezrmp0yAGm7LDRiYW+mdihSI6h
> p1P9jDIXdm91iIwvIl5onkiPTC0F0xWDqAoMg2FjgdDiiM2OxRST9Au/pkOdZP/0
> ea2BoQsfWNi7CtqjXcQy
> =aJfc
> -END PGP SIGNATURE-
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/401a6c9e-efb5-9b75-36a0-124a0b7fb405%40qubes-os.org
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qDBY9F%3DnLde__cBC2ifob-rrr2w4nykJgay5iU_EVmCtw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to encrypt Qubes OS?

[jamiesmithdating]

HI! 

I have tried to figure stuff out on my own, but as a very non-techy person, I 
find it hard!

What's the best way to secure my install of Qubes OS? I want to boot from a USB 
device on my PC when I want to use Qubes - is it possible to encrypt this USB 
and then boot from it?

Or... is there a way to create encrypted volumnes inside Qubes itself? Sorry to 
sound so newb-like, Im getting there just need some help as I want to move away 
from Tails and use something more secure!

Cheers ,

Jamie

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/895bcc21-5fe0-403b-a4b2-0f81a2755695%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Attaching a webcam from sys-usb to other appvm

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-02 09:29, 46co2u+d7n6f69py4nlk via qubes-users wrote:
> Hi,
> 
> Is this possible and how can it be done? Unfortunately I didn't find any
> how to explaining this.
> 
> 
> Thank you
> 

Sorry, that's not supported:

"Other devices, such as USB webcams, will also work, but they will be
accessible only from the USB qube itself, as explained above."

https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-3

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXoSqaAAoJENtN07w5UDAwIlgQAMVyrVZVlQZFfL5BYFar/5Z2
sSNuJFHZDDKKS62njgi8bIn0ud1AUhk8tWdttBnccGxi1Tftsl1Z/Dr50s9UbEXP
O/wXSgzeM3STzXqrjxskqsPhVHlqxs28sdPBz6dVnn12af1ripSG4AOR9DffQpmG
xCwcl8M86wpmSOmb6xNTGS0ZE/q7b0c+DVUvHKxHLw4+nh5PIW0vOemkvaccK4cp
BHRpFcKDigOA+JpXLVGWDt+89FWlyNcLa50o7mlI8g1D8IBSvn64gsdxxlf6lzwa
a6LrnYCRiciA41kLgQGvg+nM4iNxs8XxSnxygwuyT1j91yRLWorY7CqFNjmih44x
cS7i9V9ZuAXbuWxzSbJy5jmBDM2izmRiN5mEUr5d7jNdSgN/hachQlTBQgy4Q0E4
E/9uOuvhJROtED2NxW2kJuZl2RGf4QGx7Hs15bwWk3qD07IE2Wf+WuFszSmIHhS1
M+zScVxLzEMPtFk6bsyBNFCSa4+22MtdfhWMgdIPeRdcJuLB9uZFtf359p36DVCF
yQD4LBuDKWjiQcoKQKvFfNmfz9COB2luWWhy+yezrmp0yAGm7LDRiYW+mdihSI6h
p1P9jDIXdm91iIwvIl5onkiPTC0F0xWDqAoMg2FjgdDiiM2OxRST9Au/pkOdZP/0
ea2BoQsfWNi7CtqjXcQy
=aJfc
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/401a6c9e-efb5-9b75-36a0-124a0b7fb405%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Question about Whonix / Tor Browser / exploits

[neilhardley]

I have a question about Whonix/Tor Browser exploits.

I have played around a bit with Metasploit to see how browser exploits work.

They basically rig a web page with exploits, and then it does what's known as 
"arbitrary code execution", to open up a "remote shell".

As far as I can tell.. the remote shell is running in the browser's RAM. They 
are essentially hi-jacking the browser's RAM, and using it to run their own 
remote shell.

The hacker then usually loads a file from the remote shell, onto the computer's 
hard drive, in order to obtain persistence... As soon as the browser tab 
closes, the remote shell is gone, hence why they need persistence.

So my question is about persistence.

Is it possible to simply remove the hard drive altogether from Whonix, to 
prevent them achieving persistence...?

I know that TAILS simply doesn't have a hard drive at all.

Would this be useful to have in Whonix..? To remove the hard drive altogether, 
perhaps in VM Settings in QUBES...?

Or is it possible to run a Xen exploit purely in the browser's RAM anyway...? 
Thus, they don't even need a hard drive because they can just run the exploit 
in RAM anyway...?

So the main question is really whether they can run the Xen exploit in RAM 
anyway or not If not, then surely removing the hard drive itself would 
be useful...?

Hopefully you understand my question.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6738a699-2afb-4a73-ade2-203608f142a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Configuring OpenDNS in Qubes

[Qubed One]

m...@lamarciana.com:
>> If I understand correctly, permanently changing /etc/resolv.conf in the
>> ProxyVM to show:
>>
>>  nameserver 208.67.222.222
>>  nameserver 208.67.220.220
>>
>> should achieve that in a standalone ProxyVM.
> 
> Thanks for your answer. I thought that changing /etc/resolv.conf by hand was 
> not recommended because some other programs can overwrite it. Anyway, I tried 
> it and changes in /etc/resolv.conf in my standalone ProxyVM are lost once I 
> reboot...
> 


Are you using NetworkManager in that ProxyVM?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46da2e66-4687-886f-2250-43067e021d91%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?

[Bill Wether]

>Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g 
>gaming 
>motherboards can update itself over Ethernet connection, reinstall itself from 
>scratch and 
>sometimes contains a built-in mini-linux. If you do not need such bonuses then 
>legacy BIOS 
>will do just fine.

Oh, joy, yet another threat vector. AMI mobos for yours truly. 

Cheers

BillW

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3693c285-68fa-4bac-a1bb-ac7eb403de0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] x201t not compatible

[Bill Wether]

Try disabling VT-d in the BIOS. It's a common Lenovo problem. 

Cheers

BillW

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b692f2f5-a6ca-4ac8-880d-1c47904f0026%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?

[grzegorz . chodzicki]

W dniu poniedziałek, 1 sierpnia 2016 00:41:08 UTC+2 użytkownik Stephen Moreno 
napisał:
> Hi,
> 
> 
> 
> I'm looking to build a new desktop system for Qubes. In an ideal world I 
> would use a motherboard with a Libreboot open source BIOS, however this is 
> currently not practical.
> 
> 
> 
> I am therefore intending to use a motherboard with an AMD AM3 chipset, to at 
> least avoid the AMD PSP and Intel ME technologies. This would either contain 
> a proprietary legacy BIOS or a newer UEFI BIOS. My question is, what would be 
> most preferable for a secure Qubes system?
> 
> 
> 
> It is my current understanding that once a legacy BIOS has finished 
> initializing the hardware, it hands off to the OS and no longer executes. In 
> contrast, a UEFI BIOS has runtime services that continue to execute while the 
> OS is running.
> 
> 
> 
> I was therefore coming to the conclusion that if the BIOS was compromised 
> (and it could potentially be compromised before I received it), then a system 
> that could only run a legacy BIOS would be preferable, as it could 
> theoretically do less damage.
> 
> 
> 
> The Wikipedia page on UEFI also states, “UEFI can support remote diagnostics 
> and repair of computers, even with no operating system installed”. 
> (https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface)
> 
> This has me further concerned about UEFI in a proprietary form.
> 
> 
> 
> Are there any benefits of a UEFI BIOS that would outweigh my concerns?
> 
> 
> 
> Any input on this topic would be much appreciated.

Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g 
gaming motherboards can update itself over Ethernet connection, reinstall 
itself from scratch and sometimes contains a built-in mini-linux. If you do not 
need such bonuses then legacy BIOS will do just fine.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c36d44aa-90ca-43a2-baff-1b0f0b6603c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Attaching a webcam from sys-usb to other appvm

[46co2u+d7n6f69py4nlk via qubes-users]

Hi,

Is this possible and how can it be done? Unfortunately I didn't find any how to 
explaining this.


Thank you






Sent using GuerrillaMail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/806b4c9282497dc66e7c0d4a8bc9757eb058%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is it possible to attach usb devices to HVMs?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Aug 02, 2016 at 03:39:42PM +, 46cikr+6jqihtc138d2g via qubes-users 
wrote:
> Hi,
> 
> I have a windows HVM running, is it possible to do USB passthrough and attach 
> a USB device to it?
> How can this be done? 

Unfortunately no, currently USB passthrough work only on Linux.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXoMS5AAoJENuP0xzK19csmw4H/2VYTUHi5T23zDWt2hLrMdWh
rgPHWC7o36pmGSmilCxfGHqSPO+zGcYU9HIvudbC7CTPRVFW67vZvh0iO4KQjsvf
usPy1V2SpD0a3s8erD5pcxpTPCYKoyg3kY66AnREcsosBWwdEAuWsrW8LSeByQrq
vevnwhuCNiScl4LDaL9etAgBnCGTSD5N2TqWEgQmbvZ4SxOlseXfTa95NR3k245K
JRZ9UTU6xyt880yIy9ZyzCYhv03w/mPnnmZelCCqx0bnlYijyFhRGVb7QTjBho4b
zN2c5T17l9zoow80+glKzmNbfJb8axOJRiTnOdBAnbsG+VhUvU68su++tcgbeIw=
=cxcB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160802160512.GD32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Updated requirements for Qubes-certified hardware

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Aug 02, 2016 at 03:16:46AM -0700, pixel fairy wrote:
> Any laptops on the market meet these requirements yet?

According to this post[1], Thinkpad x320 (with coreboot installed)
should be ok. But we haven't tested it, and it isn't certified yet.

[1] 
https://groups.google.com/d/msgid/qubes-devel/20160724174753.GY16348%40chishio.swcp.com

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXoKipAAoJENuP0xzK19cskZQIAJQfcqKhuj4RSUA9GoQyaqg3
kVwzTtYcdzY3WsW1yDoCgWEemeW1AX5mh6WRVhKWGWjhkVr/sGlE8SPmaDIEZCEC
Mfpw5iavk8/Ms6MuImfqWplkJzXq9lE7+WoNIlwnbnywF8cQr3L8T2BfUGOpV3aB
FmBY8EN1AeYx4mu0CX0+C1mZIT1eVJsVhQe0DNANkImZ3BrKLIjF0k8X+OKM3Ofb
D7AZYrIWB5hr4oXSKKGf9ITm4H3scIlpJwP4AFHsd9VL1cfOiMJu91LcZ9q5yOET
6obo1HaQndNAuNoc1TAfaNJ5lZ8hanz6K0SfZ7JcZPtRovRfos7cvCTQCi0X2qY=
=J9TT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160802140528.GC32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] PS2 Mouse with adaptor

[Herbies]

Hi,

Qubes advice to use ps2 mouse and keyboard but is impossible to find one
in local shop.

I have bought some usb/ps2 adapter to connet usb keyboard and mouse to
my ps2 port. My keyboard is working well, but I have tried several model
of mouse unsuccessfully.

Do you know the reason because my usb mouses fail to function while
connected to the adapter?

Any other suggestion?

Thanks you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58ff77d6-a4c3-d57d-406a-ecc3477b1790%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Making archlinux template: on make autoreconf not found but it is installed

[Facundo Curti]

Hi there. Someone can help me?
I'm trying to make an archlinux template on qubes 3.2. But i'm having
troubles to compile.

When I do:
$ make vmm-xen-vm

I get:
/home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not
found

But autoreconf is already installed:
$ whereis autoreconf
autoreconf: /usr/bin/autoreconf /usr/share/man/man1/autoreconf.1.gz

Here is the complete output:

[user@development qubes-builder]$ make vmm-xen-vm
Currently installed dependencies:
git-2.5.5-1.fc23.x86_64
rpmdevtools-8.9-1.fc23.noarch
rpm-build-4.13.0-0.rc1.13.fc23.x86_64
createrepo-0.10.3-3.fc21.noarch
debootstrap-1.0.81-1.fc23.noarch
dpkg-dev-1.17.25-6.fc23.noarch
python-sh-1.11-1.fc23.noarch
dialog-1.3-4.20160424.fc23.x86_64
--> Archlinux dist-prepare-chroot (makefile):
  --> Checking mounting of dev/proc/sys on build chroot...
  --> Synchronize resolv.conf, in case it changed since last run...
-> Building vmm-xen (archlinux) for archlinux vm (logfile:
build-logs/vmm-xen-vm-archlinux.log)
--> build failed!
==> Retrieving sources...
  -> Found xen-4.6.1.tar.gz
  -> Found series-vm.conf
  -> Found apply-patches
==> WARNING: Skipping all source file integrity checks.
==> Extracting sources...
  -> Extracting xen-4.6.1.tar.gz with bsdtar
bsdtar: Failed to set default locale
==> Starting build()...
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/qemu-tls-1.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/qemu-tls-2.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.qubes/xen-shared-loop-losetup.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.qubes/xen-no-downloads.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.qubes/xen-hotplug-external-store.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.qubes/xen-tools-qubes-vm.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/libxc-fix-xc_gntshr_munmap-semantic.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/libvchan-Fix-cleanup-when-xc_gntshr_open-failed.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/0101-libvchan-create-xenstore-entries-in-one-transaction.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/0001-configure-Fix-when-no-libsystemd-compat-lib-are-avai.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/0001-libxc-prefer-using-privcmd-character-device.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/0001-tools-hotplug-Add-native-systemd-xendriverdomain.ser.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.security/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.libxl/0001-libxl-trigger-attach-events-for-devices-attached-bef.patch
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i
./patches.misc/0001-systemd-use-standard-dependencies-for-xendriverdomai.patch
/home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not
found
==> ERROR: A failure occurred in build().
Aborting...
/home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120:
recipe for target 'dist-package' failed
make[2]: *** [dist-package] Error 2
Makefile.generic:139: recipe for target 'packages' failed
make[1]: *** [packages] Error 1
Makefile:208: recipe for target 'vmm-xen-vm' failed
make: *** [vmm-xen-vm] Error 1


Some ideas? :P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABxff58hc4_u_8mYc2Z8TFUifFiZ%2BX_KDRRG-Mom%2BSDbt1C0Xg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Upgrading from Qubes 3.1 to 3.2 fail

[donoban]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 08/02/2016 11:44 AM, donoban wrote:
> 
> 
> On 07/31/2016 02:33 PM, Marek Marczykowski-Górecki wrote:
>> On Sun, Jul 31, 2016 at 01:53:26PM +0200, donoban wrote:
>>> Hi,
> 
>>> I tried to do the experimental process for upgrading to Qubes 
>>> 3.2. I followed the steps from 
>>> https://www.qubes-os.org/doc/upgrade-to-r3.2/
> 
> 
>>> All went fine until I rebooted the system (step 7). After 
>>> rebooting I had a lot of packages for update on dom0 (more
>>> than 1000), and when I tried to update them it failed because
>>> some dependency problems (I remember some perl packages but
>>> maybe there were more packages with problems).
> 
>> Those packages should be already handled in step 4.
> 
> Ok, doing same process on my other computer I've noticed I was 
> confused the first time. When I checked the qubes-core-dom0 I
> though it said version 3.2.X installed, but it was AVAILABLE. So
> there the dependency problem exists already in this step but I
> didn't notice.
> 
> Doing the command with --clean doesn't help.  How can I provide an 
> useful log of this?
> 
> Regards.
> 

I've pasted the update log:

https://paste.debian.net/786543
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXoI+MAAoJEBQTENjj7QilMNwP/AhUHFQBJYe4jRJeeML9iBFb
2Hfrk68Ak5wPoiZMvDCQl/mgLSo2/3UQHtrjNQOVWanDjcJ0H6XQ0DxrEogiytLj
f12g95EmmDK5/Od1sSbfKQkxIup/Ibh4whsHPX26lEA6loUivJIGGkq5FI0jer5E
iPYtiLndRUcMi1OnHuXFUp3eE0bZDeFaZ8NVV1LtporFo6G/cLk/DXyvlinaSffl
iIVudT++hUNrlKPVBEvyo1QMB8KmlbWU3a2jy8MBnedc9u/wTCStRHjgEN5Lit6S
x2/xwrOT/N0JpojRujWnVXduDF1f40/6kfkGGcBuFgNqmWNEoz2dxHDTCV91+UVN
+H7yiUDjaPLxMSPMz3og3H5Pdlyr4SfTYPJ2ZAOBoQLuRRRjE3NlNUzlw9yTEodl
HHBy5XdywFdvDkz69eRbr6socRofvzkhEzD0l/YYA7pKndgo8PvqAqi9hfFMZqOz
JWDKevIhJoeGrZUFCpbtBt63uDP4N86Qq1FHTHzEKj2pKAM54Q9vF33Ni2YVu6MI
t5nOUUSp1+64GtLOJmm1jJN4dxoPeZGDlex5M36OVQW9SQovhc6i25QOeblNd/ux
x9I8gkVKbSgyn6ILN7aN/9g4RujvyTdFxC+SGuMOy2GLsXZdeNVYyeDT4+U/dbLv
jn385ZmZ8DcTv/MonZqm
=QX4D
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/523409af-5c1b-a44d-ad1e-f0d6d0d8c32d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R3.0 - R3.1: Upgrade of Debian TemplateVMs crashes

[hedron]

Summary of Problem: During a fresh installation of Qubes R3.1, all restored 
Debian TemplateVMs crash during the apt-get dist-upgrade and can no longer be 
restarted.

Details: My preferred Qubes upgrade method is to do a fresh install to a new 
disk and backup/restore AppVMs and TemplateVMs from the previous version. This 
has highlighted two problems (the minor one first):

1. The documentation at 
https://www.qubes-os.org/doc/releases/3.1/release-notes/#upgrading details two 
upgrade methods:
[quote]The easiest and safest way to upgrade to Qubes R3.1 is to install it 
fromscratch and use qubes backup and restore tools formigrating of all of the 
user VMs.
Users of Qubes R3.0 can upgrade using experimentalprocedure.[/quote]



I can find no reference in the fresh-installation instructions for upgrading 
the TemplateVMs, which only seems to be mentioned in the "experimental method" 
section. Perhaps the term "experimental" is no longer appropriate and, if so, 
should ideally be dropped.

2. After a fresh installation of R3.1, I restored all AppVMs, HVMs and 
TemplateVMs (from R3.0) to the new system, I upgraded the Fedora TemplateVMs 
without problem using the "experimental" procedure but ALL 3 of my Debian-based 
TemplateVMs crash during the apt-get dist-upgrade step, leaving the VMs in an 
unusable state (cannot be restarted). 

Since this is consistent across all three of my Debian-based TemplateVMs 
(debian-8, debian-8-nonfree and debian-8-sandbox) it seems likely to be a bug. 
Right now, I've restored all three from backup and they are still usable in 
R3.0 form but some things (eg VM Manager Update) no longer work.

Is this a known problem? Is there a solution or workaround?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KO6kF0M--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Updated requirements for Qubes-certified hardware

[pixel fairy]

Any laptops on the market meet these requirements yet?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8715f91-5382-497a-9e7f-ef448a3c0411%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] x201t not compatible

[pixel fairy]

thought it should work. pretty standard i7 with intel graphics. no problems in 
linux. but ive tried 3 releases now and always get that Q in rainbow static 
trying to install it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82787c2a-4721-4bcf-86ae-5eab7fcc0e20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Upgrading from Qubes 3.1 to 3.2 fail

[donoban]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 07/31/2016 02:33 PM, Marek Marczykowski-Górecki wrote:
> On Sun, Jul 31, 2016 at 01:53:26PM +0200, donoban wrote:
>> Hi,
> 
>> I tried to do the experimental process for upgrading to Qubes
>> 3.2. I followed the steps from
>> https://www.qubes-os.org/doc/upgrade-to-r3.2/
> 
> 
>> All went fine until I rebooted the system (step 7). After
>> rebooting I had a lot of packages for update on dom0 (more than
>> 1000), and when I tried to update them it failed because some
>> dependency problems (I remember some perl packages but maybe
>> there were more packages with problems).
> 
> Those packages should be already handled in step 4.

Ok, doing same process on my other computer I've noticed I was
confused the first time. When I checked the qubes-core-dom0 I though
it said version 3.2.X installed, but it was AVAILABLE. So there the
dependency problem exists already in this step but I didn't notice.

Doing the command with --clean doesn't help.  How can I provide an
useful log of this?

Regards.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXoGuGAAoJEBQTENjj7QilMCUQAJGIJmdPO9vTvcuYzDynqBkx
eZIDUvC9AtHeZ8g37PeDmE6OpiDCYqF8Gx7njA2WpWwpVVAxGYZPb1b9gUeUUokN
NRlHNtzbdXvaIdYh6JejS2YuR1M5Iijy3tV6DUSqLTaDowpwdZNm5pBFOtsf1/UO
0n47K5/auLKkNplrgAS3roRFbt6K120hqsIYiWNJw4gNMGebSH9RcFnDlb13j9OD
83eFbfcPywHf8/WlmuKXmBJj70h/UKoVLakR7k0rHupGSzhwYHwY1azjzpb6ZEmR
3FoP9e67gIbJJT83H6qTsH14lqvDvf7BrmtMJAzUOmWDa3rAodkxgfk7M88Yv0gd
mhr3lJmLBR2iUlUucmx5eydTCws7sWAUAwe551f3ZnMnNCvr7+Z2JG/Nzrc/Xf/F
msukG+cMuMVd+G6rrGMF+Tj/5b9PW6XQA8WuMbQT90i3Uz6H21O0QI5H+K1MEQs4
ZYN4bNuoSr9hK+yBmm0m6TD1h39DrQ4RFIn38iIGAVfU52cabsZRPFX89prt8WNv
UVNUqprqbj3XgIA1BIDsxvjrbhkkqTxBoLmQOtZwafIF3s840S5AP1j4Q3RVbSSG
OnITmHqt+ynlXbHfUHBy4V0qI1M2QDmLk8MSlGREFnUi/Ky7VFYU9sn31LCTd4hh
4Jo1rKCPvspFtIQ65HOj
=EMFl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/87a6d4dc-ddfe-c843-109d-624f2c84c6c0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.