[qubes-users] Archlinux-template not sending application list to dom0

[necrokulto]

Is there anything I can do for i.e. scripts, command etc... if the 
Archlinux-template not sending the application list on every updates of its 
application to dom0? Should I recompile it back or not?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d93c247-938b-4818-a7d0-10a410595f30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Archlinux-template not sending application list to dom0

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-17 12:51, necrokulto wrote:
> Is there anything I can do for i.e. scripts, command etc... if the 
> Archlinux-template not sending the application list on every updates of its 
> application to dom0? Should I recompile it back or not?
> 

You can try to trigger it manually using this command (in dom0):

$ qvm-sync-appmenus 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3bOtAAoJENtN07w5UDAwcOQQAJo/BxfrFHnG0vq1mVVaq6/+
67FS4x7YC5djQnPxqoSFwqP6CowBVD5LVAzJ9e11U9dLjq3+aNicNuVxbqHspF5e
wxPZMPtBznJv6qJSgKwRddORb7bHiyaQTEkkWOrphVCsdeCosqQbCdjWCFRP3HMz
qIKukzIK3H0NNUMzj9cawq5SG5ApFIjI3VMdbQ+SLOAUT5RQlgKkEeuZQTi/MqlM
DigmYMyyJc6XuDaFGOBSLErbdCDh2VPf4okqPiUP8gdbZHGL79RWafCSRGpPIBvm
C3FUEgxU7ZzyKzwXISeMdxsugu7+K7Y6zozg/hLGFLMWjzMDelnxpC8tRSYfUsP0
ilb1GnE4By1fL8XIMGC0bVKqVlQSsZS1KO0/qcqQembU6bLgw8Bx9UqsW5zzmCUw
WOMj02gAK54q6T4PxjTN/eYlX6Sn4lbCOGy/9F4SkCjTLfBHU+CtHGFXGIXRIZtd
8CxWmcU8zBWrjw4NKHljtnszEk+2+9/z0VRS0xXplUR8pKn4+zxVEHKFsnHU//M7
Bx+M8wlHrePTAsUlaLsqxlRUJ0hDU20q8HSDyyVRcdRGKf1zgBXnsdTtWOTuEB1s
D1hSaIJ2NYGjWn9gUgHPgskh+idSohw9cwyzqG5vt3ZW/w0jhkxVdoDYocwOsPvj
aPVUQK13hZYUOXjTdGRi
=xjkR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16093ee4-353f-5128-9312-670a446333ca%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[rac9876]

> So for me, EncFS seems the way to go

I looked into using EncFS with Dropbox, but from what reading I did it seemed 
that EncFS was (1) old and not well maintained and (2) insecure whenever an 
attacker can see more than one version of the same file (that is, see the same 
file before and after a modification). Version 1.8 supposedly fixed some of the 
issues but this issue about being able to learn about a file's contents when it 
changes remains (as far as I can tell from reading around). Since Dropbox can 
always see files before and after modification (that's kind of the point of 
it), EncFS seems like an insecure choice to use with Dropbox.

So I'm still looking for a good solution for encrypting a single folder that 
will be synced.

Of course, Dropbox itself would be considered a security risk by many who are 
interested in Qubes. Myself, I'd put up with it if I could localize it to a 
dedicated AppVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de70f920-9f23-4745-8e59-08bd181242b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Thunar archive plugin plus xarchiver, ark or something similar on Dom0

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-17 09:27, Pawel Debski wrote:
> Folks,
> 
> usb storage devices get connected to Dom0 and I'm really lacking some 
> convenient way to peek into various archives, zips, etc.
> 
> How would you suggest to install Thunar archive plugin plus Xarchiver or 
> something similar?
> 
> Or is it a bad idea to add sw to Dom0 and/or review archives?
> 

Yes, this is a bad idea. A much better approach
is to use a USB qube, as described here:

https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-2

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3bNDAAoJENtN07w5UDAwXRkQAIMANuxtznwApfHUBDa6PG/0
3gSmeoXDczpzjpZnR6glG397RybhlvKNDNC9Th+MzZ1HLbFla04rG+zH92+KN7Ad
F3yEp0Ishkm75CdADOMBWAq0Cb2xfEgjOStI4SMezrVE4N59g4Xnk1zUjPR65hBY
xDs2X2kgRO//qlafD65NZegtmLNOktBX9YPrOcHKbb0NGCu4ccjRIGuBzRpGmAKj
rFcMj7DrZhcKJAPFk4WZ3vDY6NQKHVDjeB3DYwjmuPTeniXb5eZ0h+0D3xjxuv41
GVvOuLqvq7ikMG7j63UpFbAufe0992qVMrCdxlLPg/yzjMwAGvbPmUy6ChNBdmBF
bNHCTpE6nbmdVPmT6mM/Vlg4g4dr2hPpnEJYg8vF8LGYEBH/4X0s86zMoV785nQS
heZBNCg4m9kXm/9hutNO77b9LMASq8OGYzrFWnxmtN61Yva4kL6x9eeeptnsHWtS
6tTKflajx0OTBhv1zBpPw29IDbKr6CgdozvRPD4ugqVjYXSC8BfYhJGSK5IxeFnr
MXHTQ218j7Wb4LLcBFI+Ek9Tn3KUf+LlZXluU9T6349/8QvRVeSJ0qobcr7vsK7k
wyR7aoL8QROttJh+xQ6fUUSemj3MOSvsu8MogUwNpQq0R0/zY8NX/DuJKDvanFsk
fc0oJ8g8JTyF/knNunlO
=l8ZH
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d85b4e46-a23b-e9de-7d58-e2e15b29c2cd%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Debian-8 Update Hangs

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-17 07:21, amadaus wrote:
> In Qubes OS 3.2 rc2 updating Debian 8 via VM Manager and the terminal
> resulted in failure - it hangs forever. Consequently I tried a fresh
> install of OS 3.2 rc3. I successfully uddated Dom0, Fedora23 and Whonix
> templates BUT when it came to Debian-8 it stubbornly refuses to update.
> Anyone any suggestions as to what I'm doing wrong.
> PS the command i'm using in terminal is: sudo apt-get update && sudo
> apt-get dist-upgrade.
> 

I've noticed that when I update Debian and Whonix templates using that
command, the terminal appears to hang, but the template actually
updates successfully. Can you try running the same update command again
afterward? It should complete successfully (with 0 new packages
updated, available, etc.) the second time.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3bL1AAoJENtN07w5UDAwqWQP/0ifvVHhmThFWQd7jMbt223i
zi13hkVTED4LSVoK23WYshbsbrAnLh2xaV/Bz72GTevYvpvidT76hD38ce4VUuzI
NOKPGqlXXtg+tJf1GIAh8ruT7R5SfEWDYoaAc3Dfea+N90ILLFmVkPDEzZgVLWvb
r0KRGzmjAehL/L1zhe/+auIUzcjjtXrp/zpYcjC4wEW8cSWoNQ50DWvxIBlawxWu
pLofkFeduB9qG9fySoULGYi6AE/kEYpj2NWGhiO43drbaVzw33CpNTD9NzOWjpg6
MBo0S/3FdfT/GpwrZwrU5jxi8LIoDLmguyL/JjysZXGVdk1itTL793TbeiL35B+R
iKTsvkqxFfuj22RLJmmyOiTCq1/bMYnR5TEP7Vu4ZcKnL10eOhDfB98aLyqzxgVp
E4nrHgdBNzYo8zv9sEv8j0vq2VTdwAfrQExtcIgAP6pG1r/BEp0qpX6VBSzGMAzr
BxfnOk9HjJddIOsWWfEWoUV83nVmvmERZsLffS7HdhmmgjuhsN5uGFoEae/31Io3
JBjVAhkpLCrc/VX5jTQFya39xypO/qcyERdsY0wxtFbM5zXZIeUOiknZUXEqhb51
udhg5VBTkq9bqNgqaumdQ49QV7FhjaVTPuvx+PIm7YvXR1kI0hBk/CRzEgo1xQf9
GI/9mwZRByyxUDTOYA1A
=kPM4
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df252e7d-fff1-c817-d08a-dd09a37077fe%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Debian-8 Update Hangs

[amadaus]

Andrew David Wong:
> On 2016-09-17 07:21, amadaus wrote:
>> In Qubes OS 3.2 rc2 updating Debian 8 via VM Manager and the terminal
>> resulted in failure - it hangs forever. Consequently I tried a fresh
>> install of OS 3.2 rc3. I successfully uddated Dom0, Fedora23 and Whonix
>> templates BUT when it came to Debian-8 it stubbornly refuses to update.
>> Anyone any suggestions as to what I'm doing wrong.
>> PS the command i'm using in terminal is: sudo apt-get update && sudo
>> apt-get dist-upgrade.
> 
> 
> I've noticed that when I update Debian and Whonix templates using that
> command, the terminal appears to hang, but the template actually
> updates successfully. Can you try running the same update command again
> afterward? It should complete successfully (with 0 new packages
> updated, available, etc.) the second time.
> 
Here is the output from D8 terminal

 user@debian-8:~$ sudo apt-get update && sudo apt-get dist-upgrade
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Hit http://deb.qubes-os.org jessie InRelease

Get:2 http://security.debian.org jessie/updates/main amd64 Packages [304 kB]
Get:3 http://security.debian.org jessie/updates/contrib amd64 Packages
[2,506 B]
Get:4 http://security.debian.org jessie/updates/non-free amd64 Packages
[14 B]
Hit http://deb.qubes-os.org jessie/main amd64 Packages

Get:5 http://security.debian.org jessie/updates/contrib Translation-en
[1,211 B]
Get:6 http://security.debian.org jessie/updates/main Translation-en [162
kB]
Get:7 http://security.debian.org jessie/updates/non-free Translation-en
[14 B]
Ign http://deb.qubes-os.org jessie/main Translation-en_US

Ign http://deb.qubes-os.org jessie/main Translation-en

100% [Waiting for headers]
It is always at this pointthat the system hangs for hours.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9b7c3a7-2b08-a8a3-8ef5-9bab0fac889f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] installing Signal on Qubes mini-HOWTO

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, Sep 17, 2016 at 03:52:17PM +0100, IX4 Svs wrote:
> On Wed, Sep 14, 2016 at 9:26 AM, Marek Marczykowski-Górecki <
> marma...@invisiblethingslab.com> wrote:
> 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > On Wed, Sep 07, 2016 at 11:38:55PM +0100, IX4 Svs wrote:
> > > On Thu, Sep 1, 2016 at 8:41 AM, IX4 Svs  wrote:
> > >
> > > > On Thu, Sep 1, 2016 at 2:21 AM, Andrew David Wong 
> > > > wrote:
> > > >
> > > >> -BEGIN PGP SIGNED MESSAGE-
> > > >> Hash: SHA512
> > > >>
> > > >> On 2016-08-31 15:50, IX4 Svs wrote:
> > > >> > On Wed, Aug 24, 2016 at 11:10 PM, Andrew David Wong <
> > a...@qubes-os.org>
> > > >> > wrote:
> > > >> >
> > > >> >>
> > > >> >> On 2016-08-15 14:43, IX4 Svs wrote:
> > > >> >>> On Mon, Aug 15, 2016 at 10:19 AM, Andrew David Wong <
> > a...@qubes-os.org
> > > >> >
> > > >> >>> wrote:
> > > >> >>>
> > > >> 
> > > >>  On 2016-08-14 15:22, IX4 Svs wrote:
> > > >> > Just spent a few minutes to figure this out so I thought I'd
> > > >> > share.
> > > >> >
> > > >> 
> > > >>  Thanks, Alex! Would you mind if we added this to the docs at some
> > > >>  point?
> > > >> 
> > > >> 
> > > >> >>> Not at all - especially if you improve my clumsy way of creating
> > the
> > > >> >> custom
> > > >> >>> shortcut (steps 7-12) and use the proper Qubes way that Nicklaus
> > > >> >>> linked to.
> > > >> >>>
> > > >> >>> Cheers,
> > > >> >>>
> > > >> >>> Alex
> > > >> >>>
> > > >> >>
> > > >> >> Added:
> > > >> >>
> > > >> >> https://www.qubes-os.org/doc/signal/
> > > >> >>
> > > >> >>
> > > >> > Andrew, thanks for adding this to the documentation.
> > > >> >
> > > >> > I'm afraid my DIY shortcut kludge does not survive some(potentially
> > boot
> > > >> > time) script and is wiped away from the taskbar, only to be
> > replaced by
> > > >> a
> > > >> > default "Chrome browser" shortcut. I admit I don't quite comprehend
> > what
> > > >> > the actual implementation of
> > > >> > https://www.qubes-os.org/doc/managing-appvm-shortcuts/#
> > tocAnchor-1-1-1
> > > >> > should be.
> > > >>
> > > >> Neither do I. I've always make my custom shortcuts the same general
> > way
> > > >> you do.
> > > >>
> > > >>
> > > > Ah, we have a usability issue here then.
> > > >
> > > >
> > > >> > A worked example that replaces all but the first step of the "
> > Creating
> > > >> a
> > > >> > Shortcut in KDE" section of https://www.qubes-os.org/doc/signal/
> > would
> > > >> be
> > > >> > very much welcome.
> > > >> >
> > > >>
> > > >> Agreed.
> > > >>
> > > >
> > > > Can someone who has figured out how to create one-click buttons to
> > launch
> > > > arbitrary applications in AppVMs chime in with an example please? I'll
> > then
> > > > test it and Andrew can stick it in the wiki for all Qubes users to
> > benefit.
> > > >
> > >
> > > I had a look myself and may have figured out the "proper" way of
> > creating a
> > > shortcut to launch Signal. By the way I submitted a pull request for the
> > > documentation at https://www.qubes-os.org/doc/m
> > > anaging-appvm-shortcuts/#tocAnchor-1-1-1 because its language is
> > slightly
> > > inaccurate.
> > >
> > > These instructions (after verification) should replace the shortcut
> > kludge
> > > of the signal page you created:
> > >
> > > My Signal AppVM uses the fedora-23 template, and I have renamed the
> > > .desktop file that Chrome created on that AppVM's desktop to
> > > signal.desktop. Now what?
> > >
> > > 1. Open a dom0 terminal, cd to /var/lib/qubes/vm-templates/fedora-23/
> > > 2. Copy Signal:/home/user/Desktop/signal.desktop to
> > > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.templates/signal.desktop
> > > 3. Lightly edit
> > > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.templates/signal.desktop
> > to
> > > be as follows:
> > >
> > > [Desktop Entry]
> > > Version=1.0
> > > Type=Application
> > > Terminal=false
> > > X-Qubes-VmName=%VMNAME%
> > > Icon=%VMDIR%/apps.icons/signal.png
> > > Name=%VMNAME%: Signal Private Messenger
> > > GenericName=%VMNAME%: Signal
> > > Comment=Private Instant Messenger
> > > Exec=qvm-run -q --tray -a %VMNAME% -- 'qubes-desktop-run
> > > /home/user/Desktop/Signal.desktop'
> > >
> > > 4. Copy
> > > Signal:/rw/home/user/.local/share/icons/hicolor/48x48/
> > apps/chrome--Default.png
> > >  to
> > > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.
> > templates/apps.icons/signal.png
> > >
> > > 5. Copy
> > > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.
> > templates/apps.icons/signal.png
> > > to
> > > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.
> > templates/apps.tempicons/signal.png
> > >
> > > 6. At this point you should be all set. Ensure Qubes knows about the new
> > > menu item you created by starting the fedora-23 template VM and then
> > > running in a dom0 terminal: qvm-sync-appmenus fedora-23
> > >
> > > 7. You should now be able to go back to the GUI and from the 

[qubes-users] Qubes Windows 10?

[Pawel Debski]

Folks,

I have Qubes 3.2 up, updated & running like a charm. Now the Microsoft 
challenge. The doc @ https://www.qubes-os.org/doc/windows-appvms/ 
instructs to use Windows 7. Do you suggest to stick with version 7 or go 
ahead to 10 / 8?


--

Z powazaniem / Best Regards
Mit freundlichen Gruessen / Meilleures salutations
Pawel Debski

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/989b2610-e0c7-d35b-7424-45d1235f97b0%40econsulting.pl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Compiling Archlinux Template failed on make qubes-vm/vmm-xen-vm

[necrokulto]

Successfully built the Archlinux template with xen-4.7 but needs to comment 
some patches-set that's not available on the vmm-xen folder, set cflags to 
ignore indentation error and clone pulsecore-8 to pulsecore-9 (since this file 
not available). I'm not sure if this trick will get me more trouble in the 
future or not. If anyone have better solution, come forward and tell me yours.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ca3448b-292a-43b4-aa79-bb4033551457%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

[almightylaxz]

I have been doing some tests using a GTX 1070, on Qubes R3.2, I think it is 
fair to say GTX 900 and 1000 series cards are unusable right now going by user 
reports.

Booting in BIOS mode without self-test:
Starting installer, one moment...
*black screen*

Booting in BIOS mode with self-test:
Starting installer, one moment...
*scrolls too fast to read*
17:47:03 Not asking for VNC because we don't have a network
17:47:03 X startup failed, falling back to text mode

Then I am placed in the anaconda CLI install. Trying to go through with the CLI 
installer fails while trying to set an install destination. Selecting LUKS 
results in the following errors:

Generating updated storage configureation
storage configuration failed: autopart failed:
Encryption requested for LUKS device sdc2 but no encryption key specified for 
the device.

Booting using UEFI doesn't work either. It shows the 4 tux images and says:

[   0.00] efi: EFI_MEMMAP is not enabled.
[   0.00] esrt: ESRT header is not in the memory map.
[   5.760317] dracut-pre-trigger[401]: cat: /tmp/dd_disk: No such file or 
directory
[   37.945613] hid-generic 0003:1044:7A03.0008: item 0 1 0 8 parsing failed
[   38.003314] hid-generic 0003:1044:7A03.0008: No inputs registered, 
leaving
[   39.170611] sd 6:0:0:0: alua: Attach failed (-22)
{   9.139264] dracut-initqueue[506]: mount: /dev/sdd is write-protected, 
mounting read-only

The display then freezes, trying to switch tty doesn't show any effect.

I think this has something to do with nouveau. Searching around shows nouveau 
only got support for the GTX 1000 series in July. Perhaps Qubes is using an 
outdated version?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e0fa814-9da2-4d03-b5e3-4211f43bf5d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Proper way of implementing unlock with keyfile instead of passphrase

[Jan Betlach]

On Thursday, September 15, 2016 at 7:38:03 PM UTC+2, 0mn1...@gmail.com wrote:
> Good evening.
> 
> I'm hoping someone can give me a hand here. What I am trying to do is setup 
> my Qubes install so that "/" is unlocked with a keyfile and not a passphrase. 
> Preferably an encrypted keyfile that can be decrypted using keyscript in 
> /etc/crypttab. 
> 
> Adding a keyfile using cryptsetup and then adding an entry in /etc/crypttab 
> doesn't seem to work and I do not think forcing dracut to omit "systemd" is a 
> good idea, from my limited know-how.
> 
> Another solution I found is to copy the keyfile to initramfs but if it isn't 
> encrypted, another bad idea. I have not yet found a way to get keyscript to 
> work in order to encrypt the keyfile copied to initramfs.
> 
> Any information and help on this matter is greatly appreciated.

I am not sure if I can help with Qubes (Fedora), however on Arch I just create 
4096 bit key and add the keyfile to LUKS (cryptsetup luksAddKey /dev/sdx 
/crypted_keyfile.bin). I also make sure that nobody except Grub can read the 
file (chmod 000 / crypted_keyfile.bin). 
Then I add the crypted_keyfile for the LUKS partition to initramfs (adding 
FILES="/crypted_keyfile.bin" to mkinitcpio.conf and generate initramfs).
Obviously the crypted_keyfile can be located on separate USB flash...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e5b8323-ec08-446d-b06c-6b628db037fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: R3.2_rc3.iso Corrupt Download?

[amadaus]

Andrew David Wong:
> On 2016-09-16 04:41, amadaus wrote:
>> I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
>> signatures received the following output:
>> [user@rubbish ~]$ gpg -v --verify
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
>> gpg: armor header: Version: GnuPG v2
>> gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
>> 03FA5082
>> gpg: using PGP trust model
>> gpg: Good signature from "Qubes OS Release 3 Signing Key"
>> gpg: binary signature, digest algorithm SHA256
>> [user@rubbish ~]$ gpg --list-sig 03FA5082
>> pub   4096R/03FA5082 2014-11-19
>> uid  Qubes OS Release 3 Signing Key
>> sig  36879494 2014-11-19  Qubes Master Signing Key
>> sig 3E2986940 2016-01-04  [User ID not found]
>> sig 303FA5082 2014-11-19  Qubes OS Release 3 Signing Key
> 
>> As you can see signature E2986940 is unknown. I imported this key, it
>> belongs to "Kabine Diane "
>> This seems very suspicious. Should I delete the iso and try a fresh
>> download?
> 
> 
> Answered previously here:
> 
> https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ
> 
Sorry to waste your time. I should've researched the issue more
thoroughly before posting
> 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1543a91-198f-a8d8-58dc-b65c21f12527%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Debian-8 Update Hangs

[amadaus]

In Qubes OS 3.2 rc2 updating Debian 8 via VM Manager and the terminal
resulted in failure - it hangs forever. Consequently I tried a fresh
install of OS 3.2 rc3. I successfully uddated Dom0, Fedora23 and Whonix
templates BUT when it came to Debian-8 it stubbornly refuses to update.
Anyone any suggestions as to what I'm doing wrong.
PS the command i'm using in terminal is: sudo apt-get update && sudo
apt-get dist-upgrade.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nrjjh4%24h5v%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] installing Signal on Qubes mini-HOWTO

[IX4 Svs]

On Wed, Sep 14, 2016 at 9:26 AM, Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Wed, Sep 07, 2016 at 11:38:55PM +0100, IX4 Svs wrote:
> > On Thu, Sep 1, 2016 at 8:41 AM, IX4 Svs  wrote:
> >
> > > On Thu, Sep 1, 2016 at 2:21 AM, Andrew David Wong 
> > > wrote:
> > >
> > >> -BEGIN PGP SIGNED MESSAGE-
> > >> Hash: SHA512
> > >>
> > >> On 2016-08-31 15:50, IX4 Svs wrote:
> > >> > On Wed, Aug 24, 2016 at 11:10 PM, Andrew David Wong <
> a...@qubes-os.org>
> > >> > wrote:
> > >> >
> > >> >>
> > >> >> On 2016-08-15 14:43, IX4 Svs wrote:
> > >> >>> On Mon, Aug 15, 2016 at 10:19 AM, Andrew David Wong <
> a...@qubes-os.org
> > >> >
> > >> >>> wrote:
> > >> >>>
> > >> 
> > >>  On 2016-08-14 15:22, IX4 Svs wrote:
> > >> > Just spent a few minutes to figure this out so I thought I'd
> > >> > share.
> > >> >
> > >> 
> > >>  Thanks, Alex! Would you mind if we added this to the docs at some
> > >>  point?
> > >> 
> > >> 
> > >> >>> Not at all - especially if you improve my clumsy way of creating
> the
> > >> >> custom
> > >> >>> shortcut (steps 7-12) and use the proper Qubes way that Nicklaus
> > >> >>> linked to.
> > >> >>>
> > >> >>> Cheers,
> > >> >>>
> > >> >>> Alex
> > >> >>>
> > >> >>
> > >> >> Added:
> > >> >>
> > >> >> https://www.qubes-os.org/doc/signal/
> > >> >>
> > >> >>
> > >> > Andrew, thanks for adding this to the documentation.
> > >> >
> > >> > I'm afraid my DIY shortcut kludge does not survive some(potentially
> boot
> > >> > time) script and is wiped away from the taskbar, only to be
> replaced by
> > >> a
> > >> > default "Chrome browser" shortcut. I admit I don't quite comprehend
> what
> > >> > the actual implementation of
> > >> > https://www.qubes-os.org/doc/managing-appvm-shortcuts/#
> tocAnchor-1-1-1
> > >> > should be.
> > >>
> > >> Neither do I. I've always make my custom shortcuts the same general
> way
> > >> you do.
> > >>
> > >>
> > > Ah, we have a usability issue here then.
> > >
> > >
> > >> > A worked example that replaces all but the first step of the "
> Creating
> > >> a
> > >> > Shortcut in KDE" section of https://www.qubes-os.org/doc/signal/
> would
> > >> be
> > >> > very much welcome.
> > >> >
> > >>
> > >> Agreed.
> > >>
> > >
> > > Can someone who has figured out how to create one-click buttons to
> launch
> > > arbitrary applications in AppVMs chime in with an example please? I'll
> then
> > > test it and Andrew can stick it in the wiki for all Qubes users to
> benefit.
> > >
> >
> > I had a look myself and may have figured out the "proper" way of
> creating a
> > shortcut to launch Signal. By the way I submitted a pull request for the
> > documentation at https://www.qubes-os.org/doc/m
> > anaging-appvm-shortcuts/#tocAnchor-1-1-1 because its language is
> slightly
> > inaccurate.
> >
> > These instructions (after verification) should replace the shortcut
> kludge
> > of the signal page you created:
> >
> > My Signal AppVM uses the fedora-23 template, and I have renamed the
> > .desktop file that Chrome created on that AppVM's desktop to
> > signal.desktop. Now what?
> >
> > 1. Open a dom0 terminal, cd to /var/lib/qubes/vm-templates/fedora-23/
> > 2. Copy Signal:/home/user/Desktop/signal.desktop to
> > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.templates/signal.desktop
> > 3. Lightly edit
> > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.templates/signal.desktop
> to
> > be as follows:
> >
> > [Desktop Entry]
> > Version=1.0
> > Type=Application
> > Terminal=false
> > X-Qubes-VmName=%VMNAME%
> > Icon=%VMDIR%/apps.icons/signal.png
> > Name=%VMNAME%: Signal Private Messenger
> > GenericName=%VMNAME%: Signal
> > Comment=Private Instant Messenger
> > Exec=qvm-run -q --tray -a %VMNAME% -- 'qubes-desktop-run
> > /home/user/Desktop/Signal.desktop'
> >
> > 4. Copy
> > Signal:/rw/home/user/.local/share/icons/hicolor/48x48/
> apps/chrome--Default.png
> >  to
> > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.
> templates/apps.icons/signal.png
> >
> > 5. Copy
> > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.
> templates/apps.icons/signal.png
> > to
> > dom0:/var/lib/qubes/vm-templates/fedora-23/apps.
> templates/apps.tempicons/signal.png
> >
> > 6. At this point you should be all set. Ensure Qubes knows about the new
> > menu item you created by starting the fedora-23 template VM and then
> > running in a dom0 terminal: qvm-sync-appmenus fedora-23
> >
> > 7. You should now be able to go back to the GUI and from the Q menu: Q ->
> > Domain: Signal -> Signal: Add more shortcuts...
> > In the window that will appear, you should now have "Signal Private
> > Messenger" on the left list of available apps. I moved this to the
> > "Selected" list and hit OK, which put the entry in my Q menu.
> >
> > 8. Then I went to Q -> Domain: Signal. I right-clicked on "Signal:Signal
> > Private Messenger" and selected "Add to panel".

[qubes-users] Re: Proper way of implementing unlock with keyfile instead of passphrase

[0mn1cub3]

On Saturday, September 17, 2016 at 1:20:56 PM UTC+3, Jan Betlach wrote:
> On Thursday, September 15, 2016 at 7:38:03 PM UTC+2, 0mn1...@gmail.com wrote:
> > Good evening.
> > 
> > I'm hoping someone can give me a hand here. What I am trying to do is setup 
> > my Qubes install so that "/" is unlocked with a keyfile and not a 
> > passphrase. Preferably an encrypted keyfile that can be decrypted using 
> > keyscript in /etc/crypttab. 
> > 
> > Adding a keyfile using cryptsetup and then adding an entry in /etc/crypttab 
> > doesn't seem to work and I do not think forcing dracut to omit "systemd" is 
> > a good idea, from my limited know-how.
> > 
> > Another solution I found is to copy the keyfile to initramfs but if it 
> > isn't encrypted, another bad idea. I have not yet found a way to get 
> > keyscript to work in order to encrypt the keyfile copied to initramfs.
> > 
> > Any information and help on this matter is greatly appreciated.
> 
> I am not sure if I can help with Qubes (Fedora), however on Arch I just 
> create 4096 bit key and add the keyfile to LUKS (cryptsetup luksAddKey 
> /dev/sdx /crypted_keyfile.bin). I also make sure that nobody except Grub can 
> read the file (chmod 000 / crypted_keyfile.bin). 
> Then I add the crypted_keyfile for the LUKS partition to initramfs (adding 
> FILES="/crypted_keyfile.bin" to mkinitcpio.conf and generate initramfs).
> Obviously the crypted_keyfile can be located on separate USB flash...

Greetings.

Guess I'll go with copying the keyfile to initramfs and encrypting it with gpg, 
to be decrypted at boot via password. On Debian this was straightforward, 
adding "keyscript=/lib/cryptsetup/scripts/decrypt_gnupg" in /etc/crypttab but 
as of now I haven't found an equivalent for Qubes or Fedora. Suppose I'll have 
to keep looking.

Thank you for your reply and have a good one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f15f1ff-93c5-4dda-a84e-07f02a4ce4f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Windows 10?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-17 00:56, Pawel Debski wrote:
> Folks,
> 
> I have Qubes 3.2 up, updated & running like a charm. Now the Microsoft 
> challenge. The doc @ https://www.qubes-os.org/doc/windows-appvms/ instructs 
> to use Windows 7. Do you suggest to stick with version 7 or go ahead to 10 / 
> 8?
> 

Windows 8 and 10 aren't yet supported by Qubes Windows
Tools, but we're currently working on it:

https://github.com/QubesOS/qubes-issues/issues/1861

For now, Windows 7 is better supported, so it's the
recommended version.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3ROlAAoJENtN07w5UDAw4mIP/2Y47ABcimodfaMe9wdiaydQ
rzt2CoiIArdf//JeAcviaH3y9W90WyzoD+wMy6B3yJYHIhdOt2X03f51ZSNQsfn6
1cngJGkOKMy409cTBoIHbVMHnx0xjhzyWkaVoESYCtunjuwlRHRK5Y0KuCbYqVJV
dZI0ZrKb3CPNcdZI0/emNsqwz16kQeUiHGisve6a5cYDuUhXdNR0id/jbeBkDPUn
iNtNxY3kQbWiOdbPQOdcSqrM4G66dG5IQVzy4krk97/rAroWUCBNijHA7C95/Mh0
cJB2bnu1wZl17scLTAH5G0pKdcSDzm+fIiC8tItUPRXsa5tHXSIVvMHRYJ4IiZXa
EuKADnge41JbOQ/iK8xzE6be3PYsHNLNJjA8wX5/n74ZIUShG3FSJiM2Nsu9sMM4
e8XvhWTjb1Gdvrd5Yeb2hWhl1JfS+ugt53RTUl6E9MZIDm7JFuNd2b0SufBj6fNc
XbIX2F2FZjsp4meldxqSGTqVt/NkPmMXFVnWNxKfW/pcXpMO/4RE6FP1jHI3PyQ4
f7kyRg9x2JdH1qRhgzJAKL/EADCeuiL/Ezt7ACvlfwNybqUO8m0KCeLyfbIDo17Y
aulj+SDB5RF0ASpwtB9ceFarVBs033lM653fee9yZoocb9jATgRaxqRDPhWuUTLL
7XovtF30CnoqGZLBbX9C
=0IJ3
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4458e2d-29c6-2b90-3b20-91bb34140f70%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Thunar archive plugin plus xarchiver, ark or something similar on Dom0

[Pawel Debski]

Folks,

usb storage devices get connected to Dom0 and I'm really lacking some 
convenient way to peek into various archives, zips, etc.


How would you suggest to install Thunar archive plugin plus Xarchiver or 
something similar?


Or is it a bad idea to add sw to Dom0 and/or review archives?

--

Z powazaniem / Best Regards
Mit freundlichen Gruessen / Meilleures salutations
Pawel Debski

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5a1f1d0-ff22-1fce-2c13-1aa1136841af%40econsulting.pl.
For more options, visit https://groups.google.com/d/optout.