[qubes-users] Cant Update with Fedora 24 minimal template as net-vm
I've setup a new firewall-VM & net-vm to use the fedora-24-minimal-template, Firewall uses base template with no aditional packages. the net-vm is a cloned fedora-24-minimal-template with the following packages installed (NetworkManager network-manager-applet dbus-x11 dejavu-sans-fonts tinyproxy notification-daemon gnome-keyring). I didnt add wireless stuff cos i dont need it. when using fedora24-net-vm via the fedora24-firewall-vm, i have internet access in app vms, but updates to templates time out. BUT when i route through the Qubes default sys-net and sys-firewall, updates work fine. Under global settings i have changed the update Vm to the new fedora24-minimal-firewall-VM (base template with no additional packages). Or should it be set directly to the net-vm? Im guessing im missing a package or a setting? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5dfef4af-e6b4-4d59-b9c2-daca4d9fbb84%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: What? Can I access a windows USB drive?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-09 08:09, elsiebuck...@gmail.com wrote: > I right clicked (Q manager) work vm left clicked attached block > devices. Opened files (work vm) and this time I couldn't even find > the drive. Last time I found the drive, but couldn't access the > contents. > Instead of using Qubes Manager to attach it, try just opening Nautilus in your USB qube. It should appear automatically in the side bar or under "Other Locations." At least, this is what happens when I plug in an NTFS-formatted drive. (Actually, it should also work in the same way using qvm-block, but the let's try to eliminate some variables.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYnRpuAAoJENtN07w5UDAwZe8P/A0UlSRG9cZl+dQ3K3Km0Icy dF0fUgxqVTK9P0NDayFRpcyQvWwl5Ns4oC6wapg+lCFhsSRCHxZkcFKrh9qhahdH k35HaUxILzO76hCrmzZmdjnuEVDYno/THe4sckeR3qDsJG0v4azoJoAuikrwuVVf co234EV5sNmT9Ao+dHaR5PMH2xt/ibcDgPs8TRHdc3TvzSAWMUQGjPA3Y15ujyc4 XTuVrVqTopG5I7JDniKX4QU/K8tz7QTabp8+dpVAAoClAvylaGPDdNV+QUbRrdPu 02dR5WRH2+cYZtVzS2IqdmFvtwEUDdZUvUy6ErcwzDvfqzDVXY+TgftqJNSCGYEy Wi17ffKcOxQM53wcG21YyIwe8KrG3pU0OLCme/aXUq63BTWxijmcdGBhX9dYWFYf 5Lorq4tsyQU55xS+w7brbUqXS4gXH4J7qE7rk1T42OpEDP+XnCzT6h4+Ju1VCvi5 9vMGXAFxn8rQ6RjiRm+Jf+3MrAKt1acK6FtHBWdfGs29t/612AoeSj5HUoSSCuck ot0Vsiwa4vDeZU+lQQ1pDGsU7mcJRhkBt7v8incOtgnFN0xq+6mXtNMCwOnuSLkY h4iW2IQsHMM4egeBp0FLXC4F+z5pQ4WRRadrkKGy+jzSSFsyOFThracuU9pf2Sjr Ma0FYFl6nJi1gezLqmJx =Wql9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54754809-5348-8e91-be86-bfb0cfa1080c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem with a Privacy Guide
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-09 03:33, Unman wrote: > On Thu, Feb 09, 2017 at 09:27:38AM +0100, wile.e.coy...@keemail.me wrote: >> >> Hello qubes-team, >> >> I'm actually facing a problem with a guide of yours. I've used the Privacy >> Guide "Tor Onion Repos" entering the following two commands: >> >> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' >> /etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo >> >> sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' >> /etc/yum.repos.d/qubes-templates.repo && cat >> /etc/yum.repos.d/qubes-templates.repo >> >> Now i cant resolve a connection to the update servers anymore, please tell >> me the right commands to reset it. >> >> By the way, I could not enter the other two commands because the following >> variables didnt exists on my new qubes r3.2 installation: >> >> $DebianTemplateVM >> $FedoraTemplateVM >> >> Because I ran into all these problems, I would prefer to just set it back. >> Please tell me how to. >> >> Thanks. =) > > It's important that you know what is happening here. > > sed is, as Bernhard tells you, a stream editor. It runs through a file > making edits. > The -i option allows you to change a file in place. > s/foo/bar will SUBSTITUTE (s) the phrase 'foo' with replacement 'bar' > > So that first command in dom0 went through the file > /etc/yum.repos.d/qubes-dom0.repo and on every line where it found: > yum.qubes-os.org > changed it to: > yum.qubesos4z6n4.onion > and then saved the changed file. > > Instead of the sed command, the instructions could say: > 1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text > editor. > 2. Look for every occurrence of yum.qubes-os.org, and change it to > yum.qubesos4z6n4.onion. > 3. Save the changed file. > > If you really want to set it back you can either reverse the sed > command, or make the changes manually in a text editor. > That is: > 1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text > editor. > 2. Look for every occurrence of yum.qubesos4z6n4.onion and change it to > yum.qubes-os.org. > 3. Save the changed file. > > Do the same for the other file. > That's reversed the changes you made. > > > The two variables that "dont exist" are just placeholders for the name > of the template that you want to change. > So instead of $DebianTemplateVM type in the name of the Debian template > that you want to affect. > The qvm-run command allows you to run programs on qubes from dom0 - in > this case, using sed allows you to change those files quickly from dom0 > instead of opening the TemplateVM, firing up a text editor and making > the changes in the TemplateVM. > > > What's puzzling is that you find that you can't connect to the update > servers anymore. (I assume that you mean from dom0 because you didnt > make any changes in Templates.) > It occurs to me that it doesn't actually say on the page that you will > need your updateVM to be running behind a Tor gateway for this method to > work. Perhaps you knew this? Perhaps not. You should ensure that you > made this change - if your updateVM is NOT running through Tor then > updates will always file. If it IS then they will fail some of the time > - that seems to be inevitable using Tor. > > If you really do want to revert then you dont need to worry about this. > Just revert the changes you made in the .repo files and things should > work again. > Thank you, unman, for the characteristically clear and comprehensive answer. That page was just meant to be a quick placeholder for people who know what they're doing. We should be able to take it down or rewrite it soon, once this is implemented: https://github.com/QubesOS/qubes-issues/issues/2623 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYnRmBAAoJENtN07w5UDAwWdwQALna4cIdUzg6HChKCYIcd0MC jAnvgJ0z4Tty7K4S0DE7YKMHk/HUhM6ZSCq/xAE9WmylJgR02jCvZnViB2Agphql 5mZFyjDL55AccKvi+UmhKtg04R6QpkCv53aKNsjB94VSMvYA7WN33HLKKavtIXuK fW30Zk8D5zx7ojnUsOLSzA6lSGWwOUDzNKShvAx0j6z6avv7cPAsTDdQKZKYyDwV vD8xm3hOlHzc6Uci0qGIJL38S6LDZ9YHqgpH3QsfmIbPvfUnfMRlrH7Khumm0Yww VXdChMRsug+N10MfRPN664J50SCFg83CCXXW+Lyz+86zptFzY+CVO2BWCKF4yKZV nJpsNKXMIZ/wDi1S89BGnDRW+mEWE3/KUCBuniGdbHSQqzUB/tbsABI8rD3ZG2t2 3cubP1Ne1ewFjkKUnBh+ejhgPPm+EvK6dDd22CuEmhitHu8hfYue2WDart36imK9 3rnOtNN1FlhdiRFQbA82yHzV5Rcz6ZUiV0cDZuwjwHx5mNgQTzGZrStx2VQQQkMx uWuermCXosB+LVqe3DNMGnBSNqbfMM7/eC3eNZCxMCGpTWd7fiPUCOHLYS28bz24 ZPuBQtkH1VmXdm0Eh30qMVNvo8aLe3fG6YPhiIxntmBBXCf6vnHRii1mm3gZFFg1 zHgWS/lZGYSdvBsrkzA4 =ca7v -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this di
[qubes-users] MakeMKV on blu-ray drive?
I'm new to Qubes, so apologies for the basic questions :) Can I rip a blu-ray from an internal SATA drive by attaching it as a block device? Or would I need to put the reader on it's own SATA controller and attach that? Also, does it matter if the OS is a HVM vs PV? Thanks! -J -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d5aba0fe-780c-442d-b791-34d6dfba7224%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ubuntu template
Thank you very much! I've been fighting with Ubuntu install as well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d4af28bd-1918-4336-8fd9-5883aa69f11f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Running qvm-create-default-dvm against fedora-24-minimal hangs
Hi again, On 31.01.2017 19:30, qu...@posteo.de wrote: Hi, I have tried to to create my own disposable vm based on the minimal Fedora 24 template and it always hangs during "Waiting for DVM fedora-24-minimal-dvm ...". The only difference to the original rpm template is sudo and the salt vm package. If I use the regular fedora-24 template it works fine. So which package or service am I missing? I have the package qubes-core-vm installed as described in the Wiki but it still does not work. Can anybody at least reproduce the issue? The qubes package seem to be the same for my disposable vm based on the minimal template and the default template. I have also read on this mailing list that you can use the minimal-template for disposable vms which does not work for me at all, even if I reset it. Thx in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37694f330f8a069cee1083f3e89adafe%40posteo.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Updating packages with salt does not refresh the repositories
Hi, I have an update.sls with the following content: updates: pkg.uptodate: - refres: True The problem is that if I run it, it always tells me that there are no new packages although Qubes shows that there are with the green arrow and if I run manually `dnf update` then packages are updated. The issues seems to be that the repository does not get refreshed even though I have it enabled, because if I refresh manually the updates get installed by salt. I have a workaround by calling `dnf makecache` before with salt, but this should be not necessary. Can anyobdy confirm this or knows why this happens? Thx in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d89ffa536cafe2fce56c95c9e13bf72%40posteo.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] backup failes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 haaber: > Cannot create /media/user/hexstring/qubes-backup/2017-02... : permission > denied. Try "sudo chown user:user /media/user/hexstring/qubes-backup". Rusty -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJYnPnSXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfgRoP/1dJWam9ej7w+LGSN8ECzDew t1eF65sNwrPiuZX6gZvOepkgKfqk7aUPYkeggW2MXnYPUGZKt4+ZOzFloV/29KOw JhCgSHjmTmati3E/vvAAgBSc+LxDeozweYM0OFTql0Q5s1ha8NtmEpqlHm94G6Ok x5XzYikRvVeHXoC3U4vmvAR974gWG9nUU+Oi4CDZrTAMQjR3uWjSqsQDH6r7vEuG 7/IWt/eFp3/196abeLqhV/zuwCzE9H6QyBMVfQOGbrJ2nKZjIStQw0v/X2vaG6nF gTtjzv3LSj5nhP8uzrlwvIfAG85WMWofjhsILuMMVv342GmupcMEwW2U2KEwH8LB f20H5c9iHPzzT3XTNzCRlO/be6igxHcGRsnBgH+KCZ++1B1sq4JROR5hOduu0hnD K9fOr6Buyg1lbz3W+1wFHXIs2mBppu936Kfhs0R6A4/2hCXhZKZm72aDgpVnEoTL MoTHHAaw6UW6iuBSirrzzvCuUhnjSPdcs7k1p9wdkwdMNmVaG5Xl+Qb6EB5XfrV0 kO2/F56OTZmsE8H3n0oF/sNwVAbZmN9g4eOujdDm0a4rHMx/fwQFGH9CrHsdKCK7 T5FhWHIXk0JJ7C98s9MNb+BWVIlkZ19RXPnKa5ishnuIkcEWG/+UE21UccUxh8mh yff9xd+OMCZ0mx9FaK9U =rDDj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170209232258.GA2634%40mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-users] backup failes
Hello, I tried the built-in backup procedure in qubes3.2 -- it fails (from qubes VM manager). The procedure I follow: I select only shutdown qubes, I select sys-usb as appvm (in which the ext. harddisc is mouted on /media/user/hexstring/ and in which I manually created a qubes-backup folder that I select. I enter the pwd, get the summary, say next again, and then: Error: failed to write the backup: Cannot create /media/user/hexstring/qubes-backup/2017-02... : permission denied. And that's it. Do you have some hint what my error may be? I read about te size issue of the qubes. I have more than 100G in total. I it that maybe? Can I only backup the old way (create a sparse file, loopback it, cryptsetup it, put ext2 on it, mount it, copy all private.img files) ? Thank you! Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/880a127f-8251-3946-1bf6-f8a19239c1bc%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Qubes R3.1] Installation problem: "NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s!"
Original Message Subject: [qubes-users] Re: [Qubes R3.1] Installation problem: "NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s!" Local Time: 22. November 2016 3:48 PM UTC Time: 22. November 2016 14:48 From: th.revi...@gmail.com To: qubes-users On Saturday, May 14, 2016 at 1:48:37 PM UTC+3, Danny Eagle wrote: > Full error message: > [5578494253.737246] NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s! > [NetworkManager: 1057] > > After choosing "Install Qubes" option this message pops up. > I'm installing it on desktop not laptop. > > If i take "Check hardware and install Qubes" I get to second window and it > freezes. Same bug here. Sometimes it says CPU#2, sometimes CPU #5. I algo get [Xorg 1224] at the end. It's a more recent Asus laptop with Core i7 6700HQ (Skylake) CPU. I should also mention that when I get the installation menu it says "processing" for installation source, and when I select it, it only gives me options for DVD, local iso, an network install - but I'm trying to install from a USB. What's up with that? The installation did boot from the USB and I chose DD mode in Rufus. I have that CPU stuck bug, too. But only on R3.2, R3.1 works fine for me. CPU is i5- 6440HQ. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YSqrIkv1bVrjSM3JCSkzPKOurekNRxYjZea4iXVhDQPIiKg6ihb30vIkkfuae2G_0iqeUe9FYHQwwSfCrqh_hN7B5quqt44GeGJQEXkgKOk%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Trouble installing Windows SP1 7 64-bit on Qubes 3.2
> I have the same Problem :( > When I change the model type to Cirrus,then appear a libvirtError that > doesn't make any sense to me: > > Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain > 'win7x64test2' ist bereits mit UUID ---- > definiert > > In english it should be something like: libvirt.libvirtError: operation > failed: Domain 'win7x64test2' already exists with UUID > ---- > > The Original command that I run: > qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso > --custom-config=/home/dave/Schreibtisch/win7x64test2.conf > > Can anyone help me please?? Run "virsh undefine win7x64test2" in dom0, then try again. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc1534f6-5a9f-4ad8-9ef2-e04e4467b525%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Trouble installing Windows SP1 7 64-bit on Qubes 3.2
On Thursday, February 9, 2017 at 12:19:47 PM UTC-6, bal...@gmail.com wrote: > I have the same Problem :( > When I change the model type to Cirrus,then appear a libvirtError that > doesn't make any sense to me: > > Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain > 'win7x64test2' ist bereits mit UUID ---- > definiert > > In english it should be something like: libvirt.libvirtError: operation > failed: Domain 'win7x64test2' already exists with UUID > ---- > > The Original command that I run: > qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso > --custom-config=/home/dave/Schreibtisch/win7x64test2.conf > > Can anyone help me please?? I was having the same issue, but these instructions worked for me. https://github.com/QubesOS/qubes-issues/issues/2488 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5de1c628-e458-43ac-99e1-6988d1d8d5d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Trouble installing Windows SP1 7 64-bit on Qubes 3.2
I have the same Problem :( When I change the model type to Cirrus,then appear a libvirtError that doesn't make any sense to me: Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain 'win7x64test2' ist bereits mit UUID ---- definiert In english it should be something like: libvirt.libvirtError: operation failed: Domain 'win7x64test2' already exists with UUID ---- The Original command that I run: qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso --custom-config=/home/dave/Schreibtisch/win7x64test2.conf Can anyone help me please?? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2d62d4d9-acb6-443d-8470-bffdc1b3bffa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes R3.2 on Thinkpad X250: cannot install Windows 7 (hangs on "Starting Windows" at install)
I have the same Problem :( When I change the model type to Cirrus,then appear a libvirtError that doesn't make any sense to me: Orignal Message: libvirt.libvirtError: Operation schlug fehl: Domain 'win7x64test2' ist bereits mit UUID ---- definiert In english it should be something like: libvirt.libvirtError: operation failed: Domain 'win7x64test2' already exists with UUID ---- The Original command that I run: qvm-start win7x64test2 --cdrom=/home/dave/Schreibtisch/win7_x64.iso --custom-config=/home/dave/Schreibtisch/win7x64test2.conf Can anyone help me please?? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e4471be-b137-4358-a57e-8e9a5bad7d96%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can't boot into Windows anymore on dual-boot
On Wednesday, 27 April 2016 17:53:55 UTC+2, TheGrandQubes wrote: > As this issue is not specific to qubes, you might have more luck looking into > a forum on linux / windows dual boot. > > > You need to install "reFInd" and see if there is an option to access your > windows. > If not : > - Save the EFI folder of your EFI partition > - Reinstall windows, > - Reinstall "reFInd" > - See if you have both options and if not, copy back some of the EFI files > that you saved. Maybe first only the qubes folder. > > > Booting from USB: can you remove the HDD from booting options in your bios > all together? > Booting from USB: in your bios, did you turn Fast boot and Secure boot off? > Booting from USB: try the following: use Refus or dd command in linux to copy > the "reFInd" on the usb stick and see if that helps. > > > On Tuesday, 26 April 2016 04:48:27 UTC+1, David B wrote: > > Installed Qubes 3.1 on Lenovo Thinkpad laptop x220 (with pre-installed > Windows 7) just fine > > LVM partition; automatic configuration > > However, I cannot boot into Windows anymore. I've tried UEFI only boot, > Legacy only boot. Only goes into Qubes > Also when I atttach liveUSB for other OS (e.g. Tails) , machine doesn't boot > from USB - goes straight into Qubes. > When I try to access /etc/grub.d/40_custom to add boot stanzas to multiboot, > I am denied permission to "cd grub.d" when I am in /etc directory > I tried to wipe my drive using dban (blancco 5) installed on a USB. Again, > machine doesn't load program from USB when I choose it from the BIOS boot > menu. > I don't care if I end up wiping Windows off the drive. I just want to be able > to use the full 120 GB of my drive because right now it seems to be > completely inaccessible. It would be nice to be able to load Windows somehow > onto Qubes but it is not essential. I copied the files from Windows from the > Thunar file system onto a USB. > I also think I didn't choose a root password when I installed and I wonder if > that is relevent to my problem (i.e. permissions) > Would be very grateful for help bc I have reached the limit of my computer > knowledge and nothing has worked. > > David I am having the same problem as David but I tried even further. I tried using rEFInd, which used to work before I installed Qubes but this time it doesn't list any options to load either Windows 10 or Debian (I had dual booting with these two before installing Qubes in another partition, planing to have a third OS for testing/learning purposes). Qubes discontinued its version for Live USB (it doesn't support it anymore so I discarded it). I tried EVERY SINGLE THING. I even loaded "Repair > Command Prompt" from a Windows 10 Repair USB Drive to run "bootrec.exe /FixMbr" and "bootrec.exe /FixBoot" and "bootrec /RebuildBcd" (which used to work before - yeah I learned a lot from my first dual booting experience), and although it printed "successful" the problem remained the same this time, after rebooting the machine (only Qubes showing up for loading). Then I also tried "bootsect /nt60 c: /mbr" (didn't work) and I tried "bootsect /nt60 ALL /mbr" (also nothing). So, I reinstalled Windows 10 (during the process I confirm current Windows would be renamed to Windows.old etc, etc.) and all files were copied and installed and everything went well but when it finally finished for rebooting, no Windows to load. I tried the same with Debian, reinstalling it again to its partition, and all went well but no booting for this either. Qubes completed "sealed" the MBR and EFI zones. Those cannot be re-written! In fact, I even went further resetting my BIOS, following HP instructions (my laptop is a "HP ENVY dv7" and tried to updated the BIOS again from a combination of instructions (pressing power button for 2/3 seconds while pressing Windows Key together with B or V) to start the process, which I remember worked once before, but for some reason is not working anymore. So it seems Qubes re-wrote something in my BIOS as well. Unbelievable. At this moment everything I get now is "Missing operating system" on my screen. I know my files are still there. The partitions are still there. Windows and Debian with all my personal files are still there. But I cannot access them. I simply can't. Qubes gives me only one option: reinstalling itself. It is like a malware which took reign of my laptop. Using another laptop (thanks God I have another one), I searched for "how to uninstall Qubes", "how to remove Qubes" etc. but all I get are pages talking about how to remove/reinstalling Qubes's templates. There is nothing about removing the OS itself. How can that be? Please, if anybody knows anything that can help me restoring my Windows I would appreciate very much. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an
Re: [qubes-users] Convert live system to VM in Qube OS?
On Sat, Feb 4, 2017 at 7:31 AM, Alex wrote: > First, you may already have thought about it, but the simple > transposition of a work pc to a VM environment (be it qubes or not) does > not give you any additional security benefit. It only increases the > compatibility problems! On the other hand, it allows one to start using qubes without suddenly breaking your entire workflow, and allows one to gradually adopt the Qubes model while still being able to get your work done. The realistic alternative is likely not trying Qubes and continuing to use your old system indefinitely because the perceived migration burden is too great. > If you want to > benefit from fake persistence of system files, you will need to try to > move as much software as possible in either the template (installing > with dnf) or in /usr/local/bin (if manually-compiled or direct binary > package). /usr/local/bin is not "fake-persisted", it is persisted. All of /usr/local is a symlink to /rw/usrlocal, which is persisted. > For your actual question, there's no tool to assist in "converting" a > live system to a Qubes VM: since there would be so little benefit > there's no actual reason to make such a tool. I disagree. I think a migration tool could be quite helpful, and I am often asked if one exists while promoting Qubes to friends. Unfortunately there are (and will likely always be) higher priority things to implement. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_DnNq33w%2BShrHc%2BeMmzx1pOW5MEj8cm4Q-Yw5O-8V4-FQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run fails silently with chromium
On Thu, Feb 09, 2017 at 04:08:54AM -0800, m...@lamarciana.com wrote: > > Is chromium the only program with which you experience this problem? > > Thanks for your answer Andrew. > > Thanks to a private reply I got, I have been seen that the problem is related > with my `PATH`. I have installed chromium via nix package manager, and for > this reason it is not in the `PATH` that dom0 is able to see. Answering your > question, it happens with any other package I installed with nix. > > It doesn't happen in my VM because there I have the `PATH` configured with > zsh when I log in. > > So, now, the question comes down to: how could I change my VM `PATH` seen > from dom0? I tried with my VM `~/.profile` and `~/.bashrc` but without > success. I suspect this may be related with another topic I open some time > ago: > > https://groups.google.com/forum/#!topic/qubes-users/G9F3EHpeU2Q > > Thank you very much > The issue you raise there arises because the xterm is not a login shell so will not use .profile. It is interactive so (using bash) will use .bashrc On the immediate question here you can always set the path explicitly: qvm-run -p qube "export PATH=$PATH: && foo" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170209171726.GA2064%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: What? Can I access a windows USB drive?
I right clicked (Q manager) work vm left clicked attached block devices. Opened files (work vm) and this time I couldn't even find the drive. Last time I found the drive, but couldn't access the contents. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cfb4a49e-6528-4d9d-8968-1dacf154ea2a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: what about usb to jtag interface?
On Thursday, February 9, 2017 at 3:54:03 AM UTC-8, Oleg Artemiev wrote: > I've heared that new intel mother boards will have (or already have) > ability to access jtag interface via USB. yes, skylake and kabylake processors. heres the ccc talk on it. https://www.youtube.com/watch?v=2JCUrG7ERIE > Does this mean that USB qube is now useless as a security border on > such a mother board? only if the manufacturer has it enabled. the only vendor who got back to me (and knew what i was talking about) when i asked was system76 to confirm that it is disabled on their lemur series. puri.sm was aware, but doesnt have any hardware out using those chips. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4638e95e-c1b8-4203-87dc-bfdcaaee68a7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Moving less used templates to secondary storage
On Thu, Feb 09, 2017 at 06:03:26AM -0800, Pablo Di Noto wrote: > Hello, > > Running 3.2 with XFCE. > > My notebook has a small SSD with Qubes boot and root/swap on it, and a larger > (and slower) SHDD mounted as /var/lib/qubes-add and configured as an > additional Xen pool. > > I am running out of space (and at the same time, losing speed drastically) on > the SSD, and half of the space is used by fedora-23, debian-8, debian-9 and > whonix-* templates. > > I decided to move the debian-8 and whonix-* templates to the additional pool, > but cannot make the move be recognized by Qubes (all command line utilities > obviously cannot find the templates). > > Question 1: Is this use-case --having templates on a secondary storage pool-- > supported? > Question 2: Which is the proper way to move the least used templates? I guess > qvm-prefs need to reflect the move somehow, but have not been able to deduce > myself. > > Willing to write up docs after done :-) > > Cheers, > ///Pablo > There's a section in the docs on this: www.qubes-os.org/doc/secondary-storage Did you read that? There's no need to configure a new storage pool. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170209153623.GB1291%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Ad-blocking ProxyVM?
On Thu, Feb 09, 2017 at 04:32:12AM -0800, Joe Ruether wrote: > Hello! > > I am trying to set up a proxy vm that will redirect DNS requests to a local > DNS server, for the purposes of adblocking. > > Here is the setup: > > internet <-> sys-net <-> sys-firewall <-> MY_PROXYVM <-> appvm_with_firefox > > I have created a proxyvm based on a debian-8 template, and have installed > PiHole (https://pi-hole.net/) as an adblocker. PiHole works by starting a DNS > server (dnsmasq) and rejecting any dns queries to domains that serve ads. > > If (in the proxyvm) I set the contents of /etc/resolv.conf to 127.0.0.1 and > open firefox (in the proxyvm), I can verify that the adblocker is working > correctly. > > The issue I am having is when I used the proxyvm as the netvm for another > appvm. Without any other changes, my appvm's firefox has internet access, but > the adblocker has no effect. Of course, some additional setup is needed, but > I'm not exactly sure how to do that. > > I'm not very good with iptables, and every attempt I have made to redirect > DNS to 127.0.0.1 in the proxyvm has failed (and caused both the proxyvm and > the appvm to lose the ability to browse). Here are the commands I ran (in the > proxyvm): > > #!/bin/bash > DNS=127.0.0.1 > NS1=10.137.4.1 > NS2=10.137.4.254 > iptables -t nat -A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $DNS > iptables -t nat -A PR-QBS -d $NS1 -p tcp --dport 53 -j DNAT --to $DNS > iptables -t nat -A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $DNS > iptables -t nat -A PR-QBS -d $NS2 -p tcp --dport 53 -j DNAT --to $DNS > > --- > > I pieced this together from what I could find from the VPN documentation on > the qubes website as well as the contents of > /usr/lib/qubes/qubes-setup-dnat-to-ns > > Running the qubes-setup-dnat-to-dns script by itself after changing > /etc/resolv.conf (all this on the proxyvm) didn't seem to have any impact. > > So! My question is, am I going about this correctly? I think I need to modify > the iptables in the proxyvm to redirect any incoming (from the appvm) DNS > queries to 127.0.0.1, while still allowing outgoing (to the internet, from > the proxyvm) DNS queries to get out. Along with this, I think I need to > ensure that there are rules that allow all other traffic to pass through > unhindered. > > Or is there a different, qubes-specific way of handling DNS that I should be > using? After inspecting the sys-firewall ipconfig and iptables, it is clear > that something behind-the-scenes is happening where an additional NIC is > created for each attached appvm, and the iptables are being populated > automatically somehow. I'm not sure how the proxyvm is supposed to get the > addresses of the appvm and sys-firewall (my script above had addresses > hardcoded). > > Thank you for any help! If I get all this working, I'm planning on making a > Salt file that can create the adblocking proxyvm. > I don't see any reason why this shouldn't work. I wouldn't be so specific in the nat rules but that's your call. Just protocol and post would suffice. One obvious point is that you are ADDING those rules to the end of the PR-QBS chain without flushing it first. If you already have redirect rules there they will trigger first. What does your nat table look like after you run that script? Another point may be that you don't have an incoming rule in the INPUT chain allowing inbound traffic to the DNS ports. Unless you've changed this the default rule will block inbound traffic from any vif interface. So you need to ensure you are allowing that traffic with an: iptables -I INPUT -i vif+ -p udp --dport 53 -j ALLOW Finally, you need to consider the effects of the qubes-firewall and qubes-netwatcher services. If you want to retain these you can use /rw/config/qubes-firewall-user-script to override the automatic Qubes configuration and insert your own iptables rules. You can also use rc.local to set initial iptables rules. Remember to make those files executable if you want to use them. Most of this is in the docs, although not easy to find. Hope this helps unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170209152124.GA1291%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Moving less used templates to secondary storage
Hello, Running 3.2 with XFCE. My notebook has a small SSD with Qubes boot and root/swap on it, and a larger (and slower) SHDD mounted as /var/lib/qubes-add and configured as an additional Xen pool. I am running out of space (and at the same time, losing speed drastically) on the SSD, and half of the space is used by fedora-23, debian-8, debian-9 and whonix-* templates. I decided to move the debian-8 and whonix-* templates to the additional pool, but cannot make the move be recognized by Qubes (all command line utilities obviously cannot find the templates). Question 1: Is this use-case --having templates on a secondary storage pool-- supported? Question 2: Which is the proper way to move the least used templates? I guess qvm-prefs need to reflect the move somehow, but have not been able to deduce myself. Willing to write up docs after done :-) Cheers, ///Pablo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e8a61aaf-0343-48aa-95ad-d213c9e12a36%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Ad-blocking ProxyVM?
Hello! I am trying to set up a proxy vm that will redirect DNS requests to a local DNS server, for the purposes of adblocking. Here is the setup: internet <-> sys-net <-> sys-firewall <-> MY_PROXYVM <-> appvm_with_firefox I have created a proxyvm based on a debian-8 template, and have installed PiHole (https://pi-hole.net/) as an adblocker. PiHole works by starting a DNS server (dnsmasq) and rejecting any dns queries to domains that serve ads. If (in the proxyvm) I set the contents of /etc/resolv.conf to 127.0.0.1 and open firefox (in the proxyvm), I can verify that the adblocker is working correctly. The issue I am having is when I used the proxyvm as the netvm for another appvm. Without any other changes, my appvm's firefox has internet access, but the adblocker has no effect. Of course, some additional setup is needed, but I'm not exactly sure how to do that. I'm not very good with iptables, and every attempt I have made to redirect DNS to 127.0.0.1 in the proxyvm has failed (and caused both the proxyvm and the appvm to lose the ability to browse). Here are the commands I ran (in the proxyvm): #!/bin/bash DNS=127.0.0.1 NS1=10.137.4.1 NS2=10.137.4.254 iptables -t nat -A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $DNS iptables -t nat -A PR-QBS -d $NS1 -p tcp --dport 53 -j DNAT --to $DNS iptables -t nat -A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $DNS iptables -t nat -A PR-QBS -d $NS2 -p tcp --dport 53 -j DNAT --to $DNS --- I pieced this together from what I could find from the VPN documentation on the qubes website as well as the contents of /usr/lib/qubes/qubes-setup-dnat-to-ns Running the qubes-setup-dnat-to-dns script by itself after changing /etc/resolv.conf (all this on the proxyvm) didn't seem to have any impact. So! My question is, am I going about this correctly? I think I need to modify the iptables in the proxyvm to redirect any incoming (from the appvm) DNS queries to 127.0.0.1, while still allowing outgoing (to the internet, from the proxyvm) DNS queries to get out. Along with this, I think I need to ensure that there are rules that allow all other traffic to pass through unhindered. Or is there a different, qubes-specific way of handling DNS that I should be using? After inspecting the sys-firewall ipconfig and iptables, it is clear that something behind-the-scenes is happening where an additional NIC is created for each attached appvm, and the iptables are being populated automatically somehow. I'm not sure how the proxyvm is supposed to get the addresses of the appvm and sys-firewall (my script above had addresses hardcoded). Thank you for any help! If I get all this working, I'm planning on making a Salt file that can create the adblocking proxyvm. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7df5d8c4-e52f-4eec-bbea-6c9646c9d3a7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows 7 unattanded setup HW detection failure
Hello, I tried to install our enterprise unattanded setup Win7 iso. With the cirrus driver it is started properly as well but my problem there is a hardware detection included in this setup image and it can't recognize the hardware. (Only two manufacturer is enabled at this moment on our network.) I don't have any technical knowledge regarding the virtualization. What do you think is it try to read the BIOS and cannot? Could you give me a hint to get a workaround? I would like to use the Qubes-os and our enterprise Win7 in a VM because it includes several specific tools what I not able to install to a normal Windows. Regards Arpad -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1c737e8-8b81-447d-882b-0e04bdcc7740%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run fails silently with chromium
> Hello, did you run "Add more shortcuts" at least once (look which apps > are there)? I got very confused by this point in another, maybe related > situation: when changing the templateVM you *must* do so, since symbolic > links to all apps are different in fedora and debian, for example. All > the best, Bernhard Thanks for your answer haaber. Yes, I run that... now I see it is related with the application PATH. Please, see previous replies for details. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d03a102-ece2-4642-9a61-bd803b8a6259%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run fails silently with chromium
> I dont see this behaviour in a TemplateBased qube, or a standalone. > In both, the browser just opens. > That's with a standard Debian-8 template. > > You can try running with '-p' option to see if any errors are being > thrown. Thanks for your answer Unman. The issue is that I installed it with nix package manager and then it ends up in another path. Please, see my previous reply for details. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d9b1e42-870c-4e93-8835-807a727c417b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run fails silently with chromium
> Is chromium the only program with which you experience this problem? Thanks for your answer Andrew. Thanks to a private reply I got, I have been seen that the problem is related with my `PATH`. I have installed chromium via nix package manager, and for this reason it is not in the `PATH` that dom0 is able to see. Answering your question, it happens with any other package I installed with nix. It doesn't happen in my VM because there I have the `PATH` configured with zsh when I log in. So, now, the question comes down to: how could I change my VM `PATH` seen from dom0? I tried with my VM `~/.profile` and `~/.bashrc` but without success. I suspect this may be related with another topic I open some time ago: https://groups.google.com/forum/#!topic/qubes-users/G9F3EHpeU2Q Thank you very much -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/acc2936b-4c14-4dbd-b426-624820d0d58b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] what about usb to jtag interface?
I've heared that new intel mother boards will have (or already have) ability to access jtag interface via USB. JTAG is about debugging hardware via special interface. Does this mean that USB qube is now useless as a security border on such a mother board? -- Bye.Olli. gpg --search-keys grey_olli , use key w/ fingerprint below: Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6O264MX6%3DqxQp0PpV8%2B1EKk7GQ4GjCGh%3DppZ5Gi_VR3EQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ubuntu template
On Thu, Feb 09, 2017 at 02:37:36AM -0800, damien.wa...@gmail.com wrote: > Hi, > > I am new into qubes (few months) and find it great. But I need a distro with > newer packages (debian jessie was fine until I ran in issues with encfs > compatibility). > > So I wanted to build an ubuntu template but I did not found clear > instructions. > > using https://github.com/QubesOS/qubes-builder and the setup script, I do not > get ubuntu to choose in the menu. > > On this forum, there is few posts about it but using privaze repo. > > I really need help on this :-) > > Best regards, > > Damien > Hi Damien, The Ubuntu builds are referenced in setup as Trusty and Xenial. I've just put in a series of Pull Requests that should allow straightforward builds of both. Wait a little while for them to be merged. It should then be a matter of: git clone https://github.com/QubesOS/qubes-builder cd qubes-builder ./setup make qubes-vm make template Copy generated Template to dom0 and install - there's a handy script provided to do this for you. I'll let you know when the PRs are merged. Focus at the moment is on the GSOC applications. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170209114141.GB32081%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem with a Privacy Guide
On Thu, Feb 09, 2017 at 09:27:38AM +0100, wile.e.coy...@keemail.me wrote: > > Hello qubes-team, > > I'm actually facing a problem with a guide of yours. I've used the Privacy > Guide "Tor Onion Repos" entering the following two commands: > > sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' > /etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo > > sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' > /etc/yum.repos.d/qubes-templates.repo && cat > /etc/yum.repos.d/qubes-templates.repo > > Now i cant resolve a connection to the update servers anymore, please tell me > the right commands to reset it. > > By the way, I could not enter the other two commands because the following > variables didnt exists on my new qubes r3.2 installation: > > $DebianTemplateVM > $FedoraTemplateVM > > Because I ran into all these problems, I would prefer to just set it back. > Please tell me how to. > > Thanks. =) It's important that you know what is happening here. sed is, as Bernhard tells you, a stream editor. It runs through a file making edits. The -i option allows you to change a file in place. s/foo/bar will SUBSTITUTE (s) the phrase 'foo' with replacement 'bar' So that first command in dom0 went through the file /etc/yum.repos.d/qubes-dom0.repo and on every line where it found: yum.qubes-os.org changed it to: yum.qubesos4z6n4.onion and then saved the changed file. Instead of the sed command, the instructions could say: 1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text editor. 2. Look for every occurrence of yum.qubes-os.org, and change it to yum.qubesos4z6n4.onion. 3. Save the changed file. If you really want to set it back you can either reverse the sed command, or make the changes manually in a text editor. That is: 1. Open the file /etc/yum.repos.d/qubes-dom0.repo in your favourite text editor. 2. Look for every occurrence of yum.qubesos4z6n4.onion and change it to yum.qubes-os.org. 3. Save the changed file. Do the same for the other file. That's reversed the changes you made. The two variables that "dont exist" are just placeholders for the name of the template that you want to change. So instead of $DebianTemplateVM type in the name of the Debian template that you want to affect. The qvm-run command allows you to run programs on qubes from dom0 - in this case, using sed allows you to change those files quickly from dom0 instead of opening the TemplateVM, firing up a text editor and making the changes in the TemplateVM. What's puzzling is that you find that you can't connect to the update servers anymore. (I assume that you mean from dom0 because you didnt make any changes in Templates.) It occurs to me that it doesn't actually say on the page that you will need your updateVM to be running behind a Tor gateway for this method to work. Perhaps you knew this? Perhaps not. You should ensure that you made this change - if your updateVM is NOT running through Tor then updates will always file. If it IS then they will fail some of the time - that seems to be inevitable using Tor. If you really do want to revert then you dont need to worry about this. Just revert the changes you made in the .repo files and things should work again. unman unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170209113328.GA32081%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] ubuntu template
Hi, I am new into qubes (few months) and find it great. But I need a distro with newer packages (debian jessie was fine until I ran in issues with encfs compatibility). So I wanted to build an ubuntu template but I did not found clear instructions. using https://github.com/QubesOS/qubes-builder and the setup script, I do not get ubuntu to choose in the menu. On this forum, there is few posts about it but using privaze repo. I really need help on this :-) Best regards, Damien -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d4cbc32-324c-4a20-8d67-665b08960886%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Question to Mirage OS firewall users
On Tuesday, February 7, 2017 at 5:31:25 PM UTC, Foppe de Haan wrote: > On Tuesday, February 7, 2017 at 6:22:53 PM UTC+1, Thomas Leonard wrote: > > On Tuesday, February 7, 2017 at 4:51:06 PM UTC, Foppe de Haan wrote: > > > On Tuesday, February 7, 2017 at 5:24:58 PM UTC+1, Thomas Leonard wrote: > > > > On Tuesday, February 7, 2017 at 3:55:30 PM UTC, Foppe de Haan wrote: > > > > > Anyone else tried to use MirageOS i.c.w. a torrent client? I've > > > > > allocated 60mb ram, but it crashes within 2-8 hours here, which is > > > > > kind of disappointing. > > > > > > > > Do the logs show an out-of-memory error when that happens? I haven't > > > > seen one for a long time now, but maybe torrents stress it more than > > > > usual. > > > > > > > > If so, it could be https://github.com/yomimono/mirage-nat/issues/17 - > > > > there's a Mirage hackathon next month and I'm hoping to get some time > > > > to work on this there. > > > > > > Yes. "Fatal error: out or memory. Mirage exiting with status 2" > > > > By the way, what version of the firewall are you using? > > If it's not qubes-mirage-firewall v0.2 then try upgrading first - there > > were lots of OOM problems in v0.1. > > > > > That said, 2 minutes earlier the log notes that memory use was still only > > > at 16.7/38.2 MB. > > > > The annoying thing about hashtables is the way they suddenly double in > > size. Since you're allocating 60 MB to the firewall (I only use 20 MB for > > mine), you could try adjusting the thresholds at these two lines: > > > > https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L41 > > https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L47 > > > > Change the 0.9 (allow 90% of memory to be used) to 0.4 in both places. If > > the NAT table is the cause, that should make the problem go away. > > > > > (Most of the log -- 90-95% -- consists of 'Failed to parse frame' > > > messages, btw.) > > > > "Failed to parse frame" probably means it saw an ICMP (not TCP or UDP) > > packet and therefore didn't handle it. Another thing I'm hoping to fix > > soon... https://github.com/yomimono/mirage-nat/issues/15 > > I built it using docker about 2 days ago. Will do the other things you > mentioned, report back when I know more :) Thanks! If that is the cause of the memory problem, it should be easy to fix anyway. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74503e3d-1fe3-4649-8a8d-fe2051adee64%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem with a Privacy Guide
> Hello qubes-team, > > I'm actually facing a problem with a guide of yours. I've used the > Privacy Guide "Tor Onion Repos" entering the following two commands: > > sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' > /etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo > > sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' > /etc/yum.repos.d/qubes-templates.repo && cat > /etc/yum.repos.d/qubes-templates.repo > > Now i cant resolve a connection to the update servers anymore, please > tell me the right commands to reset it. > > By the way, I could not enter the other two commands because the > following variables didnt exists on my new qubes r3.2 installation: > > $DebianTemplateVM > $FedoraTemplateVM > > Because I ran into all these problems, I would prefer to just set it > back. > Please tell me how to. You may simply use sed ("stream editor") the other way: syntax is sed -i 's/SEARCH/REPLACE/' So the first command reverted will contain sed -i 's/yum.qubesos4z6n4.onion/yum.qubes-os.org/' Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f91643e9-5b0b-c041-439c-78671224d7bb%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Problem with a Privacy Guide
Hello qubes-team, I'm actually facing a problem with a guide of yours. I've used the Privacy Guide "Tor Onion Repos" entering the following two commands: sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' /etc/yum.repos.d/qubes-dom0.repo && cat /etc/yum.repos.d/qubes-dom0.repo sudo sed -i 's/yum.qubes-os.org/yum.qubesos4z6n4.onion/' /etc/yum.repos.d/qubes-templates.repo && cat /etc/yum.repos.d/qubes-templates.repo Now i cant resolve a connection to the update servers anymore, please tell me the right commands to reset it. By the way, I could not enter the other two commands because the following variables didnt exists on my new qubes r3.2 installation: $DebianTemplateVM $FedoraTemplateVM Because I ran into all these problems, I would prefer to just set it back. Please tell me how to. Thanks. =) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/KcWy5ly--3-0%40keemail.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] off topic, made a group/list for general mobile privacy / security discussions
discussion about mobile privacy not specific to qubes-os come up often here, so i made a separate group for that. i like the web interface, and google is good at spam filtering. that said, i fully realize the irony of using google groups for this, and am open to moving the forum. you have to ask to join, but ill accept everyone whos posted in a qubes list or probably anyone whos email doesnt look like a spammer or criminal. id like to open this other langauges, but i only speak english, so i cant moderate other languages. please open other lists / forums for those. https://groups.google.com/forum/#!forum/mobileprivacy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/125cdd68-c0f2-460f-8f1d-441a34386f37%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.