[qubes-users] qubes 4 windows installation
Hi All i am trying to understand if someone succeeded to install win7/10 on qubes 4. R -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8571443-7082-4592-9318-cfae94ee4fe1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Detached LUKS header
On Monday, 1 January 2018 18:14:27 CET spi...@gmail.com wrote: > I did look at this link as I already said. > But the thing is that there are no info on how to install it > without using the GUI. if you get to the installer you can use alt-f1 to get to a native TTY. There are several of them and at least one is a bling bash which has root. Not sure how easy it is to use, but that may just be the entry point you were looking for. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6674491.ZHgf7Uu3eD%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How find out addresses to limit outgoing connections
On Saturday, 30 December 2017 04:55:59 CET Stumpy wrote: > In the end, I want to have say a VM for email, where the firewall blocks > everything but access to the email service, and do the same for my > "banking VM" or "bitcoin wallet vm" > > I'm at a bit of a loss so would be greatful for help. Using gmail in your browser is indeed quite difficult to allow specifically. Even using another protocol to a provider like google is practically speaking not possible. So I think you started on the hardest problem. Instead, if you were to use for instance kolabnow.com, you'd be able to limit your outgoing to just two hosts (imap.kolabnow.com and smtp.kolabnow.com) which is a short list of IP addresses. (I personally use 'dig' to find out all IP addresses of a DNS). Same with the Bitcoin wallet VM, you need to find out a series of trusted IP addresses and only allow outgoing connections from them, and likely no incoming connections at all. Those IPs would be someting from friends, or some you find on; https://bitnodes.earn.com/ But notice you need to then tell your bitcoin software to actually connect to those IPs and likely skip any DNS lookup. Hope that helps! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19704108.RhNjRlVOSx%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation security : Usb optical vs sata optical vs usb drive
On Tuesday, 2 January 2018 06:20:46 CET mmm...@gmail.com wrote: > So from the installation security guide I read the following: > And for USB Drive: > "Untrustworthy firmware. (Firmware can be malicious even if the drive is > new. Plugging a drive with rewritable firmware into a compromised machine > can also compromise the drive. Installing from a compromised drive could > compromise even a brand new Qubes installation.)" > > Do usb optical drives not also have the same problem firmware wise? The problem with USB is that its universal. An attacker can make his device look like its anything USB based. For intance a rarely used web-camera. The problem with that is that each brand has its own driver in the Linux Kernel and most of those drivers are hardly checked for exploits. As such, an innocent looking thing that connects on USB could root your kernel with unknown exploits in any usb driver shipped by the kernel. Just using a different firmware. This is why there is the suggestion to have a sys-usb qube to isolate those drivers, should you fear your hardware in future falling in the hands of bad people. > What about sata? I hope someone else can answer this. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12053226.DA0ORK4ZM7%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes 4 windows installation
On Tue, January 2, 2018 9:27 am, Roy Bernat wrote: > Hi All > > > i am trying to understand if someone succeeded to install win7/10 on > qubes 4. R Haven't tried a brand new install, but I restored to 4.0 a Win7 VM I had made on 3.2 and it booted right up. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0a408de7a8da97ee8470067b7104aa8.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.2 Split GPG with Claws mail client?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello. Does anybody know how to configure Claws mail client using Qubes' Split GPG? Would it be possible at all? Thanks, R. -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJaS4bOXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RDk5RjYwMjVBMjMwQTc0NjExNkJCOERD NEZDQzQwQjUwMTY1NDg1AAoJEMT8xAtQFlSFRoUP/0yDOtK86UKySAQUgzJHz6fF QYPJdhEv2q+iEe6YsnK6WICEiQJmUerkQI8ofd8Rto8awZosouLirhYzNRb5rr5I QIP6qD9EYTM+aOYudNPoZpPpoyzInX5r2g1Y0tOPUVCSKbNMNSahsIdGiZPZqX6Z uSgfnXUW9h0NhM1UDMc5QaGmvVH2mq854ohZH0K9u6TCVUWEjQXu7pZk870hbdyK NZ2nSQ0US6UaxmMNZjUV5cQRO8SiANWruTBHXsmZPkFf85uIi0YEQYg28L8QBSRF 75iXUcONFt5cXM08U0bbvziPoCq+9Eg8dOHVBy+aaH5qiQfPX5Ui+2czLuHCUvbV nzULnzK5hnKD0k2seLpEDAIU1f9Bd2onf6cLKzciZ5d6H/K53H4dofLwWVTkMFuS w1N/sYo8Df6ahuYb6A11hrNs2gYkZxPZmL/SSE80mCqZKcv+EcSuUGcSl/1lERSY Nm+FMar9O954tL2lge7Jx2jWGDMQV/+/+6yzNT0gQehnA1Gn9DRQZE4MsTOPW1zM a9uKDaNUO2+I1+uGr7HpzYhNt7mkPR2JcbFnHluWfI1w0u2VcTHNCGWpdzGlk3Gp yH+S3wfNKn6lEsT0sqAHt7BCzyV9dyzYM8+BVgYyLR/ZdAr+tXthUcQ/c/ioLzSW 9bardbg4rqkQvLLdPaOA =GOFk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180102131910.2f4f0627.robotico%40posteo.es. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to add Web-Shortcut to Menu of an AppVM
W dniu poniedziałek, 1 stycznia 2018 22:42:09 UTC+1 użytkownik [799] napisał: > Hello, > > > I would like to enter a new menu item to the Appmenu of a Fedora 25 based > AppVM. > The menu should contain a link to our corporate Mailserver (https:///owa). > > I have thereof installed "menulibre" (sudo yum -y install menulibre) and > created a new desktop entry under the Office Section, but it won't show up in > the qubes app menu. > I have synced the application within the applications Tab under VM Settings. > > I have also tried to manually add the desktop file: > > nano open-corporate-webmail.desktop > > [Desktop Entry] > Encoding=UTF-8 > Name=Open Corporate Webmail > Icon=my-icon > Type=Application > Categories=Office; > Exec=xdg-open https://example.com/owa/ > > Following the documentation about adding menu files I have run: > > xdg-desktop-menu install open-corporate-webmail.desktop > > Unfortunately both ways (menulibre and manual creation of desktop file) > didn't solve the task. > > ... Thereof the Question: > How can I add a web Shortcut to an application menu of an AppVM? > > Kind regards > > [799] You need to move the .desktop file to /usr/share applications in the TemplateVM upon which your AppVM depends and then run qvm-sync-appmenus in Dom0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/569e0acf-359c-40d4-b0bf-7b549d31d232%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes 4 windows installation
can you send me your prefs ? I succeeded to make it work but it is very unstable -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3262b8bc-6b36-4f7b-8048-0ae12f8dbb90%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes 4 windows installation
On Tue, January 2, 2018 3:59 pm, Roy Bernat wrote: > can you send me your prefs ? > > I succeeded to make it work but it is very unstable Haven't tested mine for stability on 4, just booted it once and shut it down. But my settings on 3.2 are 2048MB initial/max memory and 1 vCPU. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3676e3f69cd17459ea969c83fa3cda0c.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Disable root password on fedora-25-minimal (Qubes 4.0rc3)
As in https://github.com/QubesOS/qubes-issues/issues/3157, by default the fedora minimal template will ask for a password while trying to perform any action as root. The rationale behind this is that the "ask/don't ask for root" policy should be customizable by the user. ...But how? I tried editing the /etc/shadow file to remove the root password, with no success whatsoever. I basically would like my minimal template to behave like any other, that is, to have a passwordless root. Any help would be greatly appreciated! Thanks for your Time, Fab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9cfbdb37-f52f-4650-8c86-f1d2f98e0178%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] lenovo t400 will qubes work with lenovo's bios?
https://www.qubes-os.org/hcl/ Can you install qubes on a lenovo t400, which runs the lenovo bios? Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/N1M-l2ZksPADsv%40Safe-mail.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 3.2 not booting after successful installation
I am working with a Lenovo X1 Carbon 5th Generation with following settings Boot support enabled for UEFI/Legacy (Both) in BIOS VT-d = Enabled Secure Boot = Disabled The laptop has a pre-installed windows OS on it. I have installed Arch as multiboot and that is working. Then, I tried Qubes installation. I followed all the steps in Lenovo Thinkpad Troubleshooting Guide (https://www.qubes-os.org/doc/thinkpad-troubleshooting/) and successfully installed it. I did a manual partition and assigned following mount points during installation: /boot- Not Encrypted /boot/efi- Not Encrypted /var - Encrypted /home- Encrypted swap - Encrypted /- Encrypted Installation was successful. But, the grub menu still only shows Arch and Windows. I tried scanning the volumes to update grub from inside Arch but it could not find entries for Qubes (LVM issue??) However, BIOS bootloader menu has an entry for Qubes alongside with Arch and Windows. When I chose Qubes there, screen flickers and it returns to the Bootloader menu. It behaves as if that boot option didn't even work. I have tried going "Legacy" in boot removing UEFI support completely. Even that didn't work. All troubleshooting guides / multiboot guides start from editing grub entries. Since I can't even reach Qubes grub entries, I can't follow any of them. Any pointers, please? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc674dcc-ec6d-4488-89d3-215594445dd1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 3.2 not booting after successful installation
On Tuesday, January 2, 2018 at 1:42:32 PM UTC-5, Ashok Bommisetti wrote: > I am working with a Lenovo X1 Carbon 5th Generation with following settings > > Boot support enabled for UEFI/Legacy (Both) in BIOS > VT-d = Enabled > Secure Boot = Disabled > > The laptop has a pre-installed windows OS on it. I have installed Arch as > multiboot and that is working. > > Then, I tried Qubes installation. I followed all the steps in Lenovo Thinkpad > Troubleshooting Guide > (https://www.qubes-os.org/doc/thinkpad-troubleshooting/) and successfully > installed it. > > I did a manual partition and assigned following mount points during > installation: > /boot- Not Encrypted > /boot/efi- Not Encrypted > /var - Encrypted > /home- Encrypted > swap - Encrypted > /- Encrypted > > Installation was successful. > > But, the grub menu still only shows Arch and Windows. I tried scanning the > volumes to update grub from inside Arch but it could not find entries for > Qubes (LVM issue??) > > However, BIOS bootloader menu has an entry for Qubes alongside with Arch and > Windows. When I chose Qubes there, screen flickers and it returns to the > Bootloader menu. It behaves as if that boot option didn't even work. > > I have tried going "Legacy" in boot removing UEFI support completely. Even > that didn't work. All troubleshooting guides / multiboot guides start from > editing grub entries. Since I can't even reach Qubes grub entries, I can't > follow any of them. > > Any pointers, please? I'm sorry man i'm not on linux system right now for the exact file names. I believe you are using the arch grub yes? Basically boot into arch, go to the grub/grubd or /etc/grub.d directory. and in there I think is a custom_40 file? In that file you want to paste and append the lines found between the zen sections of the grub.cfg file from the boot partition on the hdd for Qubes. Just locate that file on the boot partition, I believe in grub2. copy evertyhing in the zen section and paste it into the 40_custom file on arch. Then update grub on arch and reboot. You will have to do this though everytime Qubes updates the kernel. which isn't often. Should be noted though that multibooting defeats the purpose of Qubes. So this would only be for testing purposes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/355575ad-bb5e-4be3-a40d-a0c10e54b191%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Fri, Dec 29, 2017 at 9:53 PM taii...@gmx.com wrote: > On 12/29/2017 10:28 PM, Wael M. Nasreddine wrote: > > > On Fri, Dec 29, 2017 at 3:06 PM taii...@gmx.com wrote: > > > >> Those dual 6386 are a good price I would get them if I was you, there > >> will always be plenty of buyers if you want to sell the second one. > >> > > Ok got the CPU and the cooler. > Man dual 6386, that is gonna be one speed demon :D lucky bastard! > It'll be awesome. > I'm struggling to find a good case. > If you have the money I would get a supermicro 4U case, they are nice > (one that comes with front drive trays preferably) > I couldn't find a Supermicro that's compatible with EEB, is E-ATX the same as EEB? It has the same dimensions, but I think it has different mounting screws right? > There > > are plenty of choice, and since this would be my first server case build, > > I'm not sure what to look for. For example, here's newegg search > > < > https://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=18044&IsNodeId=1&Description=4u%20case&bop=And&SrchInDesc=EEB&Page=1&PageSize=36&order=BESTMATCH > > > > for 4U cases having EEB keyword (no EEB filter offered), this case seems > > cheap enough > > https://www.newegg.com/Product/Product.aspx?Item=N82E16811219020 but has > > 80mm fans in the middle, not 120mm. I've seen a few cases with 120mm > > mid-fans but did not support EEB. Do you have a link for a case you work > > with? > My case is a shorter model 80mil in the back 120 for both front drive > bays no room for middle fans. > > That case seems fine, although can you tell me the price and shipping? I > can't see it as I browse with JS off. > That case is $86.99 free shipping. For the power supply, what do you think of this one https://www.newegg.com/Product/Product.aspx?Item=N82E16817338110 (sells for 119.99 + 4.99 shipping). Do you have an example for the power supply with modular cables? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CA%2BkKtKC3eWFxRv2App4sFLj25j-pcyiEkrWps88xgX5dc9RXLw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 3.2 GRUB menu not shown after boot
On Monday, January 1, 2018 at 9:48:30 PM UTC-5, Robert F. wrote: > Hello, > > Just installed Qubes 3.2 on a Lenovo ThinkPad Y700. > It tried about 4 times and the SSD hard drive where I installed was not seen > as UEFI bootable. I went to uefi troubleshoot page, followed the steps there > (add mabps, noexitboot on kernel lines) plus creating the /boot/efi/EFI/BOOT > folder and moving xen.cfg -> BOOTX64.cfg ,etc. > > Now, the hard drive where Qubes 3.2 is installed is seen as UEFI bootable and > selected, but when it boots it just hangs in a black screen, without showing > anything at all. The hard drive is LUCKS encrypted. I tried to press any key, > waited a reasonable about of time, nothing changes, it's just the black > screen. > > Thank you. You can use legacy boot with 3.2 if you have the option. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f2eb0ea-80ff-4800-9fc9-7ee2e2618e63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: In Q3.2 is there official advice to upgrade to Deb-9 ?
On Sunday, December 31, 2017 at 3:15:23 PM UTC-5, yre...@riseup.net wrote: > Maybe I missed something , is there some reason to or not to upgrade to > Deb-9 , I hardly use Deb 8 as it is , but I do use Whonix . > > I vaguely recall some reason not to, but do see it in the official docs, > how to .. oh didn't realize 9 is stable release now. I'll prolly update mine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c0674f1-ad0e-4cf6-9e5b-46c1d583fff6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Duplicate MAC address error
On Sunday, December 31, 2017 at 10:13:49 AM UTC-5, qubes-us...@ralphdouglass.com wrote: > On Tuesday, December 26, 2017 at 10:30:45 AM UTC-5, Kushal Das wrote: > > On Tue, Dec 26, 2017 at 8:18 PM, cooloutac wrote: > > > > > > wonder if your system runs low on ram? Could also try using system > > > without iommu and see if it still happens. > > > > > I have 32GB here on a T470. I hope that is okay :) > > > > Kushal > > -- > > Staff, Freedom of the Press Foundation > > CPython Core Developer > > Director, Python Software Foundation > > https://kushaldas.in > > I can recreate this error message consistently while running the latest R4 > rc3. > > Inside of sys-net, just shut down the vm from the inside (e.g. sudo reboot) > > Afterwards sys-net fails to start: > > $ qvm-start sys-net > Start failed: invalid argument: network device with mac XX:XX:XX:XX:XX:XX > already exists > > To get back in a good state without rebooting the entire machine, I have to > shut down (or kill) all dependent vms (AppVMs talking to my firewall-vm and > my firewall vm). Then I can start sys-net again, followed by my firewall vm, > followed by my regular app vms. > > I've managed to trigger this on two Lenovo laptops and one Dell laptop so > far, all of which are running R4rc3. > > I'm pretty new to QubesOS and haven't figured out how to dig through the > innards well enough yet to find anything useful. afaik, You can't shut down sys-net if other vms using it are running. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a152401-9275-4f68-af7a-a7903d5b5202%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Touchscreen not working on Qubes 3.2
On Saturday, December 30, 2017 at 4:24:20 AM UTC-5, Vít Šesták wrote: > While both mouse and touchscreen have some similarities (both are pointing > devices), there are also some important differences: > > First, mouse reports relative movements, while touchscreen reports absolute > positions of touch. > Second, mouse reports two different types of events (movement and clicks*), > while touchscreen reports just touches. > Third, touchscreen might report multiple pointers. > > For those reasons, touchscreen needs a different proxy, which is not > implemented yet. > > Regards, > Vít Šesták 'v6ak' > > *) Scrolling is AFAIK a specific type of button. I see, only time this happened to me was an older baremetal fedora release with lxde on an old laptop, I had to add entries to xorg file. So in this case only solution is not use a sys-usb? Or just not use touchscreen I guess... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc194b1d-63c4-406b-afa4-ad411c51ff79%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disable root password on fedora-25-minimal (Qubes 4.0rc3)
On Tuesday, 2 January 2018 18:26:27 CET Fabrizio Romano Genovese wrote: > ...But how? The naming is confusing as the root password is not really removed at all. What happens is that a service called 'sudo' is configured to allow you to do anything without a password. Make sure you have this content at /etc/sudoers.d/qubes) https://www.qubes-os.org/doc/vm-sudo/ also I suggest double checking that sudo is actually installed. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1593640.XvPIAPtHh8%40cherry. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: lenovo t400 will qubes work with lenovo's bios?
I'm running a Lenovo T420 with Qubes 4.0 RC3, and it's working fantastically. Qubes HCL Report says hvm, I/O MMU, HAP/SLAT, TPM, and Remapping all working. Sometimes it will report differently, but that's due to an incomplete xl dmesg. Not sure why it's incomplete, but everything is working fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/817f59f7-4048-4f93-b1a5-9ef4ed5f534b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Duplicate MAC address error
On Tue, Jan 2, 2018 at 2:06 PM, cooloutac wrote: > On Sunday, December 31, 2017 at 10:13:49 AM UTC-5, > qubes-us...@ralphdouglass.com wrote: > > On Tuesday, December 26, 2017 at 10:30:45 AM UTC-5, Kushal Das wrote: > > > On Tue, Dec 26, 2017 at 8:18 PM, cooloutac wrote: > > > > > > > > wonder if your system runs low on ram? Could also try using system > without iommu and see if it still happens. > > > > > > > I have 32GB here on a T470. I hope that is okay :) > > > > > > Kushal > > > -- > > > Staff, Freedom of the Press Foundation > > > CPython Core Developer > > > Director, Python Software Foundation > > > https://kushaldas.in > > > > I can recreate this error message consistently while running the latest > R4 rc3. > > > > Inside of sys-net, just shut down the vm from the inside (e.g. sudo > reboot) > > > > Afterwards sys-net fails to start: > > > > $ qvm-start sys-net > > Start failed: invalid argument: network device with mac > XX:XX:XX:XX:XX:XX already exists > > > > To get back in a good state without rebooting the entire machine, I have > to shut down (or kill) all dependent vms (AppVMs talking to my firewall-vm > and my firewall vm). Then I can start sys-net again, followed by my > firewall vm, followed by my regular app vms. > > > > I've managed to trigger this on two Lenovo laptops and one Dell laptop > so far, all of which are running R4rc3. > > > > I'm pretty new to QubesOS and haven't figured out how to dig through the > innards well enough yet to find anything useful. > > afaik, You can't shut down sys-net if other vms using it are running. > Correct. You need to shut down or kill all dependent vms (as mentioned in my email already). It's still better than rebooting one's entire machine, but obviously not ideal. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/5a152401-9275-4f68-af7a-a7903d5b5202%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CALByh%2BekS-CCxPYw298Y6yFfBmtEVgEg%3D9AknarvbSTvaYpc5g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disable root password on fedora-25-minimal (Qubes 4.0rc3)
On Tue, Jan 02, 2018 at 08:16:49PM +0100, 'Tom Zander' via qubes-users wrote: > On Tuesday, 2 January 2018 18:26:27 CET Fabrizio Romano Genovese wrote: > > ...But how? > > The naming is confusing as the root password is not really removed at all. > What happens is that a service called 'sudo' is configured to allow you to > do anything without a password. > > Make sure you have this content at /etc/sudoers.d/qubes) > > https://www.qubes-os.org/doc/vm-sudo/ > > also I suggest double checking that sudo is actually installed. > To install sudo you will, of course need root. You can either use the method Marek details on that page, or use 'sudo xl console 'from dom0 to get root access. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180102201012.kgdzs2q2gdshjtpw%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disable root password on fedora-25-minimal (Qubes 4.0rc3)
Hello all, Thanks for the replies! I have already installed sudo just doing qvm-run -u root fedora-25-minimal xterm as Marek suggested, and then installing sudo as I usually do via dnf. The problem is that now sudo asks for the root password anyway. If for instance I give sudo dnf update on a "standard" terminal shell, I will be prompted for a password. I already checked at https://www.qubes-os.org/doc/vm-sudo/ What I don't have there is the file and /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla. Should I add it? Cheers, Fab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa8ea166-ad10-412a-9a66-6d6a34037c01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Duplicate MAC address error
On Tue, Jan 02, 2018 at 02:59:55PM -0500, Ralph Douglass wrote: > On Tue, Jan 2, 2018 at 2:06 PM, cooloutac wrote: > > > On Sunday, December 31, 2017 at 10:13:49 AM UTC-5, > > qubes-us...@ralphdouglass.com wrote: > > > On Tuesday, December 26, 2017 at 10:30:45 AM UTC-5, Kushal Das wrote: > > > > On Tue, Dec 26, 2017 at 8:18 PM, cooloutac wrote: > > > > > > > > > > wonder if your system runs low on ram? Could also try using system > > without iommu and see if it still happens. > > > > > > > > > I have 32GB here on a T470. I hope that is okay :) > > > > > > > > Kushal > > > > -- > > > > Staff, Freedom of the Press Foundation > > > > CPython Core Developer > > > > Director, Python Software Foundation > > > > https://kushaldas.in > > > > > > I can recreate this error message consistently while running the latest > > R4 rc3. > > > > > > Inside of sys-net, just shut down the vm from the inside (e.g. sudo > > reboot) > > > > > > Afterwards sys-net fails to start: > > > > > > $ qvm-start sys-net > > > Start failed: invalid argument: network device with mac > > XX:XX:XX:XX:XX:XX already exists > > > > > > To get back in a good state without rebooting the entire machine, I have > > to shut down (or kill) all dependent vms (AppVMs talking to my firewall-vm > > and my firewall vm). Then I can start sys-net again, followed by my > > firewall vm, followed by my regular app vms. > > > > > > I've managed to trigger this on two Lenovo laptops and one Dell laptop > > so far, all of which are running R4rc3. > > > > > > I'm pretty new to QubesOS and haven't figured out how to dig through the > > innards well enough yet to find anything useful. > > > > afaik, You can't shut down sys-net if other vms using it are running. > > > > Correct. You need to shut down or kill all dependent vms (as mentioned in > my email already). It's still better than rebooting one's entire machine, > but obviously not ideal. > The point is that you shouldn't be bringing down a qube when it has other qubes using it as a netvm. Sometimes (and I stress sometimes) you can recover from this by changing the netvm of child qubes , restarting sys-net and then reattaching the children. If you have sys-firewall, then changing netvms of children to something else, killing sys-firewall, restarting sys-net, restarting sys-firewall and then reattaching children will work. Somewhat better than shutting down all dependent qubes. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180102223630.ogg5hpluhkmekxnb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disable root password on fedora-25-minimal (Qubes 4.0rc3)
On Tue, Jan 02, 2018 at 12:51:53PM -0800, Fabrizio Romano Genovese wrote: > Hello all, > > Thanks for the replies! I have already installed sudo just doing > > qvm-run -u root fedora-25-minimal xterm > > as Marek suggested, and then installing sudo as I usually do via dnf. The > problem is that now sudo asks for the root password anyway. If for instance I > give > > sudo dnf update > > on a "standard" terminal shell, I will be prompted for a password. > > I already checked at > > https://www.qubes-os.org/doc/vm-sudo/ > > What I don't have there is the file and > /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla. Should I add it? > > Cheers, > Fab > Yes, if you want to maintain your minimal status you can manually add/edit those files. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180102223814.m4qbok5qddllws2j%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] cannot remove/create VM exists and doesn't exist
Den mandag den 1. januar 2018 kl. 14.44.10 UTC+1 skrev Lorenzo Guerra: > Mine is just a guess: have you tried with something like 'virsh -c xen:/// > undefine win7' and then, if some references to your vm remains in qubes.xml > or the Application menus, manually remove them? Great guess. undefine works perfectly, thank you Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88569a8a-30c4-4dff-a0b5-6fe3da38c06b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] cannot remove/create VM exists and doesn't exist
Den mandag den 1. januar 2018 kl. 14.47.04 UTC+1 skrev awokd: > On Mon, January 1, 2018 1:44 pm, Lorenzo Guerra wrote: > > Mine is just a guess: have you tried with something like 'virsh -c > > xen:/// undefine win7' and then, if some references to your vm remains in > > qubes.xml or the Application menus, manually remove them? > > Sounds like that worked for Max. "Destroy" doesn't also undefine? Nope. Destroy didn't work. I tried that first, thank you Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a10dedc0-fc09-47e9-be98-d9952382f855%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation security : Usb optical vs sata optical vs usb drive
On Mon, Jan 01, 2018 at 09:20:46PM -0800, mmm...@gmail.com wrote: > So from the installation security guide I read the following: > "Use a USB optical drive. > Attach a SATA optical drive to a secondary SATA controller, then assign this > secondary SATA controller to an AppVM." > > And for USB Drive: > "Untrustworthy firmware. (Firmware can be malicious even if the drive is new. > Plugging a drive with rewritable firmware into a compromised machine can also > compromise the drive. Installing from a compromised drive could compromise > even a brand new Qubes installation.)" > > Do usb optical drives not also have the same problem firmware wise? > > What about sata? > I remember some years back playing with WD hard drives, and reflashing the firmware: it was possible to effectively engineer an exploit that could spread across disks, and infect hosts. We spent a little time working on the controllers, before we realised the obvious - that by that stage the game was already lost. If you were inside the box you had control anyway. The principal risk in USB is exactly it's versatility and accessibility. (I don't include eSATA and eSATAp here.) So Yes, USB optical drives carry the same risks identified under the USB drive heading.And it Is possible to attack SATA controllers, but far less likely than for USB. And frankly, you have to trust *something*. When you come to install Qubes, you are trusting that your hardware isn't already backdoored, as made clear in the first para. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180102232047.cjoguybtznzkqmi3%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] all windows in VM just disappeared
I have a problem which I would like to resolve (or at least recover from) rather than just working around by killing the vm and restarting it. Sometimes all windows of a guest just disappear. So far what I had done in such case was running qvm-start-gui in dom0. This sometimes works but in this case it briefly flashes the windows on the screen and then they disappear again. In the past I had sometimes seen this in an out of memory situation where it seems xorg got killed, but in this case I can't find anything like that in the journalctl of the guest. checking with 'ps -auxw | qubes' I see that qubes-gui is still running, as is Xorg and xinit. ~/.xsession-errors had nothing noteworthy and /var/log/Xorg* don't exist in guest. Trying to launch another gui app from the start menu, nothing seems to happen. it's a fedora-26 template. I'm wondering if there is any other mechanism by which I could relaunch the gui, reconnect to the display to avoid losing work when this happens. Any help appreciated -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/63efc25b-b7f0-43c5-c3a4-0f193f0fb069%40autistici.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Help verifying install files: how to verify the Release 3 Signing Key?
On Mon, Jan 01, 2018 at 08:44:22AM -0800, Kyle Breneman wrote: > I have successfully verified the fingerprint for the Qubes Master Signing > Key. I have verified the Release 3 ISO signature using the Qubes Release 3 > Signing Key. How do I verify that the Release 3 signing key is good? Do I > somehow use the Qubes Master Signing Key to verify the authenticity of the > Release 3 Signing Key? If so, please explain how to do this with gpg4win? > Thanks! > In gpg4win you can do this by importing the certificates in kleopatra. Then double-click on the R3 certificate to see the certificate details. Go to the User-IDs and Certifications tab, click on "Obtain authentications" and you should see that the R3 certificate is signed by the Master Signing Key(certificate). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180103012404.umsmogthcdo6qtsy%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Running rkt containers directly on zen?
On Mon, Jan 01, 2018 at 01:40:00PM +, Naja Melan wrote: > Hi, > > While searching on the internet I stumbled onto this: > > https://github.com/rkt/stage1-xen > > Would this work on qubes? Anyone already doing it? > > Also found some stuff about rumprun unikernels allowing directly running any > posix app on xen. It seems awfully quiet about such initiatives, which > puzzles me because surely being able to run applications in total isolation > without the overhead (memory, disk, cpu) of a full linux install is very > interesting for something like qubes right? > > What is the current state of affairs? > > Naja Melan > There's actually been some discussion on unikernels for at least the last 2 years, both in qubes-users and qubes-devel. Thomas Leonard has implemented a minimal sys-firewall as a MirageOS-based unikernel: - http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ - https://github.com/talex5/qubes-mirage-firewall and recently, (19/12/2017) announced v 0.4 on this list -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180103013411.xrqa3f5dkdjyusag%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to add Web-Shortcut to Menu of an AppVM
On Tue, Jan 02, 2018 at 06:49:35AM -0800, Yethal wrote: > W dniu poniedziałek, 1 stycznia 2018 22:42:09 UTC+1 użytkownik [799] napisał: > > Hello, > > > > > > I would like to enter a new menu item to the Appmenu of a Fedora 25 based > > AppVM. > > The menu should contain a link to our corporate Mailserver (https:///owa). > > > > I have thereof installed "menulibre" (sudo yum -y install menulibre) and > > created a new desktop entry under the Office Section, but it won't show up > > in the qubes app menu. > > I have synced the application within the applications Tab under VM Settings. > > > > I have also tried to manually add the desktop file: > > > > nano open-corporate-webmail.desktop > > > > [Desktop Entry] > > Encoding=UTF-8 > > Name=Open Corporate Webmail > > Icon=my-icon > > Type=Application > > Categories=Office; > > Exec=xdg-open https://example.com/owa/ > > > > Following the documentation about adding menu files I have run: > > > > xdg-desktop-menu install open-corporate-webmail.desktop > > > > Unfortunately both ways (menulibre and manual creation of desktop file) > > didn't solve the task. > > > > ... Thereof the Question: > > How can I add a web Shortcut to an application menu of an AppVM? > > > > Kind regards > > > > [799] > > You need to move the .desktop file to /usr/share applications in the > TemplateVM upon which your AppVM depends and then run qvm-sync-appmenus in > Dom0 > Alternatively, as the link is only needed in one qube, create a custom Menu entry. Remember that you can use qvm-run in dom0 to launch applications in appVMs. So you can create a simple .desktop file which will run the command in the required qube, using either qubes-desktop-run or qvm-run. (HINT - open a terminal in the qube and find out what command you need to run to start the application. Then try that command in dom0 using qvm-run. THEN edit the desktop file to use that command.) Then just write a custom menu entry calling that desktop file. Webmail custom.desktop unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180103014918.izuudmeb2gavoz4p%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.