Re: [qubes-users] fedora-28 upgrade to fedora-29 messes up the wireless network icon
On 1/12/19 9:11 AM, max via qubes-users wrote: > Hi everyone, > > After upgrading my fedora appVM's to use the fedora-29 template instead of > fedora-28, sys-net icon is weird looking. When the network starts, the > circular drawing is only creating red color and not deleting it, smudging > the icon out so you can hardly see how good your connection is, or if the > connection is broken/unreachable. > > fedora-28 > https://www.dropbox.com/s/0m8gx9v2qt0t8ay/networkicon-1.png?dl=0 > > fedora-29 > https://www.dropbox.com/s/xf1k1avfuono03x/networkicon-2.png?dl=0 > > Anyone know of a fix? I'm looking at the fedora sites, but haven't found > anything yet. I have the same problem - looks like a problem with refresh and transparent background. For info that issue is tracked at https://github.com/QubesOS/qubes-issues/issues/4701 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1bf5e0a1-99f4-7dee-a086-f8aa67e1f5d8%40maa.bz. For more options, visit https://groups.google.com/d/optout.
[qubes-users] fedora-28 upgrade to fedora-29 messes up the wireless network icon
Hi everyone, After upgrading my fedora appVM's to use the fedora-29 template instead of fedora-28, sys-net icon is weird looking. When the network starts, the circular drawing is only creating red color and not deleting it, smudging the icon out so you can hardly see how good your connection is, or if the connection is broken/unreachable. fedora-28 https://www.dropbox.com/s/0m8gx9v2qt0t8ay/networkicon-1.png?dl=0 fedora-29 https://www.dropbox.com/s/xf1k1avfuono03x/networkicon-2.png?dl=0 Anyone know of a fix? I'm looking at the fedora sites, but haven't found anything yet. Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/137fd59c-1f47-42bf-9f8c-31a4731db634%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-29-minimal sys-net/firewall problem
Hi Rumsey, On 1/12/19 7:59 AM, rumsey.anth...@gmail.com wrote: > Thanks to Ivan, I figured it out (with a bit of luck). > > After comparing packages in his working template to my own, I first tried to > install: > > dbus-glib > ipcalc > iproute > iproute-tc > iputils > > That fixed it as far as I can tell. I now have a working sys-net and > sys-firewall with the fedora-29-minimal template. I'm assuming the ip* > packages were the key, but I don't really have any idea. Happy you figured it out. I'd bet that the missing package was iproute, but it could also be dbus-glib (if I'm not mistaken NetworkManager uses dbus, that could be the issue); If I have some time later today I'll try to remove those packages from my working template and see what happens. By the way, you can find info about packages with eg. `dnf info iproute`. If the package is installed, `rpm -qi iproute` will be much faster than dnf. You can also get a list of installed file with `rpm -ql iproute` (I usually do `rpm -ql package | grep bin`) Re- your previous email, I wouldn't have expected that there would be so many packages added in my template. I used a fedora-26-minimal and added only a few packages [1]. But maybe I didn't pay attention to all the dependencies that were pulled. [1] https://github.com/Qubes-Community/Contents/tree/master/docs/user-setups/taradiddles#fedora-minimal -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9832cb29-ce88-3633-d27e-eb4b4d52754c%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-29-minimal sys-net/firewall problem
Thanks to Ivan, I figured it out (with a bit of luck). After comparing packages in his working template to my own, I first tried to install: dbus-glib ipcalc iproute iproute-tc iputils That fixed it as far as I can tell. I now have a working sys-net and sys-firewall with the fedora-29-minimal template. I'm assuming the ip* packages were the key, but I don't really have any idea. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42665bc4-0ec5-4ded-9010-0c5fcf8173f8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-29-minimal sys-net/firewall problem
On Friday, January 11, 2019 at 7:49:36 PM UTC, Ivan Mitev wrote: > Not sure it'll help but here's a git below with a list of the rpms > installed in the templateVM of my sys-{net,firewall} vms so you can > compare and check if you're missing something; the templateVM is a > minimal fedora install but unlike yours its initial version was f26, > upgraded to f28 and then to f29. > > https://gist.github.com/taradiddles/7db0970d464a5129213c3626c69fb1a3 > > a crude way to generate such list in your templateVM: > > rpm -qa | sort | sed -e 's/-[0-9\.-].*//' > allrpms > > and then find differences: > > grep -xvf list_rpms_f29-1.txt allrpms > > (there will be a few packages that I have installed that are not needed > for networking, eg. keepassxc, rsync, encfs, ...). Thanks for that. I compared your rpm file to what I have in my fedora-29-minimal clone for sys-net and sys-firewall, and the following packages are the ones that you have in your working template which I do not have in my non-working template: aajohan-comfortaa-fonts abattis-cantarell-fonts adwaita-gtk2-theme alsa-lib annobin atlas avahi-glib bc binutils boost-iostreams boost-random boost-system boost-thread brotli bubblewrap busybox bzip2 bzip2-libs cdparanoia-libs cpp cryptsetup curl dbus-glib dejavu-sans-mono-fonts device-mapper-multipath device-mapper-multipath-libs dkms dosfstools dwz efi-srpm-macros elfutils-libelf-devel elfutils-libs enca exempi exiv2 exiv2-libs fedora-logos fedora-obsolete-packages flac-libs fpc-srpm-macros fuse fuse-common fuse-encfs gcc gcc-c++ gdisk GeoIP GeoIP-GeoLite-data geolite2-city geolite2-country ghc-srpm-macros ghostscript ghostscript-core ghostscript-fonts ghostscript-tools-fonts ghostscript-tools-printing giflib glibc-devel glibc-headers glx-utils gmime gmime30 gnat-srpm-macros gnome-autoar gnome-desktop3 gnome-themes-extra go-srpm-macros google-noto-emoji-color-fonts gpg-pubkey gpg-pubkey groff-base grub2-pc grub2-pc-modules grub2-tools-efi grub2-tools-extra gstreamer1 gstreamer1-plugins-base gtk2 gvfs gvfs-client ipcalc iproute iproute-tc iputils isl iso-codes iw iwl7260-firmware keepassxc kernel kernel kernel kernel-core kernel-core kernel-core kernel-devel kernel-devel kernel-devel kernel-headers kernel-modules kernel-modules kernel-modules libaio libatasmart libblockdev libblockdev-crypto libblockdev-fs libblockdev-loop libblockdev-mdraid libblockdev-part libblockdev-swap libblockdev-utils libbluray libbytesize libcdio libcdio-paranoia libcue libcurl libexif libgexiv2 libglvnd-gles libgrss libgsf libgxps libicu libimobiledevice libiptcdata libmetalink libmodulemd libmpc libnsl libogg libosinfo libplist libquvi libquvi-scripts librados2 libsodium libssh libstdc++-devel libtheora libudisks2 libusbmuxd libvisual libvorbis libxcrypt-devel libXfont libxkbcommon-x11 libxslt libXv libyubikey linux-atm-libs linux-firmware llvm-libs lttng-ust lua lua-expat lua-json lua-lpeg lua-socket lzo mdadm mesa-dri-drivers mesa-filesystem nautilus nautilus-extensions nautilus-python netconsole-service network-scripts nim-srpm-macros nspr nss nss-pem nss-softokn nss-softokn-freebl nss-sysinit nss-tools nss-util ntfs ntfsprogs ocaml-srpm-macros openblas-srpm-macros opus orc osinfo-db osinfo-db-tools parted pcre2 pcre2-utf16 perl perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-Attribute-Handlers perl-autodie perl-B-Debug perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Zlib perl-Config-Perl-V perl-constant perl-CPAN perl-CPAN-Meta perl-CPAN-Meta-Requirements perl-CPAN-Meta-YAML perl-Data-Dumper perl-Data-OptList perl-Data-Section perl-DB_File perl-devel perl-Devel-Peek perl-Devel-PPPort perl-Devel-SelfStubber perl-Devel-Size perl-Digest perl-Digest-MD5 perl-Digest-SHA perl-Encode perl-Encode-devel perl-Encode-Locale perl-encoding perl-Env perl-Errno perl-experimental perl-Exporter perl-ExtUtils-CBuilder perl-ExtUtils-Command perl-ExtUtils-Embed perl-ExtUtils-Install perl-ExtUtils-MakeMaker perl-ExtUtils-Manifest perl-ExtUtils-Miniperl perl-ExtUtils-MM-Utils perl-ExtUtils-ParseXS perl-File-Fetch perl-File-HomeDir perl-File-Path perl-File-Temp perl-File-Which perl-Filter perl-Filter-Simple perl-Getopt-Long perl-HTTP-Tiny perl-inc-latest perl-interpreter perl-IO perl-IO-Compress perl-IO-Socket-IP perl-IO-Socket-SSL perl-IO-Zlib perl-IPC-Cmd perl-IPC-System-Simple perl-IPC-SysV perl-JSON-PP perl-libnet perl-libnetcfg perl-libs perl-local-lib perl-Locale-Codes perl-Locale-Maketext perl-Locale-Maketext-Simple perl-macros perl-Math-BigInt perl-Math-BigInt-FastCalc perl-Math-BigRat perl-Math-Complex perl-Memoize perl-MIME-Base64 perl-Module-Build perl-Module-CoreList perl-Module-CoreList-tools perl-Module-Load perl-Module-Load-Conditional perl-Module-Loaded perl-Module-Metadata perl-Mozilla-CA perl-MRO-Compat perl-Net-Ping perl-Net-SSLeay perl-open perl-Package-Generator perl-Params-Check perl-Params-Util perl-parent perl-PathTools perl-Perl-OSType perl-perlfaq
Re: [qubes-users] g505s BIOS settings for installing 4.0.1
I found a more recent BIOS version. I'll try updating and report back. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cae775a2-fd80-4929-9e6a-dc9fc1cd1d98%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Smart cards, split GPG, and timing attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jan 08, 2019 at 01:15:39AM +, 'awokd' via qubes-users wrote: > Demi Obenour wrote on 1/7/19 3:16 PM: > > Looking through the GPG CVE list, it appears that GPG has a fantastic > > security record. This seems to jus Most of the recent vulnerabilities have > > been side-channel attacks. > > > > Is it useful to use split-GPG with a hardware token to prevent side-channel > > attacks? > > I am far from a cryptographer, but IIRC those side channel attacks get the > key by observing decryption leaks. So a hardware token wouldn't affect that > either way, because once the key is unlocked it still gets processed the > same. Not really, if key lives on a hardware token, only it can perform decryption/signing. So, if that hardware token is resistant against side channel attacks, then split-GPG (or anything else) will not make it worse. > > Also, is it best to use one signing key per project one is working on? > > > Again, not a crypto expert but if you're using the same development workflow > for all projects, don't see much security gain from separate keys. If some > demand a different, potentially less secure workflow, those might benefit > from subkeys. Hopefully someone experienced has more insight! There is one more thing: if you use a single key for multiple projects, then it's harder to distinguish those projects based on cryptographic proof. Which means code signed in one project could potentially be used in another. An example: I have a qubes code signing key I use to sign my qubes-related commits/tags. But I also contribute to other projects, including also very simple patches, where I only fix one file and definitely not review the whole repository. If I would use the same key for both, then one could attack me like this: 1. Introduce a backdoor to some random software that I would likely contribute to (or even create new one specifically for this purpose). 2. Wait for me to contribute there (all kind of social engineering will help here). 3. Take my signed contribution and pretend the code belongs to qubes - this may is quite tricky, and probably require breaking into my github account (or github infrastructure) to place it under my (or QubesOS) account; but even without it, it would help in other attacks. With separate keys (having project name in key comment) that attack wouldn't work, or would require significantly more social engineering - depending whether you attack a machine or a human. You may also take into account security of development environment for each project. If one depends on a lot of software without reliable integrity verification method (or, say, a lot of NodeJS package ;) ), then such environment would be significantly easier to compromise, and so the key used there (even if not leaked, then used from there to sign/decrypt anything). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlw5PaQACgkQ24/THMrX 1yyotggAj6mbhIApmFSsajZ/Zjk1Lt49Lgnba5TXQDHgODwGp+i4QG3JqKVgHTma QXvoTKsMZohuABe6wWiTxT/DvJJjUzpHAOEnj/XAzGm6mm8kJqZ/hih2pq7T7+qn Oe+zOdLNPdS4olmLy/igw/V+CtjNhuWYKsSM7mCzSpRRIPGuG4IvhEX+WyHFDt6u rMpCL2nNqRHcMo+Qve7/5e2IPnWFZPjDVsaeTiHpaAlFfzDVLUyg2qxGxamezuLo fH6ZvUd1UOHntUCYWjeD7JpY05Y8P0dAPRsRlcW28eAKAeUy9cepQlLJeafRdYCo b5e0pWhYe/DqZxMJKzVuSnJy2OpBeA== =j4nW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190112010644.GB6577%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB 3.0 to Ethernet adapter with QubesOS possible?
gone wrote on 1/11/19 9:01 PM: Hello, I've tried to use different USB to Ethernet adapters with QubesOS but without success. Is there a chance to make them usable? I've seen some have been successful. Where is it not working? Have you checked sys-usb's "ip addr" and journalctl after plugging one in? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5aa01f54-9d38-d093-3b0b-8c2c5b8cbf4b%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt orchestration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jan 07, 2019 at 12:20:31PM -0500, Brian C. Duggan wrote: > On 1/4/19 3:08 PM, Brian C. Duggan wrote: > > 2. Salt should ensure that service VMs are running before Salt applies > > states to their client VMs. For example, I have a service VM that > > exports gpg-agent's SSH socket through Qrexec. This VM needs to be > > running so that the client VM can clone git repos using keys on the > > serivce VM. > > > > I did some more testing. Of course, Qubes starts halted VMs when another > VM makes a Qrexec RPC call to it. The calling process on the client VM > will block until the service VM starts and the RPC call returns. So this > isn't really a valid use case for orchestration. > > At first, I thought the SSH authentication attempts failed because the > service VM wasn't started yet. After more testing, I can see that the > systemd socket service just doesn't work at the stage during initial > boot that Salt runs. The socket file exists at this stage, though. SSH > authentication succeeds during subsequent Salt runs after the VM is booted. > > But I've also noticed that sometimes a new app VM's grain ID is still > the template's ID when Salt processes templates. That shouldn't happen in theory... Can you give more details, especially which templates, and qubes* packages version? Additionally, even if grain['id'] doesn't match, target VM will get access to other's VM pillar data - it's enforced when copying pillar data out of dom0. > This can be a problem > when both dom0 and app VMs need the same pillar data: > > pillar/app/client-vm-1.sls: > app: > client-vm-1: > server-name: server-vm-1 > > pillar/app/client-vm-2.sls: > app: > client-vm-2: > server-name: server-vm-1 > > pillar/top.sls: > base: > dom0,client-vm-1: > - match: list > - app.client-vm-1 > dom0,client-vm-2: > - match: list > - app.client-vm-2 > > dom0 needs the combined app data to set RPC policies between the clients > and their servers. The clients need their own data to configure which > service VM to send their RPC to. It's convenient for clients to find it > through pillar['app'][grains['id']]. Maybe there's a better way of > constructing this pillar data? The fact that you'll see only the right pillar data, regardless of grains['id'] may help you. You can iterate over 'app' dict and use whatever you find there, regardless of the first key name level. It will complicate your configuration, but until proper solution is found, it should work. > Is there a way to delay Salt execution on VMs until they are fully booted? By default it's delayed until qrexec-agent is started, which should be after essential services. If you want, you may: 1. Add a state waiting for user session and order other things after it. This won't help with grains and such things, as salt load them before considering states, but may help with some states, if are dependent on running X server for example. For this, add this: /etc/qubes-rpc/qubes.WaitForSession: cmd.run: - runas: user 2. Configure qubes.VMRootShell qrexec service in a VM (used by salt) to wait for user session. This will affect the whole salt call for that VM. But also means it will wait indefinitely if no user session is started at all (for example you're logged out of dom0). For this create /etc/qubes/rpc-config/qubes.VMRootShell in the template with "wait-for-session=1" inside. > For the curious, I'm using a Salt formula to set up access to gpg-agent > on a service VM from client VMs through Qrexec: > > https://gitlab.com/bcduggan/qrexec-gpg-agent-formula One MAJOR problem with giving unfiltered access to gpg-agent is that, client can request gpg-agent to export secret keys. Which defeat the whole purpose of keeping secret keys in separate qube - that client have no access to its secret part. You may want to look at https://github.com/hw42/qubes-app-linux-split-gpg2/ I think this problem does not apply to ssh-agent protocol, which AFAIK does not allow client to extract secret keys. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlw5N7kACgkQ24/THMrX 1yzQPwf+I1+7XjklLKxfGUVG1mBMWUdsvv5WOchp4uhWJeNpZVlavCLZNj0S09IL T5kGdw0/oM78LDnFRPlAEXRp/w/r2pg1Q0aA/dG7iyQsMWdzqYl/uAdNEpx2ML+h 6T7pRrTCBMUrxAub5rJq3xpGPgfwA9JwCDrR8h4xVC55grUuvMOuR5PH/A1ksbg8 c/RfU/GeTGPjjisEAyYARSM29BT098BD3IcZjaMe1X2jnaQkdZYJnf6nDZ+qMR7t Thy21mn45BPVcM1TF1012waXimlz9utVI3zytUKDZHURQtfWwTzKB3UOwmOH7460 u2qWHMnEOURbzGBUcp2oiXiG3JEFSA== =DMM5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to
Re: [qubes-users] VPN for Linux Dummies
On Monday, December 17, 2018 at 9:16:38 PM UTC, Chris Laprise wrote: > On 12/17/2018 03:09 PM, stefanneuhaus2...@gmail.com wrote: > > With Qubes 4.0 i got stuck with VPN (NordVPN) installation because i have > > only basic knowledge of linux. > > > > I found a lot of info, but most relevant are these from the Qubes Github: > > > > https://github.com/tasket/Qubes-vpn-support > > https://github.com/tasket/qubes-tunnel > > https://github.com/tasket/qubes-doc/blob/tunnel/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-the-qubes-tunnel-service > > > > I was successful in setting up an appvm with vpn-handler-openvpn > > I installed qubes-tunnel.git in fedora template > > I copied the region relevant but general nordvpn config files from > > https://nordvpn.com/de/ovpn/ to /rw/config/vpn ... > > > > But i got stuck, with a lot of questions on these different instructions. > > What is the qubes-vpn-support folder? How to enter the login and passwort > > for testing the connection to nordvpn? Is the vpn tunnel necessary? > > > > Do you have some hints? (I can`t answer tomorrow, but on wednesday.) > > > > Thx. Stefan > > > > Just want to state for list readers that Qubes-vpn-support and > qubes-tunnel do the same thing; they're not intended to be combined. > > I think the alternative you're looking for is the first part of the > Qubes VPN doc: > > https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager > > This way you can use Network Manager documentation for additional > guidance in the GUI, or use any specific steps NordVPN has created for > Network Manager. > > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 Chris, I recently got Nordvpn running on my 4.0.1 and I used their .deb package to install their app. The one thing I like about their app is that when it fires up it scans the hundreds of servers they have to identify the server that is best to connect to. The process that Qubes-vpn-support uses relies on the user manually deciding which of the hundreds plus servers to use right, and then creating a ln to that ovpn file? Do you think there could be a way to streamline or automate which ovpn file to use? Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/881c935f-86d6-4000-8a3d-0e54a9ff047d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] icon stacks in kde?
On Thursday, January 10, 2019 at 4:27:51 AM UTC-8, unman wrote: > On Thu, Jan 10, 2019 at 02:19:24AM -0800, pixel fairy wrote: > > playing with kde. the one feature i miss from xfce is making stacks of > > icon. by that i mean a separate panel on the bottom, kinda like os x, where > > you put a launcher and add multiple apps to it so you get a little arrow > > menu for all the extras. > > > > with kde, the closest thing i can find is pinning an app to the panel, but > > you cant group them arbitrarily like that. is there a way to get the same > > effect in kde? > > > > funny thing about qubes is you end up with far more "favorites" than i > > think the kde devs anticipated. > > > > Try using the application launcher, and setting favourites. This gives > something like the effect you're looking for. > You can either add the launcher(Add widgets - Application launcher), or > use it instead of the application menu - Right click on Menu icon, > select alternatives, application launcher. > I'd recommend adding the launcher as separate item and pinning > favourites there. clunky! but will have to do. not brave enough to find a widget and install it to dom0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/404d45c8-6bcb-4ac1-b5dc-829645aeacc5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] USB 3.0 to Ethernet adapter with QubesOS possible?
Hello, I've tried to use different USB to Ethernet adapters with QubesOS but without success. Is there a chance to make them usable? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/532e45bb-ebb2-7f12-a1e6-59bdafa6c82e%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-29-minimal sys-net/firewall problem
Hi 799, On 1/11/19 8:47 PM, 799 wrote: > I had the > > Am Fr., 11. Jan. 2019, 19:36 hat geschrieben: > >> I've been using Qubes for about 1 year now, and I wanted to try using a >> minimal template on my Dell XPS 13 laptop for the sake of conserving space. >> >> I've installed the packages recommended at >> https://www.qubes-os.org/doc/templates/fedora-minimal/ for sys-net and >> sys-firewall and I also had to copy the /usr/lib/firmware/ath10k from my >> fedora-28 template to the fedora-29-minimal clone in order to get my wifi >> to work. >> >> Under the fedora-29-minimal template clone I can connect to wifi. With >> both sys-net and sys-firewall using the minimal template, both templates >> and dom0 are able to update, so I know there is connectivity. However, I am >> unable to get any internet connectivity in my appvms. >> >> I have no expertise in the realm of troubles >> I had the >> >> Am Fr., 11. Jan. 2019, 19:36 hat geschrieben: >> >>> I've installed the packages recommended at >>> https://www.qubes-os.org/doc/templates/fedora-minimal/ for sys-net and >>> sys-firewall and I also had to copy the /usr/lib/firmware/ath10k from my >>> fedora-28 template to the fedora-29-minimal clone in order to get my wifi >>> to work. >>> Under the fedora-29-minimal template clone I can connect to wifi. With >>> both sys-net and sys-firewall using the minimal template, both templates >>> and dom0 are able to update, so I know there is connectivity. However, I am >>> unable to get any internet connectivity in my appvms. >>> I have no expertise in the realm of troubleshooting these problems. I am >>> just knowledgable enough to sometimes figure stuff out and sometimes screw >>> things up. >>> Any help would be appreciated. >> >> > I was running into the same issues and have already open a question here. > > This is my script to build my sys-app-VM-template from scratch: > (You might need to install another Intel Wifi Package). > > sudo qubes-dom0-update qubes-template-fedora-28-minimal > qvm-clone fedora-28-minimal t-fedora-28-sys > qvm-run --auto --user root t-fedora-28-sys "xterm -hold -e 'dnf -y update > && \ > dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd \ > qubes-core-agent-networking polkit qubes-core-agent-network-manager \ > notification-daemon qubes-core-agent-dom0-updates qubes-usb-proxy \ > network-manager-applet iwl6000g2a-firmware qubes-input-proxy-sender \ > NetworkManager-wwan NetworkManager-wifi NetworkManager-openvpn \ > NetworkManager-openvpn-gnome && \ > echo ... Everything completed! Shutdown Template'" > > # Optional packages you might want to install in the sys-template: > qvm-run --auto --user root t-fedora-28-sys "xterm -hold -e 'dnf -y install > nano less pciutils iputils'" > qvm-shutdown --all --wait --timeout 120 > qvm-prefs --set sys-net template t-fedora-28-sys > qvm-prefs --set sys-firewall template t-fedora-28-sys > qvm-prefs --set sys-usb template t-fedora-28-sys > qvm-start sys-firewall sys-firewall sys-usb > > I have tried to run the same script on a fedora-29-minimal template .. same > problem which you have described. > sys-net has internet, but no other vm which has it set as NetVM. > > Strangely it will work if you use the FAT fedora-29 template out of the box > ... so it seems we are missing some packages/settings. Not sure it'll help but here's a git below with a list of the rpms installed in the templateVM of my sys-{net,firewall} vms so you can compare and check if you're missing something; the templateVM is a minimal fedora install but unlike yours its initial version was f26, upgraded to f28 and then to f29. https://gist.github.com/taradiddles/7db0970d464a5129213c3626c69fb1a3 a crude way to generate such list in your templateVM: rpm -qa | sort | sed -e 's/-[0-9\.-].*//' > allrpms and then find differences: grep -xvf list_rpms_f29-1.txt allrpms (there will be a few packages that I have installed that are not needed for networking, eg. keepassxc, rsync, encfs, ...). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7a852e74-d446-92d8-902e-3c56e1d7dbfd%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-29-minimal sys-net/firewall problem
Am Fr., 11. Jan. 2019, 20:02 hat geschrieben: > On Friday, January 11, 2019 at 6:48:06 PM UTC, 799 wrote: > > (...) > Thanks for the reply. I had been following that thread of yours and hoping > someone would have an answer, but I have to assume the same thing: > something is missing. > My idea was to update a fedora-29 and fedora-29-minimal template to the latest version. Then install the additional packages for sys-vms. When this is done I compare the package lists to find out which additional packages are installed in the fat template and to reverse engineer what I am missing. But as fedora-28 is still supported afaik I decided just to keep the fedora-28 template. Hopefully someone will answer this question so that my wife will stop > asking me what the hell I'm doing sitting in front of my laptop all night :) > Sounds somewhat familiar ;-) - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2trqj4vhdYM5xHrZjQaW5hcSQXua%2BrZ4Nv9siJ3v6nwHQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-29-minimal sys-net/firewall problem
On Friday, January 11, 2019 at 6:48:06 PM UTC, 799 wrote: > I was running into the same issues and have already open a question here. > Strangely it will work if you use the FAT fedora-29 template out of the box > ... so it seems we are missing some packages/settings. Thanks for the reply. I had been following that thread of yours and hoping someone would have an answer, but I have to assume the same thing: something is missing. Hopefully someone will answer this question so that my wife will stop asking me what the hell I'm doing sitting in front of my laptop all night :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2dfdbc8e-0eb2-4b56-af8a-927a6051590c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-29-minimal sys-net/firewall problem
I had the Am Fr., 11. Jan. 2019, 19:36 hat geschrieben: > I've been using Qubes for about 1 year now, and I wanted to try using a > minimal template on my Dell XPS 13 laptop for the sake of conserving space. > > I've installed the packages recommended at > https://www.qubes-os.org/doc/templates/fedora-minimal/ for sys-net and > sys-firewall and I also had to copy the /usr/lib/firmware/ath10k from my > fedora-28 template to the fedora-29-minimal clone in order to get my wifi > to work. > > Under the fedora-29-minimal template clone I can connect to wifi. With > both sys-net and sys-firewall using the minimal template, both templates > and dom0 are able to update, so I know there is connectivity. However, I am > unable to get any internet connectivity in my appvms. > > I have no expertise in the realm of troubles > I had the > > Am Fr., 11. Jan. 2019, 19:36 hat geschrieben: > >> I've installed the packages recommended at >> https://www.qubes-os.org/doc/templates/fedora-minimal/ for sys-net and >> sys-firewall and I also had to copy the /usr/lib/firmware/ath10k from my >> fedora-28 template to the fedora-29-minimal clone in order to get my wifi >> to work. >> Under the fedora-29-minimal template clone I can connect to wifi. With >> both sys-net and sys-firewall using the minimal template, both templates >> and dom0 are able to update, so I know there is connectivity. However, I am >> unable to get any internet connectivity in my appvms. >> I have no expertise in the realm of troubleshooting these problems. I am >> just knowledgable enough to sometimes figure stuff out and sometimes screw >> things up. >> Any help would be appreciated. > > I was running into the same issues and have already open a question here. This is my script to build my sys-app-VM-template from scratch: (You might need to install another Intel Wifi Package). sudo qubes-dom0-update qubes-template-fedora-28-minimal qvm-clone fedora-28-minimal t-fedora-28-sys qvm-run --auto --user root t-fedora-28-sys "xterm -hold -e 'dnf -y update && \ dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd \ qubes-core-agent-networking polkit qubes-core-agent-network-manager \ notification-daemon qubes-core-agent-dom0-updates qubes-usb-proxy \ network-manager-applet iwl6000g2a-firmware qubes-input-proxy-sender \ NetworkManager-wwan NetworkManager-wifi NetworkManager-openvpn \ NetworkManager-openvpn-gnome && \ echo ... Everything completed! Shutdown Template'" # Optional packages you might want to install in the sys-template: qvm-run --auto --user root t-fedora-28-sys "xterm -hold -e 'dnf -y install nano less pciutils iputils'" qvm-shutdown --all --wait --timeout 120 qvm-prefs --set sys-net template t-fedora-28-sys qvm-prefs --set sys-firewall template t-fedora-28-sys qvm-prefs --set sys-usb template t-fedora-28-sys qvm-start sys-firewall sys-firewall sys-usb I have tried to run the same script on a fedora-29-minimal template .. same problem which you have described. sys-net has internet, but no other vm which has it set as NetVM. Strangely it will work if you use the FAT fedora-29 template out of the box ... so it seems we are missing some packages/settings. - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uHNGABB5GwiBiN8TwiEPwz4g1tQdAps46t1pcrQWHdgw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] fedora-29-minimal sys-net/firewall problem
I've been using Qubes for about 1 year now, and I wanted to try using a minimal template on my Dell XPS 13 laptop for the sake of conserving space. I've installed the packages recommended at https://www.qubes-os.org/doc/templates/fedora-minimal/ for sys-net and sys-firewall and I also had to copy the /usr/lib/firmware/ath10k from my fedora-28 template to the fedora-29-minimal clone in order to get my wifi to work. Under the fedora-29-minimal template clone I can connect to wifi. With both sys-net and sys-firewall using the minimal template, both templates and dom0 are able to update, so I know there is connectivity. However, I am unable to get any internet connectivity in my appvms. I have no expertise in the realm of troubleshooting these problems. I am just knowledgable enough to sometimes figure stuff out and sometimes screw things up. Any help would be appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58364d9d-5aec-45be-bc5f-fbba3c23d555%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Cannot Update Fedora-29 and Debian-9 on 4.0.1
On 1/11/19 8:08 AM, scoobyscrappy-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: > Hello, > > I am a new user to Qubes and I like it very much. > > I am on 4.0.1 and I am unable to update the Fedora-29 and Debian-9 templates. > Below are the errors for both: > > Fedora-29: > > Fedora Modular 29 - x86_64 > Error: Failed to synchronize cache for repo 'fedora-modular' > Done. > > Debian-9 (snippet): > > Err:3 http://deb.qubes-os.org/r4.0/vm stretch Release > 500 Unable to connect > Err:6 https://deb.debian.org/debian stretch Release > Received HTTP code 500 from proxy after CONNECT > Err:7 https://deb.debian.org/debian-security stretch/updates Release > Received HTTP code 500 from proxy after CONNECT > Err:8 https://deb.debian.org/debian jessie-backports Release > Received HTTP code 500 from proxy after CONNECT > E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch Release' does no > longer have a Release file. > E: The repository 'https://deb.debian.org/debian stretch Release' does no > longer have a Release file. > E: The repository 'https://deb.debian.org/debian-security stretch/updates > Release' does no longer have a Release file. > E: The repository 'https://deb.debian.org/debian jessie-backports Release' > does no longer have a Release file. > > TIA > try doing it via a terminal in the templates $sudo dnf update $sudo apt-get update sudo apt-get dist-upgrade fwiw for myself, the qubes manager fails or is so slow I only use it to make appvms or change/add applications lately so I guess this is a new install of yours? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd0a9206-336a-3512-7124-b42d1607d69b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Cannot Update Fedora-29 and Debian-9 on 4.0.1
Hello, I am a new user to Qubes and I like it very much. I am on 4.0.1 and I am unable to update the Fedora-29 and Debian-9 templates. Below are the errors for both: Fedora-29: Fedora Modular 29 - x86_64 Error: Failed to synchronize cache for repo 'fedora-modular' Done. Debian-9 (snippet): Err:3 http://deb.qubes-os.org/r4.0/vm stretch Release 500 Unable to connect Err:6 https://deb.debian.org/debian stretch Release Received HTTP code 500 from proxy after CONNECT Err:7 https://deb.debian.org/debian-security stretch/updates Release Received HTTP code 500 from proxy after CONNECT Err:8 https://deb.debian.org/debian jessie-backports Release Received HTTP code 500 from proxy after CONNECT E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch Release' does no longer have a Release file. E: The repository 'https://deb.debian.org/debian stretch Release' does no longer have a Release file. E: The repository 'https://deb.debian.org/debian-security stretch/updates Release' does no longer have a Release file. E: The repository 'https://deb.debian.org/debian jessie-backports Release' does no longer have a Release file. TIA -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aab39672-5e5e-403e-a5e5-969153f67b92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Debian minimal template
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/10/19 1:14 AM, unman wrote: > If any one is interested there's a prebuilt debian-9-minimal > template currently available in itl-testing. would you mind sending the output of dpkg -l Thanks. - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlw4tUMACgkQVjGlenYH FQ1fHxAAvX0dEOvzgAOP3vi+pTFNwtqJjfQmxZAINo6gcg5P4zK+ZezBXyLANYhZ fkCrRVMVJfWn3RsxyC6IHMTuOF3lcswi74kUpMOE+hmRt6hNoOxdNcWIs83Wbw5w J/+g1Nb2T2zjqFk8AkTSmx0ynXXL96/J+zwtPyMwSo2fhxS24TpEV/iL5L05vsLU k/bLFOmKplAQLXiU9QRibMDX1CC6nlWoL+HtFhY1DKlF51eq0o7ROHc8cR2fXqZN 4l/fyYumJMfFytOmQbCkeyNZbwfpCbCTShsTE4WIczZw6p/OlFjDAiZu+g4jVZne k4yBSBPwlWkKlSHfN4v6HrsQSCtM1sSqrnQvcnIao0qCp+rVMOYWr8brP/HQICm7 6bSdmFumUSpzXenKQBkdUFftvamFYBcBorzeArVWgfh9RPjEuI7XkwLnU0FgYjBL B6zkFnPVb260bawjFp2n313h8XnDzHl/sxDwoVSZjq9sDAi8PTTqP2/fM63HMDhJ fcsR0DXlrPDvOk2F1mpXK6mqMtqqJCHqubtxS92Gih4bJRd7CszyrabfZe5vEqKR GVzIsFV3rGXdtjQlTq7D0T87QylTEVVe4w5WoqBCcWW0vNL6ycUUve/D9AsrP9jb VAoqHSX6dbcgL0XVO1frxTNlEdKo6cAJIGNKvfD6TKN1U5jxxIA= =2GJk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/00c61ea1-e080-40dd-e35b-f57d20d82845%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: [qubes-users] qubes dom0 update breaks template updating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jan 11, 2019 at 11:23:00AM +, qtpie wrote: > > > Marek Marczykowski-Górecki: > > On Wed, Jan 09, 2019 at 10:19:00PM +, qtpie wrote: > >> The latest dom0 update broke updating my templates. I altered > >> /etc/qubes-rpc/policy/qubes.UpdatesProxy to change the updateproxy to > >> sys-whonix. > > > > Can you explain what/how exactly it's broken? > > /etc/qubes-rpc/policy/qubes.UpdatesProxy should not be overridden by an > > update, so any local modifications should remain. Also, using sys-whonix > > as updates proxy is a valid configuration we test regularly and did not > > spotted any issues recently... > > > > I cant reproduce the exact situation anymore. What was broken was that > on apt update or dnf upgrade, I got a 500 error on the repository URL, > and the error below. > > The error below I can still trigger by commenting out the line starting > with $type, and uncommenting the line starting with $tag. If you leave _only_ lines with $tag, then templates without that tag won't have access to any updates proxy (as you define it only for templates with a tag). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlw4gF4ACgkQ24/THMrX 1yxrdQf+K1K8P9IDlQ/vmTOv9fWNkSfWofAcmF0VTPGQukRKmYLVrHQu3xSiH9eV C/bBszQZ2wY4HIzMcPpSxqQ37NSRec/V+s5NUogjzuIvD5vF/MM2pWOZN9A8kM3Z GmwYTuPh6wjww6tJ+CjKHFOZo1U2/gSQ86h5bsO2NeJMwV8IWwkzSkOKJyuuqxKg eo66yw9aS3iehEUIz/R68ApXWBlM7L0PRDpgWR96FwcaG1v2SSfFsEE7PODpdTgi sdbyTNKIIe5G+GCodfzi2RbT0C1hkA3CF8hUrY1+0C+RHuOkH6Vrqa8FCfDuxObl hiTCm1COw3jGYp4mcJ+EZcaPoeR99Q== =zQ9b -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2019013910.GD1205%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: [qubes-users] qubes dom0 update breaks template updating
Marek Marczykowski-Górecki: > On Wed, Jan 09, 2019 at 10:19:00PM +, qtpie wrote: >> The latest dom0 update broke updating my templates. I altered >> /etc/qubes-rpc/policy/qubes.UpdatesProxy to change the updateproxy to >> sys-whonix. > > Can you explain what/how exactly it's broken? > /etc/qubes-rpc/policy/qubes.UpdatesProxy should not be overridden by an > update, so any local modifications should remain. Also, using sys-whonix > as updates proxy is a valid configuration we test regularly and did not > spotted any issues recently... > I cant reproduce the exact situation anymore. What was broken was that on apt update or dnf upgrade, I got a 500 error on the repository URL, and the error below. The error below I can still trigger by commenting out the line starting with $type, and uncommenting the line starting with $tag. The 500 error I cant reproduce.Sorry if I cried too soon. E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. >> My solution is to uncomment the lines starting with 'tag', while leaving >> the lines in the old formatting untouched. > >> This solution seems weird since here it is suggested that the lines >> starting with 'tag' should replace the other lines: >> https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/commit/ca27a33b0ec59f5ea2d4b334973eaa837f11ffc4 > >> I'm not saying this is a bug, I can understand that an update is not >> compatible with certain customisations and it is the users responsiblity >> to fix this. > >> In any case - enjoying Qubes everyday! > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f955cbb1-3136-a942-75bb-209409f02a95%40disroot.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] cannot qvm-remove fedora-29
On 1/11/19 12:50 AM, unman wrote: On Thu, Jan 10, 2019 at 10:23:04PM +0100, haaber wrote: On 1/10/19 10:18 PM, gone wrote: Hello, I had problems with the new Version of fedora and therefore want to completely remove it before reinstalling. But that doesn't work although I switched all the templates and the global default templates back to fedora-28 and already removed the fedora-29-dvm. When I type: qvm-remove fedora-29 I get back: This will comletely remove the selected VM(s)... fedora-29 Are you sure? [y/N] y VM fedora-29 cannot be removed. It is in use as: What could be the reason? What can I do, to clean up and cure my system? that was a weird one, and as I remember it : uninstall it rather with dnf -remove XXX inside dom0 root. Have alLook in the mailing list for similar questions how to remove fedora-25, -26, -27, -28 to get the precise command (that I do no longer know by heart. This is an open issue, because that error message is not helpful. As haaber says, the template needs to be removed using dnf - the command would be 'sudo dnf remove qubes-template-fedora-29' Thank you both. this worked fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/94391300-c016-4de5-bc30-77c8967f7b2e%40posteo.net. For more options, visit https://groups.google.com/d/optout.