[qubes-users] apt update issue 111: Connection refused
Hello everyone, I'm pretty new to QubesOS, and I have just start experimenting. I have installed Qubes 3.2.1 (because of incompabilities with my HW), upgraded Debian Template to Debian 10 and also sys-whonix Service VM to Debian 10. When I try to run apt update in Debian Template, I got a following errors: Err:1 https://packages.microsoft.com/debian/10/prod buster InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:2 https://download.mono-project.com/repo/debian stable-buster InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:3 http://deb.qubes-os.org/r3.2/vm buster InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:4 https://updates.signal.org/desktop/apt xenial InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:5 http://deb.debian.org/debian buster InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:6 http://dl.google.com/linux/chrome/deb stable InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:7 http://linux.dropbox.com/debian stretch InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:8 http://prerelease.keybase.io/deb stable InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Err:9 http://security.debian.org buster/updates InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch http://security.debian.org/dists/buster/updates/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch http://linux.dropbox.com/debian/dists/stretch/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch http://dl.google.com/linux/chrome/deb/dists/stable/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch http://prerelease.keybase.io/deb/dists/stable/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch https://packages.microsoft.com/debian/10/prod/dists/buster/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch https://download.mono-project.com/repo/debian/dists/stable-buster/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch http://deb.qubes-os.org/r3.2/vm/dists/buster/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Failed to fetch https://updates.signal.org/desktop/apt/dists/xenial/InRelease Could not connect to 10.137.255.254:8082 (10.137.255.254). - connect (111: Connection refused) W: Some index files failed to download. They have been ignored, or old ones used instead. I'm really not sure what to do, I have spent like 3 hours trying to solve this issue, but I have found nothing that was helpful. Do you have any idea where could be the problem? Again, please keep in my that I'm just newbie with QubesOS. Many thanks & kind regards! Ondrej -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518aa51-b366-4f3f-ae6e-9356cdf413b8%40googlegroups.com.
Re: [qubes-users] Re: New Install is Missing sys-USB, How to recover - Update
On Saturday, December 14, 2019 at 12:29:03 PM UTC-6, awokd wrote: > > r...@aarden.me : > > > It has taken four years to get to here. I have tried this with Debian > and > > Qube OS. I could not get Xen on Debian to work due to my wireless only > > networking of my laptop. With Qubes, it has been getting wireless and > USB > > to both work. This time, wireless worked maybe. > > > > There is a sys-USB qube. This will be my next challenge. I want to be > > able to use a mouse and, as this is a laptop, and I would like to > connect > > to my USB3 docking station and test out the functionality. > > Mouse shouldn't be too hard, but some USB controllers don't like running > inside a qube. To see the log, you need to be in su mode in a dom0 > session, so "sudo nano /var/log/libvirt/libxl/libxl-driver.log" should > work. Check it shortly after attempting to start sys-usb if it is > failing to start. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > On Saturday, December 14, 2019 at 12:29:03 PM UTC-6, awokd wrote: > > r...@aarden.me : > > > It has taken four years to get to here. I have tried this with Debian > and > > Qube OS. I could not get Xen on Debian to work due to my wireless only > > networking of my laptop. With Qubes, it has been getting wireless and > USB > > to both work. This time, wireless worked maybe. > > > > There is a sys-USB qube. This will be my next challenge. I want to be > > able to use a mouse and, as this is a laptop, and I would like to > connect > > to my USB3 docking station and test out the functionality. > > Mouse shouldn't be too hard, but some USB controllers don't like running > inside a qube. To see the log, you need to be in su mode in a dom0 > session, so "sudo nano /var/log/libvirt/libxl/libxl-driver.log" should > work. Check it shortly after attempting to start sys-usb if it is > failing to start. > > Thank you for the info. The sys-usb showed up in the qube manager. Clicking start on the start/resart context menu initiated start up. An error window popped up pointing to the log file you indicate, libxl-driver.log. The log reported: 1. …libxl__device_pci_reset: The kernel doesn’t support reset from sysfs for PCI device :00:14.0 2. …libxl__xenstor_child_wait_deprecated: Device Model not ready 3. ,,,qemu_pci_add_xenstore: qemu refuse to add device: :00:14.0, mistranslate=0,power_mgmt=0: 4. …libxl__add_pcidevs: libxl_device_pci_failed: -3 5. …domcreate_attach_devices: unable to add pci devices 6. …libxl__device_pci_reset: The kernel doesn’t support reset from sysfs for PCI device :00:14.0 --- [Dom0] Settings: sys-usb “PVH mode is recommended if possible (Linux kernel 4.11 or newer, no PCI passthrough). For Windows qubes always use HVM” Virtualization Mode: HVM “PVH mode is hidden since it doesn’t support PCI passthrough.” --- I changed the setting to PV (the only choice). A note opened stating “Using PV mode exposes ore hypervisor attack surface.” I selected start from the qube manager sys-usb item. A note popped up stating it started, then the same error message was reported. Note: I previously selected both USB controllers in sys-usb Devices. On removing the erroring controller (14.0): Resulted in the same error. On removing the other controller (no controllers selected): Resulted in “Resource temporarily unavailable”. On adding the alternate controller: 1. …xc_assign_device failed: Operation not permitted 2. …libxl__add_pcidevs: libxl_device_pci_failed: -3 3. …domcreate_attach_devices: unable to add pci devices Next: From: https://groups.google.com/forum/#!topic/qubes-users/wdfpne96xhI To be sure I went into Qube Manager, sys-usb->Qubes Setting->Devices and used the "Configure strict reset for PCI devices" button to set it on 00:14.0. I opened sys-usb settings and found the controller listed in the settings pane (on the right). The control button/bar at the bottom entitled "Configure strict reset for PCI devices". I clicked on the controller in the ‘selected’ window, then clicked the strict reset button. The controller was then highlighted. After applying the changes, I restarted sys-usb. It worked. It was unclear that the controller did not already have the strict reset button ‘on’. The newly built vm uses the usb mouse. It is curious that the mouse is also active in dom0. I am using a windows laptop to take notes and work the web including this session. While the mouse works on dom0 on the other machine and the vm, it does not work on the windows machine (probably because it is not plugged into it). I am excited to learn how to work in qubes – being able to jump from dom0 to vms, take notes, post messages, email smoothly. It is g
[qubes-users] sys-net interfaces
I haven't been able to find any documentation for what network interfaces sys-net is expected to expose internally. If I want to create my own sys-net from scratch, how does Xen/Qubes send network traffic to sys-net, to be sent onwards to my NIC? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191221153318.GA1931%40danwin1210.me.
[qubes-users] swap disk trim
Hello, To enable swap trim need to add "discard=once". The string at /etc/fstab will be like this? "*default,discard=once,x-systemd-device*" After editing fstab need to run something? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4046ce9-4910-4bf6-89f9-c830a5f898ed%40googlegroups.com.
[qubes-users] Startup/Shutdown thin pool trim - where to insert with systemd?
Hi folks [ calling @tasket !] I'd like to have the system perform a thin_trim command across the primary thin pool on Qubes startup and shutdown. The purpose would be opportunistic erasure of deleted volumes in the pool (say, if they were removed without blkdiscard being run against them first). I have already activated passdown through the luks layer and enabled discards on the hardware. As the documentation tells us, thin_trim can only be safely invoked before the pool is activated or after the pool is successfully deactivated. If fedora were still running init, I'm pretty sure I could find the right place to do this, but with systemd, I am quite discombobulated. >From the documentation I know that as part of the automatic lvm scanning and activating of autodiscovered lvm VGs/volumes/pools that thin_check is automatically run on startup before activating volumes (though that might be internal and therefore controlled via lvm.conf). So... 1. Where/how do I insert a thin_trim of the qubes_00 pool during startup when it's available (e.g. after luks volume is mounted) but before the pool is activated? How do I do it safely (ensuring that activation only occurs on exit of thin_trim)? 2. Where/how do I insert a thin_trim of the qubes_00 pool during shutdown after it is deactivated but before the luks volume (the VG) is dismounted? Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1ae53ba-d942-4f0c-b6f5-599eee544593%40googlegroups.com.
Re: [qubes-users] How to point(connect) to App VM from external?
I solved my problem using that document. Thanks for your help!. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97878383-7d22-4100-8cc3-d2a53fd9a33d%40googlegroups.com.
Re: [qubes-users] Dual booting Qubes and Qubes?
December 20, 2019 2:19 PM, "Claudia" wrote: > > I decided I'm going to try the dual-ESP approach first and see if it works. > If not, then I'll try > the EFI directory hack. > > I formatted my disk like: ESP, /boot, root, ESP, /boot, root, (swap); and > installed Qubes into the > first "slot". I still have to install another Qubes instance into the second > "slot" and make sure > they both work. I'll follow up when I do. The dual ESP approach seems to be working fine for me, but you do have to manually fiddle around with efibootmgr. The installer overwrites existing Qubes entries, although I'm not sure what exactly it looks for. Maybe changing the label would be sufficient to preserve it. Dual booting R4.1 and R4.0, both using btrfs on dm-crypt. I can't speak to how LVM or anything else might be affected. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b673b6683a5fa2bd9008f6e45a64e0a2%40disroot.org.
Re: [qubes-users] HCL - Dell Inspiron 15 5000 (5575) AMD Ryzen 5 2500U w/ Vega 8 Graphics
December 20, 2019 9:13 PM, "Claudia" mailto:claud...@disroot.org?to=%22Claudia%22%20)> wrote: December 20, 2019 6:05 PM, brendan.h...@gmail.com (mailto:brendan.h...@gmail.com) wrote: On Friday, December 20, 2019 at 9:29:55 AM UTC-5, Claudia wrote:December 19, 2019 12:13 AM, "Claudia" wrote: > This is R4.1 build 20191013 > > It works pretty well, definitely better than 4.0, but there are some weird > boot issues. If I let it > boot with everything as default, it will boot loop before reaching the disk > password screen. I ...Looks like rd.qubes.hide_all_usb is what's causing it to crash. When I remove it, it boots fine with the graphical splash and passphrase prompt. Another AMD Ryzen user mentioned having the same problem a while back. Something about AMD's IOMMU grouping of USB controllers, or something. Unfortunately, (my understanding is) that exposes the dom0 to the USB ports. Even if you have a sys-usb, dom0 is still exposed temporarily on boot. Thanks for the tip. I actually thought removing that parameter just simply disabled USB Qube functionality and attached all devices to dom0, but I guess that's only when sys-usb is not running. Once sys-usb is running, it takes over the USB controllers from dom0, I guess. It's just that they're exposed before sys-usb starts, in that case. It would be nice to have working, but I've never had a USB Qube before, even on my old machine, so I haven't lost anything. I don't use a lot of USB devices, and it's not a big part of my threat model. I'll play around with it when I have a chance. I realized I had disabled autostart for all VMs including sys-usb to speed up boot time (systemctl disable sys-{net,usb,firewall,whonix}@qubesvm.se (mailto:whonix...@qubesvm.se)rvice), and I hadn't actually run sys-usb at all since then. I decided to start sys-usb while the system was running, and everything went to hell: the screen froze, audio stopped, even the caps lock light wouldn't come on. So this isn't limited to hide_all_usb, just USB controller passthru in general on this machine. So I reinstalled 4.0.2-rc3, once again, this time without USB Qube, and everything works (except suspend/resume which doesn't work anywhere except Fedora 30, not even F29 iirc), including audio and amdgpu without nomodeset. All this time I was blaming it on the old-ness of 4.0, but it was hide_all_usb all along. The only reason I tried getting rid of hide_all_usb in 4.1 is because the nomodeset trick didn't work in 4.1 so I had to continue troubleshooting, whereas in 4.0 it worked and I moved on. And also grub makes it way more convenient to modify boot options. So in summary, for 4.0 and 4.1 alike, everything works except suspend/resume, as long as you don't set up a USB Qube. I attached updated HCL reports to reflect this, and will update them as I do more testing. I'm going to try and figure out some of this IOMMU grouping stuff and start another thread about this issue. But like I said, I never had a USB Qube before, so I'm not going to miss it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbdf183debac9338e0f46d32bbcb%40disroot.org. Qubes-HCL-Dell_Inc_-Inspiron_5575-20191220-220355.yml Description: Binary data Qubes-HCL-Dell_Inc_-Inspiron_5575-20191221-021654.yml Description: Binary data
[qubes-users] Re: HCL - Dell Inc XPS 15 7590
On Monday, August 19, 2019 at 3:40:51 AM UTC-5, th...@nym.hush.com wrote: > > Killer AX1650 card drivers not present. Replaced with Intel 8290 AC as a > fix. > > Goodix Fingerprint device found via USB, can we shared with supported VMs > > TPM2 is present but not found correctly by dom0 HCL scripts. > > [beaster@dom0 ~]$ sudo dmesg | grep -i tpm > [0.00] ACPI: TPM2 0x6D8205C8 34 (v04 DELL\x CBX3 > 0001 AMI ) > [ 24.570136] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0xFC, rev-id 1) > [beaster@dom0 ~]$ sudo ls -la /dev/tpm* > crw--- 1 root root 10, 224 Aug 19 19:25 /dev/tpm0 > crw--- 1 root root 242, 65536 Aug 19 19:25 /dev/tpmrm0 > > Thankyou Beaster > What settings did you have to modify to get a proper install on the 7590? I'm getting a kernel panic initially. The BIOS doesn't have an apparent way to boot in legacy mode. I tried going to an earlier BIOS as I read that it had that option but I couldn't find it there either. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ec14bc5-c8db-458c-9cce-2bfdd5edc5a9%40googlegroups.com.