[qubes-users] Salt updates fails on Fedora-33
After I installed the fedora-33 template a few days ago, I have never been able to do a software update on it using the Salt-based updater. A manual update using "dnf update" works fine. This is the error I'm getting in the updater tool: Is this a known problem, and is there some easy way to fix this? - Updating fedora-33 Error on updating fedora-33: Command '['sudo', 'qubesctl', '--skip-dom0', '--targets=fedora-33', '--show-output', 'state.sls', 'update.qubes-vm']' returned non-zero exit status 20 fedora-33: -- _error: Failed to return clean data retcode: 1 stderr: Traceback (most recent call last): File "/var/tmp/.root_dd8a91_salt/salt-call", line 27, in salt_call() File "/var/tmp/.root_dd8a91_salt/pyall/salt/scripts.py", line 445, in salt_call client.run() File "/var/tmp/.root_dd8a91_salt/pyall/salt/cli/call.py", line 48, in run caller = salt.cli.caller.Caller.factory(self.config) File "/var/tmp/.root_dd8a91_salt/pyall/salt/cli/caller.py", line 64, in factory return ZeroMQCaller(opts, **kwargs) File "/var/tmp/.root_dd8a91_salt/pyall/salt/cli/caller.py", line 329, in __init__ super(ZeroMQCaller, self).__init__(opts) File "/var/tmp/.root_dd8a91_salt/pyall/salt/cli/caller.py", line 89, in __init__ self.minion = salt.minion.SMinion(opts) File "/var/tmp/.root_dd8a91_salt/pyall/salt/minion.py", line 912, in __init__ opts["grains"] = salt.loader.grains(opts) File "/var/tmp/.root_dd8a91_salt/pyall/salt/loader.py", line 825, in grains ret = funcs[key]() File "/var/tmp/.root_dd8a91_salt/pyall/salt/grains/core.py", line 2384, in ip_fqdn ret["ipv6"] = salt.utils.network.ip_addrs6(include_loopback=True) File "/var/tmp/.root_dd8a91_salt/pyall/salt/utils/network.py", line 1353, in ip_addrs6 return _ip_addrs(interface, include_loopback, interface_data, "inet6") File "/var/tmp/.root_dd8a91_salt/pyall/salt/utils/network.py", line 1333, in _ip_addrs ret.add(addr) File "/usr/lib64/python3.9/ipaddress.py", line 1920, in __hash__ return hash((self._ip, self._scope_id)) AttributeError: _scope_id stdout: -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f30d150-f008-4a23-8d0b-cf074be23972n%40googlegroups.com.
Re: [qubes-users] Re: qrexec_timeout does not truly accept 360
On Tue, Mar 02, 2021 at 03:24:31PM -0600, Rob Townley wrote: > I really need this qube to run for over an hour without the hypervisor > killing it. Short of buying a much faster brand new machine, how does one > do that? > > On Mon, Mar 1, 2021 at 12:19 AM Rob Townley wrote: > > > qvm-prefs vmName qrexec_timeout 3600 > > does not return an error message. When read, 3600 is returned. > > However, the VM is forcibly stopped after 15 minutes. > > > > 1800 works > > 2700 works > > 3600 is not honored > > > > How can i get by this so this one VM can do finish its upgrade before > > forcibly rebooted? > > > There's a confusion here - qrexec-timeout is the time to wait on boot for the qrexec agent to be connected. If the qube isn't booting up then you have no chance of performing an upgrade. You should fix that problem first. BUT... The fact that "the VM is forcibly stopped after 15 minutes" suggests to me that you have the idleness monitor enabled, since this *does* have a default shutdown time of 15 mins. Can you check to see if you have the shutdown-idle service enabled this qube? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210303015840.GA8710%40thirdeyesecurity.org.
[qubes-users] Re: qrexec_timeout does not truly accept 3600
I really need this qube to run for over an hour without the hypervisor killing it. Short of buying a much faster brand new machine, how does one do that? On Mon, Mar 1, 2021 at 12:19 AM Rob Townley wrote: > qvm-prefs vmName qrexec_timeout 3600 > does not return an error message. When read, 3600 is returned. > However, the VM is forcibly stopped after 15 minutes. > > 1800 works > 2700 works > 3600 is not honored > > How can i get by this so this one VM can do finish its upgrade before > forcibly rebooted? > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CA%2BVdTb8pC%2Bxv5XpFZ9%2B2Fow4WK%2BHDo%2Bq8UdkqZMWA1VwbzpsPA%40mail.gmail.com.
Re: [qubes-users] Re: Howto grab/capture sound of one VM
Am 23.02.21 um 17:25 schrieb Steve Coleman: > > > ... > > Not sure exactly what you mean by capture. To play the audio, or record it? > > Look at the pulse audio configuration apps inside that VM. You should be > able to figure out what device channels are processing sound by looking > at the audio volume meters inside that VM. > > If recording it is what you want then look for a sound recorder app in > that VM. If playing the sound is what you want then look at the > pulseaudio controls in dom0. I cannot record inside the VM, the app doesn't allow saving the stream. But the data should somehow pass the Dom0 I guess. So there (I wish) it should be possible to 'cat < VMsoundIO > Audiofile.raw" (or similar ) Just curious G. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0f4a9e8-1592-f623-9453-8637e6f02720%40ixls.eu.
[qubes-users] Re: Doing all DNS calls using DoH over Tor
On 2/28/21 11:51 PM, unman wrote: On Sun, Feb 28, 2021 at 12:37:49PM +, liked2-mmb7mzph...@public.gmane.org wrote: On 8/2/20 11:46 AM, Kushal Das wrote: Hi, I wrote a blog post [0] explaining the steps required to move all the DNS calls to any secure DoH server using Tor (to keep the calls anonymized). Here I am modifying sys-firewall as the primary netwvm for the other AppVMs. [0] https://kushaldas.in/posts/use-doh-over-tor-for-your-qubes-system.html Kushal Thanks Kushal! I was using your setup successfully until changing the template from fedora 32 to fedora 33. Unfortunately, I cannot figure out why it stopped working. Switching back to fedora 32 works again. Any ideas? Read the announcement about the Fedora33 template, and you'll see a specific section on the handling of DNS, I think. 1) Marmarek reccomends in this comment: https://www.zeit.de/wirtschaft/2021-02/einfamilienhaeuser-klimaschutz-debatte-eigenheim-gruene- stadt-land?utm_source=pocket-newtab-global-de-DE to add a .lan suffix. 2) Another suggestion is https://www.zeit.de/wirtschaft/2021-02/einfamilienhaeuser-klimaschutz-debatte-eigenheim-gruene- stadt-land?utm_source=pocket-newtab-global-de-DE to disable systemd-resolved and enable NetworkManager. I can't imagine how 1) would help with that setup. Are there suggestions how to accomplish 2)? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f00d731c-ed26-14aa-53e0-e3e4a6d90219%40gmx.de.
Re: [qubes-users] Unable to get VPN to ping out. Unable to set up ProxyVM as sys-vpn
On 3/1/21 7:36 PM, 'awokd' via qubes-users wrote: roberto re: I've looked around but I can't seem to find any up-to-date, uncomplicated step by step guide to get a fail closed, antileak VPN tunnel environment. https://github.com/QubesOS-contrib/qubes-tunnel Sorry I dont have any words of wisdom, I have literally posted for weeks actually trying to get a functional VPN, I have gotten it to work using the iptables cli method, and once using the qubes tunnel method (was easy the one time it worked for me). Honestly while there are those who have gotten it going I am thinking there are bugs or something esp for those who want to use minimal non-fedora templates... but thats just me. Best of luck. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37a4d58e-c0cc-4147-4024-a0243c51dcd0%40posteo.co.
[qubes-users] How screwed am I? (corrupt backup files?)
I have a bunch of backups... all in one place... and it seems most of
them have been borked in some way. I have tried to restore 50gb backups
using qube manager and end up with empty appvms (that show a size of 0mb
in qubes manger and as far as i can tell are empty when i start them up
and look in them), though with many of the restores I dont get errors?
I am trying to figure out how to restore them manually per the qubes
emergency restore doc page and am getting errors like:
[user@disp9624 appvms2salvage]$ sudo tar -i -xvf
qubes-2019-12-14T162028_shuttle -C ~/Templates/
backup-header
backup-header.hmac
qubes.xml.000.enc
dom0-home/bob.000.enc
tar: Skipping to next header
tar: Archive contains ‘Q\352\334\\\275h\274\202B*\275s’ where numeric
off_t value expected
tar: Archive contains ‘I\221\272\031\205\325\314۴5\373\377’ where
numeric off_t value expected
tar: Archive contains ‘\037\2571\344\323\377ȧD\204\t"’ where numeric
off_t value expected
tar: Archive contains ‘p\177\246\257\371\215\243Bqp[\350’ where numeric
off_t value expected
tar: Archive contains ‘\210\265\225\265[\313\311i\205!TI’ where numeric
off_t value expected
tar: Archive contains ‘\255\220.\217\232\254j\247\326\325\355\303’ where
numeric off_t value expected
tar: Archive contains ‘\032q&\345\377k\005\342.value expected
tar: Archive contains ‘ע8"]T\310pr'\0\353’ where numeric off_t value
expected
tar: Archive contains ‘Q\241\371x\216\244AȞ\350?\343’ where numeric
off_t value expected
tar: Archive contains ‘a\023\2478\223\320\363S\231\275\345\320’ where
numeric off_t value expected
tar: Archive contains ‘\034v\320\313j7\262v\362\033G\002’ where numeric
off_t value expected
tar: Archive contains ‘\317\r\367Z\241.\256\017\036r[\342’ where numeric
off_t value expected
vm3/root.img.025.enc
tar: Skipping to next header
tar: Archive contains ‘!\017\257\f\317f\356\r\273\377\271\t’ where
numeric off_t value expected
tar: Archive contains ‘ؽY--f\212\317\025%\371\177’ where numeric off_t
value expected
tar: Archive contains ‘\241\227w\376\235f\347\263\366\025\342M’ where
numeric off_t value expected
tar: Archive contains ‘\331(\330n\372\352\033\343ٷ߉’ where numeric off_t
value expected
tar: Archive contains ‘\337\323\002h\315\371\002w\242\334\355\031’ where
numeric off_t value expected
tar: Archive contains ‘\001\327£\375\034[-QV7\036’ where numeric off_t
value expected
tar: Archive contains ‘k\020\327\023\210Cq\b[5\334 ’ where numeric off_t
value expected
tar: Archive contains ‘\255\273Y\273\360\004u\276\360\027\270M’ where
numeric off_t value expected
tar: Archive contains ‘[-\244\206\260(&\220\246)’ where numeric off_t
value expected
tar: Archive contains ‘\a\002\251\354 ݓ-t\031h\037’ where numeric off_t
value expected
tar: Archive contains ‘8\362\241\251\360Ah\255-\272\f^’ where numeric
off_t value expected
tar: Archive contains ‘\353\250\317\342\260\\\356\362\301;\303\311’
where numeric off_t value expected
tar: Archive contains ‘\001Z\223\220ɜ\327j\360\235fA’ where numeric
off_t value expected
tar: Archive contains ‘Ő\267\033z0_\264\326_-\326’ where numeric off_t
value expected
tar: Archive contains ‘\316\354\330Țv|w\027\311%\370’ where numeric
off_t value expected
tar: Archive contains ‘\233\215\351K\226\303BH\241\250<\337’ where
numeric off_t value expected
tar: Archive contains ‘\376:{\204\362\312$\267\223\205\310p’ where
numeric off_t value expected
tar: Archive contains ‘\236\226\3258+~\245\033\003~\376\022’ where
numeric off_t value expected
tar: Archive contains ‘\260\341D\266\241[\224~\303\037\220\263’ where
numeric off_t value expected
tar: Archive contains ‘w\360<\215\023\212\315:p:^\003’ where numeric
off_t value expected
tar: Archive contains ‘\227\177\212\211FF\375\360Oe\201\232’ where
numeric off_t value expected
tar: Archive contains ‘\247;\347P\306M\035a\213\350-\221’ where numeric
off_t value expected
tar: Archive contains ‘\356b\372\212\326S\230H\320s\261w’ where numeric
off_t value expected
tar: Archive contains ‘J\263\236[\034&"ƭ\344%\336’ where numeric off_t
value expected
tar: Archive contains ‘\323Uy\260\225X/a\314\020] ’ where numeric off_t
value expected
tar: Archive contains ‘P;\a\300\214E\304\026\373\314D\353’ where numeric
off_t value expected
tar: Archive contains ‘nW\273B"\224\366*\334|\241R’ where numeric off_t
value expected
tar: Archive contains ‘@\214\027D*\342-u\034}\214x’ where numeric off_t
value expected
tar: Archive contains ‘\016\364\236DV\314\020\302]N\035y’ where numeric
off_t value expected
tar: Archive contains ‘\362\307"\031\277y\330څ\021\304\320’ where
numeric off_t value expected
tar: Archive contains ‘\375k\374\206\235j+\016W=w\215’ where numeric
off_t value expected
tar: Exiting with failure status due to previous errors
Can someone explain how bad things are looking from these errors?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails
Re: [qubes-users] Migrating to Qubes OS
> > Am 02.03.21 um 01:21 schrieb 'awokd' via qubes-users: >> For 1 & 2, have you attempted the steps under >> https://www.qubes-os.org/doc/usb-qubes/#manual-setup ? >> >> 3 Does your VPN provider support OpenVPN? It's better. If so, >> https://github.com/QubesOS-contrib/qubes-tunnel is probably the best >> approach. Otherwise, try >> https://www.mail-archive.com/qubes-users@googlegroups.com/msg02913.html. >> >> 4 Unknown >> >> 5 Only fix I can think of might be to switch the desktop from xfce to >> something like i3, but haven't attempted that. > > 1&2: I had a look into that but did not try yet as I was afraid of > breaching the security of dom0, but if it is the only workaround > possible I might take that risk. > Would https://www.qubes-os.org/doc/usb-qubes/#automatic-setup do the same? > Further I am not sure if that will solve the keyboard layout problem or > has a potential to make things worse? > > 3: My VPN Provider reccommends IKEv2 strongswan but PPTP is mentioned as > well and worked fine using Ubuntu. After PPTP failed I tried strongswan > with a debian VM but although the connection seems to work for a few > moments (not really, but it just displays a notification the connection > was established succesfully) and then displays an error message the > connection failed. > The providers reply was the default-route might not point to the > VPN-Interface, which seems to be the case referring to the output of 'ip > route'. > > 5 As far as I understood Qubes is quite bound to xfce as a desktop > environment at the moment and problems might occur when switching, > therefore I am not keen to try this. > Would it be safe to use "Session and Startup" of dom0 to autostart > Applications and is there a command to assign a workspace to each > specific App or restore the session (tried ticking the option but no > changes)? > Regarding 1&2 would it be possible to clone the usb-qube and then sort the usb-controllers to both qubes and giving one usb-controller the access to dom0 as described in https://www.qubes-os.org/doc/usb-qubes/#automatic-setup ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20fd49a7-cb40-95bd-9140-5c75640b1cf2%40posteo.de.
Re: [qubes-users] Migrating to Qubes OS
Am 02.03.21 um 01:21 schrieb 'awokd' via qubes-users: > For 1 & 2, have you attempted the steps under > https://www.qubes-os.org/doc/usb-qubes/#manual-setup ? > > 3 Does your VPN provider support OpenVPN? It's better. If so, > https://github.com/QubesOS-contrib/qubes-tunnel is probably the best > approach. Otherwise, try > https://www.mail-archive.com/qubes-users@googlegroups.com/msg02913.html. > > 4 Unknown > > 5 Only fix I can think of might be to switch the desktop from xfce to > something like i3, but haven't attempted that. 1&2: I had a look into that but did not try yet as I was afraid of breaching the security of dom0, but if it is the only workaround possible I might take that risk. Would https://www.qubes-os.org/doc/usb-qubes/#automatic-setup do the same? Further I am not sure if that will solve the keyboard layout problem or has a potential to make things worse? 3: My VPN Provider reccommends IKEv2 strongswan but PPTP is mentioned as well and worked fine using Ubuntu. After PPTP failed I tried strongswan with a debian VM but although the connection seems to work for a few moments (not really, but it just displays a notification the connection was established succesfully) and then displays an error message the connection failed. The providers reply was the default-route might not point to the VPN-Interface, which seems to be the case referring to the output of 'ip route'. 5 As far as I understood Qubes is quite bound to xfce as a desktop environment at the moment and problems might occur when switching, therefore I am not keen to try this. Would it be safe to use "Session and Startup" of dom0 to autostart Applications and is there a command to assign a workspace to each specific App or restore the session (tried ticking the option but no changes)? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/afd105d1-2c7a-0d9f-544b-a7c5426dd19c%40posteo.de.
Re: [qubes-users] qrexec_timeout does not truly accept 3600
Rob Townley: qvm-prefs vmName qrexec_timeout 3600 does not return an error message. When read, 3600 is returned. However, the VM is forcibly stopped after 15 minutes. 1800 works 2700 works 3600 is not honored How can i get by this so this one VM can do finish its upgrade before forcibly rebooted? Think you can disable qrexec with "qvm-features [vmname] qrexec 0". Do this on the template. Set back to 1 when done. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38ea9107-5d4d-8042-fbd6-b0777c70a5cc%40danwin1210.me.
Re: [qubes-users] Unable to get VPN to ping out. Unable to set up ProxyVM as sys-vpn
roberto re: I've looked around but I can't seem to find any up-to-date, uncomplicated step by step guide to get a fail closed, antileak VPN tunnel environment. https://github.com/QubesOS-contrib/qubes-tunnel -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a842f938-57ef-6a87-018f-a23897992a4b%40danwin1210.me.
Re: [qubes-users] trouble with apt-get on dabian
Steve Coleman: Apparently, I need to reinstall a new fedora-33 template baseline and painstakingly install all these packages one at a time while restarting Debian-10 to try an 'apt-get update' between package installs. Somewhere along the way, it will break and whatever I just installed will be the culprit. I think I'll be doing a lot of cloning of templates creating checkpoints along the way. Good find. Hope my suggestions didn't cost you too much time. Depending how many packages you're talking about, a binary search might help- install half of them recursively. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b78adc2-73b3-b0d2-58ac-f3f1b2227eca%40danwin1210.me.
Re: [qubes-users] Migrating to Qubes OS
Flex: Hello, migrating from Ubuntu 20.04 to Qubes OS I have still quite a few problems I ran into and could not solve yet using the documentation etc. 1. I need to use an external USB-Keyboard which is plugged into the docking station of my X230 Thinkpad. I can connect the Keyboard to one running VM using sys-usb but this results in a falsely changed keyboard layout (US instead of DE) and I need to reboot to reset this as the built in keyboard layout is affected in the same way. 2. Further it would be great to know how to automatically connect to several selected VM after boot without connecting it directly to dom0 or if not possible how to connect it to dom0 as I was not able to understand the many different options mentioned in the documentation etc. 3. The sys-net VPN (PPTP) is not working although the settings are the same as using Ubuntu, where it connected. Is there a way to get the VPN up and running? 4. The qubes add on for thunderbird is not compatible with thunderbird 78 is it planned to upgrade it soon? 5. When disconnecting from the docking station to which the 2nd screen is connected to, the windows are not automatically resized/-grouped so it is kind of hard to access those invisible on the second screen which is no longer attached, is there a way to improve this? That is it for now though I might run in to more issues the coming days. Hope you can help me especially with the first and 3rd issue as those are most urgent. Many thanks! Flex For 1 & 2, have you attempted the steps under https://www.qubes-os.org/doc/usb-qubes/#manual-setup ? 3 Does your VPN provider support OpenVPN? It's better. If so, https://github.com/QubesOS-contrib/qubes-tunnel is probably the best approach. Otherwise, try https://www.mail-archive.com/qubes-users@googlegroups.com/msg02913.html. 4 Unknown 5 Only fix I can think of might be to switch the desktop from xfce to something like i3, but haven't attempted that. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c183f83-3637-87b0-6dbc-2474328e2439%40danwin1210.me.
Re: [qubes-users] trouble with apt-get on dabian
On 3/1/21 11:48 AM, Mike Keehan wrote: HI, Just a "me too" I'm afraid. I installed Fedora 33, and used it for all the sys-vms, and my sys-net would not connect to wifi - kept displaying the prompt for the wifi password, even though the password was correct. Switched back to Fedora 32 on sys-net, and it works OK again. (I also had my screen freeze at one point - might be due to the i915 driver update. Had this problem a long time ago when using the Arch distro, but never on Qubes before.) Just monitoring things for now. Mike. Did an update and now it works fine. Silly me. Mike. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d3ee0e3-7353-3f84-654b-5bb776efdefd%40keehan.net.
