Re: [EXT] [qubes-users] What is the latest version of Qubes (on 23 February 2021)

2021-03-18 Thread donoban
On 3/17/21 12:05 AM, load...@gmail.com wrote:
> That's great but you should guess how did you get it disabled. Maybe
> 'qubes-dom0-update' should warn about it.
> 
> 
> Actually I don't know why and how it happened.
> 
> The only commands which I am using often in Dom0 terminal for
> update/download templates/copy-paste files from Dom0. I definitely did
> not change any config files after my last successful update (I even
> don't remember did I change any config in Dom0).
> 

Maybe you changed updates configuration with 'Qubes Global Settings'?

Other options are:
1) Some Qubes update disabled it, nearly impossible, any users would
reported same problem.
2) Your dom0 is compromised, also very difficult with common Qubes usage.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5ffc3cf-1f8b-1a4c-8697-2a723b015c3c%40riseup.net.


OpenPGP_signature
Description: OpenPGP digital signature


[qubes-users] Networking issue with sys-whonix, missing vif*

2021-03-18 Thread Vladimir Lushnikov
Hello,

Since updating to latest Whonix 15/Qubes R4.1, I am having issues with
sys-whonix not bringing up the virtual interfaces for downstream VMs
correctly. I could find nothing conclusive in the bug tracker but am
hesitant to raise it on qubes-issue in case it only affects me.

The symptoms are as follows:

* AppVMs connected to sys-whonix do not get networking
* There is an incorrect nameserver specified in the AppVM
/etc/resolv.conf (the IP does not match the IP of sys-whonix)
* There are no vif* interfaces in sys-whonix, or they are down and have
no IP address
* There are errors in the logs of sys-whonix like:

Mar 18 14:56:20 host root[20716]: /etc/xen/scripts/vif-route-qubes:
Writing backend/vif/17/0/hotplug-error /etc/xen/scripts/vif-route-qubes
failed; error detected. backend/vif/17/0/hotplug-status error to xenstore.
Mar 18 14:56:20 host root[20718]: /etc/xen/scripts/vif-route-qubes:
/etc/xen/scripts/vif-route-qubes failed; error detected.

Workaround is to add the routing information back in sys-whonix (the
vif* interface was there already, just not properly setup):

``
ip link set vif up
ip addr add /32 dev vif
ip route add  dev vif metric 32744
``

This will fix the routing table so the prerouting nat rules work.

I am not entirely sure how to proceed with diagnosing the issue further.
Versions are posted below.

Kind regards,
Vladimir


Version of qubes* packages in whonix-gw-15:

libqubes-rpc-filecopy2 4.1.13+deb10u1
libqubesdb 4.1.10-1+deb10u1
libvchan-xen 4.1.7-1+deb10u1
python3-qubesdb 4.1.10-1+deb10u1
qubes-core-agent 4.1.24-1+deb10u1
qubes-core-agent-dom0-updates 4.1.24-1+deb10u1
qubes-core-agent-nautilus 4.1.24-1+deb10u1
qubes-core-agent-networking 4.1.24-1+deb10u1
qubes-core-agent-passwordless-root 4.1.24-1+deb10u1
qubes-core-agent-thunar 4.1.24-1+deb10u1
qubes-core-qrexec 4.1.13-1+deb10u1
qubes-gui-agent 4.1.16-1+deb10u1
qubes-input-proxy-sender 1.0.23-1+deb10u1
qubes-kernel-vm-support 4.1.13+deb10u1
qubes-mgmt-salt-vm-connector 4.1.9-1+deb10u1
qubes-usb-proxy 1.0.29+deb10u1
qubes-utils 4.1.13+deb10u1
qubes-vm-dependencies 4.1.11-1+deb10u1
qubes-whonix 1:15.2-1
qubes-whonix-gateway 3:20.2-1
qubes-whonix-gateway-packages-recommended 1:15.2-1
qubes-whonix-shared-packages-recommended 1:15.2-1
qubesdb 4.1.10-1+deb10u1
qubesdb-vm 4.1.10-1+deb10u1

In the AppVM which is fedora-based:

python3-dnf-plugins-qubes-hooks-4.1.24-1.fc32.x86_64
python3-qubesdb-4.1.10-1.fc32.x86_64
python3-qubesimgconverter-4.1.13-1.fc32.x86_64
qubes-core-agent-4.1.24-1.fc32.x86_64
qubes-core-agent-dom0-updates-4.1.24-1.fc32.x86_64
qubes-core-agent-nautilus-4.1.24-1.fc32.x86_64
qubes-core-agent-network-manager-4.1.24-1.fc32.x86_64
qubes-core-agent-networking-4.1.24-1.fc32.x86_64
qubes-core-agent-passwordless-root-4.1.24-1.fc32.x86_64
qubes-core-agent-systemd-4.1.24-1.fc32.x86_64
qubes-core-qrexec-4.1.13-1.fc32.x86_64
qubes-core-qrexec-libs-4.1.13-1.fc32.x86_64
qubes-core-qrexec-vm-4.1.13-1.fc32.x86_64
qubes-db-4.1.10-1.fc32.x86_64
qubes-db-libs-4.1.10-1.fc32.x86_64
qubes-db-vm-4.1.10-1.fc32.x86_64
qubes-gpg-split-2.0.50-1.fc32.x86_64
qubes-gui-agent-4.1.16-1.fc32.x86_64
qubes-img-converter-1.2.9-1.fc32.x86_64
qubes-input-proxy-sender-1.0.23-1.fc32.x86_64
qubes-kernel-vm-support-4.1.13-1.fc32.x86_64
qubes-libvchan-xen-4.1.7-1.fc32.x86_64
qubes-menus-4.1.6-1.fc32.noarch
qubes-mgmt-salt-vm-connector-4.1.9-1.fc32.noarch
qubes-pdf-converter-2.1.11-1.fc32.x86_64
qubes-usb-proxy-1.0.29-1.fc32.noarch
qubes-utils-4.1.13-1.fc32.x86_64
qubes-utils-libs-4.1.13-1.fc32.x86_64
qubes-vm-dependencies-4.1.11-1.fc32.noarch
qubes-vm-recommended-4.1.11-1.fc32.noarch


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ace8b24-c18b-f106-a545-0523062906cd%40vladimir.lu.


Re: [qubes-users] Replacing the wpa_supplicant wifi daemon with iwd

2021-03-18 Thread haaber

On 3/3/21 5:19 PM, 'qtpie' via qubes-users wrote:

Due to mysterious, unsolvable Wifi issues, I decided to replace the
wpa_supplicant wifi daemon with iwd.

  -- snip --

$ dnf remove wpa_supplicant
$ echo -e "[device] \nwifi.backend=iwd" | tee -a
/etc/NetworkManager/NetworkManager.conf
$ systemctl enable iwd.service
$ systemctl start iwd.service
$ systemctl restart NetworkManager


interesting. I tried that in my debian-minimal-net but I cannot start
iwd with systemctl. Errors similar to here

  https://bbs.archlinux.org/viewtopic.php?id=250220

but the proposed "solution" does not work. The thread suggests

  sudo cp /usr/lib/systemd/system/iwd.service /etc/systemd/system/

but that file does simply not exist, so I cannot copy it. So I stopped
that experiment for the moment. Maybe @unman has a suggestion for a
well-working debian-based 'minimal' solution without  networkmanager
and/or   wpa_applicant ?  Best,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6331118-ec61-9e6d-dc28-f1c1220c317c%40web.de.


[qubes-users] HCL - Lenovo P14s (AMD Ryzen 7 Pro 4750U)

2021-03-18 Thread Josef Johansson
Fix reboots on suspend:
* activate Linux as type of OS in BIOS (enables S3 instead of S2idle)
* add acpi_sleep=nonvs in GRUB_CMDLINE_LINUX in /etc/default/grub
* smt=on seems to help

Boot is a bit slow, but doing this after boot solves that, it's possible to
set under GRUB_CMDLINE_XEN_DEFAULT with dom0_max_vcpus=2 dom0_vcpus_pin but
it seems that vm get this as well.
* sudo xl vcpu-set Domain-0 2
* sudo xl vcpu-pin Domain-0 0 0
* sudo xl vcpu-pin Domain-0 1 1

Running Qubes R4.1 with kernel 5.11.4-1.fc32.qubes.x86_64 and
linux-firmware 20210208-106
On install add console=vga=none dom0_max_vcpus=2 dom0_vcpus_pin to grub

Use Debian 11 for template VMs since Debian 10 is broken (at time of
writing) as network-vm.
Wireless works in Fedora 33, but not out of the box in Debian 11.

Overall there's still a bit sluggishnes from time to time. Pinning all VMs
to cores helps.

Dual 2K screens acheived via 2x DP to USB-C adapter, multiport adapters
does not work (single DP).

What does not work:
* Webcam
* MST

Not tested:
* Bluetooth

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOnYue_vO4450cxoWAvQO2EAUDPOifLECXoDadN7bVfE72hnuw%40mail.gmail.com.


Qubes-HCL-LENOVO-20Y1S02400-20210318-093409.yml
Description: application/yaml


[qubes-users] XSAs released on 2021-03-18

2021-03-18 Thread Andrew David Wong

Dear Qubes Community,

The Xen Project has released one or more new Xen Security Advisories (XSAs).
The security of Qubes OS **is not affected** by these XSAs.
Therefore, **no user action is required**.


XSAs that affect the security of Qubes OS (user action required)


The following XSAs **do affect** the security of Qubes OS:

 - (None)


XSAs that do not affect the security of Qubes OS (no user action required)
--

The following XSAs **do not affect** the security of Qubes OS, and no 
user action is necessary:


 - XSA-368 (DoS only)


Related links
-

 - Qubes Security Pack (qubes-secpack): 
https://www.qubes-os.org/security/pack/
 - Qubes Security Bulletins (QSBs): 
https://www.qubes-os.org/security/bulletins/

 - XSA Tracker: https://www.qubes-os.org/security/xsa/


This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2021/03/18/xsas-released-on-2021-03-18/

--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed27a690-3631-1ae6-3717-88b31cdafa66%40qubes-os.org.


OpenPGP_signature
Description: OpenPGP digital signature


Re: [qubes-users] Replacing the wpa_supplicant wifi daemon with iwd

2021-03-18 Thread 'qtpie' via qubes-users


On 3/18/21 12:46 PM, haaber wrote:
> On 3/3/21 5:19 PM, 'qtpie' via qubes-users wrote:
>> Due to mysterious, unsolvable Wifi issues, I decided to replace the
>> wpa_supplicant wifi daemon with iwd.
>   -- snip --
>> $ dnf remove wpa_supplicant
>> $ echo -e "[device] \nwifi.backend=iwd" | tee -a
>> /etc/NetworkManager/NetworkManager.conf
>> $ systemctl enable iwd.service
>> $ systemctl start iwd.service
>
> interesting. I tried that in my debian-minimal-net but I cannot start
> iwd with systemctl. Errors similar to here
>
>   https://bbs.archlinux.org/viewtopic.php?id=250220
>
> but the proposed "solution" does not work. The thread suggests
>
>   sudo cp /usr/lib/systemd/system/iwd.service /etc/systemd/system/
>
> but that file does simply not exist, so I cannot copy it. So I stopped
> that experiment for the moment. Maybe @unman has a suggestion for a
> well-working debian-based 'minimal' solution without  networkmanager
> and/or   wpa_applicant ?  Best,
>
>

For those who want to stick to NetworkManager, II found out that the

$ systemctl enable iwd.service
$ systemctl start iwd.service

from my initial post, should not be necessary and can cause conflict.
Because NetworkManager is supposed to handle starting iwd, after iwd is
added to the NetworkManager config file.

That networkmanager does not handle iwd correctly, is a known issue with
NetworkManager. We can only wait for it to get updated with future
Fedora releases I guess.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/101

I am now also curious about non-networkmanager alternatives and their
usability though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73c466a3-2c9e-6227-343b-be8197d2b618%40disroot.org.


Re: [qubes-users] HCL - Lenovo P14s (AMD Ryzen 7 Pro 4750U)

2021-03-18 Thread Sven Semmler

Hi Josef,

thank you for sending your HCL report. It is now part of this pull request:

https://github.com/QubesOS/qubes-hcl/pull/53

... and will be merged into the website soon.

/Sven

--
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/631445f7-b512-8d75-adbd-af1f1ebb6455%40SvenSemmler.org.


OpenPGP_signature
Description: OpenPGP digital signature


[qubes-users] large files can't open in DispVM

2021-03-18 Thread Ernesto Dorado Puga
Hi, when I try to open a large video file of 1.6GB into a DispVM I get the 
next error message:



*write: No space left on devicewrite: Connection reset by peerqopen-in-vm: 
Fatal error: send file to dispVM (error type: Connection reset by peer)*

The command I use is:

qvm-run-vm '@dispvm' video.mkv

If I use the same command with a pdf file it works.

I can see a terminal for a moment and then disappear.

Could you confirm me if there is a limit of size of the file that can be 
opened into a DispVM?.

thanks you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bcaa12f0-e22b-4b28-a6a4-9442bc788248n%40googlegroups.com.


Re: [qubes-users] large files can't open in DispVM

2021-03-18 Thread Sven Semmler

On 3/18/21 7:44 PM, Ernesto Dorado Puga wrote:

Could you confirm me if there is a limit of size of the file that can be
opened into a DispVM?.


Yes, it's whatever size you gave to the private volume of the DVM Template.

So let's say your Template is called 'fedora-32-dvm', then open it's 
settings in the Qube Manager. It is like set to 2048 MB. This should be 
enough but depending on what modifications you have done to the template 
the free space in the private volume could be less than 1.6 GB


Easy way to check:

qvm-run fedora-32-dvm xterm

then in the xterm:

df -h

... you will see how much is free and how much is used. Look for /rw

Then shut it down and increase the private size in the settings. Or just 
set it to 20480 anyway. :-) If it's not used it won't take space on your 
hard disk and since the result is disposable anyway it's no concern.


/Sven

--
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a8d1f53-7d5a-d1bc-c882-45f29a0a25ef%40SvenSemmler.org.


OpenPGP_signature
Description: OpenPGP digital signature