[qubes-users] Microphone attached hides reboot needed icon - Minor Bug - Qubes 3.2-rc2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, yesterday I noticed that the reboot needed icon is not visible if you have the microphone attached to a Domain. Regards. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXouRPAAoJEBQTENjj7QilkN4QAJFwKqmWw41IIrkhskax46sH /bn8IOINAXjrWKHL+ySGb0mhc2D18WvozmXtalNrhY6TlTQ+G1f2NWbT+OaGMfb5 05PwHDzOVcWxma57HQYLj7+LDLBGh+po1LWG1tYUrPInGmrJSdW6mtG3nEILCkYe w+2ZFiQmZUqVzsf3f5dKWDL0W6Cti5X5HDDJ12YuBVKFXbQWt9bvK8H+OMYGyIZI +kuCZEQ72uspAAUtd1FOYrSVuddW7mJdc+oAMmgjKbwV7yk4jWfnQT4cvoI4UeML zK16VzzrqlsKWd5TciFl2qWWZt2z5bNRTy5fmLEuwIHg9kFhRrX47JeXwdn4H4uC 22m54/2dMZ4OWyD+eQMeZLeDZUZtFFWn3kBrG7sq2zUgrlJnVvsp5ULQ9uDT+KO8 xRcwFnucpQUb3RZlG1BF+8s+jCbzIRsY5F/6n16EHOJiedfTuYH8GsSydTDtKzkX 16afEJ60c7gOmhHIQLOyhUZb87UFqTWTOtdO20KDKoF3zGza+kLChJhqj3ZfrGK8 d4dgSsSFzM5RwdD2osBgAJJ4usPBSfjY23+uU+tsMZlGCeCaob04pdDAjIzB9IiT UzWP4D1jHdtk/XMXUcf8VrQv5N63DFmAM1k7QRzPpXkxF4D/UzVgj3FqWXRk7VWg 9b8IA7A7s4kYydCXuZ5i =cu7k -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8cef73f2-908d-8565-574a-03749939ffba%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unable to get right X display for kali on HVM
On Monday, August 1, 2016 at 8:58:56 AM UTC-5, NewbieG wrote: > Hello list, > > I'm running Qubes OS 3.1 and I'm trying to have a Kali VM (2016.1). > > I've tried both methods suggested in: > > https://www.qubes-os.org/doc/pentesting/kali/ > > First one, works ok if you run kali from DVD without installing it. If I try > to install it, login window flickers and once logged on, the desktop shows up > 'misplaced' (see attach). I was first able to install and run kali without the above problems, but since Kali is a rolling distribution, I will test it again. > Second one, as someone already pointed out in the list, introduces conflicts > between X packages from kali and X packages from the debian-9 template. For the second method there are two paths, one which uses kali repos directly and another is based on katoolin (which is a helper script). Use the katoolin one, that method works well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9dbf82e6-348a-4937-91f7-e04888e4ada7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question on DMA attacks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-07-15 16:22, Chris Laprise wrote:
> IIRC, this point may be covered by Joanna's blog post re: 'What makes Qubes
> different from ...?'
>
> The main website does sort of lack a concise rundown of Qubes' main
> advantages, such as:
>
> * Simple and strong isolation mechanism, instead of complex permissions in
> monolithic kernels * Safe virtualization of software components that
> normally expose regular hypervisors to exploits (i.e. graphics, copy+paste)
> * Window manager that reliably reflects the security context of running
> apps * Hardware virtualization of risky interfaces such as NICs and USB *
> Overall philosophy of 'protect the core system and non-networked VMs';
> remotely exploited VMs stay contained ('game over' situation unlikely)
>
> Plus secondary advantages: * Template system * Disposable VMs * AEM *
> Trusted document 'sanitizing' * Flexible use of anon networks (Tor, etc.)
>
> Chris
>
Thanks for the feedback. Many of these things were already mentioned on the
Tour page, but many other important features were not, so I've revised that
page accordingly:
https://github.com/QubesOS/qubesos.github.io/commit/c696eaff4edd9d72a30bb5107
49e9bed2f849a54
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJXor5JAAoJENtN07w5UDAwWxkP/jZNi02vVHSiSQNaqR8M89fT
O6hr68OQI+ylto9rVkjZAsbqGpaIko4jMs8fzYng4kfzjm23UW8baZH8ryxBsbcF
B9JB3k+glovBKZs1/U7tn/b59K88y7yteyGE5jwHiYFU2fbUNK7Q/z5uKGIZRu0p
mdnTGyycIps8X4EPAiEY9itRRcy4kdQX3F2zHAxFBNqneWtDxHxXYzQjEQzxvYpy
dyMWNfhq3zCL3oQy0204CwuE91QT/GJj903tdjKlQtSkiEHSUb5QUhTZMLgVfdiZ
uwxj/Dg1d4+ocYr6IaRkVTznpSTX9IXci+Y0DnHEYyFpHI5axauO2GQTwOKLkd+G
bcIzBD5k3KXBND8TM5VT6diidtnIYtqnDoXqmC/YuT0O/8qX2ewPRhfQsmG/jQrI
oOGEMJbEfw1UC52vInpB/Vce3kwEGK689nsSdkp17NsimKbcUTBxbCQbiBwq1Sag
30joPQ9vhzCtPwqxn33aw1aqmJ+wwIXw/CYw2Ff4hIigYbnmbyxLw5MKy06w6BnL
Lk4fq+7+1GU72MQ02G3mObblrjR9+KHu1cD8ToxwhEtkQra0vM+RpTh3tqO02fIw
9/SJh0V/lKfuQLci+GHCCEKTXtuHS/QhyyVqcfcdGSNkotvGzccrxYP2O6RhV/en
LeNVhxlX4OlE2eo1sg+9
=Z7vh
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5cbb4ec7-b160-b071-4e3d-6f95086872bf%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] ssh-agent, gnome-keyring, ed25519 keys
out of the box, fedora23 template, ssh-agent works fine with rsa keys, but not ed25519. could not add identity "/home/user/.ssh/id_ed25519": communication with agent failed running "ssh-agent bash" and then adding both keys works fine. is there a clean way to disable this keyring? its not like we need it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c63ec4be-0dee-4eb5-ba18-4c3e992ff938%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Attaching a webcam from sys-usb to other appvm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-03 11:35, 46h6sk+9aybfqrmo0zwg via qubes-users wrote: > Thank you for the reply. I tried to follow the instructions on the > documentation (as illustrated for the conference AppVM) however that does > not work. I get a message stating - ERROR: qubes-usb-proxy not installed in > the VM - which is not true, I've installed the package and the message is > still displayed. > > What I'm doing wrong? > Which version of qubes-usb-proxy do you have? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXoqQUAAoJENtN07w5UDAw8BIP/2JLzaFWgZjaYnJ5JsGZVPDB IEU+U+FT4y0zl+GxjMapjRVa2CBkGCKJzPvkgYxY3bJ7OLd6M9SxdTwN9ai6p6Ay OfHSHn1sOGsMlTQOaqB0TSUK1rFcn4sDq6SsyqdNing702vzJihTOR/eCvphWFV6 ATmd2Jbr6Ve1I7n9LLlJ2RUKMUyZWWbB23AYfp3Gkthu+6oeoozi977SVBhNAEw2 CwAbBls6dWezfxl3IYNzmA4gTiCmAxyj/c6kNBnMck4v3V840JfhDAe4S0OzlgqQ 0aZR81JGay1l/2T7adcaAgm437kYVcPLx/Zf2rrdrkOWZxP0qEFirVZMff5MA0+c YP2/E+WUYJCDD/VgxJougicOhZwJPKGliClqiKoaZpvmRB+qYs+nsWdIXJko+tRH jjz0t0INAVUyiMdpAVy8fl7PnDaXDOoKgtELbWhAtQAe/9uuNH59qVYqpnJaFM45 32iAnufw9WmyJVzwnsjf5ucAsm9zG7d3z2ml5z7zCOsQx3on+zYQRh7CeunNe38Q 6GCpZYxMEgOkV79f7SHDDNOCN1muBf7Q6Aul/pCwJkhatT/Hu1TuwmbmUH9GUM1F wRv7LE9pJrh2ifdkXQube0Kgpqzr7pAFawOFlAEeGQm1wYXKYDFgl5o6DTV3LlhV BH3acXevE1+TIBPNHynZ =+Ba5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08ded136-127b-9f4f-18fb-1bcd0e81366e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: Windows tools in 3.2 (was: Re: [qubes-users] Re: Battery Life Qubes 3.2 rc2)
On Wednesday, August 3, 2016 at 1:26:37 AM UTC-6, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Tue, Aug 02, 2016 at 07:08:25PM -0700, Peter M wrote: > > One point to note for those running Windows 7 HVM is that Qubes Windows > > Tools 3.2.0.2 seems to be more stable than 3.0.4.1 > > I had issues with the older windows tools in 3.1 but the problems got worse > > in 3.2. The VM would randomly crash. Since updating windows tools it has > > not crashed yet. > > Do you means you have successfully upgraded tools in existing Windows > VM? Or maybe you did fresh install? > > In any case, have you observed any difference in performance of Windows > VM? Especially, if did fresh install, what was Windows installation > time? > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? I successfully upgraded Windows Tools in existing Windows VM. Note that it took 4 tries for me to successfully complete it without crashing. I cloned the VM as backup before doing anything. I have not noticed any significant performance increases, only stability improvement. For me though this is the most critical. I have not had a crash since the upgrade. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd90dfc2-cae1-4447-aaf9-8ffe4541bff8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: black screen after installation v3.1 on dell XPS 15
I have similar issue on XPS. The graphics should work (for me) if you (have and) run older kernel in option. But you can press for example "PageUp" key and enter password. (For me it works) Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d2b2a36-eed1-4b2d-815e-95919c6f21a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] larger font during boot (and on console terminals
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 03, 2016 at 07:14:59PM +0200, Achim Patzner wrote: > Hi! > > > Did anyone (Marek? 8-) ) ever try getting a larger font for text output > from booting to the consoles started later on? i succeeded to add an > option to xen.conf but this setting is lost after the next console reset > during boot and changing vconsole.conf didn't help either. Running into > problems during booting (like after installing Qubes on btrfs) means > deciphering characters of about 1mm in height... You may try something like fbset. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXomJLAAoJENuP0xzK19csgc8H/3y1pkmj/d22xbDKEPC2dyww 3YNYfyi/AJrHmd5OKwek++d1A0F4yzTbrn9pGMH/rzDzB5oGxgvWvBySn+/XnE0H 1PmGzl99nU2uUB8BFM5gUdzWc3TT3jd8ZS0wGHuiAV/5CXwub4MwULK3SPMewPaO G2u7QREa9ffXY9+/CrAAzICYAkVXtn7wUrsrt5mWUMoPgaVdpNDLsAmJRSMMgRVH CIJ8VxwA4Ej1ueo3WhB27jXDBlOqkohu8sJchK0y1gk8hxqXFiuh5zHxC7I3nAvF DPHWMMFNfbqfIvYMFFbOcJFo0UFVAyMsxQDNgwqQu76NcE2ckh0HYwD39Y5671I= =lYam -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160803212946.GS32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] black screen after installation v3.1 on dell XPS 15
Hi, After successful installation, first boot of Qubes. Boot screen and after that grub menu text is visible. Then blinking cursor, and then a black screen. Something wrong with X? Or something needs change in BIOS? thnx! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dfa69a18-36b9-4b5d-98d7-1ae83dfd7e88%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Attach a sound card to a VM.. so I can manually switch over to HVM.
I have been reading through security advisories from the Xen website: https://xenbits.xen.org/xsa/ I haven't gone through them all yet... but so far, not a single one involves breaking into dom0 with HVMs. I think for this reason, QUBES 4.0 is switching over to HVMs. I don't know when QUBES 4.0 is being released. Presumably not soon. So in the mean time, I'd like to manually switch over to HVMs myself using QUBES 3.2-rc2. As far as I can tell, the only thing stopping me is the lack of sound support. I saw over on qubes-devel that you can pass the entire sound card to your HVM, and therefore, you can actually get sound within an HVM. So, I'd like to know how to attach a sound card to a VM. Also let me know if there are any others issues, other than sound, stopping me from manually moving over to HVMs myself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1993a667-ce87-4ea5-9a10-006fe79436e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: PS2 Mouse with adaptor
On Tuesday, August 2, 2016 at 8:57:52 AM UTC-4, Herbies wrote: > Hi, > > Qubes advice to use ps2 mouse and keyboard but is impossible to find one > in local shop. > > I have bought some usb/ps2 adapter to connet usb keyboard and mouse to > my ps2 port. My keyboard is working well, but I have tried several model > of mouse unsuccessfully. > > Do you know the reason because my usb mouses fail to function while > connected to the adapter? > > Any other suggestion? > > Thanks you imo, it is not as important to have pci mouse as it is for keyboard. I just use a usb to pci adapter for keyboard. and Use a usb mouse with the qubes mouse proxy from usbvm. For extra security set lockscreen. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/433a171d-a602-4599-8cb7-7662ff157709%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If Ubuntu's license is keeping us from having a ready-made template...
On Wednesday, August 3, 2016 at 8:00:22 AM UTC-4, Achim Patzner wrote: > Am 03.08.2016 um 13:08 schrieb Marek Marczykowski-Górecki: > > On Wed, Aug 03, 2016 at 12:42:25PM +0200, Achim Patzner wrote: > > > ... what about preparing a Mint template that can be distributed? > > > > That's good question. I guess only that no one added support for it in > > builder-debian plugin (or separate one). > > Hm. Who is that No One I keep hearing so much about lately and what does > it take to convince him to spend some time on it? 8-) > > > Achim probably not enough people care to use ubuntu. Why is it that you want an ubuntu template? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f86f76c1-4ab6-4b49-81d7-0bf3e63cabe2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Attaching a webcam from sys-usb to other appvm
Yes, I'm using Qubes 3.2RC2 Sent using GuerrillaMail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68d7dc9914b7d1945c07604877e2a6805767%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Attaching a webcam from sys-usb to other appvm
On Wed, Aug 3, 2016 at 3:35 PM, 46h6sk+9aybfqrmo0zwg via qubes-users < qubes-users@googlegroups.com> wrote: > Thank you for the reply. I tried to follow the instructions on the > documentation (as illustrated for the conference AppVM) however that does > not work. I get a message stating - ERROR: qubes-usb-proxy not installed in > the VM - which is not true, I've installed the package and the message is > still displayed. > > What I'm doing wrong? > > > May you confirm you are using Qubes release 3.2? > > > > > Sent using GuerrillaMail.com > Block or report abuse: > https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D > > > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/137f3a431aab9bf9f71ab3d8af88094fea39%40guerrillamail.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qB%2BFhGREaUPt0XnCf5xovhKNijseTZLhoedVh0pfkP%3DCQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Attaching a webcam from sys-usb to other appvm
Thank you for the reply. I tried to follow the instructions on the documentation (as illustrated for the conference AppVM) however that does not work. I get a message stating - ERROR: qubes-usb-proxy not installed in the VM - which is not true, I've installed the package and the message is still displayed. What I'm doing wrong? Sent using GuerrillaMail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/137f3a431aab9bf9f71ab3d8af88094fea39%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] larger font during boot (and on console terminals
Hi! Did anyone (Marek? 8-) ) ever try getting a larger font for text output from booting to the consoles started later on? i succeeded to add an option to xen.conf but this setting is lost after the next console reset during boot and changing vconsole.conf didn't help either. Running into problems during booting (like after installing Qubes on btrfs) means deciphering characters of about 1mm in height... Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea368800-ec65-99da-d9ca-409195630573%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Configuring OpenDNS in Qubes
> eth0 is an uplink to sys-net. And /etc/resolv.conf there indeed is > generated, so manual changes will be lost. There is a way to avoid this > using /etc/qubes/protected-files.d/, but I think it isn't the way to go. > Better adjust NetworkManager settings in sys-net, using standard > connection editor GUI. The DNS servers in any other VM are in the end > pointing to what you have in sys-net(*) (using DNAT redirections). > > (*) unless you use Tor/Whonix - in which case those are redirected to > tor process. Thanks for your answer. Does it mean that all VM have to share the same DNS settings (except Tor/Whonix)? What I was trying to do is routing only one of them through OpenDNS, while keeping the rest with my ISP DNS server (and I would like to avoid an HVM just for that). I see I can create a new "NetVM" but I'm not sure if it is full supported. If I create a new one, is the GUI adapted so that I can configure both (sys-net and my custom one)? I prefer to ask before trying it and risking leaving something in an inconsistent state. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e7b7ccac-708d-4c60-8dc6-1493fcf21d15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Android Emulator
On 08/03/2016 11:37 AM, Alex wrote: > It says that to me too, but using an ARM image does work (this message > is just a warning) Oh thanks! I didn't try using an ARM image. If you ever find out how to run an x86 image with Qubes, please let me know. > once disconnected from usbVM and attached to the work AppVM, > it senses the usb reset and does not attach > again until the cable is unplugged and connected again. You might be able to use ADB via TCP. I explained how here: https://github.com/QubesOS/qubes-issues/issues/2202#issuecomment-235937670 Kind Regards, Torsten -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16c8e579-3ccb-0454-77de-bcdc6efcfbbb%40grobox.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Android Emulator
On 08/03/2016 03:35 PM, Torsten Grote wrote: > Hi Alex, > > On 08/03/2016 06:56 AM, Alex wrote: >> You appVMs may vary: in my work vm, where I use 2 IDEs (Android >> Studio and MonoDevelop) + android emulator + firefox + thunderbird, >> I capped at 10GB and it works ok. > > Do you mind explaining how you got the Android Emulator working in > an AppVM? If I try to start one within an AppVM it tells me: > > Your CPU does not support required features (VT-x or SVM). > It says that to me too, but using an ARM image does work (this message is just a warning) - albeit slower than any low-end actual smartphone. x86 images would like to use the virtualization capabilities, so that message becomes an error rather than a warning, and the emulator does not even start. But it's quick and nice for debug; with an usbVM I was able to connect a real smartphone, for further debug; as Marek said in another thread, not all devices work - a low-end Alcatel I bought for debug does work this way, but my Asus Zenfone does not: once disconnected from usbVM and attached to the work AppVM, it senses the usb reset and does not attach again until the cable is unplugged and connected again. TL;DR: use an ARM image, that message is a warning. Or use an actual smartphone, but YMMV. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8939019-6d20-314c-2337-1f11670d3266%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?
W dniu środa, 3 sierpnia 2016 06:15:38 UTC+2 użytkownik Manuel Amador (Rudd-O) napisał: > On 08/02/2016 06:10 PM, grzegorz.chodzi...@gmail.com wrote: > > > > Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g > > gaming motherboards can update itself over Ethernet connection, reinstall > > itself from scratch and sometimes contains a built-in mini-linux. If you do > > not need such bonuses then legacy BIOS will do just fine. > > > > How do you / how can I identify these malevolent mobos? > > > -- > Rudd-O > http://rudd-o.com/ Pretty much any motherboard made by MSI, Asus, Asrock or Gigabyte, especially the ones marketed for gamers. Workstation/server motherboards should be fine though. iPMI is less of an issue on ws/server mobos since it usually runs only over its own separate ethernet controller. Funny story, few weeks ago I helped my friend put together a gaming PC. The motherboard didn't even POST correctly until we connected the ethernet cable so it could update itself. Utterly terrifying. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82dec981-224d-421f-845c-7985950fee33%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Can NOT get Broadcom BCM43602 Wifi Card working , DELL XPS 15 9950- Qubes sys-net freezes/ crashes
Have a Broadcom BCM43602 Wifi Card in my dell xps 15 9950 and I downloaded Qubes Release 3.2-rc2 Problem: I can not connect to the internet cause my wifi card is not working with qubes: "If BCM43602, the wireless card is disabled in BIOS, installation succeeds, and afterwards it's possible to re-enable BCM43602 in BIOS and boot Qubes. However, subsecuantly adding BCM43602 device to the sys-netvm freezes the computer." -my boot setup has VT and VT-d options activated how can I make my network function ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6d4b4ba-681d-4826-a1fb-45dbb5ed147e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Configuring OpenDNS in Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 03, 2016 at 06:50:21AM -0700, m...@lamarciana.com wrote: > > Are you using NetworkManager in that ProxyVM? > > I assigned "network-manager" service through "Qubes VM Manager" to my debian > standalone ProxyVM, but I see this disappears once I start and shutdown the > machine... I tried again to be sure and I can reproduce the issue. I will > inspect it further and open a Qubes issue if needed. > > But, anyway, I changed my ProxyVM to use fedora template (still standalone): > Then, "network-manager" survives after reboot, but not the content in > "/etc/resolv.conf"... But, in fedora template this file has an interesting > hint: > > # Generated by NetworkManager > > I think this confirms my fears that /etc/resolv.conf should not be edited by > hand... > > I tried then to edit file > /etc/NetworkManager/system-connections/qubes-uplink-eth0 and added OpenDNS > IP's in "[ipv4]" section but changes are lost after reboot (I'm not using > ethernet cable but wifi, but there is no other file. Furthermore, "ifconfig" > only shows loop and eth0, but I suppose there is some kind of delegation to > sys-net for that). eth0 is an uplink to sys-net. And /etc/resolv.conf there indeed is generated, so manual changes will be lost. There is a way to avoid this using /etc/qubes/protected-files.d/, but I think it isn't the way to go. Better adjust NetworkManager settings in sys-net, using standard connection editor GUI. The DNS servers in any other VM are in the end pointing to what you have in sys-net(*) (using DNAT redirections). (*) unless you use Tor/Whonix - in which case those are redirected to tor process. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXofgJAAoJENuP0xzK19csN7cH/A1gNpFZfoV1Ta7KolWAVCjF wJuEpj1reXjD/+fc5aO7jvlJCUDWgMIuGPbqCdE0QFEOjbUS/KdyJIONh2+AGnjf 6CrIflZI4ii0lOHglslVaRpK0WqbfonlPoTb6Swo0FmDJh6yI26tc6xdn0zjRU6Y B0ZVfUCDVow55Ta8Nm+XLtB1HInS0yx3WKOXff5uVvPJVbDVzsq/SncOmNiQjdU3 SmEwJoHNFel3LpUR0l3CHvSm3Bls4NDiWnmOSTn7X6wSXnqOEGWaeB8psy9VI+8W jVDLlX9+7Jca5zSexQTYAjwDy9x73SfzsXQQnRkAV/iNO1ZAK+pj3p5qdqZsPYg= =VOop -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160803135624.GO32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Configuring OpenDNS in Qubes
> Are you using NetworkManager in that ProxyVM? I assigned "network-manager" service through "Qubes VM Manager" to my debian standalone ProxyVM, but I see this disappears once I start and shutdown the machine... I tried again to be sure and I can reproduce the issue. I will inspect it further and open a Qubes issue if needed. But, anyway, I changed my ProxyVM to use fedora template (still standalone): Then, "network-manager" survives after reboot, but not the content in "/etc/resolv.conf"... But, in fedora template this file has an interesting hint: # Generated by NetworkManager I think this confirms my fears that /etc/resolv.conf should not be edited by hand... I tried then to edit file /etc/NetworkManager/system-connections/qubes-uplink-eth0 and added OpenDNS IP's in "[ipv4]" section but changes are lost after reboot (I'm not using ethernet cable but wifi, but there is no other file. Furthermore, "ifconfig" only shows loop and eth0, but I suppose there is some kind of delegation to sys-net for that). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8c7338b-90a9-484f-8d0f-1153aa04b73e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Android Emulator (was: 3.2 RC - which VM settings?)
Hi Alex, On 08/03/2016 06:56 AM, Alex wrote: > You appVMs may vary: in my work vm, where I use 2 IDEs (Android Studio > and MonoDevelop) + android emulator + firefox + thunderbird, I capped at > 10GB and it works ok. Do you mind explaining how you got the Android Emulator working in an AppVM? If I try to start one within an AppVM it tells me: Your CPU does not support required features (VT-x or SVM). This worked fine though when running on bare metal. I guess these CPU features are not exposed to AppVMs, so I am very interested to learn how you solved that problem. Thanks and Kind Regards, Torsten -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d122fe8c-a4f6-237a-0083-41a2ab48f6c7%40grobox.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] How do I get Alt-gr button to work when using swedish keyboarld layout?
On 08/03/2016 02:05 PM, Fredrik wrote: > AS the title indicates when I use Swedish keyboard layout the "alt gr" button > does not work. How do I get this key to work? > For me it has worked with QubesOS R2 (KDE,XFCE), R3 (KDE,XFCE) and now R3.2-rc2 (XFCE) out of the box. For instance Alt Gr+E gives the Euro sign (€) and Alt Gr+0 (}) as expected. I using Generic 105-key (Intl) PC model and layout "Swedish" with my Dell laptop Swedish keyboard. Cheers, Markus -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9285ff58-5e71-52a1-4a2c-49005591ebbf%40xn--kils-soa.se. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: AppVMs using ProxyVM having DNS problems some days
On 08/03/2016 09:31 AM, Marek Marczykowski-Górecki wrote: > On Mon, Aug 01, 2016 at 08:31:12AM +0200, David Hobach wrote: > > >> On 07/31/2016 10:05 AM, Markus Kilås wrote: >>> On 02/28/2016 04:13 PM, Markus Kilås wrote: Hi, I am experiencing an issue with DNS queries in my AppVMs in R3.0. Sometimes after booting up, the AppVMS that are connected to sys-firewall are unable to do DNS lookups: user@untrusted ~]$ dig qubes-os.org ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> qubes-os.org ;; global options: +cmd ;; connection timed out; no servers could be reached The same command works in sys-firewall and netvm and any AppVM connected directly to the netvm but not when going through sys-firewall. There are no firewall rules added in the Qubes VM Manager and changing to allow all network traffic for 5 minutes makes no difference. Besides DNS lookups not working, the networking is working: [user@untrusted ~]$ ping 104.25.119.5 PING 104.25.119.5 (104.25.119.5) 56(84) bytes of data. 64 bytes from 104.25.119.5: icmp_seq=1 ttl=56 time=31.4 ms If I manually change the nameserver to the same as in sys-firewall the resolving works also in the AppVM: With IP from /etc/resolve.conf (sys-firewall): [user@untrusted ~]$ dig @10.137.2.1 qubes-os.org ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.2.1 qubes-os.org ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached Instead with the netvm IP: [user@untrusted ~]$ dig @10.137.5.1 qubes-os.org ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.5.1 qubes-os.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5804 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;qubes-os.org. IN A ;; ANSWER SECTION: qubes-os.org. 127 IN A 104.25.119.5 qubes-os.org. 127 IN A 104.25.118.5 ;; Query time: 11 msec ;; SERVER: 10.137.5.1#53(10.137.5.1) ;; WHEN: Sun Feb 28 16:03:09 CET 2016 ;; MSG SIZE rcvd: 73 Any idea what is going on here? > >> Very similar issues here... > > I think it's this issue: > https://github.com/QubesOS/qubes-issues/issues/1067 > >>> I think I solved this now. >>> >>> After re-installing with V3.2-rc2 and restoring my VMs (including my old >>> netvm) I still had this problem from time to time. >>> >>> So what I did was to start use the new sys-net VM as NetVM instead of my >>> restored old netvm (I manually copied over the network manager config, >>> private keys, certificates etc from the old VM to not have to >>> reconfigure that). >>> >>> Since then, so far I have not seen the issue again. > >> I had renamed the sys-firewall VM back to its old "firewallvm" name using >> Qubes manager after a fresh 3.1rc2 install (otherwise restoring my backup >> wouldn't have worked: "could not find referenced firewallvm" ...). > > Enable option "ignore missing" during backup restoration. This will use > default VMs in place of missing ones (default netvm, default template > etc). > >> Maybe the >> sys-firewall name is hardcoded somewhere? I guess I'll test renaming it back >> again soon... > > It shouldn't matter. > > My guess was not that the issue was with the name but rather that my restored netvm had some configuration (or similar) issue preventing the resolving from working in some situations. I have no idea if that makes sense or not, it was just a hypothesis of mine. But the fact for me is that since I switched to use the stock sys-net VM I haven't had the problem a single time yet. Cheers, Markus -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/584dcbfc-108f-b0d2-e3e3-94e5534e670a%40xn--kils-soa.se. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Making archlinux template: on make autoreconf not found but it is installed
2016-08-03 12:11 GMT+00:00 Facundo Curti : > El miércoles, 3 de agosto de 2016, 7:49:33 (UTC), donoban escribió: > > On 08/03/2016 07:23 AM, Facundo Curti wrote: > > > El martes, 2 de agosto de 2016, 12:25:38 (UTC), Facundo Curti > escribió: > > >> Hi there. Someone can help me? > > >> I'm trying to make an archlinux template on qubes 3.2. But i'm having > troubles to compile. > > >> > > >> When I do: > > >> $ make vmm-xen-vm > > >> > > >> I get: > > >> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command > not found > > >> > > >> But autoreconf is already installed: > > >> $ whereis autoreconf > > >> autoreconf: /usr/bin/autoreconf /usr/share/man/man1/autoreconf.1.gz > > >> > > >> Here is the complete output: > > >> > > >> [user@development qubes-builder]$ make vmm-xen-vm > > >> Currently installed dependencies: > > >> git-2.5.5-1.fc23.x86_64 > > >> rpmdevtools-8.9-1.fc23.noarch > > >> rpm-build-4.13.0-0.rc1.13.fc23.x86_64 > > >> createrepo-0.10.3-3.fc21.noarch > > >> debootstrap-1.0.81-1.fc23.noarch > > >> dpkg-dev-1.17.25-6.fc23.noarch > > >> python-sh-1.11-1.fc23.noarch > > >> dialog-1.3-4.20160424.fc23.x86_64 > > >> --> Archlinux dist-prepare-chroot (makefile): > > >> --> Checking mounting of dev/proc/sys on build chroot... > > >> --> Synchronize resolv.conf, in case it changed since last run... > > >> -> Building vmm-xen (archlinux) for archlinux vm (logfile: > build-logs/vmm-xen-vm-archlinux.log) > > >> --> build failed! > > >> ==> Retrieving sources... > > >> -> Found xen-4.6.1.tar.gz > > >> -> Found series-vm.conf > > >> -> Found apply-patches > > >> ==> WARNING: Skipping all source file integrity checks. > > >> ==> Extracting sources... > > >> -> Extracting xen-4.6.1.tar.gz with bsdtar > > >> bsdtar: Failed to set default locale > > >> ==> Starting build()... > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/qemu-tls-1.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/qemu-tls-2.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.qubes/xen-shared-loop-losetup.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.qubes/xen-no-downloads.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.qubes/xen-hotplug-external-store.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.qubes/xen-tools-qubes-vm.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/libxc-fix-xc_gntshr_munmap-semantic.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/libvchan-Fix-cleanup-when-xc_gntshr_open-failed.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/0101-libvchan-create-xenstore-entries-in-one-transaction.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/0001-configure-Fix-when-no-libsystemd-compat-lib-are-avai.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/0001-libxc-prefer-using-privcmd-character-device.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/0001-tools-hotplug-Add-native-systemd-xendriverdomain.ser.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.security/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.libxl/0001-libxl-trigger-attach-events-for-devices-attached-bef.patch > > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > ./patches.misc/0001-systemd-use-standard-dependencies-for-xendriverdomai.patch > > >> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command > not found > > >> ==> ERROR: A failure occurred in build(). > > >> Aborting... > > >> > /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: > recipe for target 'dist-package' failed > > >> make[2]: *** [dist-package] Error 2 > > >> Makefile.generic:139: recipe for target 'packages' failed > > >> make[1]: *** [packages] Error 1 > > >> Makefile:208: recipe for target 'vmm-xen-vm' failed > > >> make: *** [vmm-xen-vm] Error 1 > > >> > > >> > > >> Some ideas? :P > > > > > > Someone? :S > > > I'm still having the problem. I tried making everything from fresh in > a new VM, but i get the same error :P > > > > > > > I have never tried to build a template but if this could help... > > > > If the script can't find the autoreconf binary maybe it has a bad PATH > > or it's being executed in a chroot/VM where autoreconf doesn't exist... > > > > You could try to add some debug lines before the error, try to dump the > > value of PATH. If PATH is right, try to determine if it's being executed > > on a chroot or VM and if it has autoreconf installed in. > > > > Look at the code of: > > --> Archlinux dist-prepare-chroot (makefile): > > > > It seems
Re: [qubes-users] Re: Making archlinux template: on make autoreconf not found but it is installed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/03/2016 02:11 PM, Facundo Curti wrote:
>
> Thank you man! I solved the error making this: sudo chroot
> chroot-archlinux
>
> then, inside the chroot: pacman -S autoconf
>
> Now I have another error:
>
>> perl: warning: Setting locale failed. perl: warning: Please check
>> that your locale settings: LANGUAGE = (unset), LC_ALL = (unset),
>> LANG = "en_US.UTF-8" are supported and installed on your system.
>> perl: warning: Falling back to the standard locale ("C").
>
> But I will try to solve it inside chroot again. If I have troubles
> with this, i will let you know. Thanks men!
>
Nice to hear. You will get it :)
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXoeTZAAoJEBQTENjj7QilJh0P/2e9fGldDrX/bGswxNq8E0pq
QvKBhg1iVTlG/4tOfZVuXoRr8FRkymqJKx6MNJdWQtov1i/dSpLt3J94KfYbO7FB
/CN3UWjwSJC8OBTs7jNdFXArUu0ouSiOq2436NzTPRVd7Wu03defZutP230k2q7E
YTUoohlzNw32w0W3EfotE0ipa3qwZ+OPOpdjXtAa8szKvxkH9CLvEt33tOmXp2jm
T9uxjKboUUBLHduwTAgWrjkqZUiRKdjg8gxUUGh/PYUYSYeF0oO0jsd+DNPa10DF
CKAXqCEnKJ9vgIHawU+yuCr3GKCaQHdH/io2k8JsFhaPQRHydJymxSxjusJQMojK
ScdTL/oYfdwGF2lqk0JDU5Hu/sD+Is1iUx6uYTwQi40QtL18+z6/YIQNxpmTNP/a
xgFavz22PHoWvW5JoSNo5MZ2wWlJp2rz8DErnH7dDNEqMFUbFoY/PRHzg/uQu1Pi
nTu+4LUE77OOxRpIp66djTlmxEGoQmLJkG6mAX6UTfGKqoSGZhY8EMw7pbfdeGrj
Vz99QIVM2/AkW2Zi4nSodn0wVa0Iv4c6r2w0PQeYqnQvNE3tlXQ69Rjn/ryOfRv0
NNVqGdC665rl2p4GiOAJkLCDN5UNO8uKfKYrX/uM0vwq2fHZ2y8LwIRmch4Xpbk3
nt1PnRFUOhtAi3Rw8HmY
=bX/Q
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/471297e2-2c90-b7f3-f48d-1c7ccbb77a65%40riseup.net.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Making archlinux template: on make autoreconf not found but it is installed
El miércoles, 3 de agosto de 2016, 7:49:33 (UTC), donoban escribió: > On 08/03/2016 07:23 AM, Facundo Curti wrote: > > El martes, 2 de agosto de 2016, 12:25:38 (UTC), Facundo Curti escribió: > >> Hi there. Someone can help me? > >> I'm trying to make an archlinux template on qubes 3.2. But i'm having > >> troubles to compile. > >> > >> When I do: > >> $ make vmm-xen-vm > >> > >> I get: > >> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not > >> found > >> > >> But autoreconf is already installed: > >> $ whereis autoreconf > >> autoreconf: /usr/bin/autoreconf /usr/share/man/man1/autoreconf.1.gz > >> > >> Here is the complete output: > >> > >> [user@development qubes-builder]$ make vmm-xen-vm > >> Currently installed dependencies: > >> git-2.5.5-1.fc23.x86_64 > >> rpmdevtools-8.9-1.fc23.noarch > >> rpm-build-4.13.0-0.rc1.13.fc23.x86_64 > >> createrepo-0.10.3-3.fc21.noarch > >> debootstrap-1.0.81-1.fc23.noarch > >> dpkg-dev-1.17.25-6.fc23.noarch > >> python-sh-1.11-1.fc23.noarch > >> dialog-1.3-4.20160424.fc23.x86_64 > >> --> Archlinux dist-prepare-chroot (makefile): > >> --> Checking mounting of dev/proc/sys on build chroot... > >> --> Synchronize resolv.conf, in case it changed since last run... > >> -> Building vmm-xen (archlinux) for archlinux vm (logfile: > >> build-logs/vmm-xen-vm-archlinux.log) > >> --> build failed! > >> ==> Retrieving sources... > >> -> Found xen-4.6.1.tar.gz > >> -> Found series-vm.conf > >> -> Found apply-patches > >> ==> WARNING: Skipping all source file integrity checks. > >> ==> Extracting sources... > >> -> Extracting xen-4.6.1.tar.gz with bsdtar > >> bsdtar: Failed to set default locale > >> ==> Starting build()... > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/qemu-tls-1.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/qemu-tls-2.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.qubes/xen-shared-loop-losetup.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.qubes/xen-no-downloads.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.qubes/xen-hotplug-external-store.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.qubes/xen-tools-qubes-vm.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/libxc-fix-xc_gntshr_munmap-semantic.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/libvchan-Fix-cleanup-when-xc_gntshr_open-failed.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/0101-libvchan-create-xenstore-entries-in-one-transaction.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/0001-configure-Fix-when-no-libsystemd-compat-lib-are-avai.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/0001-libxc-prefer-using-privcmd-character-device.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/0001-tools-hotplug-Add-native-systemd-xendriverdomain.ser.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.security/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.libxl/0001-libxl-trigger-attach-events-for-devices-attached-bef.patch > >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i > >> ./patches.misc/0001-systemd-use-standard-dependencies-for-xendriverdomai.patch > >> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not > >> found > >> ==> ERROR: A failure occurred in build(). > >> Aborting... > >> /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: > >> recipe for target 'dist-package' failed > >> make[2]: *** [dist-package] Error 2 > >> Makefile.generic:139: recipe for target 'packages' failed > >> make[1]: *** [packages] Error 1 > >> Makefile:208: recipe for target 'vmm-xen-vm' failed > >> make: *** [vmm-xen-vm] Error 1 > >> > >> > >> Some ideas? :P > > > > Someone? :S > > I'm still having the problem. I tried making everything from fresh in a new > > VM, but i get the same error :P > > > > I have never tried to build a template but if this could help... > > If the script can't find the autoreconf binary maybe it has a bad PATH > or it's being executed in a chroot/VM where autoreconf doesn't exist... > > You could try to add some debug lines before the error, try to dump the > value of PATH. If PATH is right, try to determine if it's being executed > on a chroot or VM and if it has autoreconf installed in. > > Look at the code of: > --> Archlinux dist-prepare-chroot (makefile): > > It seems that it uses a chroot where doing the build. Try to find it. Thank you man! I solved the error making this: sudo chroot chroot-
[qubes-users] How do I get Alt-gr button to work when using swedish keyboarld layout?
AS the title indicates when I use Swedish keyboard layout the "alt gr" button does not work. How do I get this key to work? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7316d58a-d1e0-47b5-a897-1881927ab44f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If Ubuntu's license is keeping us from having a ready-made template...
Am 03.08.2016 um 13:08 schrieb Marek Marczykowski-Górecki: > On Wed, Aug 03, 2016 at 12:42:25PM +0200, Achim Patzner wrote: > > ... what about preparing a Mint template that can be distributed? > > That's good question. I guess only that no one added support for it in > builder-debian plugin (or separate one). Hm. Who is that No One I keep hearing so much about lately and what does it take to convince him to spend some time on it? 8-) Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/433b8e56-d677-7d46-430b-f110b7925ebd%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If Ubuntu's license is keeping us from having a ready-made template...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 03, 2016 at 12:42:25PM +0200, Achim Patzner wrote: > ... what about preparing a Mint template that can be distributed? That's good question. I guess only that no one added support for it in builder-debian plugin (or separate one). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXodC4AAoJENuP0xzK19csDVwH/1nOvXOz2R2BDQdOabLhdGeX EU2mEwamG2aIqT2tjovFFNcMoIC/wACo8HzOo2mVRflxqNOkJVEsMo942KeATUVt Nsb0YImvOlaB7Go3C2bl9/ZhEHbPluqqGVl75UmrruM4ESVPs3aLbG2e0kOZbhg5 /TlQS9KToUsTPcAW2cLsiLGJyW28c6iWgX9QlQ1Q9IjFQifXIJHI8lObu2FwfexA kFM9d2bnfVraE64x0qIm9bYba63v0SHcAsw/XjiTVF+oSpzvVGurKiyKgw5glAWJ LWSrdpGOw/tS7Gto4Og+8nVURpXjwYs/dDnCBuyF2Uh/fWFzQ31OUZGtvmSdRgc= =CHi4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160803110839.GN32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] If Ubuntu's license is keeping us from having a ready-made template...
... what about preparing a Mint template that can be distributed? Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ac396bf-19ea-fb7a-8ce8-8f2f803ecd6d%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question about Whonix / Tor Browser / exploits
neilhard...@gmail.com: > So you're saying that you can run an entire Xen exploit without installing > anything to the hard drive at all... Just purely run it in the RAM itself. Well, most GNU/Linux systems have a /tmp/ partition, which acts like a hard drive but is backed by RAM. So even if you removed the emulated hard drive from a Xen VM, I assume the /tmp/ partition could still be used by a hypothetical Firefox exploit much the same way that the hard drive could. I suppose removing the emulated hard drive might reduce the attack surface a bit, for the specific case of vulnerabilities in Xen's hard drive emulation code. I'm not a Xen expert by any means. Marek or one of the other Qubes devs would presumably be able to give a better answer than I can. > And what do you think about Selfrando..? > > Is this going to fix browser exploits once and for all, or will it just fall > to hackers..? Quoting the blogpost that you quoted: "This makes it much harder for someone to construct a reliable attack" AFAICT No one is claiming that Selfrando will "fix browser exploits once and for all", but they are claiming that, if it works as intended, it should increase the cost of attacks significantly. Defense in depth is a useful approach. Hence why it might make sense to use Xen, AppArmor, and Selfrando together, so that if a subset of them fail, you may still survive. Cheers, -Jeremy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/979507bf-d1f9-b8db-5b9f-812b37256706%40airmail.cc. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Re: x201t not compatible
On Tuesday, August 2, 2016 at 11:44:43 AM UTC-7, Bill Wether wrote: > Try disabling VT-d in the BIOS. It's a common Lenovo problem. > > Cheers > > BillW ok, i totally missed https://www.qubes-os.org/doc/thinkpad_x201/ thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aacc1181-0e9a-47e6-9469-528cb76c9ce3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3.2 RC - which VM settings?
On Wednesday, August 3, 2016 at 10:56:37 AM UTC+1, Alex wrote: > On 08/03/2016 11:39 AM, JPL wrote: > > [...] > > Can someone tell me what difference the following settings will > > make: > > > > - Initial memory min / max. I'm going for 500/3000 fo0r all as I have > > 8GB memory. Reasonable? > Don't overprovision for system-related VMs. A netVM will rarely need > more than 1GB, same for firewallVM. > > You appVMs may vary: in my work vm, where I use 2 IDEs (Android Studio > and MonoDevelop) + android emulator + firefox + thunderbird, I capped at > 10GB and it works ok. My workstation has 32GB ram. > > > - VCPUs - defaults to 2 but I can pick a maximum of 8. Which should I > > choose (processor is Intel i7)? > Don't overprovision vCPUs: the hypervisor will have to find *that many* > cores free at the same time to run your VM, and that's why VMWare > recommends 1vCPU for every VM on their ESX/ESXi infrastructure that you > can upgrade to 2 if needed. > > I am against giving more than 2 vCPUs per VM in Qubes, and I recommend > careful experiments when tweaking this value (increment by 1 and test > with your actual workload, if there are performance gains or losses). > > > - Tickbox for include in memory balancing. What difference does this > > make? Should I tick it for all VMs? > You cannot have memory balancing enabled for VMs with devices attached; > apart from that, there's no actual reason to allocate fixed amounts of > RAM for you VMs. Say, you dedicated 10GB out of 16 to one important VM, > but now you're just upgrading your templates with all the appVMs turned > off, and you'd like the templates to benefit of all available memory > without having to manually correct allocations. Or you just closed your > personal Firefox instance to gain a little room for a big compilation in > the work AppVM. > > TL;DR: I think the defaults provided in Qubes are reasonably ok, and > while they may be changed if needed, changes should be tested carefully > - knobs are inter-dependent, and giving "more" of any one may actually > reduce performance overall, or for specific tasks. > > -- > Alex Thanks for the detailed answer Alex. Makes sense now. Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/550d9430-3084-4e10-b7c7-7abda108d8b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question about Whonix / Tor Browser / exploits
So you're saying that you can run an entire Xen exploit without installing anything to the hard drive at all... Just purely run it in the RAM itself. Wow. And what do you think about Selfrando..? Is this going to fix browser exploits once and for all, or will it just fall to hackers..? https://blog.torproject.org/blog/selfrando-q-and-georg-koppen "Selfrando randomizes Tor browser code to ensure that an attacker doesn't know where the code is on your computer. This makes it much harder for someone to construct a reliable attack--and harder for them to use a flaw in your Tor Browser to de-anonymize you." http://news.softpedia.com/news/tor-browser-integrates-tool-to-fend-off-deanonymization-exploits-505418.shtml "While ASLR takes code and shifts the memory location in which it runs, Selfrando works by taking each code function separately and randomizing the memory address at which it runs. If the attacker cannot predict the memory position at which pieces of code execute, then they cannot trigger memory corruption bugs that usually allow them to run rogue code inside the Tor Browser" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d402e4ba-03b6-45b8-a0e8-381198bedbfd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3.2 RC - which VM settings?
On 08/03/2016 11:39 AM, JPL wrote: > [...] > Can someone tell me what difference the following settings will > make: > > - Initial memory min / max. I'm going for 500/3000 fo0r all as I have > 8GB memory. Reasonable? Don't overprovision for system-related VMs. A netVM will rarely need more than 1GB, same for firewallVM. You appVMs may vary: in my work vm, where I use 2 IDEs (Android Studio and MonoDevelop) + android emulator + firefox + thunderbird, I capped at 10GB and it works ok. My workstation has 32GB ram. > - VCPUs - defaults to 2 but I can pick a maximum of 8. Which should I > choose (processor is Intel i7)? Don't overprovision vCPUs: the hypervisor will have to find *that many* cores free at the same time to run your VM, and that's why VMWare recommends 1vCPU for every VM on their ESX/ESXi infrastructure that you can upgrade to 2 if needed. I am against giving more than 2 vCPUs per VM in Qubes, and I recommend careful experiments when tweaking this value (increment by 1 and test with your actual workload, if there are performance gains or losses). > - Tickbox for include in memory balancing. What difference does this > make? Should I tick it for all VMs? You cannot have memory balancing enabled for VMs with devices attached; apart from that, there's no actual reason to allocate fixed amounts of RAM for you VMs. Say, you dedicated 10GB out of 16 to one important VM, but now you're just upgrading your templates with all the appVMs turned off, and you'd like the templates to benefit of all available memory without having to manually correct allocations. Or you just closed your personal Firefox instance to gain a little room for a big compilation in the work AppVM. TL;DR: I think the defaults provided in Qubes are reasonably ok, and while they may be changed if needed, changes should be tested carefully - knobs are inter-dependent, and giving "more" of any one may actually reduce performance overall, or for specific tasks. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/80d677c4-8473-3e6a-c861-c9b46797260d%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] 3.2 RC - which VM settings?
A clean install of 3.2 failed at the configuration stage so I am creating and configuring the sys-net, sys-firewall sys-whonix and all appVMs manually. Can someone tell me what difference the following settings will make: - Initial memory min / max. I'm going for 500/3000 fo0r all as I have 8GB memory. Reasonable? - VCPUs - defaults to 2 but I can pick a maximum of 8. Which should I choose (processor is Intel i7)? - Tickbox for include in memory balancing. What difference does this make? Should I tick it for all VMs? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9372c838-cbb8-404c-a1e1-09fd84000908%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Upgrading from Qubes 3.1 to 3.2 fail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/03/2016 09:35 AM, donoban wrote: > The only think that I did on both install was installing Xfce > after the default KDE install > Ah and I removed the fedora templates -_- -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXoaXhAAoJEBQTENjj7QiltWIP/0KtMn38RUQDdNnkqT9nyVDX oRcty9OwAbskp/AHAxAuFyGbL5aKibqzn7Z9NL99QC55/wKne90XPVU7WjYcXuIy 2JRxIZvn+dA0X2clpEpxiyL0CyXXxh3u0NGBUgWcufOjVHZ9mF+9XDE/70Bac4A+ ItkLod2aRHVVMAI2x9/K7Fk1GFzLN7KL3FwUp+aGtz2oBVTETN40DNzEk9PvtVCA YNeQxvXoCdkOiXOhgsymGXCxJEI3RRt7x7HVPaqy/3TKpTaQrTN6IJN4uOYsM8K3 Gokgi3lUEJHEiNq0rsIqSHee7E4VXPTO54LtPMPFSZWaHc45yeViNyPIBGoMQtzs 2mnFO4IEaktBkjuMFJCZ54DjgueiuJPtcQDALCzFhGV32oDMyL/pyGpqTTP2usa9 xGpN7Owtk9F/yLDcWXwHBfCAqUcz/DhTY2qP0dAD7CBHq/liff4rJZHgWXnqwBf9 Lq78KE4Er5/ogQ8bGsn+G9dzT9gZziuvkX9mgI12Z9sl407fQiRQhS3SRim+Pp8K o+O5sMGgBgU7fo8+2wKGZ1BWeUckt5XIbnOvUSK6UaX7l8QiZ6Qhqp1Jh5OqWcOp kWhlzAXo0uWuAskTJ1W1JsA8AsbsqEVTcfsWci7+4w5GMErypS8Ny716EJg2aumt 005OaS8W2YMwDQkVqjSK =eSwx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a7fc8a0d-ac60-2d97-d5ad-df04ead2237a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Making archlinux template: on make autoreconf not found but it is installed
On 08/03/2016 07:23 AM, Facundo Curti wrote: > El martes, 2 de agosto de 2016, 12:25:38 (UTC), Facundo Curti escribió: >> Hi there. Someone can help me? >> I'm trying to make an archlinux template on qubes 3.2. But i'm having >> troubles to compile. >> >> When I do: >> $ make vmm-xen-vm >> >> I get: >> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not found >> >> But autoreconf is already installed: >> $ whereis autoreconf >> autoreconf: /usr/bin/autoreconf /usr/share/man/man1/autoreconf.1.gz >> >> Here is the complete output: >> >> [user@development qubes-builder]$ make vmm-xen-vm >> Currently installed dependencies: >> git-2.5.5-1.fc23.x86_64 >> rpmdevtools-8.9-1.fc23.noarch >> rpm-build-4.13.0-0.rc1.13.fc23.x86_64 >> createrepo-0.10.3-3.fc21.noarch >> debootstrap-1.0.81-1.fc23.noarch >> dpkg-dev-1.17.25-6.fc23.noarch >> python-sh-1.11-1.fc23.noarch >> dialog-1.3-4.20160424.fc23.x86_64 >> --> Archlinux dist-prepare-chroot (makefile): >> --> Checking mounting of dev/proc/sys on build chroot... >> --> Synchronize resolv.conf, in case it changed since last run... >> -> Building vmm-xen (archlinux) for archlinux vm (logfile: >> build-logs/vmm-xen-vm-archlinux.log) >> --> build failed! >> ==> Retrieving sources... >> -> Found xen-4.6.1.tar.gz >> -> Found series-vm.conf >> -> Found apply-patches >> ==> WARNING: Skipping all source file integrity checks. >> ==> Extracting sources... >> -> Extracting xen-4.6.1.tar.gz with bsdtar >> bsdtar: Failed to set default locale >> ==> Starting build()... >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/qemu-tls-1.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/qemu-tls-2.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.qubes/xen-shared-loop-losetup.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.qubes/xen-no-downloads.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.qubes/xen-hotplug-external-store.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.qubes/xen-tools-qubes-vm.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/libxc-fix-xc_gntshr_munmap-semantic.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/libvchan-Fix-cleanup-when-xc_gntshr_open-failed.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/0101-libvchan-create-xenstore-entries-in-one-transaction.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/0001-configure-Fix-when-no-libsystemd-compat-lib-are-avai.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/0001-libxc-prefer-using-privcmd-character-device.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/0001-tools-hotplug-Add-native-systemd-xendriverdomain.ser.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.security/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.libxl/0001-libxl-trigger-attach-events-for-devices-attached-bef.patch >> + patch -s -F0 -E -p1 --no-backup-if-mismatch -i >> ./patches.misc/0001-systemd-use-standard-dependencies-for-xendriverdomai.patch >> /home/user/qubes-src/vmm-xen/PKGBUILD: line 49: autoreconf: command not found >> ==> ERROR: A failure occurred in build(). >> Aborting... >> /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: >> recipe for target 'dist-package' failed >> make[2]: *** [dist-package] Error 2 >> Makefile.generic:139: recipe for target 'packages' failed >> make[1]: *** [packages] Error 1 >> Makefile:208: recipe for target 'vmm-xen-vm' failed >> make: *** [vmm-xen-vm] Error 1 >> >> >> Some ideas? :P > > Someone? :S > I'm still having the problem. I tried making everything from fresh in a new > VM, but i get the same error :P > I have never tried to build a template but if this could help... If the script can't find the autoreconf binary maybe it has a bad PATH or it's being executed in a chroot/VM where autoreconf doesn't exist... You could try to add some debug lines before the error, try to dump the value of PATH. If PATH is right, try to determine if it's being executed on a chroot or VM and if it has autoreconf installed in. Look at the code of: --> Archlinux dist-prepare-chroot (makefile): It seems that it uses a chroot where doing the build. Try to find it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/
Re: [qubes-users] Upgrading from Qubes 3.1 to 3.2 fail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/02/2016 10:57 PM, Marek Marczykowski-Górecki wrote: > > Could you paste also list of packages in dom0 (rpm -qa)? This > should allow me to reproduce the problem. > > Yes Marek! Here is it: https://paste.debian.net/786712 The only think that I did on both install was installing Xfce after the default KDE install (or maybe xfce was already installed?), I am not sure. I hope it helps. Regards. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXoZ7RAAoJEBQTENjj7Qilfc0QAKpIVEqvw7I6OkaWTA3zY2f9 kVZ778K5sQJ3JqxU9mtoJ8uwzloUzVJUrFBLlDwsZ9bP1X7stGL+kZulyxlAMGjK AoX6DcKg6WVVtS1uZ8J6GSnos1IRvALbq5Vo8Gdz3wPtoPYnnMwxBXPpoJ6ON7v2 9dI70eXfzukzwYNzAbhx3x0eKeiMojS4zPtybRCW2I5upKvXyEZOWoQjrXvHnG4Y kTxU33O7KEyhaM7jmgOTNU6If8ufgvNySONLttTDyUvjqDxc3CAKYoFqQbvVwL+x oLmTigv5BZ/6Wgld/xlJIMyTocC1rTV21ZzahVkid8DGnvL8/U1H6sAE6a9VJbJ/ LT9jrRPFzN1QzAQ6BfGXdL3ZRmdNUc8tSainNniCO1b96c0qYOPw56lHZabqmLsV P9MR4L966DL1vhOxgg0QhJI5r4hf72P+VltP9mfeAMUN8GehKiySNUiilNjiOa3C dHslDgHaQDwwRweFnd3Yr6P10oXYngBfnpbm7oJxQhVCzFCWFFaBRHyjE7Egn6q7 Xse/sZau7+o5ofkQNsllAH/US0/jvRHNq+BdEZdWGoB8hORrCqtr8BrQp5L7FFf8 HEJExwNnRIdsOekktLzEI4SALs0RwB8h0bpC2g0twNRdxNENypEZsL1LFdL6kaXR 8kXswezl6DIz86Q7/lm8 =N4hL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f4371bb-46b5-5986-90f0-255acde92242%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: AppVMs using ProxyVM having DNS problems some days
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Aug 01, 2016 at 08:31:12AM +0200, David Hobach wrote: > > > On 07/31/2016 10:05 AM, Markus Kilås wrote: > > On 02/28/2016 04:13 PM, Markus Kilås wrote: > > > Hi, > > > > > > I am experiencing an issue with DNS queries in my AppVMs in R3.0. > > > > > > Sometimes after booting up, the AppVMS that are connected to > > > sys-firewall are unable to do DNS lookups: > > > user@untrusted ~]$ dig qubes-os.org > > > ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> qubes-os.org > > > ;; global options: +cmd > > > ;; connection timed out; no servers could be reached > > > > > > The same command works in sys-firewall and netvm and any AppVM connected > > > directly to the netvm but not when going through sys-firewall. There are > > > no firewall rules added in the Qubes VM Manager and changing to allow > > > all network traffic for 5 minutes makes no difference. > > > > > > Besides DNS lookups not working, the networking is working: > > > [user@untrusted ~]$ ping 104.25.119.5 > > > PING 104.25.119.5 (104.25.119.5) 56(84) bytes of data. > > > 64 bytes from 104.25.119.5: icmp_seq=1 ttl=56 time=31.4 ms > > > > > > If I manually change the nameserver to the same as in sys-firewall the > > > resolving works also in the AppVM: > > > > > > With IP from /etc/resolve.conf (sys-firewall): > > > [user@untrusted ~]$ dig @10.137.2.1 qubes-os.org > > > ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.2.1 > > > qubes-os.org > > > ; (1 server found) > > > ;; global options: +cmd > > > ;; connection timed out; no servers could be reached > > > > > > Instead with the netvm IP: > > > [user@untrusted ~]$ dig @10.137.5.1 qubes-os.org > > > ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.5.1 > > > qubes-os.org > > > ; (1 server found) > > > ;; global options: +cmd > > > ;; Got answer: > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5804 > > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 > > > > > > ;; OPT PSEUDOSECTION: > > > ; EDNS: version: 0, flags:; udp: 4096 > > > ;; QUESTION SECTION: > > > ;qubes-os.org.IN A > > > > > > ;; ANSWER SECTION: > > > qubes-os.org. 127 IN A 104.25.119.5 > > > qubes-os.org. 127 IN A 104.25.118.5 > > > > > > ;; Query time: 11 msec > > > ;; SERVER: 10.137.5.1#53(10.137.5.1) > > > ;; WHEN: Sun Feb 28 16:03:09 CET 2016 > > > ;; MSG SIZE rcvd: 73 > > > > > > > > > Any idea what is going on here? > > > > > Very similar issues here... I think it's this issue: https://github.com/QubesOS/qubes-issues/issues/1067 > > I think I solved this now. > > > > After re-installing with V3.2-rc2 and restoring my VMs (including my old > > netvm) I still had this problem from time to time. > > > > So what I did was to start use the new sys-net VM as NetVM instead of my > > restored old netvm (I manually copied over the network manager config, > > private keys, certificates etc from the old VM to not have to > > reconfigure that). > > > > Since then, so far I have not seen the issue again. > > I had renamed the sys-firewall VM back to its old "firewallvm" name using > Qubes manager after a fresh 3.1rc2 install (otherwise restoring my backup > wouldn't have worked: "could not find referenced firewallvm" ...). Enable option "ignore missing" during backup restoration. This will use default VMs in place of missing ones (default netvm, default template etc). > Maybe the > sys-firewall name is hardcoded somewhere? I guess I'll test renaming it back > again soon... It shouldn't matter. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXoZ3UAAoJENuP0xzK19cs2+8H/2RvRRp8hJzdTdL25sW9k3pS fBejELvPrYHyqcodoRRnUUdVzycld598Jgj7nxx3MSt+hwv90ueA7iti7PjtHYLE f+dnubN/69I2ZaqOS36JmrarCAUPE32NLuE9bw/+cs/5l5X0tnkOODgI0ZWm11zm 9lZC0l/23gAhofxQvdirllvBa+6qYL8YfDrQSpznJq0lQmsrRvquL7P7n1+pKtwd G0FY8zFJuNX9oEUuytdR0lgwDlZAIKRk2C8W0FWpELoZDDQE4slQUMsy2AEUx4cA Dad5BBR/pbqgynsSV4NrjfdOF2BIrJ/Bi8N5J9ur46hmTiYiUGenVV3jXt7sNFk= =bYHd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160803073131.GL32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Windows tools in 3.2 (was: Re: [qubes-users] Re: Battery Life Qubes 3.2 rc2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Aug 02, 2016 at 07:08:25PM -0700, Peter M wrote: > One point to note for those running Windows 7 HVM is that Qubes Windows Tools > 3.2.0.2 seems to be more stable than 3.0.4.1 > I had issues with the older windows tools in 3.1 but the problems got worse > in 3.2. The VM would randomly crash. Since updating windows tools it has not > crashed yet. Do you means you have successfully upgraded tools in existing Windows VM? Or maybe you did fresh install? In any case, have you observed any difference in performance of Windows VM? Especially, if did fresh install, what was Windows installation time? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXoZymAAoJENuP0xzK19csVrsIAJMdlnpWRjVfoH5cDU08JD/3 BASp4QhvP0qaEeDdeZE1L62cdyp1+kOBCOccVhTclZ9xJ3YPD3EGH6IvXBJisbIA InzZNN6UTYVKTfhgUZ+JTfIQ4eh84P+a+mH+8IGU34UsqnGdmYBOiyzffynVrnZ0 GuSHfnwEAtxphjgDkglQazPhp/9hZJxFAXtBHbw6KkW7DllcIrfIIsXTvBpFi5aH IGlwVuVx2dpjKIN5VX7Ggl27+xXb8uCExG7GJX6pi+NcfjztjXVDLgP0e4mOkpQu isyqayf/tEjZMX0aquXXCaeOQT8VnZtb67arm16z4TeCWbjPSsAWlj104NzmKok= =Pgcr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160803072629.GK32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] MicroSD assigned to dom0 and not to sys-usb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 03, 2016 at 02:56:09AM +, Jeremy Rand wrote: > Marek Marczykowski-Górecki: > > On Mon, Aug 01, 2016 at 07:35:26PM +, 468ezc+5r0fnwy87qeag via > > qubes-users wrote: > >> Hi, > > > >> My MicroSD while attached is assigned to dom0 and not sys-usb as is > >> supposed. Notwithstanding, USB devices are still assigned to sys-usb. > > > >> Is this the intended behavior? Doesn't this increases, in the same manner > >> as usb devices does, the surface attack in dom0? > > > > Your (micro)SD card reader is probably not a USB device, but PCI device. > > Yes, it's better to assign it to some VM - sys-usb is ok. You can do > > this in VM settings - "Devices" tab. > > Seems to me that assigning the SD controller to a different VM than > sys-usb would eliminate some attack vectors, since if they're assigned > to the same VM, IOMMU won't prevent software accessing the SD card from > attacking software accessing the USB devices (and vice versa). A > doomsday scenario that comes to mind is when the USB controller is being > used to connect to the Internet via a phone tether, and the SD card is > storing some high-value data. (My doomsday imagination is limited; > perhaps there are better doomsday scenarios.) > > Is my intuition on this corect? Generally yes, but I think it's rather little value. If you have higi-value data, you should encrypt it anyway. Outside of device-facing VM of course. Generally the VM where you (or someone else) can plug potentially malicious device, should not be trusted. > Of course, using a separate VM means increased RAM usage, which may or > may not be worth it. > > Cheers, > -Jeremy Rand > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXoZtxAAoJENuP0xzK19csKVkIAI1CNc7J08vF9WVg2ji/6eQ8 vcAqm+FUwQuvf09dyV+PgbfSoX2GIKsu/v41qXNuq/WgZ9qUmzsIDd+N7Kxm6SVQ pj3dB8jPdLZoVH6YZTa/MRxZLLtglMNoNSrVKVPaBKql2vo3jQRzIva6JwBBYQLk fRPZdVyS5movd66xpEAMsB7C67mMv0RpupfXqQ9UZbBQzGugX/+pRgZaxzFa02ol t0nXj8Hb0COFLLxfN4XIwUFZBXuaK6cQ1lQrafYbyL6YFuC4s7A3d3Fs5er9tM1A St526GFmtV/oWCJj+PREY+qJ6SS9dVzVmkTaFUgUqkLA63FkdIVakeqSWi1qZg8= =FLg2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160803072120.GJ32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
