[qubes-users] Re: I started using Kwin with Xfce (“KFCE”)
For those who are interested in this: * I've replaced the kwin --reload hack with dbus-launch kwin. * Patch for 3.2 not decorating windows: https://groups.google.com/forum/#!topic/qubes-devel/TCUsdyevoxI -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3fab78dc-82da-4385-89da-83d22cf4f3fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-gpg-client-wrapper "not a gnupg executable" in icedove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-06 11:57, Anon wrote: > I'm getting an error when using /usr/bin/qubes-gpg-client-wrapper > in enigmail settings. Enigmail/icedove indicates that the > qubes-gpg-client-wrapper is "not a gnupg executable." > > Could someone point me in the right direction to make some > progress? Neither googling nor viewing the Split-GPG doc supply > results for me. > > Thank you. > Did you make sure to set up the backend VM correctly following the Split GPG instructions? Do you have the correct output for `qubes-gpg-client -K` (listing secret keys in the backend VM), for example? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXz5YUAAoJENtN07w5UDAwbLcP/iiHVOjJe4ImVS2x7M2ysBHR IemIgEykVB4X/VQCRS8qrBRJKWfLp+zmbgGS+1xAC3OCpUaWV5oxMdfFbCqAWc2D KbIhf/Q1ljLafXJQogLkxTA0Apbg6nVO1pHiS/TOEuvK/ZacmNjITFExiGs9o2Fp O1jXLv2c9mMLiSOEPuE36kBo1nfZu1oppZNMVkh2cvXN/roU3wnVnWvEF9+TLfyt 3LJcwLQjWgqLYr73Xj0+IIDvq0Krc+e5b4q0hKpJoqQxTAfzzV3GFuv273ExUmi7 PmOh7xHSslhJoCWY5KILu76B/pjZvsWI1bOqhMhceM3xRA9J989tpUqGiCCEaQVy TT6WcvapJv7mX4atgVYEb3q8iYuimXyxrNfzL34L076DDJXiOkGfHO4AOYv++D6M 0BTT/7mXE92jfItsoaiC16DPpTS02w/6r5Jp7MYz/k88E2SvCtsUxVxtZLo4QOwu 4RjYJJlhvZxMa62S33A35dUIIeka2ERObzOWp63PGivwTJUpO11sOMDSk3zSh2cj Y8f1dh9lkFRsrz01n9nDY4SNOGIr/b2IGiPCZ46joDgVk5kCmA0UMRiu1yPnE6HG 5CvkGIM5x7uur6f4UCld6+BFpzmbKB76WfIHnlDJdfd7nrFHdrjDuyyL2+GUF5PK Je3fiyNTbPPM4u1rnr7b =4fK1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d56de44e-d377-066c-bdb5-081f54cc1ee6%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
> On 09/05/2016 08:24 PM, Marek Marczykowski-Górecki wrote: > > Please, if any of you have a chance, test such template. Whats the time frame on 3.2? fedora 25 is out in november. would it be worth it to wait? or just make an updated template then? would also be good to have a newer set of graphics drivers in dom0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/118f0532-8baf-4ced-8ead-af1c017ddbb4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Feedback and errors on installation
Perfect, I will check that :) De: "Marek Marczykowski-Górecki" À: "Benoit Georgelin" Cc: "Georgelin Benoît" , "qubes-users" Envoyé: Mardi 6 Septembre 2016 18:44:43 Objet: Re: [qubes-users] Feedback and errors on installation -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Sep 07, 2016 at 12:40:42AM +0200, Benoit Georgelin wrote: > I'm not used to EFI and I don't understand why the disk is not even bootable > as it supposed to be, like the usb key. You are using EFI. Otherwise launching "chainloader /EFI/BOOT/xen.efi" would not work. Maybe this is a problem? You have selected booting into legacy mode, but installed system in EFI mode? > Like if the MBR / GPT was not set properly > > My computer does not even try. At least with the usb key , grub shell appear > ^^ > > I would like to re-install grub on /dev/sda but in dom0 , there is no grub > binaries > I also have to see how I can install / update the system Yes, in EFI mode grub is not used in installed system at all. But if you want, you can install it with "qubes-dom0-update grub2" command. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXz0bcAAoJENuP0xzK19csIUQH/25p+2CyKt/iAYGp4GqkPUdd CnWvuc2nFsFMSLNW3yF0Dg5BdfCwLlz+U1csf9sQ2V95yQkv8dFS5htMuMvck8Fg W1CFPCAKqj63YEo3t+OD6EdOtJQyxKtmiSxyRXw7T8waZzTu0+TJcbhAx7KjjD6l HGbUXug+hhgL5XX0Rv8O4sSsFRbCRwms+D0u+8qmW3UsMgK+pkiQMUZz7FNXgAuW Y7QOmP4O0AavooG5Tx7TrTzC5cdbm8qz1j4P69/9NEgVEQsuspQbFJh1io5c5bqO CEi4BRTBx/5Yp7FQFzvvXQP0ai1uWrbfANRhkOMZZHvu/BopoShsfzR0+sIWIXQ= =oiDw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1144077501.1238036.1473201962849.JavaMail.zimbra%40georgelin.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Feedback and errors on installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Sep 07, 2016 at 12:40:42AM +0200, Benoit Georgelin wrote: > I'm not used to EFI and I don't understand why the disk is not even bootable > as it supposed to be, like the usb key. You are using EFI. Otherwise launching "chainloader /EFI/BOOT/xen.efi" would not work. Maybe this is a problem? You have selected booting into legacy mode, but installed system in EFI mode? > Like if the MBR / GPT was not set properly > > My computer does not even try. At least with the usb key , grub shell appear > ^^ > > I would like to re-install grub on /dev/sda but in dom0 , there is no grub > binaries > I also have to see how I can install / update the system Yes, in EFI mode grub is not used in installed system at all. But if you want, you can install it with "qubes-dom0-update grub2" command. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXz0bcAAoJENuP0xzK19csIUQH/25p+2CyKt/iAYGp4GqkPUdd CnWvuc2nFsFMSLNW3yF0Dg5BdfCwLlz+U1csf9sQ2V95yQkv8dFS5htMuMvck8Fg W1CFPCAKqj63YEo3t+OD6EdOtJQyxKtmiSxyRXw7T8waZzTu0+TJcbhAx7KjjD6l HGbUXug+hhgL5XX0Rv8O4sSsFRbCRwms+D0u+8qmW3UsMgK+pkiQMUZz7FNXgAuW Y7QOmP4O0AavooG5Tx7TrTzC5cdbm8qz1j4P69/9NEgVEQsuspQbFJh1io5c5bqO CEi4BRTBx/5Yp7FQFzvvXQP0ai1uWrbfANRhkOMZZHvu/BopoShsfzR0+sIWIXQ= =oiDw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906224443.GB13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Feedback and errors on installation
I'm not used to EFI and I don't understand why the disk is not even bootable as it supposed to be, like the usb key. Like if the MBR / GPT was not set properly My computer does not even try. At least with the usb key , grub shell appear ^^ I would like to re-install grub on /dev/sda but in dom0 , there is no grub binaries I also have to see how I can install / update the system A least I'm able to boot and use the system , thanks for you help , really appreciated Cheers De: "Marek Marczykowski-Górecki" À: "Georgelin Benoît" Cc: "qubes-users" , ben...@georgelin.me Envoyé: Mardi 6 Septembre 2016 18:35:47 Objet: Re: [qubes-users] Feedback and errors on installation -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 03:17:56PM -0700, Benoît Georgelin wrote: > You were right, it's much better :) But I still have an issue with the disk > that does not boot properly. > I still have "disk boot failure, select.." > > Now I can plug the usb-key, have a grub shell and do : > > set root=hd1,gpt1 > chainloader /EFI/BOOT/xen.efi > boot > > This give me a QubesOs system working like a charm . > > How can I update grub or whatever is used to my primary disk so I will become > a bootable device ? You need to configure UEFI firmware to launch xen.efi. It should be done automatically by the installer, but maybe your UEFI BIOS is buggy (which is unfortunately quite common case...). First check if you can do this from BIOS builtin setup. If not, try using efibootmgr. Some hints here: https://www.qubes-os.org/doc/uefi-troubleshooting/ (especially step 8 have a line to add boot entry). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXz0TEAAoJENuP0xzK19csoLEH/30v34RvTsPWdKGuoAR4LVNe VSEF/VSIvagmdGH3in80we3PB+6G2N0tBbLQFRgOJuUCGv3Ms7lsL1enTXL4FxpN 2EESCsRKghTOcdKOWXs3YYuXbi0rAfEwf3Sp5s8TJyUtHFgyP0Oo/jjt24zauhbC yoPcD2eBA6cfL09ZnEYpy9Zpvav2H4vsto8Mw/jBaTljzk465xGYM4RWzaBaK1Mw w8T8hGP0fn5ulHRYfA7Qgr8qBm+TNyxabyJ7N0/d1wPYNizaLAvZjRhHyIVH8pI9 h7bvw5S2PLbt+6y5Jy4CrX1m8FmpK4RoM5dmFH2lpcvP/JJOgBBn21wRuKhVjyI= =xk10 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/241670297.1238014.1473201642242.JavaMail.zimbra%40georgelin.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] yubikey challenge-response
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 12:34:49PM -0700, Peter Ihasz wrote: > 2016. szeptember 6., kedd 18:39:58 UTC+1 időpontban Peter Ihasz a következőt > írta: > > 2016. szeptember 5., hétfő 21:09:33 UTC+1 időpontban Marek > > Marczykowski-Górecki a következőt írta: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > On Mon, Sep 05, 2016 at 12:57:33PM -0700, Peter Ihasz wrote: > > > > Hi! > > > > > > > > Unfortunately, I can't login with yubikey and yubikey linked password. > > > > > > > > Here is my config: > > > > > > > > 1, > > > > yubikey linked password: apple > > > > > > > > echo -n "apple" | openssl dgst -sha1 > > > > yubikey linked password: d0be2dc421be4fcd0172e5afceea3970e2f3d940 > > > > > > > > yubikey-personilization-gui > > > > > > > > LOGGING START,9/4/16 9:10 PM > > > > Challenge-Response: HMAC-SHA1,9/4/16 9:10 > > > > PM,2,,,04c21478245c36861b9f946e0d9388d5ebbb909d,,,0,0,0,0,0,0,0,0,0,1 > > > > > > > > usbvm name: sys-usb > > > > > > > > > > > > 2, > > > > in doom0 > > > > chmod 755 yubikey-auth > > > > /usr/local/bin/yubikey-auth > > > > > > > > #!/bin/sh > > > > > > > > key="$1" > > > > > > > > if [ -z "$key" ]; then > > > > echo "Usage: $0 []" > > > > exit 1 > > > > fi > > > > > > > > # if password has given, verify it > > > > if [ -n "$2" ]; then > > > > # PAM appends \0 at the end > > > > hash=`head -c -1 | openssl dgst -sha1 -r | cut -f1 -d ' '` > > > > if [ "x$2" != "x$hash" ]; then > > > > exit 1 > > > > fi > > > > fi > > > > > > > > challenge=`head -c64 /dev/urandom | xxd -c 64 -ps` > > > > # You may need to adjust slot number and USB VM name here > > > > response=`qvm-run -u root --nogui -p sys-usb "ykchalresp -2 -x > > > > $challenge"` > > > > > > > > correct_response=`echo $challenge | xxd -r -ps | openssl dgst -sha1 > > > > -macopt hexkey:$key -mac HMAC -r | cut -f1 -d ' '` > > > > > > > > test "x$correct_response" = "x$response" > > > > exit $? > > > > > > > > 3, > > > > > > > > /etc/pam.d/kscreensaver (KDE desktop environment) > > > > > > > > auth [success=done default=ignore] pam_exec.so expose_authtok quiet > > > > /usr/local/bin/yubikey-auth 04c21478245c36861b9f946e0d9388d5ebbb909d > > > > d0be2dc421be4fcd0172e5afceea3970e2f3d940 > > > (...) > But I have got a new > > Sep 06 20:22:53 dom0 kcheckpass[8777]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 2 > Sep 06 20:22:53 dom0 kcheckpass[8776]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 2 > Sep 06 20:22:53 dom0 unix_chkpwd[8809]: password check failed for user > (tacsk0) > Sep 06 20:22:53 dom0 kcheckpass[8777]: pam_unix(kscreensaver:auth): > authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= > rhost= user=tacsk0 > Sep 06 20:22:53 dom0 kcheckpass[8777]: Authentication failure for tacsk0 > (invoked by uid 1000) > Sep 06 20:22:53 dom0 unix_chkpwd[8808]: password check failed for user > (tacsk0) > Sep 06 20:22:53 dom0 kcheckpass[8776]: pam_unix(kscreensaver:auth): > authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= > rhost= user=tacsk0 > Sep 06 20:22:53 dom0 kcheckpass[8776]: Authentication failure for tacsk0 > (invoked by uid 1000) > Sep 06 20:22:59 dom0 kcheckpass[8815]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 2 > Sep 06 20:22:59 dom0 unix_chkpwd[8846]: password check failed for user > (tacsk0) > Sep 06 20:22:59 dom0 kcheckpass[8815]: pam_unix(kscreensaver:auth): > authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= > rhost= user=tacsk0 > Sep 06 20:22:59 dom0 kcheckpass[8815]: Authentication failure for tacsk0 > (invoked by uid 1000) > Sep 06 20:23:06 dom0 kcheckpass[8847]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 1 > Sep 06 20:23:14 dom0 kcheckpass[8816]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 2 > Sep 06 20:23:14 dom0 unix_chkpwd[8858]: password check failed for user > (tacsk0) > Sep 06 20:23:14 dom0 kcheckpass[8816]: pam_unix(kscreensaver:auth): > authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= > rhost= user=tacsk0 > Sep 06 20:23:14 dom0 kcheckpass[8816]: Authentication failure for tacsk0 > (invoked by uid 1000) > Sep 06 20:23:17 dom0 sudo[8865]: tacsk0 : TTY=pts/6 ; PWD=/usr/local/bin ; > USER=root ; COMMAND=/bin/journalctl -eb I don't see how that script could fail with code 2... Anyway try to remove "quiet" option to see more details. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXz0V+AAoJENuP0xzK19csTwIH/21r2Nm1SzU333oinnx0g/ku ZzpxJjq512zKfn4ICGrju4WfpMJLDQUwnGN/2jgm04DUJyqW9zA8ASbYCvhQss6f 5irazSOZjoU+1+xunq2FXRRPA6L
Re: [qubes-users] Feedback and errors on installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 03:17:56PM -0700, Benoît Georgelin wrote: > You were right, it's much better :) But I still have an issue with the disk > that does not boot properly. > I still have "disk boot failure, select.." > > Now I can plug the usb-key, have a grub shell and do : > > set root=hd1,gpt1 > chainloader /EFI/BOOT/xen.efi > boot > > This give me a QubesOs system working like a charm . > > How can I update grub or whatever is used to my primary disk so I will become > a bootable device ? You need to configure UEFI firmware to launch xen.efi. It should be done automatically by the installer, but maybe your UEFI BIOS is buggy (which is unfortunately quite common case...). First check if you can do this from BIOS builtin setup. If not, try using efibootmgr. Some hints here: https://www.qubes-os.org/doc/uefi-troubleshooting/ (especially step 8 have a line to add boot entry). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXz0TEAAoJENuP0xzK19csoLEH/30v34RvTsPWdKGuoAR4LVNe VSEF/VSIvagmdGH3in80we3PB+6G2N0tBbLQFRgOJuUCGv3Ms7lsL1enTXL4FxpN 2EESCsRKghTOcdKOWXs3YYuXbi0rAfEwf3Sp5s8TJyUtHFgyP0Oo/jjt24zauhbC yoPcD2eBA6cfL09ZnEYpy9Zpvav2H4vsto8Mw/jBaTljzk465xGYM4RWzaBaK1Mw w8T8hGP0fn5ulHRYfA7Qgr8qBm+TNyxabyJ7N0/d1wPYNizaLAvZjRhHyIVH8pI9 h7bvw5S2PLbt+6y5Jy4CrX1m8FmpK4RoM5dmFH2lpcvP/JJOgBBn21wRuKhVjyI= =xk10 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906223547.GZ13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Feedback and errors on installation
You were right, it's much better :) But I still have an issue with the disk that does not boot properly. I still have "disk boot failure, select.." Now I can plug the usb-key, have a grub shell and do : set root=hd1,gpt1 chainloader /EFI/BOOT/xen.efi boot This give me a QubesOs system working like a charm . How can I update grub or whatever is used to my primary disk so I will become a bootable device ? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b3071ca-21f2-4c15-aa77-84d376cdc620%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] yubikey challenge-response
2016. szeptember 6., kedd 18:39:58 UTC+1 időpontban Peter Ihasz a következőt írta: > 2016. szeptember 5., hétfő 21:09:33 UTC+1 időpontban Marek > Marczykowski-Górecki a következőt írta: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Mon, Sep 05, 2016 at 12:57:33PM -0700, Peter Ihasz wrote: > > > Hi! > > > > > > Unfortunately, I can't login with yubikey and yubikey linked password. > > > > > > Here is my config: > > > > > > 1, > > > yubikey linked password: apple > > > > > > echo -n "apple" | openssl dgst -sha1 > > > yubikey linked password: d0be2dc421be4fcd0172e5afceea3970e2f3d940 > > > > > > yubikey-personilization-gui > > > > > > LOGGING START,9/4/16 9:10 PM > > > Challenge-Response: HMAC-SHA1,9/4/16 9:10 > > > PM,2,,,04c21478245c36861b9f946e0d9388d5ebbb909d,,,0,0,0,0,0,0,0,0,0,1 > > > > > > usbvm name: sys-usb > > > > > > > > > 2, > > > in doom0 > > > chmod 755 yubikey-auth > > > /usr/local/bin/yubikey-auth > > > > > > #!/bin/sh > > > > > > key="$1" > > > > > > if [ -z "$key" ]; then > > > echo "Usage: $0 []" > > > exit 1 > > > fi > > > > > > # if password has given, verify it > > > if [ -n "$2" ]; then > > > # PAM appends \0 at the end > > > hash=`head -c -1 | openssl dgst -sha1 -r | cut -f1 -d ' '` > > > if [ "x$2" != "x$hash" ]; then > > > exit 1 > > > fi > > > fi > > > > > > challenge=`head -c64 /dev/urandom | xxd -c 64 -ps` > > > # You may need to adjust slot number and USB VM name here > > > response=`qvm-run -u root --nogui -p sys-usb "ykchalresp -2 -x > > > $challenge"` > > > > > > correct_response=`echo $challenge | xxd -r -ps | openssl dgst -sha1 > > > -macopt hexkey:$key -mac HMAC -r | cut -f1 -d ' '` > > > > > > test "x$correct_response" = "x$response" > > > exit $? > > > > > > 3, > > > > > > /etc/pam.d/kscreensaver (KDE desktop environment) > > > > > > auth [success=done default=ignore] pam_exec.so expose_authtok quiet > > > /usr/local/bin/yubikey-auth 04c21478245c36861b9f946e0d9388d5ebbb909d > > > d0be2dc421be4fcd0172e5afceea3970e2f3d940 > > > > > > Do you have anything in logs in dom0 (check `sudo journalctl -eb`)? > > Do you have ykchalresp installed in template of sys-usb? It's part of > > ykpers package. > > > > - -- > > Best Regards, > > Marek Marczykowski-Górecki > > Invisible Things Lab > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v2 > > > > iQEcBAEBCAAGBQJXzdD3AAoJENuP0xzK19csyxwH/1u0FQINHo0Bs7a3uTzfi5Wl > > jyoknwt9vA3b0V/AMLKIfz4g7+hoEocbachW+BRNl+KAvHJ4ZcEUzyugHq0F7OO/ > > mGhi6f4EiF/NPYG8zNwWkvy2MGinCbuTwjI52AzYV5Wb3efk+JUyCRB0VfHgoQtl > > SLbRvPavN3h3LkZWdA6OHfQXHyiDJVVM9jikg4bLhFlDc4Jx3XOGB6Ocbj6F2A5X > > fWHEDlTvWFvud3U+nln0ALlICwlktEm4Oy99UgYnCt9QXslGW08bzSAAiVXOpKbo > > izjvf2F84sT2Vt5D39uGdB4/F8dy+AQS7F9Pi2En5NE4Jm5PZJD9vE3BfnS40Ic= > > =QeHk > > -END PGP SIGNATURE- > > > > `sudo journalctl -eb` > > Sep 06 18:33:28 dom0 kcheckpass[7948]: pam_exec(kscreensaver:auth): > execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error > Sep 06 18:33:28 dom0 kcheckpass[7946]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 8 > Sep 06 18:33:28 dom0 kcheckpass[7950]: pam_exec(kscreensaver:auth): > execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error > Sep 06 18:33:28 dom0 kcheckpass[7947]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 8 > Sep 06 18:33:28 dom0 unix_chkpwd[7952]: password check failed for user > (tacsk0) > Sep 06 18:33:28 dom0 kcheckpass[7946]: pam_unix(kscreensaver:auth): > authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= > rhost= user=tacsk0 > Sep 06 18:33:28 dom0 kcheckpass[7946]: Authentication failure for tacsk0 > (invoked by uid 1000) > Sep 06 18:33:28 dom0 unix_chkpwd[7953]: password check failed for user > (tacsk0) > Sep 06 18:33:28 dom0 kcheckpass[7947]: pam_unix(kscreensaver:auth): > authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= > rhost= user=tacsk0 > Sep 06 18:33:28 dom0 kcheckpass[7947]: Authentication failure for tacsk0 > (invoked by uid 1000) > Sep 06 18:33:33 dom0 kcheckpass[7956]: pam_exec(kscreensaver:auth): > execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error > Sep 06 18:33:33 dom0 kcheckpass[7954]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 8 > Sep 06 18:33:33 dom0 kcheckpass[7958]: pam_exec(kscreensaver:auth): > execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error > > Sep 06 18:33:33 dom0 kcheckpass[7955]: pam_exec(kscreensaver:auth): > /usr/local/bin/yubikey-auth failed: exit code 8 Exec format error has been repaired. I had a blank line at the top of the script before the #! line. But I have got a new Sep 06 20:22:53 dom0 kcheckpass[8777]: pam_exec(kscreensaver:auth): /usr/local
Re: [qubes-users] Streisand - AntiCensorship software
amadaus: > Hi > Some of you may be interested in setting up your own personal VPN using > streisand software? I first read obout this in Ars Technica [ > http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/] > and have since tried it out in a dedicated Streisand VM. > To me, it seems to offer very high levels of security and anonominity. > Does anyone else have any views on this software? - it can be accessed > via github https://github.com/jlund/streisand. > I wasn't aware of streisand before you mentioned it. Normally, I would suggest that the best method for setting up a personal VPN, is to set up a personal VPN. Even for pure novices, there are many comprehensive, user-friendly guides that will set you up with a secure configuration. (Digitalocean & Linode have nice tutorials, like this one: https://www.linode.com/docs/networking/vpn/set-up-a-hardened-openvpn-server). In the process, you can also learn about firewalls, authentication, services, etc. On the other hand, there's definitely a place for turnkey solutions with safe defaults. It's a shame though that the streisand installer is currently not able to selectively install services (https://github.com/jlund/streisand/issues/23). The security best practice of only enabling needed services to minimize attack surface is overshadowed by usability concerns. A full streisand install consists of "L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge" plus a webserver! If you connect to a VPS anonymously, one nice advantage of using an out-of-the-box preconfigured solution is that it may give you a measure of deniability. Certainly more than you would get by applying your own unique iptables rules + comments in Swahili that would fingerprint you as sysadmin. Seems like streisand is a project worth following. Plus it's important to remember that its purpose is to configure a censorship circumvention server, not provide network security and/or anonymity. Unless bypassing censorship is your only goal, IMO its services should be used before and/or after Tor. (and obviously, not both on the same server). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/850ea210-4ff3-f392-9360-c24f5d771146%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes-gpg-client-wrapper "not a gnupg executable" in icedove
I'm getting an error when using /usr/bin/qubes-gpg-client-wrapper in enigmail settings. Enigmail/icedove indicates that the qubes-gpg-client-wrapper is "not a gnupg executable." Could someone point me in the right direction to make some progress? Neither googling nor viewing the Split-GPG doc supply results for me. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nqn3iq%24mbq%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2 USB passthough Windows HVM
On Saturday, September 3, 2016 at 8:51:47 PM UTC+2, Marek Marczykowski-Górecki wrote: > As for passing through the whole USB controller, it is broken currently: > https://github.com/QubesOS/qubes-issues/issues/1659 > We'll work on this some more this month and hopefully fix it. Nice, that would be great. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2da53aca-309b-4c22-bbb9-dff204f3060f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] yubikey challenge-response
2016. szeptember 5., hétfő 21:09:33 UTC+1 időpontban Marek Marczykowski-Górecki a következőt írta: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Mon, Sep 05, 2016 at 12:57:33PM -0700, Peter Ihasz wrote: > > Hi! > > > > Unfortunately, I can't login with yubikey and yubikey linked password. > > > > Here is my config: > > > > 1, > > yubikey linked password: apple > > > > echo -n "apple" | openssl dgst -sha1 > > yubikey linked password: d0be2dc421be4fcd0172e5afceea3970e2f3d940 > > > > yubikey-personilization-gui > > > > LOGGING START,9/4/16 9:10 PM > > Challenge-Response: HMAC-SHA1,9/4/16 9:10 > > PM,2,,,04c21478245c36861b9f946e0d9388d5ebbb909d,,,0,0,0,0,0,0,0,0,0,1 > > > > usbvm name: sys-usb > > > > > > 2, > > in doom0 > > chmod 755 yubikey-auth > > /usr/local/bin/yubikey-auth > > > > #!/bin/sh > > > > key="$1" > > > > if [ -z "$key" ]; then > > echo "Usage: $0 []" > > exit 1 > > fi > > > > # if password has given, verify it > > if [ -n "$2" ]; then > > # PAM appends \0 at the end > > hash=`head -c -1 | openssl dgst -sha1 -r | cut -f1 -d ' '` > > if [ "x$2" != "x$hash" ]; then > > exit 1 > > fi > > fi > > > > challenge=`head -c64 /dev/urandom | xxd -c 64 -ps` > > # You may need to adjust slot number and USB VM name here > > response=`qvm-run -u root --nogui -p sys-usb "ykchalresp -2 -x $challenge"` > > > > correct_response=`echo $challenge | xxd -r -ps | openssl dgst -sha1 -macopt > > hexkey:$key -mac HMAC -r | cut -f1 -d ' '` > > > > test "x$correct_response" = "x$response" > > exit $? > > > > 3, > > > > /etc/pam.d/kscreensaver (KDE desktop environment) > > > > auth [success=done default=ignore] pam_exec.so expose_authtok quiet > > /usr/local/bin/yubikey-auth 04c21478245c36861b9f946e0d9388d5ebbb909d > > d0be2dc421be4fcd0172e5afceea3970e2f3d940 > > > Do you have anything in logs in dom0 (check `sudo journalctl -eb`)? > Do you have ykchalresp installed in template of sys-usb? It's part of > ykpers package. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXzdD3AAoJENuP0xzK19csyxwH/1u0FQINHo0Bs7a3uTzfi5Wl > jyoknwt9vA3b0V/AMLKIfz4g7+hoEocbachW+BRNl+KAvHJ4ZcEUzyugHq0F7OO/ > mGhi6f4EiF/NPYG8zNwWkvy2MGinCbuTwjI52AzYV5Wb3efk+JUyCRB0VfHgoQtl > SLbRvPavN3h3LkZWdA6OHfQXHyiDJVVM9jikg4bLhFlDc4Jx3XOGB6Ocbj6F2A5X > fWHEDlTvWFvud3U+nln0ALlICwlktEm4Oy99UgYnCt9QXslGW08bzSAAiVXOpKbo > izjvf2F84sT2Vt5D39uGdB4/F8dy+AQS7F9Pi2En5NE4Jm5PZJD9vE3BfnS40Ic= > =QeHk > -END PGP SIGNATURE- `sudo journalctl -eb` Sep 06 18:33:28 dom0 kcheckpass[7948]: pam_exec(kscreensaver:auth): execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error Sep 06 18:33:28 dom0 kcheckpass[7946]: pam_exec(kscreensaver:auth): /usr/local/bin/yubikey-auth failed: exit code 8 Sep 06 18:33:28 dom0 kcheckpass[7950]: pam_exec(kscreensaver:auth): execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error Sep 06 18:33:28 dom0 kcheckpass[7947]: pam_exec(kscreensaver:auth): /usr/local/bin/yubikey-auth failed: exit code 8 Sep 06 18:33:28 dom0 unix_chkpwd[7952]: password check failed for user (tacsk0) Sep 06 18:33:28 dom0 kcheckpass[7946]: pam_unix(kscreensaver:auth): authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= rhost= user=tacsk0 Sep 06 18:33:28 dom0 kcheckpass[7946]: Authentication failure for tacsk0 (invoked by uid 1000) Sep 06 18:33:28 dom0 unix_chkpwd[7953]: password check failed for user (tacsk0) Sep 06 18:33:28 dom0 kcheckpass[7947]: pam_unix(kscreensaver:auth): authentication failure; logname=tacsk0 uid=1000 euid=1000 tty=:0 ruser= rhost= user=tacsk0 Sep 06 18:33:28 dom0 kcheckpass[7947]: Authentication failure for tacsk0 (invoked by uid 1000) Sep 06 18:33:33 dom0 kcheckpass[7956]: pam_exec(kscreensaver:auth): execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error Sep 06 18:33:33 dom0 kcheckpass[7954]: pam_exec(kscreensaver:auth): /usr/local/bin/yubikey-auth failed: exit code 8 Sep 06 18:33:33 dom0 kcheckpass[7958]: pam_exec(kscreensaver:auth): execve(/usr/local/bin/yubikey-auth,...) failed: Exec format error Sep 06 18:33:33 dom0 kcheckpass[7955]: pam_exec(kscreensaver:auth): /usr/local/bin/yubikey-auth failed: exit code 8 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fde7cd16-caa6-48cc-bae4-47090e1f63ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Will the following configuration work for Qubes? Also, I need 4.7+ kernel, is this possible?
Hi All, I have the below system and would like to know if anyone has gotten such a configuration working 100% with Qubes OS (if not, what doesn't work?): - ASROCK X99 Extreme4 motherboard - 64GB DDR4 2400 RAM - ATI Radeon RX 480 video card - 4K display Looks like I need 4.7+ kernel version to use the RX 480 video card, but latest Qubes release only has Kernel 4.4.x. How involved would it be to switch to 4.7+ kernel? Thanks in advance! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f7e51b7-b852-4f96-87b6-4cfbb63874ea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Feedback and errors on installation
Thanks. I was trying to boot grub from xen.efi, but looks like I did not found the right syntax. I always had the error "Error: You need to load the kernel first" I will try again with this exact syntax : chainloader /EFI/BOOT/xen.efi boot Regards, Benoit De: "Marek Marczykowski-Górecki" À: "Benoit Georgelin" Cc: qubes-users@googlegroups.com Envoyé: Mardi 6 Septembre 2016 12:12:45 Objet: Re: [qubes-users] Feedback and errors on installation -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 05:34:09AM +0200, Benoit Georgelin wrote: > Hi users of the Qubes Os list, > > This weekend I decided to install this Os that I have been following for a > while . > After trying once, without spending too much time (1h) and fail to install, I > decided to give it another try. > > I spend the weekend trying to figure how to install the system. Here is my > feedback and my errors because unfortunately I could not make it work . > > 1- Install media : USB > > I did use an USB Key for my installation media. > > First problem, my computer (Toshiba Satellite P50) use EFI > I'm aware 3.0 does not support EFI , I did try 3.1 and 3.2-rc3 > Both case , dd if=image of=/dev/usb boot to a grub shell > > So to get from grub shell to grub install : > > set root=hd0.1 > linuxefi /EFI/BOOT/vmlinuz root=live:/dev/sdb1 > initrdefi /EFI/BOOT/initrd.img > boot This is invalid method of booting Xen-enabled system and probably cause for all your next problems (lack of Xen and missing kernel parameters). It should be: chainloader /EFI/BOOT/xen.efi boot Take a look at grub configuration on installation image (/EFI/BOOT/grub2.cfg). Also take a look here for troubleshooting UEFI related problems: https://www.qubes-os.org/doc/uefi-troubleshooting/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzur9AAoJENuP0xzK19csIZ8IAJMJ8olED/A7HokI6AhrqA03 UqYVx7nHXYRVMaVEmvfQ+hIg3AMU6H8Sf6XQH1tAzBPXc8rtA2T1Qyr5sxRtcpx/ LPhvpI3G6arRbBhzN53t9NuEp9RxkbIwfLx3pnDfs7x4ksYAvwkguGyly9jdI+vs Ryeaw6E2iI7W46Lg4Ut7mJvUKHJIPakWq1/grICJeJ99VM0VcRCBp434wAAbGlgY SiZNaNxLGJIOru/UNhrXrRoN59tl8BROUOLewdQawLaUtb80dVGpIwmsH9Asmxtr B4IaIZJJiQQoR2K6eHXeweAfpkRRQmiU4CaM18fy7jVwfkaj7cU0AHrBGy966qM= =sgtV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1895162112.1221526.1473180025007.JavaMail.zimbra%40georgelin.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Feedback and errors on installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 05:34:09AM +0200, Benoit Georgelin wrote: > Hi users of the Qubes Os list, > > This weekend I decided to install this Os that I have been following for a > while . > After trying once, without spending too much time (1h) and fail to install, I > decided to give it another try. > > I spend the weekend trying to figure how to install the system. Here is my > feedback and my errors because unfortunately I could not make it work . > > 1- Install media : USB > > I did use an USB Key for my installation media. > > First problem, my computer (Toshiba Satellite P50) use EFI > I'm aware 3.0 does not support EFI , I did try 3.1 and 3.2-rc3 > Both case , dd if=image of=/dev/usb boot to a grub shell > > So to get from grub shell to grub install : > > set root=hd0.1 > linuxefi /EFI/BOOT/vmlinuz root=live:/dev/sdb1 > initrdefi /EFI/BOOT/initrd.img > boot This is invalid method of booting Xen-enabled system and probably cause for all your next problems (lack of Xen and missing kernel parameters). It should be: chainloader /EFI/BOOT/xen.efi boot Take a look at grub configuration on installation image (/EFI/BOOT/grub2.cfg). Also take a look here for troubleshooting UEFI related problems: https://www.qubes-os.org/doc/uefi-troubleshooting/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzur9AAoJENuP0xzK19csIZ8IAJMJ8olED/A7HokI6AhrqA03 UqYVx7nHXYRVMaVEmvfQ+hIg3AMU6H8Sf6XQH1tAzBPXc8rtA2T1Qyr5sxRtcpx/ LPhvpI3G6arRbBhzN53t9NuEp9RxkbIwfLx3pnDfs7x4ksYAvwkguGyly9jdI+vs Ryeaw6E2iI7W46Lg4Ut7mJvUKHJIPakWq1/grICJeJ99VM0VcRCBp434wAAbGlgY SiZNaNxLGJIOru/UNhrXrRoN59tl8BROUOLewdQawLaUtb80dVGpIwmsH9Asmxtr B4IaIZJJiQQoR2K6eHXeweAfpkRRQmiU4CaM18fy7jVwfkaj7cU0AHrBGy966qM= =sgtV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906161245.GX13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
On 09/05/2016 08:24 PM, Marek Marczykowski-Górecki wrote: > Please, if any of you have a chance, test such template. I had to resize the system partition, because the upgrade was too big to fit on it. Automatic resizing didn't work. I had to run resize2fs manually. The upgrade went through smoothly. Only noticed this warning: Upgrading : glibc-2.23.1-10.fc24.x86_64 /bin/sh: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory warning: %triggerin(cronie-1.5.0-3.fc23.x86_64) scriptlet failed, exit status 127 Non-fatal scriptlet failure in rpm package glibc Non-fatal scriptlet failure in rpm package glibc Upgrading : libstdc++-6.1.1-3.fc24.x86_64 Kind Regards, Torsten -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4c9342ac-72b2-2718-cb7f-59fcb5346e6b%40grobox.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Did 3.0 -> 3.1 proceed correctly?
Hello, > > * Running on Xen 3.6.1. That looks well. > > 4.6.1 Yes, 4.6.1. That was a typo :) > qubes-mgmt-salt-admin-tools package. You need to install it manually > (bug in upgrade instruction). > Also qubes-mgmt-salt-vm-connector package is needed in default template > to manage in-VM configuration. OK, thanks. I haven't found it mentioned anywhere, so I thought it might be some half-done upgrade. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7321e605-014d-4d28-96a2-7bebe128e2b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Did 3.0 -> 3.1 proceed correctly?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 05:46:06AM -0700, Vít Šesták wrote: > I've performed the in-place upgrade from 3.0 to 3.1. Results: > > * Running on Xen 3.6.1. That looks well. 4.6.1 > * Still no coloured window icons. OK, I know there is a bug, so it sometimes > does not work. > * No qubesctl command, no salt. (I've tried sudo find / -xdev -iname '*salt*' > and sudo find / -xdev -iname '*qubesc*' in dom0.) Where they are? qubes-mgmt-salt-admin-tools package. You need to install it manually (bug in upgrade instruction). Also qubes-mgmt-salt-vm-connector package is needed in default template to manage in-VM configuration. > * Command `yum list` never shows 3.0.* for Qubes packages, with few > exceptions for templates and Windows tools. > > It this result correct? Besides salt, yes. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzrxmAAoJENuP0xzK19cssoMIAITlQT7niqMvQbkEJf0Mj9aQ xdjRHRFrH5NA7Qhrjhwsgg9w0e8cIYZeHxslr1wTbXsPfAiqQmow3Pi4ffpK21kY y06jyhTMQX2S3NFoZr8ITE1aZaEKFAW0b704okjyEMVXlJp8lELmhhWgquigJKrS z3c4tIRdOM0JsxvdHcBhXTLZk24050cS9htEaW422wK4lQnxOOfwa0FAwGzP8pK2 24P0hXAbWjl6hd54Py1VAQZ5hhs8MU4YqhNqOVkZBMAsccfTYvk7HFaYOy3C4vwP m+U/1EwEBLIzae/voMZZwONVHybVvPr0mQaF9494iKLJ90TyvGPUelqnC0SqE+A= =bjR2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906125357.GT13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: OpenBSD Xen PHVM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 05:28:22AM -0700, Jan Betlach wrote: > On Tuesday, September 6, 2016 at 9:38:59 AM UTC+2, Jan Betlach wrote: > > Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does > > it help to run OpenBSD guest in Qubes? > > There are more details in the paper here: > https://www.openbsd.org/papers/asiabsdcon2016-xen-paper.pdf. > > Wouldn't it be great to build a pf based firewall in Qubes? :-) If that's all what is currently included in 6.0, there is one important part missing (in addition to my previous email): network backend driver. Without this, it is impossible to have ProxyVM. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzrunAAoJENuP0xzK19cs17oH/RC5mFjG9MOywpvptJD7MXuT TZCUIiAY0JIkbKxy5YrurHttZ51Qsc2KLT9/+yE98u0evyXNi+m8JlN7zruUq6XF 11wY9GuMjeKGmarOIzrMl/RIZnnYrMLJBYXVec+bi/nptPzRnCldg46NmH/PGSvc sE7kHX9gjuNZiDXx5Kc+8Q7EnYR9kLwz4/QLYv9LGHsYMEjXVeuUXVYfEETa+SZb 5whn5P7vXIpt2Rc32Qo8ozLQW9hwwQJkSvGe8iqiTEIAcZ4248xdL9rUqHI2zK7k W67IbH+vC1C7waiAsEV/hHNd34zyXlbCYYrmUmbX+Zl7GXK1QhDByYDHVYUPxg8= =POAE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906125047.GS13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Did 3.0 -> 3.1 proceed correctly?
I've performed the in-place upgrade from 3.0 to 3.1. Results: * Running on Xen 3.6.1. That looks well. * Still no coloured window icons. OK, I know there is a bug, so it sometimes does not work. * No qubesctl command, no salt. (I've tried sudo find / -xdev -iname '*salt*' and sudo find / -xdev -iname '*qubesc*' in dom0.) Where they are? * Command `yum list` never shows 3.0.* for Qubes packages, with few exceptions for templates and Windows tools. It this result correct? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2895a24-a59d-4a13-8a0d-ddcb5037904c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: OpenBSD Xen PHVM
On Tuesday, September 6, 2016 at 9:38:59 AM UTC+2, Jan Betlach wrote: > Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it > help to run OpenBSD guest in Qubes? There are more details in the paper here: https://www.openbsd.org/papers/asiabsdcon2016-xen-paper.pdf. Wouldn't it be great to build a pf based firewall in Qubes? :-) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5080a7b6-fd86-4b26-a043-3c553596115e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: App shortcuts in XFCE
On 2016-09-05 00:57, Drew White wrote: On Sunday, 4 September 2016 11:50:21 UTC+10, Gaijin wrote: I just upgraded from 3.1 to 3.2R3 and was wondering of the best way to restore some of my App shortcuts. I use some portable apps and executables that don't show up in the Applications shortcuts. In KDE I was used to the Menu Editor. I'm not familiar with XFCE and didn't see a similar option. If you are talking about windows WITH QREXEC, then just add the shortcuts again. You can add them to the menu using KMENUEDIT, or many other ways Including copying the .desktop files to the new machine onto your desktop, or else into another folder and adding them directly to the menu system using kmenuedit or similar CLI interface. I am referring to the dropdown "Q" menu that lists your various VMs and the software in them. I was used to the KMENUEDIT in KDE. It was easy enough to make QREXEC shortcuts. The new R3.2 defaults to XFCE in a clean install. I didn't see a way to edit those menu items the same way. Sure I can add more shortcuts for programs that are installed and generate .desktop files. The problem I'm having is with the software or executables that don't show up in the shortcuts list. For example, portable apps; You don't install them you just run the .exe Is there a KMENUEDIT GUI equivalent in XFCE in Qubes to edit those menus? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8375554b9d68282034834883fa047f68%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 01:10:51PM +0200, Achim Patzner wrote: > Am 06.09.2016 um 11:17 schrieb Marek Marczykowski-Górecki: > > Just some standard usage things, like: > > - networking (like standard web browsing) > > Working. > > > - updates / package installation (is it working at all? does new apps > >show up in the menu?) > > Working. > > > - emails (for example if Qubes addon for Thunderbird still works) > > Working. > > > - update process itself (some broken dependencies?) > > Working. > > > - memory usage, performance - compared to Fedore 23 > > No realy noticeable difference. Thanks :) > Some key bindings might have changed; ctrl-"+" in a terminal window > increases the font size but the terminal window does not grow with it > anymore. Interesting, it may be a feature :) - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzqdYAAoJENuP0xzK19csaicH/0yAZt3iqamnAtN2BEKH/m80 plrbo19x5xyRBxZTAfALq3ey4gl/8CLIp9WIJ7cxmtw120rIOz5OvUc5gGg/gmF+ VNPlDB7fIuGSmnSnvdTCSNXTKTToTPE+EzyHFWPWyrpIQxJhCN+jBU8wCENh7V9b Ip/8ygIGYJV/FDwBcSYR+WpqpobeRF4TlaT+c7gayy34+8kPVgwqWLfRUIw71lcT B5NW6NXmiUxBYU6MGEBNeedih4GForjJQkIkliWM4SlEHnBR6NpcizWrdQ0IY801 s+23aTO5jyN4mDU7xy7hcSfRFMJ+Al07hX/ErCmzSegRxb/7tB4wZr/hNI9xbaw= =d2jD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906112408.GR13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 01:07:49PM +0200, Achim Patzner wrote: > Am 06.09.2016 um 11:30 schrieb Marek Marczykowski-Górecki: > > There are no fc24 packages for R3.1. So if you're starting with R3.1 > > template, first you need to upgrade it to R3.2. > > What I wanted to way was "using an old template I brought forward from > 3.1 to 3.2 got me into a dead end so I started over with the fedora-23 > from 3.2". Don't ask me, I'm only the end user and don't know much about > growing penguins. Ok, so I think we can simply recommend the working path (or using fresh fedora-24 template when released). We don't have enough resources to support every upgrade combination... > Which reminds me: Is there a serious difference betwenn sys-* in 3.1 and > 3.2 or is it a bad idea to backup and restore the old VMs? Not much difference (if any). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzqbwAAoJENuP0xzK19cshuAIAJgMgBThPhdMcXJLr33G2Lr8 lC8upKbbNV/IqX3xYEamDxkSDNqrwXoqqMXEEhovtu89WTWJPhzzELJcj8Gw28Te Ip2GkvyAH5H+e6gpA4cUVcgfYEv5yO7COi8G+BVxxE+TUJ4ZoGEsxKOFhxe2RROd Kia14lALeSDoMYfkzhf5I0iK1GLhdispVNMwdX3aMdmZdfp5KT+k11/O5Spu/zeF yuvkamSaWdTI4REfSsgXlbHaHvTB95+b2pB0gRms/SigEGARpHjX4AHqGceEil+2 vsrM6xitMHTEYdU6fLn8j6T2tMRsWRf+S842bIDB+rqH35BSsJgAoFPxZvijML4= =ASzm -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906112224.GQ13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
Am 06.09.2016 um 11:17 schrieb Marek Marczykowski-Górecki: > Just some standard usage things, like: > - networking (like standard web browsing) Working. > - updates / package installation (is it working at all? does new apps >show up in the menu?) Working. > - emails (for example if Qubes addon for Thunderbird still works) Working. > - update process itself (some broken dependencies?) Working. > - memory usage, performance - compared to Fedore 23 No realy noticeable difference. Some key bindings might have changed; ctrl-"+" in a terminal window increases the font size but the terminal window does not grow with it anymore. Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cebd70c1-4a71-6292-7843-3cbd2f579803%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
Am 06.09.2016 um 11:30 schrieb Marek Marczykowski-Górecki: > > Does anyone have a simple tool to diff the rpm inventory of two machines > > and apply everything that is not installed in the target machine? 8-) > > rpm -qa |sort > pkg_list > Then diff those files... I hoped there was an easier way 8-). I did that (actually not using a diff; adding a package that is already there doesn't matter). But that didn't solve what wou were mentioning next: > But apparently you can > easily get this from its database: > > grep -l user /var/lib/dnf/yumdb/*/*/reason That did a bit more for me and reduced overhead quite a bit. > There are no fc24 packages for R3.1. So if you're starting with R3.1 > template, first you need to upgrade it to R3.2. What I wanted to way was "using an old template I brought forward from 3.1 to 3.2 got me into a dead end so I started over with the fedora-23 from 3.2". Don't ask me, I'm only the end user and don't know much about growing penguins. Which reminds me: Is there a serious difference betwenn sys-* in 3.1 and 3.2 or is it a bad idea to backup and restore the old VMs? Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b0efd159-3d40-1b83-ca67-bc3103abc1a5%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] OpenBSD Xen PHVM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 12:38:59AM -0700, Jan Betlach wrote: > Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it > help to run OpenBSD guest in Qubes? PHVM drivers itself (disk/net) simply improve performance. But based on this (or rather some parts used by those drivers), it is possible to build drivers exposing some xen interfaces to user space, which allows porting Qubes-specific integration. Those drivers are required to port: - qrexec agent (used to control VM from dom0 - for example start applications - mostly qvm-run tool - gui agent (seamless GUI integration) Both of them use libxenvchan library, which itself rely on shared memory interface and even channels. On Linux this is about those drivers: - xen-gntalloc - xen-gntdev - xen-evtchn I haven't read what parts are really implemented in Open BSD. "Xen PHVM drivers" is rather broad term - may include just a disk/network drivers, or just kernel part - without exposing it to userspace. Release notes include only this: "The xen(4) driver now supports domU configuration under Qubes OS.", which links to: xen driver performs HVM domU guest initialization, provides abstraction for virtual Xen interrupts, access to the XenStore configuration storage as well as a device probing facility for paravirtualized devices such as disk and network interfaces. So, it looks promising. But don't know if that's all what is required. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzp+GAAoJENuP0xzK19csLjAH/jW6KRs0cASgFbRVOcJR10Q3 vjzWhZyf60aPRBOM/izOVUExbmmVtjtmQ4JIpoTplXYfTVAqHhiIqvWT7GzhotIP 20JUCV8SjrvLNYCGl7CKIRuiOVUx85tdM3OIZBcqexL+Z/YpFX40odpkIlAY9nax PM+gGzCEsSe9FjnZUma6nA4h5iJ8Jz7tcHm83NJywcF9UR9BFeRs21n224xCqWQX 23PrRNaKyEHshI/5WHUx9ImDIPNliHC9H+DerMWQzphOtivNCwKvcJ8AteImKW/H 7w4lXQ7wJEX9eyZQGwKuNz/FozVZNfxIwGvpz18vZvZVk0VTUwd5b1iIwiOmQZI= =qzuF -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906105046.GP13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
On Tuesday, September 6, 2016 at 11:17:10 AM UTC+2, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Tue, Sep 06, 2016 at 12:24:54AM -0700, Foppe de Haan wrote: > > On Tuesday, September 6, 2016 at 1:24:09 AM UTC+2, Marek > > Marczykowski-Górecki wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > On Thu, Jun 23, 2016 at 09:31:46PM +0200, Niels Kobschaetzki wrote: > > > > On 16/06/23 00:28, Marek Marczykowski-Górecki wrote: > > > > > On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote: > > > > > > Hi, > > > > > > > > > > > > what would I need to do to update an existing Fedora-template or > > > > > > install a new template to/with Fedora24? > > > > > > > > > > > > Will Fedora24-templates come with Qubes 3.2? > > > > > > > > > > In Qubes 3.2 we build packages also for Fedora 24. There is no > > > > > prepared > > > > > template available, and packages aren't tested yet, but it should be > > > > > possible to upgrade using something similar to: > > > > > https://www.qubes-os.org/doc/fedora-template-upgrade-21/ > > > > > Just replace 23 with 24 and probably use dnf instead of yum. > > > > > > > > It seems that the commands might work but the packages in the Qubes-repo > > > > have still dependency-problems with Fedora 24. It seems I need to wait > > > > for 3.2. > > > > And I am not eager to do an allowerasing or some force installing which > > > > burnt me in the past (not with Qubes but in general). > > > > > > > > The error messages are: > > > > Error: package python3-dnf-plugins-qubes-hooks-3.1.16-1.fc23.x86_64 > > > > requires > > > > python(abi) = 3.4, but none of the providers can be installed. package > > > > qubes-gui-vm-3.1.5-1.fc23.x86_64 requires pulseaudio = 7.1, but none of > > > > the > > > > providers can be installed. > > > > package xen-qubes-vm-2001:4.6.0-13.fc23.x86_64 requires xen-libs = > > > > 2001:4.6.0-13.fc23, but none of the providers can be installed. > > > > package qubes-core-vm-3.1.16-1.fc23.x86_64 requires > > > > python3-dnf-plugins-qubes-hooks, but none of the providers can be > > > > installed. > > > > package qubes-core-vm-systemd-3.1.16-1.fc23.x86_64 requires > > > > qubes-core-vm, but none of the providers can be installed > > > > (try to add '--allowerasing' to command line to replace conflicting > > > > packages) > > > > > > I've just tried this and successfully upgraded Fedora 23 to Fedora 24 > > > template. > > > > > > TL;DR version: > > > 1. Clone fedora-23 to fedora-24-test. > > > 2. Open terminal in fedora-24-test. > > > 3. Run "dnf upgrade --releasever=24". > > > 4. Shutdown the template. > > > 5. Switch (some of?) VMs to this template. > > > > > > Some basic tests are ok. Please, if any of you have a chance, test such > > > template. If that would work, we'll build full template for convenience. > > > > > What kind of tests are you hoping for? It seems to be running fine here, > > and moving files between VMs also seems to be working. > > Just some standard usage things, like: > - networking (like standard web browsing) > - updates / package installation (is it working at all? does new apps >show up in the menu?) > - emails (for example if Qubes addon for Thunderbird still works) > - update process itself (some broken dependencies?) > - memory usage, performance - compared to Fedore 23 > > - -- > Best Regards, > Marek Marczykowski-Górecki Okay. I've cloned and upgraded the fc23 template in the manner indicated, plus upgraded a Standalone fc23-based VM. Both upgraded & started without issues. No errors during update for me, just some Fedora-related annoyances (e.g. postgresql 9.4->9.5 requiring the old binaries for a database upgrade, and fedora not keeping those around) Networking / browsing seems fine so far; I swapped sys-usb, sys-net and sys-firewall to fc24, and they are working as well, at least at first glance. Qvm-usb device listing & passthrough works as well. Sys-usb and -net memory usage still at 300mb; sys-firewall memory usage (once it's been running for a while) may be at a somewhat higher level than before, but hard to say (~900mb now) Updating packages works (using the QVM manager dropdown menu selection, and simply via sudo dnf update); Installing new packages works, and they show up in the Qubes app menu list) Haven't test t-bird because I'm running that on a Debian VM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c4ac1ed-0387-431b-aaa6-6e3bb3d38f14%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 08:27:09AM +0200, Achim Patzner wrote: > Am 06.09.2016 um 01:24 schrieb Marek Marczykowski-Górecki: > > I've just tried this and successfully upgraded Fedora 23 to Fedora 24 > > template. > > > > TL;DR version: > > 1. Clone fedora-23 to fedora-24-test. > > 2. Open terminal in fedora-24-test. > > 3. Run "dnf upgrade --releasever=24". > > 4. Shutdown the template. > > 5. Switch (some of?) VMs to this template. > > > > Some basic tests are ok. Please, if any of you have a chance, test such > > template. If that would work, we'll build full template for convenience. > > I did that a two weeks ago and it improved a lot of things on my system. > It is working better if the display's resolution has been correctly set > _before_ launching anything X... > > Does anyone have a simple tool to diff the rpm inventory of two machines > and apply everything that is not installed in the target machine? 8-) rpm -qa |sort > pkg_list Then diff those files... Dnf also keep track of what packages have you installed manually (in contrast to those installed as dependencies). I can't find a tool to query this (only add/remove packages: dnf mark). But apparently you can easily get this from its database: grep -l user /var/lib/dnf/yumdb/*/*/reason That list needs some postprocessing unfortunately (like removing "/reason"), but shouldn't be that hard. > For some unknown reasons it was not a good idea to start with my R3.1 > (with all bells and whistles) template VM; I had to use the template > that came with the R3.2 installation to get it running. There are no fc24 packages for R3.1. So if you're starting with R3.1 template, first you need to upgrade it to R3.2. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzoyYAAoJENuP0xzK19csENcIAIOVCEzebbNJmsv2x3ZjgtXO Wq4XVkShDzymDKIsJ4tBCm5Ra1pX6nkswlFnDr8NadW2z0uL0YbgvAcMzrcRZ3Io wFwuSCSOOgrH61VE1uLzlV2Ew5nsC3tBuM6W4lnKR4eYHb0j3SUk22XBtiQtP219 kutHl5incaT5D91xYEi3GPPzAZLRIoxyLy6xlXbtCWdyOH4yJti8jW/PGoy3E70i M+eFJoJDBVC5IJDK6NUnNDKuixYlt3xFQSbNXiyGiM6JujGLsfqmdd+0gbDTvJTS zb931SA0fCCLQFa6HPpKxYi+Cm4QYOLevqJtdz0DC1fsyB+3nTt86NSWL8PlhcQ= =EaQo -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906093000.GN13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 06, 2016 at 12:24:54AM -0700, Foppe de Haan wrote: > On Tuesday, September 6, 2016 at 1:24:09 AM UTC+2, Marek Marczykowski-Górecki > wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Thu, Jun 23, 2016 at 09:31:46PM +0200, Niels Kobschaetzki wrote: > > > On 16/06/23 00:28, Marek Marczykowski-Górecki wrote: > > > > On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote: > > > > > Hi, > > > > > > > > > > what would I need to do to update an existing Fedora-template or > > > > > install a new template to/with Fedora24? > > > > > > > > > > Will Fedora24-templates come with Qubes 3.2? > > > > > > > > In Qubes 3.2 we build packages also for Fedora 24. There is no prepared > > > > template available, and packages aren't tested yet, but it should be > > > > possible to upgrade using something similar to: > > > > https://www.qubes-os.org/doc/fedora-template-upgrade-21/ > > > > Just replace 23 with 24 and probably use dnf instead of yum. > > > > > > It seems that the commands might work but the packages in the Qubes-repo > > > have still dependency-problems with Fedora 24. It seems I need to wait > > > for 3.2. > > > And I am not eager to do an allowerasing or some force installing which > > > burnt me in the past (not with Qubes but in general). > > > > > > The error messages are: > > > Error: package python3-dnf-plugins-qubes-hooks-3.1.16-1.fc23.x86_64 > > > requires > > > python(abi) = 3.4, but none of the providers can be installed. package > > > qubes-gui-vm-3.1.5-1.fc23.x86_64 requires pulseaudio = 7.1, but none of > > > the > > > providers can be installed. > > > package xen-qubes-vm-2001:4.6.0-13.fc23.x86_64 requires xen-libs = > > > 2001:4.6.0-13.fc23, but none of the providers can be installed. > > > package qubes-core-vm-3.1.16-1.fc23.x86_64 requires > > > python3-dnf-plugins-qubes-hooks, but none of the providers can be > > > installed. > > > package qubes-core-vm-systemd-3.1.16-1.fc23.x86_64 requires > > > qubes-core-vm, but none of the providers can be installed > > > (try to add '--allowerasing' to command line to replace conflicting > > > packages) > > > > I've just tried this and successfully upgraded Fedora 23 to Fedora 24 > > template. > > > > TL;DR version: > > 1. Clone fedora-23 to fedora-24-test. > > 2. Open terminal in fedora-24-test. > > 3. Run "dnf upgrade --releasever=24". > > 4. Shutdown the template. > > 5. Switch (some of?) VMs to this template. > > > > Some basic tests are ok. Please, if any of you have a chance, test such > > template. If that would work, we'll build full template for convenience. > > > What kind of tests are you hoping for? It seems to be running fine here, and > moving files between VMs also seems to be working. Just some standard usage things, like: - networking (like standard web browsing) - updates / package installation (is it working at all? does new apps show up in the menu?) - emails (for example if Qubes addon for Thunderbird still works) - update process itself (some broken dependencies?) - memory usage, performance - compared to Fedore 23 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXzomQAAoJENuP0xzK19csSK0H/i4PVnl2Il+W+IU2mAE4DLQe ujiBZ9//2zipC0PuIVgiXix0mpqUu4vvACUwCczQmTmpIY380mgckgj6QDongvwD jG1xrG3PpLXg07v++hOPxF4fvDCIdDhhXJuDDYKQy9qUAPvP8+Lj72P2QYnCNJLL LPGetCsGyhopu8zAH/Nx2riGxJlfJVpvcJIqHNXbb2Rq1t6WcIq5WUbKtrxaJmJ8 A0ALDdXMnQNHYboywAgSIYR3V1rUJRUxxCnuQ94TyG89XE8WtZmuNIyPaE9870Vc +lpkHZN5iO2KDKoK1rn+bzB6KC1/jZ3RhYDYIlFpSGc44UkBTxTm043565J/p9A= =+lMC -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160906091704.GM13909%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Streisand - AntiCensorship software
Hi Some of you may be interested in setting up your own personal VPN using streisand software? I first read obout this in Ars Technica [ http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/] and have since tried it out in a dedicated Streisand VM. To me, it seems to offer very high levels of security and anonominity. Does anyone else have any views on this software? - it can be accessed via github https://github.com/jlund/streisand. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nqlsok%24dck%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] OpenBSD Xen PHVM
Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it help to run OpenBSD guest in Qubes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b6ce2f9-8934-40ae-8b23-5b13b36eef50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Request for test: Re: [qubes-users] Fedora 24?
On Tuesday, September 6, 2016 at 1:24:09 AM UTC+2, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Thu, Jun 23, 2016 at 09:31:46PM +0200, Niels Kobschaetzki wrote: > > On 16/06/23 00:28, Marek Marczykowski-Górecki wrote: > > > On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote: > > > > Hi, > > > > > > > > what would I need to do to update an existing Fedora-template or > > > > install a new template to/with Fedora24? > > > > > > > > Will Fedora24-templates come with Qubes 3.2? > > > > > > In Qubes 3.2 we build packages also for Fedora 24. There is no prepared > > > template available, and packages aren't tested yet, but it should be > > > possible to upgrade using something similar to: > > > https://www.qubes-os.org/doc/fedora-template-upgrade-21/ > > > Just replace 23 with 24 and probably use dnf instead of yum. > > > > It seems that the commands might work but the packages in the Qubes-repo > > have still dependency-problems with Fedora 24. It seems I need to wait > > for 3.2. > > And I am not eager to do an allowerasing or some force installing which > > burnt me in the past (not with Qubes but in general). > > > > The error messages are: > > Error: package python3-dnf-plugins-qubes-hooks-3.1.16-1.fc23.x86_64 requires > > python(abi) = 3.4, but none of the providers can be installed. package > > qubes-gui-vm-3.1.5-1.fc23.x86_64 requires pulseaudio = 7.1, but none of the > > providers can be installed. > > package xen-qubes-vm-2001:4.6.0-13.fc23.x86_64 requires xen-libs = > > 2001:4.6.0-13.fc23, but none of the providers can be installed. > > package qubes-core-vm-3.1.16-1.fc23.x86_64 requires > > python3-dnf-plugins-qubes-hooks, but none of the providers can be installed. > > package qubes-core-vm-systemd-3.1.16-1.fc23.x86_64 requires qubes-core-vm, > > but none of the providers can be installed > > (try to add '--allowerasing' to command line to replace conflicting > > packages) > > I've just tried this and successfully upgraded Fedora 23 to Fedora 24 > template. > > TL;DR version: > 1. Clone fedora-23 to fedora-24-test. > 2. Open terminal in fedora-24-test. > 3. Run "dnf upgrade --releasever=24". > 4. Shutdown the template. > 5. Switch (some of?) VMs to this template. > > Some basic tests are ok. Please, if any of you have a chance, test such > template. If that would work, we'll build full template for convenience. > What kind of tests are you hoping for? It seems to be running fine here, and moving files between VMs also seems to be working. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4de76418-b6a4-41cb-a334-845314a6b709%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
