[qubes-users] Installation of DNSSEC-Trigger on Qubes ??

2017-01-28 Thread ThierryIT
Hi,

I do prefer to ask before doing something wrong on  my working Qubes.
Where to install DNSSEC-Trigger ? Is 'sys-net' the right answer ?
Do you have  for Qubes env any documentation on how to do it properly ?

Thx 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cca9221e-011e-47b4-ad8f-1255dc8833bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora 24 on Qubes 3.1 support, uninstallable packages

2017-01-28 Thread mvermaes
On Sunday, January 29, 2017 at 2:47:04 PM UTC+8, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-01-28 05:28, mver...@gmail.com wrote:
> > On Tuesday, January 24, 2017 at 11:50:05 PM UTC+8,
> > mver...@gmail.com wrote:
> >> Hi, I recently installed the fedora-24-minimal template per [1]
> >> and configured all my AppVMs to use a new template based on it.
> >> All seems to be working well, except that I am unable to install
> >> the following packages:
> >> 
> >> - ImageMagick - pycairo
> >> 
> >> Both are skipped as follows:
> >> 
> >> ~$ sudo dnf install ImageMagick pycairo ... Package
> >> qubes-template-minimal-stub-1.1-1.fc23.noarch is already
> >> installed, skipping. Package pycairo-1.10.0-4.fc24.x86_64 is
> >> already installed, skipping. Package
> >> qubes-template-minimal-stub-1.1-1.fc23.noarch is already
> >> installed, skipping. Dependencies resolved. Nothing to do. 
> >> Sending application list and icons to dom0 Complete! ~$
> >> 
> >> [2] seems to suggest it should be possible to install these
> >> packages, but I also saw a thread [3] that indicates that Fedora
> >> 24 may not be supported on Qubes R3.1, and maybe this could be
> >> causing the issue. The qubes-template-minimal-stub rpm is the
> >> only fc23 package that is installed in the template.
> >> 
> >> I am planning to reinstall the host with R3.2 at some point
> >> anyway, but I wanted to get Thunderbird and Firefox updated to
> >> the newer versions in F24 sooner than that, hence installing the
> >> newer template first.
> >> 
> >> The missing packages are not a big deal, but it would be great to
> >> confirm the correct process for next time (looking forward to
> >> Qubes 4.0!) Is it supported to update to a newer Fedora template
> >> and then upgrade the Qubes release on the host, or should the
> >> host always be reinstalled/upgraded to the new version first?
> >> 
> >> Thanks very much for your advice.
> >> 
> >> Michael
> >> 
> >> [1] https://www.qubes-os.org/doc/templates/fedora-minimal/ [2]
> >> https://github.com/QubesOS/qubes-issues/issues/2380 [3]
> >> https://groups.google.com/d/topic/qubes-users/uwnPpxhJaZY/discussion
> >
> >> 
> > I've done a clean install of Qubes 3.2 on the host now, and then
> > re-downloaded qubes-template-fedora-24-minimal and set up my custom
> > template based on it. I still see the same issue with ImageMagick
> > being skipped for installation.
> > 
> > If I try to install ImageMagick in the unmodified fedora-24-minimal
> > template, dnf offers to download the 'real' packages. But after
> > using dnf to update all packages, the problem is introduced. The
> > smallest package set I've found to reproduce this is just dnf, ie.
> > 
> > dnf update dnf
> > 
> > will trigger the behaviour. But I'm not really sure where to look
> > next. Any suggestions?
> > 
> > Thanks again.
> > 
> > Michael
> > 
> 
> See this issue:
> 
> https://github.com/QubesOS/qubes-issues/issues/2606
> 
> You can work around this by specifying the package version, e.g.,:
> 
> $ sudo dnf install pycairo-1.10*
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJYjY/TAAoJENtN07w5UDAw5H4QAMWsqGBnj+FXIwbbjpx4rGoJ
> 9m3pHcxxezsjzqTYd9YlGP/FjEMjo9tvcG052hZY+BzPyROhmHAzvOjipbJxaLZc
> 9iu8iRR4U0xt+REf+c5r2Cbn12NKzjzAJSEVL2tXgrUN/mMokjUvkW5N+9jRnkTY
> Q3BOM0B7ZWBCYqH5cL2vDHfHU9EHATQr8J3S8m9jdzlotyJe18k/tMmtA6J8OxvP
> 2GphqPO361ukbsM4zH0cKt/rj4IP8QJSh1BQZwqszGPmIQpUBHUPeoyI+3v24h0c
> ikfuCvTAL3szeMy6sb8lvJkDKtio2jbRwWVGv5M3qmaMrkWF3OpShCayCcBcjOMk
> +h5qFWiQoXaDyFKO8KqST7V8WNrqBB16PN549n4WC1zlytPNmkWijmTBoNKiV1Ap
> sMHlKKbKfiPb3b29W/FwWYjd8okniQWXP49Oa9xwxb3EIK5xKsPbfMXtwk1EAZuC
> cFP/jiFLHWGJz0TyByg6b+5PeWVrUb1kuNnxGJd46hRFy7k2xgfF33rOi1Sga/Mr
> 93txQnT4Sihcd+Qu1EeaF/HWfjC5rki98cARWnuBZtiJnVUlmaWuxD+Tevad47PF
> F16ZqSD52SEJlVb2WL9bFL9i8ozGPUZV7izS0aL1liR+TIDH7F/ZWWrewKtec7Nd
> jIa7iu0rEybTPVvQhYYO
> =icAe
> -END PGP SIGNATURE-

Excellent, thanks for your help.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4f09d0c-b4d4-4055-b573-8f02eadcf500%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora 24 on Qubes 3.1 support, uninstallable packages

2017-01-28 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-28 05:28, mverm...@gmail.com wrote:
> On Tuesday, January 24, 2017 at 11:50:05 PM UTC+8,
> mver...@gmail.com wrote:
>> Hi, I recently installed the fedora-24-minimal template per [1]
>> and configured all my AppVMs to use a new template based on it.
>> All seems to be working well, except that I am unable to install
>> the following packages:
>> 
>> - ImageMagick - pycairo
>> 
>> Both are skipped as follows:
>> 
>> ~$ sudo dnf install ImageMagick pycairo ... Package
>> qubes-template-minimal-stub-1.1-1.fc23.noarch is already
>> installed, skipping. Package pycairo-1.10.0-4.fc24.x86_64 is
>> already installed, skipping. Package
>> qubes-template-minimal-stub-1.1-1.fc23.noarch is already
>> installed, skipping. Dependencies resolved. Nothing to do. 
>> Sending application list and icons to dom0 Complete! ~$
>> 
>> [2] seems to suggest it should be possible to install these
>> packages, but I also saw a thread [3] that indicates that Fedora
>> 24 may not be supported on Qubes R3.1, and maybe this could be
>> causing the issue. The qubes-template-minimal-stub rpm is the
>> only fc23 package that is installed in the template.
>> 
>> I am planning to reinstall the host with R3.2 at some point
>> anyway, but I wanted to get Thunderbird and Firefox updated to
>> the newer versions in F24 sooner than that, hence installing the
>> newer template first.
>> 
>> The missing packages are not a big deal, but it would be great to
>> confirm the correct process for next time (looking forward to
>> Qubes 4.0!) Is it supported to update to a newer Fedora template
>> and then upgrade the Qubes release on the host, or should the
>> host always be reinstalled/upgraded to the new version first?
>> 
>> Thanks very much for your advice.
>> 
>> Michael
>> 
>> [1] https://www.qubes-os.org/doc/templates/fedora-minimal/ [2]
>> https://github.com/QubesOS/qubes-issues/issues/2380 [3]
>> https://groups.google.com/d/topic/qubes-users/uwnPpxhJaZY/discussion
>
>> 
> I've done a clean install of Qubes 3.2 on the host now, and then
> re-downloaded qubes-template-fedora-24-minimal and set up my custom
> template based on it. I still see the same issue with ImageMagick
> being skipped for installation.
> 
> If I try to install ImageMagick in the unmodified fedora-24-minimal
> template, dnf offers to download the 'real' packages. But after
> using dnf to update all packages, the problem is introduced. The
> smallest package set I've found to reproduce this is just dnf, ie.
> 
> dnf update dnf
> 
> will trigger the behaviour. But I'm not really sure where to look
> next. Any suggestions?
> 
> Thanks again.
> 
> Michael
> 

See this issue:

https://github.com/QubesOS/qubes-issues/issues/2606

You can work around this by specifying the package version, e.g.,:

$ sudo dnf install pycairo-1.10*

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYjY/TAAoJENtN07w5UDAw5H4QAMWsqGBnj+FXIwbbjpx4rGoJ
9m3pHcxxezsjzqTYd9YlGP/FjEMjo9tvcG052hZY+BzPyROhmHAzvOjipbJxaLZc
9iu8iRR4U0xt+REf+c5r2Cbn12NKzjzAJSEVL2tXgrUN/mMokjUvkW5N+9jRnkTY
Q3BOM0B7ZWBCYqH5cL2vDHfHU9EHATQr8J3S8m9jdzlotyJe18k/tMmtA6J8OxvP
2GphqPO361ukbsM4zH0cKt/rj4IP8QJSh1BQZwqszGPmIQpUBHUPeoyI+3v24h0c
ikfuCvTAL3szeMy6sb8lvJkDKtio2jbRwWVGv5M3qmaMrkWF3OpShCayCcBcjOMk
+h5qFWiQoXaDyFKO8KqST7V8WNrqBB16PN549n4WC1zlytPNmkWijmTBoNKiV1Ap
sMHlKKbKfiPb3b29W/FwWYjd8okniQWXP49Oa9xwxb3EIK5xKsPbfMXtwk1EAZuC
cFP/jiFLHWGJz0TyByg6b+5PeWVrUb1kuNnxGJd46hRFy7k2xgfF33rOi1Sga/Mr
93txQnT4Sihcd+Qu1EeaF/HWfjC5rki98cARWnuBZtiJnVUlmaWuxD+Tevad47PF
F16ZqSD52SEJlVb2WL9bFL9i8ozGPUZV7izS0aL1liR+TIDH7F/ZWWrewKtec7Nd
jIa7iu0rEybTPVvQhYYO
=icAe
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1209f1e2-9f25-48dc-bdcb-916b19b8fc50%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread Thierry
Bonjour Raahelps,

Le samedi 28 janvier 2017 à 17:58:44, vous écriviez :

> On Saturday, January 28, 2017 at 5:57:51 AM UTC-5, ThierryIT wrote:
>> Sorry for  all this noise 
>> I have mounted "xvdi5" with success.
>> But: unknown filesystem type: LVM2_member
>> 
>> Something to install on this vm  ?
>> 
>> Thx
>> 
>> Le samedi 28 janvier 2017 12:54:07 UTC+2, ThierryIT a écrit :
>> > > My mistake.
>> > > I  did it  from  "dom0" 
>> > > 
>> > dom0:sdb WD.698G (attached to vm-test as 'xvdi')
>> > dom0:sdb5 WD690G 
>> > dom0:sdb1 ...
>> > dom0:sdb2
>> > etc 
>> > 
>> > If I try to mount xvdi as LUKS: It is not a valid LUKS
>> > I do think that the right partition  to mount should be "sdb5" ... How to  
>> > mount  "sdb5" ??
>> > 
>> > Thx
>> > > 
>> > > Le samedi 28 janvier 2017 12:43:57 UTC+2, ThierryIT a écrit :
>> > > > qvm-block  command not found ... ??
>> > > > I am right to do  it  from my vm-test ?
>> > > > 
>> > > > Thx
>> > > > 
>> > > > Le samedi 28 janvier 2017 12:10:26 UTC+2, Andrew David Wong a écrit :
>> > > > > -BEGIN PGP SIGNED MESSAGE-
>> > > > > Hash: SHA512
>> > > > > 
>> > > > > On 2017-01-28 01:45, ThierryIT wrote:
>> > > > > > Hi,
>> > > > > > 
>> > > > > > I have installed with success  Qubes 3.2  on my Lenovo W520. I ma
>> > > > > > bit by bit playing  with it. I would like to have access to my  old
>> > > > > > encrypted hard drive, still do remember the passphrase :) I have
>> > > > > > build a new vm, let's call it "vm-test" I  have attached the block
>> > > > > > device to it, seems to be good  ... But after ? How to mount it ??
>> > > > > > 
>> > > > > > Thx
>> > > > > > 
>> > > > > 
>> > > > > It's probably mounted as /dev/xvdi (you can check with qvm-block).
>> > > > > So, in vm-test, try something like:
>> > > > > 
>> > > > > $ sudo cryptsetup open /dev/xvdi hdd
>> > > > >   
>> > > > > $ sudo mount /dev/mapper/hdd /mnt/removable
>> > > > > $ cd /mnt/removable
>> > > > > $ ls
>> > > > > 
>> > > > > - -- 
>> > > > > Andrew David Wong (Axon)
>> > > > > Community Manager, Qubes OS
>> > > > > https://www.qubes-os.org
>> > > > > -BEGIN PGP SIGNATURE-
>> > > > > 
>> > > > > iQIcBAEBCgAGBQJYjG4DAAoJENtN07w5UDAwQO0QAMPg3I4YoMMxMRcJSt6ds8/i
>> > > > > qdTXOg5YrG9dglctSfK9FWdr066wdar/8k7R9DIyX/ndg8p9sfPXq8Gdlzw0KiEH
>> > > > > G6kLAXVZN4qQ4fQYnMhZE6AhUlj6ZjsPA6+BUr4NyzoCyd0z0wfhyvm2ulR8VoUA
>> > > > > /FiZOFYWQ2oFnJed4LUV3KgaT9TOo969zbZ306KsFUV6CqZw38My4B8qfqr0/qC4
>> > > > > RklCHG/D230AXAq9PtOY1wH/sCbNFR8wqnUoNIIT+qPxWtnXZFtcNZuqmiKiSDAB
>> > > > > WdlnJEJ0ktDRT99RhrIcnTDLBXel/e0l9Y6YtV+spVPhPdPMRcppeyQzboAtPTfw
>> > > > > UfA4wri5KuDROgJ5RpopkfyXyEJz7yWg8hQXyfqRKf+IDoIHxEyhYA8v0CDBjACT
>> > > > > 3zu7SFn21ki9N94SV7wTL0ODQjVTNtrtlHB/jrs2/s0HVacxIxOm9DbuDdCAHNqO
>> > > > > OAj+NjSNa2jcXlF1/l24hsEAabBVMUrPhtPeaw7WoTxkADv1KM5lNUS4mcYhwsPg
>> > > > > BfLjtsTcaYKRQaxi26WcAzdem2kUhHG31RzSAEAuHXTC0S+aEJv3UgAf++Xhn/F2
>> > > > > nBgYV2hz5WlU6u5OdBLQppUXPEuwKhwp7Um5hUKHFN3+eYK9sPWbK2JpYc2i2lSs
>> > > > > Qc4E/xMl/TLaJd1IHMfX
>> > > > > =xkVz
>> > > > > -END PGP SIGNATURE-

> how did you encrypt the drive?   I have an external encrypted drive
> i use.  I simply open it with any file manager which prompts me for
> the encryption phrase.  nautilus should work?

I have not tried with  Nautilus, but this is working for me.

-- 
Cordialement,
 Thierrye-mail : lenai...@maelenn.org

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/953712293.20170129080356%40maelenn.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: disk utility in dom0

2017-01-28 Thread cezgeth
Den søndag den 29. januar 2017 kl. 02.42.55 UTC+1 skrev Ted Brenner:
> I assume this is something that could be done during install right? Does seem 
> like something should already be there. Though having gparted seems 
> worthwhile. Thanks for the help!
> 
> 
> On Sat, Jan 28, 2017 at 7:15 PM,   wrote:
> Btw, forgot to add just in case, be sure to download the gparted that matches 
> the Fedora version which Dom0 is running on. If you are running Qubes 3.2, 
> then it is likely to be Fedora 23. Also be mindful of downloading to the 
> right architecture matching your system, there are 3 architecture RPM 
> download choices once you click on the Fedora version.
> 
> 
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/3eca86f0-cb65-447a-b277-40d9c5b2436b%40googlegroups.com.
> 
> 
> 
> For more options, visit https://groups.google.com/d/optout.
> 
> 
> 
> 
> 
> -- 
> 
> Sent from my Desktop

Don't think it can be included during install, it isn't like old-school Linux 
in that sense. The reason most of Dom0 has been stripped is presumably to 
reduce the attack surface. But as you said, partition management indeed is 
really something of the sorts of is "mandatory". Hard to picture how such 
small, simple and widely used open source tool, that doesn't use internet 
access, can be a security risk. Maybe I missed something, but in the event it 
indeed can pose a security risk, then it would be nice with some write-up or 
documentation to learn why. If nothing else, not to leave us puzzled and 
scratching the backs of our heads. 

No probs btw, hope it works out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ec8418c-2de1-4676-9124-d95040f78478%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Custom qrexec services

2017-01-28 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, Jan 28, 2017 at 05:55:14PM -0500, Jean-Philippe Ouellet wrote:
> From https://github.com/QubesOS/qubes-issues/issues/910#issuecomment-275872140
> (here to not pollute that issue)
> 
> @marmarek wrote:
> > BTW I'm curious how many people have custom qrexec services ;) On one of my 
> > machines I have 15 of them.
> 
> 
> I have at least the following (not all are finished or enabled):

So, if we're listing them, here are few of mine:

1. write USB - _unidirectional_ service to write an fs image into USB
stick (service into USB VM)

2. update local apt/yum repository[1] - get packages just uploaded via
qubes.Filecopy and expose them to LAN as yum/apt repo

3. inter-VM git connection[1]

4. send SMS - use built-in modem to send a SMS (using ModemManager d-bus
API) - currently both destination number and text are inside of pipe,
but I consider putting the number into service argument (to allow some
VM to send SMSes only to selected numbers)

5. all those defined in qubes-builder[2], recently published details in [3]

6. (WIP) trigger build in response to github notification (notification
received in one VM, then send a simple signal "something have changed"
to build VM(s) - those VMs will fetch appropriate git repositories (with
signed tags verification), and check if any new package needs to be
built. 

7. activate screenlocker - this service is launched when I unplug 
yubikey from USB VM (USB VM->dom0, without any data inside the pipe)

8. Send wake-on-lan signal to other machine (service into netvm)


In context of the #910 ticket, here are those where I have multiple
target domains with "allow" rule:

 - qubes.Filecopy - I have various scripts to automate my workflow, for
   example:
- build rpm package
- qubes.Filecopy it to a VM running repository exposed to my LAN
- run another service to update metadata on that repository (see
  service 2)
   or this:
- get a build log(s)
- qubes.Filecopy it to another VM with gist tool installed[4], and
  limited github API key configured
- launch another service to upload those file to gist
   or this:
- build a kernel + initrd
- qubes.Filecopy it to a VM with tftpserver - there
  ~/QubesIncoming is exposed into LAN using tftp (and my DHCP server
  points there to look for PXE files)
   In all the above cases, a source VM have multiple "allow" rules to
   different destination VMs. In fact on this system the final line of
   qubes.Filecopy policy is "$anyvm $anyvm deny", not "ask" ;)

 - inter-vm git access - this allows me to push code into different
   build/test environment - for example I have different VM to build
   some preliminary PoC code, different VM to build test templates (not
   using DispVM there, to not rebuild everything each time), etc

 - service in point 6 will need to notify _multiple_ build VMs when some
   notify arrive - for example to build all Fedora and Debian packages
   (those are different build environments)

[1] https://www.qubes-os.org/doc/development-workflow/
[2] https://github.com/QubesOS/qubes-builder/tree/master/rpc-services
[3] https://github.com/QubesOS/qubes-infrastructure
[4] https://github.com/defunkt/gist

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYjU2mAAoJENuP0xzK19csR4wH/0xHbXH6K6QksHe7e8Gxj4ky
a79M1I/Yhq8av4PZvAWSP2WnUomKU2VH9/KSle2GekXIVahpjH3ieVvvsgEFyWJc
5CW0/a0Aq3fLM4rXcsU7R/0YQtfjnu1OgmVQa3CbFTaLFArcyATxD8ODMSfdvtHH
5fFPFiBCplLM3pFIm57hp0+CpqE4fYOonsPsXeBdD9EorhwqyFh9Vbnyx9JbhKFA
1hZ9yBCgM6Hd4AhvUH2zj6bcxfRINHDJ4EYikiBjvAzYIgQq3cxqGhZNKK6k+h9D
ERatifySW6HeKwGXPTHqerxApP131MlucZxIm6sKVsum6nUQs0b72lY12cJjncs=
=nFoR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170129020422.GU1285%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: disk utility in dom0

2017-01-28 Thread Ted Brenner
I assume this is something that could be done during install right? Does
seem like something should already be there. Though having gparted seems
worthwhile. Thanks for the help!

On Sat, Jan 28, 2017 at 7:15 PM,  wrote:

> Btw, forgot to add just in case, be sure to download the gparted that
> matches the Fedora version which Dom0 is running on. If you are running
> Qubes 3.2, then it is likely to be Fedora 23. Also be mindful of
> downloading to the right architecture matching your system, there are 3
> architecture RPM download choices once you click on the Fedora version.
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/3eca86f0-cb65-447a-b277-40d9c5b2436b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutz0bSOEOogMdUGYPiYQgKkFWK1-qUyhC5PJELhvi6YrqQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: disk utility in dom0

2017-01-28 Thread cezgeth
Btw, forgot to add just in case, be sure to download the gparted that matches 
the Fedora version which Dom0 is running on. If you are running Qubes 3.2, then 
it is likely to be Fedora 23. Also be mindful of downloading to the right 
architecture matching your system, there are 3 architecture RPM download 
choices once you click on the Fedora version.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3eca86f0-cb65-447a-b277-40d9c5b2436b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: disk utility in dom0

2017-01-28 Thread cezgeth
Den lørdag den 28. januar 2017 kl. 20.09.44 UTC+1 skrev Ted Brenner:
> What is the best way to add and partition disks in dom0? I just added some 
> hard drives that I'd like to format and partition and then pass those to a 
> guest VM for storing my person files. With xfce, I don't see any GUI based 
> disk utility. Does this have to be done via the command line?
> 
> 
> Thanks!
> 
> 
> -- 
> 
> Sent from my Desktop


As far as I know there are none pre-installed, but I could be wrong. I usually 
solve this by installing gparted my self.

There are three ways that I know of to install it, all of them are security 
risks in their own way, either minor or major depending on your environment or 
what you download into Dom0, etc. One approach to install gparted in Dom0 is 
adding a repository in Dom0. Another approach is to download gparted through 
your browser and move it over to Dom0 via shared harddrive or USB, (remember to 
umount in both Dom0 and Dum0 whenever accessing the opposite, that is 
Dom0/DomU). It is also possible to just move it with terminal which avoids 
shared-drives/USB transfer altogether. Whichever method you use, all are a 
security risk in their own rights, though trusting Fedora/gparted, and you 
trust your USB devices then, then you should be fine.

Terminal move approach is more secure method if you don't trust your shared 
drives or USB device in Dom0, Qubes has official guides for how to do that with 
the terminal.

So in order to use two of the above three methods to transfer the file to Dom0, 
grab and download gparted 
https://koji.fedoraproject.org/koji/packageinfo?packageID=1950 

Once you downloaded it and moved it over to Dom0, then open the Dom0 terminal, 
and write "sudo yum install /path-to-gparted-rpm-in-Dom0" or just write "sudo 
yum install" and drag and drop the file to automatically generate the path 
after the install part. 

After install just type gparted in terminal to start it. 

Best to avoid installing or moving anything to Dom0 as far possible, but 
sometimes it just isn't practical, i.e. gparted is really nice to have. Maybe 
Qubes has a build-in partition manager, but I never managed to find it, so this 
is what I do.

Keep in mind this is just what I do to work around it, it might or might not be 
best practice.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f75e5ee-560e-4c06-8645-3838b7ba35e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Kali screen problems

2017-01-28 Thread Chris Bensch
On Friday, October 7, 2016 at 5:50:26 PM UTC, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-10-07 00:37, petor...@gmail.com wrote:
> > I was wondering if anyone else is experiencing problems with installing 
> > Kali on a HVM in Qubes. When I boot the fresh installed Kali HVM i see the 
> > logon screen fine, but after that I see the top op the screen in the lower 
> > 10% of the window
> > 
> 
> Did you follow the instructions here?
> 
> https://www.qubes-os.org/doc/pentesting/kali/
> 
> Some other users have also reported problems with installing Kali HVMs, but I 
> don't recall your specific issue being reported yet. Added:
> 
> https://github.com/QubesOS/qubes-issues/issues/1981#issuecomment-252317236
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJX9+BWAAoJENtN07w5UDAwDFQP/0ikwP2L1UUI8a214Ry9RwFW
> WQ7lsWxELbw6eLbosx8FGLRqdhae/zeHcv/VYsztCvxwRJ9/DUizn7apE5jk5tKU
> 1zsDgBaE3T4nhli1sBU7EvSA5KDzBGeI7H/RiONusyOLz9gC/vRE1XxjPlOXLqCX
> O3EdZfjmqHMlQYHTJYS6BPcxHB+YJtt9AeopPsJff5acqkHkuMIep5r7y/IX7jad
> 445xZMX3yWVyRsTy+QS4RFj8pWJzrC8PdxQXR05+siIVyDfW2ca+s1lCEdeEBetg
> Z/CwzXJUzcFmEkTH2HuIMWZJMuLvdWLq+OyJnbSmxGM9N9DAV85ZhP76c5tWQzBz
> GRYQ+KVp9t2iY+ZRJQSp0sS46ETd5sJ+g1XQ9vImiKVvgwMMn5T0FKRtLtQjkO5V
> S+KJGtC+7DS7oyC+vni1ZGjK6iOdaI0gjoSZr8ARInsigqL6waL9n3Cx4k4IV4pQ
> Ox8cymBV4EONknZ9cJQUFErnmPOVbBkvZXvEbUOEkQJTQKmDF0tZasnkEcrqHfhh
> ePyGBEZBYmQNtEn2M/nH4QHx/0IgSDnswyoy7YOz1y2Vtjf9T7Er4Pthvdkwh3h1
> WlLhYmlgQ6yOZr6py317a8EfanxyH6jkTAQ60rT2jr5ChWgEv9XSGNMO8fT8M7xU
> JSv5lPqZvlN4nDaGBKAn
> =FRMX
> -END PGP SIGNATURE-

FWIW, I played with this for a while, the MATE and XFCE versions work fine so I 
started looking for commonalities...they weren't using gdm.  So on my default 
kali install running gnome, i installed lightdm init 3 and now everything works 
fine.  Just no pretty gdm login screen.  Hopefully this will work for others.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e9c3c1a-7516-48e1-a08d-b190419b7073%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Mouse and Keyboard Stuck After USB Qube

2017-01-28 Thread cezgeth
Den fredag den 27. januar 2017 kl. 15.24.38 UTC+1 skrev jgmalh...@gmail.com:
> I just created a USB Qube, following the instructions from 
> https://www.qubes-os.org/doc/usb/.
> Immediately after booting the new qube, my mouse and keyboard stopped working.
> 
> After that, I waited for around 15 min, and nothing changed. So I powerd off 
> my pc by pressing the button in the CPU.
> 
> When I turned it on again, my mouse and keyboard kept stuck in the page to 
> input the password. The keyboard worked during the GRUB fase. 
> 
> I'm pretty sure that I only need to give the USB's control back to dom0, but 
> I have no ideia how to do that now that I can't even log in. 
> 
> Has any one experienced similar problems? Do you know how I could solve that?
> 
> PS: Sorry for the grammar errors. I'm using my phone right now

Did you try to unplug/plug first? You're not telling us much, it is hard to 
help you without much information, a little extra will be insightful.

Also do you have a PS/2 port as Andrew mentioned? If you do, then the fix is 
really, really straight forward and easy to fix by grabbing an old or cheap to 
buy PS/2 mouse or keyboard. Been there, done that, it works.
Also it is possible to use just a PS/2 keyboard without a PS/2 mouse, but it 
takes a bit of keyboard navigation to reach the USB-Qubes settings to disable 
the "Auto-start at boot" function. A PS/2 mouse would make that easier, best 
with both PS/2 devices if you got a password on your login. Once that 
auto-start on your USB-Qube QVM has been disabled then just reboot, and you're 
back to normal. 
In the event you are on a laptop, then this likely won't work, but it should 
work on most desktops with a PS/2 port, or really old laptops with PS/2 ports.

Also be mindful if your system has any extra USB controllers which might still 
reside in Dom0, you might be lucky. Most cheap systems just have a single USB 
controller though, but for example if you got 3.1 or even sometimes with 3.0, 
then it is likely you got an extra USB controller. If you didn't remove that 
possible extra controller from Dom0, then you should still be able to use your 
USB keyboard/mouse on those USB ports. Assuming, of course, you got an extra 
unassigned controller left in Dom0.

If none of that works, then your best hope is probably indeed changing the 
Xen.cfg boot file. You already got a live USB Debian, that will be helpful. 
Boot it up and go to your terminal. It is likely that your xen.cfg is on 
separate boot partition, in that case you need to make an empty folder on your 
temporary live boot and mount that partition to it (i.e. in /media or /mnt). 
It's usually on the smallest partition, typically 100MB to 700MB in size. Also 
in order to edit the xen.cfg file you will likely need to either chroot to 
directly access it or alternatively use 'sudo mv' command to physically move 
the xen.cfg file to somewhere you have write access, whichever is easier for 
you. If you used the move method (i.e. to your live boot at 
/liveboot/home/user/ then remember to move it back to its original location 
after you modified it. It is far easier to just move it than to learn how to 
use chroot if you haven't used that before. Basically in short, move file to 
where you got write access, modify it, and then move it back again, done. There 
are other ways to do this, but this is pretty simple and straight forward.

Furthermore if your xen.cfg file was empty, then this is likely because you 
didn't open it correctly and instead it created a new file, since if you didn't 
get the path right, then it will just make a new file with that name at 
whatever path you put in. That, or it was the wrong xen.cfg file, because it 
can't be empty, your system can't boot without it. So be sure to get the path 
right. 
You can always use the "cd" command to navigate the folders one by one. And 
each time you reach a new folder/directory, use the "dir" command to see the 
content before cd'ing to the next directory. Once you find the xen.cfg, you can 
i.e. use "nano xen.cfg" to read it, but remember you can't edit it without 
write access. So at this point you either chroot, move it, or other means to 
gain write access.

As for what you need to put into the xen.cfg I am not sure about, it is most 
likely a single and simple short command. Someone else might be able to provide 
you with that answer. 

The xen.cfg file is the boot file for Xen/Qubes, so be sure not to mess up any 
existing commands in the file, or forgetting to move it back to its exact 
original location. Without it Qubes won't boot at all, or not boot correctly. 
So modify/move the xen.cfg file carefully. It definitely won't hurt to make a 
backup copy before you edit it.

Others might know more than me about this, but if there indeed is a 
rd.qubes.hide_all_usb command in your xen.cfg file as Levojohn suggested, then 
the above should work if you clear that commmand from the xen.cfg file.

-- 
You received this 

Re: [qubes-users] Custom qrexec services

2017-01-28 Thread Andrew
Jean-Philippe Ouellet:
>>From https://github.com/QubesOS/qubes-issues/issues/910#issuecomment-275872140
> (here to not pollute that issue)
> 
> @marmarek wrote:
>> BTW I'm curious how many people have custom qrexec services ;) On one of my 
>> machines I have 15 of them.
> 
> 
> I have at least the following (not all are finished or enabled):
> 
> 1. requesting port forwarding (with separate policies for different
> arguments to denote different ports)
> 
> 2. requesting USB device passthrough (arg to specify device)
> 
> 3. requesting VM be created from particular template with particular
> RPM installed (to test in clean envs)
> 
> 4. requesting ssh session from VM with no netvm (mitigates
> http://nastytrap.ru:25 issue described by @rootkovska in
> https://groups.google.com/d/topic/qubes-devel/niMbDhS_nWI/discussion)
> 
> 5. render html (like qubes.PdfConvert, and allowed from any)
> 
> 6. excel-to-csv
> 
> 7. create hvm w/ particular iso, particular xen cfg, & point
> stdin/stdout at console device (from trusted dev vm, for WIP
> OpenBSD-in-qubes work)
> 
> 8. WIP qubes.Filecopy equivalent which does not require the VM to be
> running (encrypts the file with a key only known to the dest VM &
> stores in staging area for dest VM to retrieve later). Goal is to
> safely allow transferring data to VMs with encrypted private.img while
> in a physical location where you do not want to type that VM's
> passphrase.
> 
> 9. giving me a serial console without passing through the whole FTDI
> device at USB level (for safety, but also works around some issues
> when reattaching)
> 
> 10. killing jtagd & reloading a driver, because dumbly broken tools
> are dumbly broken
> 
> 11. queuing stuff to print
> 
> 12. start ssh session via sshd -i (inetd mode) (used because i can
> multiplex multiple things (shells, scp, etc.) over a single ssh
> session, which is convenient in the case of '$dispvm' targets (because
> you don't know the name of the just-started VM to specify multiple RPC
> calls to it), so in some cases it's less hacky than trying to automate
> lots of things over a single qubes.VMShell to a dispvm)
> 
> and several more
> 

Cool!

Great list, and great ideas.  It would be nice if generally useful
services like some of these could be included in the repos.

I use a few custom qrexec services myself.

One in particular is designed to act as a socat bridge between a VM
("tor-proxy") hosting a "HidServAuthorizeClient" Tor hidden service on
one side, and a control panel interface on a VM ("host") hosting
software which must be connected to the clearnet on the other side.

The control panel port is firewalled off on "host" and so is
inaccessible over the clearnet.  However, incoming connections to
"tor-proxy" (i.e. to the hidden service) launch a qrexec request to
"host", which sets up a socat bridge.

This is probably not a good idea for applications with many new
connections, as the overhead from the Qubes RPC calls for every
connection must be pretty extreme in this context.  However, serving Tor
hidden services via a qrexec link to a VM with no networking might be a
neat way to reduce risk of exploitation.  Bonus points for using
per-connection disposable VMs and MirageOS unikernels!

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c08fd1e-d180-c746-3ca1-d122caca81b0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Custom qrexec services

2017-01-28 Thread Jean-Philippe Ouellet
>From https://github.com/QubesOS/qubes-issues/issues/910#issuecomment-275872140
(here to not pollute that issue)

@marmarek wrote:
> BTW I'm curious how many people have custom qrexec services ;) On one of my 
> machines I have 15 of them.


I have at least the following (not all are finished or enabled):

1. requesting port forwarding (with separate policies for different
arguments to denote different ports)

2. requesting USB device passthrough (arg to specify device)

3. requesting VM be created from particular template with particular
RPM installed (to test in clean envs)

4. requesting ssh session from VM with no netvm (mitigates
http://nastytrap.ru:25 issue described by @rootkovska in
https://groups.google.com/d/topic/qubes-devel/niMbDhS_nWI/discussion)

5. render html (like qubes.PdfConvert, and allowed from any)

6. excel-to-csv

7. create hvm w/ particular iso, particular xen cfg, & point
stdin/stdout at console device (from trusted dev vm, for WIP
OpenBSD-in-qubes work)

8. WIP qubes.Filecopy equivalent which does not require the VM to be
running (encrypts the file with a key only known to the dest VM &
stores in staging area for dest VM to retrieve later). Goal is to
safely allow transferring data to VMs with encrypted private.img while
in a physical location where you do not want to type that VM's
passphrase.

9. giving me a serial console without passing through the whole FTDI
device at USB level (for safety, but also works around some issues
when reattaching)

10. killing jtagd & reloading a driver, because dumbly broken tools
are dumbly broken

11. queuing stuff to print

12. start ssh session via sshd -i (inetd mode) (used because i can
multiplex multiple things (shells, scp, etc.) over a single ssh
session, which is convenient in the case of '$dispvm' targets (because
you don't know the name of the just-started VM to specify multiple RPC
calls to it), so in some cases it's less hacky than trying to automate
lots of things over a single qubes.VMShell to a dispvm)

and several more

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_DoFOLqcL%2BbDg8N9%2B3PU5gBzWp0NKmBBFHpV9iinj%3Df_Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Possible to get usable Win7 gui?

2017-01-28 Thread cezgeth
Den torsdag den 29. december 2016 kl. 13.07.44 UTC+1 skrev Jarle Thorsen:
> Currently my Windows 7 StandaloneVM feels a bit sluggish.
> 
> Moving windows (no phun intended) is a pain.
> 
> Is it possible to have a Windows VM without any lag, or is this just a part 
> of the deal with Qubes OS?
> 
> What tweaks should I do to get my Windows VM as responsive as possible?
> 
> I have no problems with lag in dom0 or any of the Linux VMs.
> 
> My display is 2560x1440, maybe a large display is part of my problem?

"Is it possible to have a Windows VM without any lag".

Yes, I can confirm that it is possible. I run Windows 7 completely lag free on 
Qubes OS, it feels very snappy and instant, just as if it was running bare 
metal. Both with or without seamless mode. 

I've installed Qubes Windows Manager completely according to the official Qubes 
guidelines.

My setup that runs Win7 smoothly
- QVM instance: Windows 7 64-bit
- CPU: i5 6500 3.2GHz (default set to two cores). 
- Total system RAM: 24GB 
- QVM Win7 memory allocation: 5GB.
- Disc allocation: 100GB (Make sure Windows has plenty free space).
- Graphics: Intel HD Graphics 530 (CPU integrated graphics)
- Triple monitor setup, all controlled by Intel integrated graphics 
(HDMI/HDMI/VGA).
- Seamless mode, sometimes on, sometimes off.

In case you use VGA monitors, then VGA monitor in my case causes some issues 
that impacts screen tearing a bit if used together with HDMI, only a slight 
second when moving app between screens. It is slightly annoying though, and I 
haven't looked into that yet. Though just be aware that VGA monitors might not 
play too well with HDMI/Display monitors, in case you use a setup like that.

You don't need 24GB memory, i.e. I got more than plenty, you will be fine with 
less. How much is a good guess though, I would say total system 8k GB memory is 
fine (Qubes 4k, Windows 4k each is fine for normal use), just don't open too 
many memory hungry VM's at the same time.

My CPU and its integrated graphics isn't top notch, but not all bad either, so 
if your system is anywhere near these specs, it is probably a 
software/driver/Bios-setting issue and not hardware performance related.

I found in my early Qubes days that Nvidia with the nouveau driver was laggy as 
hell, to put it mildly. My nvidia GPU that I first ran Qubes on was GTX1060, 
which is now retired from my Qubes setup. The GTX 1060 with nouveau ran though, 
barely. It was by no means smooth, neither in Dom0 or any QVM's, one big hell 
of lag. Some older graphic cards than 1060 might do better with the nouveau 
drivers, but the newer the card the less perfect it will likely run in Qubes 
(i.e. might be the case in your situation). The moment I took out my monitors 
from my nvidia card and instead plugged them to my motherboard internal 
graphics, I became completely lag free, and everything was really smooth 
(Shutdown Qubes first, so it can boot proper graphic drivers). I get stressed 
by lag, so I can definitely say that the contrast was big to when I used 
nvidia, I feel nothing now with Intel graphics, it's smooth. As many has said 
before with Qubes, Intel or many of the AMD graphics, just works. Nvidia with 
their monopolistic product designs is a big pain in the *** as they try to 
shove their market fragmented profit maximized proprietary garbage down our 
throats... *ahem*... we lack competition (Go AMD!). 

Anyway, In Bios, in case you have such a setting, then make sure to check if 
on-board graphics are set to CPU, and not GPU. Furthermore be vary of any 
"shared" memory features between CPU/GPU in the BIOS, when I turned mine on it 
made Qubes's graphics teary and really laggy. This might hypothetically be more 
or less laggy depending on the hardware used, make sure to test the difference 
by turning it off if you got it on.

So if you got multiple graphic cards, this may be a source to your problems, 
especially if it is nvidia. If you are dual-booting (despite that it isn't the 
best to do in terms of security), then you can still make use of your nvidia 
card in other OS's, i.e. Windows should still detect your nvidia card. If you 
are running it on a desktop instead of a laptop, then you can use a KVM switch 
to switch between CPU/GPU graphic cards as you dual boot.

Qubes OS doesn't need heavy graphics anyhow, not as long as heavy graphics 
industry users, or gamers, isn't a supported audience target group by the Qubes 
developers. 

Off-topic: However it has me puzzled why nothing more hasn't been done to 
support heavy graphics, it would make many more potential users interested in 
Qubes OS if it was possible to run heavy graphics on Qubes, such as games. 
Perhaps the security issue it creates is just too big and unfix-able or time 
consuming *shrugh* 

Lagging (pun intended ;) a bit info on your hardware setup, so I took the 
liberty to make guesses. I hope any of this was of help to you, I had a laggy 
Qubes too before I found the proper setup 

[qubes-users] Re: Linux HVM through Whonix Gateway or VPN

2017-01-28 Thread @MarkMat320768
On Wednesday, January 25, 2017 at 8:04:39 AM UTC-5, Chris Bensch wrote:
> I'm running Qubes 3.2.  I have a Debian HVM that works perfect when using the 
> default sys-firewall as the netvm.  If I change the netvm to another proxyvm 
> such as a VPN (https://github.com/Rudd-O/qubes-vpn) or change it to the 
> default sys-whonix, I lose all connectivity.  Can someone point me in the 
> right direction?

use both..that works and it really pisses them off..one at a time i think they 
don't sweat..see the encryption of the native client for airvpn...but you do 
one before the other..i guess tor as the airvpn client must account for it when 
it starts...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e486c75-6ddd-4299-9840-0aa543404ae3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] installing to the workstationnn efi EFI_MEMMAP is not enabled & esrt: ESRT header is not in the memo

2017-01-28 Thread @MarkMat320768
http://imgur.com/a/RmwBN

efi EFI_MEMMAP is not enabled
& esrt: ESRT header is not in the memory map



see my penguins..I think I just figured out why it stops here ?? the install 
HDD on the system is just DD cleaned.. but isn't it more likely something 
(these 2 things) missing from this kernel or something like that...its qubes 
3.2 it works on the laptop same cpu xeon e3-1245...just squeked into 2nd 
generation ...

any ideas I need it on the workstation now not just the lappy

mark

it's these specs but just intel sound and no graphics card..as there are 2 two 
nic cards one takes up that space-the big blue-and another the last black..but 
glad i thought of it, i just use the vga but shouldn't ..isn't it  good idea to 
get the graphics card just for calculation power??? I don't think you can get 
any benefit from a riser or something like an exten on..but the latest gen it 
now will take i like $350 very high for me

and I did put 32GB of RAM ...it doesn't have to drive all the virtual machines 
all the time so but i thought wth...now in that case (perhaps) should have 
ordered from china..lost ecc and cost 4 times as much as some china ram..live 
and learn..

this is the chip, just one: costa rica, can't beat it if you try to get it from 
china like ali..don't know why they just don't have an upgrade...cases and 
cases of lesser power/less cache even levels of..

https://www.cnet.com/products/dell-precision-t1600-core-i3-2130-3-4-ghz-4-gb-500-gb-english/specs/

funny I have the exact chip in the latitude and it works better..


on that efi error..i am booting the  .iso pendrive for install...and it's the 
only thing of 2 hdd, dvd that is not back under normal/not efi...but i think if 
i try without efi it stops before even this 'can't give you the ram to get 
going' error...

is this obvious? i hope so cause qubes is hard for me...i can't really get info 
in or out of the box..unless email lol

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6e72bc1-a536-488d-bfa7-998bb64223b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Mouse and Keyboard Stuck After USB Qube

2017-01-28 Thread jgmalheiross
I have no ideia how to modify xen.cfg, and wasn't able to find any 
documentation online. Could you explain how you did that? I tried editing it 
with a bootable debian usb that I had laying around, but it only appears as an 
empty file. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0146c7c4-7be7-4743-92b2-7c718208aa06%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Dell Inspiron 3520 Hangs During First Boot Configuration

2017-01-28 Thread cbmiller2610
Actually, solved my own problem. The wireless cards were trivial to switch, and 
replacing the Dell Wireless card with the Intel Centrino N-2230 fixed the 
problem. I wanted to use the Inspiron 3520 because of the better CPU and 
internal graphics (i5), so anyone else that has this issue can also just change 
to the compatible wireless card as a work around.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac730ef9-070b-4ebf-a99c-875b4e2722ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] disk utility in dom0

2017-01-28 Thread Ted Brenner
What is the best way to add and partition disks in dom0? I just added some
hard drives that I'd like to format and partition and then pass those to a
guest VM for storing my person files. With xfce, I don't see any GUI based
disk utility. Does this have to be done via the command line?

Thanks!

-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutzsgE8PidbmZRm8yKAbxf6SofP0ajVU75buUcNSZuE4qA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Workaround for building Ubuntu xenial+desktop with qubes-builder

2017-01-28 Thread Nick Darren


On 01/28/2017 12:39 PM, Andrew Morgan wrote:
> Yes I do have the same issue.
>
> It seems it was mentioned a few times on the mailing lists but no concrete 
> solutions were found. People suggested a magic bullet being this command:
>
> sudo dpkg-reconfigure locales
>
> However this command exits prematurely due to the localesall (sp?) package 
> being installed. Some of qubes' scripts/binaries depend on this package, so a 
> removal will render your VM unusable.
>
> Could this hard dependency be removed? Do we really need localesall? Will 
> this even fix it if we do remove it and generate the locales successfully?

Weird thing is when I execute 'sudo gnome-terminal' or 'sudo gedit',
it's working fine there in my case.

I've been trying to replace locales & locales-all default packages with
debian-8 (jessie) & debian-9 (stretch) on my testing ubuntu-template  to
test if it's working. Not the right way to do that for sure, it's a
dependency hell at the end. Still figure out on how to fix that.

I don't think that locales & locales-all were the main culprits here. I
can still using gnome-terminal when I sudo it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0849d2a-7c72-66ec-15ee-9ae76295b1b3%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x4B6E850C.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Re: create new sys-net

2017-01-28 Thread Michael Carbone
haaber:
> On 01/27/2017 09:47 PM, taii...@gmx.com wrote:
>> On 01/27/2017 10:11 AM, '01v3g4n10' via qubes-users wrote:
>>> On Friday, January 27, 2017 at 7:19:10 AM UTC-6, Bernhard wrote:
 Hello,

 I still have my system bricked due to a dead sys-net.

 Could somebody help me to generate a new one, please?

 thank you, Bernhard
>>> Create a new VM : Name it, click the NetVM button then choose a color
>>> and template.
>>>
>>> Change sys-firewall to your new sys-net vm and use networkmanager or
>>> other means to establish connection.
>>>
>> Don't forget to check the "start on boot" option if you desire that.
>>
> Thank you that worked! Now my bricked system is only half-bricked :)
> 
> 1) fedora-24 is still in koma: it shows the mysterious  "ERROR: Cannot
> execute qrexec-daemon" and stays yellow.I consider (a) renaming it
> old-fedora, (b) moving it to the harddrive (to make space on SSD), (c)
> symlink it (d) install a fresh fedora-24 template.
>  
> Does this sound right / the most easy solution to you?
> 
> 2) my new debian based SYS-net can only acces ethernet. I installed the
> iwl-firmware in the template, and made sure the hardware is accessible
> in it. But that does not yet help. Do I have to verify the firmware
> in dom0 ?
> (wireless = intel 7620)
> Thank you, Bernhard

Bernhard,

Specifying your wireless card (Intel 7620) is necessary for others to
help you with hardware troubleshooting, so in the future please lead
with such information.

This card has issues with older versions of iwlwifi (in other distros
like debian, ubuntu, fedora, etc), so you will want to run the newest
version of iwlwifi possible, which is most easily done using debian
templates.

What you are going to want to do is: (1) create a debian-9 template, (2)
install firmware-iwlwifi in that template, (3) make sure it is
up-to-date, and then (4) base your sys-net on that template.

In more detail:

1. follow all steps of:
https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/

2. [you@debian-9 $] sudo apt install firmware-iwlwifi

3. [you@debian-9 $] sudo apt update && sudo apt upgrade

shutdown your debian-9 template.

4. turn off your existing sys-net. change its template to debian-9 in VM
Manager > VM Settings. ensure that there is your wireless network
controller assigned to it in VM Settings > Devices. (If no network
controller exists, go into your BIOS and see if there are any settings
associated with your wireless card that you need to enable.) once there
is a wireless network controller that exists and is assigned to sys-net,
restart your sys-net.

Michael

-- 
Michael Carbone

Qubes OS | https://www.qubes-os.org
@QubesOS 

PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f25b0bc0-8122-ab95-b65f-efbdab1148f7%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: wacom pressure?

2017-01-28 Thread pibot . dobot
Em quarta-feira, 31 de agosto de 2016 10:39:29 UTC+1, pixel fairy  escreveu:
> is there a way to turn on tilt or pressure sensitivity for pens?
> 
> using qubes 3.2rc2 with xfce (test box, not production)

Are you able to use wacom tablets at all? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/290d6833-ea44-4554-b3f6-b0ee1e9cd570%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: NVIDIA DRIVER and OPTIMUS

2017-01-28 Thread neznaika
all problems solved. qubes has been deleted.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea97a73e-003e-4597-bcc1-b7db470f79e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Dell Inspiron 3520 Hangs During First Boot Configuration

2017-01-28 Thread cbmiller2610
First off: it seems that this is a known issue, as the Inspiron 3520 uses the 
same wireless card as the 3521, which is known to be unsupported due to 
freezing when networking is enabled (that story is from the HCL).  However, it 
seems that people have create workarounds for other distros using these cards 
(http://askubuntu.com/questions/175104/how-do-i-install-bcm43142-wireless-drivers-for-dell-vostro-3460-3560#215923),
 and the problem stems from hybrid wifi-bluetooth drivers from Broadcom.  

So, my question is not "why doesn't it work", my question is: 

Does anyone have enough knowledge to guide or explain to me how i might be able 
to work around this issue, and possibly use some of the knowledge from the 
other distros to get it working?  Currently if I even try to install qubes it 
freezes on first boot on the step "setting up networking".  is there a way to 
bypass this step, etc?  So that maybe I can get into qubes at least and play 
around with the drivers?


Finally,  I was able to get Qubes working 100% on my other Dell, an Inspiron 
13z 5323.  The difference, I believe, is that I have the config of that laptop 
with a different network card than the 5320/5321 (aka the Intel® Centrino® 
Wireless-N 2230 + BT 4.0, instead of the Dell wireless 1703/1704).  Not sure if 
that helps, but there it is.

Thanks,

Chris

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95cacdc1-51b4-44bd-aa53-f6baf94f7c43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Possible to get usable Win7 gui?

2017-01-28 Thread Jarle Thorsen
 :



hmm weird,  my windows 7 vm is a little laggy,  but I figured its normal.
 it doesn't increase over time for me and doesn't seem that bad.  Have you
tried to set the windows system setting to performance mode?

If you try to do gpu intensive tasks it might be an issue though.


The only Windows version I have tried is Windows 7 Enterprise 64-bit, with
all default settings apart from installing Qubes Windows tools.
Tried this HVM on both a "normal" system and a performance system with
*plenty* of resources. Assigning the win 7 HVM 16 vcpu and 10GB RAM makes
no difference 

I do not see any increase in lag over time though, as observed by Robert.

Maybe I'll try a different version of Windows just to be sure...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGFj%2Br9B%2BUxyhpYApEiLOM-sfLfby3gy-MM3BGKRM9TKFUNG3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: secure payments w/ qubes via banking VM best practice?

2017-01-28 Thread raahelps
On Saturday, January 28, 2017 at 11:41:40 AM UTC-5, Grzesiek Chodzicki wrote:
> W dniu sobota, 28 stycznia 2017 01:16:57 UTC+1 użytkownik Oleg Artemiev 
> napisał:
> > Actually I've banking VM as recommended. I'm even lazy enough not to
> > rename it to avoid default configurations. )) I use it for all sort of
> > legal payments and so on.
> > 
> > I've used paypal account on banking VM to pass a paymant to some
> > service. The service redirects me to paypal . I copy url from personal
> > vm to banking vm, authorize paypal to pay. When I'm looking into
> > payment details I'm accidentally opening the receiver company url.
> > 
> > I'm not hidding currently, but this sort of click by occassion to a
> > link provided by a paymet detalisation is an addon to attack surface.
> > 
> > I can run one VM per bank or payment system. But that is annoying. Any
> > better ideas?
> > 
> > -- 
> > Bye.Olli.
> > gpg --search-keys grey_olli , use key w/ fingerprint below:
> > Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
> > Blog keys (the blog is mostly in Russian): 
> > http://grey-olli.livejournal.com/tag/
> 
> I emailed my bank and asked for a list of domains used by their webapp. They 
> were reluctant at first but after I explained what domain whitelisting is 
> they provided me with a list of URL addresses and added a note explaining 
> what exactly are specific domains needed for. I don't know if your bank will 
> be as helpful as mine but paypal surely will.

you can do trial an error with extension like scriptsafe.  then add them to 
your qubes firewall as well for extra layer.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13c90811-29a9-4544-8acf-56f0742848b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Suggestions for RBAC for grsecurity-enabled kernel?

2017-01-28 Thread raahelps
On Saturday, January 28, 2017 at 11:43:51 AM UTC-5, raah...@gmail.com wrote:
> On Wednesday, January 25, 2017 at 5:19:00 PM UTC-5, Kopimi Security wrote:
> > On Wednesday, January 25, 2017 at 6:22:14 PM UTC+1, raah...@gmail.com wrote:
> > > On Tuesday, January 24, 2017 at 9:15:10 AM UTC-5, Kopimi Security wrote:
> > > > On Monday, January 23, 2017 at 8:38:56 PM UTC+1, Reg Tiangha wrote:
> > > > > Yeah, I tried it myself leaving my laptop turned on and on learning 
> > > > > mode
> > > > > for three weeks straight, but it didn't catch everything and certain
> > > > > things still failed so there's definitely some manual massaging that
> > > > > needs to be done.
> > > > 
> > > > Thank you for your input!
> > > > 
> > > > Would you think a sniffing approach, or a tripwire approach, to be 
> > > > better*?
> > > > 
> > > > * On a RAM-limited system
> > > 
> > > what do you mean by sniffing approach?  
> > 
> > Sorry for being unclear, I'm not a native speaker.
> > 
> > By "sniffing", I meant to refer to active monitoring of known attack types, 
> >  a pro-active approach as opposed to a more after-the-fact intrusion 
> > detection system.
> > Kind of like watchdogs for memory, and snort for ports.
> > 
> > Google recently wrote up some advice for hardening KVMs: 
> > https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html
> > 
> > Their number one advice is using a pro-active approach.
> 
> I think by proactive approach they mean pen testing.

https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e735a6eb-4625-4e73-af53-1c836f760ee0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Suggestions for RBAC for grsecurity-enabled kernel?

2017-01-28 Thread raahelps
On Wednesday, January 25, 2017 at 5:19:00 PM UTC-5, Kopimi Security wrote:
> On Wednesday, January 25, 2017 at 6:22:14 PM UTC+1, raah...@gmail.com wrote:
> > On Tuesday, January 24, 2017 at 9:15:10 AM UTC-5, Kopimi Security wrote:
> > > On Monday, January 23, 2017 at 8:38:56 PM UTC+1, Reg Tiangha wrote:
> > > > Yeah, I tried it myself leaving my laptop turned on and on learning mode
> > > > for three weeks straight, but it didn't catch everything and certain
> > > > things still failed so there's definitely some manual massaging that
> > > > needs to be done.
> > > 
> > > Thank you for your input!
> > > 
> > > Would you think a sniffing approach, or a tripwire approach, to be 
> > > better*?
> > > 
> > > * On a RAM-limited system
> > 
> > what do you mean by sniffing approach?  
> 
> Sorry for being unclear, I'm not a native speaker.
> 
> By "sniffing", I meant to refer to active monitoring of known attack types,  
> a pro-active approach as opposed to a more after-the-fact intrusion detection 
> system.
> Kind of like watchdogs for memory, and snort for ports.
> 
> Google recently wrote up some advice for hardening KVMs: 
> https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html
> 
> Their number one advice is using a pro-active approach.

I think by proactive approach they mean pen testing. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f81ee0e2-0751-432b-9f64-68c79b1c0388%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: secure payments w/ qubes via banking VM best practice?

2017-01-28 Thread Grzesiek Chodzicki
W dniu sobota, 28 stycznia 2017 01:16:57 UTC+1 użytkownik Oleg Artemiev napisał:
> Actually I've banking VM as recommended. I'm even lazy enough not to
> rename it to avoid default configurations. )) I use it for all sort of
> legal payments and so on.
> 
> I've used paypal account on banking VM to pass a paymant to some
> service. The service redirects me to paypal . I copy url from personal
> vm to banking vm, authorize paypal to pay. When I'm looking into
> payment details I'm accidentally opening the receiver company url.
> 
> I'm not hidding currently, but this sort of click by occassion to a
> link provided by a paymet detalisation is an addon to attack surface.
> 
> I can run one VM per bank or payment system. But that is annoying. Any
> better ideas?
> 
> -- 
> Bye.Olli.
> gpg --search-keys grey_olli , use key w/ fingerprint below:
> Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
> Blog keys (the blog is mostly in Russian): 
> http://grey-olli.livejournal.com/tag/

I emailed my bank and asked for a list of domains used by their webapp. They 
were reluctant at first but after I explained what domain whitelisting is they 
provided me with a list of URL addresses and added a note explaining what 
exactly are specific domains needed for. I don't know if your bank will be as 
helpful as mine but paypal surely will.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/028ada70-2420-4086-837d-00bde967baaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Unable to start any VM. Getting: error starting vm: internal error: unable to reset PCI device 0000:

2017-01-28 Thread raahelps
On Thursday, January 26, 2017 at 7:07:10 PM UTC-5, Pietro Speroni di Fenizio 
wrote:
> On Thursday, January 26, 2017 at 2:43:41 AM UTC+1, Andrew David Wong wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> > 
> > On 2017-01-25 14:22, Pietro Speroni di Fenizio wrote:
> > > On Wednesday, January 25, 2017 at 11:13:54 PM UTC+1, Andrew David Wong 
> > > wrote:
> > > On 2017-01-25 13:27, Pietro Speroni di Fenizio wrote:
> >  Hello, we just installed a Qubes in a linux machine I had.
> > 
> >  Unfortunately the system seem to be unable to start any VM.
> > 
> >  I always get the same error: ERROR: internal error: unable to reset
> >  PCI device :03:00.2 internal error: Active :03:00.0 devices
> >  on bus with 000:03:00.2, not doing bus reset
> > 
> >  Can someone point me to the right direction? I seem stuck as
> >  anything requires me first to start a VM, but no VM seem to be able
> >  to start. In fact when the computer turns on at the beginning only
> >  dom0 is active and even sys-net and sys-firewall are inactive.
> > 
> >  Many thanks, Pietro
> > 
> > > 
> > > It sounds like you have this device assigned to more than one VM.
> > > Check the "Devices" tab in the VM Settings for each VM that has any
> > > devices assigned to it.
> > > 
> > > 
> > > Thanks,
> > > I just checked. Nothing is assigned in the other VM. Only sys-net had 2 
> > > of the three PCI assigned. Once I assigned the third it started working. 
> > > But now it gives me a Device not Managed next to the red network icon 
> > > above.
> > > 
> > > Thank you very much
> > > 
> > 
> > Have you tried setting pci_strictreset to false? (Make sure you understand 
> > the security implications first.)
> > 
> > https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot
> > 
> > - -- 
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> > -BEGIN PGP SIGNATURE-
> > 
> > iQIcBAEBCgAGBQJYiVQ5AAoJENtN07w5UDAwXRsP/1miXII9AR/4fTQ5rHQGMGUs
> > /zDhB098GKLgfP+x415tV376HjcGVuLM2wD61BTx+6etJdljwjwvuQ9YSzCYX4Uy
> > AMzIPlwmC/H7/Mqi0L2Dv95paNepKQnOin+W3uFWqejhOInMSR7mwYm5Nb0HBbRu
> > omsMQ9hsGwjpE6FErbT6H15D9mVYlDSGI8+pHqTciTMZgRQORXz8vUUJB1b6lQ+0
> > BRoflHllYKILVmQd4QL9nzO3fBEApgSPf4Psmvzl+V4wxt2seL27hux5lqgzay9l
> > VgPeNkMfmUqWXQodfy/9NP0Vb1YwZpTumCiDNDDxO20ju8cwgn6bMe1rd3CMsDB8
> > lSJZRnJ93tYh12IXbxd1vkaORH47HtZhfXEHSsuBNic8kazHhIDjQhawYfVFQnXd
> > S4waYC/cdE2NlJqRNrCyjbyUJxD4i1Wq+MvVjm7u4WnAwlJAcMw1vGR8RsxUg9VD
> > W8jkyCLTNk3JTC1sydTHH++uZ4z6RZ77WaPgVmsB2Wnw/63iiHbqiomLniPJLsrS
> > FI2r2YgNm+SE/LsM4hVzug7cKnlrL2dwBmEOcRhDn1qHLe+66rxxrAWGT9lsjxh7
> > Vni+SR40kAkgP/PZAbiAoI+7o3UXnUVoKKRH7eC4GwzQ2B9q6nWMj21uY0W79Njc
> > 84Ko8UGtCu0PNezI/5jr
> > =YE9m
> > -END PGP SIGNATURE
> 
> Update:
> I restarted the sys-net and now it just says:
> Ethernet Network
>disconnected
> 
> And under VPN connections >
> 
> So far I seem to be unable to run the wifi, but maybe it will be explained 
> later.
> 
> Thanks to all. I will now set this as complete.

wifi's are very sketchy in linux.  might need specific driver.  might want to 
google how to install your specific model wifi on fedora.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ff1a8d9-2c11-4cce-8e5c-837369718fa0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Possible to get usable Win7 gui?

2017-01-28 Thread raahelps
On Sunday, January 1, 2017 at 3:17:39 PM UTC-5, Robert Fisk wrote:
> On 12/30/2016 01:33 AM, Jarle Thorsen wrote:
> > torsdag 29. desember 2016 13.14.25 UTC+1 skrev Grzesiek Chodzicki følgende:
> >> W dniu czwartek, 29 grudnia 2016 13:07:44 UTC+1 użytkownik Jarle Thorsen 
> >> napisał:
> >>> Currently my Windows 7 StandaloneVM feels a bit sluggish.
> >>>
> >>> Moving windows (no phun intended) is a pain.
> >>>
> >>> Is it possible to have a Windows VM without any lag, or is this just a 
> >>> part of the deal with Qubes OS?
> >>>
> >>> What tweaks should I do to get my Windows VM as responsive as possible?
> >>>
> >>> I have no problems with lag in dom0 or any of the Linux VMs.
> >>>
> >>> My display is 2560x1440, maybe a large display is part of my problem?
> >>
> >> VM Performance is largely dependent on the CPU and RAM so ensure that your 
> >> Windows VM has enough vCPUs and RAM assigned to it.
> > 
> > Throwing more vCPUs and RAM at it hasn't made a big difference so far, but 
> > I'm moving my system to a way more powerful system the next couple of days, 
> > hope that will make a difference.
> > 
> > Can anybody please confirm that it is indeed possible to have a lag-free 
> > Windows experience under QubesOS?
> > 
> 
> I run a Win7 VM on a i5 gen 4 ULV machine. I have always had problems
> with lag increasing over time. On bootup the VM is fast, but after 20
> min it is unusable with each screen redraw taking ~4 sec and associated
> high CPU usage. This has happened both on R3.0 and R3.2.
> 
> I work around the issue by using Remmina (or other RDP client) in an
> appVM, and allowing IP forwarding in the firewall vm. This solution does
> not suffer from increasing lag, and should be usable for everything
> except gaming. See instructions here:
> 
> https://www.qubes-os.org/doc/firewall/
> 
> 
> Regards,
> Robert

hmm weird,  my windows 7 vm is a little laggy,  but I figured its normal.   it 
doesn't increase over time for me and doesn't seem that bad.  Have you tried to 
set the windows system setting to performance mode?

If you try to do gpu intensive tasks it might be an issue though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42e347be-d073-431e-a21c-239b4199db81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Mouse and Keyboard Stuck After USB Qube

2017-01-28 Thread raahelps
On Friday, January 27, 2017 at 9:24:38 AM UTC-5, jgmalh...@gmail.com wrote:
> I just created a USB Qube, following the instructions from 
> https://www.qubes-os.org/doc/usb/.
> Immediately after booting the new qube, my mouse and keyboard stopped working.
> 
> After that, I waited for around 15 min, and nothing changed. So I powerd off 
> my pc by pressing the button in the CPU.
> 
> When I turned it on again, my mouse and keyboard kept stuck in the page to 
> input the password. The keyboard worked during the GRUB fase. 
> 
> I'm pretty sure that I only need to give the USB's control back to dom0, but 
> I have no ideia how to do that now that I can't even log in. 
> 
> Has any one experienced similar problems? Do you know how I could solve that?
> 
> PS: Sorry for the grammar errors. I'm using my phone right now

Like andrew said unplugging the mouse and plugging it back in will prompt you 
to allow it.  Why your kb don't works I have no idea. Thats weird to me.  maybe 
its a uefi thing?  I use legacy boot mode.  Also check in your bios, there is 
sometimes options for allowing or disasble usb to work before os boots.  maybe 
that helps?

I use a usb to pci adapter for my keyboard on desktop with only one controller. 
I think most laptop kb's are already pci?

On another machine i have two controllers and use one on dom0 just for kb and 
mouse.  the other controller i have on sys-usb for all other usb devices.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1af41b73-2c68-42bd-896b-152faaa116a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: create new sys-net

2017-01-28 Thread raahelps
On Friday, January 27, 2017 at 4:00:43 PM UTC-5, haaber wrote:
> On 01/27/2017 09:47 PM, taii...@gmx.com wrote:
> > On 01/27/2017 10:11 AM, '01v3g4n10' via qubes-users wrote:
> >> On Friday, January 27, 2017 at 7:19:10 AM UTC-6, Bernhard wrote:
> >>> Hello,
> >>>
> >>> I still have my system bricked due to a dead sys-net.
> >>>
> >>> Could somebody help me to generate a new one, please?
> >>>
> >>> thank you, Bernhard
> >> Create a new VM : Name it, click the NetVM button then choose a color
> >> and template.
> >>
> >> Change sys-firewall to your new sys-net vm and use networkmanager or
> >> other means to establish connection.
> >>
> > Don't forget to check the "start on boot" option if you desire that.
> >
> Thank you that worked! Now my bricked system is only half-bricked :)
> 
> 1) fedora-24 is still in koma: it shows the mysterious  "ERROR: Cannot
> execute qrexec-daemon" and stays yellow.I consider (a) renaming it
> old-fedora, (b) moving it to the harddrive (to make space on SSD), (c)
> symlink it (d) install a fresh fedora-24 template.
>  
> Does this sound right / the most easy solution to you?
> 
> 2) my new debian based SYS-net can only acces ethernet. I installed the
> iwl-firmware in the template, and made sure the hardware is accessible
> in it. But that does not yet help. Do I have to verify the firmware
> in dom0 ?
> (wireless = intel 7620)
> Thank you, Bernhard

sorry didn't realize you were same person lol.

you just have to install it in the template used by the sys-net I believe.

maybe this thread will help.  
http://www.fedoraforum.org/forum/showthread.php?t=56694

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3332bcb6-ec1c-4eda-b07d-562fd4bf7d99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: create new sys-net

2017-01-28 Thread raahelps
On Friday, January 27, 2017 at 8:19:10 AM UTC-5, Bernhard wrote:
> Hello,
> 
> I still have my system bricked due to a dead sys-net. 
> 
> Could somebody help me to generate a new one, please?
> 
> thank you, Bernhard

also I think deleting the sys-net and running the commands  qubes top.enabled 
sys-net
qubes state.highstate

will work?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c681730f-4dd4-4233-b75d-c30486676655%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] secure payments w/ qubes via banking VM best practice?

2017-01-28 Thread raahelps
On Friday, January 27, 2017 at 10:19:12 PM UTC-5, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-01-27 16:16, Oleg Artemiev wrote:
> > Actually I've banking VM as recommended. I'm even lazy enough not
> > to rename it to avoid default configurations. )) I use it for all
> > sort of legal payments and so on.
> > 
> > I've used paypal account on banking VM to pass a paymant to some 
> > service. The service redirects me to paypal . I copy url from
> > personal vm to banking vm, authorize paypal to pay. When I'm
> > looking into payment details I'm accidentally opening the receiver
> > company url.
> > 
> > I'm not hidding currently, but this sort of click by occassion to
> > a link provided by a paymet detalisation is an addon to attack
> > surface.
> > 
> > I can run one VM per bank or payment system. But that is annoying.
> > Any better ideas?
> > 
> 
> If you don't want to have separate VMs for different services, you
> could try using Qubes firewall rules. It won't be a clean solution,
> and you'll probably have to add a lot of CIDR blocks (so it'll be
> leaky, and there's the potential for overlap with servers you don't
> want access to), but it's probably your best bet.
> 
> Another option is a browser extension that allows you to whitelist the
> domains you want. This is less secure than Qubes firewall rules
> (because it's enforced from within the browser instead of from outside
> the VM), but it allows potentially much more fine-grained control than
> Qubes firewall rules currently allow.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJYjA2gAAoJENtN07w5UDAwZeUQAK39Il0DN4L1gBJ3//JypcfO
> piM30qsaDeN/XSMqWlPKqBQm44zCHEBSJrNLM2M+FyBpOKoSfVaRe846iWzS8UFZ
> woSqfrDwFU2nMsnjmcmpDYb6dxiq/h1NfH7LSIVyAxDzeGaiyGto6qn5nPzAaT7l
> QtnTGJSYs12j1Xhfmd28CM+7s6lcZiCz3l7KUlJA0sPuoAVpib5bqQLyqrYN712B
> USB2blFZ7M6HNKb4DoKBt2M+CAm3AlYpYDeVcwmysYRTrBZ1W8ERMQL0LY50M74z
> 77zICisRC3l9XT/u79roh4M4c6xNFT7YsZn6rG+YKaMJxSUVBVlNHcTAOAYTlvvM
> lQkKGcc6aCpdOZuii+GkOlSZ7IkF4w188y5Obwvl0Qbll1i73lP6BbXvKZV3seEB
> yXiP1VKUhsiB4f+G5ne0G0fYXKyhRxwUcnpfTXHsU+qitvBxuOsSVv4lLFrRSuIu
> a85OcnSzZDQCoLFjcWIbd9oEeEuZ5ZR1I/gFo61h2zJbXbxcGxFeORZ/5XpCE4Dq
> kEqDMbDNY9opxlegHg2u64vRItHxrTPHyFRY26z3Sl+g5oi0843iB/GFMKmGboeH
> uFjM10GbM/e6UGfOwkryuB+WQrUXOE5DQvBseNj75xqhPMlcHkRzn+d6j3EdtO2I
> /Z6BaxTN1yjB/iZvA+en
> =AENa
> -END PGP SIGNATURE-

I do both. Allowing specific https domains only.  I tried to go by ip address 
only but it got crazy after a while.

I use chromium with apparmor, https everywhere and scriptsafe.  

Also I try not to copy form less trusted vm into more trusted no matter what.  
It takes strict discipline like a shaolin monk..haha

When I do shopping.  I use a disposable vm always, cause alot of websites 
require some unencrypted pages. I preferably use paypal,  or a credit card that 
is only used online. two factor everything.  I keep separate banking vm and 
major credit cards vm.  separate store cards vm if page is secure.   and dispvm 
for everything else like shopping sites.  Always create a diff dispvm for diff 
transactions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aaf49751-ccf3-4ca5-8748-8be166d3fbf9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: unable to shutdown sys-net

2017-01-28 Thread raahelps
On Saturday, January 28, 2017 at 4:45:57 AM UTC-5, Pietro Speroni di Fenizio 
wrote:
> First of all I am excited to say that I got Quebes to work for a brief, 
> although exciting evening.  Thanks to all. Now it is not working again and I 
> am trying to understand what is going on. Some problems which seemed solved 
> appeared again. In fact they seemed to appear after I updated dom0.
> 
> In any case right now the problem is:
> I try to restart the various VM, but the sys-net VM will not shutdown, and 
> always tells me that The VM 'sys-net' hasn't shutdown within the last 20 
> seconds, do you want to kill it?
> 
> If I wait for another 20 senconds I just receive the same message. If I kill 
> it I don't.
> 
> Is there any problem in killing it? Can I find out why this is happening? I 
> tried to run a ps -a to see what was running, but I could not see anything 
> running. While ps -ax gave me a list so long, that my noob eyes got lost 
> unable to find anything important.
> 
> Should I worry?
> 
> 
> Thanks.

How much memory you got?

if you worried just delete the vm and recreate it. I believe you can with: 

qubesctl top.enable sys-net
qubesctl state.highstate

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fded8fb-71cc-4943-a3fe-e7f14caa1dc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread raahelps
On Saturday, January 28, 2017 at 5:57:51 AM UTC-5, ThierryIT wrote:
> Sorry for  all this noise 
> I have mounted "xvdi5" with success.
> But: unknown filesystem type: LVM2_member
> 
> Something to install on this vm  ?
> 
> Thx
> 
> Le samedi 28 janvier 2017 12:54:07 UTC+2, ThierryIT a écrit :
> > > My mistake.
> > > I  did it  from  "dom0" 
> > > 
> > dom0:sdb WD.698G (attached to vm-test as 'xvdi')
> > dom0:sdb5 WD690G 
> > dom0:sdb1 ...
> > dom0:sdb2
> > etc 
> > 
> > If I try to mount xvdi as LUKS: It is not a valid LUKS
> > I do think that the right partition  to mount should be "sdb5" ... How to  
> > mount  "sdb5" ??
> > 
> > Thx
> > > 
> > > Le samedi 28 janvier 2017 12:43:57 UTC+2, ThierryIT a écrit :
> > > > qvm-block  command not found ... ??
> > > > I am right to do  it  from my vm-test ?
> > > > 
> > > > Thx
> > > > 
> > > > Le samedi 28 janvier 2017 12:10:26 UTC+2, Andrew David Wong a écrit :
> > > > > -BEGIN PGP SIGNED MESSAGE-
> > > > > Hash: SHA512
> > > > > 
> > > > > On 2017-01-28 01:45, ThierryIT wrote:
> > > > > > Hi,
> > > > > > 
> > > > > > I have installed with success  Qubes 3.2  on my Lenovo W520. I ma
> > > > > > bit by bit playing  with it. I would like to have access to my  old
> > > > > > encrypted hard drive, still do remember the passphrase :) I have
> > > > > > build a new vm, let's call it "vm-test" I  have attached the block
> > > > > > device to it, seems to be good  ... But after ? How to mount it ??
> > > > > > 
> > > > > > Thx
> > > > > > 
> > > > > 
> > > > > It's probably mounted as /dev/xvdi (you can check with qvm-block).
> > > > > So, in vm-test, try something like:
> > > > > 
> > > > > $ sudo cryptsetup open /dev/xvdi hdd
> > > > >   
> > > > > $ sudo mount /dev/mapper/hdd /mnt/removable
> > > > > $ cd /mnt/removable
> > > > > $ ls
> > > > > 
> > > > > - -- 
> > > > > Andrew David Wong (Axon)
> > > > > Community Manager, Qubes OS
> > > > > https://www.qubes-os.org
> > > > > -BEGIN PGP SIGNATURE-
> > > > > 
> > > > > iQIcBAEBCgAGBQJYjG4DAAoJENtN07w5UDAwQO0QAMPg3I4YoMMxMRcJSt6ds8/i
> > > > > qdTXOg5YrG9dglctSfK9FWdr066wdar/8k7R9DIyX/ndg8p9sfPXq8Gdlzw0KiEH
> > > > > G6kLAXVZN4qQ4fQYnMhZE6AhUlj6ZjsPA6+BUr4NyzoCyd0z0wfhyvm2ulR8VoUA
> > > > > /FiZOFYWQ2oFnJed4LUV3KgaT9TOo969zbZ306KsFUV6CqZw38My4B8qfqr0/qC4
> > > > > RklCHG/D230AXAq9PtOY1wH/sCbNFR8wqnUoNIIT+qPxWtnXZFtcNZuqmiKiSDAB
> > > > > WdlnJEJ0ktDRT99RhrIcnTDLBXel/e0l9Y6YtV+spVPhPdPMRcppeyQzboAtPTfw
> > > > > UfA4wri5KuDROgJ5RpopkfyXyEJz7yWg8hQXyfqRKf+IDoIHxEyhYA8v0CDBjACT
> > > > > 3zu7SFn21ki9N94SV7wTL0ODQjVTNtrtlHB/jrs2/s0HVacxIxOm9DbuDdCAHNqO
> > > > > OAj+NjSNa2jcXlF1/l24hsEAabBVMUrPhtPeaw7WoTxkADv1KM5lNUS4mcYhwsPg
> > > > > BfLjtsTcaYKRQaxi26WcAzdem2kUhHG31RzSAEAuHXTC0S+aEJv3UgAf++Xhn/F2
> > > > > nBgYV2hz5WlU6u5OdBLQppUXPEuwKhwp7Um5hUKHFN3+eYK9sPWbK2JpYc2i2lSs
> > > > > Qc4E/xMl/TLaJd1IHMfX
> > > > > =xkVz
> > > > > -END PGP SIGNATURE-

how did you encrypt the drive?   I have an external encrypted drive i use.  I 
simply open it with any file manager which prompts me for the encryption 
phrase.  nautilus should work?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62bfb877-1129-478e-8186-b92d074bb380%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Question to Mirage OS firewall users

2017-01-28 Thread Thomas Leonard
On Saturday, December 10, 2016 at 5:36:29 PM UTC, Reg Tiangha wrote:
> On Saturday, December 10, 2016 at 6:03:17 AM UTC-7, jkitt wrote:
> > What's it like to update - is it relatively simple? Would you say it's more 
> > secure than Debian or Fedora?
> 
> It's easy. Shut down your Mirage OS Firewall VMs, copy over the new kernel 
> files to the relevant directory in /var/lib/qubes/vm-kernels in dom0, and 
> then restart the Mirage firewalls.
> 
[...]
> Note that if you're trying to compile the latest mirage firewall code from 
> github (which isn't reflected on the Release pages yet; there have been some 
> minor changes since the last one), it might be a bit tricky since if you 
> follow the default github instructions, the compilation will eventually fail 
> as mirage-nat tries to pull in older versions of its package dependencies by 
> default.

It seems to work for me. To make things more predictable, I've added a script 
to build it with Docker:

sudo yum install docker
sudo systemctl start docker
git clone https://github.com/talex5/qubes-mirage-firewall.git
cd qubes-mirage-firewall
sudo ./build-with-docker.sh

The Dockerfile uses a fixed version of opam-repository, so it shouldn't break 
even if something gets updated. It also prints out the sha256sum of the binary 
it built and the expected hash (hard-coded in the file), e.g.

$ sudo ./build-with-docker.sh
[...]
SHA2 of build:   
f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3  
mir-qubes-firewall.xen
SHA2 last known: 
f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3

I'd be interested to know if other people get the same hash (of course, the 
hash will change if you e.g. modify the rules.ml file to change the policy).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c6a4c3d-b03d-4528-8996-eed684ac8eb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Fedora 25

2017-01-28 Thread Torsten Grote
Hi all,

just want to report that I upgraded all my templates to Fedora 25
recently and that everything seems to run smoothly.

Great work, thanks!
Torsten

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af02625e-1d8e-98a7-6b9a-5ba718fe35d8%40grobox.de.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Question to Mirage OS firewall users

2017-01-28 Thread Thomas Leonard
On Thursday, January 19, 2017 at 12:07:17 AM UTC, Reg Tiangha wrote:
> On 2017-01-18 7:30 AM, Антон Чехов wrote:
> > Hi!
> > 
> > Is anyone using the mirage firewall in connection with a proxyVM? How do 
> > you configure it properly? Does it handle qubes-firewall-users-scripts?
> > 
> 
> I've run a Mirage-based firewall both in front of and behind a
> firewallVM and they chain together fine. Mirage Firewall in its current
> iteration does *not* respect modifications to firewall rules via Qubes
> and has to be inputted manually (there are some instructions on how to
> do that on the software author's blog). It isn't to say that Mirage
> Firewall couldn't do it one day, but I believe the author of the code is
> leaving it up as an exercise for the reader. Maybe he'll get around to
> implementing it, or maybe not, but from a purely technical standpoint,
> there's no reason why it couldn't be modified to work with Qubes
> firewall user scripts, it's just that it hasn't been implemented yet.
> 
> Note that even if you're running the latest code off of GitHub,
> currently, Mirage Firewall still doesn't work correctly with DispVMs (or
> at least, I haven't been able to get it to work; the DispVM connects to
> it, but there's no traffic), even though there were some minimal fixes
> applied to try to handle how it handles IP addresses from a different
> pool. Works fine with AppVMs, though, as well as TemplateVMs, at least
> in my experience.

It works for me if I take the interface down and bring it up again in the 
dispVM, e.g.

[user@fedora-23-dvm ~]$ sudo ifconfig eth0 down && sudo ifconfig eth0 up
[user@fedora-23-dvm ~]$ sudo route add $(qubesdb-read /qubes-gateway) dev eth0
[user@fedora-23-dvm ~]$ sudo route add default gw $(qubesdb-read /qubes-gateway)
[user@fedora-23-dvm ~]$ curl http://www.google.com

302 Moved
302 Moved
The document has moved
http://www.google.co.uk/?gfe_rd=crei=vKSMWOn7F6vP8Aeg4KeoAQ;>here.


The odd thing is that, as far as I can see, reinitialising the interface is 
something that only affects Linux (no interaction with the firewall).

(and I'm not sure why my DispVM is Fedora 23 when my default template is Fedora 
24, but anyway...)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4e74710-c3c2-4e36-a304-577974e736d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora 24 on Qubes 3.1 support, uninstallable packages

2017-01-28 Thread mvermaes
On Tuesday, January 24, 2017 at 11:50:05 PM UTC+8, mver...@gmail.com wrote:
> Hi, I recently installed the fedora-24-minimal template per [1] and 
> configured all my AppVMs to use a new template based on it. All seems to be 
> working well, except that I am unable to install the following packages:
> 
> - ImageMagick
> - pycairo
> 
> Both are skipped as follows:
> 
> ~$ sudo dnf install ImageMagick pycairo
> ...
> Package qubes-template-minimal-stub-1.1-1.fc23.noarch is already installed, 
> skipping.
> Package pycairo-1.10.0-4.fc24.x86_64 is already installed, skipping.
> Package qubes-template-minimal-stub-1.1-1.fc23.noarch is already installed, 
> skipping.
> Dependencies resolved.
> Nothing to do.
> Sending application list and icons to dom0
> Complete!
> ~$
> 
> [2] seems to suggest it should be possible to install these packages, but I 
> also saw a thread [3] that indicates that Fedora 24 may not be supported on 
> Qubes R3.1, and maybe this could be causing the issue. The 
> qubes-template-minimal-stub rpm is the only fc23 package that is installed in 
> the template.
> 
> I am planning to reinstall the host with R3.2 at some point anyway, but I 
> wanted to get Thunderbird and Firefox updated to the newer versions in F24 
> sooner than that, hence installing the newer template first.
> 
> The missing packages are not a big deal, but it would be great to confirm the 
> correct process for next time (looking forward to Qubes 4.0!) Is it supported 
> to update to a newer Fedora template and then upgrade the Qubes release on 
> the host, or should the host always be reinstalled/upgraded to the new 
> version first?
> 
> Thanks very much for your advice.
> 
> Michael
> 
> [1] https://www.qubes-os.org/doc/templates/fedora-minimal/
> [2] https://github.com/QubesOS/qubes-issues/issues/2380
> [3] https://groups.google.com/d/topic/qubes-users/uwnPpxhJaZY/discussion

I've done a clean install of Qubes 3.2 on the host now, and then re-downloaded 
qubes-template-fedora-24-minimal and set up my custom template based on it. I 
still see the same issue with ImageMagick being skipped for installation.

If I try to install ImageMagick in the unmodified fedora-24-minimal template, 
dnf offers to download the 'real' packages. But after using dnf to update all 
packages, the problem is introduced. The smallest package set I've found to 
reproduce this is just dnf, ie.

dnf update dnf

will trigger the behaviour. But I'm not really sure where to look next. Any 
suggestions?

Thanks again.

Michael

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/79281399-8574-47e4-823c-03992823dc72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes-Builder - Rackspace mirror having issues?

2017-01-28 Thread Nick Darren


On 01/26/2017 11:48 PM, anoa wrote:
> I'm currently trying to build the Arch Linux template through
> qubes-builder. Someway through the `make qubes-vm` step I'm getting
> 404/403 errors on the default mirror.rackspace.com server.
>
> Checking it in a browser at mirror.rackspace.com loads and their status
> page (status.rackspace.com) reports no issues.
>
> Here is the relevant output of the build:
>
> ```
> Packages (5) gnupg-2.1.18-1  gtk-update-icon-cache-3.22.7-2
> gtk3-3.22.7-2  libproxy-0.4.13-2  pango-1.40.3-2
>
> Total Download Size:   10.74 MiB
> Total Installed Size:  83.59 MiB
> Net Upgrade Size:   1.16 MiB
>
> :: Proceed with installation? [Y/n]
> :: Retrieving packages...
> error: failed retrieving file
> 'gtk-update-icon-cache-3.22.7-2-x86_64.pkg.tar.xz' from
> mirror.rackspace.com : The requested URL returned error: 404
> warning: failed to retrieve some files
> error: failed retrieving file 'pango-1.40.3-2-x86_64.pkg.tar.xz' from
> mirror.rackspace.com : The requested URL returned error: 404
> warning: failed to retrieve some files
> error: failed retrieving file 'gtk3-3.22.7-2-x86_64.pkg.tar.xz' from
> mirror.rackspace.com : The requested URL returned error: 404
> warning: failed to retrieve some files
> error: failed retrieving file 'libproxy-0.4.13-2-x86_64.pkg.tar.xz' from
> mirror.rackspace.com : The requested URL returned error: 404
> warning: failed to retrieve some files
> error: failed to commit transaction (unexpected error)
> Errors occurred, no packages were upgraded.
> /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:114:
> recipe for target 'dist-build-dep' failed
> make[2]: *** [dist-build-dep] Error 1
> Makefile.generic:139: recipe for target 'packages' failed
> make[1]: *** [packages] Error 1
> Makefile:209: recipe for target 'vmm-xen-vm' failed
> make: *** [vmm-xen-vm] Error 1
> user@dev:~/qubes-builder$
> ```
>
> Am I missing something?
>
> Thanks
> Andrew
>

If it doesn't work for you then you can just chroot to the directory and
change the default repository address to something else according to
/etc/pacman.d/mirrorlist and just edit /etc/pacman.conf to anything you
like based on the mirrorlist. Hope this help you.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fdb44539-703d-2fc1-daf7-6e15cfe82b01%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Workaround for building Ubuntu xenial+desktop with qubes-builder

2017-01-28 Thread Andrew Morgan
Yes I do have the same issue.

It seems it was mentioned a few times on the mailing lists but no concrete 
solutions were found. People suggested a magic bullet being this command:

sudo dpkg-reconfigure locales

However this command exits prematurely due to the localesall (sp?) package 
being installed. Some of qubes' scripts/binaries depend on this package, so a 
removal will render your VM unusable.

Could this hard dependency be removed? Do we really need localesall? Will this 
even fix it if we do remove it and generate the locales successfully?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9BC40E31-D33D-49F7-96EC-4D8E11BF95FC%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Workaround for building Ubuntu xenial+desktop with qubes-builder

2017-01-28 Thread Nick Darren
/Hi all,/


On 01/24/2017 06:59 AM, anoa wrote:
> Hey all,
>
> Today I was trying to build the Ubuntu 16.04 Xenial+Desktop template
> using qubes-builder with help from these instructions:
>
> https://github.com/QubesOS/qubes-builder
>
> Everything was alright until the `make qubes-vm` step where it would
> fail on the following:
>
>> dpkg-source: error: can't build with source format '3.0 (quilt)': no 
>> upstream tarball found at ../xen_4.6.3.orig.tar.{bz2,gz,lzma,xz}
>> dpkg-buildpackage: error: dpkg-source -b debian-vm gave error exit status 255
>> /home/user/qubes-builder/qubes-src/builder-debian/Makefile.qubuntu:196: 
>> recipe for target 'dist-package' failed
> The build was looking for xen_4.6.3 when in fact xen_4.6.4 is in the
> folder. As a workaround, simply copying the xen_4.6.4 to be named
> xen.4.6.3 allowed the build to continue and eventually complete
> successfully:
>
>> cd /path/to/qubes-builder/chroot-xenial/home/user/qubes-src/vmm-xen; sudo cp 
>> -pr ./xen_4.6.4.orig.tar.gz ./xen_4.6.3.orig.tar.gz

/It doesn't work by just rename the 'xen_4.6.4.orig.tar.gz' on
chroot-xenial. On my case (on testing to build xenial-desktop) needs to
copy the file to /path/to/qubes-builder/qubes-src/vmm-xen/. there. Then,
it will skip the error message and allowed the build successfully./

> Hope this helps someone while the script is being updated.
>

/I have another weird situation. The build was succeed but the problem
is, terminal and some others application cannot be launched due to an
error, normally on ubuntu's standard installation caused by locales
issue. Tried to fix it the way it used to be on normal ubuntu
installation or archlinux. But the problem still persists after
rebooting the template-vm or any appvms that's based on it./

user@ubuntu-xenial:~$ Error constructing proxy for
org.gnome.Terminal:/org/gnome/Terminal/Factory0: Error calling
StartServiceByName for org.gnome.Terminal:
GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildSignaled: Process
org.gnome.Terminal received signal 5

/Test on executing gedit from xterm/UXterm/urvtx:/

user@ubuntu-xenial:~$ gedit
Gedit failure to execute.
(gedit:5697): GLib-GIO-ERROR **: No GSettings schemas are installed on
the system
Trace/breakpoint trap (core dumped)


/The same error happen when I execute the 'xfce4-terminal' or
'terminator'. Still the same 'Trace/breakpoint trap (core dumped)'
issues here and there./




/Locale was set in order to avoid gnome-terminal error, but it' useless
on this case and still failed to work./

user@ubuntu-xenial:~$ localectl
   System Locale: LANG=en_US.UTF-8
   VC Keymap: us
  X11 Layout: us
   X11 Model: pc105+inet
 X11 Options: terminate:ctrl_alt_bksp



/On checking qubes local packages installed on the 'xenial-desktop' system.

/
libqubes-rpc-filecopy2/now 3.2.3+xenialu1 amd64 [installed,local]
  Qubes file copy protocol library

libqubesdb/now 3.2.3-1+xenialu1 amd64 [installed,local]
  QubesDB libs.

libvchan-xen/now 3.2.0-1+xenialu1 amd64 [installed,local]
  Qubes Xen core libraries

libxen-4.6/now 2001:4.6.3-25+xenialu1 amd64 [installed,local]
  Libraries for Xen tools

qubes-core-agent/now 3.2.15-1+xenialu1 amd64 [installed,local]
  Qubes core agent

qubes-gui-agent/now 3.2.13-1+xenialu1 amd64 [installed,local]
  Makes X11 windows available to qubes dom0

qubes-utils/now 3.2.3+xenialu1 amd64 [installed,local]
  Qubes Linux utilities

qubesdb/now 3.2.3-1+xenialu1 amd64 [installed,local]
  QubesDB management tools and daemon.

qubesdb-vm/now 3.2.3-1+xenialu1 amd64 [installed,local]
  QubesDB VM service.

xserver-xorg-input-qubes/now 3.2.13-1+xenialu1 amd64 [installed,local]
  X input driver for injecting events from qubes-gui-agent

xserver-xorg-video-dummyqbs/now 3.2.13-1+xenialu1 amd64 [installed,local]
  Dummy X video driver for qubes-gui-agent

--

/So, I would like to know if there's any errors like above happened to
you guys too? Or is it me the only person? If it was just me facing the
issues, then I would like to know if any missing qubes packaged that's
not listed on my side shown like above? You can just check your qubes
packages to confirm if any difference spotted on your side by apt search
qubes or dpkg-query -l | grep qubes.//Any help will be appreciated to
spot where the culprits are.
//

//Thanks./

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6629980c-d544-c63e-4751-d55dcd8f3d26%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x4B6E850C.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread ThierryIT
Sorry for  all this noise 
I have mounted "xvdi5" with success.
But: unknown filesystem type: LVM2_member

Something to install on this vm  ?

Thx

Le samedi 28 janvier 2017 12:54:07 UTC+2, ThierryIT a écrit :
> > My mistake.
> > I  did it  from  "dom0" 
> > 
> dom0:sdb WD.698G (attached to vm-test as 'xvdi')
> dom0:sdb5 WD690G 
> dom0:sdb1 ...
> dom0:sdb2
> etc 
> 
> If I try to mount xvdi as LUKS: It is not a valid LUKS
> I do think that the right partition  to mount should be "sdb5" ... How to  
> mount  "sdb5" ??
> 
> Thx
> > 
> > Le samedi 28 janvier 2017 12:43:57 UTC+2, ThierryIT a écrit :
> > > qvm-block  command not found ... ??
> > > I am right to do  it  from my vm-test ?
> > > 
> > > Thx
> > > 
> > > Le samedi 28 janvier 2017 12:10:26 UTC+2, Andrew David Wong a écrit :
> > > > -BEGIN PGP SIGNED MESSAGE-
> > > > Hash: SHA512
> > > > 
> > > > On 2017-01-28 01:45, ThierryIT wrote:
> > > > > Hi,
> > > > > 
> > > > > I have installed with success  Qubes 3.2  on my Lenovo W520. I ma
> > > > > bit by bit playing  with it. I would like to have access to my  old
> > > > > encrypted hard drive, still do remember the passphrase :) I have
> > > > > build a new vm, let's call it "vm-test" I  have attached the block
> > > > > device to it, seems to be good  ... But after ? How to mount it ??
> > > > > 
> > > > > Thx
> > > > > 
> > > > 
> > > > It's probably mounted as /dev/xvdi (you can check with qvm-block).
> > > > So, in vm-test, try something like:
> > > > 
> > > > $ sudo cryptsetup open /dev/xvdi hdd
> > > >   
> > > > $ sudo mount /dev/mapper/hdd /mnt/removable
> > > > $ cd /mnt/removable
> > > > $ ls
> > > > 
> > > > - -- 
> > > > Andrew David Wong (Axon)
> > > > Community Manager, Qubes OS
> > > > https://www.qubes-os.org
> > > > -BEGIN PGP SIGNATURE-
> > > > 
> > > > iQIcBAEBCgAGBQJYjG4DAAoJENtN07w5UDAwQO0QAMPg3I4YoMMxMRcJSt6ds8/i
> > > > qdTXOg5YrG9dglctSfK9FWdr066wdar/8k7R9DIyX/ndg8p9sfPXq8Gdlzw0KiEH
> > > > G6kLAXVZN4qQ4fQYnMhZE6AhUlj6ZjsPA6+BUr4NyzoCyd0z0wfhyvm2ulR8VoUA
> > > > /FiZOFYWQ2oFnJed4LUV3KgaT9TOo969zbZ306KsFUV6CqZw38My4B8qfqr0/qC4
> > > > RklCHG/D230AXAq9PtOY1wH/sCbNFR8wqnUoNIIT+qPxWtnXZFtcNZuqmiKiSDAB
> > > > WdlnJEJ0ktDRT99RhrIcnTDLBXel/e0l9Y6YtV+spVPhPdPMRcppeyQzboAtPTfw
> > > > UfA4wri5KuDROgJ5RpopkfyXyEJz7yWg8hQXyfqRKf+IDoIHxEyhYA8v0CDBjACT
> > > > 3zu7SFn21ki9N94SV7wTL0ODQjVTNtrtlHB/jrs2/s0HVacxIxOm9DbuDdCAHNqO
> > > > OAj+NjSNa2jcXlF1/l24hsEAabBVMUrPhtPeaw7WoTxkADv1KM5lNUS4mcYhwsPg
> > > > BfLjtsTcaYKRQaxi26WcAzdem2kUhHG31RzSAEAuHXTC0S+aEJv3UgAf++Xhn/F2
> > > > nBgYV2hz5WlU6u5OdBLQppUXPEuwKhwp7Um5hUKHFN3+eYK9sPWbK2JpYc2i2lSs
> > > > Qc4E/xMl/TLaJd1IHMfX
> > > > =xkVz
> > > > -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/45cd91eb-efbf-4e72-880f-aed04ad9a1d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread ThierryIT


> My mistake.
> I  did it  from  "dom0" 
> 
dom0:sdb WD.698G (attached to vm-test as 'xvdi')
dom0:sdb5 WD690G 
dom0:sdb1 ...
dom0:sdb2
etc 

If I try to mount xvdi as LUKS: It is not a valid LUKS
I do think that the right partition  to mount should be "sdb5" ... How to  
mount  "sdb5" ??

Thx
> 
> Le samedi 28 janvier 2017 12:43:57 UTC+2, ThierryIT a écrit :
> > qvm-block  command not found ... ??
> > I am right to do  it  from my vm-test ?
> > 
> > Thx
> > 
> > Le samedi 28 janvier 2017 12:10:26 UTC+2, Andrew David Wong a écrit :
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA512
> > > 
> > > On 2017-01-28 01:45, ThierryIT wrote:
> > > > Hi,
> > > > 
> > > > I have installed with success  Qubes 3.2  on my Lenovo W520. I ma
> > > > bit by bit playing  with it. I would like to have access to my  old
> > > > encrypted hard drive, still do remember the passphrase :) I have
> > > > build a new vm, let's call it "vm-test" I  have attached the block
> > > > device to it, seems to be good  ... But after ? How to mount it ??
> > > > 
> > > > Thx
> > > > 
> > > 
> > > It's probably mounted as /dev/xvdi (you can check with qvm-block).
> > > So, in vm-test, try something like:
> > > 
> > > $ sudo cryptsetup open /dev/xvdi hdd
> > >   
> > > $ sudo mount /dev/mapper/hdd /mnt/removable
> > > $ cd /mnt/removable
> > > $ ls
> > > 
> > > - -- 
> > > Andrew David Wong (Axon)
> > > Community Manager, Qubes OS
> > > https://www.qubes-os.org
> > > -BEGIN PGP SIGNATURE-
> > > 
> > > iQIcBAEBCgAGBQJYjG4DAAoJENtN07w5UDAwQO0QAMPg3I4YoMMxMRcJSt6ds8/i
> > > qdTXOg5YrG9dglctSfK9FWdr066wdar/8k7R9DIyX/ndg8p9sfPXq8Gdlzw0KiEH
> > > G6kLAXVZN4qQ4fQYnMhZE6AhUlj6ZjsPA6+BUr4NyzoCyd0z0wfhyvm2ulR8VoUA
> > > /FiZOFYWQ2oFnJed4LUV3KgaT9TOo969zbZ306KsFUV6CqZw38My4B8qfqr0/qC4
> > > RklCHG/D230AXAq9PtOY1wH/sCbNFR8wqnUoNIIT+qPxWtnXZFtcNZuqmiKiSDAB
> > > WdlnJEJ0ktDRT99RhrIcnTDLBXel/e0l9Y6YtV+spVPhPdPMRcppeyQzboAtPTfw
> > > UfA4wri5KuDROgJ5RpopkfyXyEJz7yWg8hQXyfqRKf+IDoIHxEyhYA8v0CDBjACT
> > > 3zu7SFn21ki9N94SV7wTL0ODQjVTNtrtlHB/jrs2/s0HVacxIxOm9DbuDdCAHNqO
> > > OAj+NjSNa2jcXlF1/l24hsEAabBVMUrPhtPeaw7WoTxkADv1KM5lNUS4mcYhwsPg
> > > BfLjtsTcaYKRQaxi26WcAzdem2kUhHG31RzSAEAuHXTC0S+aEJv3UgAf++Xhn/F2
> > > nBgYV2hz5WlU6u5OdBLQppUXPEuwKhwp7Um5hUKHFN3+eYK9sPWbK2JpYc2i2lSs
> > > Qc4E/xMl/TLaJd1IHMfX
> > > =xkVz
> > > -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a8935e96-ac1a-4f54-a080-5c82118440a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread ThierryIT

My mistake.
I  did it  from  "dom0" 

dom0:sdb WD.698G (attached to vm-test as 'xvdi')

Le samedi 28 janvier 2017 12:43:57 UTC+2, ThierryIT a écrit :
> qvm-block  command not found ... ??
> I am right to do  it  from my vm-test ?
> 
> Thx
> 
> Le samedi 28 janvier 2017 12:10:26 UTC+2, Andrew David Wong a écrit :
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> > 
> > On 2017-01-28 01:45, ThierryIT wrote:
> > > Hi,
> > > 
> > > I have installed with success  Qubes 3.2  on my Lenovo W520. I ma
> > > bit by bit playing  with it. I would like to have access to my  old
> > > encrypted hard drive, still do remember the passphrase :) I have
> > > build a new vm, let's call it "vm-test" I  have attached the block
> > > device to it, seems to be good  ... But after ? How to mount it ??
> > > 
> > > Thx
> > > 
> > 
> > It's probably mounted as /dev/xvdi (you can check with qvm-block).
> > So, in vm-test, try something like:
> > 
> > $ sudo cryptsetup open /dev/xvdi hdd
> >   
> > $ sudo mount /dev/mapper/hdd /mnt/removable
> > $ cd /mnt/removable
> > $ ls
> > 
> > - -- 
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> > -BEGIN PGP SIGNATURE-
> > 
> > iQIcBAEBCgAGBQJYjG4DAAoJENtN07w5UDAwQO0QAMPg3I4YoMMxMRcJSt6ds8/i
> > qdTXOg5YrG9dglctSfK9FWdr066wdar/8k7R9DIyX/ndg8p9sfPXq8Gdlzw0KiEH
> > G6kLAXVZN4qQ4fQYnMhZE6AhUlj6ZjsPA6+BUr4NyzoCyd0z0wfhyvm2ulR8VoUA
> > /FiZOFYWQ2oFnJed4LUV3KgaT9TOo969zbZ306KsFUV6CqZw38My4B8qfqr0/qC4
> > RklCHG/D230AXAq9PtOY1wH/sCbNFR8wqnUoNIIT+qPxWtnXZFtcNZuqmiKiSDAB
> > WdlnJEJ0ktDRT99RhrIcnTDLBXel/e0l9Y6YtV+spVPhPdPMRcppeyQzboAtPTfw
> > UfA4wri5KuDROgJ5RpopkfyXyEJz7yWg8hQXyfqRKf+IDoIHxEyhYA8v0CDBjACT
> > 3zu7SFn21ki9N94SV7wTL0ODQjVTNtrtlHB/jrs2/s0HVacxIxOm9DbuDdCAHNqO
> > OAj+NjSNa2jcXlF1/l24hsEAabBVMUrPhtPeaw7WoTxkADv1KM5lNUS4mcYhwsPg
> > BfLjtsTcaYKRQaxi26WcAzdem2kUhHG31RzSAEAuHXTC0S+aEJv3UgAf++Xhn/F2
> > nBgYV2hz5WlU6u5OdBLQppUXPEuwKhwp7Um5hUKHFN3+eYK9sPWbK2JpYc2i2lSs
> > Qc4E/xMl/TLaJd1IHMfX
> > =xkVz
> > -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df0145b2-5fbc-4ad9-b77e-67722b71dd8b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Mouse and Keyboard Stuck After USB Qube

2017-01-28 Thread Mits Levojohn
I had the same issue.

This helped me: https://github.com/QubesOS/qubes-issues/issues/2270

Basically, I modified the xen.cfg to remove the entry that hides the usb 
controller from dom0 - rd.qubes.hide_all_usb

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a03541c2-2208-4d1b-bcd5-58eba79ecdf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread ThierryIT
qvm-block  command not found ... ??
I am right to do  it  from my vm-test ?

Thx

Le samedi 28 janvier 2017 12:10:26 UTC+2, Andrew David Wong a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-01-28 01:45, ThierryIT wrote:
> > Hi,
> > 
> > I have installed with success  Qubes 3.2  on my Lenovo W520. I ma
> > bit by bit playing  with it. I would like to have access to my  old
> > encrypted hard drive, still do remember the passphrase :) I have
> > build a new vm, let's call it "vm-test" I  have attached the block
> > device to it, seems to be good  ... But after ? How to mount it ??
> > 
> > Thx
> > 
> 
> It's probably mounted as /dev/xvdi (you can check with qvm-block).
> So, in vm-test, try something like:
> 
> $ sudo cryptsetup open /dev/xvdi hdd
>   
> $ sudo mount /dev/mapper/hdd /mnt/removable
> $ cd /mnt/removable
> $ ls
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJYjG4DAAoJENtN07w5UDAwQO0QAMPg3I4YoMMxMRcJSt6ds8/i
> qdTXOg5YrG9dglctSfK9FWdr066wdar/8k7R9DIyX/ndg8p9sfPXq8Gdlzw0KiEH
> G6kLAXVZN4qQ4fQYnMhZE6AhUlj6ZjsPA6+BUr4NyzoCyd0z0wfhyvm2ulR8VoUA
> /FiZOFYWQ2oFnJed4LUV3KgaT9TOo969zbZ306KsFUV6CqZw38My4B8qfqr0/qC4
> RklCHG/D230AXAq9PtOY1wH/sCbNFR8wqnUoNIIT+qPxWtnXZFtcNZuqmiKiSDAB
> WdlnJEJ0ktDRT99RhrIcnTDLBXel/e0l9Y6YtV+spVPhPdPMRcppeyQzboAtPTfw
> UfA4wri5KuDROgJ5RpopkfyXyEJz7yWg8hQXyfqRKf+IDoIHxEyhYA8v0CDBjACT
> 3zu7SFn21ki9N94SV7wTL0ODQjVTNtrtlHB/jrs2/s0HVacxIxOm9DbuDdCAHNqO
> OAj+NjSNa2jcXlF1/l24hsEAabBVMUrPhtPeaw7WoTxkADv1KM5lNUS4mcYhwsPg
> BfLjtsTcaYKRQaxi26WcAzdem2kUhHG31RzSAEAuHXTC0S+aEJv3UgAf++Xhn/F2
> nBgYV2hz5WlU6u5OdBLQppUXPEuwKhwp7Um5hUKHFN3+eYK9sPWbK2JpYc2i2lSs
> Qc4E/xMl/TLaJd1IHMfX
> =xkVz
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0040e4c8-c292-4958-b923-95553997a136%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-28 01:45, ThierryIT wrote:
> Hi,
> 
> I have installed with success  Qubes 3.2  on my Lenovo W520. I ma
> bit by bit playing  with it. I would like to have access to my  old
> encrypted hard drive, still do remember the passphrase :) I have
> build a new vm, let's call it "vm-test" I  have attached the block
> device to it, seems to be good  ... But after ? How to mount it ??
> 
> Thx
> 

It's probably mounted as /dev/xvdi (you can check with qvm-block).
So, in vm-test, try something like:

$ sudo cryptsetup open /dev/xvdi hdd
  
$ sudo mount /dev/mapper/hdd /mnt/removable
$ cd /mnt/removable
$ ls

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYjG4DAAoJENtN07w5UDAwQO0QAMPg3I4YoMMxMRcJSt6ds8/i
qdTXOg5YrG9dglctSfK9FWdr066wdar/8k7R9DIyX/ndg8p9sfPXq8Gdlzw0KiEH
G6kLAXVZN4qQ4fQYnMhZE6AhUlj6ZjsPA6+BUr4NyzoCyd0z0wfhyvm2ulR8VoUA
/FiZOFYWQ2oFnJed4LUV3KgaT9TOo969zbZ306KsFUV6CqZw38My4B8qfqr0/qC4
RklCHG/D230AXAq9PtOY1wH/sCbNFR8wqnUoNIIT+qPxWtnXZFtcNZuqmiKiSDAB
WdlnJEJ0ktDRT99RhrIcnTDLBXel/e0l9Y6YtV+spVPhPdPMRcppeyQzboAtPTfw
UfA4wri5KuDROgJ5RpopkfyXyEJz7yWg8hQXyfqRKf+IDoIHxEyhYA8v0CDBjACT
3zu7SFn21ki9N94SV7wTL0ODQjVTNtrtlHB/jrs2/s0HVacxIxOm9DbuDdCAHNqO
OAj+NjSNa2jcXlF1/l24hsEAabBVMUrPhtPeaw7WoTxkADv1KM5lNUS4mcYhwsPg
BfLjtsTcaYKRQaxi26WcAzdem2kUhHG31RzSAEAuHXTC0S+aEJv3UgAf++Xhn/F2
nBgYV2hz5WlU6u5OdBLQppUXPEuwKhwp7Um5hUKHFN3+eYK9sPWbK2JpYc2i2lSs
Qc4E/xMl/TLaJd1IHMfX
=xkVz
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d06d81df-a635-4ffc-a07c-081471146288%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] mounting external encrypted (LUKS-debian8) hard drive ??

2017-01-28 Thread ThierryIT
Hi,

I have installed with success  Qubes 3.2  on my Lenovo W520.
I ma bit by bit playing  with it.
I would like to have access to my  old encrypted hard drive, still do remember 
the passphrase :)
I have build a new vm, let's call it "vm-test" I  have attached the block 
device to it, seems to be good  ... But after ? How to mount it ??

Thx 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b7cda34-2325-4df6-89b4-665ea0a8f408%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.