Re: [qubes-users] Re: UEFI Troubleshooting workaround does not work

2017-09-17 Thread Swâmi Petaramesh
Hi,

Le 17/09/2017 à 16:51, Patrick Schleizer a écrit :
> That guide totally does not apply. It starts with "1/ You will need to
> install Qubes in UEFI mode, *NOT* BIOS/CSM mode". Doesn't fly - cannot
> boot Qubes anyhow.

Well... Your issue is an UEFI issue, my post explained how to try and
solve a serious UEFI issue and boot Qubes in UEFI mode on a system that
doesn't want to, but if you're sure it is irrelevant ;-)

Regards.

ॐ

-- 
Swâmi Petaramesh  PGP 9076E32E

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/286b2091-8c95-279e-adbe-012f1a6b2e1c%40petaramesh.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Setting up firewall for mail and seeing traffic for individual appvms?

2017-09-17 Thread Unman
On Sun, Sep 17, 2017 at 11:46:53PM +0200, Stumpy wrote:
> 
> 
> On 17.09.2017 23:41, Frosty wrote:
> > Hi Stumpy,
> > 
> > Are you using sys-whonix to enter the internet? If yes you probably
> > have to open port 9000 on the firewall, because tor traffic goes
> > trough port 9000
> > 
> > 
> > Regards.
> > 
> > 
> > On 09/17/2017 11:36 PM, Stumpy wrote:
> > > 
> > > 
> > > On 17.09.2017 23:34, Stumpy wrote:
> > > > One of the many things on my checklist is to setup some of my appvms
> > > > with proper fw rules. I thought I'd start with gmail that I use
> > > > with a
> > > > mail client. I thought it would just be:
> > > > smtp.gmail.com
> > > > imap.gmail.com
> > > > and set it for smtp and imap services using tcp protocol.
> > > > Afaik those are the two servers that the client connects to, its what
> > > > I have set in my client but it seems I haven't set something right
> > > > because the client can't send/recive anything.
> > > > 
> > > > So two questions:
> > > > 1) Is there something I am missing with the above settings and
> > > > 2) Is there a way I can see the incomming/outgoing traffic for this
> > > > one appvm? (which I am guessing would help give me a better idea of
> > > > what servers/addresses I need to add to my firewall).
> > > 
> > > duh. I forgot to also mention that I do have the "deny network
> > > access except" raido button chked
> > > 
> 
> 
> Hi Frosty,
> 
> Thx 4 that.
> 
> in This case I am not using whonix but I did plan on setting up some of my
> whnx appvms/firewalls later so that might come in handy.
> Regarding ports, is there a GUI way to add ports, ie vm manager -> firewall
> dialog box, or does that require editing ip tables?
> 
> Cheers

Hi Stumpy

One problem that you face is that those names map to a number of
different IP addresses.
When you use a name in the firewall editor it is resolved when you set
up the rule to 1 IP address. You should therefore make a note of the IP
addresses and use them in the editor. 

The entries you make here are reflected in the FORWARD chain of the
proxy upstream. You can inspect these by opening a terminal in that qube
(e.g sys-firewall) and using 'iptables -L -nv' - look in the FORWARD
chain and you sill see entries for the mail qube. You should also be
able to see the counters incrementing when you try to make a connection.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170917234512.zlyoq7m2vla7dkjs%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Setting up firewall for mail and seeing traffic for individual appvms?

2017-09-17 Thread Stumpy



On 17.09.2017 23:41, Frosty wrote:

Hi Stumpy,

Are you using sys-whonix to enter the internet? If yes you probably
have to open port 9000 on the firewall, because tor traffic goes
trough port 9000


Regards.


On 09/17/2017 11:36 PM, Stumpy wrote:



On 17.09.2017 23:34, Stumpy wrote:

One of the many things on my checklist is to setup some of my appvms
with proper fw rules. I thought I'd start with gmail that I use with 
a

mail client. I thought it would just be:
smtp.gmail.com
imap.gmail.com
and set it for smtp and imap services using tcp protocol.
Afaik those are the two servers that the client connects to, its what
I have set in my client but it seems I haven't set something right
because the client can't send/recive anything.

So two questions:
1) Is there something I am missing with the above settings and
2) Is there a way I can see the incomming/outgoing traffic for this
one appvm? (which I am guessing would help give me a better idea of
what servers/addresses I need to add to my firewall).


duh. I forgot to also mention that I do have the "deny network access 
except" raido button chked





Hi Frosty,

Thx 4 that.

in This case I am not using whonix but I did plan on setting up some of 
my whnx appvms/firewalls later so that might come in handy.
Regarding ports, is there a GUI way to add ports, ie vm manager -> 
firewall dialog box, or does that require editing ip tables?


Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/165ba467f157bff34a20bf30f3a83c8f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Setting up firewall for mail and seeing traffic for individual appvms?

2017-09-17 Thread Stumpy



On 17.09.2017 23:34, Stumpy wrote:

One of the many things on my checklist is to setup some of my appvms
with proper fw rules. I thought I'd start with gmail that I use with a
mail client. I thought it would just be:
smtp.gmail.com
imap.gmail.com
and set it for smtp and imap services using tcp protocol.
Afaik those are the two servers that the client connects to, its what
I have set in my client but it seems I haven't set something right
because the client can't send/recive anything.

So two questions:
1) Is there something I am missing with the above settings and
2) Is there a way I can see the incomming/outgoing traffic for this
one appvm? (which I am guessing would help give me a better idea of
what servers/addresses I need to add to my firewall).


duh. I forgot to also mention that I do have the "deny network access 
except" raido button chked


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/acc6f273d84524a42afe101cf7874255%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Setting up firewall for mail and seeing traffic for individual appvms?

2017-09-17 Thread Stumpy
One of the many things on my checklist is to setup some of my appvms 
with proper fw rules. I thought I'd start with gmail that I use with a 
mail client. I thought it would just be:

smtp.gmail.com
imap.gmail.com
and set it for smtp and imap services using tcp protocol.
Afaik those are the two servers that the client connects to, its what I 
have set in my client but it seems I haven't set something right because 
the client can't send/recive anything.


So two questions:
1) Is there something I am missing with the above settings and
2) Is there a way I can see the incomming/outgoing traffic for this one 
appvm? (which I am guessing would help give me a better idea of what 
servers/addresses I need to add to my firewall).


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0bf93a0ccef605323493a1985fdd55f3%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Installing app on template when it requires signing?

2017-09-17 Thread Stumpy



On 17.09.2017 18:53, Unman wrote:

On Sun, Sep 17, 2017 at 04:00:15PM +0200, Stumpy wrote:

Yeah that worked. Thx!

Just for my own education, why does the fw allow me to install other 
things

via apt-get but not via apt-key? Is it just a question of rules?

On 17.09.2017 03:52, Franz wrote:
> On Sat, Sep 16, 2017 at 10:12 PM, Stumpy  wrote:
>
> > I tried installing sonarr and it apparently requires that the repo
> > be signed. I thought no problem until I tried:
> > sudo apt-key adv --keyserver keyserver.ubuntu.com [1]
> > --recv-keys FDA5DFFC
> > and I got:
> > gpg: keyserver receive failed: No route to host
> > I figure I should be able to download the key from appvm but am not
> > sure how to do that as I tried the "sudo apt-ket" line from above
> > and I guess it installed the key on the appvm instead of dl'd it, or
> > perhaps it dl'd it but I don't know to where.
> > Thoughts on how to get around this?
>
> Try to open the firewall on template for 5 minute, there a flag on
> Qubes Manager
>


I know this worked, but it's not necessary and not good practice.

The Templates , by default, are restricted to connecting to the update
proxy service on an upstream qube. (This is tinyproxy.)
If you look here you will find an explanation of this:
www.qubes-os.org/doc/software-update-vm in the "Updates proxy" section.

On the template you are updating there is a qubes-proxy file in
/etc/apt/apt.conf.d/01qubes-proxy. If you look at that fie you will see
that it contains a directive for apt to use the proxy for Acquire::http
That's why apt-get works.

apt-key doesn't reference this file, which is why it's blocked by the
firewall.
You can force use of a proxy calling apt-key like this:
"apt-key adv --keyserver-options http-proxy=http://proxy:port...;

What's wrong with opening the firewall? Beside the fact that you are
potentially compromising the template, (and so all qubes based on it),
there's a bug which means that the firewall doesn't reset after 5
minutes but remains open.

What's the alternative? A simple solution would be to download the key
in a disposableVM (or two using different sources), and then copy it to
the Template using qvm-copy. Most keyservers offer a searchable web
interface to help you find the key you want.
An advantage of doing this is that you are training yourself to use
Qubes to enhance your security. So if you have a work email qube that
is restricted to the mail server at work, you wont be tempted to open 
up

the firewall because you know there's a better way.

unman



Thanks for the detailed explaination, really appreciate it.

I had tried to dl the key but I guess I just don't understand it well 
enough as I wasn't able to make it work (though knowing that there might 
be a search on the site to look for the key might change things).


You menionted restricting a vm to specific servers, I actually meant to 
ask about that but have kept forgetting. I would very much like to 
restrict a few of my VMs. It wasn't obvious to me exactly how one would 
do that though? Would that be via the vm manager -> settings -> firewall 
rules?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af379a24c57a7833ff6ef7ed6fdb49df%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Help installing Qubes on 13" Macbook Pro 2012 (non-Retina)

2017-09-17 Thread mb2407
Hi there,
I'm attempting to install this wonderful OS on my 2012 non-Retina Macbook Pro 
13". Unfortunately I can't find any entry for this machine on the HCL or in the 
Mac troubleshooting tips on the Qubes site. I've also searched Github, reddit 
and this  Google Group for help, but to no avail.

I've also tried to piece together advice from the Google Group and the Mac 
troubleshooting tips for Macbook Airs of a similar age and have got this far:

 - Qubes 3.2 on a USB2.0 drive (not USB3.0)

 - Booting from rEFInd first


When I boot from rEFInd and choose "Boot EFI\BOOT\xen.efi from ANACONDA" I get 
the four penguins and "efi: EFI_MEMMAP is not enabled" and "esrt: ESRT header 
is not in the memory map". Because the solutions for these problems require 
changing a lot of EFI options that Mac users don't have access to, I've decided 
BIOS booting is the way forward.

Again from rEFInd, when I choose "Boot Fallback boot loader from ANACONDA" I 
get the screen where one can choose to boot, check the media and boot or rescue 
a system. If I choose any of these the screen flashes and I'm dumped back at 
the same screen. This is also what I get without rEFInd

Last option from rEFInd - when I choose "Boot Legacy OS from whole disk Volume" 
I get what looks to be a typical GRUB boot screen (in blue, with the Qubes 
logo). "Install Qubes R3.2", "Test this media and install Qubes R3.2" and 
"Troubleshooting -> Install Qubes R3.2 in basic graphics mode" all result in 
exactly the same thing:
Loading xen.gz... ok Loading vmlinuz... ok Loading initrd.img... ok
And then nothing more. The cursor sits and blinks at me. Booting without 
'quiet' as a command line argument also doesn't give further details.

Does anybody have any ideas or is there something I have overlooked?

This machine is more than capable of running Qubes (dual SSDs and 16GB of RAM). 
I'd hate to have to get a new machine just for running Qubes.

Any help or ideas hugely appreciated.

thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0516a13-a204-462d-995a-627a52dd779e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Installing app on template when it requires signing?

2017-09-17 Thread Unman
On Sun, Sep 17, 2017 at 04:00:15PM +0200, Stumpy wrote:
> Yeah that worked. Thx!
> 
> Just for my own education, why does the fw allow me to install other things
> via apt-get but not via apt-key? Is it just a question of rules?
> 
> On 17.09.2017 03:52, Franz wrote:
> > On Sat, Sep 16, 2017 at 10:12 PM, Stumpy  wrote:
> > 
> > > I tried installing sonarr and it apparently requires that the repo
> > > be signed. I thought no problem until I tried:
> > > sudo apt-key adv --keyserver keyserver.ubuntu.com [1]
> > > --recv-keys FDA5DFFC
> > > and I got:
> > > gpg: keyserver receive failed: No route to host
> > > I figure I should be able to download the key from appvm but am not
> > > sure how to do that as I tried the "sudo apt-ket" line from above
> > > and I guess it installed the key on the appvm instead of dl'd it, or
> > > perhaps it dl'd it but I don't know to where.
> > > Thoughts on how to get around this?
> > 
> > Try to open the firewall on template for 5 minute, there a flag on
> > Qubes Manager
> > 

I know this worked, but it's not necessary and not good practice.

The Templates , by default, are restricted to connecting to the update
proxy service on an upstream qube. (This is tinyproxy.)
If you look here you will find an explanation of this:
www.qubes-os.org/doc/software-update-vm in the "Updates proxy" section.

On the template you are updating there is a qubes-proxy file in
/etc/apt/apt.conf.d/01qubes-proxy. If you look at that fie you will see
that it contains a directive for apt to use the proxy for Acquire::http
That's why apt-get works.

apt-key doesn't reference this file, which is why it's blocked by the
firewall.
You can force use of a proxy calling apt-key like this:
"apt-key adv --keyserver-options http-proxy=http://proxy:port...;

What's wrong with opening the firewall? Beside the fact that you are
potentially compromising the template, (and so all qubes based on it),
there's a bug which means that the firewall doesn't reset after 5
minutes but remains open.

What's the alternative? A simple solution would be to download the key
in a disposableVM (or two using different sources), and then copy it to
the Template using qvm-copy. Most keyservers offer a searchable web
interface to help you find the key you want.
An advantage of doing this is that you are training yourself to use
Qubes to enhance your security. So if you have a work email qube that
is restricted to the mail server at work, you wont be tempted to open up
the firewall because you know there's a better way.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170917165304.nolbegc5anndd4ql%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fixing BOOT of Qubes OS

2017-09-17 Thread Unman
On Sun, Sep 17, 2017 at 06:31:02AM -0700, damm swing wrote:
> On Friday, September 15, 2017 at 11:31:33 PM UTC+2, Stanislav Serdyuk wrote:
> > Good afternoon, 
> > 
> > 
> > 
> > 
> > 
> > I had working qubes OS, everything worked as it should, and then I 
> > installed ubuntu on separate partition 
> > 
> > 
> > 
> > Ubuntu replaced Qubes bootloader with GRUB and now I cannot make Qubes 
> > working again
> > 
> > 
> > 
> > 
> > 
> > Qubes OS is located on encrypted partition, I can see it when I am 
> > inserting Qubes Install USB (boot located on sda3)
> > 
> > 
> > 
> > 
> > 
> > On qubes website I can see how to fix it if it's UEFI, but in my case it's 
> > in legacy boot
> > 
> > 
> > 
> > 
> > 
> > I can load rescue mode, and it is locating qubes os on partition and I have 
> > ability to mount /mnt/sysimage
> > 
> > 
> > 
> > 
> > 
> > I am not that professional to fix it further, I hope you can help me, 
> > please advise how to fix it.
> > 
> > 
> > 
> > 
> > 
> > I would simply reinstall Qubes, but I have important files inside of old 
> > system.
> > 
> > 
> > 
> > 
> > 
> > You are the great guys, and I really appreciate the work you are doing for 
> > us - simple users.
> > 
> > 
> > 
> > 
> > Thank you
> > 
> > 
> > 
> > And have a good day
> 
> Remember you make it at your own risk!
> 
> 1)Install Qubes in other hard disk or partition (In this option before you do 
> anything clone your hard disk.).
> 2)In new Qubes create AppVMs on this same names, configurations and templates 
> as in old Qubes. 
> 3)In new Qubes delete private.img for all AppVMs in folder 
> "/var/lib/qubes/appvms".
> 4)Copy private.img for all AppVMs in folder "/var/lib/qubes/appvms" from old 
> Qubes to new Qubes.
> 
> In the future remember to make a backup! You were very lucky that Ubuntu 
> installator did not overwrite your LUKS partition, because then it would be 
> "game over".
> 

You really don't need to reinstall Qubes.
You can load rescue mode and reinstall grub2 from there: the fact this
is legacy boot doesn't matter.
Before you reinstall grub, take a copy of the existing file for the
Ubuntu install - you'll find that in /boot/grub2/grub.cfg. When you
reinstall it *should* find the Ubuntu partition but just in case you
will  have the information there and can manually add it later.

Have you looked at www.qubes-os.org/doc/multiboot ?

Oh, and do make sure you have a backup, as damn swing says.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170917161752.4wnc3apoachavzgj%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Connect to LAN while VPN is running?

2017-09-17 Thread damm swing
On Sunday, September 17, 2017 at 5:56:44 PM UTC+2, Stumpy wrote:
> I have noticed that I can't connect to my home server on my LAN when the 
> VPN vm is running, or at least can't connect to the LAN using AppVMs 
> that are using the VPN netvm.
> 
> Is there a way I can make an exception or something similar to make it 
> so that at least a few of my AppVMs can access the lan?

AppVM1-->Proxy VPN VM>sys-firewall>sys-net--->Router--->Internet
  | |
AppVM2- --->Home server

>From AppVM2 you can connect to Home Server.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e286cac-0bdf-4b91-80d4-59df447e50b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Connect to LAN while VPN is running?

2017-09-17 Thread Chris Laprise

On 09/17/2017 11:56 AM, Stumpy wrote:
I have noticed that I can't connect to my home server on my LAN when 
the VPN vm is running, or at least can't connect to the LAN using 
AppVMs that are using the VPN netvm.


Is there a way I can make an exception or something similar to make it 
so that at least a few of my AppVMs can access the lan?




There have been a couple discussions about this in the past. In general, 
the best way to handle this securely is to connect your LAN-using AppVMs 
to a non-VPN proxyVM (sys-firewall for example) instead of the VPN VM.


--

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46c42350-77bb-a381-aa10-4938f1702f96%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] R4.0-rc1 on T470: unable to boot (reboot loop)

2017-09-17 Thread rysiek
Dnia Saturday, September 16, 2017 3:16:16 PM CEST rysiek pisze:
> Selecting any of the two options in GRUB ends up rebooting the device. Tried
> removing "quiet" from kernel options, nothing changed. Any suggestions on
> how can I get some debugging output?

Problem solved.

For the record, the solution was removing `iommu=no-igfx` from Xen params. 
Without it, R4-rc1 boots fine on a T470.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35019748.LKnDF4ot2K%40lapuntu.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: This is a digitally signed message part.


[qubes-users] Connect to LAN while VPN is running?

2017-09-17 Thread Stumpy
I have noticed that I can't connect to my home server on my LAN when the 
VPN vm is running, or at least can't connect to the LAN using AppVMs 
that are using the VPN netvm.


Is there a way I can make an exception or something similar to make it 
so that at least a few of my AppVMs can access the lan?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c507775bfb2236491b22afe072e728ce%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: UEFI Troubleshooting workaround does not work

2017-09-17 Thread Patrick Schleizer
Mirosław Wojciechowski:
> W dniu niedziela, 17 września 2017 12:35:40 UTC+2 użytkownik Patrick 
> Schleizer napisał:
>> Hi!
>>
>> Got a new notebook. Tried to install Qubes R3.2 as well as Qubes R4 RC1
>> but failed so far.
>>
>> Got this
>>
>> Filepath:
>> ACPI(a0341d0,0)/PCI(2,1f)/UnknownMessaging(12)/File(/EFI/Boot)/file(Xen.efi)/EndEntire
>>
>> boot loop bug. The workarround
>> https://www.qubes-os.org/doc/uefi-troubleshooting/ does not help. Still
>> a boot loop. Tried installation from USB as well as DVD.
>>
>> And I couldn't find a legacy boot option in the BIOS.
>>
>> For comparison, an Ubuntu dvd booted.
>>
>> Meaning, no Qubes for that notebook?
>>
>> So the only option left nowadays is "when you buy a new notebook, make
>> sure it supports legacy boot"?
>>
>> Cheers,
>> Patrick
> 
> You can try these steps from this post: 
> https://groups.google.com/forum/#!topic/qubes-users/ZFZT7mQNeWY
> 
> Regards
> 

That guide totally does not apply. It starts with "1/ You will need to
install Qubes in UEFI mode, *NOT* BIOS/CSM mode". Doesn't fly - cannot
boot Qubes anyhow.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4de8bc1-14e9-9f34-aeb8-651e358611ef%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Installing app on template when it requires signing?

2017-09-17 Thread Stumpy

Yeah that worked. Thx!

Just for my own education, why does the fw allow me to install other 
things via apt-get but not via apt-key? Is it just a question of rules?


On 17.09.2017 03:52, Franz wrote:

On Sat, Sep 16, 2017 at 10:12 PM, Stumpy  wrote:


I tried installing sonarr and it apparently requires that the repo
be signed. I thought no problem until I tried:
sudo apt-key adv --keyserver keyserver.ubuntu.com [1]
--recv-keys FDA5DFFC
and I got:
gpg: keyserver receive failed: No route to host
I figure I should be able to download the key from appvm but am not
sure how to do that as I tried the "sudo apt-ket" line from above
and I guess it installed the key on the appvm instead of dl'd it, or
perhaps it dl'd it but I don't know to where.
Thoughts on how to get around this?


Try to open the firewall on template for 5 minute, there a flag on
Qubes Manager


--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit


https://groups.google.com/d/msgid/qubes-users/d5ca1c2642219e5e2a858e260eeaca61%40posteo.net

[2].
For more options, visit https://groups.google.com/d/optout [3].




Links:
--
[1] http://keyserver.ubuntu.com
[2]
https://groups.google.com/d/msgid/qubes-users/d5ca1c2642219e5e2a858e260eeaca61%40posteo.net
[3] https://groups.google.com/d/optout


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fd284a73c34e0acc05329914e03af59%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fixing BOOT of Qubes OS

2017-09-17 Thread damm swing
On Friday, September 15, 2017 at 11:31:33 PM UTC+2, Stanislav Serdyuk wrote:
> Good afternoon, 
> 
> 
> 
> 
> 
> I had working qubes OS, everything worked as it should, and then I installed 
> ubuntu on separate partition 
> 
> 
> 
> Ubuntu replaced Qubes bootloader with GRUB and now I cannot make Qubes 
> working again
> 
> 
> 
> 
> 
> Qubes OS is located on encrypted partition, I can see it when I am inserting 
> Qubes Install USB (boot located on sda3)
> 
> 
> 
> 
> 
> On qubes website I can see how to fix it if it's UEFI, but in my case it's in 
> legacy boot
> 
> 
> 
> 
> 
> I can load rescue mode, and it is locating qubes os on partition and I have 
> ability to mount /mnt/sysimage
> 
> 
> 
> 
> 
> I am not that professional to fix it further, I hope you can help me, please 
> advise how to fix it.
> 
> 
> 
> 
> 
> I would simply reinstall Qubes, but I have important files inside of old 
> system.
> 
> 
> 
> 
> 
> You are the great guys, and I really appreciate the work you are doing for us 
> - simple users.
> 
> 
> 
> 
> Thank you
> 
> 
> 
> And have a good day

Remember you make it at your own risk!

1)Install Qubes in other hard disk or partition (In this option before you do 
anything clone your hard disk.).
2)In new Qubes create AppVMs on this same names, configurations and templates 
as in old Qubes. 
3)In new Qubes delete private.img for all AppVMs in folder 
"/var/lib/qubes/appvms".
4)Copy private.img for all AppVMs in folder "/var/lib/qubes/appvms" from old 
Qubes to new Qubes.

In the future remember to make a backup! You were very lucky that Ubuntu 
installator did not overwrite your LUKS partition, because then it would be 
"game over".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6da65f25-c15b-4a32-bdc7-c830718e642d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: UEFI Troubleshooting workaround does not work

2017-09-17 Thread Mirosław Wojciechowski
W dniu niedziela, 17 września 2017 12:35:40 UTC+2 użytkownik Patrick Schleizer 
napisał:
> Hi!
> 
> Got a new notebook. Tried to install Qubes R3.2 as well as Qubes R4 RC1
> but failed so far.
> 
> Got this
> 
> Filepath:
> ACPI(a0341d0,0)/PCI(2,1f)/UnknownMessaging(12)/File(/EFI/Boot)/file(Xen.efi)/EndEntire
> 
> boot loop bug. The workarround
> https://www.qubes-os.org/doc/uefi-troubleshooting/ does not help. Still
> a boot loop. Tried installation from USB as well as DVD.
> 
> And I couldn't find a legacy boot option in the BIOS.
> 
> For comparison, an Ubuntu dvd booted.
> 
> Meaning, no Qubes for that notebook?
> 
> So the only option left nowadays is "when you buy a new notebook, make
> sure it supports legacy boot"?
> 
> Cheers,
> Patrick

You can try these steps from this post: 
https://groups.google.com/forum/#!topic/qubes-users/ZFZT7mQNeWY

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e793af2f-8d0d-40c1-aa7d-d02a8f63892c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] UEFI Troubleshooting workaround does not work

2017-09-17 Thread Patrick Schleizer
Hi!

Got a new notebook. Tried to install Qubes R3.2 as well as Qubes R4 RC1
but failed so far.

Got this

Filepath:
ACPI(a0341d0,0)/PCI(2,1f)/UnknownMessaging(12)/File(/EFI/Boot)/file(Xen.efi)/EndEntire

boot loop bug. The workarround
https://www.qubes-os.org/doc/uefi-troubleshooting/ does not help. Still
a boot loop. Tried installation from USB as well as DVD.

And I couldn't find a legacy boot option in the BIOS.

For comparison, an Ubuntu dvd booted.

Meaning, no Qubes for that notebook?

So the only option left nowadays is "when you buy a new notebook, make
sure it supports legacy boot"?

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c16bf935-728d-66ea-2abf-834a414470b1%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Linux Mint VM

2017-09-17 Thread info
Does anyone have a tutorial to linux mint or should this be set strictly as an 
HVM?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20c6d208-3d48-49ac-bf3e-fbf44b5d5691%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.