[qubes-users] Can't login to VM after upgrade to fedora 26

2017-10-12 Thread nicholas roveda
I've upgraded a fedora-25 template in R4.0 rc1/current-testing to fedora-26 and 
now the VM stops at login(tty1).
It doesn't let me login as 'user', but only as root and after few seconds being 
root, the VM shutdowns.

Upgrade commands:
`sudo dnf clean all`
`sudo dnf --best --allowerasing --releasever=26 distro-sync`

Is there any way to fix the Template?
And what about the trimming, since `qvm-trim-template` is gone?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05fc01b7-1bed-46b8-bff6-a0f9ce73d1c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] How to export (H)VMs from Qubes/Xen to VMware vSphere

2017-10-12 Thread '[799]' via qubes-users
Hello,

Currently I still need to run a 2nd OS to use VMware Workstation to 
prepare/test VMs/Setup for customers.

I'd like to prepare VMs in Qubes and then migrate/export them to the customers 
environment which are mostly based on VMware vSphere/ESXi.

Questions:

a) How can I get a (H)VM out of Qubes into a VMware VM. If I know what to do, I 
can script this to get a good workflow.
Worst Case Szenario would be to backup the VM, then manually create a new VM in 
vSphere, boot with a live Linux and recover the VM - so mainly migrating the 
harddrive from Qubes/Xen to a VMware .vmdk/virtual harddrive

Other possible approach:

b) Is it possible to do "nested virtualization" and create something like a 
'monster-VM" in Qubes in which I install VMware Workstation or ESXi to 
prepare/test VMs and then export them from there?

c) Do you have any other idea how to use Qubes as primary OS to provision VMs 
locally and migrate them to vSphere/ESXi at the end of the workflow?
Or is this task not solveable in a good way with Qubes?

Working with Qubes at the customer location would greatly improve security for 
both sides as I can use separate VMs for each customer or work with disposable 
VMs when connecting to the network.p

Kind regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/P_biCS1Ene0bEltrviezlrT-b4crULnwAB-RglLyZjZygOs6RMfcMJxHxBX4wbYGDnpv35-ZdbKXWy_ND8Eiw2PJkw9RJHtoOHZ4Ew-tRxo%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Install a CentOS HVM with a debug-window = mo seamless mode

2017-10-12 Thread '[799]' via qubes-users
Hello,

I'd like to switch from using VMware Workstation to Qubes to test/specific 
software for customers.

I want to setup a CentOS HVM and created a HVM, attached a CentOS minimal ISO 
and installed it without any problem.
After restart I was unable to get a Terminal window as qrexec is not installed.
I tried to boot into a normal "HVM-window" by disabling seamless mode and 
enabling Debug mode, but I could get any window.

Questions:

a) how can I get a terminal window to install additional applications

b) can I install the missing Qubes parts later on to get seamless mode working 
and to launch applications from dom0 (qrexec...)

c) is it possible to create a standalone HVM based on an existing Qubes 
template?

Kind regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/_H47YaQn22zqiQmrQA_p4eEGj62YaNX4QhfL30eKrQJ67F6eiyAnRrylsegJhmCMKJ-Vh0-VDGCG3fsNqKY_ezs7Mfp3HN75CQmD3F0CYLE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: off topic - invite codes to 'riseup'

2017-10-12 Thread jeggeidgt21
I need riseup invite code please..
jeggeidg...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29e67dd5-2a8d-4dea-b0c4-8ba420d3ad3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Turn off quiet boot? [SOLVED]

2017-10-12 Thread Ron Hunter-Duvar

On 10/12/2017 12:37 AM, Patrik Hagara wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/12/2017 01:42 AM, Ron Hunter-Duvar wrote:

Does anyone know how to turn off QubesOs' quiet boot (splash
screen instead of kernel messages)?
...
This is with EFI booting. No grub (don't even have a grub.cfg file
in /boot).

Thanks,

Ron


Removing the "rhgb" (historically "Red Hat Graphical Boot") parameter
will result in defaulting to text boot instead of plymouth splash
screen. You can still switch back and forth by pressing Esc.

The "quiet" parameter, as you found out, only affects early kernel
boot messages (before initramfs is mounted and plymouth can be started
started).


Cheers,
Patrik
Thanks, Patrik, that did the trick. Never thought to question what the 
"rhgb" was for.


Ron

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/01cb95ec-1be1-4574-91f7-e9598c1c07ff%40shaw.ca.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Read-only file system in applVM

2017-10-12 Thread Chris Laprise

On 10/12/2017 06:42 AM, Foppe de Haan wrote:

On Wednesday, October 11, 2017 at 10:08:18 PM UTC+2, Chris Laprise wrote:

On 10/11/2017 04:05 PM, Chris Laprise wrote:


I can explain the steps. You may wish to backup your appVM before
continuing.

1. Start a dispVM (I'll call it disp1). Your appVM should not be running.

2. In dom0 run 'qvm-block -A /var/lib/qubes/appvms/yourappvm/private.img'
Substitute 'yourappvm' in above command with the name of your appVM.

Correction: This command should be 'qvm-block -A disp1
dom0:/var/lib/qubes/appvms/yourappvm/private.img'


--
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

just for my information: why not just run that from dom0 directly (e.g. sudo 
fsck /var/lib/qubes/appvms/bla/bla.img)? is there a security risk involved with 
the invocation of fsck?



Actually, yes there is a risk.

--

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48446dad-4edf-9c2d-7bc4-ff06c88e2130%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Error Creating Ubuntu VM in Qubes 3.2

2017-10-12 Thread Ron Hunter-Duvar
On October 12, 2017 4:25:29 PM MDT, Person  wrote:
>l tried the former commands again, with “ls -lh” and “pwd”, but the
>terminal remained unresponsive, even if it was formerly responsive.
>
>So I tried changing the command around a little. The Qubes site
>mentions to enter this command: “qvm-run --pass-io  'cat
>/path/to/file_in_src_domain' > /path/to/file_name_in_dom0”, and I
>realized that I didn’t put in a desired path for the file in dom0. I
>tried using a directory in dom0 that I found, which was
>/home/user/Downloads. When I entered this command, dom0’s response was
>“Usage: qvm-run [options] [] []” and “qvm-run: error: Too
>many arguments”. I’m not too sure what this means, but I believe I
>somehow typed in the command wrong. I typed in “qvm-run —pass-io
>sys-net ‘cat /home/user/Downloads’ /home/user/Downloads”. (The first
>“/home/user/Downloads is the directory in sys-net and the second is the
>directory in dom0.)

Where you show the command you typed, you're missing the output redirection 
(the ">"). So instead of the shell doing the redirection to the file, it passes 
it as an argument to the qvm-run command, resulting in the error you got.

Ron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/60927EFB-EB40-4004-9655-6F035AF74196%40shaw.ca.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Error Creating Ubuntu VM in Qubes 3.2

2017-10-12 Thread Person
l tried the former commands again, with “ls -lh” and “pwd”, but the terminal 
remained unresponsive, even if it was formerly responsive.

So I tried changing the command around a little. The Qubes site mentions to 
enter this command: “qvm-run --pass-io  'cat 
/path/to/file_in_src_domain' > /path/to/file_name_in_dom0”, and I realized that 
I didn’t put in a desired path for the file in dom0. I tried using a directory 
in dom0 that I found, which was /home/user/Downloads. When I entered this 
command, dom0’s response was “Usage: qvm-run [options] [] []” and 
“qvm-run: error: Too many arguments”. I’m not too sure what this means, but I 
believe I somehow typed in the command wrong. I typed in “qvm-run —pass-io 
sys-net ‘cat /home/user/Downloads’ /home/user/Downloads”. (The first 
“/home/user/Downloads is the directory in sys-net and the second is the 
directory in dom0.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/baecc65c-8f65-4522-ba67-8b4529f662dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Mac-Spoofing Doesn’t Work

2017-10-12 Thread Person
Okay, good to know.

I already started downloading Fedora 25, but the “Install” button does not seem 
to work when I click on it. There is no response.

There is a sentence on the bottom that says “It is recommended you back up your 
files first”. I already did back up my Fedora 23 VM, so I don’t understand why 
this is happening.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67268d9f-152c-442c-bda1-40a09d8fb797%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Typefont on Fedora not pixelated

2017-10-12 Thread 'Axel Schwoerer' via qubes-users
Hello.
Typefont on my Fedora template are not pixelated, so it's kinda ugly...Before I 
reinstall Qubes, I've got the same problem and I've solved it but I don't 
remember how...
Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1239213271.1311541.1507837961644%40mail.yahoo.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - Lenovo Yoga 720-13IKB

2017-10-12 Thread Paul Mosier
Hello,

I'm happy to report that Lenovo 720 will run Qubes.  HCL report is attached.

Some notes about getting the machine running:

* The SATA controller must be set to AHCI in the BIOS to enable legacy
boot.  Qubes 3.2 comes with Xen 4.6.6, which doesn't play nice with a pure
UEFI boot.

* Also because of the above, after install you will need to adjust the
default EFI configuration with the instructions here:
https://www.qubes-os.org/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing

* Change dom0 to use the 4.9 kernel to get all the hotkeys & touchscreen
working.  Drop the kernel & initrd files into /boot/efi/EFI/BOOT and change
the top entry of BOOTX64.cfg to use this kernel instead.

* The kernel appears to recognize the camera & Bluetooth, but I haven't
been able to get them to work yet.  Probably some configuration issue on my
part.

* Screen rotation does not appear to work.  The ideapad_laptop kernel
module raises an uncaught event when the screen is folded all the way back
(ie. for tablet mode).  So there's the possibility this will work in the
future, but not right now.

* No TPM chip for AEM.

Everything else works great.

- Paul M

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEagDEUF%3DcKw0qhwnPg4QLpYpm6HcR%2BLqM8LmWX8u0rmhVa%3D%2BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-80X6-20171012-141828.yml
Description: application/yaml


[qubes-users] QSB #34: GUI issue and Xen vulnerabilities (XSA-237 through XSA-244)

2017-10-12 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

We have just published Qubes Security Bulletin (QSB) #34:
GUI issue and Xen vulnerabilities (XSA-237 through XSA-244).
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).

View QSB #34 in the qubes-secpack:



Learn about the qubes-secpack, including how to obtain, verify, and read it:



View all past QSBs:



View the XSA Tracker:



```
 ---===[ Qubes Security Bulletin #34 ]===---

  October 12, 2017


   GUI issue and Xen vulnerabilities (XSA-237 through XSA-244)

Summary


One of our developers, Simon Gaiser (aka HW42), while working on
improving support for device isolation in Qubes 4.0, discovered a
potential security problem with the way Xen handles MSI-capable devices.
The Xen Security Team has classified this problem as XSA-237 [01], which
was published today.

At the same time, the Xen Security Team released several other Xen
Security Advisories (XSA-238 through XSA-244). The impact of these
advisories ranges from system crashes to potential privilege
escalations. However, the latter seem to be mostly theoretical. See our
commentary below for details.

Finally, Eric Larsson discovered a situation in which Qubes GUI
virtualization could allow a VM to produce a window that has no colored
borders (which are used in Qubes as front-line indicators of trust).
A VM cannot use this vulnerability to draw different borders in place of
the correct one, however. We discuss this issue extensively below.

Technical details
==

Xen issues
- ---

Xen Security Advisory 237 [01]:

| Multiple issues exist with the setup of PCI MSI interrupts:
| - unprivileged guests were permitted access to devices not owned by
|   them, in particular allowing them to disable MSI or MSI-X on any
|   device
| - HVM guests can trigger a codepath intended only for PV guests
| - some failure paths partially tear down previously configured
|   interrupts, leaving inconsistent state
| - with XSM enabled, caller and callee of a hook disagreed about the
|   data structure pointed to by a type-less argument
| 
| A malicious or buggy guest may cause the hypervisor to crash, resulting
| in Denial of Service (DoS) affecting the entire host.  Privilege
| escalation and information leaks cannot be excluded.

Xen Security Advisory 238 [02]:

| DMOPs (which were a subgroup of HVMOPs in older releases) allow guests
| to control and drive other guests.  The I/O request server page mapping
| interface uses range sets to represent I/O resources the emulation of
| which is provided by a given I/O request server.  The internals of the
| range set implementation require that ranges have a starting value no
| lower than the ending one.  Checks for this fact were missing.
| 
| Malicious or buggy stub domain kernels or tool stacks otherwise living
| outside of Domain0 can mount a denial of service attack which, if
| successful, can affect the whole system.
| 
| Only domains controlling HVM guests can exploit this vulnerability.
| (This includes domains providing hardware emulation services to HVM
| guests.)

Xen Security Advisory 239 [03]:

| Intercepted I/O operations may deal with less than a full machine
| word's worth of data.  While read paths had been the subject of earlier
| XSAs (and hence have been fixed), at least one write path was found
| where the data stored into an internal structure could contain bits
| from an uninitialized hypervisor stack slot.  A subsequent emulated
| read would then be able to retrieve these bits.
| 
| A malicious unprivileged x86 HVM guest may be able to obtain sensitive
| information from the host or other guests.

Xen Security Advisory 240 [04]:

| x86 PV guests are permitted to set up certain forms of what is often
| called "linear page tables", where pagetables contain references to
| other pagetables at the same level or higher.  Certain restrictions
| apply in order to fit into Xen's page type handling system.  An
| important restriction was missed, however: Stacking multiple layers
| of page tables of the same level on top of one another is not very
| useful, and the tearing down of such an arrangement involves
| recursion.  With sufficiently many layers such recursion will result
| in a stack overflow, commonly resulting in Xen to crash.
| 
| A malicious or buggy PV guest may cause the hypervisor to crash,
| resulting in Denial of Service (DoS) affecting the entire host.
| Privilege escalation and information leaks cannot be excluded.

Xen Security Advisory 241 [05]:

| x86 PV guests effect TLB flushes by way of a hypercall.  Xen tries to
| reduce the number of TLB flushes 

Re: [qubes-users] Read-only file system in applVM

2017-10-12 Thread Foppe de Haan
On Wednesday, October 11, 2017 at 10:08:18 PM UTC+2, Chris Laprise wrote:
> On 10/11/2017 04:05 PM, Chris Laprise wrote:
> > On 10/11/2017 11:00 AM, Franz wrote:
> >>
> >>
> >> On Tue, Oct 10, 2017 at 2:18 PM, Chris Laprise  >> > wrote:
> >>
> >>     On 10/10/2017 02:31 AM, Franz wrote:
> >>
> >>
> >>
> >>     On Mon, Oct 9, 2017 at 9:36 PM, Chris Laprise
> >>     
> >>     >> wrote:
> >>
> >>         On 10/09/2017 08:48 AM, Franz wrote:
> >>
> >>             Hello,
> >>
> >>             Trying to save a long document I got an error.
> >>
> >>             So tried to open a new document to copy there the
> >>     content of
> >>             the older. But it gives an error: read only file system.
> >>
> >>             Any idea why this applVM now decided to be a read only
> >>     file
> >>             system? and if  is there a fix other than rebooting?
> >>             Best
> >>             Fran
> >>
> >>
> >>         It probably means there is a logical inconsistency
> >>     (corruption) in
> >>         that filesystem, or it filled-up. You can avoid the 
> >> latter by
> >>         expanding the Private storage max size in the VM's settings.
> >>
> >>
> >>     It should be corruption, because there is plenty of space.
> >>
> >>     Anyway I had to reboot and after that it worked again even if
> >>     an alert of Python not working appears.
> >>
> >>     Is there some way to fix corruption cases?
> >>     Best
> >>     fran
> >>
> >>
> >>     Using 'fsck' on it might fix it. Before doing that, you may have
> >>     to re-mount the volume as read-only; or you could use qvm-block to
> >>     attach the private.img to a dispVM and then run fsck /dev/xvdi .
> >>
> >>
> >> The second seems easier, but the same I am confused. Is there a 
> >> tutorial somewhere?
> >> Best
> >> Fran
> >>
> >
> > I can explain the steps. You may wish to backup your appVM before 
> > continuing.
> >
> > 1. Start a dispVM (I'll call it disp1). Your appVM should not be running.
> >
> > 2. In dom0 run 'qvm-block -A /var/lib/qubes/appvms/yourappvm/private.img'
> > Substitute 'yourappvm' in above command with the name of your appVM.
> 
> Correction: This command should be 'qvm-block -A disp1 
> dom0:/var/lib/qubes/appvms/yourappvm/private.img'
> 
> 
> -- 
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

just for my information: why not just run that from dom0 directly (e.g. sudo 
fsck /var/lib/qubes/appvms/bla/bla.img)? is there a security risk involved with 
the invocation of fsck?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9a431aa-a0cb-467f-b17f-e78d1d8df282%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora minimal Installation

2017-10-12 Thread Roy Bernat
On Thursday, 12 October 2017 05:22:08 UTC-4, Foppe de Haan  wrote:
> On Thursday, October 12, 2017 at 11:05:44 AM UTC+2, Roy Bernat wrote:
> > Hi All, 
> > 
> > i just downloaded fedora minimal and according to the article i read in 
> > order to get at firts time root access i should use su -  and than install 
> > what i need .   when i use su - it give me password propmt .   is there any 
> > default pass ?   or i am doing something wrong ? 
> > 
> > Thanks
> 
> use 'qvm-run -p -u root VMNAME xterm' from dom0 to gain root access. :)

Thank you very much for your quick response . worked great 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35488b22-06ce-425f-9622-519277ac1f67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Read-only file system in applVM

2017-10-12 Thread Franz
On Wed, Oct 11, 2017 at 5:08 PM, Chris Laprise  wrote:

> On 10/11/2017 04:05 PM, Chris Laprise wrote:
>
>> On 10/11/2017 11:00 AM, Franz wrote:
>>
>>>
>>>
>>> On Tue, Oct 10, 2017 at 2:18 PM, Chris Laprise >> > wrote:
>>>
>>> On 10/10/2017 02:31 AM, Franz wrote:
>>>
>>>
>>>
>>> On Mon, Oct 9, 2017 at 9:36 PM, Chris Laprise
>>> 
>>> >> wrote:
>>>
>>> On 10/09/2017 08:48 AM, Franz wrote:
>>>
>>> Hello,
>>>
>>> Trying to save a long document I got an error.
>>>
>>> So tried to open a new document to copy there the
>>> content of
>>> the older. But it gives an error: read only file system.
>>>
>>> Any idea why this applVM now decided to be a read only
>>> file
>>> system? and if  is there a fix other than rebooting?
>>> Best
>>> Fran
>>>
>>>
>>> It probably means there is a logical inconsistency
>>> (corruption) in
>>> that filesystem, or it filled-up. You can avoid the latter by
>>> expanding the Private storage max size in the VM's settings.
>>>
>>>
>>> It should be corruption, because there is plenty of space.
>>>
>>> Anyway I had to reboot and after that it worked again even if
>>> an alert of Python not working appears.
>>>
>>> Is there some way to fix corruption cases?
>>> Best
>>> fran
>>>
>>>
>>> Using 'fsck' on it might fix it. Before doing that, you may have
>>> to re-mount the volume as read-only; or you could use qvm-block to
>>> attach the private.img to a dispVM and then run fsck /dev/xvdi .
>>>
>>>
>>> The second seems easier, but the same I am confused. Is there a tutorial
>>> somewhere?
>>> Best
>>> Fran
>>>
>>>
>> I can explain the steps. You may wish to backup your appVM before
>> continuing.
>>
>> 1. Start a dispVM (I'll call it disp1). Your appVM should not be running.
>>
>> 2. In dom0 run 'qvm-block -A /var/lib/qubes/appvms/yourappvm/private.img'
>> Substitute 'yourappvm' in above command with the name of your appVM.
>>
>
> Correction: This command should be 'qvm-block -A disp1
> dom0:/var/lib/qubes/appvms/yourappvm/private.img'
>
>
>
Many thanks, it seems easy enough. I ordered some backup medium to backup
everything before trying.
Best
Fran

>
> --
>
> Chris Laprise, tas...@posteo.net
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/qubes-users/fb249663-15fd-bfa3-569c-5dd13eba0454%40posteo.net.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qBkRr2NmQRuGRkJZ4MgcUNYC9Stc7FjpNzTx9dbSa%3D0Og%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora minimal Installation

2017-10-12 Thread Foppe de Haan
On Thursday, October 12, 2017 at 11:05:44 AM UTC+2, Roy Bernat wrote:
> Hi All, 
> 
> i just downloaded fedora minimal and according to the article i read in order 
> to get at firts time root access i should use su -  and than install what i 
> need .   when i use su - it give me password propmt .   is there any default 
> pass ?   or i am doing something wrong ? 
> 
> Thanks

use 'qvm-run -p -u root VMNAME xterm' from dom0 to gain root access. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d56cc9b7-282a-4a62-a2b2-e0ef29d4b4b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes 4

2017-10-12 Thread Roy Bernat
Hi

tried to download windows tool with no success . also the testing with no
success .

i have created pre define raw image and transfer as root .img  and tried
start the vm .

it always start the default vm . some one succeeded doing it ?

Roy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABqxJzERSnHmDd5r69p_QDs%3DsWmxF4zdsvVawYS1xoB%3Dcoj48g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Restart and shutdown

2017-10-12 Thread Roy Bernat
Hi all,

when restart the machine it hold and never restart its stay on shutdown and
never boot or shutdown completly .

running qubes 4 rc1 .

Roy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABqxJzHGaVHPDypwicrHz8eJuLpoyFjf4SZ13pQQW-FyxwM6Ew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Fedora minimal Installation

2017-10-12 Thread Roy Bernat
Hi All,

i just downloaded fedora minimal and according to the article i read in
order to get at firts time root access i should use su -  and than install
what i need .   when i use su - it give me password propmt .   is there any
default pass ?   or i am doing something wrong ?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABqxJzEy9uW4H9D%3DW%2BCmUVFCgie8_cN2gdMQ68vGzZT%2BRY4bRA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Turn off quiet boot?

2017-10-12 Thread David Hobach



On 10/12/2017 08:37 AM, Patrik Hagara wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/12/2017 01:42 AM, Ron Hunter-Duvar wrote:

Does anyone know how to turn off QubesOs' quiet boot (splash
screen instead of kernel messages)?

I like to see the messages during boot (and shutdown). More than
once I've caught a lurking problem (although it scrolls by fast,
those red "[ FAILED ]" messages really stand out).

I've removed the "quiet" keyword from the "kernel=" lines in
/boot/efi/EFI/qubes/xen.cfg, but that only gives me the first page
or so, and still brings up the splash screen. Pressing Esc gets me
back to the messages, but I'd like to have it stay there.

This is with EFI booting. No grub (don't even have a grub.cfg file
in /boot).

Thanks,

Ron



Removing the "rhgb" (historically "Red Hat Graphical Boot") parameter
will result in defaulting to text boot instead of plymouth splash
screen. You can still switch back and forth by pressing Esc.

The "quiet" parameter, as you found out, only affects early kernel
boot messages (before initramfs is mounted and plymouth can be started
started).


With grub you can also disable plymouth entirely by using 
plymouth.enable=0 in /etc/default/grub.


Maybe that also works with EFI.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bb1ba34-1d2d-0f39-2d3a-8e66b6682389%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature


Re: [qubes-users] Making Your Own Sys-VMs

2017-10-12 Thread '[799]' via qubes-users
Hello Sam,

>> I"ve been looking at changing all my VM templates to fedora minimal.

I've done exactly the same to reduce the footprint of running services and 
applications and to work with fedora-25 instead of the old fedora-23 templates.

>> However, I"m still having some trouble making fedora minimal templates
>> that will work for my NetVM, FirewallVM, and USBVM.

I've attached all scripts for you:
If you store those scripts in dom0 unter ~/bin you can run those scripts 
without changing to the directory, as  ~/bin is included in the PATH 
environment variable (in dom0: echo $PATH )

*** create-t-fedora-25-minimal.sh
this script will download and clone a fedora-25-minimal template.
it will install all needed packages in the template.
(the reason why I clone the template is that I like to have the original 
template untouched. The original fedora-25-minimal template will be hidden in 
Qubes Manager to get a better overview)

*** qvm-destroy
is just a helper script which will kill a VM and remove it.
I'm using qvm-destroy in my scripts so that I can run those scripts even when 
the AppVMs are in place already and I want to reinstall. With that I can 
rebuild all my sys-vms within a very short time.

*** create-my-sysvms.sh
this script will remove and then recreate the 3 sys-vms.
after this script you'll end up with running freshly installed sys-net, 
sys-firewall and sys-usb.
This scripts assumes that the first script has been run already (creation of 
fedora-minimal-template).

*** create-default-sys-vms.sh
this script will create the 3 sys-vms using the fedora-25 default image which 
is slightly bigger but might have all drivers etc. installed.
I've just used it to test out my other minimal-script :-)
So it can be used to migrate from the standard fedora-23 to fedora-25 sys-vms.

If you have any question regarding those scripts, do not hesitate
to contact me.
I am using all sys-vms based on my t-fedora-25-minimal template and they work 
fine.
If you start up the new sys-usb it might be that you get a 2nd nm-applet icon 
in the taskbar. I haven't been able to disable the start of nm-applet in 
sys-usb and as such I'm just killing the nm-applet through dom0:
I'm running this command in dom0 in a script which is executed when I login 
into qubes:

qvm-run sys-usb "killall nm-applet"

>> For the NetVM specifically, I installed the driver and software
>> that was stated on the Fedora Minimal page but it still doesn"t
>> register my wireless card.

You need to find out what your wifi card is and then install the proper driver. 
I think this was covered here in the mailinglist already.
You could look into your current sys-net (based on the original template) and 
then use lsmod to find which kernel modules are running and find the proper 
drivers - but this is something I am not that familiar with.
Someone more skilled might help you out

Just one more thing which might be usefull for your new sys-net VM if you're 
working with a WWAN/LTE-card.
I have a scripts which auto-attached my LTE card to the sys-net VM:

#!/bin/bash
# attach-wwan.sh -  connect the LTE-card to sys-net
# Description of LTE Card (it's ok to enter only a part of the description)
# to find out the description enter qvm-usb in dom0
LTECard=Lenovo_H5321_gw_
# Mount Card to sys-net
qvm-usb -a sys-net `qvm-usb | grep $LTECard | awk '{print $1}'`

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Ls3Ya50Yc2k2OehBS-IMZdt6_RuK0pcB8n54otelOKH9Mlbj2-HMN38oJ4KTzUKYwJR4lTxH4ZKVm6E6qxRzgFTtB36OwZU-guWorgQwIvs%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


create-t-fedora-25-minimal.sh
Description: application/shellscript


qvm-destroy
Description: Binary data


create-default-sys-vms.sh
Description: application/shellscript


create-my-sysvms.sh
Description: application/shellscript


Re: [qubes-users] Turn off quiet boot?

2017-10-12 Thread Patrik Hagara
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/12/2017 01:42 AM, Ron Hunter-Duvar wrote:
> Does anyone know how to turn off QubesOs' quiet boot (splash
> screen instead of kernel messages)?
> 
> I like to see the messages during boot (and shutdown). More than
> once I've caught a lurking problem (although it scrolls by fast,
> those red "[ FAILED ]" messages really stand out).
> 
> I've removed the "quiet" keyword from the "kernel=" lines in 
> /boot/efi/EFI/qubes/xen.cfg, but that only gives me the first page
> or so, and still brings up the splash screen. Pressing Esc gets me
> back to the messages, but I'd like to have it stay there.
> 
> This is with EFI booting. No grub (don't even have a grub.cfg file
> in /boot).
> 
> Thanks,
> 
> Ron
> 

Removing the "rhgb" (historically "Red Hat Graphical Boot") parameter
will result in defaulting to text boot instead of plymouth splash
screen. You can still switch back and forth by pressing Esc.

The "quiet" parameter, as you found out, only affects early kernel
boot messages (before initramfs is mounted and plymouth can be started
started).


Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZ3w3CAAoJEFwecd8DH5rl/WgP/ArFjK+cnnm5p7wstI3Nun9P
hI9fkSI6Jp5NAmYAUyf4Bcop03aWPAbmjOAGK0Ehqv4StCW0/LNKEjvM5wJ+N0u9
jUdIFFNnbfplbIpPgrH+E0xxZ3OjDhNDQ4CezdAIzYDvxVMVBSN62kl6wOxf7gja
JlqiotfSvZw2TqAWxkW2KNfRP5956c8S1X5ip9ld0DbCzwxbDzkEpv2UIZMU5IiM
v2N+HLdvrEnPSWfP9zFS6jVGYKUzqwN7FlQQv553IJUaT8ThkyDytHv0jIcI5rpp
lI78o8/mCweDXEXo/YA1Zqyjwgfs5tmRDUjXlaPyPIWqEjAIfHzVj5Amg3UK/frl
74m8Mr/bi6mQCsI4E41JEVG1PjfMEYO1yX+kacbyIcI1JnXFQimQUBb50Ku3IRUv
Q72bJzRaAX6tpUqhw7NPlZUtVHn8D4a+2emdVITaIozfWZGQCV5yZPprCgWR9wV0
aPAt+TNwPd+kQ9qEpLOeXcI1n2a2pGRTtKvUoEmJz9gIsQCDsQ1hktN0F1UUA16S
oNiCqhSN5F+T62q5fhGgQbSzCL+QDgrsEz8wHnCjeXKJn+YRWsBkg6+NvN2Y5CeE
qNNDsb67xExLjSshAE796B9LJBfdUnFA6p7IooTvP/68/uuWkP+sLkDA2k7ymsgu
POJokG+MSy1pnHLvrRbU
=E5tO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/012fe455-4797-c74b-5351-d6bb64a522d8%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature