Re: [qubes-users] minimum size for a qube image

2018-04-20 Thread Jan Hustak 

On 04/21/2018 03:44 AM, Manuel Amador (Rudd-O) wrote:

On 2018-04-16 20:50, Jan Hustak wrote:

Hello,
I'm also open to discussing the basic concept: is it worth trying to
keep, for example, Firefox and GIMP in separate qubes, or should I
just relax and use one fat TemplateVM with the union of all packages I
need?



Fat template with everything you got there, *so long as your fat
template does not have anything installed that installs systemd system
or user units that will start on boot or login*.  If you have a template
that runs some sort of package on boot or login, you can nuke it using a
systemd unit override ( in the right directory) so it
won't start.  Fedora is really good about not starting units by default
(except for SSHD, which is in fact disabled by default in Qubes templates).

Aaand then perhaps a thin template for things that could be your
service VMs.  (I'm really rooting for the MirageOS templates).


Thanks, that's another angle to consider. My original question concerned 
code simply sitting on the disk that could (somehow) be activated by an 
attacker - but it's true that a fat template may also mean a busy 
runtime with lots of code already active. I do believe the approach 
outlined by awokd works to address this issue as well.


Thanks everyone for your responses, they've really been helpful.

jh

P.S. And yes, MirageOS is cool :-)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/21befed7-4cc1-71f2-293b-883a394e6e5a%40journey.sk.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] minimum size for a qube image

2018-04-20 Thread Jan Hustak 

On 04/19/2018 10:00 AM, awokd wrote:

On Thu, April 19, 2018 5:45 am, Jan Hustak wrote:



I guess there's a cognitive aspect to it as well, not related to
security as such. I have over 2300 packages installed on my main Debian
notebook, many of them not needed anymore. Cleaning them out is a tedious
job I never get to. If I had a VM/filesystem with "only packages needed
for Project X", things would be more orderly. I don't need Qubes OS for
that, of course, but it's an issue I seek to address in addition to
security. Sorry if I'm straying off topic.


It's not off topic. I've said before I'd keep using Qubes even if it
provided no additional security over any other Linux distributions (but it
does a lot) merely for the convenience/flexibility it provides! In your
case then, you might want a workflow something like:

1- Clone one of the stock templates to create a base template with common
packages
2- Clone as needed for project X, install specific packages
3- Make Project X AppVM based on the new template
4- Delete project specific VMs when done

If you can figure out a union of common packages (hopefully less than
2300!) then you could skip step #2 some of the time and base #3 on #1.


Yes, this is exactly what I'm thinking about. It does mean having 2 VMs 
per project but that's a trivial cost.


jh

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ccd2211-8046-2113-f117-d8fd927f59e4%40journey.sk.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Small Templates

2018-04-20 Thread Manuel Amador (Rudd-O) 
On 2018-04-19 00:50, Drew White wrote:
> I don't want an insecure system that crashes every 5 seconds, so I
> want one hat has no SystemD. Until then, smaller template. 

It pisses me off whenever you post because you always post destructive /
nonconstructive nonsense such as this one post above this line (among
many).  You're using Fedora / Debian templates.  They use systemd (learn
to spell it, it isn't SystemD, that means a completely different thing
related to an economic population in Southeast Asia).  Deal with reality
or use something else.  And, quite frankly, I don't know what the fuck
is wrong with your computer -- I haven't had a system crash in months
while using Qubes OS, and I haven't had a systemd-related crash in Y E A
R S.  Literally YEARS since a systemd bug caused a kernel panic (because
that's how a systemd crash looks like, it's an init-related panic).

You, Drew, specifically you, always have complaints, but almost never
ever do you have solutions.  Most of your blame-assigning is entirely
fabricated and political.

So how about you start coding something that will replace the work
others have done, and then post it as a pull request?  Maybe if you
don't want to code, then you can plonk a good amount of cash for people
to code what you want.  But I, sure as iron, do not want you to continue
polluting and poisoning the environment with your useless complaints and
non-suggestions.  Every time I open the mailing list, you're there,
making useless comments or destructive quips.  I'm so, so turned off by
your destructive participation.

Thank you in advance for your courtesy in either stopping your posting
or contributing working code that (1) will be useful to others (2) will
be accepted either in Qubes OS or upstream (3) will be less whiny and
more constructive.

Enough!

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9ecfd21-8725-1da9-b880-ba41844294f8%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] minimum size for a qube image

2018-04-20 Thread Manuel Amador (Rudd-O) 
On 2018-04-16 20:50, Jan Hustak wrote:
> Hello,
> I'm also open to discussing the basic concept: is it worth trying to
> keep, for example, Firefox and GIMP in separate qubes, or should I
> just relax and use one fat TemplateVM with the union of all packages I
> need?
>

Fat template with everything you got there, *so long as your fat
template does not have anything installed that installs systemd system
or user units that will start on boot or login*.  If you have a template
that runs some sort of package on boot or login, you can nuke it using a
systemd unit override ( in the right directory) so it
won't start.  Fedora is really good about not starting units by default
(except for SSHD, which is in fact disabled by default in Qubes templates).

Aaand then perhaps a thin template for things that could be your
service VMs.  (I'm really rooting for the MirageOS templates).

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4cd3cd9c-23a4-9505-4c87-0852237afc13%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 on USB Not Rebooting

2018-04-20 Thread Campbell 
On Friday, April 20, 2018 at 11:01:16 AM UTC-7, Campbell wrote:
> I have a problem with a Qubes 4 installation on USB that will not boot after 
> the initial setup. It will restart after initial install, BIOS sees the drive 
> as USB Qubes, boots into the configuration loader and eventually into the OS. 
> Once there I can do everything and it all works including my Windows HVM 
> yesterday.
> 
> But what I thought was a fluke is turning into a real problem.
> USB will not boot again if I choose to shut down in the Qubes OS.
> 
> I've now tried this with 2 different size and manufacturer USB drives with 
> same results. The BIOS sees either drive as simply a USB drive (instead of 
> showing "USB Qubes") and apparently does not see the boot loader any more.
> 
> Please help!

I just now tried a Qubes 3.2 install and have the same problem. Once I restart 
after all configuration is done, it never boots again. Computer BIOS sees the 
disk but there is nothing to load, even though it rebooted successfully during 
the installation.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/744f7afb-092b-4c53-a265-3afdf050681c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Loops in Network Not Supported Error

2018-04-20 Thread jonmchenry110 
Greetings,

I am attempting to turn on networking in the sys-net VM but I keep getting an 
error that says:

ERROR: Basic Tab:
Loops in network are unsupported
Devices tab:
Got empty response from qubesd. See journalctl in dom0 for details.

I have searched all over Google and this forum and cannot find anyone having 
reported this issue.  Any help would be appreciated.  Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f81eafa0-4470-4428-9712-a294bf4c64e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread trueriver 
On Friday, 20 April 2018 22:01:56 UTC+1, Chris Laprise  wrote:

> The code that supports template re-install (and other volume-related) 
> functions was refactored late in the 4.0 pre-release cycle. Maybe this 
> should be opened as an issue.

What do you think now?

Is that -root-tmp volume a sign of a bug, if so where?

I am not confident of reproducing the bug, if indeed it is one. 

My gut feeling is that it may not enough to make a useful bugrep, but will do 
so if you or awokd think I should. 

One thought I had is how do I know f I run out of pool space - might that have 
triggered something like this or should I get an elegant warning? Certainly my 
disk space is overcommitted, with the magic of sparse files.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49225465-be7c-4399-9fa8-06b454478c60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread trueriver 
On Friday, 20 April 2018 22:01:56 UTC+1, Chris Laprise  wrote:

> Its conceivable that a bug left behind a similarly named meta-volume 
> that is now preventing a normal installation from completing. Comparing 
> the output of 'qvm-volume' with 'sudo lvs' may provide a clue if that's 
> the case.
> 


ran it again and it worked this time. Not sure why it took three re-installs 
but it is working now. 

However, after the dnf remove, sudo lvs|grep minimal showed that 
vm-fedora-26-minimal-root-tmp was still there. Nothing shown at that point by 
qvm-volume|grep minimal.

After the qubes-dom0-update that volume is still there in sudo lvs, but not 
shown in qvm-volume.

Should I lvremove it, or do I need some Qubic magic command?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27391cf1-e7e3-4b74-8c6f-d176ac792651%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ProtonMail bridge

2018-04-20 Thread chipperh61 
On Friday, April 20, 2018 at 12:41:36 PM UTC-4, Johannes Graumann wrote:
> I cannot second that. They are responsive. Not super fast, but
> competent and responsive.
> 
> Joh
> 
> On Fri, 2018-04-20 at 03:35 -0700, ThierryIT wrote:
> > What I have already done ... No answers from them ... Like their
> > support, no existent :(
> > 
> > Le vendredi 20 avril 2018 12:47:33 UTC+3, chipp...@gmail.com a
> > écrit :
> > > On Friday, April 20, 2018 at 1:50:37 AM UTC-4, ThierryIT wrote:
> > > > Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a
> > > > écrit :
> > > > > AHTON,
> > > > >   Thank you for sharing what worked for you.  My bridge was
> > > > > installed into the personal VM (Fedora-26).
> > > > >  I understand what you are suggesting, and hope to try it
> > > > > out this weekend when I slow down again.
> > > > > 
> > > > > Regards ~
> > > > 
> > > > Hi,
> > > > How did you get the Linux version of the Bridge ... Seems not to
> > > > be yet available ... Beta tester ?
> > > 
> > > 
> > > They offer a Beta version for paid subscribers I requested via
> > > E-mail, and they responded with a link to the download and
> > > installation instructions.
> > 
> >

I've received responses each time I e-mailed them, sometimes the same day, and 
a few times about 3 days later.  They have always eventually responded.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c133bf77-360c-4942-b891-ace268aa7e17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread trueriver 
On Friday, 20 April 2018 22:05:39 UTC+1, awokd  wrote:
> On Fri, April 20, 2018 8:42 pm, trueriver wrote:
> 
> >
> > No, none. Not till I try to run something.
> >
> >
> > It looks almost like it has re-installed it, it appears in the menu but
> > with no apps, just the settings.
> >
> > In settings the app pane is empty, and the refresh button greys out to
> > ''Refresh in progress' and never returns after much much longer than it
> > usually takes in a healthy domain.
> 
> Strange. Try to reboot maybe, sounds like something got confused.

Yes already tried that, several times over.

> Then, to
> confirm, you are:
> 
> sudo dnf remove qubes-template-fedora-26-minimal
> sudo qubes-dom0-update qubes-template-fedora-26-minimal

I think so. Certainly what I intended to do.
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ef7402d-8c1a-4fd0-ac8f-6d82a0a0cde9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] "How can I properly manage my system?" or "how do I use Admin API, salt and git or other versioning/distribution mechanisms together"

2018-04-20 Thread viq 
On 18-04-20 23:21:10, Marek Marczykowski-Górecki wrote:
> On Fri, Apr 20, 2018 at 10:51:38PM +0200, viq wrote:
> > On 18-04-20 13:51:50, Marek Marczykowski-Górecki wrote:
> 
> > Hm, salt has SPM[6], which I need to read a bit more about. On one
> > hand, it's a native salt tool, so possibly it could work better for
> > distributing, and more importantly updating states/formulas, but on the
> > other hand, as far as I'm aware, it doesn't currently have concept of
> > signing.
> 
> This is exactly the reason we use RPM for distribution-provided
> formulas.
> I've tried to play with SPM + some wrapper to actually download files
> (dom0 has no network), but AFAIR it was a bit crazy to do it this way -
> the only part of SPM that left could be shortened to "tar x"...

Ah, so you looked at it more than I did. Would it make sense to have
pretty much just SPM file inside the RPM, and post-install talk with SPM
to install that, or does it really bring nothing to the table?
On the other hand, RPMs don't play nice with local modifications...
 
> BTW each of our formula packages have FORMULA file, so it should be
> compatible with SPM out of the box, at least in theory.
> 
> > > See linked post[1] what changes are required. Normally I'd say, lets
> > > package it in rpm, but since qrexec policy doesn't support .d
> > > directories, it may not work that well. In many places we use salt's
> > > file.prepend to adjust policy files, so maybe use it here too? This
> > > start being quite complex:
> > > 1. Salt formula installed (via rpm?) in dom0, to configure management VM
> > > 2. Management VM running rest of salt formulas to configure other VMs
> > 
> > Yeah, this kinda follows what I was thinking. With some work (1) could
> > be available from Qubes repos ;) I guess with defaults allowing to set
> > up mgmt-global, mgmt-personal and mgmt-work, with permissions set up as
> > the names imply?
> > 
> > But, being salt-head that I am, what about templating the settings from
> > pillars? 
> 
> I think it is a good idea, but needs some better handling of pillars. We
> already have topd[13] module to maintain top.sls. If we could have
> something allowing the user to simply set pillar entry X to value Y
> (without learning yaml syntax), that would be great. Pillar modules you
> link below may be the way to go.

Hm, where are things like labels and other VM settings stored? Maybe it
would be possible to piggy-back on that? Even if code would be needed,
pillars just like top system are "just another python file" that IIRC
can even be distributed inside SPMs.
 
> > No, I'm not convinced whether one long yaml is better than
> > multitude of tiny files... But this could be another way to manage the
> > whole thing. Some examples of what it could look like are pillar
> > examples from rspamd-formula[7], salt-formula[8] and shorewall-formula[9]
> > 
> > And of course there are different ways to manage pillars than one long
> > yaml, but this is the most common way. [10] [11] [12]
> > 
> > > [1] https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
> > > [2] https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm/
> > > [3] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/
> > > [4] https://github.com/QubesOS/qubes-infrastructure/
> > > [5] https://github.com/QubesOS/qubes-mgmt-salt
> > 
> > [6] https://docs.saltstack.com/en/latest/topics/spm/index.html
> > [7] 
> > https://github.com/saltstack-formulas/rspamd-formula/blob/master/pillar.example
> > [8] 
> > https://github.com/saltstack-formulas/salt-formula/blob/master/pillar.example
> > [9] 
> > https://github.com/saltstack-formulas/shorewall-formula/blob/master/pillar.example
> > [10] https://docs.saltstack.com/en/latest/ref/pillar/all/
> > [11] https://docs.saltstack.com/en/latest/ref/sdb/all/index.html
> > [12] https://docs.saltstack.com/en/latest/ref/renderers/all/index.html
> 
> [13] https://github.com/QubesOS/qubes-mgmt-salt-base-topd/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180420214036.q7fynpyxbyjroinh%40hirauchi.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] "How can I properly manage my system?" or "how do I use Admin API, salt and git or other versioning/distribution mechanisms together"

2018-04-20 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Apr 20, 2018 at 10:51:38PM +0200, viq wrote:
> On 18-04-20 13:51:50, Marek Marczykowski-Górecki wrote:

> Hm, salt has SPM[6], which I need to read a bit more about. On one
> hand, it's a native salt tool, so possibly it could work better for
> distributing, and more importantly updating states/formulas, but on the
> other hand, as far as I'm aware, it doesn't currently have concept of
> signing.

This is exactly the reason we use RPM for distribution-provided
formulas.
I've tried to play with SPM + some wrapper to actually download files
(dom0 has no network), but AFAIR it was a bit crazy to do it this way -
the only part of SPM that left could be shortened to "tar x"...

BTW each of our formula packages have FORMULA file, so it should be
compatible with SPM out of the box, at least in theory.

> > See linked post[1] what changes are required. Normally I'd say, lets
> > package it in rpm, but since qrexec policy doesn't support .d
> > directories, it may not work that well. In many places we use salt's
> > file.prepend to adjust policy files, so maybe use it here too? This
> > start being quite complex:
> > 1. Salt formula installed (via rpm?) in dom0, to configure management VM
> > 2. Management VM running rest of salt formulas to configure other VMs
> 
> Yeah, this kinda follows what I was thinking. With some work (1) could
> be available from Qubes repos ;) I guess with defaults allowing to set
> up mgmt-global, mgmt-personal and mgmt-work, with permissions set up as
> the names imply?
> 
> But, being salt-head that I am, what about templating the settings from
> pillars? 

I think it is a good idea, but needs some better handling of pillars. We
already have topd[13] module to maintain top.sls. If we could have
something allowing the user to simply set pillar entry X to value Y
(without learning yaml syntax), that would be great. Pillar modules you
link below may be the way to go.

> No, I'm not convinced whether one long yaml is better than
> multitude of tiny files... But this could be another way to manage the
> whole thing. Some examples of what it could look like are pillar
> examples from rspamd-formula[7], salt-formula[8] and shorewall-formula[9]
> 
> And of course there are different ways to manage pillars than one long
> yaml, but this is the most common way. [10] [11] [12]
> 
> > [1] https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
> > [2] https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm/
> > [3] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/
> > [4] https://github.com/QubesOS/qubes-infrastructure/
> > [5] https://github.com/QubesOS/qubes-mgmt-salt
> 
> [6] https://docs.saltstack.com/en/latest/topics/spm/index.html
> [7] 
> https://github.com/saltstack-formulas/rspamd-formula/blob/master/pillar.example
> [8] 
> https://github.com/saltstack-formulas/salt-formula/blob/master/pillar.example
> [9] 
> https://github.com/saltstack-formulas/shorewall-formula/blob/master/pillar.example
> [10] https://docs.saltstack.com/en/latest/ref/pillar/all/
> [11] https://docs.saltstack.com/en/latest/ref/sdb/all/index.html
> [12] https://docs.saltstack.com/en/latest/ref/renderers/all/index.html

[13] https://github.com/QubesOS/qubes-mgmt-salt-base-topd/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlraWccACgkQ24/THMrX
1ywUUggAjKPrD700d9QLYD49VovSV7WSKp6d3O9YAOYtVfvpoDC4sKtGTkcF4izn
ctQLwjsJhilfeUgS/Jej7jV6MxkJCxyGjXvJQvc1zsjpdGvioSPJ89a04ChcY4S7
sg78gksUW0/yDwgV9KruYp0MVWzS4GoN8siECxZ1xJYtlYEcziJ4Bm+J+G7HNpbd
H5G37MH9R+CbLdLckdjEuBOUV4BWKB1z0X2B71PBdEIF/dguj/rvDfXmZx9GQj36
GOQVwrHsB7b3B6Rp93vc10TX1rVj8WVwwY6k0To7W3IRWFhzPyIR50tTMIzPTGYB
BAFMf9mmGl0Sc36pjk+hQBIq0YBaeg==
=XR7K
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180420212110.GJ27518%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread 'awokd' via qubes-users 
On Fri, April 20, 2018 9:10 pm, cicero wrote:
> actually after 15 minutes it actually says: "you don't have any linux
> partitions" ; enter to exit to shell,  so therefore I guess I give up and
> reinstall ?

That might be faster than trying to troubleshoot, but it would be nice to
know what happened! I'm not sure how to troubleshoot it though at this
point...


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8904088d4b3691a40fd3028375ac8111.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread cicero 

actually after 15 minutes it actually says:
"you don't have any linux partitions" ; enter to exit to shell,  so 
therefore I guess I give up and reinstall ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7067e29-404f-9a78-8610-f986da6b8e9c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] The Qubes Community Collaboration Project

2018-04-20 Thread aekez . yu 

If you prefer to jump in before reading further, then you may find the 
community at this address https://qubes-community.github.io/ from where you can 
find more information, as well as the community GitHub organization page. Feel 
free to go exploring, but keep in mind the work done so far is considered 
initial, whereas improvements and adjustments may come in the future to help 
reach the goals and vision this project has put forward.


The Qubes Community Collaboration project is an idea born with the purpose of 
providing the means to help any willing individual Qubes community members, to 
help the community as a whole. It therefore serves as a platform from which the 
community can help itself. Furthermore, a big part of the purpose behind this 
project is also to help the official Qubes developers by solving issues 
wherever it is possible to do so, primarily among the low or mid development 
priorities, whether official docs or code, which will then be quality reviewed 
by the official Qubes Staff. (Essentially how it already works, the difference 
being more people working on it together before contributing to the Qubes OS 
project. The purpose is to increase the quality and quantity of the 
contributions that the Qubes OS staff receives.) The community also serves as a 
platform to motivate and support the building of new code, scripts, docs and 
guides which are considered outside the goals of the Qubes developers, such as 
third-party Qubes features that the Qubes OS developers will not be working on. 
The community thereby acts as supplementary content contributor. Finally, we 
can also offer promotion and awareness of work done and already finished by 
other parties. Criticism and downsides will be made visible, thereby making it 
informative as well as neutral, so that users can make their own choices.


It is important to underline that the Qubes Community Collaboration project is 
unofficial and independent from the the Qubes OS project, however the purpose 
of this project is still to be supportive to the The Qubes OS project's 
intentions and goals. Therefore this project will seek to stay in tune with the 
official The Qubes OS project, even if we are unofficial and independent.


It is early days, and right now only the basic structure to allow work to be 
done by community members has been put in place. We're hoping as time goes on 
to expand the communities capabilities through work done by community 
volunteers, as well as hoping for a buildup of rich content and developments.


Everyone are welcome, but remember to stay constructive towards the intentions 
and goals of this community project. However, even the smallest contribution is 
helpful, so don't hold yourself back, feel free to join the community! So too 
can requests be made for docs, guides, scripts, and code, which may improve how 
Qubes OS is being used, for as long it stays within our purpose, as well as 
within our means and capabilities (we are purely run by volunteers, after all). 
Any feedback is also welcome!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7b3adc2-85c1-4b2b-b83f-f0e943add281%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread 'awokd' via qubes-users 
On Fri, April 20, 2018 8:42 pm, trueriver wrote:

>
> No, none. Not till I try to run something.
>
>
> It looks almost like it has re-installed it, it appears in the menu but
> with no apps, just the settings.
>
> In settings the app pane is empty, and the refresh button greys out to
> ''Refresh in progress' and never returns after much much longer than it
> usually takes in a healthy domain.

Strange. Try to reboot maybe, sounds like something got confused. Then, to
confirm, you are:

sudo dnf remove qubes-template-fedora-26-minimal
sudo qubes-dom0-update qubes-template-fedora-26-minimal

Right? That's really all it should take. If it doesn't work, I can try it
too but it might be a day or two.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a2661a7c408b3a70849812b9dd4b122.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread Chris Laprise 

On 04/20/2018 04:42 PM, trueriver wrote:





How can I sort this out?


Try the manual procedure again. Do you get any errors at any step?


No, none. Not till I try to run something.

It looks almost like it has re-installed it, it appears in the menu but with no 
apps, just the settings.

In settings the app pane is empty, and the refresh button greys out to 
''Refresh in progress' and never returns after much much longer than it usually 
takes in a healthy domain.





Why has the action=reinstall not re-created everything the VM needs?


Not sure, it should work!


OK, short of a complete re-install after backing up the domains that still 
work, what do I do now to repair this please?



The code that supports template re-install (and other volume-related) 
functions was refactored late in the 4.0 pre-release cycle. Maybe this 
should be opened as an issue.


Its conceivable that a bug left behind a similarly named meta-volume 
that is now preventing a normal installation from completing. Comparing 
the output of 'qvm-volume' with 'sudo lvs' may provide a clue if that's 
the case.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a6bac3a-add7-dfe3-df23-745a22f6d02b%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] "How can I properly manage my system?" or "how do I use Admin API, salt and git or other versioning/distribution mechanisms together"

2018-04-20 Thread viq 
On 18-04-20 13:51:50, Marek Marczykowski-Górecki wrote:
> On Thu, Apr 19, 2018 at 10:20:08PM +0200, viq wrote:
> > Salt tools give a nice way to configure system (make sure templates exist
> > with certain packages, prepare AppVMs based on them, etc). But I'd prefer
> > to edit them in a customized editor, with syntax highlighting, etc, which
> > is strongly discouraged from being put into dom0. I also feel that having
> > version control over those files is the way to go, preferably synced
> > somewhere so I can for example easily replicate this when setting up
> > another computer or reinstalling.
> > 
> > My understanding is that this is a perfect use case for new Admin API -
> > have a machine with editor and git set up to adjust salt files, and either
> > give admin permissions to that one, or use something like split-git that
> > was mentioned to pull the repo into another VM and execute there.
> 
> Yes, exactly. In theory it should be easily possible to setup management
> VM with appropriate policy (see [1]) and use salt from that VM. The
> thing you need to change is to make qvm salt module [2] working in vm,
> right now it explicitly checks if its running in dom0. Hopefully this is
> the only change you need.
> 
> But there is one thing you can't that easily do over Admin API - various
> dom0 settings. This include installing packages in dom0, editing various
> configuration files (pam? bootloader? qrexec policy?). We're working on
> the last one, but others are not solved right now. For multiple dom0
> changes you still need to run salt in dom0.
> 
> For some cases, we use rpm packages to distribute salt formulas - this
> include default setup (virtual-machines formula[3]) and our
> infrastructure[4].
> For my personal machine, I use salt in dom0 and synchronize this
> configuration using signed tarballs, manually...

 Hm, salt has SPM[6], which I need to read a bit more about. On one
 hand, it's a native salt tool, so possibly it could work better for
 distributing, and more importantly updating states/formulas, but on the
 other hand, as far as I'm aware, it doesn't currently have concept of
 signing.
 
> > Am I on the right track here? If so:
> > 1) What packages do I need on admin VM to be able to do this?
> 
> Most likely qubes-mgmt-salt-dom0-qvm[2] with its dependencies and
> probably minor changes will be enough. The dependencies include at least
> python2-qubesadmin. Oh, and qubesctl itself is in
> qubes-mgmt-salt-admin-tools[5].
> 
> > 2) Where and how should I be executing this? A quick test of running
> > qubesctl inside a VM didn't even produce logs in dom0 journal, the command
> > just complained it can't reach a daemon.
> 
> Client side of Admin API use /etc/qubes-release file to find if its
> running in dom0 (and can take a shortcut to talk directly to qubesd), or
> not. So I guess you installed package containing /etc/qubes-release,
> which normally isn't present in VM. Simply remove the file and retry.
> You should see some messages about denied admin.* qrexec calls.
> 
> > 3) What would be a good way to track and distribute necessary changes to
> > /etc/qubes-rpc/policy/ on dom0?
> 
> See linked post[1] what changes are required. Normally I'd say, lets
> package it in rpm, but since qrexec policy doesn't support .d
> directories, it may not work that well. In many places we use salt's
> file.prepend to adjust policy files, so maybe use it here too? This
> start being quite complex:
> 1. Salt formula installed (via rpm?) in dom0, to configure management VM
> 2. Management VM running rest of salt formulas to configure other VMs

Yeah, this kinda follows what I was thinking. With some work (1) could
be available from Qubes repos ;) I guess with defaults allowing to set
up mgmt-global, mgmt-personal and mgmt-work, with permissions set up as
the names imply?

But, being salt-head that I am, what about templating the settings from
pillars? No, I'm not convinced whether one long yaml is better than
multitude of tiny files... But this could be another way to manage the
whole thing. Some examples of what it could look like are pillar
examples from rspamd-formula[7], salt-formula[8] and shorewall-formula[9]

And of course there are different ways to manage pillars than one long
yaml, but this is the most common way. [10] [11] [12]

> [1] https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
> [2] https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm/
> [3] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/
> [4] https://github.com/QubesOS/qubes-infrastructure/
> [5] https://github.com/QubesOS/qubes-mgmt-salt

[6] https://docs.saltstack.com/en/latest/topics/spm/index.html
[7] 
https://github.com/saltstack-formulas/rspamd-formula/blob/master/pillar.example
[8] 
https://github.com/saltstack-formulas/salt-formula/blob/master/pillar.example
[9] 
https://github.com/saltstack-formulas/shorewall-formula/blob/master/pillar.example
[10]

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread cicero 

On 04/20/18 10:47, awokd wrote:

On Fri, April 20, 2018 8:39 pm, cicero wrote:

@ choose '1' to /mnt/sysimage,  it wants the sda2 LUKS passphrase, but
then hangs,  maybe I should  3) skip to shell  .and then ?  :) cheers


Try giving it a minute then rebooting and try again. It didn't work 100%
of the time for me either. Skip to shell won't help.




I did notice that the reason I wasn't seeing the "rescue mode" is 
because if the installation usb drive is set in the bios as UEFI mode it 
doesn't show,  just goes right to the installer just the green bar is 
there for a 2nd but not responsive ;  in regular mode the  media  *Does 
show


Maybe I am outta luck  I've tried twice with the LUKS for sda2  just 
hangs,  but  I am confused if /boot is on   sda1   why does sda2  matter 
 oh well


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a68ab69d-9171-1df2-99b1-79977513d875%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread 'awokd' via qubes-users 
On Fri, April 20, 2018 8:39 pm, cicero wrote:
> @ choose '1' to /mnt/sysimage,  it wants the sda2 LUKS passphrase, but
> then hangs,  maybe I should  3) skip to shell  .and then ?  :) cheers

Try giving it a minute then rebooting and try again. It didn't work 100%
of the time for me either. Skip to shell won't help.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9b23fc4a5a68bcbea088ab58a67f9ec.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread cicero 

in the shell
#dracut
bash: dracut: command not found

so maybe I should give up don't want to bother you

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/75cd4e12-e896-527c-746f-039a19a50f7d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread trueriver 

> 
> > How can I sort this out?
> 
> Try the manual procedure again. Do you get any errors at any step?

No, none. Not till I try to run something.

It looks almost like it has re-installed it, it appears in the menu but with no 
apps, just the settings.

In settings the app pane is empty, and the refresh button greys out to 
''Refresh in progress' and never returns after much much longer than it usually 
takes in a healthy domain.


> 
> > Why has the action=reinstall not re-created everything the VM needs?
> 
> Not sure, it should work!

OK, short of a complete re-install after backing up the domains that still 
work, what do I do now to repair this please?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9478c00-f864-42c1-87b3-f6341187b1e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread cicero 
@ choose '1' to /mnt/sysimage,  it wants the sda2 LUKS passphrase, but 
then hangs,  maybe I should  3) skip to shell  .and then ?  :) 
cheers


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a8c7ce5-813b-dc73-51cd-5a03e1c271ca%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread cicero 

please disregard, I found rescue mode  ..

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10182444-481a-7228-846f-008cdadf8465%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread cicero 

On 04/20/18 10:15, awokd wrote:

On Fri, April 20, 2018 6:06 am, john wrote:

On 04/19/18 11:36, cicero wrote:


Hello,


The system has been fine , till I did a reboot (there were some debian
and Fed Template updates but)

The last message in journalctl  says kernel: audit: type=1131
../usr/lib/systemd/systemd  hostname=? audit=?  terminal=?



dracut-initqueue timeout  etc



any help appreciated



how would I regenerate my initramfs ?

or this is what Marek said on the usergroup:  You should get your system
mounted as /mnt/sysimage or sth like that



so how do I mount /mnt/sysimage  ?


Boot in rescue mode and it will get you there. To regenerate do:


thanks for responding, don't hate me, but ? rescue mode ?  ; do you mean 
where it dumpts me to the dracut shell  or  do you mean my  Q4 installer 
USB stick, I can't seem to get it to stop from flashing past to the 
installer .. I did make a Live Fedora USB drive and have it booted 
up now, but  I am stuck at the basics about  how to "mount the system"  lol





sudo dracut -f /boot/efi/EFI/qubes/initramfs-$(uname -r).img $(uname -r)



I am really not looking forward to another reinstall of Qubes 4.0 ,
only thing I did different  is I didn't shutdown all the VMs  before doing
sudo shutdown -h now ;  as I get fatigued from   all the shutdown starts
of the VMs   I keep thinking it may stabilize  but not so far  re:
how often I have to mess with opening and closing the VMs...


That shouldn't matter. Maybe it was a recent update?


I did not dom0 updates at all lately, there were some template updates , 
but AFAIK that should not effect  booting ?








--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4f3dbc1-2c97-2977-df2e-c139475ec466%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread 'awokd' via qubes-users 
On Fri, April 20, 2018 6:50 pm, trueriver wrote:
> Hi, I have attempted to re-install the fedora-26-minimal template using
> the instructions here:
>
> https://www.qubes-os.org/doc/reinstall-template/
>
>
>
> I tried first the automated method, and when that did not work then tried
> the manual method.
>
> Question: Are these supposed to work with R 4.0 ? It says R 3.1+ and I am
> now wondering if this means ONLY R 3.n where n>1.

Should work on any version after R3.0.

> How can I sort this out?

Try the manual procedure again. Do you get any errors at any step?

> Why has the action=reinstall not re-created everything the VM needs?

Not sure, it should work!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6306b0a7f15cde587eda5378a5505a63.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread 'awokd' via qubes-users 
On Fri, April 20, 2018 6:06 am, john wrote:
> On 04/19/18 11:36, cicero wrote:
>
>> Hello,
>>
>>
>> The system has been fine , till I did a reboot (there were some debian
>> and Fed Template updates but)
>>
>> The last message in journalctl  says kernel: audit: type=1131
>> ../usr/lib/systemd/systemd  hostname=? audit=?  terminal=?
>>
>>
>>
>> dracut-initqueue timeout  etc
>>
>>
>>
>> any help appreciated
>>
>
> how would I regenerate my initramfs ?
>
> or this is what Marek said on the usergroup:  You should get your system
> mounted as /mnt/sysimage or sth like that
>
>
>
> so how do I mount /mnt/sysimage  ?

Boot in rescue mode and it will get you there. To regenerate do:

sudo dracut -f /boot/efi/EFI/qubes/initramfs-$(uname -r).img $(uname -r)

>
> I am really not looking forward to another reinstall of Qubes 4.0 ,
> only thing I did different  is I didn't shutdown all the VMs  before doing
> sudo shutdown -h now ;  as I get fatigued from   all the shutdown starts
> of the VMs   I keep thinking it may stabilize  but not so far  re:
> how often I have to mess with opening and closing the VMs...

That shouldn't matter. Maybe it was a recent update?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e09b760d05cc81b0d2d332d671d6f5b.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New installation of Qubes OS stopped booting for no reason?

2018-04-20 Thread 'awokd' via qubes-users 
On Thu, April 19, 2018 6:05 pm, billol...@gmail.com wrote:

>
> Could not boot
> /dev/mapper/qubes_dom0_root does not exist
> /dev/qubes_dome0/root does not exist
>
>
> and I'm dumped into the rescue prompt.
>
> This has repeated three times.  I tried taking out my usb mouse (which
> has caused problems in the past, though not this), but that didn't change
> anything.
>
> Is this some configuration thing, or did aliens from outer space corrupt
> my partition with their evil laptop killer ray and I need to reinstall --
> I don't mind, since I'm just playing around with Qubes, but I'd rather
> fix it...

Do you remember if you installed an update last time? Should be in
/var/log/dnf* logs if you can get to it.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3ae209a3498a87a3134dc9b978fe5e5.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Difficulty after attempted template re-install

2018-04-20 Thread trueriver 
Hi, I have attempted to re-install the fedora-26-minimal template using the 
instructions here:

https://www.qubes-os.org/doc/reinstall-template/


I tried first the automated method, and when that did not work then tried the 
manual method. 

Question: Are these supposed to work with R 4.0 ? It says R 3.1+ and I am now 
wondering if this means ONLY R 3.n where n>1.

The result now is that I cannot even open the template domain to start adding 
new software. I am in dom0 and type

qvm-run -u root fedora-26-minimal xterm

(with or without a preceding 'sudo') and the result I get is a failure message 
saying 

fedora-26-minimal: VM volume does not exist: 
/var/lib/qubes/VMtemplates/fedora-26-minimal

I know I am typing the command correctly because if I edit the command in Bash 
to take out the '-minimal' then xterm opens nicely in the fedora-26 domain

How can I sort this out?

Why has the action=reinstall not re-created everything the VM needs?


Any tips welcome...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3b0efd6-1fae-4288-839b-8ff6377738ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4 on USB Not Rebooting

2018-04-20 Thread Campbell 
I have a problem with a Qubes 4 installation on USB that will not boot after 
the initial setup. It will restart after initial install, BIOS sees the drive 
as USB Qubes, boots into the configuration loader and eventually into the OS. 
Once there I can do everything and it all works including my Windows HVM 
yesterday.

But what I thought was a fluke is turning into a real problem.
USB will not boot again if I choose to shut down in the Qubes OS.

I've now tried this with 2 different size and manufacturer USB drives with same 
results. The BIOS sees either drive as simply a USB drive (instead of showing 
"USB Qubes") and apparently does not see the boot loader any more.

Please help!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/092281bd-1055-4e76-90e5-82fd2f4d31ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 on USB Drive Windows Install Problems

2018-04-20 Thread Campbell 
On Thursday, April 19, 2018 at 9:01:01 AM UTC-7, awokd wrote:
> On Thu, April 19, 2018 3:27 pm, Campbell wrote:
> > Newbie to Qubes, trying it on 64GB USB drive. Installs fine, boots fine.
> > Qubes 4 runs nice on the external USB drive.
> > I've read documentation for days now, and have searched on this mail
> > group.
> >
> > I am trying to set up a Windows VM and following the instructions in the
> > Documentation, having some problems.
> 
> Check out taradiddles' pending documentation update
> (https://github.com/taradiddles/qubes-doc/blob/eec2893b2bf58206a6c18857f43eb854bc27af22/managing-os/windows/windows-vm.md)
> 
> > I need to figure out how to dd my Windows CD to an ISO but I figure I can
> > look that one up. Any help is appreciated. I don't know if Qubes installed
> > on the USB has all the features as full install on HDD.
> 
> Should have all the same features if you managed to get it to boot!

Those instructions worked great for me. Thanks! Now I just need to figure out 
why on subsequent reboots my Qubes 4 USB will not boot, tried it on two 
different machines. BIOS sees the USB but will not boot it. I'm trying a 
different USB now and will post an update.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66afbcee-5bcf-493b-9d88-bde4027e4261%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Cant create Windows App VM based on a template

2018-04-20 Thread galthop 
I'm using Qubes 4 and have created a Windows template VM with windows 7. I've 
installed all the updates and Qubes windows tools which has made a separate 
private 'disk' for the user settings/files. This all works fine.

I now want to make an AppVM based on my template. When I do this, the AppVM 
does not have a private disk so does not have the user profile/desktop, etc.

I dont know what has gone wrong. I'd appreciate any help.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88cb2103-5194-4f83-9cf1-7219145015b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ProtonMail bridge

2018-04-20 Thread Johannes Graumann 
I cannot second that. They are responsive. Not super fast, but
competent and responsive.

Joh

On Fri, 2018-04-20 at 03:35 -0700, ThierryIT wrote:
> What I have already done ... No answers from them ... Like their
> support, no existent :(
> 
> Le vendredi 20 avril 2018 12:47:33 UTC+3, chipp...@gmail.com a
> écrit :
> > On Friday, April 20, 2018 at 1:50:37 AM UTC-4, ThierryIT wrote:
> > > Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a
> > > écrit :
> > > > AHTON,
> > > >   Thank you for sharing what worked for you.  My bridge was
> > > > installed into the personal VM (Fedora-26).
> > > >  I understand what you are suggesting, and hope to try it
> > > > out this weekend when I slow down again.
> > > > 
> > > > Regards ~
> > > 
> > > Hi,
> > > How did you get the Linux version of the Bridge ... Seems not to
> > > be yet available ... Beta tester ?
> > 
> > 
> > They offer a Beta version for paid subscribers I requested via
> > E-mail, and they responded with a link to the download and
> > installation instructions.
> 
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c5ef3f43b90a91a419c4bb34a2bd71fbb349b26.camel%40graumannschaft.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-20 Thread cicero 

On 04/20/18 04:58, Chris Laprise wrote:
Since there's no connection information in the template -- only the VPN 
scripts & the OS are there -- templates don't affect configuration 
issues like different locations. In any case, you have a proxyVM which 
contains configurations for the connections to various sites, but each 
proxyVM connects to only one VPN remote site at a time. So to have two 
AppVMs routed through two different VPN sites, you need two proxyVMs 
(one for each AppVM).


hmm, so I guess by installing the script in the Template(cloned), it 
would save me from having to re-run the script in the AppProxyVMs, 
that's it ?


But, if I'm just cloning the Original AppProxyVMs , to make a 2nd 
geolocation,  doesn't seem like  saves me any work  by  not having to 
re-run the script, as it is already in the cloned AppProxyVM  ?


Do I have this correct?


But, sometime in the future, a possible newer version will only run in a 
Template, but then the rest is about the same on configuration, ( a 
separate AppProxyVM for each location wanted , unless one wanted to 
manually change the symlink to change locations ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ea799d9-7554-78dd-d3a9-3ba259aaad96%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-20 Thread Chris Laprise 

On 04/20/2018 10:04 AM, cicero wrote:

On 04/20/18 03:12, Chris Laprise wrote:

On 04/20/2018 02:03 AM, cicero wrote:

On 04/19/18 14:04, Chris Laprise wrote:

On 04/19/2018 07:26 PM, john wrote:
I installed this in a App/proxy 4.0 VM,  as I am familiar with the 
3.2 CLI  VPN creation.


I don't really understand how installing it in a Template or The 
Template(not cloning it 1st)  would allow me to swich between 
geolocations ...


So, I used the AppVM,  then I simply  cloned the 1st one created 
with the script and went into the PIA config file area and did 
rm -f ln -s  to the network manager thing.


and then recreated the ln -s  to a new config file,  which works , 
and Even  wakes up  from  suspend  (where in 3.2 it never did) ; 
However,


If the AppVM using one of the VPN-foo as a netvm,  and it is 
started, and I want to switch to another VPN-foo1  it doesn't work 
on the fly, I have to go and qvm-shutdown the  AppVM and open it 
again,  which is a big pain.    I am often running out of RAM, and 
so try to just use one App-proxy-vpnVM , however ,


is this the expected behavior  no switching vpn appvms on the fly ?


IIRC this is a bug in the versions of Linux kernel that Qubes 4.0 
uses. There is an issue but I can't locate it at the moment.



So, I guess I'll learn to live with it , and try not to change VPNs 
buy buying some more expensive RAM :)


But, I'm curious , If I install the  new script in the Template/s  , 
how would I switch  VPN locations?


Or would every AppVM based on that Template be locked into whatever 
geolocation's config file was symlinked to ?


Templates don't affect your ability to set a custom location script. 
This is because the link that points from qtunnel.conf to any 
particular config is stored in each proxyVM under /rw/config/qtunnel.


You can of course do one proxyVM setup, then clone it and change the 
link in each clone.


BTW, thanks for trying it out!

Chris, what I'm trying to say is, if it is recommended to install it in 
the Template or a cloned Template ; how then do I change the geolocation 
to two different locations, one for each of , say, two AppVMs ?


Since there's no connection information in the template -- only the VPN 
scripts & the OS are there -- templates don't affect configuration 
issues like different locations. In any case, you have a proxyVM which 
contains configurations for the connections to various sites, but each 
proxyVM connects to only one VPN remote site at a time. So to have two 
AppVMs routed through two different VPN sites, you need two proxyVMs 
(one for each AppVM).


This is not an absolute rule BTW. Its just how our current tools are 
most logically and safely configured. Conceivably you could rig a single 
proxyVM to safely handle more than one VPN connection.




I could create symlinks in /rw/config/qtunnel?   in the AppVMs  ?  or


I understand that if this is integrated later, then I probably need to 
learn to use it in the Template now, to avoid more issues down the road, 
I don't really like cloning the Template too much, as Qubes, is already 
a challenge in its complexity


To clarify...

Cloning the template is recommended because the VPN software is still 
being tested. Its just a way to backup in case something in the modified 
template gets damaged.


Cloning a proxyVM is a quick way to make additional VPN VMs that can 
connect to different VPN sites.





eg: my current dracut emergency shell situation PS: seems I had an old 
Q3.2 in an enclosure, I was going to reformat but hadn't yet, and during 
a reboot it was in the USB drive, and this seems to have caused  Q4.0 in 
efi installation  to dump  it's  init   to boot  ; so do I go make a 
fedora live usb drive and try to mount and save it ?   and lose all the 
configuration and restoring of 3.2 VMs   or just reinstall Q4.0?


Boot issues aren't my strong suit, but this sounds serious enough to 
start a separate thread for it.





I have read some folks on here , whom when trying to go back to Q3.2 are 
having big issues, I don't really understand how efi works,  my UEFI 
still  says  Qubes 3.1 for some reason (I think there are some 
gymnastics to try to get the EFI to update it's names but fear I'll lose 
the windows 10 install on the 2nd HD,  etc etc .



Strangely windows 10 "just works", but I digress .




--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d77cce73-dcd9-d9fc-8c11-b21589a5a6d9%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: R4.0 rc4: Devices and VM tray icons disappeared

2018-04-20 Thread 'Антон Чехов' via qubes-users 
On Friday, April 20, 2018 at 1:38:36 AM UTC+2, cooloutac wrote:
> On Thursday, April 19, 2018 at 6:38:57 AM UTC-4, Антон Чехов wrote:
> > On Thursday, April 19, 2018 at 12:27:25 PM UTC+2, cooloutac wrote:
> > > On Thursday, April 19, 2018 at 6:19:45 AM UTC-4, Антон Чехов wrote:
> > > > On Saturday, February 17, 2018 at 1:06:16 AM UTC+1, Daniel Moerner 
> > > > wrote:
> > > > > On Friday, February 16, 2018 at 6:48:22 PM UTC-5, Daniel Moerner 
> > > > > wrote:
> > > > > > Hi all,
> > > > > > 
> > > > > > After a recent reboot, the devices and VM tray icons no longer are 
> > > > > > appearing on boot in Xfce. I have no idea what might have caused 
> > > > > > this. There were no dom0 updates in the meantime. If I try to 
> > > > > > manually run them, e.g., python3 -mqui.tray.devices, I get the 
> > > > > > following:
> > > > > > 
> > > > > > ERROR:dbus.proxies.Introspect error on 
> > > > > > org.qubes.DomainManager1:/org/qubes/DomainManager1: 
> > > > > > dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: 
> > > > > > Message recipient disconnected from message bus without replying
> > > > > > 
> > > > > > Followed by a backtrace, the relevant part appears to be:
> > > > > > File "/usr/lib/python3.5/site-packages/qui/tray/devices.py", line 
> > > > > > 22, in 
> > > > > >DOMAINS = qui.models.qubes.DomainManager()
> > > > > > 
> > > > > > Any advice would be appreciated, since with no icons, I'm also not 
> > > > > > appearing to get notifications for devices and VM actions.
> > > > > > 
> > > > > > Best,
> > > > > > Daniel
> > > > > 
> > > > > Interesting discovery: this problem arose as a result of setting 
> > > > > qrexec_timeout on an arbitrary VM to a value larger than an INT32. So 
> > > > > the moral of the story: Don't try to set qrexec_timeout too high!
> > > > > 
> > > > > Daniel
> > > > 
> > > > Hello,
> > > > 
> > > > I am experiencing the same problem with the final version of 4.0 but I 
> > > > did not change a setting of qrexec_timeout. The device tray icon 
> > > > disappeared suddenly.
> > > > 
> > > > I am getting tons of "GTK error" when trying to run manually via 
> > > > "python3 -mqui.tray.devices"?
> > > > 
> > > > So far I haven't been able to get the devices tray appear again but I 
> > > > can attach devices via command line.
> > > > 
> > > > Anyone having the same problem?
> > > 
> > > no,  weird.  have you tried to use qubes-manager at all?
> > 
> > Do you mean the VM manager? If so, yes! It does work with a lot of bugs 
> > like a lot of people reported already. I don't see all apps in the VM 
> > manager and the lights indicating a working app do only appear or disappear 
> > when clicking an app. Sometimes I forget an app is still running.
> > VPN apps I created don't appear in the VM manager at all, so I do need to 
> > use CLI.
> > 
> > Having a working devices tray icon would be nice, though.
> 
> ya hope they fix that issue soon.  What I do is keep hitting the green 
> refresh icon on top to refresh the manager to see the current vm states.  For 
> some reason it doesn't refresh on its own.   Weird that custom appvms you 
> create don't appear in the manager.
> 
> Have you made alot of customizations in dom0?

None at all!
I tried using Qubes 4 before the final release but had problems during install. 
The final version worked flawlessly. I did not want to import any VMs from 3.2 
because I had problems before and I wanted to do a clean install with 
everything built in Qubes 4. 
So far I can't complain. The problems I am having are all of minor importance. 
I had some problems with localization and keyboard, and problems with icons and 
the VM manager. All in all the system is working fine but I prefer working with 
3.2 in the meantime. The icons and the look is really great. I hope that Qubes 
4 will get there eventually.

I am using a Lenovo T420 with 16GB and stock BIOS. I am planning on using 
coreboot sometime in the future.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d1ce1cc1-cf5f-4e8a-a5e2-f60b13f7eb21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ProtonMail bridge

2018-04-20 Thread 'Антон Чехов' via qubes-users 
On Friday, April 20, 2018 at 4:24:50 PM UTC+2, Антон Чехов wrote:
> On Friday, April 20, 2018 at 7:50:37 AM UTC+2, ThierryIT wrote:
> > Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a écrit :
> > > AHTON,
> > >   Thank you for sharing what worked for you.  My bridge was installed 
> > > into the personal VM (Fedora-26).
> > >  I understand what you are suggesting, and hope to try it out this 
> > > weekend when I slow down again.
> > > 
> > > Regards ~
> > 
> > Hi,
> > How did you get the Linux version of the Bridge ... Seems not to be yet 
> > available ... Beta tester ?
> 
> Did you write to "bri...@protonmail.ch"?
> I wrote to them at the end of february and I got an answer 5 days later. I 
> didn't have much correspondence but I always got an answer. If you're a paid 
> customer I'd try again.

I meant "paying customer". Paid would be nice! Haha

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/571f3b03-aacb-4c55-bbd2-bd9127a9e704%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ProtonMail bridge

2018-04-20 Thread 'Антон Чехов' via qubes-users 
On Friday, April 20, 2018 at 7:50:37 AM UTC+2, ThierryIT wrote:
> Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a écrit :
> > AHTON,
> >   Thank you for sharing what worked for you.  My bridge was installed 
> > into the personal VM (Fedora-26).
> >  I understand what you are suggesting, and hope to try it out this 
> > weekend when I slow down again.
> > 
> > Regards ~
> 
> Hi,
> How did you get the Linux version of the Bridge ... Seems not to be yet 
> available ... Beta tester ?

Did you write to "bri...@protonmail.ch"?
I wrote to them at the end of february and I got an answer 5 days later. I 
didn't have much correspondence but I always got an answer. If you're a paid 
customer I'd try again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7acbc571-1092-4859-b9c4-d91b38c781e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-20 Thread cicero 

On 04/20/18 03:12, Chris Laprise wrote:

On 04/20/2018 02:03 AM, cicero wrote:

On 04/19/18 14:04, Chris Laprise wrote:

On 04/19/2018 07:26 PM, john wrote:
I installed this in a App/proxy 4.0 VM,  as I am familiar with the 
3.2 CLI  VPN creation.


I don't really understand how installing it in a Template or The 
Template(not cloning it 1st)  would allow me to swich between 
geolocations ...


So, I used the AppVM,  then I simply  cloned the 1st one created 
with the script and went into the PIA config file area and did 
rm -f ln -s  to the network manager thing.


and then recreated the ln -s  to a new config file,  which works , 
and Even  wakes up  from  suspend  (where in 3.2 it never did) ; 
However,


If the AppVM using one of the VPN-foo as a netvm,  and it is 
started, and I want to switch to another VPN-foo1  it doesn't work 
on the fly, I have to go and qvm-shutdown the  AppVM and open it 
again,  which is a big pain.    I am often running out of RAM, and 
so try to just use one App-proxy-vpnVM , however ,


is this the expected behavior  no switching vpn appvms on the fly ?


IIRC this is a bug in the versions of Linux kernel that Qubes 4.0 
uses. There is an issue but I can't locate it at the moment.



So, I guess I'll learn to live with it , and try not to change VPNs 
buy buying some more expensive RAM :)


But, I'm curious , If I install the  new script in the Template/s  , 
how would I switch  VPN locations?


Or would every AppVM based on that Template be locked into whatever 
geolocation's config file was symlinked to ?


Templates don't affect your ability to set a custom location script. 
This is because the link that points from qtunnel.conf to any particular 
config is stored in each proxyVM under /rw/config/qtunnel.


You can of course do one proxyVM setup, then clone it and change the 
link in each clone.


BTW, thanks for trying it out!

Chris, what I'm trying to say is, if it is recommended to install it in 
the Template or a cloned Template ; how then do I change the geolocation 
to two different locations, one for each of , say, two AppVMs ?


I could create symlinks in /rw/config/qtunnel?   in the AppVMs  ?  or


I understand that if this is integrated later, then I probably need to 
learn to use it in the Template now, to avoid more issues down the road, 
I don't really like cloning the Template too much, as Qubes, is already 
a challenge in its complexity



eg: my current dracut emergency shell situation PS: seems I had an old 
Q3.2 in an enclosure, I was going to reformat but hadn't yet, and during 
a reboot it was in the USB drive, and this seems to have caused  Q4.0 in 
efi installation  to dump  it's  init   to boot  ; so do I go make a 
fedora live usb drive and try to mount and save it ?   and lose all the 
configuration and restoring of 3.2 VMs   or just reinstall Q4.0?



I have read some folks on here , whom when trying to go back to Q3.2 are 
having big issues, I don't really understand how efi works,  my UEFI 
still  says  Qubes 3.1 for some reason (I think there are some 
gymnastics to try to get the EFI to update it's names but fear I'll lose 
the windows 10 install on the 2nd HD,  etc etc .



Strangely windows 10 "just works", but I digress .

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31ebb291-809a-6267-64af-1771e5f7aaa6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Multi-update tool for Qubes 4.0 released

2018-04-20 Thread Chris Laprise 
This script has a number of options for selecting templates and 
standalone VMs and it can update them all in a single run...


Link - https://github.com/tasket/Qubes-scripts

Enjoy!

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41b25408-96a1-7ce9-fbc0-c5d6e310ba97%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-20 Thread Chris Laprise 

On 04/20/2018 02:03 AM, cicero wrote:

On 04/19/18 14:04, Chris Laprise wrote:

On 04/19/2018 07:26 PM, john wrote:
I installed this in a App/proxy 4.0 VM,  as I am familiar with the 
3.2 CLI  VPN creation.


I don't really understand how installing it in a Template or The 
Template(not cloning it 1st)  would allow me to swich between 
geolocations ...


So, I used the AppVM,  then I simply  cloned the 1st one created with 
the script and went into the PIA config file area and did rm -f 
ln -s  to the network manager thing.


and then recreated the ln -s  to a new config file,  which works , 
and Even  wakes up  from  suspend  (where in 3.2 it never did) ;  
However,


If the AppVM using one of the VPN-foo as a netvm,  and it is started, 
and I want to switch to another VPN-foo1  it doesn't work on the fly, 
I have to go and qvm-shutdown the  AppVM and open it again,  which is 
a big pain.    I am often running out of RAM, and so try to just use 
one App-proxy-vpnVM , however ,


is this the expected behavior  no switching vpn appvms on the fly ?


IIRC this is a bug in the versions of Linux kernel that Qubes 4.0 
uses. There is an issue but I can't locate it at the moment.



So, I guess I'll learn to live with it , and try not to change VPNs buy 
buying some more expensive RAM :)


But, I'm curious , If I install the  new script in the Template/s  , how 
would I switch  VPN locations?


Or would every AppVM based on that Template be locked into whatever 
geolocation's config file was symlinked to ?


Templates don't affect your ability to set a custom location script. 
This is because the link that points from qtunnel.conf to any particular 
config is stored in each proxyVM under /rw/config/qtunnel.


You can of course do one proxyVM setup, then clone it and change the 
link in each clone.


BTW, thanks for trying it out!

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/52bbd116-5ccd-78a7-3423-b6952b2007c6%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB Device Question

2018-04-20 Thread Stuart Perkins 


On Thu, 19 Apr 2018 22:14:08 +0300
Ivan Mitev  wrote:

>On 04/19/2018 08:39 PM, Stuart Perkins wrote:
>> PITA.  I used to be able to mount this very phone as a USB drive and RSYNC 
>> it for backup.  I can still drag and drop with the file manager, but I have 
>> to take the whole thing every time and can't just maintain an up-to-date 
>> copy with rsync.  
>> 
>> not all change is progress.  :/  
>
>maybe you'll have better luck with simple-mtpfs
>
>from the package's info:
>
>SIMPLE-MTPFS (Simple Media Transfer Protocol FileSystem) is a file
>system for Linux (and other operating systems with a FUSE
>implementation, such as Mac OS X or FreeBSD) capable of operating on
>files on MTP devices attached via USB to local machine. On the local
>computer where the SIMPLE-MTPFS is mounted, the implementation makes use
>of the FUSE (Filesystem in Userspace) kernel module. The practical
>effect of this is that the end user can seamlessly interact with MTP
>device files.
>
I had forgotten about "go-mtpfs" in the Debian repositories...it does the job.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180420082835.07fa65a2%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

2018-04-20 Thread David Hobach 



On 04/20/2018 12:21 PM, River~~ wrote:

correction where I said



My assumption is that the time is explained by the fact that it is not
only booting the physical machine but also the various CMs that are tagged
to be started at bootup.



I meant VMs, not CMs



correction where I said


My assumption is that the time is explained by the fact that it is
not only booting the physical machine but also the various CMs that
are tagged to be started at bootup. 



I meant VMs, not CMs


Yes, it tends to be 7s for normal booting with SSD and 30s+ for the VMs 
- that's normal. There is a feature request [1] out there to get the VMs 
started after X instead of before. So that might change in the future.


[1] https://github.com/QubesOS/qubes-issues/issues/3149

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78ab7eae-1279-0bb0-af0d-6d4321127c9c%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qubes-users] "How can I properly manage my system?" or "how do I use Admin API, salt and git or other versioning/distribution mechanisms together"

2018-04-20 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Apr 19, 2018 at 10:20:08PM +0200, viq wrote:
> Salt tools give a nice way to configure system (make sure templates exist
> with certain packages, prepare AppVMs based on them, etc). But I'd prefer
> to edit them in a customized editor, with syntax highlighting, etc, which
> is strongly discouraged from being put into dom0. I also feel that having
> version control over those files is the way to go, preferably synced
> somewhere so I can for example easily replicate this when setting up
> another computer or reinstalling.
> 
> My understanding is that this is a perfect use case for new Admin API -
> have a machine with editor and git set up to adjust salt files, and either
> give admin permissions to that one, or use something like split-git that
> was mentioned to pull the repo into another VM and execute there.

Yes, exactly. In theory it should be easily possible to setup management
VM with appropriate policy (see [1]) and use salt from that VM. The
thing you need to change is to make qvm salt module [2] working in vm,
right now it explicitly checks if its running in dom0. Hopefully this is
the only change you need.

But there is one thing you can't that easily do over Admin API - various
dom0 settings. This include installing packages in dom0, editing various
configuration files (pam? bootloader? qrexec policy?). We're working on
the last one, but others are not solved right now. For multiple dom0
changes you still need to run salt in dom0.

For some cases, we use rpm packages to distribute salt formulas - this
include default setup (virtual-machines formula[3]) and our
infrastructure[4].
For my personal machine, I use salt in dom0 and synchronize this
configuration using signed tarballs, manually...

> Am I on the right track here? If so:
> 1) What packages do I need on admin VM to be able to do this?

Most likely qubes-mgmt-salt-dom0-qvm[2] with its dependencies and
probably minor changes will be enough. The dependencies include at least
python2-qubesadmin. Oh, and qubesctl itself is in
qubes-mgmt-salt-admin-tools[5].

> 2) Where and how should I be executing this? A quick test of running
> qubesctl inside a VM didn't even produce logs in dom0 journal, the command
> just complained it can't reach a daemon.

Client side of Admin API use /etc/qubes-release file to find if its
running in dom0 (and can take a shortcut to talk directly to qubesd), or
not. So I guess you installed package containing /etc/qubes-release,
which normally isn't present in VM. Simply remove the file and retry.
You should see some messages about denied admin.* qrexec calls.

> 3) What would be a good way to track and distribute necessary changes to
> /etc/qubes-rpc/policy/ on dom0?

See linked post[1] what changes are required. Normally I'd say, lets
package it in rpm, but since qrexec policy doesn't support .d
directories, it may not work that well. In many places we use salt's
file.prepend to adjust policy files, so maybe use it here too? This
start being quite complex:
1. Salt formula installed (via rpm?) in dom0, to configure management VM
2. Management VM running rest of salt formulas to configure other VMs

[1] https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
[2] https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm/
[3] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/
[4] https://github.com/QubesOS/qubes-infrastructure/
[5] https://github.com/QubesOS/qubes-mgmt-salt

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlrZ1FcACgkQ24/THMrX
1yzccAf/bInV6KALR82K9mt0yHYrE4N1IlHLyoaBmBi1QyNX/rqY+6/NInKl7Sit
VWpp4HBXcZBcqH9u0j9G1cJBQX3XrN84BLWLFJcRYUNRJkcqWH/DnOusDGuhCdvs
XC8sbwHtkRIueUFgMNpBSyWgyy8GjjSIoQItE7JxGkHMin5AGiNxlNZVY+TuFxV+
B59goJIjzuuUXZTXgkzasXeSLBUKVLUPKMOrgt6Jw1REV6WGwrl6ZDG3T4h7kGBY
zldTYhnxFbiBVX0GWVwGqSfEWjYJxX1/Yh5yNv7TTcZGQFFfBLex8MvMVwE/DEYq
kJ4qiQsj2iGVgFnNchQVB/KFz8eCbg==
=uBDd
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180420115150.GC2275%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Strange 3.2 Multi-monitor woes? PCI device does not exist?

2018-04-20 Thread 'awokd' via qubes-users 
On Thu, April 19, 2018 3:35 pm, Stumpy wrote:
> On 2018-04-19 13:49, awokd wrote:

>>
>> Xen might not support what you're trying to do. Can you replace the
>> primary graphics card with one with more ports that can drive the amount
>> of monitors you want?
>>
>
> doh, I hope it can. When you say might not support, are you referring to 4
> monitors or 4 monitors spread out across 2 gfx ... devices?

I meant dual, active gfx cards. Unfortunately, it's not a very common
setup so I'm not sure what bugs you might hit...


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d14fdc8d907c5c5cd18fde9df22caa7f.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 'How can I properly manage my system?' or 'how do I use Admin API, salt and git or other versioning/distribution mechanisms together'

2018-04-20 Thread 'awokd' via qubes-users 
On Thu, April 19, 2018 8:20 pm, viq wrote:

> My understanding is that this is a perfect use case for new Admin API -
> have a machine with editor and git set up to adjust salt files, and either
>  give admin permissions to that one, or use something like split-git that
>  was mentioned to pull the repo into another VM and execute there.

You might try this question over on qubes-devel, not sure these
technologies are quite at user-friendly stage yet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e471bf109ac331cf9fd5316f023a8fbb.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ProtonMail bridge

2018-04-20 Thread charly LEMMINKÄINEN 
You don't have any error message when launching it in a terminal ?

Obtenez Outlook pour iOS

From: qubes-users@googlegroups.com  on behalf of 
ThierryIT 
Sent: Friday, April 20, 2018 12:35:56 PM
To: qubes-users
Subject: [qubes-users] Re: ProtonMail bridge

What I have already done ... No answers from them ... Like their support, no 
existent :(

Le vendredi 20 avril 2018 12:47:33 UTC+3, chipp...@gmail.com a écrit :
> On Friday, April 20, 2018 at 1:50:37 AM UTC-4, ThierryIT wrote:
> > Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a écrit :
> > > AHTON,
> > >   Thank you for sharing what worked for you.  My bridge was installed 
> > > into the personal VM (Fedora-26).
> > >  I understand what you are suggesting, and hope to try it out this 
> > > weekend when I slow down again.
> > >
> > > Regards ~
> >
> > Hi,
> > How did you get the Linux version of the Bridge ... Seems not to be yet 
> > available ... Beta tester ?
>
>
> They offer a Beta version for paid subscribers I requested via E-mail, 
> and they responded with a link to the download and installation instructions.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/879a30d1-f4eb-42c9-b598-7678bf6ee7c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/AM5P190MB03378957EBF462EF3B77B848ABB40%40AM5P190MB0337.EURP190.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ProtonMail bridge

2018-04-20 Thread ThierryIT 
What I have already done ... No answers from them ... Like their support, no 
existent :(

Le vendredi 20 avril 2018 12:47:33 UTC+3, chipp...@gmail.com a écrit :
> On Friday, April 20, 2018 at 1:50:37 AM UTC-4, ThierryIT wrote:
> > Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a écrit :
> > > AHTON,
> > >   Thank you for sharing what worked for you.  My bridge was installed 
> > > into the personal VM (Fedora-26).
> > >  I understand what you are suggesting, and hope to try it out this 
> > > weekend when I slow down again.
> > > 
> > > Regards ~
> > 
> > Hi,
> > How did you get the Linux version of the Bridge ... Seems not to be yet 
> > available ... Beta tester ?
> 
> 
> They offer a Beta version for paid subscribers I requested via E-mail, 
> and they responded with a link to the download and installation instructions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/879a30d1-f4eb-42c9-b598-7678bf6ee7c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

2018-04-20 Thread River~~ 
correction where I said

>
> My assumption is that the time is explained by the fact that it is not
> only booting the physical machine but also the various CMs that are tagged
> to be started at bootup.
>

I meant VMs, not CMs

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAK3jUKoxR9ct5FE4U1UqsZsCWtNVBSw0aubo6wSTNZ2KFQcKEw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ProtonMail bridge

2018-04-20 Thread chipperh61 
On Friday, April 20, 2018 at 1:50:37 AM UTC-4, ThierryIT wrote:
> Le vendredi 20 avril 2018 00:25:43 UTC+3, chipp...@gmail.com a écrit :
> > AHTON,
> >   Thank you for sharing what worked for you.  My bridge was installed 
> > into the personal VM (Fedora-26).
> >  I understand what you are suggesting, and hope to try it out this 
> > weekend when I slow down again.
> > 
> > Regards ~
> 
> Hi,
> How did you get the Linux version of the Bridge ... Seems not to be yet 
> available ... Beta tester ?


They offer a Beta version for paid subscribers I requested via E-mail, and 
they responded with a link to the download and installation instructions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbb336a3-493c-49aa-ac9f-136404ef2790%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

2018-04-20 Thread River~~ 
 wrote:

> On Tuesday, April 10, 2018 at ...


 One question I have is regarding boot time for 4.0.  Is it several minutes
> long for you on coreboot/Qubes 4.0?


It is what I am seeing. Is this significantly longer than for Qubes 3.2? (I
am new here and  never used 3.2)

My assumption is that the time is explained by the fact that it is not only
booting the physical machine but also the various CMs that are tagged to be
started at bootup.

I also get a Failed to Load Kernel Modules message early on


Yes, I see this as the first line after the four Tuxes appear.

I think the message is slightly different - from memory it is

Failed to Start Load Kernel Modules



>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAK3jUKorcGAefCFefr%2B4bvpgKqrwfZgEkoxByEzPxrYcVMXfCw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 ISO..

2018-04-20 Thread Foppe de Haan 
On Friday, April 20, 2018 at 2:14:38 AM UTC+2, Drew White wrote:
> On Thursday, 19 April 2018 18:35:12 UTC+10, Foppe de Haan  wrote:
> > On Thursday, April 19, 2018 at 3:42:18 AM UTC+2, Drew White wrote:
> > > Hi folks,
> > > 
> > > Is there anywhere I can find out what the Qubes 4 ISO contains to install?
> > > Are there any minimal install versions?
> > 
> > Hi Drew,
> > 
> > basically the same elements as the r3.2 installer contained. No, there is 
> > no minimal installer.
> 
> I just figured there may be someone that built Qubes using the minimal 
> templates, and not the large templates, or similar. Without all the bloatware 
> that Qubes has in the systems.

good luck with that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8650528-d941-4a56-bbad-dadadc7dcab7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Tester needed: AMD CPU Microcode update

2018-04-20 Thread David Hobach 

Dear users,

the project currently requires a tester for 
https://github.com/QubesOS/qubes-issues/issues/3703
(see the comment by marmarek 
https://github.com/QubesOS/qubes-issues/issues/3703#issuecomment-381369180)


It would be really nice if someone could help out.

Thanks & KR
David

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d9a7061-6cfd-1c17-bd3a-82cbbf0c56e9%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] Re: Unable to boot Q4.0 Dracut Emergency Shell /dev/qubes_dom0/root does not exist etc

2018-04-20 Thread john 

On 04/19/18 11:36, cicero wrote:

Hello,

The system has been fine , till I did a reboot (there were some debian 
and Fed Template updates but)


The last message in journalctl  says kernel: audit: type=1131 
../usr/lib/systemd/systemd  hostname=? audit=?  terminal=?



dracut-initqueue timeout  etc



any help appreciated



how would I regenerate my initramfs ?

or this is what Marek said on the usergroup:  You should get your system 
mounted as

/mnt/sysimage or sth like that


so how do I mount /mnt/sysimage  ?







I am really not looking forward to another reinstall of Qubes 4.0 , 
only thing I did different  is I didn't shutdown all the VMs  before 
doing  sudo shutdown -h now ;  as I get fatigued from   all the 
shutdown starts  of the VMs   I keep thinking it may stabilize  but 
not so far  re:  how often I have to mess with opening and closing the 
VMs...


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/140445a9-2d61-54d4-fb7e-95e05622dbec%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-20 Thread cicero 

On 04/19/18 14:04, Chris Laprise wrote:

On 04/19/2018 07:26 PM, john wrote:
I installed this in a App/proxy 4.0 VM,  as I am familiar with the 3.2 
CLI  VPN creation.


I don't really understand how installing it in a Template or The 
Template(not cloning it 1st)  would allow me to swich between 
geolocations ...


So, I used the AppVM,  then I simply  cloned the 1st one created with 
the script and went into the PIA config file area and did rm -f ln 
-s  to the network manager thing.


and then recreated the ln -s  to a new config file,  which works , and 
Even  wakes up  from  suspend  (where in 3.2 it never did) ;  However,


If the AppVM using one of the VPN-foo as a netvm,  and it is started, 
and I want to switch to another VPN-foo1  it doesn't work on the fly,  
I have to go and qvm-shutdown the  AppVM and open it again,  which is 
a big pain.    I am often running out of RAM, and so try to just use 
one App-proxy-vpnVM , however ,


is this the expected behavior  no switching vpn appvms on the fly ?


IIRC this is a bug in the versions of Linux kernel that Qubes 4.0 uses. 
There is an issue but I can't locate it at the moment.



So, I guess I'll learn to live with it , and try not to change VPNs buy 
buying some more expensive RAM :)


But, I'm curious , If I install the  new script in the Template/s  , how 
would I switch  VPN locations?


Or would every AppVM based on that Template be locked into whatever 
geolocation's config file was symlinked to ?




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2571bdf5-8e73-71ea-0c9c-825b909889bc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.