Re: [qubes-users] disk space management
On Monday, December 17, 2018 at 10:40:45 AM UTC+2, awokd wrote: > dimi wrote on 12/17/18 7:03 AM: > > On Sunday, December 16, 2018 at 11:32:57 PM UTC+2, awokd wrote: > >> dimi wrote on 12/13/18 2:10 PM: > >>> Having fun with qubes r4 but can't help myself with this problem. > >>> > >>> sudo lvs, shows me a bunch of deleted VM's that 'seem' to eat up my disk > >>> space. > >>> > >>> > >>> 1) Mostly used Qubes Manager to delete them. How do you delete appVM's / > >>> TemplateVM's the right way so that no zombies will up on sudo lvs? > >>> > >>> 2) Why do i see these deleted VMs in /dev/qubes_dom0/ better yet these > >>> deleted VM's leave stuff / traces on disk in, > >>> /dev/mapper/ > >>> /dev/qubes_dom0/ > >>> /home/XXX/.config/menus/applications-merged/user-vmName-vm.menu > >>> /var/log/qubes/ > >>> /var/log/xen/ > >>> > >>> 3) sudo lvdisplay is showing me backups, vm--number-back, are > >>> these actual backups? > >>> Aince i do manual backups to another disk, how do i disable these? > >>> > >> 1) Can't recreate- might be an LVS thing. Have you rebooted since > >> deleting the VMs? > >> > >> 2) Same for /dev/mapper and /dev/qubes_dom0. I do see some stale entries > >> in /home/XXX/.config/menus/applications-merged/user-vmName-vm.menu, > >> though. Might be ones I had restored from 3.2. These can probably be > >> safely deleted. Those log files don't get pruned automatically AFAIK, so > >> you will see old entries out there unless you set up a job to > >> periodically delete old ones. > >> > >> 3) Those -back are snapshots kept so you can rollback. See > >> https://www.qubes-os.org/doc/software-update-vm/#reverting-changes-to-a-templatevm-r40 > >> for a little more info. > > > > 1) yes, plenty of reboots have happened > > 2) pure r4 install here, are you suggesting rm command to delete or some > > other qubes command i am not aware of? > > 3) well since i deleted the VM's and/or Templates why would i need to keep > > those snapshots around. How do i correctly remove these? > > 3) > > 1) I usually use qvm-remove to delete VMs, but Qube Manager should do > exactly the same thing. Are you making sure they're shutdown before > deleting? > 2) rm to delete the old menu entries and log files. I guess lvremove to > get rid of the old volumes listed with lvs, my assumption being Qubes > will realize they are gone and handle the entries in /dev/qubes_dom0 > appropriately. Haven't encountered this problem before. > 3) Also lvremove. 1) Yes, VM's are shutdown before removing. I am double, tripple checking before any delete action. 2) ok 3) ok Thank you for teaching me awokd, lvremove /dev/qubes_dom0/vm-leftover-private did it. Will reboot once i am done cleaning up, quiet a few leftovers here. And you are saying that your lvs does not show you any traces of left over VM's? How could i prevent that from future happing? Dreadfully go through a Qubes reinstall, i had some problems with Anaconda and restore backuped VMs? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/afb26bfc-eddf-447f-b1b9-73fd1ff15e16%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix GW & WS upgrade failed (Help)
many thanks for the new page with description and the link, I have Qubes 4. I manually rewrote the file /etc/qubes-rpc/policy/qubes.UpdatesProxy according to your instructions and now it works. Here is my screenshot with which it works now. thank you again https://ibb.co/4TTkKbk -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65215a4b-d0ff-4f00-84bb-cb9843314ae6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] sudo systemctl restart qubes-whonix-torified-updates-proxy-check
many thanks for the new page with description and the link, I have Qubes 4. I manually rewrote the file /etc/qubes-rpc/policy/qubes.UpdatesProxy according to your instructions and now it works. Here is my screenshot with which it works now. thank you again https://ibb.co/4TTkKbk -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f84faa56-0a82-4f23-b6b2-bba16038916a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Updated HCL report - Dell Precision 5520
On Monday, 17 December 2018 20:05:53 UTC, smvi...@invisson.com wrote: > > I have a Precision 5520 and the USB-C Ethernet adapter that came with > > it. I'm running Qubes R4.0. > > > > I've been able to use the adapter once per boot before I unplug it. If I > > unplug it and plug it back in, then it doesn't show up as an Ethernet > > device in the NetVM, and I have to reboot to use it again. > > > > If I boot the laptop with the adapter plugged in, dom0 sees four PCI > > bridge devices and one USB 3.1 controller associated with the adapter: > > > > [user@dom0 ~]$ lspci > > ... > > 05:00.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > > [Alpine Ridge 2C 2015] > > 06:00.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > > [Alpine Ridge 2C 2015] > > 06:01.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > > [Alpine Ridge 2C 2015] > > 06:02.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > > [Alpine Ridge 2C 2015] > > 3d:00.0 USB controller: Intel Corporation DSL6340 USB 3.1 Controller > > [Alpine Ridge] > > > > I can create a NetVM and assign the last PCI device listed here to it. > > NetworkManager recognizes the USB device as an Ethernet device in the > > NetVM. > > > > However, if I plug the adapter in after I boot, then I have to rescan > > the PCI bus to see those devices: > > > > [root@dom0 ~]# echo 1 > /sys/bus/pci/rescan > > > > Then, lspci will show the USB 3.1 controller. This works the first time > > I plug the adapter in after boot. But the NetVM still won't see an > > Ethernet adapter if I've already unplugged it. > > > > Adding and removing a PCI device creates other issues. If I unplug the > > adapter, the NetVM that I attached the device to will hang on shutdown. > > And the same VM will fail to boot if the adapter isn't plugged in: > > > > [user@dom0 ~]$ qvm-start sys-dongle > > Logical Volume "vm-sys-dongle-root-snap" already exists in volume > > group "qubes_dom0" > > > > I haven't investigated further since I use WiFi almost exclusively on > > that laptop. But maybe you'll have better luck with plugging and > > unplugging the adapter on the 5530. > > > > Brian > > > > -- > > Brian C. Duggan > > he/him/his > > This is great Brian! thanks for your help! > > I have already figure it out how to make it work thanks to your description, > and something similar is happening now with the plug/unplugging... I'll try > to dig deeper but at least now I can use it! > > Best regards. Regarding issues with when unplugging thunderbolt after boot, this is due to PCI hotplugging being disabled (for obvious security reasons) - more details here https://github.com/QubesOS/qubes-issues/issues/1673 @Jim: following awokd's procedure you should be able to get UEFI working, also the configuration that I described for installation and post-installation were tested with UEFI only Now if you reboot and the PCI devices served by the thunderbolt/usb-c are not present anymore, you'll have to manually remove them from the list of pci devices that are passed through to your NetVM or UsbVM. Same for when you boot with the thunderbolt attached, you'll have to reattach the pci devices to the VM for passthrough. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ada9d85-95f8-4780-a090-8221270c7eba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Correct place for salt-ssh configuration
On 12/17/18 8:08 PM, unman wrote: > On Mon, Dec 17, 2018 at 07:18:14PM -0500, Brian C. Duggan wrote: >> On 12/17/18 6:27 PM, unman wrote: >>> From this comment I dont think it can be done (as yet) through salt-ssh: >>> https://github.com/saltstack/salt/issues/42148#issuecomment-441955777 >>> >> >> I see. Thanks for finding that, unman. > > There are limitations to salt-ssh (including targeting) which I have > been exploring > There are several, huh? Before I asked about this, I ran in to this: https://github.com/saltstack-formulas/salt-formula/issues/140 I followed the suggestion in that thread and created /root/.salt/Saltfile with the extra_filerefs setting on the DispVM. That worked around this issue with salt-ssh. >> >>> Also, remember that Qubes uses salt as a masterless minion, so that >>> configuration in salt/master wont be read. >>> >> >> I think I understand, now. So, on dom0, should configurations go in >> salt/minion? Will those settings only apply to dom0? > > I believe this is true. > Nod. >> >> Will salt-ssh on the management DispVM read salt/master on the DispVM? >> > > /srv on the DispVM is copied from /srv in dom0. > /etc/salt/master on the DispVM is copied from /srv/master in dom0. > Great, this helps immensely. > It would help if I understood what configuration you want to apply. > Well, now that my original use case - using the latest module.run format - is moot, I don't really have one :) I was asking for my own clarity and future reference. Thanks again, unman, this really clears things up. Brian -- Brian C. Duggan he/him/his -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b04c2ba-81a6-f0db-bc5f-e4b21ac22fbd%40dugga.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Correct place for salt-ssh configuration
On Mon, Dec 17, 2018 at 07:18:14PM -0500, Brian C. Duggan wrote: > On 12/17/18 6:27 PM, unman wrote: > > From this comment I dont think it can be done (as yet) through salt-ssh: > > https://github.com/saltstack/salt/issues/42148#issuecomment-441955777 > > > > I see. Thanks for finding that, unman. There are limitations to salt-ssh (including targeting) which I have been exploring > > > Also, remember that Qubes uses salt as a masterless minion, so that > > configuration in salt/master wont be read. > > > > I think I understand, now. So, on dom0, should configurations go in > salt/minion? Will those settings only apply to dom0? I believe this is true. > > Will salt-ssh on the management DispVM read salt/master on the DispVM? > /srv on the DispVM is copied from /srv in dom0. /etc/salt/master on the DispVM is copied from /srv/master in dom0. It would help if I understood what configuration you want to apply. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181218010855.lljd5e4h2ps6h3vj%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Adding additional storage to Qubes
On Monday, December 17, 2018 at 1:25:24 AM UTC-7, awokd wrote: > seshu wrote on 12/16/18 5:01 PM: > > Hi, I'm a Qubes newbie but coming along really well. I'm using 4.0.1 rc-1. > > > > I had a question about what the process is to add new storage drives (ssd > > or hdd). Looking through the documentation I can see there are several docs > > that help but raised other questions. So here goes. > > > > There is a doc to add SSD storage > > cache(https://groups.google.com/d/msgid/qubes-users/a08359c9-9eb0-4d1a-ad92-a8a9bc676ea6%40googlegroups.com) > > and one for Storing AppVMs on Secondary Drives > > (https://www.qubes-os.org/doc/secondary-storage/). > > > > Question 1: What's the difference between these two? Or I do understand the > > second doc, but not sure what SSD storage cache is for? > > > > Question 2: My main goal is to add more storage available to the entire > > system for it to use as it needs. This would be after initial install. It > > doesn't have to be specifically for AppVMs, etc. So, I wasn't sure how to > > do that. > > > > Now, I'm currently setup on dual boot, I do realize the security concerns > > and since I'm just testing exploring now I'm only evaluating. I do have > > some data stored on the Win10 drives (hdd). So, > > > > Question 3: is there a way to add those hdd's into the Qubes environment, > > let's say into the home directory of an AppVM so I can have access that > > way? I do realize the security holes this creates, so its not that I will > > ultimately operate this way. Maybe this question can be translated as, is > > it possible to add an ssd or hdd specifically for /home or user profile > > data? > > > > Thanks again for all your help. It's been really fun getting back into > > linux and getting to know Qubes. > > > > SSD storage cache can be used as a way to speed up your installation if > it's on a hard drive. That email was from 2015, but with current SSD > prices many people buy a large SSD and install on it instead. > > https://www.qubes-os.org/doc/secondary-storage/ works if you want to > store an entire AppVM on a secondary drive. You can increase the private > storage size (the amount of drive space Qubes allows it to use) of any > AppVM in Qube Settings. So by putting AppVMs you know will be large on a > secondary drive and then increasing private storage size, that should > cover most of your needs. Qubes uses a relatively small amount of > storage for itself (20GB?) so most usage is within the AppVMs. > > Another option is to use external storage, then qvm-block attach it to > AppVMs you want. You can also use qvm-block to attach internal block > devices that aren't mounted by Qubes- run qvm-block by itself to see > what's available. Great. Thanks! this helps. I hadn't come across the qvm-block command, I'll research that. I did install Qubes on a samsung 970 evo nvme 1TB so it is really fast and lots of space. I'm just trying to think about backup drives, or other drives I've had in my desktop for some time now. Understanding how Qubes operates really causes me to think more about how I'd want to setup my system. Its very different then what I had used for Win10. Thanks again! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518f25e-a3ca-46c7-8fda-b6e2ea29b19a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Correct place for salt-ssh configuration
On 12/17/18 6:27 PM, unman wrote: > From this comment I dont think it can be done (as yet) through salt-ssh: > https://github.com/saltstack/salt/issues/42148#issuecomment-441955777 > I see. Thanks for finding that, unman. > Also, remember that Qubes uses salt as a masterless minion, so that > configuration in salt/master wont be read. > I think I understand, now. So, on dom0, should configurations go in salt/minion? Will those settings only apply to dom0? Will salt-ssh on the management DispVM read salt/master on the DispVM? -- Brian C. Duggan he/him/his -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/efd8af38-6416-dd79-d6d5-eb0e9b6a9aed%40dugga.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sun, Dec 16, 2018 at 08:35:57PM -0800, John Smiley wrote: > On Sunday, December 16, 2018 at 4:12:56 AM UTC-8, unman wrote: > > On Sat, Dec 15, 2018 at 06:31:35PM -0800, John Smiley wrote: > > > On Saturday, December 15, 2018 at 6:24:49 PM UTC-8, unman wrote: > > > > On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > > > > > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > > > > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > > > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley > > > > > > > wrote: > > > > > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, > > > > > > > > 22...@tutamail.com wrote: > > > > > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > > > > > > > > > > > > > John, > > > > > > > > > I'll take a shot at helping but would defer to Unman who has > > > > > > > > > helped me out a lot, both directly and indirectly on this > > > > > > > > > forum. > > > > > > > > > > > > > > > > > > Some notes: > > > > > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > > > > > Not an expert but have having been using Qubes as my primary > > > > > > > > > for over a year. > > > > > > > > > > > > > > > > > > I loaded 4.0, however during the setup I did not add the > > > > > > > > > default whonix template(v13 I think) to my system as the > > > > > > > > > default whonix needs to be removed in order to upgrade to > > > > > > > > > whonix-14. This option is chosen when loading Qubes for the > > > > > > > > > first time. > > > > > > > > > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my > > > > > > > > > network > > > > > > > > > > > > > > > > > > After installing Qubes 4.0, I immediately install the > > > > > > > > > whonix-14 template following these instructions: > > > > > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > > > > > > > > > All updates going forward are done thru > > > > > > > > > sys-whonix-14-GW. > > > > > > > > > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox > > > > > > > > > or the whole template...I don't just upgrade Firefox, I > > > > > > > > > update the whole template i.e. I update the Debian template > > > > > > > > > and the Fedora template and this updates Firefox in the > > > > > > > > > template and the appvm's associated with the templates. Make > > > > > > > > > sure you are aware of the template/appvm relationship...you > > > > > > > > > don't update the appvm(e.g. sys-whonix), you update the > > > > > > > > > template(whonix-gw) which is the source for the > > > > > > > > > appvm(sys-whonix). > > > > > > > > > > > > > > > > > > Other best practices I follow: > > > > > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > > > > > *Whonix-gw template is a key template to update as all my > > > > > > > > > updates are done thru this template/appvms > > > > > > > > > * Get a VPN appvm setup as a priority > > > > > > > > > * Clone your templates and experiment on the clones, this way > > > > > > > > > you can resort back to your clean template WHEN you F%$# it > > > > > > > > > up (Not IF...you will at some point mess one up) > > > > > > > > > > > > > > > > > > Good luck, hope this helps... > > > > > > > > > > > > > > > > Thank you @tutamail. This is more like what I was looking for. > > > > > > > > I've tried most of what you recommend, but not everything. > > > > > > > > I'll re-install 4.0 and give your suggestions a try. > > > > > > > > > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't > > > > > > > > clear. I only tried 4.0.1-rc1 out of desperation. What I want > > > > > > > > is the latest production 4.0 platform. Most operating systems > > > > > > > > have a simple process by which you are informed of packages > > > > > > > > that are out of date and are offered an opportunity to upgrade > > > > > > > > them to the most recent version supported by the distributor. > > > > > > > > It would be great if Qubes had something like that. Perhaps > > > > > > > > someday it will. In the meantime, there ought to be a document > > > > > > > > that clearly explains how to go from a fresh install to the > > > > > > > > most recent Qubes-supported version of every package installed > > > > > > > > in each template and dom0. It would be even nicer if there > > > > > > > > were a nightly/weekly build of the same packages used in a > > > > > > > > fresh install, but all updated to the latest supported version > > > > > > > > so that we could simply download and install that and know that > > > > > > > > we have all of the most recent patches and upgrades. > > > > > > > > > > > > > > I can hear some of you now saying that if I want these things > > > > > > > then get up off my lazy ass and build them. If I weren't fully > > > > > > > (some would say overyly) employed
Re: [qubes-users] Manual update Fedora, Debian and Whonix?
On Mon, Dec 17, 2018 at 12:48:29PM -0800, 22...@tutamail.com wrote: > Sorry for the basic question, but was wondering if some folks could help me > out with some housekeeping and best practices: > > My understanding is you would enter the following commands into the template > terminal: > > Debian: > sudo apt-get update && sudo apt-get dist-upgrade > > Fedora: > sudo dnf clean all && sudo dnf upgrade > > Sometimes with Fedora, in a pinch: > sudo dnf upgrade --best --allowerasing > > Whonix (GW & WS): > sudo apt-get update && sudo apt-get dist-upgrade > > > Is this right? Are their some manual housekeeping commands I should run to > keep the templates optimized? > > Thank you all and thank you for Qubes...happy holidays Qubes developers, you > folks rock!! > For Debian you rarely need dist-upgrade while updating stable. An update followed by upgrade will bring all currently installed packages up to date. (There is a risk with dist-upgrade that some existing packages will be removed, although this should not happen within a release.) You can also (with caution) use 'apt autoremove' but make sure you review the list of what is to be removed before proceeding. aptitude is a decent package manager worth giving a try. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181217234600.sw5u35ifnn3tkvas%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Correct place for salt-ssh configuration
On Mon, Dec 17, 2018 at 10:20:48AM -0500, Brian C. Duggan wrote: > Hi, > > What's the correct place to configure salt-ssh? The SaltStack > documentation says salt-ssh configuration goes in /etc/salt/master. I > tried adding configuration for salt-ssh to /etc/salt/master on dom0 and > also on the template VM for the default disposable VM. But I didn't see > any effect from the configuration. > > I'm using Qubes R4.0. I'm not using the packages in the testing repo > that provide a dedicated management DispVM and template. > > My use case is that I want to use the new format (as of Salt 2017.7.0) > for running execution modules in state files: > > https://docs.saltstack.com/en/latest/topics/releases/2017.7.0.html#state-module-changes > > salt-call on dom0 is 2017.7.1 > salt-ssh on the default DispVM template is 2018.3.2 > > The legacy format for module.run works fine. Using the new format > requires setting this on minions: > > ``` > use_superseded: > - module.run > ``` > > In order to pass that setting to minions, I added this to > /etc/salt/master on both dom0 and on the default DispVM template: > > ``` > ssh_minion_opts: > use_superseded: > - module.run > ``` > > But the comment in the state output said that the module was not > available when I used the new format. > > Is that right way to use `use_superseded` through salt-ssh? > > Where should salt-ssh configurations go in Qubes R4.0? > > Thanks! > Brian > Brian >From this comment I dont think it can be done (as yet) through salt-ssh: https://github.com/saltstack/salt/issues/42148#issuecomment-441955777 Also, remember that Qubes uses salt as a masterless minion, so that configuration in salt/master wont be read. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181217232733.vh3dnpqgxvpuvuwg%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN for Linux Dummies
On 12/17/2018 03:09 PM, stefanneuhaus2...@gmail.com wrote: With Qubes 4.0 i got stuck with VPN (NordVPN) installation because i have only basic knowledge of linux. I found a lot of info, but most relevant are these from the Qubes Github: https://github.com/tasket/Qubes-vpn-support https://github.com/tasket/qubes-tunnel https://github.com/tasket/qubes-doc/blob/tunnel/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-the-qubes-tunnel-service I was successful in setting up an appvm with vpn-handler-openvpn I installed qubes-tunnel.git in fedora template I copied the region relevant but general nordvpn config files from https://nordvpn.com/de/ovpn/ to /rw/config/vpn ... But i got stuck, with a lot of questions on these different instructions. What is the qubes-vpn-support folder? How to enter the login and passwort for testing the connection to nordvpn? Is the vpn tunnel necessary? Do you have some hints? (I can`t answer tomorrow, but on wednesday.) Thx. Stefan Just want to state for list readers that Qubes-vpn-support and qubes-tunnel do the same thing; they're not intended to be combined. I think the alternative you're looking for is the first part of the Qubes VPN doc: https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager This way you can use Network Manager documentation for additional guidance in the GUI, or use any specific steps NordVPN has created for Network Manager. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/600f0ff5-3070-546e-7ba9-666e911b2211%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Manual update Fedora, Debian and Whonix?
Sorry for the basic question, but was wondering if some folks could help me out with some housekeeping and best practices: My understanding is you would enter the following commands into the template terminal: Debian: sudo apt-get update && sudo apt-get dist-upgrade Fedora: sudo dnf clean all && sudo dnf upgrade Sometimes with Fedora, in a pinch: sudo dnf upgrade --best --allowerasing Whonix (GW & WS): sudo apt-get update && sudo apt-get dist-upgrade Is this right? Are their some manual housekeeping commands I should run to keep the templates optimized? Thank you all and thank you for Qubes...happy holidays Qubes developers, you folks rock!! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e8107c51-45af-439f-a134-83e52471d975%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VPN for Linux Dummies
With Qubes 4.0 i got stuck with VPN (NordVPN) installation because i have only basic knowledge of linux. I found a lot of info, but most relevant are these from the Qubes Github: https://github.com/tasket/Qubes-vpn-support https://github.com/tasket/qubes-tunnel https://github.com/tasket/qubes-doc/blob/tunnel/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-the-qubes-tunnel-service I was successful in setting up an appvm with vpn-handler-openvpn I installed qubes-tunnel.git in fedora template I copied the region relevant but general nordvpn config files from https://nordvpn.com/de/ovpn/ to /rw/config/vpn ... But i got stuck, with a lot of questions on these different instructions. What is the qubes-vpn-support folder? How to enter the login and passwort for testing the connection to nordvpn? Is the vpn tunnel necessary? Do you have some hints? (I can`t answer tomorrow, but on wednesday.) Thx. Stefan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98646979-b7a5-477e-872c-d0c646826778%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]
> El miércoles, 22 de noviembre de 2017, 8:24:03 (UTC+1), Laurent escribió: > > Le mardi 21 novembre 2017 21:33:24 UTC+1, awokd a écrit : > > > On Tue, November 21, 2017 07:39, Laurent wrote: > > > > Oups !!! Sorry for this mistake .. > > > > > > No problem! The only network card I see in that list is the same one you > > > already found- > > > 02:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) > > > > > > Is Ethernet built in? Do you need to enable it in your BIOS? Are you using > > > a USB Ethernet adapter? > > > > Yes, I use an USB Ethernet adapter (USB type C): > > https://www.amazon.com/Dell-Dbqbcbc064-Adapter-Usb-C-Ethernet/dp/B01BQ8RU2U > > > > > > I've the same issue with my hub USB (type C also) : > > (https://shop.hardware.fr/fiche/AR201511130055.html?gclid=EAIaIQobChMI_4bM8tHR1wIVdSjTCh2HWQSyEAQYASABEgLnqfD_BwE) > > > > > > My USB flash drive works fine when directly plugged on my laptop. When > > using my Hub, the same USB flash drive is not detected. > > Same for an external USB Disk Drive. > > Did you figured it out Laurent? I have the very same problem with the very > same adapter... > > Same thing happens with DELL DA 300 also. I have seen it working once, but > not sure how it happened and I couldn't make it work again... so I know is > possible! > > Thank you in advance. > Best. I made it work using permissive mode, although I don't think it is really needed. Now I'm having the unplugging/plugging issue described here: https://groups.google.com/d/msg/qubes-users/WMc88pfT-hM/S1Q4esFyEQAJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa12aeff-a68e-4378-87dc-a0e3bcc0b2fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]
> El miércoles, 22 de noviembre de 2017, 8:24:03 (UTC+1), Laurent escribió: > > Le mardi 21 novembre 2017 21:33:24 UTC+1, awokd a écrit : > > > On Tue, November 21, 2017 07:39, Laurent wrote: > > > > Oups !!! Sorry for this mistake .. > > > > > > No problem! The only network card I see in that list is the same one you > > > already found- > > > 02:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) > > > > > > Is Ethernet built in? Do you need to enable it in your BIOS? Are you using > > > a USB Ethernet adapter? > > > > Yes, I use an USB Ethernet adapter (USB type C): > > https://www.amazon.com/Dell-Dbqbcbc064-Adapter-Usb-C-Ethernet/dp/B01BQ8RU2U > > > > > > I've the same issue with my hub USB (type C also) : > > (https://shop.hardware.fr/fiche/AR201511130055.html?gclid=EAIaIQobChMI_4bM8tHR1wIVdSjTCh2HWQSyEAQYASABEgLnqfD_BwE) > > > > > > My USB flash drive works fine when directly plugged on my laptop. When > > using my Hub, the same USB flash drive is not detected. > > Same for an external USB Disk Drive. > > Did you figured it out Laurent? I have the very same problem with the very > same adapter... > > Same thing happens with DELL DA 300 also. I have seen it working once, but > not sure how it happened and I couldn't make it work again... so I know is > possible! > > Thank you in advance. > Best. I made it worked using permissive mode, although I don't think is really needed. Now I'm having the unpligging/plugging issue described here: https://groups.google.com/d/msg/qubes-users/WMc88pfT-hM/S1Q4esFyEQAJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0c96eda-1d45-451b-9909-7bf10abde4e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Updated HCL report - Dell Precision 5520
> I have a Precision 5520 and the USB-C Ethernet adapter that came with > it. I'm running Qubes R4.0. > > I've been able to use the adapter once per boot before I unplug it. If I > unplug it and plug it back in, then it doesn't show up as an Ethernet > device in the NetVM, and I have to reboot to use it again. > > If I boot the laptop with the adapter plugged in, dom0 sees four PCI > bridge devices and one USB 3.1 controller associated with the adapter: > > [user@dom0 ~]$ lspci > ... > 05:00.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > [Alpine Ridge 2C 2015] > 06:00.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > [Alpine Ridge 2C 2015] > 06:01.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > [Alpine Ridge 2C 2015] > 06:02.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge > [Alpine Ridge 2C 2015] > 3d:00.0 USB controller: Intel Corporation DSL6340 USB 3.1 Controller > [Alpine Ridge] > > I can create a NetVM and assign the last PCI device listed here to it. > NetworkManager recognizes the USB device as an Ethernet device in the > NetVM. > > However, if I plug the adapter in after I boot, then I have to rescan > the PCI bus to see those devices: > > [root@dom0 ~]# echo 1 > /sys/bus/pci/rescan > > Then, lspci will show the USB 3.1 controller. This works the first time > I plug the adapter in after boot. But the NetVM still won't see an > Ethernet adapter if I've already unplugged it. > > Adding and removing a PCI device creates other issues. If I unplug the > adapter, the NetVM that I attached the device to will hang on shutdown. > And the same VM will fail to boot if the adapter isn't plugged in: > > [user@dom0 ~]$ qvm-start sys-dongle > Logical Volume "vm-sys-dongle-root-snap" already exists in volume > group "qubes_dom0" > > I haven't investigated further since I use WiFi almost exclusively on > that laptop. But maybe you'll have better luck with plugging and > unplugging the adapter on the 5530. > > Brian > > -- > Brian C. Duggan > he/him/his This is great Brian! thanks for your help! I have already figure it out how to make it work thanks to your description, and something similar is happening now with the plug/unplugging... I'll try to dig deeper but at least now I can use it! Best regards. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc012ff8-381a-4a71-bf27-290bdc8610d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]
El lunes, 17 de diciembre de 2018, 19:29:02 (UTC+1), smvi...@invisson.com escribió: > El miércoles, 22 de noviembre de 2017, 8:24:03 (UTC+1), Laurent escribió: > > Le mardi 21 novembre 2017 21:33:24 UTC+1, awokd a écrit : > > > On Tue, November 21, 2017 07:39, Laurent wrote: > > > > Oups !!! Sorry for this mistake .. > > > > > > No problem! The only network card I see in that list is the same one you > > > already found- > > > 02:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) > > > > > > Is Ethernet built in? Do you need to enable it in your BIOS? Are you using > > > a USB Ethernet adapter? > > > > Yes, I use an USB Ethernet adapter (USB type C): > > https://www.amazon.com/Dell-Dbqbcbc064-Adapter-Usb-C-Ethernet/dp/B01BQ8RU2U > > > > > > I've the same issue with my hub USB (type C also) : > > (https://shop.hardware.fr/fiche/AR201511130055.html?gclid=EAIaIQobChMI_4bM8tHR1wIVdSjTCh2HWQSyEAQYASABEgLnqfD_BwE) > > > > > > My USB flash drive works fine when directly plugged on my laptop. When > > using my Hub, the same USB flash drive is not detected. > > Same for an external USB Disk Drive. > > Did you figured it out Laurent? I have the very same problem with the very > same adapter... > > Same thing happens with DELL DA 300 also. I have seen it working once, but > not sure how it happened and I couldn't make it work again... so I know is > possible! > > Thank you in advance. > Best. Ok I just made it work playing with permissive mode: https://www.qubes-os.org/doc/assigning-devices/ But only if I add it to the sys-net VM directly instead of assigning it trough sys-usb. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c84537b5-1507-4ce4-bfb3-742f32fc6ee4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: What's the use of the kernel package in VM?
On Monday, December 17, 2018 at 2:12:48 PM UTC-5, Ivan Mitev wrote: > yes. > > By the way I asked the same question on qubes-devel a while ago: > > https://groups.google.com/d/msg/qubes-devel/BK5qiopm9-8/0JFzbTr5BwAJ > > > tl;dr;, the qubes dev would like to use stock distribution kernels but > there's always something that breaks so they have to provide custom kernels. Thanks for clearing that up. I guess I'll leave those files as they are. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53e341bf-4757-498b-8d16-3c6f908cd5b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: What's the use of the kernel package in VM?
On 12/17/18 8:54 PM, qubesuserma...@gmail.com wrote: I found some related doc here: https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm-r40 So, are these kernel files in VM totally useless if I'm not using them? yes. By the way I asked the same question on qubes-devel a while ago: https://groups.google.com/d/msg/qubes-devel/BK5qiopm9-8/0JFzbTr5BwAJ tl;dr;, the qubes dev would like to use stock distribution kernels but there's always something that breaks so they have to provide custom kernels. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/71c39be4-aa31-2183-d1ca-646cba76b726%40maa.bz. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: What's the use of the kernel package in VM?
I found some related doc here: https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm-r40 So, are these kernel files in VM totally useless if I'm not using them? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3072ff86-e51f-49dc-a1ed-37b5f11b25ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What's the use of the kernel package in VM?
I keep getting 'kernel' and related package updates in Fedora Template. And the image files in /boot, they're the lasted versions (4.19.x) but never actually used? Then what's the point of having them? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2199131c-4783-41bb-ab3e-02dd391c5fc5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]
El miércoles, 22 de noviembre de 2017, 8:24:03 (UTC+1), Laurent escribió: > Le mardi 21 novembre 2017 21:33:24 UTC+1, awokd a écrit : > > On Tue, November 21, 2017 07:39, Laurent wrote: > > > Oups !!! Sorry for this mistake .. > > > > No problem! The only network card I see in that list is the same one you > > already found- > > 02:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) > > > > Is Ethernet built in? Do you need to enable it in your BIOS? Are you using > > a USB Ethernet adapter? > > Yes, I use an USB Ethernet adapter (USB type C): > https://www.amazon.com/Dell-Dbqbcbc064-Adapter-Usb-C-Ethernet/dp/B01BQ8RU2U > > > I've the same issue with my hub USB (type C also) : > (https://shop.hardware.fr/fiche/AR201511130055.html?gclid=EAIaIQobChMI_4bM8tHR1wIVdSjTCh2HWQSyEAQYASABEgLnqfD_BwE) > > > My USB flash drive works fine when directly plugged on my laptop. When using > my Hub, the same USB flash drive is not detected. > Same for an external USB Disk Drive. Did you figured it out Laurent? I have the very same problem with the very same adapter... Same thing happens with DELL DA 300 also. I have seen it working once, but not sure how it happened and I couldn't make it work again... so I know is possible! Thank you in advance. Best. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f71eed5-570c-4b13-be89-444995b68136%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Updated HCL report - Dell Precision 5520
On 12/17/18 11:43 AM, smvice...@invisson.com wrote: > So I have a Precision 5530, and after some similar tweaks to those > described here, I managed to install Qubes 4.0. Everything seem to be > working perfectly fine (Including Wi-Fi) except for the Ethernet > adapter that I need to connect to the USB-C (Thunderbolt) port. The > adapter is detected and I can use other connectors (DP, USBs) but the > ethernet adapter is not listed. I've tried assigning devices, > connecting it to sys-net, etc but no luck... > > Asking this here because in the Precision 5520 you also need a > similar adapter if you want to use Ethernet... so hopefully you have > figured it out already? > > Thank you in advance. > I have a Precision 5520 and the USB-C Ethernet adapter that came with it. I'm running Qubes R4.0. I've been able to use the adapter once per boot before I unplug it. If I unplug it and plug it back in, then it doesn't show up as an Ethernet device in the NetVM, and I have to reboot to use it again. If I boot the laptop with the adapter plugged in, dom0 sees four PCI bridge devices and one USB 3.1 controller associated with the adapter: [user@dom0 ~]$ lspci ... 05:00.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge [Alpine Ridge 2C 2015] 06:00.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge [Alpine Ridge 2C 2015] 06:01.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge [Alpine Ridge 2C 2015] 06:02.0 PCI bridge: Intel Corporation DSL6340 Thunderbolt 3 Bridge [Alpine Ridge 2C 2015] 3d:00.0 USB controller: Intel Corporation DSL6340 USB 3.1 Controller [Alpine Ridge] I can create a NetVM and assign the last PCI device listed here to it. NetworkManager recognizes the USB device as an Ethernet device in the NetVM. However, if I plug the adapter in after I boot, then I have to rescan the PCI bus to see those devices: [root@dom0 ~]# echo 1 > /sys/bus/pci/rescan Then, lspci will show the USB 3.1 controller. This works the first time I plug the adapter in after boot. But the NetVM still won't see an Ethernet adapter if I've already unplugged it. Adding and removing a PCI device creates other issues. If I unplug the adapter, the NetVM that I attached the device to will hang on shutdown. And the same VM will fail to boot if the adapter isn't plugged in: [user@dom0 ~]$ qvm-start sys-dongle Logical Volume "vm-sys-dongle-root-snap" already exists in volume group "qubes_dom0" I haven't investigated further since I use WiFi almost exclusively on that laptop. But maybe you'll have better luck with plugging and unplugging the adapter on the 5530. Brian -- Brian C. Duggan he/him/his -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d8541a8-e1a4-2a4c-4853-b31f6144dbc1%40dugga.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Win7 HVM causes Qubes to hang
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/15/18 5:37 AM, 'Bjoern Christoph' via qubes-users wrote: > Once I shut down Win7 the Qubes I wanted to launch are started, the > Qube Manager also reacts as it should. > Ideas? Hi Bjoern, I reported this 4 months ago here: https://github.com/QubesOS/qubes-issues/issues/3585#issuecomment-4107642 31 It is somehow related to the Qubes Windows tools. I suppose the situation 1 in your post is when you did not invoke the qubes clipboard or sent/received any files between qubes. Killing the Qubes service in Windows also get’s it unstuck. What I haven’t figured out is what’s special about my and your setups. Clearly most users do not see this problem. /Sven -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlwX3WsACgkQ2m4We49U H7ab/RAAw4oxtdPVTiNSm4UjGpMffAJv6Xb55D79bWkC0QIgBty/RrFQ/dJE8B1C 7DudoO1H4mn3gklYtxTT5tizS+jSIzNybAMIrX7pio9SyYQMU4V0NRnKmEuuUaCX kVMcWPnrQBJHk38tMaeUoZgnvH58YBVyOJA+kgIr4HJsbo/soopXUTsCMbxG6YiK /Z8ahxixayrZVsVqPnhdsCLYf5qoVjeGTVx3r897RegOCUjewlh+twk9f0/NlWOE no8WRmaQOLo8kuwkbxaTA4H6o+GwwOhjBQzGEOBlxTX15AIqtmPXReYvZOI9HWCi GERtQR8GeT7m5bn2U2owUQ3T6F0RFbZYdt2DgTYLmxsQVMxZRQp4kfDQ4N5WROya 4MZyNNUasEr/EHfwYDxk/k2pdwe6h0WOGPv7DltCNVCMJcnrJ5Nv61cJFhJI1+Nh jRHppp3XiiRWjnFBBtCV+BTxp+QAPFYFiAU2ilHfXfZuj1niuhkmVooNMRpgBB0f 8OwkQJLM2IVxwOTyegB+ECCdEHQWvew84bPX6eP9mc2gF07iyGUNjORYuTKqi0iJ EL6nQbZX96ewU3xodJ5xfe3dZvj4mk3/aTnzPSMWH3MDgwIO8yNqfsWiw+Oj+Cbm 6SvCFJ8GfnuYe9OW6Rr9yHdDHx5N1RJ8PApuji5WG4vZ50ZfFJo= =fjNJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/599296d4-9888-fa5b-3bed-524ff838edaf%40SvenSemmler.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Updated HCL report - Dell Precision 5520
So I have a Precision 5530, and after some similar tweaks to those described here, I managed to install Qubes 4.0. Everything seem to be working perfectly fine (Including Wi-Fi) except for the Ethernet adapter that I need to connect to the USB-C (Thunderbolt) port. The adapter is detected and I can use other connectors (DP, USBs) but the ethernet adapter is not listed. I've tried assigning devices, connecting it to sys-net, etc but no luck... Asking this here because in the Precision 5520 you also need a similar adapter if you want to use Ethernet... so hopefully you have figured it out already? Thank you in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98462c8d-11cb-42b8-81bc-017a99ee97bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Correct place for salt-ssh configuration
Hi, What's the correct place to configure salt-ssh? The SaltStack documentation says salt-ssh configuration goes in /etc/salt/master. I tried adding configuration for salt-ssh to /etc/salt/master on dom0 and also on the template VM for the default disposable VM. But I didn't see any effect from the configuration. I'm using Qubes R4.0. I'm not using the packages in the testing repo that provide a dedicated management DispVM and template. My use case is that I want to use the new format (as of Salt 2017.7.0) for running execution modules in state files: https://docs.saltstack.com/en/latest/topics/releases/2017.7.0.html#state-module-changes salt-call on dom0 is 2017.7.1 salt-ssh on the default DispVM template is 2018.3.2 The legacy format for module.run works fine. Using the new format requires setting this on minions: ``` use_superseded: - module.run ``` In order to pass that setting to minions, I added this to /etc/salt/master on both dom0 and on the default DispVM template: ``` ssh_minion_opts: use_superseded: - module.run ``` But the comment in the state output said that the module was not available when I used the new format. Is that right way to use `use_superseded` through salt-ssh? Where should salt-ssh configurations go in Qubes R4.0? Thanks! Brian -- Brian C. Duggan he/him/his -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28d9fbe8-d47a-10ad-3c1c-3f1862617490%40dugga.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 2FA AEM (anti-evil-maid) fails: "All key slots full"
Hi, I am trying to configure 2FA AEM (usb stick + TOTP) on my computer. I've done several attempts and I've probably messed up with something somewhere. Now when I run: "anti-evil-maid-install -m /dev/sdb1" * A new ext4 filesystem is created on my usb stick. * I get and verify my QR code. * I enter the passphrase for the new LUKS key file. but I get this output in dom0: "anti-evil-maid-install: Adding key file to new key slot for /dev/sda2 (UUID XXX) All key slots full" Can somebody help me with this, please? As mentioned above, I've done many attempts to configure AEM without success. However, I've never seen this output earlier. Thanks in advance for your kind attention. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4gx8cl3gdGrdkuAW8YmANM_F2IUA1r74q6NpFkl3a5fQU_5WuFRe9y_bJKu0yCOGFUvkjbqfVfkjVsN-JaiGEM31WYof4wfvAL7He88T2gQ%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Updating to whonix-14. Error: "ImportError: No module named qubesadmin.exc"
Hi all, I'm quite new to Qubes and Linux in general yet I have manged to run Qubes OS as my main desktop for several weeks. At the moment I'm fiddling with networking, more specifically I'm trying to get whonix-14 working, as Qubes comes with an outdated version(!?). First I removed all traces of the old outdated Whonix (including qubes-core-admin-addon-whonix.noarch) on my system. Then I ran "sudo qubesctl state.sls qvm.whonix-ws-dvm" according to the documentation: https://www.whonix.org/wiki/Qubes/Install After getting "bash: qubesctl: command not found" i reinstalled "qubes-core-admin-addon-whonix.noarch" with no effect. After that I tried searhing dom0 repo for salt and found "qubes-mgmt-salt.noarch" witch i also installed, it seems to help the first problem, but qubesctl seems broken. When running the command i get this in return: File "/usr/bin/qubescl", line 11, in import qubessalt File "/usr/bin/python2.7/site/packages/qubessalt/__init__.py", line 10, in import qubesadmin.exc ImportError: No module named qubesadmin.exc How do i fix this and get whonix-14 installed properly? Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b8602d3-2deb-4a09-80bc-caf247a79fe7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix GW & WS upgrade failed (Help)
Thanks, I read through everything and try with the help of your left to fix the errors. I write after that if it worked. ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e28ba90a-7a4f-4ab9-8def-7f35f3eff6e4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix GW & WS upgrade failed (Help)
qubes123...@gmail.com: > I press upgrade at Whonix GW & WS and get this message, see Screnshoot, what > should I do? thank you in advance ;) > > https://ibb.co/XbCsJWQ > The problem probably was that Whonix wasn't setup using Qubes salt. Manual installation of Whonix is unsupported. Please use Qubes salt as per documentation. https://www.whonix.org/wiki/Qubes/Install https://www.whonix.org/wiki/Qubes/Uninstall https://www.whonix.org/wiki/Qubes/Reinstall In response I improved that error message, created a new wiki page and added a link from the error message to it. https://www.whonix.org/wiki/Qubes/UpdatesProxy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e5b2a53-35b8-23c7-c53b-e36f2ed81427%40whonix.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] disk space management
dimi wrote on 12/17/18 7:03 AM: On Sunday, December 16, 2018 at 11:32:57 PM UTC+2, awokd wrote: dimi wrote on 12/13/18 2:10 PM: Having fun with qubes r4 but can't help myself with this problem. sudo lvs, shows me a bunch of deleted VM's that 'seem' to eat up my disk space. 1) Mostly used Qubes Manager to delete them. How do you delete appVM's / TemplateVM's the right way so that no zombies will up on sudo lvs? 2) Why do i see these deleted VMs in /dev/qubes_dom0/ better yet these deleted VM's leave stuff / traces on disk in, /dev/mapper/ /dev/qubes_dom0/ /home/XXX/.config/menus/applications-merged/user-vmName-vm.menu /var/log/qubes/ /var/log/xen/ 3) sudo lvdisplay is showing me backups, vm--number-back, are these actual backups? Aince i do manual backups to another disk, how do i disable these? 1) Can't recreate- might be an LVS thing. Have you rebooted since deleting the VMs? 2) Same for /dev/mapper and /dev/qubes_dom0. I do see some stale entries in /home/XXX/.config/menus/applications-merged/user-vmName-vm.menu, though. Might be ones I had restored from 3.2. These can probably be safely deleted. Those log files don't get pruned automatically AFAIK, so you will see old entries out there unless you set up a job to periodically delete old ones. 3) Those -back are snapshots kept so you can rollback. See https://www.qubes-os.org/doc/software-update-vm/#reverting-changes-to-a-templatevm-r40 for a little more info. 1) yes, plenty of reboots have happened 2) pure r4 install here, are you suggesting rm command to delete or some other qubes command i am not aware of? 3) well since i deleted the VM's and/or Templates why would i need to keep those snapshots around. How do i correctly remove these? 3) 1) I usually use qvm-remove to delete VMs, but Qube Manager should do exactly the same thing. Are you making sure they're shutdown before deleting? 2) rm to delete the old menu entries and log files. I guess lvremove to get rid of the old volumes listed with lvs, my assumption being Qubes will realize they are gone and handle the entries in /dev/qubes_dom0 appropriately. Haven't encountered this problem before. 3) Also lvremove. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2233d91e-e8c3-d78b-b0b2-8c3ca003eaea%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Adding additional storage to Qubes
seshu wrote on 12/16/18 5:01 PM: Hi, I'm a Qubes newbie but coming along really well. I'm using 4.0.1 rc-1. I had a question about what the process is to add new storage drives (ssd or hdd). Looking through the documentation I can see there are several docs that help but raised other questions. So here goes. There is a doc to add SSD storage cache(https://groups.google.com/d/msgid/qubes-users/a08359c9-9eb0-4d1a-ad92-a8a9bc676ea6%40googlegroups.com) and one for Storing AppVMs on Secondary Drives (https://www.qubes-os.org/doc/secondary-storage/). Question 1: What's the difference between these two? Or I do understand the second doc, but not sure what SSD storage cache is for? Question 2: My main goal is to add more storage available to the entire system for it to use as it needs. This would be after initial install. It doesn't have to be specifically for AppVMs, etc. So, I wasn't sure how to do that. Now, I'm currently setup on dual boot, I do realize the security concerns and since I'm just testing exploring now I'm only evaluating. I do have some data stored on the Win10 drives (hdd). So, Question 3: is there a way to add those hdd's into the Qubes environment, let's say into the home directory of an AppVM so I can have access that way? I do realize the security holes this creates, so its not that I will ultimately operate this way. Maybe this question can be translated as, is it possible to add an ssd or hdd specifically for /home or user profile data? Thanks again for all your help. It's been really fun getting back into linux and getting to know Qubes. SSD storage cache can be used as a way to speed up your installation if it's on a hard drive. That email was from 2015, but with current SSD prices many people buy a large SSD and install on it instead. https://www.qubes-os.org/doc/secondary-storage/ works if you want to store an entire AppVM on a secondary drive. You can increase the private storage size (the amount of drive space Qubes allows it to use) of any AppVM in Qube Settings. So by putting AppVMs you know will be large on a secondary drive and then increasing private storage size, that should cover most of your needs. Qubes uses a relatively small amount of storage for itself (20GB?) so most usage is within the AppVMs. Another option is to use external storage, then qvm-block attach it to AppVMs you want. You can also use qvm-block to attach internal block devices that aren't mounted by Qubes- run qvm-block by itself to see what's available. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/885a5b21-74c3-9869-9e42-eb342b2ba641%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes-Whonix 14 (4.0.1-201811291216) Point Release for Qubes R4
This is a [point release](https://www.whonix.org/wiki/Point_Release). > A **point release** is not a separate, new version of Whonix. Instead, it is a re-release of Whonix which is inclusive of all updates up to a certain point. > > Installing any version of Whonix 14 and fully updating it leads to a system which is identical to installing a Whonix point release. > > **If the Whonix installation is [updated](https://www.whonix.org/wiki/Update), no further action is required.** > > Regardless of the current installed version of Whonix, if users wish to install (or reinstall) Whonix for any reason, then the point release is a convenient and more secure method, since it bundles all Whonix updates that are available at that specific time. Either: * **A)** [uninstall](https://www.whonix.org/wiki/Qubes/Uninstall) and [install](https://www.whonix.org/wiki/Qubes/Install) OR; * **B)** [reinstall](https://www.whonix.org/wiki/Qubes/Reinstall). * https://github.com/QubesOS/updates-status/issues/817 * https://github.com/QubesOS/updates-status/issues/818 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8cfeb1ef-55d0-63d1-8803-3424faa6becd%40whonix.org. For more options, visit https://groups.google.com/d/optout.
