Re: [qubes-users] gpg-split, what am I signing/encrypting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/06/2019 10.04 AM, scurge1tl wrote: > I have been playing with the gpg-split and would like to know, if > there is an option to see precisely for what specific task the > work-email AppVM is connecting to the work-gpg AppVM. > > Currently I let the work-email to have a blank access to the > work-gpg for a defined time (300sec by default). During this time, > the communication between the qubes is unrestricted (is it?). > > Is there an option to set the gpg-split to approve a specific task > only? Lets say I write an email to j...@email.ok. I click Send and > I get a message asking me "would you like to encrypt/sign the > message for j...@email.ok with your key ABC?" In this way I am > restricting the comms in between the AppVMs for a single, specific > task only. > > I am reacting to the Trezor-T where you can see on the Trezor-T > display what precisely you are signing. Can this be applied to the > pass split as well https://github.com/Rudd-O/qubes-pass too? > Please file a feature request for this. I thought we already had one, but I wasn't able to find one. All I found was these two somewhat related issues: https://github.com/QubesOS/qubes-issues/issues/1835 https://github.com/QubesOS/qubes-issues/issues/2443 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlz7MWMACgkQ203TvDlQ MDC9lA/+PlHzSESXJKRFo0WmzI031KfLVOcg69vpq8ZpmYE5g9lFtZ2U8T+VUobb h+yKuHvctKNeKIabKAJINtz3G7Yj/5S7KIHdIjgzvGQ2BjXjd8GfbzzXvK9qUeWD hqrdn2qWhIdv7+Rjl/Q+KEy6ubV4hnHv53Yklbyyyg88q5y9C0vmNDBOZKtdeIg6 YbopgN9BknZ0p0NGbK1uj2O+VKSEsUvVZeLrouQ7g99YCTOXe6jDf7j4LAvGRi9y jmequT0wiJ4DLExfDhxYHRf+oGJmrYd3iXoJn4HsonqNXgVqFDAlsDphrP1I6TWK 0D3NxSAqm2KzF+7HjpvnEEUt6a3YYxSgTzJnbPc2/vEN/rFo4HRGnwy8zeNCy4ly YH/3Sxv+w4/JJbNhHrZOBsgJDop7oOGlt8Ij4VT4bMeE9pcnCQDCArggk/RPsX9/ TukaSABYTgfKnOBQHxiqwFKpKMkToJzc6erVUB+IBkOJOl8kCuu/uGlgjUATVkqL K09E3BwH9Gnh4KdwIBy3BeCF6mgz1HuH11e0gG+jIKHQFEYj84ICQUTq/Ijm0yd/ EchydVd0apjrlcJ1f1dFCsTQJZOrZ9q9DqrBuSQtftqYSV7qt3Yc4BkqFzSSx0sU mQJ0GXM3GMxH6DD56JcExVG/xfX8a2KC6ByUj0HtdcDPj/QrgAo= =OTXA -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2de9decc-6f5c-5df5-38be-18d2c6d04e41%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Wireguard not working on fedora-29
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/06/2019 12.46 PM, mmo...@disroot.org wrote: > Hi, > > I'm trying to use wireguard but it fails due to the lack of the kernel-devel > source files in the qubes-kernel-vm. > So I've tried to use the default kernel that is shipped with fedora-29 but it > fails to boot with HVM support. I've managed to install it successfully > however on debian-9, it boots fine while on HVM but that doesn't work for as > I need to use this over fedora-29. > I've also see that support for wireguard was introduced in the > lastest-kernel-vm, according to this commit > https://github.com/QubesOS/qubes-linux-kernel/commit/790685154f0c657508a60ffe231d04715109e771 > > (https://github.com/QubesOS/qubes-linux-kernel/commit/790685154f0c657508a60ffe231d04715109e771) > the latest kernel under the unstable repo is 5.1.2 which doesn't contain the > wireguard module. > > So any idea how I can put this to work? > > Thank you > It looks like this was just addressed in this issue: https://github.com/QubesOS/qubes-issues/issues/3591 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlz7L/0ACgkQ203TvDlQ MDBdLQ/5AQGcmDdAQpACORoPCnURaLB4JWTnjpdkdSle+NdherxhNo4UPw7Pzn4F Si9N7CLQFa2xMlwidsw/u7DRdLxZck4cJH7k7J9MWRtjxZRyPUwroZfLgOqsGTXt Xdyi6XWYqVgFEQ6K/fVUv1Wfb1uxkzx1fqMrtBd3iKBzBU+rhIB6+quE6MPtXrt/ 4m5atDgZx2NlSqH7oWxh8EULdhQ/J5Vr7Tfr4K1isbihJ1/V27niVPtS2jxNQ77B hOYOm/iHuPXcAf3854GrwSkXdGteOxF0x6toWqq3ngHw21VdjtW8yEpKjKs8jo2j d5mdkCpZWUO8zwSuDRzP2/k+S36keSYK9t1A9oZ5PbOH9gFHfDDInRm8+o73iMAr 7fG1QeemOsZeWKoAkU5Qp5lU/cgl1wYgRa53fdbQNr7MpkA95pqA7WFIanBIy535 hjGqO0tZiGzCvx4XdhCCYsvfQzTvhUe/iU6g5i/+XYw8GZ31TPT3vtZLo7DwxcqT lbrGoh1R0iFddgBqCtNOxBscbD/Q0vrP3pxZ5THrKLv+aHFASEuFSZrgX1ZukrXy ZPcXLbpJgZOFKke6by2r2XcEO3BWfxOPXRfBm5aBy7pVzjLjnE2ayyTCr3LdO0b3 oge3ZeLAPvLScXn8GqSjU4Op5RJ+G7yow/lpKCe9tWOigGEI67c= =SUAZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4667bde6-da38-dd45-8eeb-e8a0c9f9dbe7%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question about dom0?
ljul8...@gmail.com wrote on 6/7/19 8:07 PM: Hello everyone. I was told that if someone manages to infect the dom0, they will know about all the MAC addresses so my question is: does someone know which MAC addresses does infecting dom0 reveal? Theoretically, if someone managed to only compromise dom0 but wasn't capable of vectoring their attack from it, they would be unable to locate any MAC addresses since dom0 has no network connection and devices containing MACs are in sys-net. However, this is very unlikely. Realistically, someone who owned dom0 would have full access to all VMs, including sys-net and its MAC addresses. A more likely scenario is sys-net itself gets temporarily compromised. This would also result in being able to view MAC addresses of assigned devices. Keep in mind every device you connect to (such as a wireless access point) also knows your MAC address, because that's how networking works. You can randomize it with https://www.qubes-os.org/doc/anonymizing-your-mac-address/. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18cab3f5-8768-30a8-3208-788f21fa44bd%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to update anything on new installation
On Friday, June 7, 2019 at 8:08:53 PM UTC-4, atrain...@gmail.com wrote: > On Friday, June 7, 2019 at 8:04:22 PM UTC-4, awokd wrote: > > atra...@gmail.com wrote on 6/7/19 11:01 PM: > > > I'm really really stuck and I can't go forward no matter what I do. My > > > goal is to create qubes to replace my current Linux OS as my every day > > > OS, including watching DVD's, Netflix, etc. However, I've run into a > > > huge amount of problems. > > > > > > Right now I'm typing to you via the disposable VM. The personal one > > > works fine too. I installed a VPN on my sys-net just fine. Tor refuses > > > to connect, just gets stuck at 85%, so I installed my VPN, now gets stuck > > > at 10% with bridges. > > > > Make sure your clock is set accurately. If Tor alone normally works on > > other devices at your location, try turning off the VPN and bridge > > temporarily, then let it sit at 85% for an hour to see if it eventually > > goes through. Tor over VPN without a bridge might also work. Also check > > /var/log/tor/log in sys-whonix, but seems like you might be already. > > > > > When I tried to follow the guide book for how to install a multimedia VM, > > > Qubes was telling me it was unable to find xclip, either under Fedora or > > > debian. In fact, the guide really needs to explain that "qvm-run" > > > command needs to be ran inside dom0. I spent an hour and a half trying > > > to get that command to work inside a new VM that I created realizing what > > > it did afterwards. >.< Anyway, moving on... > > > > > > Realizing I should probably update my VM's, I tried updating my VM's and > > > I keep getting the same types of errors. When I try to do any kind of > > > 'sudo qubes-dom0-update' commands, I get a 'Cannot retrieve repository > > > metadata (repomd.mxl) for repository:fedora.ts path and try again', no > > > matter how hard I try to make it work. > > > > > > Same types of errors when trying to update the debian-9 and fedora-29 > > > templateVM's. I need help please. I thought my internet was being > > > blocked so I slapped on my VPN but I still get the same problem. It's a > > > fresh install of Qubes. > > > > > > > When you installed Whonix as part of Qubes, you probably checked the box > > to update over Tor. If Tor's unavailable, you won't be able to update > > dom0 or templates. I don't think updates will help with the issues you > > mentioned, but it is possible to change them back to not using Tor. In > > dom0, you'd set "qubes-prefs updatevm sys-net" and edit > > /etc/qubes-rpc/policy/qubes.UpdatesProxy by commenting out the > > TemplateVM line with sys-whonix, which allows it to default to the one > > below with sys-net. > > Yes, my intention was to do everything over Tor but since I could not get Tor > working, I think this is where the problem is arising. I'll try your fix > once my update is finished. I'm updating Whonix using the firewall. > Probably not the safest method. awokd is right. it's usually the clock + timezone in the whonix VMs that is the problem. i believe whonix is configured to assume you set the local hardware clock to UTC. If the time/zone is significantly off expectations, it'll fail to connect. i think I had to sudo date --set= in both of the templates and possibly also in the non-disposable whonix VMs to get it to work, after first ensuring the same in dom0. B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c02f7930-aa7b-4e50-94e2-76277a6d74db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unable to update anything on new installation
Looks like it's working well. I managed to use VI to edit the program. Not everything is working but I suspect a restart is required. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83ea9820-8d19-4e99-9e47-6da49415e917%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-block doesn't see a thin volume
On Friday, June 7, 2019 at 8:43:49 AM UTC-4, awokd wrote: > awokd wrote on 6/7/19 12:39 PM: > > 'Crypto Carabao Group' via qubes-users wrote on 6/7/19 12:21 PM: > >> Created a thin volume on a second hdd. > >> Can use mount to attach it to dom0 and make a backup on it for example. > >> mounted or unmounted, qvm-block can't see it. So, can't attach it to > >> any other cube. > >> > I might have read too fast, too. If you want to attach the whole volume, > it ought to work with qvm-block. Has to be unmounted from dom0. Maybe > reboot? How is the second hdd connected? SATA, USB 2, USB 3, SAS, SCSI, iSCSI, Firewire? B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eab3a504-8165-4f2a-b149-56e36a5c6e21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to update anything on new installation
On Friday, June 7, 2019 at 8:04:22 PM UTC-4, awokd wrote: > atr...@gmail.com wrote on 6/7/19 11:01 PM: > > I'm really really stuck and I can't go forward no matter what I do. My > > goal is to create qubes to replace my current Linux OS as my every day OS, > > including watching DVD's, Netflix, etc. However, I've run into a huge > > amount of problems. > > > > Right now I'm typing to you via the disposable VM. The personal one works > > fine too. I installed a VPN on my sys-net just fine. Tor refuses to > > connect, just gets stuck at 85%, so I installed my VPN, now gets stuck at > > 10% with bridges. > > Make sure your clock is set accurately. If Tor alone normally works on > other devices at your location, try turning off the VPN and bridge > temporarily, then let it sit at 85% for an hour to see if it eventually > goes through. Tor over VPN without a bridge might also work. Also check > /var/log/tor/log in sys-whonix, but seems like you might be already. > > > When I tried to follow the guide book for how to install a multimedia VM, > > Qubes was telling me it was unable to find xclip, either under Fedora or > > debian. In fact, the guide really needs to explain that "qvm-run" command > > needs to be ran inside dom0. I spent an hour and a half trying to get that > > command to work inside a new VM that I created realizing what it did > > afterwards. >.< Anyway, moving on... > > > > Realizing I should probably update my VM's, I tried updating my VM's and I > > keep getting the same types of errors. When I try to do any kind of 'sudo > > qubes-dom0-update' commands, I get a 'Cannot retrieve repository metadata > > (repomd.mxl) for repository:fedora.ts path and try again', no matter how > > hard I try to make it work. > > > > Same types of errors when trying to update the debian-9 and fedora-29 > > templateVM's. I need help please. I thought my internet was being blocked > > so I slapped on my VPN but I still get the same problem. It's a fresh > > install of Qubes. > > > > When you installed Whonix as part of Qubes, you probably checked the box > to update over Tor. If Tor's unavailable, you won't be able to update > dom0 or templates. I don't think updates will help with the issues you > mentioned, but it is possible to change them back to not using Tor. In > dom0, you'd set "qubes-prefs updatevm sys-net" and edit > /etc/qubes-rpc/policy/qubes.UpdatesProxy by commenting out the > TemplateVM line with sys-whonix, which allows it to default to the one > below with sys-net. Question... this may sound stupid, but in dom0, how do I get access to /etc/qubes-rpc/policy/qubes.UpdatesProxy? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90e81cb0-27cd-403e-8a33-55275a9ca505%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to update anything on new installation
On Friday, June 7, 2019 at 8:04:22 PM UTC-4, awokd wrote: > atra.@gmail.com wrote on 6/7/19 11:01 PM: > > I'm really really stuck and I can't go forward no matter what I do. My > > goal is to create qubes to replace my current Linux OS as my every day OS, > > including watching DVD's, Netflix, etc. However, I've run into a huge > > amount of problems. > > > > Right now I'm typing to you via the disposable VM. The personal one works > > fine too. I installed a VPN on my sys-net just fine. Tor refuses to > > connect, just gets stuck at 85%, so I installed my VPN, now gets stuck at > > 10% with bridges. > > Make sure your clock is set accurately. If Tor alone normally works on > other devices at your location, try turning off the VPN and bridge > temporarily, then let it sit at 85% for an hour to see if it eventually > goes through. Tor over VPN without a bridge might also work. Also check > /var/log/tor/log in sys-whonix, but seems like you might be already. > > > When I tried to follow the guide book for how to install a multimedia VM, > > Qubes was telling me it was unable to find xclip, either under Fedora or > > debian. In fact, the guide really needs to explain that "qvm-run" command > > needs to be ran inside dom0. I spent an hour and a half trying to get that > > command to work inside a new VM that I created realizing what it did > > afterwards. >.< Anyway, moving on... > > > > Realizing I should probably update my VM's, I tried updating my VM's and I > > keep getting the same types of errors. When I try to do any kind of 'sudo > > qubes-dom0-update' commands, I get a 'Cannot retrieve repository metadata > > (repomd.mxl) for repository:fedora.ts path and try again', no matter how > > hard I try to make it work. > > > > Same types of errors when trying to update the debian-9 and fedora-29 > > templateVM's. I need help please. I thought my internet was being blocked > > so I slapped on my VPN but I still get the same problem. It's a fresh > > install of Qubes. > > > > When you installed Whonix as part of Qubes, you probably checked the box > to update over Tor. If Tor's unavailable, you won't be able to update > dom0 or templates. I don't think updates will help with the issues you > mentioned, but it is possible to change them back to not using Tor. In > dom0, you'd set "qubes-prefs updatevm sys-net" and edit > /etc/qubes-rpc/policy/qubes.UpdatesProxy by commenting out the > TemplateVM line with sys-whonix, which allows it to default to the one > below with sys-net. Yes, my intention was to do everything over Tor but since I could not get Tor working, I think this is where the problem is arising. I'll try your fix once my update is finished. I'm updating Whonix using the firewall. Probably not the safest method. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e019c420-17ce-4396-ac9e-04a8dc4d6406%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to update anything on new installation
atrainonl...@gmail.com wrote on 6/7/19 11:01 PM: I'm really really stuck and I can't go forward no matter what I do. My goal is to create qubes to replace my current Linux OS as my every day OS, including watching DVD's, Netflix, etc. However, I've run into a huge amount of problems. Right now I'm typing to you via the disposable VM. The personal one works fine too. I installed a VPN on my sys-net just fine. Tor refuses to connect, just gets stuck at 85%, so I installed my VPN, now gets stuck at 10% with bridges. Make sure your clock is set accurately. If Tor alone normally works on other devices at your location, try turning off the VPN and bridge temporarily, then let it sit at 85% for an hour to see if it eventually goes through. Tor over VPN without a bridge might also work. Also check /var/log/tor/log in sys-whonix, but seems like you might be already. When I tried to follow the guide book for how to install a multimedia VM, Qubes was telling me it was unable to find xclip, either under Fedora or debian. In fact, the guide really needs to explain that "qvm-run" command needs to be ran inside dom0. I spent an hour and a half trying to get that command to work inside a new VM that I created realizing what it did afterwards. >.< Anyway, moving on... Realizing I should probably update my VM's, I tried updating my VM's and I keep getting the same types of errors. When I try to do any kind of 'sudo qubes-dom0-update' commands, I get a 'Cannot retrieve repository metadata (repomd.mxl) for repository:fedora.ts path and try again', no matter how hard I try to make it work. Same types of errors when trying to update the debian-9 and fedora-29 templateVM's. I need help please. I thought my internet was being blocked so I slapped on my VPN but I still get the same problem. It's a fresh install of Qubes. When you installed Whonix as part of Qubes, you probably checked the box to update over Tor. If Tor's unavailable, you won't be able to update dom0 or templates. I don't think updates will help with the issues you mentioned, but it is possible to change them back to not using Tor. In dom0, you'd set "qubes-prefs updatevm sys-net" and edit /etc/qubes-rpc/policy/qubes.UpdatesProxy by commenting out the TemplateVM line with sys-whonix, which allows it to default to the one below with sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2490ba8f-4d6f-c7a5-c7e2-0b11ee2d09af%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unable to update anything on new installation
On Friday, June 7, 2019 at 7:01:48 PM UTC-4, atrain...@gmail.com wrote: > I'm really really stuck and I can't go forward no matter what I do. My goal > is to create qubes to replace my current Linux OS as my every day OS, > including watching DVD's, Netflix, etc. However, I've run into a huge amount > of problems. > > Right now I'm typing to you via the disposable VM. The personal one works > fine too. I installed a VPN on my sys-net just fine. Tor refuses to > connect, just gets stuck at 85%, so I installed my VPN, now gets stuck at 10% > with bridges. > > When I tried to follow the guide book for how to install a multimedia VM, > Qubes was telling me it was unable to find xclip, either under Fedora or > debian. In fact, the guide really needs to explain that "qvm-run" command > needs to be ran inside dom0. I spent an hour and a half trying to get that > command to work inside a new VM that I created realizing what it did > afterwards. >.< Anyway, moving on... > > Realizing I should probably update my VM's, I tried updating my VM's and I > keep getting the same types of errors. When I try to do any kind of 'sudo > qubes-dom0-update' commands, I get a 'Cannot retrieve repository metadata > (repomd.mxl) for repository:fedora.ts path and try again', no matter how hard > I try to make it work. > > Same types of errors when trying to update the debian-9 and fedora-29 > templateVM's. I need help please. I thought my internet was being blocked > so I slapped on my VPN but I still get the same problem. It's a fresh > install of Qubes. Well I found the issue. It's my Whonix. It's not working correctly. I think it's configured for Tor. How do I fix this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4cede79b-dc69-446b-92e6-ef49dac5f8af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Unable to update anything on new installation
I'm really really stuck and I can't go forward no matter what I do. My goal is to create qubes to replace my current Linux OS as my every day OS, including watching DVD's, Netflix, etc. However, I've run into a huge amount of problems. Right now I'm typing to you via the disposable VM. The personal one works fine too. I installed a VPN on my sys-net just fine. Tor refuses to connect, just gets stuck at 85%, so I installed my VPN, now gets stuck at 10% with bridges. When I tried to follow the guide book for how to install a multimedia VM, Qubes was telling me it was unable to find xclip, either under Fedora or debian. In fact, the guide really needs to explain that "qvm-run" command needs to be ran inside dom0. I spent an hour and a half trying to get that command to work inside a new VM that I created realizing what it did afterwards. >.< Anyway, moving on... Realizing I should probably update my VM's, I tried updating my VM's and I keep getting the same types of errors. When I try to do any kind of 'sudo qubes-dom0-update' commands, I get a 'Cannot retrieve repository metadata (repomd.mxl) for repository:fedora.ts path and try again', no matter how hard I try to make it work. Same types of errors when trying to update the debian-9 and fedora-29 templateVM's. I need help please. I thought my internet was being blocked so I slapped on my VPN but I still get the same problem. It's a fresh install of Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da81f466-2ae7-49d0-9738-61b9d7128042%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Question about dom0?
Hello everyone. I was told that if someone manages to infect the dom0, they will know about all the MAC addresses so my question is: does someone know which MAC addresses does infecting dom0 reveal? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b99254b6-dc53-4c9d-b7a5-626eb9ae03b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Wireguard not working on fedora-29
Hi, I'm trying to use wireguard but it fails due to the lack of the kernel-devel source files in the qubes-kernel-vm. So I've tried to use the default kernel that is shipped with fedora-29 but it fails to boot with HVM support. I've managed to install it successfully however on debian-9, it boots fine while on HVM but that doesn't work for as I need to use this over fedora-29. I've also see that support for wireguard was introduced in the lastest-kernel-vm, according to this commit https://github.com/QubesOS/qubes-linux-kernel/commit/790685154f0c657508a60ffe231d04715109e771 (https://github.com/QubesOS/qubes-linux-kernel/commit/790685154f0c657508a60ffe231d04715109e771) the latest kernel under the unstable repo is 5.1.2 which doesn't contain the wireguard module. So any idea how I can put this to work? Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/574b5f4b02856e1f8bfe00666e4b108d%40disroot.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] gpg-split, what am I signing/encrypting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have been playing with the gpg-split and would like to know, if there is an option to see precisely for what specific task the work-email AppVM is connecting to the work-gpg AppVM. Currently I let the work-email to have a blank access to the work-gpg for a defined time (300sec by default). During this time, the communication between the qubes is unrestricted (is it?). Is there an option to set the gpg-split to approve a specific task only? Lets say I write an email to j...@email.ok. I click Send and I get a message asking me "would you like to encrypt/sign the message for j...@email.ok with your key ABC?" In this way I am restricting the comms in between the AppVMs for a single, specific task only. I am reacting to the Trezor-T where you can see on the Trezor-T display what precisely you are signing. Can this be applied to the pass split as well https://github.com/Rudd-O/qubes-pass too? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlz6fPdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uw1+BAAm7Vw5ilKzpR+Z38k35ElkS8GhLe5QVrEyfcRsePcWHV97O/Z0GD6GJAw Ffmh/RYv9i4jBGfpwoPCVjC7KezqS2rpeAnDAkwOyFnmdBvJZtyMwnKT65N5cxUI npuC9j6D+6AVyWwn8YCUr2P9yiNHFAgmRqXEHfoTPK12WJdeOgmoGfSaPhZiAilI jQh7bYrxEm6dK6u4BWVZKYYHH9dCoCORPc7Yj3K+P+mRQEugkEqk4ysZsYwqZo+v WuPwWKO67LeBkv2CJ1Dl5bPq+OhtNAtH8os05ZqvGSQEo28za77rKY8pgJuNIelx 5Cqi8BbKAmBUaqy+2iKHK8tHN2KakRTrvbkbgOnfXBK90eboPDEskjkZT2g/Ahd+ iL/kRk4YKIU1oxGzyorAYd2Kbh5s+MY1tcUWj/m98f4ZzVDr5f5ZyJQz+GXCpc+7 3Z4ZeaGz2rMQHL8SQx7ZQ74M71pECcGdyLp+5IbTCUA9JOYXEQo7vrjfZpI7KIkV RvRJ15fh56OF07smhE4/jxioEAYsTWDTrfswOOlLYDBdwgIIg3qGeVVEMf81PcfI AAGuGp1kqyldYPvjUflc5VFZXelpqq556z4IkX0D1juwGwOWpZ29PNEl74KwwV2w fPV2B8z8SlXAz9PKEj7r+Q7+MsWYmnEVRJJOKwOLz0d27Hb32jU= =lbJ0 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/281ac966-7393-dbc0-5883-3eab33518005%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] qvm-block doesn't see a thin volume
awokd wrote on 6/7/19 12:39 PM: 'Crypto Carabao Group' via qubes-users wrote on 6/7/19 12:21 PM: Created a thin volume on a second hdd. Can use mount to attach it to dom0 and make a backup on it for example. mounted or unmounted, qvm-block can't see it. So, can't attach it to any other cube. Is that how it's supposed to be? Think you missed a step. Did you see https://www.qubes-os.org/doc/secondary-storage/ ? I might have read too fast, too. If you want to attach the whole volume, it ought to work with qvm-block. Has to be unmounted from dom0. Maybe reboot? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2fcbaf7-5417-85d2-83cf-fad6a3e18613%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-block doesn't see a thin volume
'Crypto Carabao Group' via qubes-users wrote on 6/7/19 12:21 PM: Created a thin volume on a second hdd. Can use mount to attach it to dom0 and make a backup on it for example. mounted or unmounted, qvm-block can't see it. So, can't attach it to any other cube. Is that how it's supposed to be? Think you missed a step. Did you see https://www.qubes-os.org/doc/secondary-storage/ ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d3dd2fb-7bc9-1302-922d-961d59539886%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Want to install graphics card after QubesOS 4.0.1 is installed. Will there be problems?
'interested_in_QubesOS' via qubes-users wrote on 6/7/19 12:08 AM: The reason I want to do what the title of this post says is I want to dual boot, however my graphics card doesn't completely work without CSM and common wisdom says having that off for installing an OS for a UEFI machine will save me headache. I also can't change my default GPU, my UEFI changes it automatically depending on if my graphics card is sloted in. My plan: Step 1: Install Qubes OS 4.0.1 with CSM disabled and with no graphics card, Try it first with CSM enabled; reason being Qubes will install in GRUB mode without it so when you re-enable there wouldn't be a UEFI boot entry. Step 2; do the needed tasks (updating VM's, setting up anti-evil maid, ect.), Step 3; change CSM setting to enabled in UEFI menu, Add nouveau.modeset=0 somewhere in here (double-check my spelling). Step 4; insert my Nvidia graphics card in the first PCIe slot, Step 5; after all that start up my PC and install Nouveau drivers in dom0 if Qubes doesn't already have Nouveau drivers. Shouldn't need drivers if you do the modeset. Good plan or no? What sort of problem(s) could I come come across, if any? Dual-booting is a pain. I did it for a while on one of my machines and Windows kept breaking GRUB every major update. When you add the below hard drive, you might have to regenerate your Qubes UEFI boot entry. Search this list for efibootmgr if that happens. Unplugging my Windows install hard drive is probably a good idea. Agreed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d181d3e-cbb1-4926-1874-9492d2a3bf28%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qvm-block doesn't see a thin volume
Created a thin volume on a second hdd. Can use mount to attach it to dom0 and make a backup on it for example. mounted or unmounted, qvm-block can't see it. So, can't attach it to any other cube. Is that how it's supposed to be? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6sfv9dW7SH_SOg0yhUpdpNY9vhBXQ_Pa5-psyO_ZXizPPbTqPWxpNz8jNGn3eLUPYb20gzPFx6Y42TGjtp9n9P7BVU0bfDvR__xzD8yOzbs%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout. publickey - cryptocarabao@protonmail.ch - 0x3F7D5EFD.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
