[qubes-users] Making NetVMs follow their AppVMs
If I have a NetVM, called my-vpn-vm, that provides network to my-app-vm, my-vpn-vm will automatically start when I launch an application from my-app-vm. However, when my-app-vm shuts down, my-vpn-vm will stay running. Is there any way to: a) automatically shut down a NetVM when there are no more VMs connected to it? or b) automatically shut down a VM when a specific other VM is no longer running? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191128073150.GA2454%40danwin1210.me.
Re: [qubes-users] Shutting down a VM when applications close
On Wed, Nov 27, 2019 at 08:16:28AM -0500, Steve Coleman wrote: You can try this trick when starting your app/vm: dom0> qvm-run -a AppVM "resource-heavy-app;shutdown -h now" When the application closes the next command in line is the shutdown command, and the VM will simply exit. As long as the app does not background itself by forking a new process to demonize this will likely work. If in testing that command works for you, then you can create a specialized AppVM.desktop file, and set the Exec= entry to "resource-heavy-app;shutdown -h now". Once that is done then add that custom desktop file to your template VM in /usr/share/applications and you should then be able to add the application directly to your qubes menu for that specific VM. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191128020742.GA1253%40danwin1210.me.
Re: [qubes-users] Dom0 screencapture with cron
On Thu, 28 Nov 2019 00:06:33 -0500, wrote: I would liek to set a cron job that captures a shot of my whole screen. I have this script in cron.hourly, but it doesn't work. #!/bin/bash date=$((date '+%H%M%S)) import -window root /home/user/$date.png If I run $ import -window root /path/to/folder/screen.png as a user in dom0, then it works fine. Any suggestions? I think it has something to do with root not being able to access the full screen??? Thanks so much for any help, Arild Try replacing the command in the cron script, which runs as root with ... su --login user -c "import -window root /home/user/$date.png" Regards, Dave Hodgins -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/op.0byd8klpn7mcit%40hodgins.homeip.net.
[qubes-users] Dom0 screencapture with cron
I would liek to set a cron job that captures a shot of my whole screen. I have this script in cron.hourly, but it doesn't work. #!/bin/bash date=$((date '+%H%M%S)) import -window root /home/user/$date.png If I run $ import -window root /path/to/folder/screen.png as a user in dom0, then it works fine. Any suggestions? I think it has something to do with root not being able to access the full screen??? Thanks so much for any help, Arild -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab8d70ff-1344-4b9d-967e-5a919e223c60%40googlegroups.com.
Re: [qubes-users] Listing all available templates in a given repo
It looks as though the Debian 10 doc has been changed now, thanks. (perhaps
by coincidence, perhaps from reading my previous message).
The rpm -qa command worked for me. I guess you have more repositories
selected than I do, I only see the ones you listed with sizes. I don't have
any of the "(none)" ones.
I think it would be helpful to have a more clear list of templates
available *per repo* (either on a website like packages.ubuntu.com, or as a
command you can run that is recommended in the docs), but for now this
works out for what I need personally. Thanks.
On Thu, Nov 14, 2019 at 5:31 PM Charles Peters
wrote:
>
> On Tue, Nov 12, 2019 at 5:38 PM Dan Krol wrote:
>
>> Hello,
>>
>> *Caveat:* I'm fairly new to Qubes and Fedora.
>>
>> *Question:* How do I get a list of all available templates that I can
>> install under each repository? (i.e. "current", "testing", "community" etc)
>>
>
> I would also like to see a list of templates and other addons that could
> be shared by the community. A couple of examples of what could be shared
> by community:
> 1. Debian, Fedora and possibly other distros templates for various use
> cases.
> 2. alpha or experimental - Qubes-based SecureDrop Journalist Workstation
> environment for submission handling
> https://github.com/freedomofpress/securedrop-workstation
> 3. Prago provided his salt configurations for Firefox earlier today.
> https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/qubes-users/oStl_IGHuLQ/T56IxhxACAAJ
> 4. Backups to the local network unencrypted, or automated backups.
>
> What would the community like to see documented?
>
> What other tools, or website(s) can we build to provide gpg signed
> templates and addons?
>
> Debian and Ubuntu provide packages.debian.org and packages.ubuntu.com of
> the various versions. The information can also be obtained from command
> line tools, but the website is useful when looking for software and is
> built automatically from the repositories. I haven't found anything
> similar for Fedora, does something like it exist? It would be really cool
> to see qubes provide an automated site which shows the templates and the
> packages the template contains.
>
> *What I've tried (for what it's worth):*
>> * I can see my existing templates under `dnf list installed` in dom0.
>> However, `dnf list available` comes up mysteriously empty.
>>
>
> $ rpm -qa --queryformat '%{SIZE} %{NAME} \n'| grep template | sort -n
> (none) qubes-template-bionic-desktop
> (none) qubes-template-buster-gnome
> (none) qubes-template-fedora-30
> (none) qubes-template-fedora-30-xfce
> 1032734783 qubes-template-debian-10-minimal
> 1337344042 qubes-template-fedora-30-minimal
> 1588460952 qubes-template-whonix-gw-15
> 2176031506 qubes-template-whonix-ws-15
> 3099013352 qubes-template-bionic
> 3490724048 qubes-template-debian-10
>
> I have been trying to determine why some templates show none... And why I
> can't seem to see where the space is actually used by dom0, it seems to sym
> link to nothing.
>
>
> Chuck
>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAAWRcS_h9aqCK4f-2HajUxXm%3DLQSpQtLzO8oZeUgYJP7a-WG9A%40mail.gmail.com.
[qubes-users] Re: Resume issues with Qubes
Thanks for the reply. I do have a few devices attached to the sys-usb, and this worked well in the past. Only recently I started to see some AppVMS being randomly halted and due to the lack of logs I cannot isolate the issue. I'm experience this quite often, almost on every resume now. Given the limitations its becoming very annoying to put the laptop in suspend mode. Isn't there anything I can do to pin point the issue ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d5995a74c33ae979a5b16abbe27da15a%40disroot.org.
[qubes-users] Re: Fully Working Android VM for Qubes available? (2019)
Hi Alex. I installed android_x86_64-oreo-nogapps on the Toshiba encore-mini_WT7-C16 tablet. I like pure android. But I couldn't get the camera and sound to work. Can you help me? Where to get drivers and how to add them? неділя, 28 квітня 2019 р. 02:28:48 UTC+3 користувач alex.j...@gmail.com написав: > > On Wednesday, April 24, 2019 at 3:33:54 AM UTC, benz magdalena wrote: > > Android-x86 8.1 got released recently, > > > > the lagging mouse issues have been fixed but the main problem is the > > Android-x86 8.1 iso > > can not be installed cause it fails to detect the qubes virtual disks > > > > is there any 'easy' way to fix this error without compiling > > 160GB of data to change the config... > > > > any fully working iso available for download for qubes? > > > > > > how to solve this issue the easiest? > > > > > > thanks > > You need to fix not only installer scripts, but you need to rebuild kernel > as well. I think it's possible to rebuild only kernel and fix the installer > files and then repack the iso. > > I've uploaded the working Android 8.1 iso, but I don't recommend to use it > for security reasons and it's better to build the iso yourself: > https://drive.google.com/open?id=1Y4P77mlPPlXBzYrJ5yHJ7XM6gLVsQQm0 > > md5sum android_x86_64-oreo-nogapps.iso > b3af7a84820dd9fb32dd40c68f285993 android_x86_64-oreo-nogapps.iso > > sha1sum android_x86_64-oreo-nogapps.iso > 16e9bcf0da44929b223fc2ab1df97de0df26d9fb android_x86_64-oreo-nogapps.iso > sha256sum > > sha256sum android_x86_64-oreo-nogapps.iso > b7d9aa5f9c401202ea24b63e95bb0f38d1f981381a719257c1a2f526e0cf636f > android_x86_64-oreo-nogapps.iso > > sha512sum android_x86_64-oreo-nogapps.iso > 16f2666a20499f31472fc933a670c47070e0db14686b605b69254d054dcc63893b564e5a35e84e1daf7b7fd80f955a2834956a1bb029e93563b7d8c44787666b > > android_x86_64-oreo-nogapps.iso > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5cb9822a-d940-457a-9825-820f0f6dc3ec%40googlegroups.com.
[qubes-users] Re: Cron or systemd timers
Thanks, it's working. I'm not sure what I was doing wrong! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3071479d-b13b-4d6c-a26d-99a0c8edd0f8%40googlegroups.com.
Re: [qubes-users] Standalone VM (debian-9) doesn't boot anymore due to file system corruption
On Wed, Nov 27, 2019 at 12:40:26PM -0600, Sven Semmler wrote: > Once in the "emergency mode" I realized I got no skills here and wouldn't > know what to do. So I'll go an rebuild. *facepalm* ... I'll just restore my backup from Sunday. That'll be even faster. ;-) /Sven -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191127184411.GC1640%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] Standalone VM (debian-9) doesn't boot anymore due to file system corruption
On Wed, Nov 27, 2019 at 05:59:07PM +, 'awokd' via qubes-users wrote: > Sven Semmler: > > > Since I have two full days of work in that VM that I haven't pushed to the > > git server yet, my first impulse is to get my source code out of there to a > > safe place. I understand I can do that with qvm-block but I have no idea > > where to find the volume of the standalone VM (as opposed to the private > > volumes of template based VMs). > > > > * How do I mount the volume to retrieve my data? > > You should be able to mount it from /dev/mapper/VMNAME--root. You can > mount it directly in dom0. I think it is better to loop mount it to a > different VM, but I am not sure how to do that. Thank you! I used the instructions from https://www.qubes-os.org/doc/mount-lvm-image/ It turns out a standalone still has a --private volume in addition to the --root. So I had to mount the --private volume to get to my home directory. My files are save now! :-) > > > * Is there anything I can do to rescue this VM? Rebuilding it from scratch > > will cost me most of the day. > > "sudo xl console VMNAME" should let you connect interactively and > possibly repair. A possible root cause of your problem though is your > thin disk running out of space, which is a bigger problem than just the > VM. Check the disk widget to make sure you have sufficient free space. My disk is 38.8% utilized and I have 554GB free. Unless I fundamentally misunderstood you this means space is not the issue. Once in the "emergency mode" I realized I got no skills here and wouldn't know what to do. So I'll go an rebuild. Thank you again for the quick response and helping me recover my files! /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191127184026.GB1640%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] Standalone VM (debian-9) doesn't boot anymore due to file system corruption
Sven Semmler: > Since I have two full days of work in that VM that I haven't pushed to the > git server yet, my first impulse is to get my source code out of there to a > safe place. I understand I can do that with qvm-block but I have no idea > where to find the volume of the standalone VM (as opposed to the private > volumes of template based VMs). > > * How do I mount the volume to retrieve my data? You should be able to mount it from /dev/mapper/VMNAME--root. You can mount it directly in dom0. I think it is better to loop mount it to a different VM, but I am not sure how to do that. > * Is there anything I can do to rescue this VM? Rebuilding it from scratch > will cost me most of the day. "sudo xl console VMNAME" should let you connect interactively and possibly repair. A possible root cause of your problem though is your thin disk running out of space, which is a bigger problem than just the VM. Check the disk widget to make sure you have sufficient free space. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9595791c-354d-3185-126c-1b54a84f33e4%40danwin1210.me.
[qubes-users] Standalone VM (debian-9) doesn't boot anymore due to file system corruption
Hi! This morning I shutdown my Debian 9 Standalone VM "app-dev" to change the amount of RAM allocated to it. When I tried to restart it, I get the following error: app-dev: Cannot connect to qrexec agent for 60 seconds, see /var/log/xen/console/guest-app-dev.log for details So I did and these are the last few lines of that log file: [ 17.309359] EXT4-fs error (device xvda3): ext4_validate_block_bitmap:376: comm qubes-early-vm-: bg 18: bad block bitmap checksum [ 17.312367] EXT4-fs error (device xvda3): ext4_mb_generate_buddy:747: group 19, block bitmap and bg descriptor inconsistent: 11338 vs 11339 free clusters [.[0;32m OK .[0m] Started Early Qubes VM settings. [ 17.327458] JBD2: Spotted dirty metadata buffer (dev = xvda3, blocknr = 0). There's a risk of filesystem corruption in case of system crash. [.[0;32m OK .[0m] Started Raise network interfaces. [.[0;32m OK .[0m] Reached target Network. You are in emergency mode. After logging in, type "journalctl -xb" to view system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to try again to boot into default mode. Press Enter for maintenance Since I have two full days of work in that VM that I haven't pushed to the git server yet, my first impulse is to get my source code out of there to a safe place. I understand I can do that with qvm-block but I have no idea where to find the volume of the standalone VM (as opposed to the private volumes of template based VMs). * How do I mount the volume to retrieve my data? * Is there anything I can do to rescue this VM? Rebuilding it from scratch will cost me most of the day. /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191127175051.GA1640%40app-email-private. signature.asc Description: PGP signature
[qubes-users] How to diagnose webcam uptime issue
Hi folks,
I've been running Qubes as my main dev workstation (on a Lenovo T590) for a
good few months now and I've got nearly everything working as I need. The
final niggle is an intermittent webcam issue.
The webcam is recognised fine and I can assign it to my Qube just fine.
I can start a Google Meet session and everything's just dandy.
But after a while (10-20 mins?) Firefox will al of a sudden think it no
longer has a camera available and will no longer send video.
* The witness light on the camera is still on, so the laptop thinks
*something* is using it
* If I try to unmount the camera (it's listed as a USB device) via the
Qubes Devices systray icon I get an error saying "Detaching device ...
failed. Error: 'device 4-8 of class usb not attached to {qube-name}"
* I can restart my usb qube which clears the camera's witness light as well
as the qube mount, and I'm free to re-mount the camera to my qube again.
But Firefox still doesn't recognise it.
* After an hour or so, rebooting the usb qube does sort everything out and
I can use video in a Google Meet again.
Where can I start looking to diagnose what's going on?
Many thanks,
Martin Gladdish.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/4313f7f8-dd82-44ce-8a3b-83bc1e0f6aea%40googlegroups.com.
Re: [qubes-users] Shutting down a VM when applications close
On 2019-11-27 07:52, tetrahedra via qubes-users wrote: DispVMs shut down automatically when the launched application closes. Is it possible to enable this for certain applications in certain AppVMs as well? For example I may not want my "resource-heavy-apps-vm" to keep running after MemoryHungryApp closes, because that ties up half my system RAM. How would I configure "resource-heavy-apps-vm" to shutdown automatically when MemoryHungryApp closes? You can try this trick when starting your app/vm: dom0> qvm-run -a AppVM "resource-heavy-app;shutdown -h now" When the application closes the next command in line is the shutdown command, and the VM will simply exit. As long as the app does not background itself by forking a new process to demonize this will likely work. If in testing that command works for you, then you can create a specialized AppVM.desktop file, and set the Exec= entry to "resource-heavy-app;shutdown -h now". Once that is done then add that custom desktop file to your template VM in /usr/share/applications and you should then be able to add the application directly to your qubes menu for that specific VM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d13279eb-29d0-83d9-21d3-512bcdbe0e55%40jhuapl.edu.
[qubes-users] Shutting down a VM when applications close
DispVMs shut down automatically when the launched application closes. Is it possible to enable this for certain applications in certain AppVMs as well? For example I may not want my "resource-heavy-apps-vm" to keep running after MemoryHungryApp closes, because that ties up half my system RAM. How would I configure "resource-heavy-apps-vm" to shutdown automatically when MemoryHungryApp closes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191127125250.GA7681%40danwin1210.me.
[qubes-users] HCL - Dell Precision 5540
*Installation* - noexitboot and mapbs need to be commented out for the installation to work - BIOS has no option for legacy boot anymore, only UEFI - TPM 2.0 only - ... so no aem *Misc* USB-C Dockingstation from Dell works out of the box (WD19DC). Problems with suspend: After adding mem_sleep_default=deep to the kernel boot options it only works with Kernel Version 4.19.*82 *(not 81, 84 or 5.3.11, any hints to how I might be able to debug this are welcome!) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67c3ba8e-5526-4da5-823e-760ba4b1ecb9%40googlegroups.com. Qubes-HCL-Dell_Inc_-Precision_5540-20191127-105844.yml Description: Binary data
Re: [qubes-users] sys-net
> On 9/18/19 2:43 PM, unman wrote: > >> today I had a look in logs of my router, and discovered that it logs my > >> qubes machine as "sys-net". I did not change anything in my > >> "out-of-the-box" sys-net, so I presume that the observed behaviour is > >> common to all standard qubes installs. > >> Q: is it a wanted feature that all wireless networks immediately know > >> that I use qubes? I think that this is a bad idea, and that some "dummy > >> name" suggesting a standard linux system would be a better choice. > > You can change the dhcp-hostname in sys-net or disable sending it entirely. See the man pages for nm-settings and NetworkManager. Configuration files go in /etc/NetworkManager/conf.d/. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47NK8h1vHdz9rxK%40submission02.posteo.de.
[qubes-users] Modern laptops, Intel ME, and AEM
On Tue, Nov 26, 2019 at 01:05:08PM -0800, Lambda wrote: Lenovo's 2019 laptop is currently on sale and their CPU selection[1] includes: - i7-9750H: no vPro, No Out-of-Band Systems Management - i7-9850H: vPro, Intel ME Disabled [--] I'm aware that for AEM support I would need to have ME and TXT 1.2. But those CPUs have TPM 2.x What's the state of modern laptops when it comes to disabling ME and/or using anti-evil-maid features? The Lenovo X1 Carbon Gen 6 is "unofficially" the standard for Qubes developers, but only the (much older) X230 supports the HEADS Anti-Evil-Maid solution (which is different from Qubes AEM, and apparently better). (Coreboot is not supported on the Carbon Gen 6 as far as I know) Similarly I've read that the X230 is the last laptop where it's reasonable to disable Intel ME, but the above email suggests even much newer laptops are available without ME. For users who care about hardware security, do any modern laptops offer the capabilities of the older ones, or is "an upgrade necessarily a downgrade" in this case? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191127110801.GA7404%40danwin1210.me.
Re: [qubes-users] sys-net
On 9/18/19 2:43 PM, unman wrote: today I had a look in logs of my router, and discovered that it logs my qubes machine as "sys-net". I did not change anything in my "out-of-the-box" sys-net, so I presume that the observed behaviour is common to all standard qubes installs. Q: is it a wanted feature that all wireless networks immediately know that I use qubes? I think that this is a bad idea, and that some "dummy name" suggesting a standard linux system would be a better choice. Some Alternatives : Dont use NM - its' horrible anyway. I agree. But what are the (better) alternatives? Is there some qubes-specific doc online? Use a throwaway random name (like Windows-PC-2456) for whatever you use for sys-net. You can set up a simple script to do this each time you start your Qubes box,providing you have disabled relevant autostarts. I think this is best practice. Could you share such a script, please? Cheers, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bf18735b-5bed-ebda-6e28-78b51ff6cdf3%40web.de.
