[qubes-users] SplitGPG with Subkeys Encryption Error
I have a master private key (Certify Only) stored in Vault, separate Encryption and Sign secrete_subkeys generated in Vault and stored in networkless work-gpg. All public keys stored in a separate AppVM for 'qubes-gpg-client' command to access the work-gpg VM via the Split GPG protocol. I have succesfully tested signing and verifying text with my new key, and decrypting messages to my new key. My one issue has been encrypting messages to other keys: `export QUBES_GPG_DOMAIN=work-gpg` `cat InFile | qubes-gpg-client --encrypt --recipient RECIPIENT` Results in the error: >gpg: There is no assurance this key belongs to the named user >gpg: cannot open '/dev/tty': No such device or address Well, I can't sign the public key, that is a documented downside of SplitGPG with Subkeys. As for the second, I tried adding `no-tty` to ~/.gnupg/gpg.conf in work-gpg trying the above command again results in the new error: `EOF` with no change to the file. So I try a new approach: `export QUBES_GPG_DOMAIN=work-gpg` (I'll stop repeating this line so I don't annoy you all) `qubes-gpg-client --output OutFile --encrypt --recipient RECIPIENT InFile` Error: >Only '-' argument supported for --output option ^^I have no idea what that is about. So, remove the output file request and just attempt to write over: `qubes-gpg-client --encrypt --recipient RECIPIENT InFile` Error: >gpg: There is no assurance this key belongs to the names user >gpg: Sorry, no terminal at all requested - can't get input' Let's remove the conf line we added earlier, and run again: Error: >There is no assurance this key belongs to the named user >gpg: cannot open '/dev/tty': No such device or address' I give up! Does anyone have any idea what is going on here? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19c2623b-100b-4e7b-8618-d00f16dba464%40googlegroups.com.
[qubes-users] Installation failed to install several software and VMs
Yesterday, I downloaded and installed the Qubes OS 4.0.3 three times. Every time I installed, it lacks most of the basic software and VM like browsers, file managers. Even it didn't install personal, untrusted, work, sys-firewall, sys-net or any disposal VMs as displayed at the end of the installation guide. Hence, I couldn't figure out how to connect to the internet. Also, I encountered this error: [‘/usr/bin/qubes-prefs’,’default-template’,’fedora-30’] failed:stdout:”” > > stderr: “qubes-prefs:error: “No such domain:\’fedora-30\”” > > Can anyone give me the solution and reason why is it so? I'd also followed some videos and I did exactly the same but my result was totally different and worthless. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3dcd99b6-030b-4768-a2c5-223312ffd7e5%40googlegroups.com.
Re: [qubes-users] Dividing Qubes Into Separate Networks (FAILED)
> If you still have a problem, then report back with details of what you I have tried the following ways. All failed. (Ignore the discrepancies between interface names and commands. I copied them from the article I used.) METHOD #1 # ip link add link eth0 name eth0.5 type vlan id 5 # ip link # ip -d link show eth0.5 # ip addr add 192.168.1.200/24 brd 192.168.1.255 dev eth0.5 # ip link set dev eth0.5 up METHOD #2 # vconfig add eth0 5 # ifconfig eth0.5 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 up I can see that there are frames moving but it is not connecting to the network sudo cat /proc/net/vlan/ens6.5 ens6.5 VID: 5 REORDER_HDR: 1 dev->priv_flags: 1001 total frames received0 total bytes received0 Broadcast/Multicast Rcvd0 total frames transmitted 23 total bytes transmitted 1986 Device: ens6 INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0 EGRESS priority mappings: METHOD #3 Add VLAN through the GUI Advanced Network Manager This is what I see on the switch: May 15 19:15:33 UBNT daemon.notice switch: TRAPMGR: Link Down: 0/6 May 15 19:15:33 UBNT daemon.info switch: DOT1S: Port (6) inst(0) role changing from ROLE_DESIGNATED to ROLE_DISABLED May 15 19:15:36 UBNT daemon.notice switch: TRAPMGR: Link Up: 0/6 May 15 19:15:36 UBNT daemon.info switch: DOT1S: Port (6) inst(0) role changing from ROLE_DISABLED to ROLE_DESIGNATED I'm attaching the last 200 lines from the journalctl -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/SUT3j4wnlDSkdZcoaFvXT--aF6iXLLLWYpLeQe5kJeRRGAjVlwFe4AzPTRrF3AcpbLidRtKh4gCDELSPOKu5pd02JHYs3JKSYO5Zv3Sb1Lc%3D%40protonmail.com. May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6007] dhcp4 (ens6): request timed out May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6007] dhcp4 (ens6): state changed unknown -> timeout May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6042] dhcp4 (ens6): canceled DHCP transaction May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6043] dhcp4 (ens6): state changed timeout -> done May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6048] device (ens6): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6068] manager: NetworkManager state is now CONNECTED_LOCAL May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6105] device (ens6): Activation: failed for connection 'Wired connection 1' May 15 19:16:05 pentest-gw NetworkManager[475]: [1589584565.6118] device (ens6): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') May 15 19:16:05 pentest-gw kernel: IPv6: ADDRCONF(NETDEV_UP): ens6: link is not ready May 15 19:16:10 pentest-gw kernel: igb :00:06.0 ens6: igb: ens6 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX May 15 19:16:10 pentest-gw kernel: IPv6: ADDRCONF(NETDEV_CHANGE): ens6: link becomes ready May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5155] device (ens6): carrier: link connected May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5165] device (ens6.5): carrier: link connected May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5172] policy: auto-activating connection 'Wired connection 1' (f3b8cbdc-ef05-39c7-9451-37d6e68b43c5) May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5193] device (ens6): Activation: starting connection 'Wired connection 1' (f3b8cbdc-ef05-39c7-9451-37d6e68b43c5) May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5197] device (ens6): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5213] manager: NetworkManager state is now CONNECTING May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5221] device (ens6): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5284] device (ens6): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') May 15 19:16:10 pentest-gw NetworkManager[475]: [1589584570.5315] dhcp4 (ens6): activation: beginning transaction (timeout in 45 seconds) May 15 19:16:15 pentest-gw kernel: igb :00:06.0 ens6: Reset adapter May 15 19:16:18 pentest-gw xdg-desktop-por[930]: Failed to get application states: GDBus.Error:org.freedesktop.portal.Error.Failed: Could not get window list: Cannot invoke method; proxy is for the well-known name org.gnome.Shell without an owner, and proxy was constructed with the
Re: [qubes-users] Hallo, es kann langsam losgehen mit Qubes Deutschland Forum, sowie mit der Software Übersetzung in deutsche Sprache
On Fri, May 15, 2020 at 10:27:06AM -0700, wirsindei...@gmail.com wrote: Hallo liebe Mädels und Jungs, das ist jetzt mein Qubes Forum in deutsche Sprache. https://qubes-deutschland-forum.gegenseitige-hilfe.org/index.php Bitte schaut mal rein und sagt mir, was man noch verbessern bzw. umsetzen kann. Ihr könnt euere Verbesserungsvorschläge hier reinschreiben. https://qubes-deutschland-forum.gegenseitige-hilfe.org/viewforum.php?f=138 Verbesserungsvorschlag: email-liste statt Webforum! Oder mindestens Discourse (was beides macht) (ich, vermutlich auch andere, finde es viel leichter Updates per Mail zu bekommen) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200515182324.GB1086%40danwin1210.me.
[qubes-users] Desktop disappeared
Hi fellas, I installed a new ram module to my computer and once turned on the pc, now my desktop (wallpaper + shortcuts) is missing and all I see is a grey screen. What to do? thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57c7ef0f-db9d-4cf4-8d77-d2219f69edc7%40googlegroups.com.
Re: [qubes-users] Salt worm
On Fri, May 08, 2020 at 02:29:02PM +0100, unman wrote: If there is a basic writeup out there with examples how to automate tempalte setup for Qubes ... that would be really great. I ran some training a few years back, and the notes are here: https://github.com/unman/notes/tree/master/salt Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200515181443.GA1086%40danwin1210.me.
[qubes-users] Hallo, es kann langsam losgehen mit Qubes Deutschland Forum, sowie mit der Software Übersetzung in deutsche Sprache
Hallo liebe Mädels und Jungs, das ist jetzt mein Qubes Forum in deutsche Sprache. https://qubes-deutschland-forum.gegenseitige-hilfe.org/index.php Bitte schaut mal rein und sagt mir, was man noch verbessern bzw. umsetzen kann. Ihr könnt euere Verbesserungsvorschläge hier reinschreiben. https://qubes-deutschland-forum.gegenseitige-hilfe.org/viewforum.php?f=138 In diesem Teilbereich soll die Übersetzung gemacht werden, so dass man etwas getrennt ist, von Hardware und Software Probleme. https://qubes-deutschland-forum.gegenseitige-hilfe.org/viewforum.php?f=12 Hier kommt alles zum Thema Qubes rein, ohne Übersetzung! https://qubes-deutschland-forum.gegenseitige-hilfe.org/viewforum.php?f=122 Dieser Bereich ist für Hardware Probleme https://qubes-deutschland-forum.gegenseitige-hilfe.org/viewforum.php?f=14 Dieser Bereich ist für Softwareanwendungsprobleme https://qubes-deutschland-forum.gegenseitige-hilfe.org/viewforum.php?f=41 Gruß -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ef3ebb53-1860-4394-8c2c-624bcf5dec05%40googlegroups.com.
Re: [qubes-users] using salt - how to debug?
On Thu, May 14, 2020 at 10:15:32PM +0100, lik...@gmx.de wrote: > Hi! > > I'm trying to get salt examples running but failing at the simplest one. > > I've a enabled top-file: > > base: > dom0: > - doSmth > > AppVmTobeChanged: > - doSmthDifferent > - > top file was enabled by: qubesctl top.enable ... > > But "doSmthDifferent" will never be executed, when I call: qubesctl > --show-output state.highstate > > Any hints where to look at? How to debug it? > > Current references: > https://www.qubes-os.org/doc/salt/ > https://github.com/unman/notes/blob/master/salt/Index > > Best, P > You haven't included AppVmTobeChanged as a target: qubesctl --show-output --targets=AppVmTobeChanged state.highstate You should check that you aren't getting a mistaken dom0 call. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200515133137.GF20833%40thirdeyesecurity.org.
Re: [qubes-users] HCL search facility
On Friday, 15 May 2020 14:13:18 UTC+1, unman wrote: > > On Thu, May 14, 2020 at 12:30:11PM -0700, Andrew Sullivan wrote: > > Good evening > > > > Is there a way to search the HCL? If not, could such a function be > provided? The list is long, and presumably will get longer, so it would > save a lot of scrolling. > > > > Just a thought. > > > > / > Ctrl+F > > ;-) > Doh... Simples! Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d48de0d7-2ed1-4e62-82c8-e34fd23c184a%40googlegroups.com.
Re: [qubes-users] HCL search facility
On Thu, May 14, 2020 at 12:30:11PM -0700, Andrew Sullivan wrote: > Good evening > > Is there a way to search the HCL? If not, could such a function be provided? > The list is long, and presumably will get longer, so it would save a lot of > scrolling. > > Just a thought. > / Ctrl+F ;-) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200515131315.GD20833%40thirdeyesecurity.org.
Re: [qubes-users] Qubes and Salt question
On Thu, May 14, 2020 at 06:29:15PM +0200, onelovecisco via qubes-users wrote: > Hello, Qubes Community! > > Can you help me how to correctly use Salt in dom0 for automate tasks. > For example, i need to clone debian-10 template and install toolchain on it. > > apt install -y \ > build-essential \ > zlib1g-dev uuid-dev libdigest-sha-perl \ > libelf-dev \ > bc \ > bzip2 \ > bison \ > flex \ > git \ > gnupg \ > iasl \ > m4 \ > nasm \ > patch \ > python \ > wget \ > gnat \ > cpio \ > ccache \ > pkg-config \ > cmake \ > libusb-1.0-0-dev \ > pkg-config \ > texinfo \ > > Qubes Salt files stored at /srv folder as root. > where do i need to put my custom *.sls files?and how launch it use qubesctl > from dom0? > Thanks. You can create folder within /srv/salt and put files there - reference them as .: qubesctl state.apply . If you prefer not to use /srv/salt you can run: `qubesctl state.apply qubes.user-dirs` which will create a usable "user_" structure under /srv -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200515130447.GB20833%40thirdeyesecurity.org.
Re: [qubes-users] How to find which AppVM launched particular DispVM?
Awesome, thanks a lt! I needed it for my time tracker, if anyone is interested: https://github.com/Kixunil/ttt Going to implement it soon. pi 15. 5. 2020 o 13:50 Rusty Bird napísal(a): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Martin Habovštiak: > > I'd love to query from command line which AppVM called an RPC (`qvm-run > > --dispvm`) that caused particular dispvm (of which I have the name) to > > start. > > It's brittle but this seems to work alright in R4.0: > > $ pgrep -af "^/usr/lib/qubes/qrexec-client -d disp1234 " | sed 's/.* > //' > > Rusty > -BEGIN PGP SIGNATURE- > > iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAl6+gepfFIAALgAo > aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 > QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv > Kt8Ibw//TGog058CMjnnX2h/oWY7bTpfZmupgnqk9TioM5FO5QrSGGzVJCC+7cE5 > aCuAXj/KXL0EmCvFyj/jtU5xRb+TVh+tIf4iLEgBzqzozz1OnFn5Pq0yBcZblKT6 > I0pDsu0pspjRcgYIDULjG8+Q5i6acMxUiNCyhwQ0I50b/14JEIf1PccMKAQ1wQnB > GhLO2yXq9JsihlrpLkFqbdAG/7E2QA0GEbWLaOW3kbEGFttKTVRG3hJ6mFkvmi3o > BiXIsnerU7TXwpq/GRJeES1wmpRDNZkh7E2K6c3BD8u6xs5CpOP0zTaRdkdWojS6 > SaRATNIXqvzUmOqU4CtAkKh4cxy5UxoKODl0t6E5Te2Kgfl1iTsq2LPG5Ayl56Ov > ldGzLmBQnWZtjZp4//+uFGIlbUseJbP5mneaz6YEBCvy7EvlWiLpSJR7l/84/s9h > 8oOrKQJbzbXrRQDK6mOZCxtsRuxNh399r7ozNQ0nVOlV9zF+50qpaRESesKamhaX > 5PruW8qd+tF3zp04aJN0RtZsb3oLDkRVapDbY8Ta5u+GkyGJZsFSexkkMxoAawBe > 8hrvhW9SRPzbJq8qzkwu9qUWJ3xgSENpuMSMMlU4vCtbXgsFX1e1MxD2pz7LSbhZ > cBVMZqyNNJilEYFqwiZERMat8toLd+zl9GgYGK8kGHekC9HQdNI= > =9Tzu > -END PGP SIGNATURE- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CALkkCJa%3De0JcR6v5XkuKaDLLarp5PwZz2XCNUxMUAaBuAkr%2Bdg%40mail.gmail.com.
Re: [qubes-users] How to find which AppVM launched particular DispVM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Martin Habovštiak: > I'd love to query from command line which AppVM called an RPC (`qvm-run > --dispvm`) that caused particular dispvm (of which I have the name) to > start. It's brittle but this seems to work alright in R4.0: $ pgrep -af "^/usr/lib/qubes/qrexec-client -d disp1234 " | sed 's/.* //' Rusty -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAl6+gepfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv Kt8Ibw//TGog058CMjnnX2h/oWY7bTpfZmupgnqk9TioM5FO5QrSGGzVJCC+7cE5 aCuAXj/KXL0EmCvFyj/jtU5xRb+TVh+tIf4iLEgBzqzozz1OnFn5Pq0yBcZblKT6 I0pDsu0pspjRcgYIDULjG8+Q5i6acMxUiNCyhwQ0I50b/14JEIf1PccMKAQ1wQnB GhLO2yXq9JsihlrpLkFqbdAG/7E2QA0GEbWLaOW3kbEGFttKTVRG3hJ6mFkvmi3o BiXIsnerU7TXwpq/GRJeES1wmpRDNZkh7E2K6c3BD8u6xs5CpOP0zTaRdkdWojS6 SaRATNIXqvzUmOqU4CtAkKh4cxy5UxoKODl0t6E5Te2Kgfl1iTsq2LPG5Ayl56Ov ldGzLmBQnWZtjZp4//+uFGIlbUseJbP5mneaz6YEBCvy7EvlWiLpSJR7l/84/s9h 8oOrKQJbzbXrRQDK6mOZCxtsRuxNh399r7ozNQ0nVOlV9zF+50qpaRESesKamhaX 5PruW8qd+tF3zp04aJN0RtZsb3oLDkRVapDbY8Ta5u+GkyGJZsFSexkkMxoAawBe 8hrvhW9SRPzbJq8qzkwu9qUWJ3xgSENpuMSMMlU4vCtbXgsFX1e1MxD2pz7LSbhZ cBVMZqyNNJilEYFqwiZERMat8toLd+zl9GgYGK8kGHekC9HQdNI= =9Tzu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200515115002.GA1384%40mutt.
