Re: [qubes-users] Fresh Install of Qubes 4.0.3 - No Wi-fi on sys-net with Intel Wireless-AC 9462 Card

[Jarrah]

> Hi All,

Hi,

> As a complete novice who has never even touched Linux before, I read 
> through the introductory documentation and finally through the install 
> guide. Then I performed a fresh install of Qubes 4.0.3 on a an ASUS ZenBook 
> Flip 15 UX562FA directly over Win10. Everything went well during the 
> installation. Only suspects were:
>
>1. installer claimed the SSD was full and that space needed to be 
>reclaimed
>   1. Reclaimable space was the Win10 OS partition, the Win10 Recovery 
>   Partition and the UEFI Partition
>   2. I deleted only the OS and the Recovery partitions while leaving 
>   the UEFI partition intact (with fears that if deleted I would mess up 
> the 
>   bootloader) 

Qubes would have replaced the UEFI partition had you done this. But it
seems everything to this point is working fine.

>1. After install, I rebooted
>2. I get the Failed to Load Kernel error during the boot sequence
>3. Though that threw me off, boot sequence continued and asked for SSD 
>password (no GUI just the terminal).
>4. Then proceeded to enter the user password and went into qubes OS
>5. Noticed there NetworkManager Applet displays red indicating No 
>Network Devices Available

In Qubes, these icons are coloured to the VM they come from. Sys-net's
icons will always be red. But there is a small x in the corner when they
are not connected.You should still be able to left click the icon to set
up WiFi. If that doesn't work, right click and ensure both networking
and WiFi are enabled.

>1. Not sure if the applet is looking for an Ethernet card as the laptop 
>   does not have an ethernet card installed. It only has the Wireless card.
>   2. Also not sure this is the issue.
>   
> The wireless card is an Intel Wireless-AC 9462 which is supported in 
> Kernels 4.14+
Have a look at https://github.com/QubesOS/qubes-issues/issues/5615 and
the recent mail to this list under the subject "[qubes-users] X1 Carbon
Gen 8". Other people are having (now somewhat worked around) issues with
this card.
>
> With my very limited troubleshooting abilities I have managed to confirmed 
> the following:
>
>1. sys-net has the Network Controller under Qube Settings > Devices
>   1. qvm-pci command in dom0 also shows the device being used by sys-net
>   2. lspci -v command in sys-net lists the wireless card with all its 
>information
>   1. except for "capabilities" which shows "" - not sure 
>   if this is a problem.
>   3. I can also confirm that the Fedora 30 TemplateVM has the same 
>iwlwifi-9000-pu-b0-jf-34.ucode firmware file in lib/firmware/from the 
> Intel 
>Website's iwlwifi-9000-pu-b0-jf-34.618819.0.tgz firmware package 
>   1. The other two file from that package LICENSE.iwlwifi-9000.ucode 
>   and README.iwlwifi-9000.ucode files are not present in /lib/firmware/. 
> (I 
>   tried to copy them from QubesIncoming/sys-usb into the lib/firmware/ 
> using 
>   the GUI but got an access denied error) - not sure if this is a problem.

This tells me that Qubes has set up sys-net correctly (WiFi card passed
through). You will need root privileges to get to those items. Try the
same command with `sudo` prefixed.

>   
> I have tried the following:
>
>1. Tried to go to Qubes Manager > sys-net > settings to check on wifi 
>networks but  settings dialog does not open

If left clicking on the Network Manager Applet doesn't give you anything
useful, try running the command `nm-connection-editor` from sys-net
terminal.

It's odd that the settings did not open, but that settings panel
controls the VM (Qube), rather than settings within the VM.

>2. Cannot ping www.google.com or 8.8.8.8 from sys-net
>3. I also installed the whonix option
>   1. Switching the sys-net template to whonix did not work
>   4. Switching sys-net to the Debian template does not work
>   1. haven't downloaded or installed any files post install on that 
>   template
>
> I was really hoping it was a firmware issue with the wireless card but it 
> does not seem to be the case, and so I am pretty clueless as to what else 
> it could be. 
>
> If you see an issue with my install procedure or any red flags from my 
> observations, or if you have any idea of how to get wifi going it would be 
> greatly appreciated. 

Your install and troubleshooting seem pretty good. This seems to just be
a qubes context thing. Have a go at the above and let us know whether
you can get connected.

> I love the idea of using Qubes as my main driver and learning about 
> configuring it and all. But unfortunately without wifi it's pretty useless
>
> thanks!
> Ivan M

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the 

[qubes-users] Fresh Install of Qubes 4.0.3 - No Wi-fi on sys-net with Intel Wireless-AC 9462 Card

[Ivan M Lugo]

Hi All,

As a complete novice who has never even touched Linux before, I read 
through the introductory documentation and finally through the install 
guide. Then I performed a fresh install of Qubes 4.0.3 on a an ASUS ZenBook 
Flip 15 UX562FA directly over Win10. Everything went well during the 
installation. Only suspects were:

   1. installer claimed the SSD was full and that space needed to be 
   reclaimed
  1. Reclaimable space was the Win10 OS partition, the Win10 Recovery 
  Partition and the UEFI Partition
  2. I deleted only the OS and the Recovery partitions while leaving 
  the UEFI partition intact (with fears that if deleted I would mess up the 
  bootloader) 
   

   1. After install, I rebooted
   2. I get the Failed to Load Kernel error during the boot sequence
   3. Though that threw me off, boot sequence continued and asked for SSD 
   password (no GUI just the terminal).
   4. Then proceeded to enter the user password and went into qubes OS
   5. Noticed there NetworkManager Applet displays red indicating No 
   Network Devices Available


   1. Not sure if the applet is looking for an Ethernet card as the laptop 
  does not have an ethernet card installed. It only has the Wireless card.
  2. Also not sure this is the issue.
  
The wireless card is an Intel Wireless-AC 9462 which is supported in 
Kernels 4.14+

With my very limited troubleshooting abilities I have managed to confirmed 
the following:

   1. sys-net has the Network Controller under Qube Settings > Devices
  1. qvm-pci command in dom0 also shows the device being used by sys-net
  2. lspci -v command in sys-net lists the wireless card with all its 
   information
  1. except for "capabilities" which shows "" - not sure 
  if this is a problem.
  3. I can also confirm that the Fedora 30 TemplateVM has the same 
   iwlwifi-9000-pu-b0-jf-34.ucode firmware file in lib/firmware/from the Intel 
   Website's iwlwifi-9000-pu-b0-jf-34.618819.0.tgz firmware package 
  1. The other two file from that package LICENSE.iwlwifi-9000.ucode 
  and README.iwlwifi-9000.ucode files are not present in /lib/firmware/. (I 
  tried to copy them from QubesIncoming/sys-usb into the lib/firmware/ 
using 
  the GUI but got an access denied error) - not sure if this is a problem.
  
I have tried the following:

   1. Tried to go to Qubes Manager > sys-net > settings to check on wifi 
   networks but  settings dialog does not open
   2. Cannot ping www.google.com or 8.8.8.8 from sys-net
   3. I also installed the whonix option
  1. Switching the sys-net template to whonix did not work
  4. Switching sys-net to the Debian template does not work
  1. haven't downloaded or installed any files post install on that 
  template
   
I was really hoping it was a firmware issue with the wireless card but it 
does not seem to be the case, and so I am pretty clueless as to what else 
it could be. 

If you see an issue with my install procedure or any red flags from my 
observations, or if you have any idea of how to get wifi going it would be 
greatly appreciated. 

I love the idea of using Qubes as my main driver and learning about 
configuring it and all. But unfortunately without wifi it's pretty useless

thanks!
Ivan M

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d94268f-9108-4811-88c7-0cd759e45cdbn%40googlegroups.com.

[qubes-users] Re: Announcement: New community forum for Qubes OS users!

[54th Parallel]

On Friday, 21 August 2020 at 01:21:11 UTC+8 a...@qubes-os.org wrote:

> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA512 
>
> Dear Qubes community, 
>
> We're pleased to announce the launch of a new forum for Qubes OS users: 
>
> https://qubes-os.discourse.group 
>
> This is an official user forum where you can ask questions, get help, 
> share tips and experiences, and more! For a long time, members of our 
> community have sought a privacy-respecting forum experience with modern 
> features that traditional mailing lists do not support. The open-source 
> Discourse [1] platform fills this need for us, as it does for many other 
> open-source projects. Thanks to their generous free hosting for open 
> source projects [2], we're pleased to be able to create this space for 
> our community. 
>
>
> Why create a forum now? 
> === 
>
> Previously, the only option for a forum-like experience was to interact 
> with our mailing lists via Google Groups, but we understand all too well 
> that the privacy implications and user experience were unacceptable for 
> many members of our community, especially with the recent addition of a 
> sign-in requirement to view threads. Many of you value the lower barrier 
> to entry, organization, ease-of-use, and modern social features that 
> today's forums support. Moreover, Discourse features email integration 
> for those who still prefer the traditional mailing list format. 
>
>
> How is this different from our mailing lists? 
> = 
>
> To be clear, this is *not* a replacement for our mailing lists [3] (such 
> as qubes-users and qubes-devel), which will continue on as they are. 
> This new forum is simply an *additional* place for discussion. Certain 
> types of discussions naturally lend themselves more to mailing lists or 
> to forums, and different types of users prefer different venues. We've 
> heard from some users who find the mailing lists to be a bit 
> intimidating or who may feel that their message isn't important enough 
> to merit creating a new email that lands in thousands of inboxes. Others 
> want more selective control over topic notifications. Some users simply 
> appreciate the ability to add a "reaction" to a message instead of 
> having to add an entirely new reply. Whatever your reasons, it's up to 
> you to decide where and how you want to join the conversation. 
>
>
> Will this split the community? 
> == 
>
> Many open-source projects (such as Fedora and Debian) have both mailing 
> lists and forums (and additional discussion venues). In fact, Qubes 
> already has non-mailing-list discussion venues such as IRC [4] and 
> Reddit [5]. We believe that this additional venue will foster the 
> continued growth of community participation and improve everyone's 
> experience. In addition, we fully expect that many community members -- 
> especially the most active ones -- will choose to participate in both 
> venues. (Again, for those who still prefer interacting via email, 
> Discourse supports that too!) 
>
> - - 
>
> Special thanks to Michael Carbone for spearheading the creation of this 
> forum and to deeplow who, as our first forum administrator, has done 
> much of the legwork to help get it looking good and working well! 
>
>
> [1] https://www.discourse.org/ 
> [2] https://blog.discourse.org/2018/11/free-hosting-for-open-source-v2/ 
> [3] https://www.qubes-os.org/support/ 
> [4] https://www.qubes-os.org/support/#unofficial-chat-channels 
> [5] https://www.reddit.com/r/Qubes/ 
>
> This announcement is also available on the Qubes website: 
>
> https://www.qubes-os.org/news/2020/08/20/new-community-forum-for-qubes-os-users/
>  
>
> - -- 
> Andrew David Wong (Axon) 
> Community Manager, Qubes OS 
> https://www.qubes-os.org 
>
> -BEGIN PGP SIGNATURE- 
>
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl8+sPQACgkQ203TvDlQ 
> MDDYTxAApehnwrpqFCoadx3Cmcu2llDOYbV5CuCjQFj7aMwGg2Gq3TWuugiXFjQ1 
> z6uW+asPIEvCu4XxP5K9FfVYiSF1bqLTEGomib0npapNMM1ZbULUoSU2EoACz8OS 
> BpYxgrcX1YyN8/3qQ2N2a3yRe+c0XBD72CJQ2sPu/U+xaTRKZgW6saI5Y/jpwxb7 
> WKQR0Mc9Y2vP6GRNb5ICcCNelS9fUiBJPaGQBJX7XRyAcW1y0hvF6dBZpdG70TDF 
> DN0ddhSbYQnv0aHjNnU5ajU81PZWpr5ZqK8ObZwlU/Br8ZznNlApf2ATk73x/5up 
> eMhwGqDMebJPKaIUPUEKb1FWdObKtW9TvRxhb+yybDkI4Gtfj0fIO5SfJrJ5Ud94 
> Vyt4TJfqyI4RmCpKfv3QXM3DnjKbjD0yAThVVnphqD9s+NIVSVi7K0LWGxLcX6TS 
> vCTouzWkPCrNxMylCf8M4v3V4uUJ9b8AQA3iF/v+a2tKzPveK4+mOF590918YGYE 
> CxwlrOKzb0Ecpl/LzdcrX+jq4j+Zj+B0evLc3ZbaTp+Bfr6gihOnocL/1YjHwGPU 
> 6PSJ4lYHzZzZotPaaJ1tmZtSGIkK2d7mmJBPDCSG2gSMS0QL474ObfKjAvolQ9ph 
> ZKMhEME8YbHje+X/nyxTcgO4GAoLyuPeYuDIkjmXzD0hGYFnKYA= 
> =ngAL 
> -END PGP SIGNATURE- 
>

Thanks for acting so quickly. I'll be on Discourse as 'fiftyfourthparallel'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 

Re: [qubes-users] Signal app doesn't start (Fedora)

[Qubes]

On 8/20/20 7:50 PM, 'Crowphale' via qubes-users wrote:

Within the fedora-31 template, I installed Signal[1] messaging app, using Copr:

sudo dnf copr enable luminoso/Signal-Desktop

sudo dnf install signal-desktop

Then, I enabled Signal in "personal" domain, and restarted. However, when I try 
to start Signal using the GUI, nothing happens.

Is there a way to start an app using commandline or somehow so that I can see 
some sort of debug log so that I can figure out what's going on?

Thank you very much for any tips.
-Crowphale

Sent with [ProtonMail](https://protonmail.com) Secure Email.

You should be able to start Signal from a terminal in your AppVM which 
should provide output if there is any.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d2342eb-d7de-4a88-b385-9dd905dfa76d%40ak47.co.za.

[qubes-users] Signal app doesn't start (Fedora)

['Crowphale' via qubes-users]

Within the fedora-31 template, I installed Signal[1] messaging app, using Copr:

sudo dnf copr enable luminoso/Signal-Desktop

sudo dnf install signal-desktop

Then, I enabled Signal in "personal" domain, and restarted. However, when I try 
to start Signal using the GUI, nothing happens.

Is there a way to start an app using commandline or somehow so that I can see 
some sort of debug log so that I can figure out what's going on?

Thank you very much for any tips.
-Crowphale

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a8xjfBT11PUPxIfMX1PevvIBJ12QRmgvv-dNDfR_V2vhZHEkVEc_4O_ADsewtP1IgGeEwUGtCqAlum4cCSiazXICisSnv3n7tkzEHXyGmGA%3D%40protonmail.com.

[qubes-users] Announcement: New community forum for Qubes OS users!

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes community,

We're pleased to announce the launch of a new forum for Qubes OS users:

https://qubes-os.discourse.group

This is an official user forum where you can ask questions, get help,
share tips and experiences, and more! For a long time, members of our
community have sought a privacy-respecting forum experience with modern
features that traditional mailing lists do not support. The open-source
Discourse [1] platform fills this need for us, as it does for many other
open-source projects. Thanks to their generous free hosting for open
source projects [2], we're pleased to be able to create this space for
our community.


Why create a forum now?
===

Previously, the only option for a forum-like experience was to interact
with our mailing lists via Google Groups, but we understand all too well
that the privacy implications and user experience were unacceptable for
many members of our community, especially with the recent addition of a
sign-in requirement to view threads. Many of you value the lower barrier
to entry, organization, ease-of-use, and modern social features that
today's forums support. Moreover, Discourse features email integration
for those who still prefer the traditional mailing list format.


How is this different from our mailing lists?
=

To be clear, this is *not* a replacement for our mailing lists [3] (such
as qubes-users and qubes-devel), which will continue on as they are.
This new forum is simply an *additional* place for discussion. Certain
types of discussions naturally lend themselves more to mailing lists or
to forums, and different types of users prefer different venues. We've
heard from some users who find the mailing lists to be a bit
intimidating or who may feel that their message isn't important enough
to merit creating a new email that lands in thousands of inboxes. Others
want more selective control over topic notifications. Some users simply
appreciate the ability to add a "reaction" to a message instead of
having to add an entirely new reply. Whatever your reasons, it's up to
you to decide where and how you want to join the conversation.


Will this split the community?
==

Many open-source projects (such as Fedora and Debian) have both mailing
lists and forums (and additional discussion venues). In fact, Qubes
already has non-mailing-list discussion venues such as IRC [4] and
Reddit [5]. We believe that this additional venue will foster the
continued growth of community participation and improve everyone's
experience. In addition, we fully expect that many community members --
especially the most active ones -- will choose to participate in both
venues. (Again, for those who still prefer interacting via email,
Discourse supports that too!)

- -

Special thanks to Michael Carbone for spearheading the creation of this
forum and to deeplow who, as our first forum administrator, has done
much of the legwork to help get it looking good and working well!


[1] https://www.discourse.org/
[2] https://blog.discourse.org/2018/11/free-hosting-for-open-source-v2/
[3] https://www.qubes-os.org/support/
[4] https://www.qubes-os.org/support/#unofficial-chat-channels
[5] https://www.reddit.com/r/Qubes/

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2020/08/20/new-community-forum-for-qubes-os-users/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl8+sPQACgkQ203TvDlQ
MDDYTxAApehnwrpqFCoadx3Cmcu2llDOYbV5CuCjQFj7aMwGg2Gq3TWuugiXFjQ1
z6uW+asPIEvCu4XxP5K9FfVYiSF1bqLTEGomib0npapNMM1ZbULUoSU2EoACz8OS
BpYxgrcX1YyN8/3qQ2N2a3yRe+c0XBD72CJQ2sPu/U+xaTRKZgW6saI5Y/jpwxb7
WKQR0Mc9Y2vP6GRNb5ICcCNelS9fUiBJPaGQBJX7XRyAcW1y0hvF6dBZpdG70TDF
DN0ddhSbYQnv0aHjNnU5ajU81PZWpr5ZqK8ObZwlU/Br8ZznNlApf2ATk73x/5up
eMhwGqDMebJPKaIUPUEKb1FWdObKtW9TvRxhb+yybDkI4Gtfj0fIO5SfJrJ5Ud94
Vyt4TJfqyI4RmCpKfv3QXM3DnjKbjD0yAThVVnphqD9s+NIVSVi7K0LWGxLcX6TS
vCTouzWkPCrNxMylCf8M4v3V4uUJ9b8AQA3iF/v+a2tKzPveK4+mOF590918YGYE
CxwlrOKzb0Ecpl/LzdcrX+jq4j+Zj+B0evLc3ZbaTp+Bfr6gihOnocL/1YjHwGPU
6PSJ4lYHzZzZotPaaJ1tmZtSGIkK2d7mmJBPDCSG2gSMS0QL474ObfKjAvolQ9ph
ZKMhEME8YbHje+X/nyxTcgO4GAoLyuPeYuDIkjmXzD0hGYFnKYA=
=ngAL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16224df5-1ddb-2dad-f870-182f230d5867%40qubes-os.org.

[qubes-users] X1 Carbon Gen 8

[D. J. Bernstein]

I'm installing Qubes 4.0.3 on a new Lenovo ThinkPad X1 Carbon Gen 8.
Almost working, but still one problem described below.

The touchpad and accelerated graphics don't work on install and initial
boot. Fix: "sudo qubes-dom0-update kernel-latest" (kernel 5.6.16-1)
makes them work after that. Workarounds for install and initial boot: I
used the trackpoint, and suffered through non-accelerated graphics.

More tricky is that built-in wireless (9462) doesn't work through Xen,
as noted in https://github.com/QubesOS/qubes-issues/issues/5615.
Workaround: I plugged in a mini USB wireless stick (which works fine,
but I presume that the built-in wireless has better range and uses less
power, and I'd rather not have the USB port permanently occupied). Fix:
I compiled a 5.6.16-1 kernel for sys-net with the

   
https://lore.kernel.org/linux-wireless/3cab5072-17a2-4d9a-2077-93788971c...@invisiblethingslab.com/1.1-a.txt

patch. I can confirm that wireless works with this patch, and doesn't
work with the same kernel without this patch.

The remaining problem is that, with this kernel, the windows from
sys-net (nm-applet, terminal) are unusable: expected size, expected red
border from dom0, normal reaction to input, but an alternating black and
green pattern of dots inside the windows rather than the expected data.
Happy to take debugging suggestions; "qvm-run -a -p sys-net sh" reacts
to commands normally.

Below is an attempt at a HOWTO-level description of what I ended up
doing to compile a patched kernel. There were some false starts, and I
didn't re-test from scratch, so this might not be accurate. Some notes:

   * fedora-30 and fedora-32 both seem to work. fedora-32 dnf doesn't
 know PyYAML mentioned in https://www.qubes-os.org/doc/qubes-builder/
 but this also doesn't seem to matter for the kernel (and maybe the
 intent is to name python3-pyyaml anyway).

   * I'm not sure if the extend-under-10GB-at-a-time rule is still valid
 for current Qubes. If not, two steps can be skipped.

   * qubesbuilder (now) creates rpms using zstd compression, which dom0
 doesn't understand. Fix: The steps below instead select gzip -6
 (w6.gzdio). I don't know if changing fc32 to fc30 or fc25 in
 builder.conf would work, and since both fc30 and fc25 are EOL it
 seems good to minimize their use.

   * qubes-src/linux-kernel has questionable rules for selecting
 linux-*.tar.gz (which fails) rather than linux-*.tar.xz. The steps
 below force it to always select xz, which is also conceptually
 wrong but at least worked for me. Someone should check the rules.

---Dan


dom0:
  qvm-create -l black qubesbuilder
  qvm-prefs qubesbuilder template fedora-32
  qvm-prefs qubesbuilder vcpus 8
  qvm-volume extend qubesbuilder:private 10GB
  qvm-run -a qubesbuilder 'sleep 30; shutdown -h now'
  qvm-volume extend qubesbuilder:private 19GB

qubesbuilder:
  sudo dnf install \
gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog \
rpm-sign dpkg-dev debootstrap devscripts perl-Digest-MD5 perl-Digest-SHA

  gpg --import /usr/share/qubes/qubes-master-key.asc
  gpg --edit-key 36879494
fpr
# Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 
9494
trust
5
y
q

  wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
  gpg --import qubes-developers-keys.asc

  git clone https://github.com/QubesOS/qubes-builder.git
  cd qubes-builder

  git tag -v `git describe`
  # gpg: Good signature from "Marek ..." [full]

  cp example-configs/qubes-os-master.conf builder.conf
  sed -i 's/NO_SIGN.*/NO_SIGN=1/' builder.conf
  sed -i 's/BRANCH_linux_kernel.*/BRANCH_linux_kernel = v5.6.16-1-latest/' 
builder.conf

  time make get-sources
  # under an hour on my network connection

  wget 
https://lore.kernel.org/linux-wireless/3cab5072-17a2-4d9a-2077-93788971c...@invisiblethingslab.com/1.1-a.txt
  openssl sha256 1.1-a.txt
  # SHA256(1.1-a.txt)= 
2575bcad46f8c0fb0d29bd178aeaafccbebbce9a9db907e5198c1e90b5d0014b
  mv 1.1-a.txt qubes-src/linux-kernel/9462.patch

  sed -i 's/^SRC_FILE.*gz/SRC_FILE := linux-${VERSION}.tar.xz/' 
qubes-src/linux-kernel/Makefile
  sed -i 's/^Source0.*gz/Source0: linux-%{upstream_version}.tar.xz/' 
qubes-src/linux-kernel/kernel.spec.in
  sed -i '/Patch14/aPatch15: 9462.patch' qubes-src/linux-kernel/kernel.spec.in
  sed -i '/%define version/a%define _binary_payload w6.gzdio' 
qubes-src/linux-kernel/kernel.spec.in

  # need linux-utils first for qubes-kernel-vm-support
  time make linux-utils linux-kernel
  # over an hour

dom0:
  dom0rpm=kernel-latest-5.6.16-1.qubes.x86_64.rpm
  vmrpm=kernel-latest-qubes-vm-5.6.16-1.qubes.x86_64.rpm

  qvm-run -p qubesbuilder "cat 
qubes-builder/qubes-src/linux-kernel/pkgs/dom0-fc32/x86_64/$dom0rpm" > 
"$dom0rpm"
  qvm-run -p qubesbuilder "cat 
qubes-builder/qubes-src/linux-kernel/pkgs/dom0-fc32/x86_64/$vmrpm" > "$vmrpm"
  sudo dnf install "$dom0rpm"
  sudo dnf install "$vmrpm"
  qvm-prefs sys-net 

Re: [qubes-users] bind-dirs configuration not persisting to dvm

[Qubes]

On 8/20/20 9:06 AM, 'awokd' via qubes-users wrote:

Qubes:

I have an appVM that I changed into a dvm template, but I need to
increase the size of tmpfs /run/user/1000 from the default 10% of memory
size to e.g. 40% when an application in the dvm is opened (and the
disp gets created).

To do this I edited /etc/systemd/logind.conf in the appVM and changed
RuntimeDirectorySize=40%.

To make this stick between reboots, I used bind-dirs.

If I reboot the appVM and look at 'df -h' and 'cat
/etc/systemd/logind.conf' I can see that my changes have persisted.

The problem is after I change my appVM into a dvm template, 'qvm-prefs
 template_for_dispvms True' in my dvm 'tmpfs /run/user/1000' is
at default 10%, 'df -h' confirms. And my customization to
'/etc/systemd/logind.conf' is not there.

However, 'cat /rw/bind-dirs/etc/systemd/logind.conf' still shows

user@disp9640:~$ cat /rw/bind-dirs/etc/systemd/logind.conf
RuntimeDirectorySize=40%

Is that a bug or does that have something to do with how and when
'/rw/config/qubes-bind-dirs.d/50_user.conf' is parsed? because this is
where '/etc/systemd/logind.conf' is binded.


To simplify the problem a bit, maybe use a different template for your
dvm template and edit /etc/systemd/logind.conf directly in the base
template?

That works. It also works in the appVM before I set it to be a dvm, but 
it does not address the root cause. The issue described is only 
applicable to dvm's, but I have not found any documentation or anywhere 
else online for that matter indicating that bind-dirs are not compatible 
with dvm's. AFAIK it should work in the dvm exactly as it does in the appVM.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/81277a33-c964-f990-b7b1-642de334af97%40ak47.co.za.

Re: [qubes-users] Re: Suspend and high load issues on AppVM shutdown

[Johnboy3]

Hi,
thanks for your replies.
I searched through HCL and the mailing list for similiar problems regarding 
suspend bugs but without luck. Tried several approaches from 
latest-kernel/-qubes-vm, shutting down all AppVMs first, upgrading/downgrading 
BIOS, echo 1 > /sys/power/pm_trace && suspend, etc.
There is one similar HCL entry for my B450 mainboard but without further info 
(all green except untested tpm).

Regarding high system load on AppVM shutdown:
My approach is to put as many (offline) data as possible in a networkless 
vault. Of course for security reasons: it has personal data, music files, iso 
files, work backup files and much more, but also for my backup strategy: 
instead of backing up +500GB each time, i just mount my external drive into the 
vault and copy only file changes with rsync. My backup time decreases from an 
hour down to a couple of minutes max.
Switching from fedora-30 to fedora32 and debian-10 template won't change system 
load on shutdown significantly. Whole system runs on a SSD with luks 
encryption. I didn't make deep changes into the system with which i could 
explain this strange behaviour. Used default settings during installation. The 
vault has 1TB private storage reserved using the qubes manager. Is that too 
much?
I'm gonna test Qubes 4.1 in the next few days.


---


Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte 
E-Mail-Adresse mitnehmen! https://www.eclipso.de


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13072582860b582e3061eac9b9bdf4ec%40mail.eclipso.de.

Re: [qubes-users] KDE high dom0 CPU usage

[donoban]

On 2020-08-20 09:37, 54th Parallel wrote:
> 
> 
> On Thursday, 20 August 2020 at 13:25:49 UTC+8 Chris Laprise wrote:
> 
> On 8/20/20 12:29 AM, 54th Parallel wrote:
> 
> I switch off any nvidia gpus before installation. The company is
> anti-open source and I'm not interested in running drivers that are the
> result of a cat-and-mouse obfuscation game.
> 
> -- 
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
> 
> 
> I tried to find ways to disable my Nvidia GPU before my first
> installation since the i7-1065G7 has a more powerful integrated one but
> didn't find anything. The BIOS doesn't have anything either. I didn't
> install any drivers but my display works fine, so am I free of Nvidia
> drivers?
> 
> Oh, and quick question about Qubes VM hardening: I have it installed and
> working fine on all of my VMs except one, where every time that VM boots
> up, it automatically starts an xterm window headlined with '**
> VM-BOOT-PROTECT SERVICE SHELL' . This happens on a debian-10-minimal
> sys-dispVM when VM-boot-protect (not root) is enabled and disabled.
> DispVM Template displays the same behavior with an added error line
> 'cat: /var/run/vm-boot-protect-error: No such file or directory'.  The
> DVM template has VM-boot-protect-root enabled.
> 
> Problem persists after reinstallation of hardening in template. It
> doesn't seem like a major error, but it's bugging me. I'd be grateful
> for any pointers
> 

Maybe your problem is Opengl not being hardware accelerated. Try
switching to XRender under System Settings -> Display and Monitor ->
Compositor -> Rendering backend

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2c71c82-f88d-7801-f9f1-beb4f123754c%40riseup.net.

[qubes-users] Re: Suspend and high load issues on AppVM shutdown

['Антон Чехов' via qubes-users]

On Wednesday, August 19, 2020 at 12:04:49 PM UTC+2 John...@eclipso.email 
wrote:

> Hello, 
>
> i'm new to qubes and i like the security aspect it provides. During 
> testing i noticed 2 problems i couldn't solve. 
>
> 1. The resume from suspend function doesn't work for me. The Computer 
> powers on again, but the screen stays black. Keyboard and mouse don't work 
> either. Using other linux distributions force me to use 
> acpi_sleep=old_ordering to make suspend work. Trying to boot qubes with 
> that kernel option @multiboot and @module in grub doesn't help. 
>
> 2. Having AppVMs with several hundred GB, e.g. 500GB in vault leaves the 
> system crippled and often completly unresponsive for 1-2 minutes. Some 
> kworkerd process in dom0 eats up 100% of a single core. This happens every 
> time, even when i boot up the AppVM in question and shut it down 
> immediately again. The more GB the AppVM uses the longer the shutdown 
> takes. Seeing the HDD Led flashing nonstop during the shutdown made me 
> curious about the snapshot feature. Unfortunately, setting the qvm-volume 
> revert snapshot config from 1 to 0 didnt help. Neither with existing AppVMs 
> nor with newly created AppVMs. 
>

 Hi,
if you have the time and maybe a spare SSD/HDD available you could try the 
pre-release version of Qubes 4.1. It solved several issues for me but of 
course it isn't bug free and I don't know if it is regarded as safe to use 
securely already. 

1. I had the same problem with each previous version until testing Qubes 
4.1 solved this problem. I haven't shut down the laptop for a few days now 
but always resumed from suspend and it "just works". You could also try the 
latest kernel in 4.0 when updating dom0 but I don't know if a kernel option 
or the latest kernel solved the problem in Qubes 4.1. My problem was, that 
with the latest kernel my ethernet didn't work anymore in 4.0.
https://www.qubes-os.org/doc/software-update-dom0/

2. If you should decide to try out the latest 4.1 iso you could also try 
out btrfs during partitioning. There is an automated install with btrfs as 
well. Again, I don't know if everything is working as it should (looking at 
journalctl gives a few error messages but I get these in 4.0 as well) and I 
don't have these huge AppVM (why would you need 500GB in a vault app?) but 
I did notice an improvement when shutting down VM apps. It is rather fast. 
There is some minor bug in the Qube Manager: I sometimes have to close & 
reopen because the app has closed already but the Manager thinks it's still 
open. It usually takes less than 20 seconds and I think the warning comes 
when it takes more than 20 seconds. 

The thing is, this might not have to do anything with brfs or ext4 or 
whatever but maybe with the lack of LVM. (?) I only know a few things about 
the differences between these file systems so I might be completely wrong. 
Maybe others could share their experiences.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3770bbf-81f2-42ac-9984-ec3c101f362bn%40googlegroups.com.

Re: [qubes-users] KDE high dom0 CPU usage

[54th Parallel]

On Thursday, 20 August 2020 at 13:25:49 UTC+8 Chris Laprise wrote:

> On 8/20/20 12:29 AM, 54th Parallel wrote: 
>
> I switch off any nvidia gpus before installation. The company is 
> anti-open source and I'm not interested in running drivers that are the 
> result of a cat-and-mouse obfuscation game. 
>
> -- 
> Chris Laprise, tas...@posteo.net 
> https://github.com/tasket 
> https://twitter.com/ttaskett 
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 
>

I tried to find ways to disable my Nvidia GPU before my first installation 
since the i7-1065G7 has a more powerful integrated one but didn't find 
anything. The BIOS doesn't have anything either. I didn't install any 
drivers but my display works fine, so am I free of Nvidia drivers?

Oh, and quick question about Qubes VM hardening: I have it installed and 
working fine on all of my VMs except one, where every time that VM boots 
up, it automatically starts an xterm window headlined with '** 
VM-BOOT-PROTECT SERVICE SHELL' . This happens on a debian-10-minimal 
sys-dispVM when VM-boot-protect (not root) is enabled and disabled. DispVM 
Template displays the same behavior with an added error line 'cat: 
/var/run/vm-boot-protect-error: No such file or directory'.  The DVM 
template has VM-boot-protect-root enabled.

Problem persists after reinstallation of hardening in template. It doesn't 
seem like a major error, but it's bugging me. I'd be grateful for any 
pointers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe1b1cc7-37f0-4950-a49b-8d49bc0bd56an%40googlegroups.com.

Re: [qubes-users] bind-dirs configuration not persisting to dvm

['awokd' via qubes-users]

Qubes:
> I have an appVM that I changed into a dvm template, but I need to
> increase the size of tmpfs /run/user/1000 from the default 10% of memory
> size to e.g. 40% when an application in the dvm is opened (and the
> disp gets created).
> 
> To do this I edited /etc/systemd/logind.conf in the appVM and changed
> RuntimeDirectorySize=40%.
> 
> To make this stick between reboots, I used bind-dirs.
> 
> If I reboot the appVM and look at 'df -h' and 'cat
> /etc/systemd/logind.conf' I can see that my changes have persisted.
> 
> The problem is after I change my appVM into a dvm template, 'qvm-prefs
>  template_for_dispvms True' in my dvm 'tmpfs /run/user/1000' is
> at default 10%, 'df -h' confirms. And my customization to
> '/etc/systemd/logind.conf' is not there.
> 
> However, 'cat /rw/bind-dirs/etc/systemd/logind.conf' still shows
> 
> user@disp9640:~$ cat /rw/bind-dirs/etc/systemd/logind.conf
> RuntimeDirectorySize=40%
> 
> Is that a bug or does that have something to do with how and when
> '/rw/config/qubes-bind-dirs.d/50_user.conf' is parsed? because this is
> where '/etc/systemd/logind.conf' is binded.
> 
To simplify the problem a bit, maybe use a different template for your
dvm template and edit /etc/systemd/logind.conf directly in the base
template?

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc1d1326-a3f2-3cda-225a-4b4b688dcd74%40danwin1210.me.

Re: [qubes-users] Suspend and high load issues on AppVM shutdown

['awokd' via qubes-users]

Johnboy3@eclipso.email:
> Hello,
> 
> i'm new to qubes and i like the security aspect it provides. During testing i 
> noticed 2 problems i couldn't solve.

Welcome.

> 1. The resume from suspend function doesn't work for me. The Computer powers 
> on again, but the screen stays black. Keyboard and mouse don't work either. 
> Using other linux distributions force me to use acpi_sleep=old_ordering to 
> make suspend work. Trying to boot qubes with that kernel option @multiboot 
> and @module in grub doesn't help.

This is often a challenge. Search this mailing list and the Qubes HCL
for your laptop make & model. Maybe someone else has solved already.

> 2. Having AppVMs with several hundred GB, e.g. 500GB in vault leaves the 
> system crippled and often completly unresponsive for 1-2 minutes. Some 
> kworkerd process in dom0 eats up 100% of a single core. This happens every 
> time, even when i boot up the AppVM in question and shut it down immediately 
> again. The more GB the AppVM uses the longer the shutdown takes. Seeing the 
> HDD Led flashing nonstop during the shutdown made me curious about the 
> snapshot feature. Unfortunately, setting the qvm-volume revert snapshot 
> config from 1 to 0 didnt help. Neither with existing AppVMs nor with newly 
> created AppVMs.

I have a AppVMs around that size on HDD (vs. SDD), but haven't seen
this. Maybe try switching to a different template (Debian vs. Fedora for
example) in case there's something in the one you're using.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4eb3dc98-faef-eeb9-0a77-0e53521e244f%40danwin1210.me.

Re: [qubes-users] Re: Where is disk space?

['Tias]

On Thu, 20 Aug 2020 at 00:01, Eva Star  wrote:

> Thanks for your reply. Unfortunately, not :(
> I still have the problem when df -h /rw report one size and du other
> size... :(
>
> [user@host rw]$ df -h /rw
> Filesystem  Size  Used Avail Use% Mounted on
> /dev/xvdb   2.0G  1.6G  341M  83% /rw
>
> [user@host rw]$ mount|grep xvdb
> /dev/xvdb on /rw type ext4 (rw,relatime,discard)
> /dev/xvdb on /home type ext4 (rw,relatime,discard)
> /dev/xvdb on /usr/local type ext4 (rw,relatime,discard)
> /dev/xvdb on /var/spool/cron type ext4 (rw,relatime,discard)
>
> [user@host rw]$ lsblk /dev/xvdb -f
> NAME FSTYPE FSVER LABEL UUID FSAVAIL
> FSUSE% MOUNTPOINT
> xvdb ext4   1.0 c1ace105-12ee-495e-a340-***  340.2M82%
> /rw
>
> [user@host rw]$ sudo du --max-depth=1 -h /rw | sort -h
> 16K/rw/bind-dirs
> 16K/rw/lost+found
> 20K/rw/config
> 136K/rw/usrlocal
> 736M/rw
> 736M/rw/home
>
> As you can see df still report that 1.6G USED, but last command du
> --max-depth=1 with sorting show that only 736 MB used. Lose 800MB
> somewhere... :-(
>
>
>
>
>
Hi Eva,

There’s a few possible causes for the discrepancy between du and df, most
commonly

- du doesn’t always accurately measure size overheads. Usually this is
negligible but if you have many (small) files this can add up.

- if a process has a file open Linux will keep the data around on disk even
if you delete the file until the process exits or closes the file.

Here’s the best explanation I could find online
https://www.ibm.com/support/pages/why-numbers-du-s-and-df-disagree
(Technically it’s for AIX a different Unix flavour, but it’s all true for
Linux, though some commands differ)


>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/daedf9e0-89e8-45a2-82ae-c9e6ceadec16o%40googlegroups.com
> 
> .
>
>
>

-- 
-'Tias

"There is an art, or rather a knack to flying. The knack lies in learning
how to throw yourself at the ground and miss." ["Life, the universe and
everything", Douglas Adams, 1982]

"If a cluttered desk signs a cluttered mind, Of what, then, is an empty
desk a sign?" [Albert Einstein]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGpfrqO6p97%3Dz7j0DtMjO7Yj_nPmkMj2-K4LDbrAXWk0jg-7ZA%40mail.gmail.com.