[qubes-users] Re: [qubes-devel] QubesOS weekly builds
Hi Frédéric, On Sun, Mar 21, 2021 at 11:33:05PM +0100, Frédéric Pierret wrote: > Due to recent troubles with kernels 5.4.X and 5.10.X, I've decided to add > again to this weekly pipeline, the build of a fresh Qubes R4.1 ISO. I don't > build any package or any template. It uses only Qubes OS repositories. yay, that's very nice and useful! thank you! > Please note that, contrary to my first attempt, I don't include kernel-latest > kernels. So do they have 5.4.x or 5.10.x? > The ISOs are signed by "fepitre-bot" > 1C8714D640F30457EC953050656946BA873DDEC1. nice! > That said, the ISO(s) can be found on my self hosted server: > https://qubes.notset.fr/iso/. I'll give them a try in the next days on some new hardware which doesn't work with the iso from December but should be working now... I guess you have ran diffoscope on two builds, how is the result? Do you already have this in CI too? (this is for testing for reproducible builds...) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C ⠈⠳⣄ People call vaccine mandates "Orwellian" even though Orwell died at 46 of tuberculosis, which is now preventable with a vaccine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210330222919.GA11474%40layer-acht.org. signature.asc Description: PGP signature
[qubes-users] rebuilding xorg-x11-drv-intel to fix graphics problem
hi, so I think I'm experiencing https://bugs.freedesktop.org/show_bug.cgi?id=112296 when running Qubes 4.0 with a 4.19 kernel on a x230, that is, since the following line appeared in Xorg.0.log: ==> /var/log/Xorg.0.log <== [ 19271.994] (EE) intel(0): Failed to submit rendering commands (No such file or directory), disabling acceleration. since then, graphics is very slow / sluggish, eg opening new terminals is quite very slow, despite the system itself is fine and not loaded. I even can still watch videos... but the system feels like it is running with a load of 20 while in reality it's almost idle. So I would like to give try the patch from the above referred bug, which is https://cgit.freedesktop.org/xorg/driver/xf86-video-intel/commit/?id=e628d22673dfa494230e6f79ceff7d178137c71a So, what's running on dom0: [user@dom0 ~]$ rpm -qa |grep xorg-x11-drv-intel xorg-x11-drv-intel-2.99.917-32.20171025.fc25.x86_64 So I try to get the source like this: [user@dom0 ~]$ sudo qubes-dom0-update --action=download xorg-x11-drv-intel Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... No such command: download. Please use /usr/bin/dnf --help It could be a DNF plugin command, but loading of plugins is currently disabled. hmmm. because: [user@fedora-25 ~]$ dnf download --source xorg-x11-drv-intel [...] xorg-x11-drv-intel-2.99.917-26.20160929.fc25.src.rpm So how/where can I download the source package for xorg-x11-drv-intel-2.99.917-32.20171025.fc25.x86_64 ? Also, I'm wondering if it's worth this excercise or whether we are really close to Qubes 4.1 and thus I could try upgrading to that? But then I would also really like to know how to rebuild patched rpms from dom0... -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200523214703.GA20761%40layer-acht.org. signature.asc Description: PGP signature
[qubes-users] good bye, qubes-users list
hi, unman wrote today: Please consider the guidelines and be respectful and polite to others. None of these accusations of trolling help build the commmunity, or advance Qubes. and while I totally agree with this I've also decided that the latest conspirancies and insults on this, qubes-users, list were the drop that made the bucket overflow. I'm leaving this mailing list, the signal/noise ratio is almost 0 (for me). It is also not a mailinglist I will recommend to anyone. I'm sorry for the nice qubes users here and the qubes project. Obviously I do think that some mailinglist moderation is in order... I'd probably be willing to come back, if some changes have been implemented, but like it is, it's sadly a waste of time and mental energy. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190228190046.kakpsfdiiphdcjub%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: why mail-list?
On Wed, Feb 06, 2019 at 12:51:04PM -0600, John Goold wrote: > It's an interesting discussion. yes, but it's also entirely off-topic for this list. please stop it. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190206190554.7r65i44csmp477k7%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: why mail-list?
On Wed, Feb 06, 2019 at 11:34:57AM -0500, kitchm via Forum wrote: > [...] BTW, you are certainly not polite, > but you are obviously such a whiner since you continue to > whine about me and make this personal. can you all please stop your ad-hominem attacks and off-topic discussions and keep this list about Qubes OS?! (Also, please accept that there are different use-cases for Qubes OS and different definitions of privacy, security and everything.) Thanks already. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190206165018.hj5vevtk4cokwloi%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
getting rid of ME on modern CPUs (Re: [qubes-users] QSB #46: APT update mechanism vulnerability)
On Mon, Jan 28, 2019 at 11:46:55AM -0600, Stuart Perkins wrote: > Up to a certain manufacture, you can go to coreboot and lose the ME entirely. > After that point, setting the HAP bit may be your best option. We need > someone to to reverse engineer the ME and implement enough of it in coreboot > to take over so the newer ones will run. thats not enough. on modern intel cpus there's boot-guard which will prevent booting with coreboot unless it's signed with a secret intel key. -- tschüß, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190128175617.bclbga5ojb6i6feh%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] QSB #46: APT update mechanism vulnerability
On Sun, Jan 27, 2019 at 12:54:26AM +, unman wrote: > > Keep in mind that all PGP Debian/Ubuntu signing keys have been stolen > Do you have *any* evidence for this claim? I *believe* they probably misunderstood evil32.com and it's fallout. -- tschüß, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190127131137.owl7xgjibz5m4sxv%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?
On Sun, Jan 27, 2019 at 02:37:16AM -0800, goldsm...@riseup.net wrote: > > 2/ > > Imagine that apt-transport-https *had* been adopted - have you actually > > looked at the list of vulnerabilities in libcurlnd the various > > breakages in the TLS CA system? that. plus, apt is running as root and apt-transport-https needs to parse untrusted input... > You appear to be saying that Debian have created a package; > apt-transport-https which is not fit for purpose? Have you notifified > them of this? and if so what was their response? one of the reasons Debian has not made apt-transport-https is that there is a trade-off between gaining some security properties by using https and loosing some (see above in this very mail)... what really would need to be done would be to rewrite/patch apt, to do all the certificate verification as less priviledged user. I *believe* modern apt suports this (at least I have an _apt user in my /etc/passwd on stretch systems, but not on jessie), but I'm not sure (read: i have no idea) whether apt-transport-https uses that too. -- tschüß, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190127125649.khw72kcuj4yrw7al%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] HCL - Purism Librem 13 v2
On Thu, Nov 15, 2018 at 10:07:31AM +0100, qubes-...@tutanota.com wrote: > > has this (updating the HCL for Librem 13v2) happend now? this was and is my point, here+now. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181115101617.d7le3rnrqvculqd4%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] HCL - Purism Librem 13 v2
On Sat, Nov 10, 2018 at 09:24:40AM -0800, Kyle Rankin wrote: > It's a shame this thread got hijacked by people... [...discussing other stuff...] > Could someone who is responsible for the HCL please update it with the data > I've provided in this thread? This would update the HCL with a version of > the Librem 13v2 that provides a TPM for people who are considering running > Qubes 4.0 with AEM. has this (updating the HCL for Librem 13v2) happend now? -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181114213042.y4w4qdaogapxqvw2%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
'invisible' blobs are blobs too (Re: [qubes-users] HCL - Purism Librem 13 v2)
On Sun, Nov 11, 2018 at 03:45:21PM +, unman wrote: > lenovo x230s are still widely available, and great for Qubes. while I agree with that, I want to point out that they contain several non free blobs which cannot be changed. just because there was so much purism bashing in this thread. :-D -- cheers, Holger, who is happy that his keyboard, memory and battery works --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181112095825.65tlq4mjdqgo2lh4%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] HCL - Purism Librem 13 v2
On Sat, Nov 10, 2018 at 09:24:40AM -0800, Kyle Rankin wrote: > It's a shame this thread got hijacked by people slandering the company. indeed. > PS. For what it's worth we continue to work earnestly behind the scenes to > liberate the remaining binary blobs (FSP and what remains of the ME after > we disable and delete the majority of the modules) because we want to > provide people with modern hardware that runs blob-free. For the ME, we > have already documented what we have done to attempt to both disable (HAP) > and neuter (zero out modules) the ME. We have four ME modules remaining to > liberate (and anyone with access to our BIOS ROM or our BIOS build script > can confirm those claims). Those of you who work in this space are aware of > the challenges behind all of this and if anyone wants to help us in > liberating the FSP and the remaining four ME modules that are present we > would certainly welcome the help. thanks for this interesting update. Much appreciated! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181110173022.bbxwj64vqc2sykwk%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: SSD hardware encryption vulnerabilities (Radbound University)
On Tue, Nov 06, 2018 at 07:09:52AM -0800, jonbrownmaste...@gmail.com wrote: > Does this effect Qubes OS? no. (Qubes OS uses software encryption. You can however manually enable hardware encryption like you can on any OS.) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181106151333.jj3anhucjkq2nitt%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Replacement for Lenovo x230 (coreboot'able + high res)
On Sat, Oct 27, 2018 at 03:08:22AM +0200, Maillist wrote: > Unfortunately, with coreboot (assuming you mean a security relevant > coreboot), there are none which fit your specs.However, its possible to > hack a 13.3 FHD display in an x230. https://forum.thinkpads.com/viewtopic.php?t=122640 explains how to do that. It's not really hard nor expensive. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181027085350.vkqszjcdeojyihyj%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Qubes and i3 window manager
On Wed, Oct 24, 2018 at 02:13:58AM -0700, mike wrote: > Could anyone please share some Qubes + i3 tips and tricks? > For instance, how do you launch applications from different qubes using dmenu? > What is the actual command to launch an application in a qube? > Where can I find a source/config for the default Qubes Xfce menu? > Are there any additional resources on Qubes + i3 apart from > https://www.qubes-os.org/doc/i3/ ? have you installed the qubes-i3-settings package in dom0? -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181024105419.znkotoqa7yv3xgia%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] unable to install enigmail in debian-9 template
hi, On Sun, Oct 21, 2018 at 05:05:54PM -0700, Josefa Hays wrote: > I've been using the Enigmail-plugin for many years. However I just > realized it had disappeared from Thunderbird. When trying to reinstall > it in the Debian-9 template I get the following error: [...] > I realize this is (probably) a Debian-problem, but I cannot solve this. > Any quick-fixes out there would be much appreciated, I need my crypto up > and running again :) yes, this is a Debian problem indeed and should hopefully be fixed real soon now. Relevant bugs are: https://bugs.debian.org/910398 gnupg2 in stretch needs to be updated to be usable with enigmail 2.0 https://bugs.debian.org/909000 enigmail needs to be updated to version 2.0 the cause for this is the firefox/thunderbird 60 update which is caused by the web being broken these days. *I hope* that these fixes land in stretch/Debian 9 in October 2018, but we will see. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181022105240.znyccaejmx5sxihf%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Whonix support ending for Qubes 3.2
On Fri, Oct 05, 2018 at 10:26:18PM -0500, Andrew David Wong wrote: > the Qubes OS > Project will continue to support Qubes 3.2 as planned until 2019-03-28. [6] thank you, Qubes OS! > [...] Users who decide to continue using Whonix on Qubes 3.2 do so > at their own risk. this has been the case always anyway, so meh. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181006104706.xuiciv7ipvaotd3g%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] External monitor resolution
On Mon, Sep 24, 2018 at 06:52:30PM -0300, Franz wrote: > I understand that the Lenovo x230 does not have the power to properly set > the two displays each with the correct resolution, but in mirror mode, they > are exactly the same and it works. I use an x230 here with an external 4k display and it works nicely, with or without using the internal display as well. (using the mini-displayport output, not VGA.) As a start, I'd recommend to run "xrandr --auto" in dom0. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180925104907.hv43nmuaxgk7heso%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: dom0 uses 105%+ of cpu
On Tue, Sep 18, 2018 at 03:11:10PM -0700, Guy Frank wrote: > Could someone clue me in on whether it's unusual for dom0 to be perpetually > running the processor at at least 105% all the time according to xentop? 13% here, when not displaying anything else on the screen. 27% when playing music... (with 3.2) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180918225644.qeifmww7mrpr6aui%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] Re: [qubes-devel] Whonix version support policy
On Thu, Sep 13, 2018 at 09:00:40PM -0500, Andrew David Wong wrote: > * One month after a new stable version of Qubes OS is released, Whonix >TemplateVMs will no longer be supported on any older version of Qubes >OS. I'm quite disappointed by this. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180914104120.ozmopzwrjhltkq2c%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Guide: Monero wallet/daemon isolation w/qubes+whonix
On Tue, Aug 14, 2018 at 07:42:00PM +, Patrick Schleizer wrote: > Now reference here: > https://www.whonix.org/wiki/Monero > > > I am wondering how to save users from as many manual steps as possible. since a bit more than 2 weeks monero can be installed on stretch with 'sudo apt install -t stretch-backports monero', so I think this should work on whonix-14 too. see https://tracker.debian.org/pkg/monero for more info. currently it's monero 0.12.3.0 -- cheers, Holger --- holger@(debian|reproducible-builds).org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180814200209.q5ugdfwvcapth77u%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] Re: [qubes-devel] Fedora 26 and Debian 8 approaching EOL
On Thu, May 24, 2018 at 07:29:18PM -0500, Andrew David Wong wrote: > Thank you for the correction. I've updated the announcement on the > website to clarify this: > https://github.com/QubesOS/qubes-posts/commit/3db9a35e297b3defa0863f8ab02ebd56e8384053 thank you, looks good! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180525084649.v3qeix2bsaoinhug%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] Re: [qubes-devel] Fedora 26 and Debian 8 approaching EOL
On Wed, May 23, 2018 at 08:21:12PM -0500, Andrew David Wong wrote: > Fedora 26 will reach EOL ([end-of-life]) on 2018-06-01, and Debian 8 > (["Jessie" full, not LTS][debian-releases]) will reach EOL on > 2018-06-06. We strongly recommend that all Qubes users upgrade their > Fedora 26 and Debian 8 TemplateVMs and StandaloneVMs to Fedora 27 and > Debian 9 or higher, respectively, by these EOL dates. I'm not sure why you suggest^wstrongly recommend to upgrade from Debian 8 to 9. "Suggest" I would understand, but Debian 8 will be supported for another 2 years via LTS. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180524091854.ydlin2mvv77qeb2r%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] sweethome3d (java app) on Qubes
hi, I've been trying to use sweethome3d from Debian stretch (so "apt install sweethome3d") but I cannot draw any walls or rooms, the tool immediatly stops with a 0cm length wall. I tried this with Qubes and the i3 window-manager, while I know that a friend uses sweethome3d and i3 on plain Debian stretch successfully. I suppose it's somehow java related as these are the sweethome3d depends: Depends: icedtea-netx-common | sun-java6-bin, java-wrappers, libfreehep-graphicsio-svg-java, libitext-java, libjava3d-java, libsunflow-java (>= 0.07.2.svn396+dfsg-11), libbatik-java, default-jre | java6-runtime Any ideas? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180523112152.s7satojwylij7wyd%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Run "cd /path/to/file" Command with qvm-run
On Mon, May 14, 2018 at 03:34:00AM -0700, cr33dc0...@gmail.com wrote: > Does anyone know how to use cd command with qvm-run? qvm-run --pass-io personal "cd /home/user/Desktop/ ; ls" -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180514103829.ooxq6umifmztdhav%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] VM maximum size is too small
On Fri, May 04, 2018 at 09:01:13AM -0700, Reza wrote: > 3) I click on "settings" icon (the wheel)and I increase the "private storage > max size" from 2048 to its max value 10240 (written right below as 'system > storage max size'). you want to increase the private storage size, not the system storage size. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180504170102.fxwsoiw3tnvtorc2%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads
Hi, On Fri, Apr 06, 2018 at 08:25:37PM +0200, 799 wrote: > as described in the howto I have extracted the vga.rom from my own > BIOS-files. > I can use resume and the laptop reconnects its network adapters as soon as > it wakes up. > So far no issues at all. thanks for explaining. > > The coreboot config I have used is here: > > > https://github.com/Qubes-Community/Contents/blob/ > > master/docs/coreboot/x230-configfile > > > > thanks, depending on your answer to the above question I probably > > compare yours with mine ;) > > > > Can you share your config file? > I am sure that there is room for improvement in my config. http://layer-acht.org/thinking/blog/20170827-coreboot-build-environment/ has a link to the config I used. (which doesnt use the nonfree vgabios blob, but then I also had resume issues, which you dont have...) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180413165601.pbalc3hyznzze7em%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads
hi, On Fri, Apr 06, 2018 at 09:22:52AM +, 799 wrote: > As mentioned I have also drafted a how-to to setup Coreboot on a X230, > including building the pi, flashrom and extracting Blobs. out of curiosity: does resume work reliably for you? For me it didnt with coreboot (and the free VGA bios) but it does with legacy bios... (and btw, with legacy bios resume is quite very reliable again, just sometimes/often the wireless doesnt work after resume; though now I found out a workaround: just suspend+resume until it comes back with working wireless... ;) > The coreboot config I have used is here: > https://github.com/Qubes-Community/Contents/blob/master/docs/coreboot/x230-configfile thanks, depending on your answer to the above question I probably compare yours with mine ;) > I wrote the how-to as I need to look at several places to get everything > together for example how to extract Blobs, how to merge two bios files into > one etc. > It seems to me that if I run Coreboot with grub + encrypted boot, there is > no need to run anti evil maid, as the boot partition can't be messed with. > > Is this correct? mostly. The boot partition cannot be messed up but the components of your computer can be changed (eg a keyboard controller recording your keystrokes) and anti-evil-maid is designed to also detect those attacks. However these attacks are also much more sophisticated and require more time and are harder to do that just replacing a kernel image on an unencrypted boot partition. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180406130502.dwuq4gqwkaxfivv3%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] How do I load firmware-atheros into Qubes 4.0 R5?
On Thu, Mar 29, 2018 at 03:38:34PM -0400, taii...@gmx.com wrote: > My issue is with purisms incredibly dishonest marketing, their pressure > campaigns on the FSF, their insulting of their competitors - not their > existence in general or the practice of selling of laptops that are only > slightly more free than a dell. Taiidan, this is the qubes-users mailing list, ment to discuss issues and joys with Qubes OS. Whatever you think of Purism is really not suited that well on this list. If you want to educate people, I'd like to suggest you take it elsewhere, either private or some other public list or setup a wiki page or whatever. If everybody beats up their favorite horse on this list, this list will become a lot more noisy and less useful for everyone. For example I don't think using Thunderbird for reading email is a reasonable choice for users interested in reasonable security, but I wont mention that in every (not even any...) thread discussing thunderbird. Same can be said about many many topics. Thanks for consideration. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180330132406.vqbi2srygzxwvtl4%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] bash autocomplete
On Sun, Mar 11, 2018 at 02:11:02PM +0100, haaber wrote: > I don't know what this 3D-thing, is I'll learn it. I have, in the > meanwhile, tested the attached file, that distinguishes also running, > paused and halted VM's. For the moment this is completely sufficient for > me. Maybe I'll add the completion "root" when I complete "qvm-run -u", > since this is what I need for updating sudo-less minimal templates :) > > I put the file it in /etc/bash_completion.d/ within dom0, and source it > in .bashrc. awesome, thanks for sharing (again)! :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180311135227.llfhwe6ezwso324z%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] bash autocomplete
On Fri, Mar 02, 2018 at 07:10:22PM +, Holger Levsen wrote: > On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote: > > to have the shell behave nicer. If I have some free time, I might > > customize this stub to suggest available options to all qvm-* and > > qubes-* commands. I am surprised that I might be the first one to > > discuss this subject (?!) Bernhard > i'm definitly interested in this, this is super useful. so thanks, Unman and haaber, I now have this as my .bashrc and it works nicely: # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # Uncomment the following line if you don't like systemctl's auto-paging feature: # export SYSTEMD_PAGER= # User specific aliases and functions _qvm() { local cur COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" VMS=`qvm-ls --raw-list` COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) ) } complete -F _qvm qvm-appmenus complete -F _qvm qvm-clone complete -F _qvm qvm-firewall complete -F _qvm qvm-move-to-vm complete -F _qvm qvm-remove complete -F _qvm qvm-start-gui complete -F _qvm qvm-unpause complete -F _qvm qvm-backup complete -F _qvm qvm-copy-to-vm complete -F _qvm qvm-pause complete -F _qvm qvm-run complete -F _qvm qvm-usb complete -F _qvm qvm-backup-restore complete -F _qvm qvm-service complete -F _qvm qvm-kill complete -F _qvm qvm-shutdown complete -F _qvm qvm-tags complete -F _qvm qvm-check complete -F _qvm qvm-features complete -F _qvm qvm-prefs complete -F _qvm qvm-start complete -F _qvm qm For your convinience I've also attached this file. (you might want to comment out the last line...) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180311125641.p5s4bfgqbhfyowlg%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # Uncomment the following line if you don't like systemctl's auto-paging feature: # export SYSTEMD_PAGER= # User specific aliases and functions _qvm() { local cur COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" VMS=`qvm-ls --raw-list` COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) ) } complete -F _qvm qvm-appmenus complete -F _qvm qvm-clone complete -F _qvm qvm-firewall complete -F _qvm qvm-move-to-vm complete -F _qvm qvm-remove complete -F _qvm qvm-start-gui complete -F _qvm qvm-unpause complete -F _qvm qvm-backup complete -F _qvm qvm-copy-to-vm complete -F _qvm qvm-pause complete -F _qvm qvm-run complete -F _qvm qvm-usb complete -F _qvm qvm-backup-restore complete -F _qvm qvm-service complete -F _qvm qvm-kill complete -F _qvm qvm-shutdown complete -F _qvm qvm-tags complete -F _qvm qvm-check complete -F _qvm qvm-features complete -F _qvm qvm-prefs complete -F _qvm qvm-start complete -F _qvm qm signature.asc Description: PGP signature
Re: [qubes-users] bash autocomplete
On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote: > to have the shell behave nicer. If I have some free time, I might > customize this stub to suggest available options to all qvm-* and > qubes-* commands. I am surprised that I might be the first one to > discuss this subject (?!) Bernhard i'm definitly interested in this, this is super useful. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302191022.ygh2qllrumvrczfx%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] size difference between 4.9 and 4.14 kernels
On Wed, Feb 07, 2018 at 11:01:33AM +0100, Marek Marczykowski-Górecki wrote: > I think this is just about estimation of used disk space - one package > is already installed and rpm know how much disk space is really used, > the other one have only some estimation in rpm metadata. ah, right. I'm a fedora newbee! :) > RPM package sizes are very similar: 41M (4.9) vs 46M (4.14). thanks for confirming this. sadly I now have issues with resume (5 failures on 5 tries), see update-status #398... -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180208113820.4fopxd7jcz2eehal%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] size difference between 4.9 and 4.14 kernels
hi, on 3.2 I ran "sudo qubes-dom0-update" this morning, followed by "sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --action=upgrade kernel-qubes-vm" which then prompted me with this: Installing: kernel x86_64 1000:4.14.13-3.pvops.qubes qubes-dom0-cached46 M kernel-qubes-vm x86_64 1000:4.14.13-3.pvops.qubes qubes-dom0-cached62 M Removing: kernel x86_64 1000:4.9.35-20.pvops.qubes @qubes-dom0-cached 179 M kernel-qubes-vm x86_64 1000:4.9.35-20.pvops.qubes @qubes-dom0-cached 206 M Is that really expected and correct that the new kernels are that much smaller? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180206110441.u47kzgpfwfzibgki%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: Qubes OS 4.0-rc4 has been released!
On Thu, Feb 01, 2018 at 09:58:34AM -0800, alexclay...@gmail.com wrote: > Are there plans for the final 4.0 release to have a direct upgrade path from > 3.2? Or do we just backup all of our VMs, fresh install 4.0, then restore our > VMs? the latter. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180201182136.l7fapchpgkm6sfaj%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] -> Backing up files: 78%... ERROR: Failed to perform backup: error in addproc
hi, I was just doing a backup (using the qvm-backup cli tool on 3.2) which then suddenly crashed with this line: -> Backing up files: 78%... ERROR: Failed to perform backup: error in addproc I couldn't investigate further yet, but I suppose it failed to backup a specific VM - which is bad - and this then crashed qvm-backup completly instead of just continueing with the next VM - which is worse. Is it worth filing an issue with this little information? (or is this a know bug? I'm on low bandwidth atm, so I don't wanna check...) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180119114142.tsb3npdqwevse22f%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Is Qubes effected by the Intel kernel memory leaking bug?
On Thu, Jan 04, 2018 at 05:40:27AM -0800, stephenatve...@gmail.com wrote: > On Thursday, 4 January 2018 13:39:46 UTC+1, eva...@openmailbox.org wrote: > > 3.2 affected? When patch will be available? :( > My impression is that 3.2 isn't being patched pending 4.0, but I could be > wrong there. you are wrong. 3.2 will be supported for one more year after the release of 4.0. (Normally it's just for half a year.) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180104135930.7iwsg2n4slydmsgj%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: Duplicate MAC address error
On Fri, Dec 22, 2017 at 02:34:41AM -0800, Reynir Björnsson wrote: > It may be a coincidence, but when it happened to me I got sys-net running by > shutting down sys-whonix first. I've since disabled sys-whonix and haven't > had the issue again, although I haven't been rebooting much since. I believe it's coincidence. I've had this several times, where I couldnt restart sys-net (after it crashed) and then after shutting down some random VMs I could start sys-net again... :/ -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171222104859.gtm7uuw7dnzavu2a%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] qubes-mirage-firewall 0.4
On Wed, Dec 20, 2017 at 10:04:57PM +0100, donoban wrote: > If I'm not wrong you have to configure the rules for the firewall before > building the kernel image? Once you start it you have no way for change > rules? yes, this is true currently. but then I have been using Qubes for nearly a year without modifying the rules in sys-firewall and now I have been using qubes-mirage-firewall for two weeks with just the default rules and am happy as well. there is also https://github.com/cfcs/qubes-mirage-firewall/commits/user_supplied_rules though that's more of PoC quality atm. ;tl;dr: give qubes-mirage-firewall a try with the default rules. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171221122809.azna3d4i7s6morcb%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.
On Wed, Dec 20, 2017 at 01:15:23PM +0100, 'Tom Zander' via qubes-users wrote: > On Wednesday, 20 December 2017 11:59:26 CET Holger Levsen wrote: > > oh, and if you want to securly erase data, use /dev/random, not > > /dev/urandom. > > This is not good advice, your /dev/random device creates true randomness, > but it only generates a very small amount of data, bytes per minute. yet, wipe uses it by default. it's slow, but doesnt take *years*, merely hours. (wipe's default is also to overwrite 4 times…) and then, haveged can be used to fill the randomness pool. as in apt install haveged. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171220125906.hnae6pleohwhlsay%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.
On Wed, Dec 20, 2017 at 12:50:38AM +0100, Ángel wrote: > openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 > 2>/dev/null | base64)" -nosalt | pv -bartpes | sudo dd bs=64K of=/dev/sd"X" on Debian this is much easier done with sudo apt install wipe sudo wipe /dev/sda I'm sure Fedora has a similar tool, probably even the same. https://manpages.debian.org/stretch/wipe/wipe.1.en.html is also worth a read. oh, and if you want to securly erase data, use /dev/random, not /dev/urandom. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171220105926.eqp3k5dox7zcb6s7%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Atheros AR928X & Q4.0rc3 Passthrough
On Sat, Dec 16, 2017 at 02:21:30PM -, 'awokd' via qubes-users wrote: > Getting crashes on domU boot with an assigned Atheros wireless PCIe card > under Qubes 4.0rc3 with both PV and HVM. Any suggestions how to accomplish > it? Some of the posts/threads I find go back to 2010 but I'm still > stumped. [...] > I've tried several things such as adding permissive and no-strict-reset > flags when attaching the device, bunch of ath9k kernel options, etc. Only > thing that resulted in any change whatsoever was when I blacklisted the > ath9k module entirely, then I could boot. > Not sure where to go next. Figure out how to edit Xen quirks? Comment out > everything that looks like a write and recompile the driver? Throw it away > and buy something else? (I'd prefer to get this working somehow.) I cannot really help you, but for me it's good to see someone else has this problem with an Atheros AR928X card as well. I was testing it on Qubes 3.2 with coreboot and wasnt 100% sure this was due to Qubes/Xen, or coreboot or hardware… still need to try that hw with pure Debian to rule out that it's a hw problem. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171217114404.yu5yxoc4jal6ye5b%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Boot QUBES with kexec
On Sun, Dec 10, 2017 at 03:05:11PM +0100, Robert Walz wrote: > Does anybody know how to kexec the xen hypervisor? http://osresearch.net/ uses kexec to boot Qubes. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171210163517.jugnfv723un552ch%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] qvm-convert-img: ValueError: No icon received
On Sun, Nov 26, 2017 at 05:50:17PM +, Unman wrote: > > > It's a bug Holger. > > > Scoot on over to GitHub and raise an issue > > is it really? I cannot believe it's broken (in 3.2) and noone has raised > > an issue yet… > Well someone has to be first :-) > > truth , I dont think that many people use the feature. > But this is a bug for sure - same in deb8 and Fedora, at least for my > 3.2 done now, as https://github.com/QubesOS/qubes-issues/issues/3344 -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171128105328.5rw6z56t633kwqdm%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] qvm-convert-img: ValueError: No icon received
On Sun, Nov 26, 2017 at 04:40:08PM +, Unman wrote: > On Sun, Nov 26, 2017 at 04:22:04PM +0000, Holger Levsen wrote: > > on 3.2: using debian-9 I should have said too… > > $ qvm-convert-img image.jpg image_clean.jpg [...] > > ValueError: No icon received > > > > which package do I need to install where? > It's a bug Holger. > Scoot on over to GitHub and raise an issue is it really? I cannot believe it's broken (in 3.2) and noone has raised an issue yet… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171126165204.4pjwysrbqrwv72s3%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] qvm-convert-img: ValueError: No icon received
hi, on 3.2: $ qvm-convert-img image.jpg image_clean.jpg Traceback (most recent call last): File "/usr/lib/qubes/qimg-convert-client", line 47, in main() File "/usr/lib/qubes/qimg-convert-client", line 41, in main img = qubes.imgconverter.Image.get_through_dvm(args.src) File "/usr/lib/python2.7/dist-packages/qubes/imgconverter.py", line 207, in get_through_dvm return cls.get_from_stream(sys.stdin, **kwargs) File "/usr/lib/python2.7/dist-packages/qubes/imgconverter.py", line 131, in get_from_stream raise ValueError('No icon received') ValueError: No icon received which package do I need to install where? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171126162204.vqqb4feb5xdtjtlk%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Upgrading from rc2 to release.
On Mon, Nov 06, 2017 at 07:35:58PM -0800, jkitt wrote: > Is this just a case of running a Dom0 update? Or would I have to manually > install the stable release? > FYI: I'm still on 3.2. you need to backup 3.2, install 4.0 and restore the backup. this is described in the release notes. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2017110712.nivd5anrqmeij54e%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Coreboot VS Libreboot :: Which is better for Qubes OS ?
On Sat, Nov 04, 2017 at 03:53:32PM -0700, 'Marek Jenkins' via qubes-users wrote: > so from my understanding, "blobs" is a synonym for proprietary code, right ? it's a synonym for "binary object" where in general you don't have the source code. > I mean if it doesn't really matter for security I can live with those blobs > inside Coreboot. having the source code is generally better for security... but if you have hardware which either works with a blob, or doesnt work without it, you might want to choose the blob. > But Qubes will work better with Coreboot correct or why is it recommended > here ? a free bios is better for security. Libreboot supports a lot less hardware than coreboot. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171104231020.35rgrbpvspkopsog%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Coreboot VS Libreboot :: Which is better for Qubes OS ?
On Sat, Nov 04, 2017 at 10:57:30AM -0700, 'Marek Jenkins' via qubes-users wrote: > What is the difference between Coreboot and Libreboot ? Libreboot is Coreboot with all the non-free blobs removed (and no free software added instead). So if you happen to have hardware which needs those blobs, you won't be happy with Libreboot. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171104214705.chhlfj5cmkstdphu%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Docker & dev embbeded on Qubes OS on P51
On Thu, Oct 19, 2017 at 04:29:51AM -0700, jerome.moli...@gmail.com wrote: > -> 2) From time to time I am providing Java consulting, and now many > customers use docker containers (no comments -) ) ... Is it possible inside a > VM to run Docker ? No problem with firewalling & other stuff... yes, it's possible. Just that docker builds its own kernel module via dkms, so you need the kernel headers installer, which I choose to achieve by running a custom kernel in that VM as then I could just apt install those headers… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171019114650.jxpue5y3xb4upfq7%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] template VMs loosing connectivity
On Wed, Oct 18, 2017 at 10:59:52AM +, Holger Levsen wrote: > apt gets: cannot connect to 10.137.255.254… still not sure why this happened (and why now), but running systemctl on sys-net made it obvious what the fix was: sudo service qubes-updates-proxy restart -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171018132353.tijymwglcefxuy5r%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] template VMs loosing connectivity
Hi, I'm running 3.2 and this week for the first time template VMs lost connectivity, as in they couldnt connect to their software repos anymore. A reboot "fixed" this and I could update them again. Then, yesterday, they lost connectivity again… apt gets: cannot connect to 10.137.255.254… and user@debian-9:~$ ping 10.137.255.254 PING 10.137.255.254 (10.137.255.254) 56(84) bytes of data. >From 10.137.2.1 icmp_seq=1 Destination Host Prohibited Anybody got an idea? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171018105952.dy4vod2a2udhcubl%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] After updating Debian Kernel in VM, initramfs can't init
On Sat, Oct 14, 2017 at 03:03:39PM +, Holger Levsen wrote: > I've done the same… just with a slightly different result, though the same > outcome, the VM > in question doesnt boot :( running "sudo update-initramfs -c -k all" fixed this for me… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171014154229.2ykamfugphks4t7b%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] After updating Debian Kernel in VM, initramfs can't init
On Wed, Feb 08, 2017 at 03:58:57PM -0800, nicholas roveda wrote: > I've just update the Kernel inside of the Debian Template to the 4.9.2 > version and now, the machine can't start. > > - I installed grub2-xen in dom0 > > - I installed 'qubes-kernel-vm-support', 'kernel-package' and 'grub2-common' > inside the Template VM > - I downloaded the Debian Kernel Sources (4.9.2) > - I ran 'make menuconfig' and activate all virtualization and xen support, > mantaining the related configs present in the dom0 Kernel > - I created a Kernel .deb packages with 'make-kpkg --initrd -- linux-headers > linux-image' and I installed them > - I update the GRUB2 with 'update-grub' > > - I set 'pvgrub2' as Kernel in Qubes VM Manager I've done the same… just with a slightly different result, though the same outcome, the VM in question doesnt boot :( this is what I got: Booting `Debian GNU/Linux' Loading Linux 4.9.0-4-amd64 ... Loading initial ramdisk ... [ vmlinuz-4.9.0-4-amd6 3.64MiB 90% 2.27MiB/s ] [0.104118] dmi: Firmware registration failed.a 18.40MiB 100% 1.49MiB/s ] [1.399131] dmi-sysfs: dmi entry is absent. [1.399653] mce: Unable to init device /dev/mcelog (rc: -5) Gave up waiting for suspend/resume device Gave up waiting for root file system device. Common problems: - Boot args (cat /proc/cmdline) - Check rootdelay= (did the system wait long enough?) - Missing modules (cat /proc/modules; ls /dev) ALERT! /dev/mapper/dmroot does not exist. Dropping to a shell! BusyBox v1.22.1 (Debian 1:1.22.0-19+b3) built-in shell (ash) Enter 'help' for a list of built-in commands. (initramfs) any hints welcome. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171014150339.v7uwvwdvj6me5xmu%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] kswapd0 using 100% CPU with not even a MB swap in use
On Sun, Oct 08, 2017 at 02:18:06PM +0200, Marek Marczykowski-Górecki wrote: > I've seen this some time ago and `echo 3 > /proc/sys/vm/drop_caches` > helped. No idea why it is spinning... I decided to better use 'echo 3 | sudo tee /proc/sys/vm/drop_caches' and that that worked nicely indeed, I got silence again. So thanks again! :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171011164100.6km7basf6xteubvx%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] kswapd0 using 100% CPU with not even a MB swap in use
Hi, so kswapd0 is using 100% CPU in one of my Qubes and this makes the fan spin and noisy… and that Qube is hardly using any swap at all: $ free totalusedfree shared buff/cache available Mem:1888212 776484 640712 70296 471016 1031616 Swap: 1048572 716 1047856 So I ran "sudo swapoff -a" (and "sudo swapon -a") and now zero swap is used but kswapd0 is still busy swapping(?) and the fan is noisy and I wonder what to do… Any hints / ideas? (I know I could shut down the VM and restart it but I hope there's a better solution / workaround.) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171007102911.2sq63k3yyelhpki6%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Re: Adding a second monitor fails
On Thu, Sep 28, 2017 at 01:21:52AM -0700, Coracle wrote: > I'm getting the message here and elsewhere that Qubes OS doesn't yet support > extended desktops or multiple monitors. no, that's wrong. Qubes supports multiple displays just fine, it's just based on an 1-2 year old version of Fedora, so it supports whatever that supports. so newer graphic cards might cause problems, or certain old ones too. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170928105039.vx4lb23hnbulicbz%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] auto-restarting nm-applet (on 3.2)
Hi, I've just realized that (almost) everytime after my laptop resumes, I run qvm-run sys-net "killall nm-applet ; nm-applet" manually and that's a bit silly, so I want to automate this this workaround (certainly hoping nm-applet will behave better in 4.0…) so I wonder if there's a better way than editing /usr/lib64/pm-utils/sleep.d/51qubes-suspend-netvm ? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170927232611.55syus3nyqr43dmx%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] 4.0-rc1 - No 'qvm-trim-template'?
On Tue, Aug 15, 2017 at 07:28:58AM +0200, Graumann, Johannes wrote: > Can anyone enlighten me why 4.0-rc1 does not (yet?) have > 'qvm-trim-template'? Is this not yet implemented or not needed any longer > given the new infrastructure? I'm curious about this as well. There is https://github.com/QubesOS/qubes-issues/issues/3033 also about this issue, without a real reply, but hinting this is a missing feature currently. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170927131129.j5edeqhvm7ue5x6k%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Informational videos about Qubes
On Sun, Aug 27, 2017 at 10:33:16PM -0500, Andrew David Wong wrote: > > That sounds reasonable. Could we perhaps have a link to these > > videos (as well as all other third-party materials about Qubes) > > somewhere on the mailing group/IRC channel so that newcomers can > > get acquainted with them? [...] > As for the IRC channel(s), JPO and Holger (CCed) may be able to take > care of that. surely we can add some link to /topic but I think first and foremost those videos should be linked from qubes-os.org/docs/ and then everyone can find them easily… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170828201452.GB4484%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Re: [qubes-devel] Qubes Security Bulletin #32: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)
On Tue, Aug 15, 2017 at 04:05:27PM +0200, Marek Marczykowski-Górecki wrote: > Actually: > sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing done this now, worked nicely, also rebooted into it and everything seems to be fine. thanks! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170815171446.GA2458%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] Re: [qubes-devel] Qubes Security Bulletin #32: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)
On Tue, Aug 15, 2017 at 04:05:27PM +0200, Marek Marczykowski-Górecki wrote: > Actually: > sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing q.e.d. & thanks! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170815144125.GA9791%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] Re: [qubes-devel] Qubes Security Bulletin #32: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)
Hi, first of all: thanks for this handling this update! On Tue, Aug 15, 2017 at 08:31:31AM -0500, Andrew David Wong wrote: > Patching > = [...] > The packages are to be installed in dom0 via the qubes-dom0-update command or > via the Qubes VM Manager. A system restart will be required afterwards. [...] > These packages will migrate to the current (stable) repository over the next > two weeks after being tested by the community. I think it would be good to include the *exact* commands here. The first quoted paragraphs seems to imply one can simply upgrade packages as usual, while the second quoted paragraphs implies that this doesnt work, but that one has to use some other, unspecified (here) repository (for the next two weeks). Please include those two commands needed instead, with the full options needed. So, "sudo qubes-dom0-update" for the first paragraph, and "sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing" for the 2nd… (IIRC!) Else people have to guess or simply wont know etc… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170815135959.GA7620%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] cannot install kernel 4.9.35 from …-current-testing
On Tue, Aug 01, 2017 at 01:06:24PM +0200, Marek Marczykowski-Górecki wrote: > > I fail to install kernel 4.9.35 on Qubes 3.2, any hints how I can > > accomplish this? > > [user@dom0 ~]$ LANG=C sudo qubes-dom0-update > > --enablerepo=qubes-dom0-current-testing kernel kernel-qubes-vm > Try adding --action=update whoohoo, thanks for that, Marek! It also doens't work but at least hinted what would be and was working: --action=upgrade! Now let's see how this kernel works! :-) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170804192735.GB15943%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] Re: cannot install kernel 4.9.35 from …-current-testing
On Mon, Jul 31, 2017 at 10:53:31PM -0700, Foppe de Haan wrote: > 'sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --best > --allowerasing' shouldn't error like that. sadly no: [user@dom0 ~]$ LANG=C sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing kernel --best Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Running command on VM: 'sys-firewall'... Running command on VM: 'sys-firewall'... Usage: "yumdownloader [options] package1 [package2] [package..] Command line error: no such option: --best [user@dom0 ~]$ LANG=C sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --best kernel Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Running command on VM: 'sys-firewall'... Running command on VM: 'sys-firewall'... Usage: "yumdownloader [options] package1 [package2] [package..] Command line error: no such option: --best [user@dom0 ~]$ -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170801165540.GA10145%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] Re: cannot install kernel 4.9.35 from …-current-testing
On Mon, Jul 31, 2017 at 10:11:56PM -0700, Foppe de Haan wrote: > and if you add --best --allowerasing to the command? commandline error, no such option :( -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170801052105.GB2703%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!
On Mon, Jul 31, 2017 at 09:17:43PM +, Holger Levsen wrote: > Now I get another error OTOH, but I'll try a fresh reinstallation of 4.0rc1 > first, before > reporting that exact error… whoohooo - that fresh installation on an x260 for the first time showed reliable suspend+resumes, I've done 42 suspends of the machine (which, granted, was not doing anything) and it successfully resumed 42 times \o/ which to me is quite very amazing, running qubes 3.2 I'd estimate the success rate rather to be 60% or so, maybe 70%… (while the same machine running Debian 8 also had 99.x% successful resumes…) so far so very good. i'm curious whether this will also be the case with qubes 3.2.1 and a 4.9 kernel (so far only tried with the older 4.8 one from the qubes repos…) (but then, see the other mail on this list about my problems installing the 4.9 kernel on qubes 3.2…) OTOH, wireless didnt work after a few resumes (qubes 4.0rc1), i assume this can be fixed by unloading+reloading the module, but… I'm happy as long as resume works. -- cheers, Holger, who really did those 42 suspends and resumes… -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170801051910.GA2703%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!
On Mon, Jul 31, 2017 at 10:46:19PM +0200, Marek Marczykowski-Górecki wrote: > Do you have VT-x enabled in BIOS? doh, indeed it was disabled. (Which slightly puzzles me as I had running Qubes 3.2 running on this machine before…) Now I get another error OTOH, but I'll try a fresh reinstallation of 4.0rc1 first, before reporting that exact error… Thanks! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170731211743.GB1014%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] cannot install kernel 4.9.35 from …-current-testing
Hi, I fail to install kernel 4.9.35 on Qubes 3.2, any hints how I can accomplish this? [user@dom0 ~]$ LANG=C sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing kernel kernel-qubes-vm Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Running command on VM: 'sys-firewall'... Running command on VM: 'sys-firewall'... fedora/metalink | 11 kB 00:00 qubes-dom0-current | 2.9 kB 00:00 qubes-dom0-current-testing | 2.9 kB 00:00 qubes-templates-itl | 2.9 kB 00:00 updates/metalink| 11 kB 00:00 --> Running transaction check ---> Package kernel.x86_64 1000:4.9.35-19.pvops.qubes will be installed ---> Package kernel-qubes-vm.x86_64 1000:4.9.35-19.pvops.qubes will be installed --> Processing Dependency: perl(Math::BigInt) for package: 1000:kernel-qubes-vm-4.9.35-19.pvops.qubes.x86_64 --> Running transaction check ---> Package perl-Math-BigInt.noarch 0:1.9997-355.fc23 will be installed --> Finished Dependency Resolution /var/lib/qubes/dom0-updates/packages/kernel-4.9.35-19.pvops.qubes.x86_64.rpm already exists and appears to be complete /var/lib/qubes/dom0-updates/packages/kernel-qubes-vm-4.9.35-19.pvops.qubes.x86_64.rpm already exists and appears to be complete /var/lib/qubes/dom0-updates/packages/perl-Math-BigInt-1.9997-355.fc23.noarch.rpm already exists and appears to be complete find: '/var/lib/qubes/dom0-updates/var/cache/yum': No such file or directory Redirecting to '/usr/bin/dnf --exclude=qubes-template-whonix-gw,qubes-template-fedora-24,qubes-template-fedora-25-minimal,qubes-template-fedora-23,qubes-template-debian-8,qubes-template-whonix-ws, install kernel kernel-qubes-vm' (see 'man yum2dnf') Qubes OS Repository for Dom0 44 MB/s | 189 kB 00:00 Package kernel-1000:4.4.14-11.pvops.qubes.x86_64 is already installed, skipping. Package kernel-1000:4.4.38-11.pvops.qubes.x86_64 is already installed, skipping. Package kernel-1000:4.8.12-12.pvops.qubes.x86_64 is already installed, skipping. Package kernel-qubes-vm-1000:4.4.14-11.pvops.qubes.x86_64 is already installed, skipping. Package kernel-qubes-vm-1000:4.4.38-11.pvops.qubes.x86_64 is already installed, skipping. Package kernel-qubes-vm-1000:4.8.12-12.pvops.qubes.x86_64 is already installed, skipping. Dependencies resolved. = Package Arch Version Repository Size = Skipping packages with conflicts: (add '--best --allowerasing' to command line to force their upgrade): kernel x86_64 1000:4.9.35-19.pvops.qubes qubes-dom0-cached 40 M kernel-qubes-vm x86_64 1000:4.9.35-19.pvops.qubes qubes-dom0-cached 56 M perl-Math-BigInt noarch 1.9997-355.fc23 qubes-dom0-cached 188 k Transaction Summary = Skip 3 Packages Nothing to do. Complete! [user@dom0 ~]$ -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170731205607.GA1014%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!
On Mon, Jul 31, 2017 at 01:43:20PM +0200, Marek Marczykowski-Górecki wrote: > We have just released Qubes 4.0-rc1: awesome! I've installed it on a lenovo x260 and upon the end of the installation I had some error concerning sys-firewall stating "could not find capabilities for arch=x86_64", despite that the installation seemed successful. But then when I logged into the installed system and ran "qvm-run personal xterm" I got the same: $ qvm-run personal xterm Running 'xterm' on personal personal: Start failed: invalid argument: could not find capabilities for arch=x86_64 IOW: this doesnt work for me at all. Happy to test+debug further though if someone has an idea what to do… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170731204251.GA30080%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS
On Wed, Jun 21, 2017 at 10:00:00AM +, Michael Carbone wrote: > FYI x220 also has heads support: > https://github.com/osresearch/heads/pull/190 oh nice! (so they should update their docs… :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170621102917.GA25531%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS
On Wed, Jun 21, 2017 at 09:57:25AM +0200, math blanc wrote: > Installing Qubes OS 3.x on a X200 sounds like a bad idea to me, isn't ? I'd rather choose an x220 or x230, where you can also clean the ME. Plus, an x230 is supported by heads, which you might also like to use. (see https://osresearch.net) - but start with plain coreboot+qubes, that's a steep enough learning curve already :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170621092310.GB20965%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Thank you to unman and magicadu!
On Tue, May 30, 2017 at 10:52:10PM -0500, Andrew David Wong wrote: > Please join me in thanking two invaluable members of our community -- > unman and magicadu -- for donating their time and talents. They have > just finished rigorously and painstakingly testing Milestone 3.1 > issues in order to help us determine which issues had to be migrated > to Milestone 3.2 and which could be closed. Thank you both! cool cool & thanks unman & magicadu! :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170531130450.GC7305%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Lenovo X1 Carbon 1.gen
On Sun, May 21, 2017 at 07:00:04AM -0700, Finsh wrote: > i recently got interested in the Qubes and i'm thinking on installing it > on a Lenovo X1 Carbon 1gen Type: 3460-1F4. > > I couldn't find this specific Model in the HCL, are there any known issues? I've installed Qubes on mine before it ran coreboot and encountered no issues. (Except that 8gb RAM is a bit too little for my taste.) > Also i want to combine it withe Coreboot/ libreboot, which got recently I've not tested installing Qubes since it runs coreboot, mostly because I had no real opportunity to do so since then… (But I've seen a X200s where the Qubes installation failed to boot after it was corebooted…) So I suppose there is one way to find out: try. You should keep a backup of your legacy BIOS anyway… ;-) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170522115725.GC22953%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
On Sat, May 13, 2017 at 02:55:12PM -0500, Andrew David Wong wrote: > > you really dont protect your gpg key with a passphrase?? > See: https://www.qubes-os.org/doc/split-gpg/ oh wow :( > Why is that a problem? It's only visible in dom0. If an attacker is in > dom0, it's already game over. no, the world is not black and white. If an attacker steals your computer while it's unlocked, all your gpg encrypted stuff is wide open. If an attacker steals my computer while it's unlocked, my gpg encrypted stuff is still locked. Surely the attacker can now install as many backdoors as they want, but as long as I don't type my gpg passphrase into that computer anymore, it should be pretty safe. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170514085123.GC13184%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] Re: [qubes-announce] QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)
On Tue, May 02, 2017 at 07:10:05AM -0500, Andrew David Wong wrote: > We have just published Qubes Security Bulletin (QSB) #30: > Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214). sad news, but very well written, thanks a lot for taking the time to do so! > Commentary > === especially this is a very good read! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170502121952.GA9313%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] say it out (loud) - Qubes OS Stickers
On Wed, Apr 19, 2017 at 08:49:12AM -0700, sackerbo...@gmail.com wrote: > I would love to have a few of these!! printing them is easy, even if getting them printed for free. what's harder is getting a design. does someone have one? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170420141530.GA16120%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] How to install kernel headers in debian 9?
On Wed, Apr 19, 2017 at 11:42:16AM +0200, c...@company.com wrote: > I've upgraded my debian-8 template to debian-9 (stretch). Now I want to > install vmware player and it asks me where the kernel headers are located. > I could not find them in /usr/src and I also can't find them via apt-cache > search. Is there a way to install the kernel headers for Linux debian-9 > 4.8.12-12.pvops.qubes.x86_64? did you search with "apt-cache search kernel headers"? try "apt-cache search linux headers" instead :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170419101012.GA7121%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Re: qubes manager add start terminal
On Sun, Apr 16, 2017 at 05:44:12PM -0600, Reg Tiangha wrote: > That said, being able to right-click in Qubes Manager and quickly launch > any kind of terminal program would be a super useful feature to have. absolutly. should also have a customisable default list of terminals to try as well as a prefered terminal per VM. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170417131239.GA22274%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] qubes boot repair
On Wed, Apr 12, 2017 at 08:42:49AM -0700, jacoblorenzipo...@gmail.com wrote: > bios update resulted in loosing qubes option in efi boot menu > I can boot into qubes boot repair but not sure what to do after > Any suggestions? after you chrooted into the system as suggested by the repair script, running these commands helped me in a similar situation: man efibootmgr efibootmgr -c -L Qubes -l /EFI/qubes/xen.efi (the -L is very much optional, the -l not so much :) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170412155952.GA19003%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] can't install kernel-qubes-vm from qubes-dom0-unstable repo
On Sat, Apr 08, 2017 at 12:03:55AM -0400, Chris Laprise wrote: > I think 'rpm -qa' is essentially saying the package is installed. I think you misread the output I posted, it was: [user@dom0 ~]$ rpm -qa |grep kernel qubes-core-dom0-linux-kernel-install-3.2.12-1.fc23.x86_64 kernel-4.4.14-11.pvops.qubes.x86_64 kernel-4.4.38-11.pvops.qubes.x86_64 kernel-4.8.12-12.pvops.qubes.x86_64 kernel-qubes-vm-4.4.14-11.pvops.qubes.x86_64 kernel-qubes-vm-4.4.38-11.pvops.qubes.x86_64 and clearly lacks kernel-qubes-vm 4.8.12 :) > If the rpm is still cached in dom0, you can try 'sudo dnf reinstall > kernel-qubes-vm-4.8.12-12'. this didnt do the trick, but it made me look again on the filesystem as qubes-dom0-update also said it was cached… so this time I went for "sudo find / |grep kernel-qubes-vm" which found it in /var/lib/qubes/updates/rpm/ so I just installed it with "rpm -i $file" which worked nicely. However, it didnt show me the conflict dnf showed me while using qubes-dom0-update and I still would like to know what conflict that was…! > If not, try 'sudo qubes-dom0-update kernel-qubes-vm-4.8.12-12 > --enablerepo=qubes-dom0-unstable --action=reinstall' this doesnt work anymore: ERROR: yum version installed in VM sys-firewall does not support --downloadonly option ERROR: only 'install' and 'upgrade' actions support (reinstall not) So thanks, your reply made me dig deeper and find a manual workaround, but I still would be more happy if qubes-dom0-update would work to install kernel-qubes-vm 4.8.12-12 in a way that one can document in qubes-doc… Now hoping that this will indeed make my system more stable too. I'll see. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170408093521.GA2726%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] can't install kernel-qubes-vm from qubes-dom0-unstable repo
Hi, "long ago" I successfully installed kernel-4.8.12-12 from the qubes-dom0-unstable repo and today I realized that maybe Qubes would be more stable for me, if I'd also install kernel-qubes-vm 4.8.12-12 instead of still using 4.4.38 in the VMs… But… [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel-qubes-vm Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Running command on VM: 'sys-firewall'... fedora/metalink | 22 kB 00:00 qubes-dom0-current | 3.6 kB 00:00 qubes-dom0-unstable | 2.9 kB 00:00 qubes-templates-itl | 2.9 kB 00:00 updates/metalink | 20 kB 00:00 --> Running transaction check ---> Package kernel-qubes-vm.x86_64 1000:4.8.12-12.pvops.qubes will be installed --> Finished Dependency Resolution /var/lib/qubes/dom0-updates/packages/kernel-qubes-vm-4.8.12-12.pvops.qubes.x86_64.rpm already exists and appears to be complete find: `/var/lib/qubes/dom0-updates/var/cache/yum': No such file or directory Redirecting to '/usr/bin/dnf --exclude=qubes-template-whonix-gw,qubes-template-fedora-24,qubes-template-fedora-23,qubes-template-debian-8,qubes-template-whonix-ws, install kernel-qubes-vm' (see 'man yum2dnf') Qubes OS Repository for Dom0 23 MB/s | 44 kB 00:00 Package kernel-qubes-vm-1000:4.4.14-11.pvops.qubes.x86_64 is already installed, skipping. Package kernel-qubes-vm-1000:4.4.38-11.pvops.qubes.x86_64 is already installed, skipping. Dependencies resolved. == Package ArchVersion Repository Size == Skipping packages with conflicts: (add '--best --allowerasing' to command line to force their upgrade): kernel-qubes-vm x86_64 1000:4.8.12-12.pvops.qubes qubes-dom0-cached 45 M Transaction Summary == Skip 1 Package Nothing to do. Complete! [user@dom0 ~]$ rpm -qa |grep kernel qubes-core-dom0-linux-kernel-install-3.2.12-1.fc23.x86_64 kernel-4.4.14-11.pvops.qubes.x86_64 kernel-4.4.38-11.pvops.qubes.x86_64 kernel-4.8.12-12.pvops.qubes.x86_64 kernel-qubes-vm-4.4.14-11.pvops.qubes.x86_64 kernel-qubes-vm-4.4.38-11.pvops.qubes.x86_64 [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable --best --allowerasing kernel-qubes-vm Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Running command on VM: 'sys-firewall'... Usage: "yumdownloader [options] package1 [package2] [package..] Command line error: no such option: --best [user@dom0 ~]$ So, two questions: a.) How can I actually force installation of kernel-qubes-vm-4.8.12-12.pvops.qubes? The package has already been downloaded, where is it stored? b.) How can I check what conflicts there are? I'll try to provide patches for qubes-doc.git/common-tasks/software-update-dom0.md once I know more! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170407222418.GA334%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] usability major bug?
On Wed, Mar 22, 2017 at 03:08:00PM +0300, Oleg Artemiev wrote: > > why do you have to reboot? > Cost of reboot in __understanding__ what the hell is the reason is > less than cost of restoring correct state after reboot. > > I feel like queue in some code is failing to grow. > Usually I detect such things via load testing. > > As a QA professional I'm ready to commit to: > > 1) run (some times within free time) load tests > 2) provide nummeric results (not raw logs!) on my dom0 - no VM names. > Only symbolic handles I'm ok to publish are qubes OS internals - no VM > names and similar personal stuff. > > Only if I do understand the code . Thus the load testing code and > final summary report must be available to me + no pipes to pass > numbers via any protocol into internet or tor. > Better if applied by python, nodejs,bash, or ruby or erlang language . let me try again: - how does the reboots happen? you said "you have to reboot", did you mean the machine just sponteaniously reboots and thus forces you into reboots? - is there anything special you are doing when this happen or does it happen "randomly"? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170322123230.GA28199%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] usability major bug?
Hi Oleg, you missed on important bit of information: On Wed, Mar 22, 2017 at 12:12:58PM +0300, Oleg Artemiev wrote: > I have to reboot Qubes R3.2 a few times a day. What do I do wrong? why do you have to reboot? > reproduceable: daily on my workstation > > impact: ability to run 10-15 VMs is not guaranteed . My harware is > strong enough to be able to run that count of qubes (it is normal to > me). -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170322105203.GC14987%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Can't start my StandaloneVM anymore
On Sat, Mar 18, 2017 at 11:14:07AM -0700, cooloutac wrote: > On Saturday, March 18, 2017 at 2:11:50 PM UTC-4, cooloutac wrote: > > I'm starting to think you're the joke. > Instead of arrogantly telling someone to do a simple search if you are too > lazy to give a solution. Do everyone a favor and keep your fucking mouth > shut! instead of attacking people on the list, please read https://www.qubes-os.org/code-of-conduct/ thanks. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170318185044.GA6%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Re: SystemD sucks - qubes shouldn't use it
On Thu, Mar 09, 2017 at 10:06:24PM -0800, Drew White wrote: > systemd is bad, things were simpler and easier without it. you think having a 1000 ways to start deamons (written and maintained by a 1000 people) is more secure and simpler? That's a curious POV… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170310115029.GA9041%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] Re: salt, getting started (to disable CAPS LOCK and configure basic tools everywhere)
On Fri, Mar 03, 2017 at 10:38:04PM +, Holger Levsen wrote: > so I've read qubes-doc.git/configuration/salt.md and wonder, /srv/salt is > installed by the qubes packages and the document says the Qubes salt API is > supposed to change between minor release - so where am I supposed to put > *my* salt config? > > Also what best practices / tools exist to maintain this in git in a VM and > then copy it over to dom0? > > My actual first "pressing" usecase to use Salt is to disable CAPS LOCK > everywhere… :-) > > My second use case would be to deploy the same customisations to basic > tools (eg enable syntax highlighting in vim) everywhere… anybody has some ideas? or is noone using salt successfully yet? ;) also on Debian 8: $ sudo apt install qubes-mgmt-salt-vm [...] The following packages have unmet dependencies: qubes-mgmt-salt-vm : Depends: qubes-mgmt-salt but it is not going to be installed Recommends: qubes-mgmt-salt-vm-python-pip but it is not installable E: Unable to correct problems, you have held broken packages. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170306105829.GB9319%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Feedback request: Incremental file-based backup PoC
Hi Vít, On Sat, Mar 04, 2017 at 09:53:31AM -0800, Vít Šesták wrote: > Holger, restore is already implemented in some basic form. (I havre mentioned > it here on Mar 1.) I'm sorry, I was wrong indeed and a bit too sarcastic too. I guess this was due to your initial mail where there was no restore yet… > Both backup and restore are equally important: Without backup you have > nothing to restore from. well, true. But if you don't regularily test what you backup and test that you can actually restore, your backup is rather worthless. You don't want to find out your restore is broken, once your regular install is gone… > Feel free to try it I'm sorry, I'm at my limits… > On testing: Some basic manual test passed, but I should create automated > tests. (Maybe integration tests are more important than unit tests here – > after ali, it mostly integrates existing products together.) I think so, yes. > You can test restore scenario (at some level) now: > > 1. Backup. > 2. Create new BackupStorageVM and new config directory for restore testing. > 3. Run restore (./backup --action=restore other-args…) with specified config > directory and VM name template. For example, you specify template > “restore-testing-%” in order to add prefix “restore-testing-”. > 4. Verify that restored VMs contain the desired data. cool. Is that documented in your git repo too or just here? :) and really: thank you very much for working on making the backup experience of Qubes better. That's very very much appreciated! -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170306105115.GA9319%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] salt, getting started (to disable CAPS LOCK and configure basic tools everywhere)
Hi, so I've read qubes-doc.git/configuration/salt.md and wonder, /srv/salt is installed by the qubes packages and the document says the Qubes salt API is supposed to change between minor release - so where am I supposed to put *my* salt config? Also what best practices / tools exist to maintain this in git in a VM and then copy it over to dom0? My actual first "pressing" usecase to use Salt is to disable CAPS LOCK everywhere… :-) My second use case would be to deploy the same customisations to basic tools (eg enable syntax highlighting in vim) everywhere… Disclaimer: I indeed have basically no clue about salt, not read the upstream docs yet, just the above document… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170303223804.GB15877%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Feedback request: Incremental file-based backup PoC
On Fri, Mar 03, 2017 at 12:42:56PM -0800, Vít Šesták wrote: > Well, I don't see any problem with restore. This is roughly what dom0 does > (or initiates): Vít, please design and *test* your restore. Nobody wants backup, everybody wants restore. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170303222124.GA15877%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)
On Mon, Feb 27, 2017 at 03:42:51PM -0500, Chris Laprise wrote: > Do either of you use anti-evil-maid? not yet. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170228112932.GA29712%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)
On Sun, Feb 26, 2017 at 02:56:53PM -0500, Jean-Philippe Ouellet wrote: > In the interest of maximizing list archive utility, I'm attaching a > new HCL here (bumped kernel to 4.8.12-12 & xen to 4.6.4). > > I still have issues with suspend/resume. Sometimes it fails to resume, > and sometimes it fails to suspend (leading to a hot backpack and/or > quickly dead battery). what are your exact symptoms? mine are: suspend works nicely, but no resume (no reaction at all in fact) once I press the keys to wake up my machine, which is a X260, also skylake, also 4.8.12 + xen 4.6.4. -> this doesnt happen always, but around 20% of the time or so. Pretty often. I think we should file an issue in the "real" tracker… (or is there one already? I think I tried searching for one, but didnt fine any…) I'd also be glad to try a 4.9 or 4.10 based kernel… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170227194817.GA23504%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Qubes and ram
On Wed, Feb 22, 2017 at 05:37:17PM +, Holger Levsen wrote: > echo $(((`(for VM in $(xl list|egrep -v "(Name|dom0)"|cut -d " " -f1) ; do > /usr/lib/qubes/qrexec-client -d $VM user:"/usr/bin/vmstat -s -S K" -t -T|grep > "used memory"|cut -d "K" -f1 ; done)|xargs echo|sed "s# #+#g#"`)/1024))MB used misses the used memory in dom0, so better: echo $(((`(for VM in $(xl list|egrep -v "(Name|dom0)"|cut -d " " -f1) ; do /usr/lib/qubes/qrexec-client -d $VM user:"/usr/bin/vmstat -s -S K" -t -T|grep "used memory"|cut -d "K" -f1 ; done)|xargs echo $(vmstat -s -S K|grep "used memory"|cut -d "K" -f1)|sed "s# #+#g#"`)/1024)) which is better done like this: echo $(((`( vmstat -s -S K ; for VM in $(xl list|egrep -v "(Name|dom0)"|cut -d " " -f1) ; do qvm-run $VM -p "/usr/bin/vmstat -s -S K" ; done ) | grep "used memory" | cut -d "K" -f1 | xargs echo | sed "s# #+#g#"`)/1024)) which is also easier to understand I think ;) Essentially it runs vmstat everywhere and adds up the numbers for "used memory", that's all. And, it still should better read /proc/meminfo… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170224120459.GA12227%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Archlinux template system update
On Mon, Feb 20, 2017 at 05:19:52PM -0300, Franz wrote: > looking for conflicting packages... > :: xorg-server and xf86-input-joystick are in conflict > (X-ABI-XINPUT_VERSION). Remove xf86-input-joystick? [y/N] n do you really need xf86-input-joystick? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170220203337.GA31980%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Archlinux template system update
On Mon, Feb 20, 2017 at 03:25:23PM -0300, Franz wrote: > > Also, you should clone the template, and try the forced upgrade in > > the clone. > This seems very safe to try thanks nice howto from Unman indeed! > > If it does not work and you are short of time the you can simply > > switch back to the original template. If it works OK, then carry on using > > the updated template. > I wonder if am the only one with this issue. No, I've seen this on real Archlinux systems as well and for Debian the Qubes packages also need updates for dealing with pulseaudio >= 10… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170220183826.GA26970%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] qvm-run --dispvm in dom0
On Sun, Feb 12, 2017 at 03:11:59PM +, Holger Levsen wrote: > hm, xfce4-terminal is a somewhat better terminal, IMHO, but what I really > want is one which I can easily configure to support font-size-resizing > via keyboard-ctrols (ctrl +- works out of the box in gnome-terminal) and > xfce4-terminal doesn't support that :/ sakura and roxterm-gtk(2|3) both satisfy this… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170212163611.GA28663%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] qvm-run --dispvm in dom0
On Sun, Feb 12, 2017 at 02:23:20PM +, Unman wrote: > > I'm just puzzled that this doesnt work: > > echo gnome-terminal |/usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 > > DEFAULT red > This comes up quite often - perhaps it should be in the FAQ. probably, though best with a satisfying answer :) > I cant do better than quote my last reply: > > This is because gnome-terminal is a stub that calls > gnome-terminal-server to open a new window and then exits. Because the > command you have called exits, the dispVM closes. It's expected > behaviour. ah. (some sort of expected behaviour ;) > There was a solution proposed in issues - #2581 if you are > interested, but it's ugly (proposer's words) and has significant security > risks. I wouldn't touch it, but then I tend not to sue gnome-terminal > anyway. > > And, as Marek pointed out in that thread, this is the reason why the > default config has xterm. hm, xfce4-terminal is a somewhat better terminal, IMHO, but what I really want is one which I can easily configure to support font-size-resizing via keyboard-ctrols (ctrl +- works out of the box in gnome-terminal) and xfce4-terminal doesn't support that :/ For now my workaround is: (using i3) $mod-Shift-Return gives me an xterm in a new disposable VM and then $mod-Return will give me a gnome-terminal in there… -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170212151159.GB26296%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] qvm-run --dispvm in dom0
On Fri, Feb 03, 2017 at 04:44:14PM +, Unman wrote: > echo xterm |/usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red > > will open term in new dispVM > > I have this as keyboard shortcut - you can obviously script it to take > input for command to run. thanks, this is very handy! I'm just puzzled that this doesnt work: echo gnome-terminal |/usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red it starts a new disposible VM but no gnome-terminal pops up, despite it's installed and when I start it manually from an xterm it comes up just fine?!? (This is with a Debian 8 dvm.) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170212134836.GA25832%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] disposable VMs: several different ones, and preconfigured
On Mon, Feb 06, 2017 at 06:07:03AM -0800, Andrew David Wong wrote: > > please excuse me if these are FAQs, RTFM pointers welcome! :) > https://groups.google.com/d/msg/qubes-users/2uN9ybLTqHQ/XMy6d5UkDwAJ > https://www.qubes-os.org/doc/dispvm-customization/ thanks, Andrew! (I the meantime I had seen this URLs floating by on the users list myself, but it's still nice!) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170206142341.GA3314%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
[qubes-users] disposable VMs: several different ones, and preconfigured
Hi, please excuse me if these are FAQs, RTFM pointers welcome! :) - (how) can I have several different disposable VMs? (eg Debian 8+9 and Fedora based ones) - (how) can I preconfigure disposable VMs? AIUI the home directory is always created freshly, how can I put stuff in there? (eg always re-configuring Firefox is annoying…) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170203142936.GA10496%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature