[qubes-users] What is Stage 6 in the upgrade process?

[drogo]

In performing an in-place upgrade of my 4.0 system, I'm following the 
instructions on qubes-os.org;

The upgrade consists of 7 stages - 6 before restarting the system - marked 
as “STAGE 0” through “STAGE 6” in the options list below. And the 7th stage 
is rebuilding the applications and features list - started with a 
--resync-appmenus-features option.

But in the documentation, there is no stage 6. It only has stages 0 - 5. Is 
it a type-o and it's safe to reboot after stage 5?

(Pastebin of the command's help output here )

Thanks!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20934fc6-bcae-47f8-a33d-985589bade3bn%40googlegroups.com.

[qubes-users] Unable to set old kernel for boot in qube

[drogo]

I'm having trouble with a fedora-30 qube. 

The qube is HVM, and after a recent kernel upgrade, the ZFS module will no 
longer compile successfully. (Kernel 5.6.7-100.fc30) I still have two older 
working kernels with modules that I want to boot (5.5.8-100, & 5.4.18-100), 
but I'm unable to get grub2 to boot any kernel but the latest one. 

I've tried using a few ways to set the old kernel, but it the qube keeps 
coming up on 5.6.7 

Tried removing the latest kernel with dnf remove, but it still boots 5.6.7.
Tried deleting the img, config, and initramfs, system.map etc from boot, 
then running grub2-mkconfig -o /boot/grub2/grub.cfg, no luck.
I set the desired kernel with grub2-set-default = "Fedora 
(5.5.8-100.fc30.x86_64) 30 (Thirty)" and confirming with grub2-editenv 
list, no good.


Anyone know what I'm doing wrong here?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ee4410a-1701-49a6-8989-fd3ee6fc3ea9%40googlegroups.com.

Re: [qubes-users] Re: Suspend to RAM not working

[drogo]

On Wednesday, September 11, 2019 at 9:24:08 AM UTC-4, Claudia wrote:
>
> drogo: 
> > 
> > 
> > On Tuesday, September 10, 2019 at 5:22:32 PM UTC-4, Claudia wrote: 
> >> 
> >> drogo: 
> >>> 
> >>> 
> >>> On Sunday, June 24, 2018 at 10:12:17 PM UTC-4, cooloutac wrote: 
> >>>> 
> >>>> On Friday, June 15, 2018 at 5:59:46 PM UTC-4, drogo wrote: 
> >>>>> My newly built system is unable to suspend. The process starts, but 
> >>>> fails and ends up with just a locked screen. This is a desktop, so 
> >> there 
> >>>> shouldn't be any wifi drivers causing issues. But I'm not sure if 
> >> there's a 
> >>>> module that might be making it resume right away. 
> >>>>> 
> >>>>> Any ideas where to start troubleshooting this? 
> >>>>> 
> >>>>> HCL report is attached. 
> >>>>> 
> >>>>> 
> >>>>> Thank 
> >>>> 
> >>>> You can try to see if it suspends on the same baremetal feodora 
> version 
> >> as 
> >>>> dom0 to narrow it down to a qubes or xen issue, or try newer fedora 
> and 
> >> see 
> >>>> if its a kernel issue. 
> >>>> 
> >>>> I had similar issue with suspend ot ram,  but upon resume sys-net has 
> >> no 
> >>>> network.  restarting module or network connection doesnt' work.   the 
> >>>> suggested fix of blacklisting network driver module for my desktop in 
> >> the 
> >>>> qubes file, in my case ethernet, didn't work either. 
> >>>> 
> >>> 
> >>> I know it's been a  while, and I'm hesitant to resurrect an old 
> thread, 
> >> but 
> >>> I put this on hold for a bit. Also, this system is my daily driver, so 
> >>> re-installing would be a big interruption. 
> >> 
> >> (Just chiming in here so sorry if I missed anything important) 
> >> 
> >> You don't have to reinstall, just try suspending in a Fedora 25 and/or 
> >> Fedora 30 live CD. In my experience, if suspend is going to work at 
> all, 
> >> it should work in a live CD just the same. Worth a try, considering 
> it's 
> >> trivial to do. 
> >> 
> >> - 
> >> This free account was provided by VFEmail.net - report spam to 
> >> ab...@vfemail.net  
> >> 
> >> ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of 
> >> the NSA's hands! 
> >> $24.95 ONETIME Lifetime accounts with Privacy Features! 
> >> 15GB disk! No bandwidth quotas! 
> >> Commercial and Bulk Mail Options! 
> >> 
> > 
> > I must be tired or something (for a year?? :) ) but I completely forgot 
> > about a live-USB. 
> > 
> > Just grabbed a copy of Fedora 30, and it suspends successfully. Both by 
> > hitting the power button, and by choosing the "pause" icon from the user 
> > menu. 
> > 
> > Thanks for the reminder! 
> > 
>
> Not sure of your situation, since for some reason I'm not seeing the 
> whole thread. (For some reason, sometimes mid-thread replies show up as 
> the root of a thread for me, earlier replies sometimes don't show up at 
> all, and/or replies will show up as individual, out-of-thread messages.) 
>
> ... but that probably means that the relevant drivers aren't in F25 
> (whether originally or by updates). I ran into the same issue recently; 
> bought-new a relatively recent laptop, which fails to resume on F25 and 
> Qubes but resumes flawlessly on F30 and Ubuntu 19.04. i.e. The hardware 
> is too new for the software. 
>
> You could try upgrading to the testing or unstable dom0 kernels (up to 
> 5.9 available, I think) and Xen versions. In my case, interestingly, 
> this didn't work. F30 with an older kernel worked, but not Qubes (F25) 
> with a newer kernel. So apparently userland plays a role as well. 
>
> Beyond that, there's no remedy that I know of. I remember reading 
> somewhere that upgrading dom0 to F30 is more or less impossible, and I 
> don't think minor releases (R4.0) ever ship newer Fedoras. You might be 
> able to narrow down what userland components are responsible, and 
> upgrade them specifically, but I have no idea how to go about this (if 
> you do, let me know!). And finally, while there are pre-release R4.1 (w/ 
> F30) builds available, I'm guessing it'll probably be at least another 
> year or so until we get an 

Re: [qubes-users] Re: Suspend to RAM not working

[drogo]

On Tuesday, September 10, 2019 at 5:22:32 PM UTC-4, Claudia wrote:
>
> drogo: 
> > 
> > 
> > On Sunday, June 24, 2018 at 10:12:17 PM UTC-4, cooloutac wrote: 
> >> 
> >> On Friday, June 15, 2018 at 5:59:46 PM UTC-4, drogo wrote: 
> >>> My newly built system is unable to suspend. The process starts, but 
> >> fails and ends up with just a locked screen. This is a desktop, so 
> there 
> >> shouldn't be any wifi drivers causing issues. But I'm not sure if 
> there's a 
> >> module that might be making it resume right away. 
> >>> 
> >>> Any ideas where to start troubleshooting this? 
> >>> 
> >>> HCL report is attached. 
> >>> 
> >>> 
> >>> Thank 
> >> 
> >> You can try to see if it suspends on the same baremetal feodora version 
> as 
> >> dom0 to narrow it down to a qubes or xen issue, or try newer fedora and 
> see 
> >> if its a kernel issue. 
> >> 
> >> I had similar issue with suspend ot ram,  but upon resume sys-net has 
> no 
> >> network.  restarting module or network connection doesnt' work.   the 
> >> suggested fix of blacklisting network driver module for my desktop in 
> the 
> >> qubes file, in my case ethernet, didn't work either. 
> >> 
> > 
> > I know it's been a  while, and I'm hesitant to resurrect an old thread, 
> but 
> > I put this on hold for a bit. Also, this system is my daily driver, so 
> > re-installing would be a big interruption. 
>
> (Just chiming in here so sorry if I missed anything important) 
>
> You don't have to reinstall, just try suspending in a Fedora 25 and/or 
> Fedora 30 live CD. In my experience, if suspend is going to work at all, 
> it should work in a live CD just the same. Worth a try, considering it's 
> trivial to do. 
>
> - 
> This free account was provided by VFEmail.net - report spam to 
> ab...@vfemail.net  
>   
> ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of 
> the NSA's hands! 
> $24.95 ONETIME Lifetime accounts with Privacy Features!   
> 15GB disk! No bandwidth quotas! 
> Commercial and Bulk Mail Options!   
>

I must be tired or something (for a year?? :) ) but I completely forgot 
about a live-USB.

Just grabbed a copy of Fedora 30, and it suspends successfully. Both by 
hitting the power button, and by choosing the "pause" icon from the user 
menu. 

Thanks for the reminder! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/331d268f-002a-4f25-8a0d-c19c91d0b630%40googlegroups.com.

[qubes-users] Re: Suspend to RAM not working

[drogo]

On Sunday, June 24, 2018 at 10:12:17 PM UTC-4, cooloutac wrote:
>
> On Friday, June 15, 2018 at 5:59:46 PM UTC-4, drogo wrote:
> > My newly built system is unable to suspend. The process starts, but 
> fails and ends up with just a locked screen. This is a desktop, so there 
> shouldn't be any wifi drivers causing issues. But I'm not sure if there's a 
> module that might be making it resume right away.
> > 
> > Any ideas where to start troubleshooting this?
> > 
> > HCL report is attached.
> > 
> > 
> > Thank
>
> You can try to see if it suspends on the same baremetal feodora version as 
> dom0 to narrow it down to a qubes or xen issue, or try newer fedora and see 
> if its a kernel issue.   
>
> I had similar issue with suspend ot ram,  but upon resume sys-net has no 
> network.  restarting module or network connection doesnt' work.   the 
> suggested fix of blacklisting network driver module for my desktop in the 
> qubes file, in my case ethernet, didn't work either. 
>

I know it's been a  while, and I'm hesitant to resurrect an old thread, but 
I put this on hold for a bit. Also, this system is my daily driver, so 
re-installing would be a big interruption.

I tried combing through system logs as well as running a stack trace on the 
suspend command. I've also changed video cards, as I was using Nvida 
before. 

sleep fail in logfile = https://pastebin.com/xtC7t4GY
trace output of suspend cmd = https://pastebin.com/WpfX7JPg
new HCL = https://pastebin.com/dqtP4snc
lspci output = https://pastebin.com/PedWnPUr

I changed video cards to a Radeon HD 8570. That seems to bring new issues, 
as before the system would attempt to suspend, but fail, then come back up 
and be usable. Now it fails to suspend, and when it comes back up, the 
display is mangled and unusable. 

Do I have to do any tweaking for the video card now that I've changed? 

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1cb0958-3aaf-4076-a360-d50d23f93ed2%40googlegroups.com.

Re: [qubes-users] Caching update packages for templates

[drogo]

Thanks!  I'll keep an eye on that thread/issue.

I gave rustybird's qubes-update-cache a try on my laptop and it seemed to 
work well. I also came a cross a way to implement squid transparently on my 
firewall (pfSense), which I'll give a try later on since I've got many 
systems to update besides qubes and tend to update everything all at once

Thanks again!

On Wednesday, August 7, 2019 at 11:38:15 PM UTC-4, Andrew David Wong wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA512 
>
> On 07/08/2019 7.55 PM, drogo wrote: 
> > Is there an easy way to enable caching for template update 
> > packages? It's annoying to have to download hundred of megs over 
> > and over while updating templates. I see there's already a proxy 
> > configured and listening on port 8082, so can I just enable caching 
> > of those packages somewhere in Qubes' networking stream to speed up 
> > those downloads? 
> > 
> > Thanks. 
> > 
>
> Please have a look at this issue: 
>
> https://github.com/QubesOS/qubes-issues/issues/1957 
>
> - -- 
> Andrew David Wong (Axon) 
> Community Manager, Qubes OS 
> https://www.qubes-os.org 
>
> -BEGIN PGP SIGNATURE- 
>
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl1LmRoACgkQ203TvDlQ 
> MDCefw//a3nMQJIGYgtRPLsEV4jCqMyiUDiAZsiF4LWBy6qUqKWB2TSnzLK3IHOx 
> jFfcG7sTgQfi6teJiH9wvLralkOHA3pMT/PlJKBDUASOzjnqEE2mirUgGTR8DgCt 
> EROTcQ1hCYswH7M3FiQ2lR3Hv3Br6W1elt/bbOl55U3sTQ3dvVFcMrZP+c1iW5Si 
> xOJW9r3Ndu058sQkCl4RkLG/b3BnyFTEkbhcYqUA9MgJJFdjImA+g0VgYy7Cg1xD 
> VU+7xoFmtFB50RaAKFjX1wdfj1oaH0IHQHt1SyImtR7oUR+S6WaEnxcuvZS6iz5R 
> 8wEjFuYnVcZ+IScyG4iQqoJdYyfnYA61oh0hu/SBQMEfcm5uqJv1NzEOwK2T8WAH 
> 9HHO89q3HftI2B8ycI/Qq1QaZBilLI5fcQi5VbcKLx/iTcD5AlF6tx6eHJpcUycT 
> fSwhc7MQU8t0B4xya6TiyiC4k3Q1VQlBZDtOL03ABYokFWcAofFPE7EMDrgHxrge 
> 3ynCMIUywRVIMoq4xSY5LF4ZQIJek/yE2quUeVJ+MMyzpd03U58kHkbHTXLEDVgg 
> TGqS1cRZ5dWYiewAesd1JvuLwtX34wl1SaNEvpd8EE0C/1/kmX6iPs9BK5MprdsI 
> bhTqOCY7ZfUB+KLOcBMz2Aojt8TfWhDSrBg9gmzS2xGmMiDMhWI= 
> =U1wT 
> -END PGP SIGNATURE- 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f55a0c3-2e02-452c-85c3-593404feb68f%40googlegroups.com.

[qubes-users] Caching update packages for templates

[drogo]

Is there an easy way to enable caching for template update packages? It's 
annoying to have to download hundred of megs over and over while updating 
templates. I see there's already a proxy configured and listening on port 
8082, so can I just enable caching of those packages somewhere in Qubes' 
networking stream to speed up those downloads?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1309e16c-45ed-4660-aefe-3e2216ecb562%40googlegroups.com.

[qubes-users] Re: Split gpg is just too cool.

[drogo]

On Wednesday, December 26, 2018 at 7:25:09 PM UTC-5, John Smiley wrote:
> On Wednesday, December 26, 2018 at 6:49:47 AM UTC-8, Brendan Hoar wrote:
> > On Tuesday, December 25, 2018 at 9:56:40 PM UTC-5, John Smiley wrote:
> > > U2F Proxy is not so cool. So far no joy getting it to work. Someone on 
> > > reddit
> > > had similar issues and questions and resolved by installing USB keyboard
> > > support. That’s not mentioned in the Qubes docs and I hope we don’t have 
> > > to
> > > resort to that.
> > 
> > I haven't yet tried the U2F proxy, it is on my todo list.
> > 
> > I'm also not quite so happy about the complexity of getting a security 
> > focused device (yubikey) working with a security focused OS (QubesOS). 
> > 
> > I believe I understand the nature of the yubikey problem, though: Qubes is 
> > engineered to protect you from untrusted peripherals...and this somewhat 
> > conflicts with the design of yubikeys on multiple fronts: we want to use 
> > yubikeys across multiple VMs (using devices across VMs increases risk); 
> > yubikeys are composite USB devices, which means they often have multiple 
> > endpoints for different functions (HID keyboard plus, CCID 
> > smartcard/javacard, U2F) which makes securely proxying them more complex; 
> > and for those who have serious safety risks, a fake yubikey could destroy 
> > one's opsec in multiple ways...even a real one could if you are not careful 
> > with your usage.
> > 
> > In my case, I have decided to somewhat compromise QubesOS security a bit 
> > and disable the USB/HID keyboard protections in Qubes dom0 for now so that 
> > I could log into LastPass with my yubikey OTP in a couple of my VMs without 
> > too much fiddling. I have kept notes on the changes and how to reverse them.
> > 
> > So, as I said above, I haven't addressed the U2F compatibility on my 
> > current R4 build (but neither do I have a multipmedia VM set up with Chrome 
> > yet :) ). So, I use my backup method of yubico authenticator on another 
> > device and type in six-digit TOTP codes instead of using the U2F 
> > functionality.
> > 
> > Anyway, I suggest keeping a running log of modifications/configurations 
> > (both TODO and done) somewhere easily accessible across devices (I use a 
> > google doc) to speed future configurations/rebuilds. I don't keep anything 
> > that needs to be secure there, just notes, simple scripts, etc.
> > 
> > > If that were a requirement, surely the docs would have
> > > mentioned it.
> > 
> > Haha. Er, I mean, that *should* be the case... :)
> > 
> > Brendan
> 
> Complex?  Yes.  Separating the USB stack from the browsers and being able to 
> lock down which browsers can access which keys (ex: banking Qube, shopping 
> Qube, Gmail Qube, etc.)  Brilliant and worth the complexity.  Just need to 
> get it working now...  Docs are leaving something out.  I will either update 
> the doc for file an issue once I figure it out.

Just for some extra info, I started experimenting with yubikey on my laptop as 
well as my desktop. Works fine on the laptop with Chromium, but is odd with 
Firefox. I have to disconnect the key after sending registration creds, and it 
will successfully register. Same for authentication with Firefox. I saw a post 
relating issues with FFX that you should register with Chrome, then just 
authenticate using FFX.

My laptop was setup with a separate USB qube during install. So I followed the 
qubes docs for the u2f Proxy and didn't run into any issues, other than the FFX 
stuff. (Also, I've got the little tweaks for FFX done). For my desktop, (which 
I'm just starting to test out), it wasn't, so I added a second USB card to use 
for everything else non-critical. Should have some info on how that goes later. 
The desktop has a USB keyboard. (Side rant, I wish more mechanical kbds worked 
well with PS/2).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7ed5594-21ac-493c-9f39-1385386e4e08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Updates broke an HVM qube

[drogo]

On Wednesday, October 31, 2018 at 6:55:08 AM UTC-4, awokd wrote:
> drogo wrote on 10/31/18 2:14 AM:
> > On Tuesday, October 30, 2018 at 10:13:40 PM UTC-4, drogo wrote:
> >> On Friday, October 26, 2018 at 5:10:07 PM UTC-4, Mike Keehan wrote:
> >>> On Fri, 26 Oct 2018 16:58:09 -0400
> >>> Kyaphas Hill  wrote:
> >>>
> >>>> Sheesh, I should've thought of that. No luck though. Same result in
> >>>> another terminal window.
> >>>>
> >>>> I tried updating by typing "sudo yum update -y && shutdown -h now" in
> >>>> the blind. And while that command worked (it ran for a while, then
> >>>> shut down), the problem still persists.
> >>>>
> >>>
> >>> Hmm.  Did you try resizing the terminal window by dragging a corner?
> >>> I've a vague memory of seeing something like this in the past, but
> >>> not on Qubes.
> >>>
> >>> Mike.
> >>>
> >>>
> >>>> On Fri, Oct 26, 2018 at 6:39 AM Mike Keehan  wrote:
> >>>>
> >>>>> On Thu, 25 Oct 2018 10:47:33 -0700 (PDT)
> >>>>> drogo  wrote:
> >>>>>   
> >>>>>> I recently updated a fedora 28-based qube that I have running in
> >>>>>> HVM mode. I also updated dom0 at about the same time. So I'm not
> >>>>>> sure which update caused the issue.
> >>>>>>
> >>>>>> Now when I attempt to start the qube, the terminal for the
> >>>>>> template (and its dependent appVM) will only display what looks
> >>>>>> like static. Or if you're old enough, what the TV looked like
> >>>>>> when you messed with the horizontal hold too far. :)
> >>>>>>
> >>>>>> The VM seems to be running, as if I type "shutdown -h now" in the
> >>>>>> unintelligible terminal, the VM shuts down.
> >>>>>>
> >>>>>> Any  tips? I'm hoping to avoid having to re-build this qube from
> >>>>>> scratch.
> >>>>>>
> >>>>>> Thanks.
> >>>>>>   
> >>>>>
> >>>>> Try a different terminal emulator - xterm, xfce4-terminal.
> >>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to a topic in
> >>>>> the Google Groups "qubes-users" group.
> >>>>> To unsubscribe from this topic, visit
> >>>>> https://groups.google.com/d/topic/qubes-users/nP_6mgtX0eY/unsubscribe.
> >>>>> To unsubscribe from this group and all its topics, send an email to
> >>>>> qubes-users+unsubscr...@googlegroups.com.
> >>>>> To post to this group, send email to qubes-users@googlegroups.com.
> >>>>> To view this discussion on the web visit
> >>>>> https://groups.google.com/d/msgid/qubes-users/20181026113932.3ba50a6e.mike%40keehan.net
> >>>>> .
> >>>>> For more options, visit https://groups.google.com/d/optout.
> >>>>>   
> >>>>
> >>
> >> Moving the terminal windows around doesn't help. I decided to build 
> >> another HVM template from scratch, but got the same result when I set the 
> >> kernel to "none" and the virt_mode to "HVM".
> >>
> >> Then I tried setting the appVM back to PVH and a qubes kernel. It booted 
> >> fine. But of course my ZFS modules are compiled for the latest 4.18 distro 
> >> kernels, so they don't load.
> >>
> >> So, something about the distro kernel doesn't like the new updates for 
> >> dom0?
> > 
> > I meant resizing the terminal windows. Not just moving. Tried that on both. 
> > Fullscreen, minimize, etc.
> > 
> > Thanks.
> > 
> 
> https://github.com/QubesOS/qubes-issues/issues/3178#issuecomment-397874838

I thought I had already replied to this, but apparently not.

I checked the above link and sure enough, I had several issues with modules on 
the distro kernel. I attempted to rebuild them, but it still didn't work. So I 
ended up compiling the zfs modules on a new HVM template after applying the 
manual u2mfn re-build, and that worked. I then pointed my old appVM to the new 
template, and am all set.

Thanks for all your help!!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ca96b18-6d4d-4132-8175-980ae46846ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Updates broke an HVM qube

[drogo]

On Tuesday, October 30, 2018 at 10:13:40 PM UTC-4, drogo wrote:
> On Friday, October 26, 2018 at 5:10:07 PM UTC-4, Mike Keehan wrote:
> > On Fri, 26 Oct 2018 16:58:09 -0400
> > Kyaphas Hill  wrote:
> > 
> > > Sheesh, I should've thought of that. No luck though. Same result in
> > > another terminal window.
> > > 
> > > I tried updating by typing "sudo yum update -y && shutdown -h now" in
> > > the blind. And while that command worked (it ran for a while, then
> > > shut down), the problem still persists.
> > > 
> > 
> > Hmm.  Did you try resizing the terminal window by dragging a corner?
> > I've a vague memory of seeing something like this in the past, but 
> > not on Qubes.
> > 
> > Mike.
> > 
> > 
> > > On Fri, Oct 26, 2018 at 6:39 AM Mike Keehan  wrote:
> > > 
> > > > On Thu, 25 Oct 2018 10:47:33 -0700 (PDT)
> > > > drogo  wrote:
> > > >  
> > > > > I recently updated a fedora 28-based qube that I have running in
> > > > > HVM mode. I also updated dom0 at about the same time. So I'm not
> > > > > sure which update caused the issue.
> > > > >
> > > > > Now when I attempt to start the qube, the terminal for the
> > > > > template (and its dependent appVM) will only display what looks
> > > > > like static. Or if you're old enough, what the TV looked like
> > > > > when you messed with the horizontal hold too far. :)
> > > > >
> > > > > The VM seems to be running, as if I type "shutdown -h now" in the
> > > > > unintelligible terminal, the VM shuts down.
> > > > >
> > > > > Any  tips? I'm hoping to avoid having to re-build this qube from
> > > > > scratch.
> > > > >
> > > > > Thanks.
> > > > >  
> > > >
> > > > Try a different terminal emulator - xterm, xfce4-terminal.
> > > >
> > > > --
> > > > You received this message because you are subscribed to a topic in
> > > > the Google Groups "qubes-users" group.
> > > > To unsubscribe from this topic, visit
> > > > https://groups.google.com/d/topic/qubes-users/nP_6mgtX0eY/unsubscribe.
> > > > To unsubscribe from this group and all its topics, send an email to
> > > > qubes-users+unsubscr...@googlegroups.com.
> > > > To post to this group, send email to qubes-users@googlegroups.com.
> > > > To view this discussion on the web visit
> > > > https://groups.google.com/d/msgid/qubes-users/20181026113932.3ba50a6e.mike%40keehan.net
> > > > .
> > > > For more options, visit https://groups.google.com/d/optout.
> > > >  
> > >
> 
> Moving the terminal windows around doesn't help. I decided to build another 
> HVM template from scratch, but got the same result when I set the kernel to 
> "none" and the virt_mode to "HVM". 
> 
> Then I tried setting the appVM back to PVH and a qubes kernel. It booted 
> fine. But of course my ZFS modules are compiled for the latest 4.18 distro 
> kernels, so they don't load.
> 
> So, something about the distro kernel doesn't like the new updates for dom0?

I meant resizing the terminal windows. Not just moving. Tried that on both. 
Fullscreen, minimize, etc.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3feb8e78-4295-443d-8e90-fa0c92a2a798%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Updates broke an HVM qube

[drogo]

On Friday, October 26, 2018 at 5:10:07 PM UTC-4, Mike Keehan wrote:
> On Fri, 26 Oct 2018 16:58:09 -0400
> Kyaphas Hill  wrote:
> 
> > Sheesh, I should've thought of that. No luck though. Same result in
> > another terminal window.
> > 
> > I tried updating by typing "sudo yum update -y && shutdown -h now" in
> > the blind. And while that command worked (it ran for a while, then
> > shut down), the problem still persists.
> > 
> 
> Hmm.  Did you try resizing the terminal window by dragging a corner?
> I've a vague memory of seeing something like this in the past, but 
> not on Qubes.
> 
> Mike.
> 
> 
> > On Fri, Oct 26, 2018 at 6:39 AM Mike Keehan  wrote:
> > 
> > > On Thu, 25 Oct 2018 10:47:33 -0700 (PDT)
> > > drogo  wrote:
> > >  
> > > > I recently updated a fedora 28-based qube that I have running in
> > > > HVM mode. I also updated dom0 at about the same time. So I'm not
> > > > sure which update caused the issue.
> > > >
> > > > Now when I attempt to start the qube, the terminal for the
> > > > template (and its dependent appVM) will only display what looks
> > > > like static. Or if you're old enough, what the TV looked like
> > > > when you messed with the horizontal hold too far. :)
> > > >
> > > > The VM seems to be running, as if I type "shutdown -h now" in the
> > > > unintelligible terminal, the VM shuts down.
> > > >
> > > > Any  tips? I'm hoping to avoid having to re-build this qube from
> > > > scratch.
> > > >
> > > > Thanks.
> > > >  
> > >
> > > Try a different terminal emulator - xterm, xfce4-terminal.
> > >
> > > --
> > > You received this message because you are subscribed to a topic in
> > > the Google Groups "qubes-users" group.
> > > To unsubscribe from this topic, visit
> > > https://groups.google.com/d/topic/qubes-users/nP_6mgtX0eY/unsubscribe.
> > > To unsubscribe from this group and all its topics, send an email to
> > > qubes-users+unsubscr...@googlegroups.com.
> > > To post to this group, send email to qubes-users@googlegroups.com.
> > > To view this discussion on the web visit
> > > https://groups.google.com/d/msgid/qubes-users/20181026113932.3ba50a6e.mike%40keehan.net
> > > .
> > > For more options, visit https://groups.google.com/d/optout.
> > >  
> >

Moving the terminal windows around doesn't help. I decided to build another HVM 
template from scratch, but got the same result when I set the kernel to "none" 
and the virt_mode to "HVM". 

Then I tried setting the appVM back to PVH and a qubes kernel. It booted fine. 
But of course my ZFS modules are compiled for the latest 4.18 distro kernels, 
so they don't load.

So, something about the distro kernel doesn't like the new updates for dom0?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc645b01-31b7-419b-80a8-9de1e46a3cdd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: My farewell to Qubes OS!

[drogo]

On Thursday, October 25, 2018 at 6:21:51 AM UTC-4, Joanna Rutkowska wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Hello Qubes devs and users!
> 
> It's been nearly 9 years[*] since I sent the first internal email
> within ITL to Rafał Wojtczuk and Alex Tereshkin with the original idea
> for making Qubes OS. Shortly after this, we started drafting the
> original architecture and writing some early PoC code...
> 
> Today, I've made an announcement I'm switching focus to another area
> of work and joining the Golem Project as a Chief {Strategy, Security}
> Officer:
> 
> https://www.qubes-os.org/news/2018/10/25/the-next-chapter/
> 
> https://blog.golemproject.net/joanna-rutkowska-joins-golem-as-chief-strategy-security-officer-13f12f0c11c0
> 
> I'd like to thank all the people who made Qubes OS possible, which
> includes: the whole ITL team, all the community contributors, and, of
> course, all the Qubes OS users!
> 
> Qubes OS will continue under the lead of Marek Marczykowski-Górecki,
> who have been a de-facto lead for all the day-to-day development for
> quite some time already!
> 
> Thanks, Marek! Thank you, all!
> 
> Cheers,
> joanna.
> 
> [*] FWIW, the exact date was November 11th, 2009.
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCAAdFiEEtR14vbBDAuE0X2Ly1F2dklVl1NIFAlvRmTYACgkQ1F2dklVl
> 1NIiDxAAtwm3qM1Rq3ow67q5bLu+1VnuM0NQrN/crLu+FDOdaa9XNzSsdWz97UoN
> 2VsRO+RICNttrR7MAaWSgTXtBKOMuSXYc7s5r7VVFtx4qW0xyRaxbr7vBqJRDM5n
> 6eCLdjAFf1Xh8Ju5eDnBJGx41EIywO4Jba3z9+Ww2xyBycQAYY22yRQf6ANlWfwW
> XE0HgBuaJtAEReJc7qpzlG/iwLa/de1eqVa9kOS4HrESllE9wP7qXLrnmwr/yH19
> 2twe3QVS29uVYzPOam6PiCg1PN4AjsYKvihy/Tap11bYfdr1L8OjmE9+KrDPFPek
> MaWlkl/OoiFZsQHhj1somMfFNKH82oTW3zIAZCmmOZgQHgt6T1KDzjehFTASJeFp
> WNmvmowDYfcVYEdjEXQKP78mpxlYz6fChr/A4x3TX64+KsltdZA7l266OMfpXvL4
> Mja4SUvEKqLbyEQxCaDnOwm4cV7k/dHtOXE5fREzUfi+YVu14yVNkPRxg9UpgtCa
> sV/PY7AwOe4JqxV+8VlWWmX0amNf8ZEtz51F2eH6NZZYGaRtTXxTKW6Aad0XHg7p
> 8m2gvH8YWnGPX7ckofcpL7NHR5B6EauXoHKeQZgV9Ix0NQf2CNvBv5ZxZ7IYannH
> mJEcpgRYMtG5b8+x05hBCb7CP5T/tQpt2r5jIK3eqwEzcPY//H8=
> =1ZqA
> -END PGP SIGNATURE-

Congratulations on your new position!!

I've been using Qubes for a couple of years, and just wanted to say THANK YOU 
for all your work on it! It really fits well with my usage model and makes my 
life a great deal more convenient.

Wishing you all the best in your new role!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d2b9450-a01d-4eda-a95d-94f0282458ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Updates broke an HVM qube

[drogo]

I recently updated a fedora 28-based qube that I have running in HVM mode. I 
also updated dom0 at about the same time. So I'm not sure which update caused 
the issue.

Now when I attempt to start the qube, the terminal for the template (and its 
dependent appVM) will only display what looks like static. Or if you're old 
enough, what the TV looked like when you messed with the horizontal hold too 
far. :)

The VM seems to be running, as if I type "shutdown -h now" in the 
unintelligible terminal, the VM shuts down.

Any  tips? I'm hoping to avoid having to re-build this qube from scratch.

Thanks. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d0ea632-cfc2-48f8-b9b6-ce301ea9c9ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Yubico FIDO U2F Security Key and Qubes

[drogo]

On Wednesday, May 16, 2018 at 12:15:08 AM UTC-4, qube...@gmail.com wrote:
> On Wednesday, February 21, 2018 at 5:30:14 PM UTC, William Bormann wrote:
> > On Tuesday, February 20, 2018 at 2:58:18 PM UTC-5, Yuraeitha wrote:
> > > 
> > > wait hold on, just to be sure we're on the same page here. 
> > > Why would you bring up sys-usb? Putting a USB controller in sys-usb is 
> > > normally for the purpose to use qvm-usb/widget to virtually pass it to 
> > > multiple of other VM's, or just a place to hold it for keyboard/mouse. 
> > > Since the Yubi key didn't work for me by passing it away from the 
> > > sys-usb, but worked in the sys-usb itself.
> > > 
> > > If you have a controller to spare, you'd want to put it directly into the 
> > > AppVM. It's less secure than a sys-usb, but nonetheless, if you really 
> > > need an USB application working, which doesn't work in the 
> > > widget/qvm-USB, then you need to pass the USB controller directly into 
> > > the very VM where you need the Yubi key. This can also cause problems if 
> > > you need to switch the controller from one VM to another, for example you 
> > > can't run both VM's at the same time if they both try to claim the 
> > > controller, and if the USB controller has no pci-reset functionality, 
> > > then you need to restart the whole computer to be able to move it to a 
> > > new VM.
> > > 
> > > Just to be sure we're on the same page here?
> > 
> > We are.  I identified two approaches:  direct assignment of the hub to a 
> > particular VM, or, bring up sys-usb so I could easily assign the U2F key to 
> > any VM.  The latter seemed more flexible, but also more of a heavyweight 
> > solution.
> > 
> > In the end, I decided to simply assign the spare hub to the VM I would be 
> > using for most U2F logins.  If it turns out that I frequently need to use 
> > U2F on other VMs I'll revisit the sys-usb solution, especially since I know 
> > both work.
> 
> Could you detail the steps to make it work? I am using the sys-usb in the way 
> it came by default in QubeOS R4.0 , and attaching it to the needed AppVM 
> doesn't do anything for me.
> I am using a Yubikey NEO btw.
> 
> Normal storage USBs such as pendrives and such I have no problems in 
> assigning a AppVM from the sys-usb. I am only having problems with the 
> Yubikey NEO.
> 
> Regards

Has anyone gotten this working well with Firefox? 

I'm using a laptop with sys-usb and the qubes-u2f packages setup and installed 
(followed the u2f instructions in the qubes docs).

Chromium works fine, however, I'm seeing odd behavior with Firefox. When I try 
to use it (the yubikey) it causes partial non-responsiveness and I have to 
restart FFx. I have security.webauth.u2f (in about:config) enabled.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d60e5f5-3346-44ed-824e-d292f57b1581%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Redirection of DISP network traffic

[drogo]

On Wednesday, September 5, 2018 at 6:48:50 AM UTC-4, unman wrote:
> On Tue, Sep 04, 2018 at 08:01:27AM -0700, drogo wrote:
> > Is there an easy way to re-direct network traffic from disp VMs? I've 
> > already got a separate router for some outbound traffic, and would like to 
> > send traffic to that as a default gateway rather than my usual default gw.
> > 
> > Doing a quick look over the config (of sys-net), it seems like I might need 
> > a whole new sys-net serviceVM (and associated interface). Or is there an 
> > easier way?
> > 
> > Thanks.
> > 
> 
> You certainly can set up a new netvm, and I think that's the
> cleanest way of doing this.
> 
> An alternative would be to attach a second firewall to sys-net and
> change the routing on sys-net so that traffic is passed to different
> gateways, depending on which iface it comes in on. You'll also have to
> adjust the NAT rules for DNS to make sure that DNS is also redirected
> appropriately.
> I would only do this if I had real performance issues, and couldn't
> afford the overhead of another qube running, or only had 1 NIC
> available.
> Otherwise separate netvms per gateway is quick and easy to set up, and
> guarantees traffic isolation.
> 
> unman

Thanks!

I had a second interface available, so I got it setup pretty easily. Now I just 
need to get the firewalling squared away so I can isolate the traffic away from 
the rest of the internal network.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94905f34-224f-47a9-b341-0ff6a7f8c0a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Redirection of DISP network traffic

[drogo]

Is there an easy way to re-direct network traffic from disp VMs? I've already 
got a separate router for some outbound traffic, and would like to send traffic 
to that as a default gateway rather than my usual default gw.

Doing a quick look over the config (of sys-net), it seems like I might need a 
whole new sys-net serviceVM (and associated interface). Or is there an easier 
way?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b01e785-cec2-47c0-8c11-581bc580f5a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question about template VMs, modules, and kernels

[drogo]

On Monday, July 30, 2018 at 5:15:14 PM UTC-4, awokd wrote:
> On Mon, July 30, 2018 8:47 pm, drogo wrote:
> > I've cloned the fedora-28 template to a new one for use with ZFS (just in
> > the template/app VMs).
> >
> > The installation process went OK, but the zfs modules don't load. I
> > noticed that i have several kernels loaded;
> > kernel-core-4.17.7-200.fc28.x86_64 kernel-core-4.17.9-200.fc28.x86_64
> > kernel-core-4.17.4-200.fc28.x86_64
> >
> > But the running kernel is the xen kernel 4.14.41-1.pvops.qubes.x86_64.
> >
> >
> > I tried "dkms autoinstall" and it tried to build for the qubes version,
> > but it error'd out due to missing the 4.14.41-1.pvops kernel-devel source
> > code.
> >
> > Is there a trick to getting dkms to compile modules for that kernel? Or
> > do I have to install the kernel modules in dom0?
> >
> > I would prefer to just build them in the template VM.
> 
> Sounds like you'll need to run HVM. See
> https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm-r40
> .

Yep. That seems to have worked. I set the template and appVM to both be HVM, 
ran the grub setup on the template, and now zfs modules load properly.

Thanks!

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa4d5104-8bae-4729-9038-edeb301c54a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.