Re: [qubes-users] What's Next? (Connecting VNC to dom0)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Jul 25, 2024 at 02:09:02PM +, Qubes OS Users Mailing List wrote: > The server is a headless lights-out deal, and actually what I'd like to do is > connect x2go to dom0. But I do not know enough yet so tried to connect VNC. > > https://www.qubes-os.org/doc/gui-domain/#vnc-gui-domain-sys-gui-vnc > > A VNC server session is running on localhost:5900 in sys-gui-vnc. > > This is clear enough, although I have to take its word for it since a > terminal in sys-gui-vnc will not accept my username for unknown reasons. > > I really want to set its port to 5904 in this instance though, and I presume > this would be done in the template, although that would mean it’s set that > way globally which is undesirable. > > In order to reach the VNC server, we encourage to not connect sys-gui-vnc to > a NetVM but rather to use another qube for remote access, say sys-remote. > First, you need to bind port 5900 of sys-gui-vnc into a sys-remote local port > (you may want to use another port than 5900 to reach sys-remote from the > outside). For that, use qubes.ConnectTCP RPC service (see Firewall. Then, you > can use any VNC client to connect to you sys-remote on the chosen local port > (5900 if you kept the default one). For the first connection, you will reach > lightdm for which you can log as user where user refers to the first dom0 > user in qubes group and with corresponding dom0 password > > This is indecipherable. > > Running sudo qubesctl --all state.highstate took a long time, until the first > stage timed out as unable to reach the network. No wonder, /etc/resolv.conf > symlinks to a non-existant file under /run. Have no idea why. > > The remaining stages completed though and for some reason it chose the > Fedora40 template even though I’ve set Debian as the system default. > No idea what to do now. My recommendation is: 1. Create a _trusted_ VM to run WireGuard or a key-protected onion service. 2. Allow that VM (and _only_ that VM) to connect to sshd in dom0 via qubes.ConnectTCP. 3. Forward anything you need over the SSH tunnel. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmalUFEACgkQsoi1X/+c IsH3iBAAsbehCJJcLj0RIc7A6Gn4JyLT0BBp+SsHea7xfep4+sTun2MziLf9TwF+ EtnFUkW5t2PQychQMRGQASgqmSM66v907vKfb3q0ustwNB87PtSh+FB7tfD3Fp3u 5XQTQ0wvYRixAV9HGUaAorX3Uy5YF4wCirodBkcxOv+PrXxFQSxId4yV980oTENB Hq1wiFLDVNO775f/0ZZ0ZzYUc3EyVrpRX7dLEHHvLR1x1+vv1oCGRltwhjkWSMDI SfXu/TWeRbiHSLpuUMJiDc4gsioS+acjnQWR/GM4W3JcpPBCqf0WCQJmD7kdXKEK Q6cqkPlgp51XCuVafG1pWqJANtDDnIwZRd6iBlvv4vEvL2qxLdcYjZIFraSX/Smv APUD7vjhvUj6YzGCVsI0tsjS6ADaRsypwKByQn3UC9A1fTde0cELsrWIbhrpCyjV R7DjBDKswWulvtIeWEQMuRkqJrXsYxF2+tgfSsZogR2tzqP7/YfLfey20ueVuBLo ewqBfhQnXgzFmAFksqY2R13ee0NBoEltc75PLkKxtZqPKmmJcA0WE1xtAe0fmj9r jqiQD5SdZCAsNZ5FVMIwBEc8cX30CHmtXD+A1K6k4YvojuYVplPYBj7u5+AoHRxb rjh1wf/68Bffm8iZX6oy6jxROV2wqnYHJwSFRKK+0hLmxtdSIfI= =pJOH -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZqVQUtNGh_Rfdld3%40itl-email.
Re: [qubes-users] Qubes OS 4.2.1 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, Mar 31, 2024 at 03:45:29PM -0700, Andrew David Wong wrote: > On 3/27/24 2:57 AM, qubist wrote: > > On Tue, 26 Mar 2024 14:46:12 -0700 Andrew David Wong wrote: > > > >> ## What's new in Qubes OS 4.2.1? > >> > >> [...] > >> > >> For more information about the changes included [...] > > > > It would be much better to have a more detailed (yet concise) > > changelog. It is highly unlikely that the user will read pages upon > > pages of issues on a bug tracker, just to find out what is new. > > > > My $0.02. :) > > > > The concise changelog is already present, in the part you elided. Unlike > major and minor releases, the primary purpose of patch releases is not to > deliver new features or enhancements worth showcasing. Rather, the primary > purpose is to provide a secure and convenient way for users to install (or > reinstall) the latest stable Qubes release with an up-to-date ISO. > > Imagine if we had a major or minor release, then we didn't have any further > releases for a year. Users who wanted to (re)install Qubes would have to use > a year-old ISO, then immediately catch up on a year's worth of updates, which > could take quite a long time. Moreover, any bugs that affected the > installation or initial update processes themselves might be complete > blockers for some users. A security vulnerability in the update mechanism > could make that initial update risky. > > The purpose of these patch releases is mainly just to move up the "starting > point" so that fresh installations don't have as far to "catch up" before > they're on par with existing, regularly-updated installations. That's why the > main summary of changes is just "all the routine updates you would've gotten > if you had installed 4.2.0 and kept it up to date." Some of these routine > updates will be of interest to some users while being of no interest at all > to most other users. There should rarely be any that are of interest to *all* > users. (Those should usually go in major or minor releases instead.) With the obvious exception of security patches. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmYLKVsACgkQsoi1X/+c IsF/+A//UsDrsR/wwgeSJgGgIVkElvB+W4TWMCOsx7NSTjZ4yWXw7e63hOTvVGTo 6tegSUDcfYMUty27KJKSsjc9difhQUuDco/CEvK2DOLDpEKO8IJtHU18+3zrk+0N xweBTXuPD1T/FNbJAH3dKSdSsvXXmcqHW3FW6+q7AsnY3icg6zmdAsnqKVh7dylq b3NwWLva/JOn1sxa214kxJmRkfG53o01jv9QTDviYqmGb0FBJ7P6tXFIp9sEMNlX AqEGHF6Tj0fxQdvml3HlBZT0XZ265e6Th4xVhuA6titwML7HlIZDYu3AZP72u02E NPOOZ29rgrUwTQsNPgDzJe3eAgxEiynOnAiabLSwF4HW8A0yJVgR02Lm46Vr+Npg /LLxrmh4jRurhlpElvwA44nIenKpjprG5wFz48JHhrK+vyktxteyWTdvhE343nZh tQYUEj9hsNscPuiwuNmbxqAhsuNMndhRHAcL/H/r6Sw88NmYj0YiWH7+NtrilVAs Lp9S3oBeSjX+5QaD2abH8KnbjH7VdbynRFK1o3wXwUG/05KkT35RYw7eIojtDbCy QWJpykgJfy50xn97s5Mtm5TvkN5TnE9TQx1UIOia/36IZBwatdPtO/lPZGCpSaDZ 9IF64BucZGcZts2xJnwV0s9VPfPpG9XN4IiB1EZzg6ko0XLrsVA= =HFwF -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZgspXMfjRaMrx_Zo%40itl-email.
Re: [qubes-users] Tails VM: network broken since Qubes r4.2 (was online in r4.1)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Mar 28, 2024 at 10:29:15PM +, Stickstoff wrote: > Hello everyone, > > I have a difficult time with my Tails VM in Qubes (which I need for Tails > specific developing and documentation work). > It gets no network connectivity no matter what I try. With "network > connectivity" I mean the Tails VM can't even ping any network VM. > > I set up a Tails VM [1] a while ago on an up-to-date Qubes r4.1 system (so it > should be similar to r4.2?). After assigning the Tails VM a static ip [2], > it was online right away. Now I had to reinstall Qubes on new hardware, and > installed r4.2. I copied the old Tails VM into the r4.2, and it is stuck > offline. > I then created a new Tails VM, exactly the same way I did before with [1] and > [2], it couldn't reach any networking VM neither. > Next, I purged iptable [3], removed all routes [4] except the default route > and shutdown all network devices except eth0 [5]. > Still, there is no ping response even from the networking VM (which does > reply to other VM's pings). > > Finally, I used a regular Debian 12 live image to create another standalone > VM with [1]. It was online right away. > Tails is based on Debian 12 too. > The only meaningful difference between the Tails and the Debian VMs I could > find was that their default routes [6] look a bit different, where I don't > know if this might be related. > > So it does look like a Tails problem after all. But then, why was the same > Tails VM online when hosted by an up-to-date r4.1 Qubes and offline on > a fresh installed r4.2 Qubes? > I found hints online that others experience the same [7] symptoms of non > reachable networking VMs, where r4.1 vs r4.2 was brought up. > > > Does anyone have suggestions what else I might check and try? > I would be very grateful for any help. It would feel archaic and > counterproductive to use another machine for working on Tails.. > > Stickstoff > > > > > > > > > > > [1] Installing a live linux into a standalone Qubes vm: > Create a new standalone qube: HVM, 2GB+ memory. > dom0: sudo sh -c 'qvm-run --pass-io BrowserVM "cat > ~/downloads/tailsimage.img"' > /tmp/tailsimage.img > dom0: sudo dd if=/dev/zero of=root.img bs=1 count=0 seek=8G > # new empty 8GB root.img as sparse file > dom0: sudo dd bs=32M conv=notrunc status=progress if=/tmp/tailsimage.img > of=root.img # copy the image to the start of root.img > Tails: remove "live-media=removable" in grub bootloader (necessary at each > boot of Tails) > > > [2] Setting up networking in Tails: > dom0: qvm-ls -n TailsVM # get the IP that dom0 assigned > to the Tails VM > Tails: set static ip, netmask, gateway and dns > > [3] purge iptable rules, allow everything: > Tails: sudo iptables -F > Tails: sudo iptables -X > Tails: sudo iptables -P INPUT ACCEPT > Tails: sudo iptables -P OUTPUT ACCEPT > Tails: sudo iptables -P FORWARD ACCEPT > > [4] purge routes and add new default route: > Tails: sudo ip route del > Tails: sudo ip route add default via 10.137.0.9 dev eth0 > > [5] shutdown network devices: > sudo ip link set dev down > > [6] > ip route Tails: > default via 10.137.0.9 dev eth0 proto static metric 100 > 10.137.0.0/24 dev eth0 proto kernel scope link src 10.137.0.32 metric 100 > ^ > > ip route Debian: > default via 10.137.0.9 dev enX0 proto static metric 100 > 10.137.0.9 dev enX0 proto kernel scope link src 10.137.0.32 metric 100 > ^^ > > > [7] > https://forum.qubes-os.org/t/tailsos-template/23635/6 Does using the static route you have in Debian, and adding static neighbor entries for the peer, fix the problem? If not, can you try this command? $ sudo ip neighbour replace to 10.137.0.9 dev eth0 \ lladdr fe:ff:ff:ff:ff:ff nud permanent That adds a permanent neighbour entry. If it changes stuff it means that ARP is broken. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmYF+2YACgkQsoi1X/+c IsFJ8Q/+NTsgrVCFAqn3IHkWbgni8WJxwFHZ0spRiPxCb/B+iBQnS/tk5phId5Wn B8Sfscoq79vTlVZJrK7GoYfTTvgcd60xDj6HsQRy/ymyqhJ3SQtlw7l+xi//acDY 7A38Un+UXwN4QtGLQQ0mCqm8/YjeugqwHQq7sy7jodehjFDJkx021urlqob49xkc 40CFG6sI+PWZYMxzqphyICu2sMX8SnKzyKpPXJzKD3LSkFzukbVU3524EgGTv3Th Rfliq/tljOhaIzZQSNsTiLAi0aPblPQ9PlO0X5gC8rzPF7YPIwYfEDJIEM+41UH6 l0OuhkE21rXOBbXnijmtesTHHYUzIcOUQWIuTdMGjjBYRlQ1igrRzc8WvFXXr7d6 tWYvaHXfIimpcfcM3CE15aMXmoEfjTkoHfnkpscZECzqxK5fKz0bLyIqqeilr92t HLnKtWaiYnFXYcYtxwpWJ4vo4CdMMoJH1DEL6zM3EA3ajQsiN8Bx1T23qvFgj1wQ OjfepcB2xpbOCjX
Re: [qubes-users] 80x24 geometry used by qvm-console-dispvm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Mar 07, 2024 at 01:52:58AM +0100, Marek Marczykowski-Górecki wrote: > On Wed, Mar 06, 2024 at 06:16:03PM -0500, Demi Marie Obenour wrote: > > On Wed, Mar 06, 2024 at 10:49:11PM +0100, Marek Marczykowski-Górecki wrote: > > > On Wed, Mar 06, 2024 at 06:13:50PM +0100, Ulrich Windl wrote: > > > > Haven't done it for ages, but can't you configure the size using X > > > > resources? > > > > Like this: > > > > Now to set the size of the console itself, you would add this to the > > > > ~/.Xresources file:xterm*geometry: 127x37 > > > > > > It isn't the problem of changing xterm window size. It's a problem of > > > telling the target VM what the size is. You can probably do that > > > manually by calling `stty cols W rows H` inside (after you resize the > > > window), but I don't know how to make automatic. If anybody has some > > > idea, patches welcome. > > > > For PV consoles, I wonder if there should be a side-channel in the > > protocol. > > Maybe? I don't think there is one. BTW I think the same issue applies to > a real serial console too. SSH has such side-channel. And AFAIR telnet > does it in-band via some special bytes. There isn’t one _right now_, hence me proposing that one should be added. I assume that it would be sufficiently simple that if we need to do any conversions in dom0, those conversions could be done securely. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmXpFCwACgkQsoi1X/+c IsHDuxAAn9xSU4nS2iIdbQbOWGyD6QCJUkgriuLdf5MXYXAvzVvJ039jSYlf8/yZ AgRhHNhX5jBhXXV439sAL9Vv+uq6u8KGc1BMfYCzjBrS3HnwNqin8mex+ueF8LT9 l2nUYHr5XrCwclMYgJcD/hSmnx1J1dtKnih58Xz93Wc+GCmBo3tuomUIpFSPXORw O0THhHyWGzmGzNH8w82EdISz9nkiSOcXXuoINRSO+piP2leXzDpnIURq3YlajGa8 7JdflPUkgKP5jSOCS7jNLonN/IuiMYyLRmsh5LNKTUQv97mMXNz4zvFjmaDGc5xm 0MGkYrg2Nsu4FdiEZMzdaucO1U4xKekBFzhWTSy6d8lytvlPDRH4p9UOvQWLJfFl Wy21AoTHzaDBbob+voboBLaAiLbxEfPaAGVA3lzeLSCivexz2LKuXaKiuMJk0icZ Xru/xJ2CerlZ+aldsutVhn9AI84aN4mjpPfy1Ngo7ijTWtxGxHBwYV1bGF5lrbCJ ZUI20I3Q9TFWgiMDxRwRZXyg+vSXIJRVW2kSHlGJP4IWRTuBeIlOM9BoNVuXSLFH 0GnQBAZQoiq+1MvCvZFx2R46h9Ne0ByWaPas7cTQ8t8kNwdPZz255wfzcu1JOBMA t4KJ9MVA2xPxaYM6Y+gOTbhPWXhCzaEAIlZxvw228Yazbxm67BU= =ErqT -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZekUK_wgASUIjqHo%40itl-email.
Re: [qubes-users] 80x24 geometry used by qvm-console-dispvm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, Mar 06, 2024 at 10:49:11PM +0100, Marek Marczykowski-Górecki wrote: > On Wed, Mar 06, 2024 at 06:13:50PM +0100, Ulrich Windl wrote: > > Haven't done it for ages, but can't you configure the size using X > > resources? > > Like this: > > Now to set the size of the console itself, you would add this to the > > ~/.Xresources file:xterm*geometry: 127x37 > > It isn't the problem of changing xterm window size. It's a problem of > telling the target VM what the size is. You can probably do that > manually by calling `stty cols W rows H` inside (after you resize the > window), but I don't know how to make automatic. If anybody has some > idea, patches welcome. For PV consoles, I wonder if there should be a side-channel in the protocol. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmXo+TMACgkQsoi1X/+c IsHNShAAn9edCHCMdfv5wO9UzhBcf3uAwK5TdlW0bD3Zy9rDZcmkk8wN8NIHsc0V CQxvoGUYrSYHR4i3y+49rMG3MUUvSIqVMinjNyMskapWZeLqr7KIU+EhA03Vr6lG kS0xkamCNvOP5copx7G9A655c5cpxGOxitGxyC4iP6RhBhiUSWqxmo9m6sPPFwV4 qa/a28KEIC6e8d0FxEDGk6y7QqyA/oXCrLg5BgY9odPOj4W4Y1ABqldpREoITeQZ e3H5rnRJnKd7qcHjz3iz9r0PxG6InFOZPf7+7MfF83zvlTSHYCGVtkiHbBtxjBI1 Q/O0UjWXDpsOV/RSiuTGXld4OG56Q+ZG/RUROS+PuGpQVIfV4Ex4sl/qj2ttDvxp +sUTdiWB76E6PYtxVEZRkYwSTN+Y0F9xw/aUoejNNZk+DGJgOj9p62WrLRTLQU/e 9hAv+8Wd9ew04wJkxNlAMFm/plKpVAb88DJFHSsNGDcC6+RTKFkioqAtli71Yd63 mEReuX+VbBo6kWHEPCDYYjwgf6dmorEvbAKqJUNOvUX2jI3kCavYkgPlH9dgAF7Q tMZ/kupyfy4F/KGzAO76275ZzeyiMhePuKLnXEey31PTs246Z1HRHtUJMABnJulO JJxNPLE1IEuUpCqmO8AZo4yT6PzcY7L9r63QN0D3G6XNMZH0yh0= =HeWx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Zej5M30rCvKJBnfZ%40itl-email.
Re: [qubes-users] issue with URL handler in Thunderbird: started VM receives truncated URL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, Feb 23, 2024 at 02:34:27AM +, Qubes OS Users Mailing List wrote:
> Just realized I sent this as "reply" instead of "reply all". Sorry for
> the spam, Ulrich, but I want to make sure this is visible to others who
> might have a similar problem.
>
> I think the problem is that the URL doesn't end up getting quoted on the
> other end. When this is sent:
>
> [quote="Ulrich_Windl1, post:3, topic:24602"]
> #!/bin/bash
> qvm-run-vm '$dispvm' /bin/firefox "$1"
> [/quote]
>
> The VM will end up getting the URL value with no quotes, because the
> quotes in that script are only for the local bash interpreter, not sent
> to `qvm-run-vm`. The whole expression is quoted in the exec line, but
> bash will interpret the line so the ampersand causes a background
> process to start instead of being incorporated in the URL.
>
> I'm not sure if this is a problem in `qvm-run-vm`. Some people might
> want to take advantage of the shell interpretation. And since the caller
> is able to run any arbitrary shell command anyway, problems like leaking
> environment variables aren't particularly relevant (they have permission
> to see that if they have permission to run arbitrary commands, and
> output is returned to the caller by design).
>
> I would guess that updating the `run-vm-firefox` command to quote the
> URL within the double-quotes will fix it. [Also note that the `$` is
> deprecated, as described in this
> article](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/#security-in-symbols).
>
> The new symbol is `@`; I have only used in in policy files, but I assume
> that it will work here too so long as you are running 4.1 or newer. So
> the new file would look like this:
>
> ```bash
> #!/bin/bash
> qvm-run-vm '@dispvm' /bin/firefox "'$1'"
> ```
I suggest escaping single quotes in the $1 and adding a "--" before it.
This prevents command injection attacks via a malicious URL.
So the result might be
```bash
#!/bin/bash --
exec qvm-run-vm @dispvm /bin/firefox -- "'${1//\'/\'\\\'\'}'"
```
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmXYFjsACgkQsoi1X/+c
IsHcAhAApDWk48QftzKO5NKdrpelrUZLJ0whO4VK98wW4aONFGyE2UpyTcfD+Nyu
wPmrdFcsyb1s1aR4T+9LRKnRe+cdad5ik7p9eDwbMEl1VKqCE5wZOiYqmOhiQ/XY
RRjVNSlHiiuRhbIWGmZDQcZ5H6pOfxud0UwcxGoJ5mjoe8RezEaxQ/Keibx25mKQ
uYK9WxNsk0ih7hIcaLeyCMxMwwZJmiDVP4dIfw121xh/IhrZfJ9gGBwKYLUqBl0u
esz3igOu91Yz8eFODscUC5rwPoXUgdOOEpmi+I7GH7Mz2ORgg+GXgGOfPf6+gi90
DMcDCbBXR9vcLVC4OlOe6vy/KQ7YxXqJe2V7m5snmYVibDmJshBPB7gop9ZeW3gr
8JpY3/WKPgFaxtPANi+wtrZ2LhJjMiPH3B+2MHZwaHTDADExw+t9F4NqXCTwj8gO
qH2z9d6tTJtDDQ+fC47xPwGfhkMHaxiEGysvmFYMfH4rCaWcRrRQpz1u0A4U1YEz
wAFbtkoE6SEL7bCchcN0Ey/T4x38MWJw6u3oIRvhwGpn1VOOMnl9bQSU6EHbImy3
Cb3eg94BZIo9wkNOp7VPxiHxav1dgFJXpGy/U2J687wtmgsnImSpRqh8H+lmxsix
pWl/ulZRt0EE7Y44Oo7BYJIqtPr5s+8yr8NsxM2QmAZ4nAdCH1E=
=CD88
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ZdgWO-3Ykm_f4bUE%40itl-email.
Re: [qubes-users] "GVFS is not available"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, Aug 26, 2023 at 10:39:22PM -0700, Andrew David Wong wrote: > On 8/26/23 8:55 AM, ales...@magenta.de wrote: > > Steve Coleman: > >> > >> > >> On Sat, Aug 12, 2023, 12:54 PM >> <mailto:ales...@magenta.de>> wrote: > >> > >> ales...@magenta.de <mailto:ales...@magenta.de>: > >> > I am using a fresh installation of Qubes 4.1.1. > >> > > >> > When I use the File Manager Preferences tab there is a message > >> > indicating that GVFS is not available. > >> > >> > >> You need to install the gvfs package in the template you are using for > >> your AppVM. > >> > >> It's not a standard package installed by default because it relies on many > >> other packages. Do a search in your flavor repository (fedora,debian,etc) > >> for the package and install it in your template, and then restart your > >> AppVM. > >> > >> > >> https://wiki.gnome.org/Projects/gvfs <https://wiki.gnome.org/Projects/gvfs> > > > > But this is not an AppVM or a template, I think. I am seeing this message > > from Dom0 environment. > > > > Troubleshooting Steps: > > a) Boot Qubes 4 and enter password to start login session > > b) Open Qubes menu in top panel > > c) Open System Tools, File Manager Settings > > d) Open Advanced tab > > > > The window title is "[Dom0] File Manager Preferences". > > > > Here is the message under a title "Missing dependencies" and inside a blue > > box: > > > >> It looks like gvfs is not available. > >> Important features ... will not work. > > > > It seems like this must be a problem I must fix. > > > > No. It is recommended to avoid using the GUI file manager in dom0. Should the default install omit the GUI file manager in dom0? Having it and telling people not to use it is rather strange. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmTri14ACgkQsoi1X/+c IsGRoQ/+JSZA5vqBfEeGT8gyFt3eUPmEH5ufDoOfMwtJWICBBQpxZRlUtnMjB0pP 4ijM76s4Ot/i6Rnzw7DatIkMqYeOz6/E/C3yHeJ3IroL3DugAY+B7AmsKbTtUEqu couh4QnvdFQBBu0uXYrOup+iSfzAfl2/GR+6v3QtojCe7rv8sWmYc7pw18xDtJF8 baS5ckYjSLC1AHZZAqc96DCdoaLlxdu9whQCgRxqm8zV3qfWo92edXmc8qHWKDuR lsQzVIG/fQ6gkdXqG9nbCTDFNh3SzNNCEHvKjWL+OGTagwjdZHjFiKD7CnjNAI/h uzRG+peYuMUSYNZLeqVv8PZyzP/dT1uayQkKDcd11X7zQNd7ijjmRgnO8BGO+Kev JP7fQ2sO4hHvu/iic8Wnc85AvQULxFqyWTuSeVs3EJIg8LvIMoK+SCocBPsNMV7T a2sPN0/mAYxwcFO4Aray3OVX+7eSGFVadrSOBEcfO2SxCeLlkf4xPha/0n7EO23Z 8JQBlmMetHkxnSkGHq1zgRe6KSF/OiIZtCQpmKv3zkKzUKfT3JqWXLrxOoVp/6Yl t5nlN/KHhFzLvOXL3SrOvHE0Zq52SjPuGSghiEOKEMR3J2FVhcTxeZdnVRnwHMUe wy+5WxR2b8FF3Vr3bsgMfVXyXmy3cviHIf+ubnpnctvi8e0JTao= =ovsx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZOuLXfByN6F55OvJ%40itl-email.
Re: [qubes-users] Best practice VPN in Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, May 13, 2023 at 10:57:00AM +, Qubes OS Users Mailing List wrote: > Andrew David Wong: > > On 5/12/23 4:31 AM, 'taran1s' via qubes-users wrote: > > > If anon-whonix AppVM is set to use mullvad-VPN that is connected to > > > sys-whonix it doesn't connect to internet. If one uses Debian or Fedora > > > based AppVM and runs vanilla Firefox, it works like a breeze. > > > > > > Any ideas how to solve this? > > > > > > > I think that's by design. Whonix does that to protect you from accidentally > > compromising your own privacy. > > > Thank you for the answer Patrick. It is possible. The question is how does > one use VPN over Tor in this case with Torbrowser that doesn't compromise > the privacy (see the use case below please). > > The use case is to connect to a service like Twitter that is not Tor > friendly from a static non-tor IP address (VPN), but at the same time hide > my real IP address from the VPN provider by using Tor before I connect to > the VPN. > > Some services, like Twitter even if they have onion site keep forcing me to > reset password periodically, reminding me that there is a suspicious > behavior (just by connecting from Tor, not even posting anything) in an > endless loop. > > I would like to use the anon-whonix-twitter AppVM Torbrowser specifically > for connection to that particular account only and nothing else, no other > apps or even websites ever used in that anon-whonix-twitter AppVM. > > Do you have any advice how to enable Torbrowser in the anon-whonix-twitter > to work in the VPN over Tor scenario? I would use the onion service and deal with the Twitter-side brokenness. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmRflBQACgkQsoi1X/+c IsG/ohAAs0r584ZGCNUOAeJ6+ViAjTiN/PllOsErT5SRIrMqBbJH3anB6DKQMGE5 aW+Y4H4xzmQh449LYhz8yVfHlMb0551m6ROTGainEKSneVFafKkMCR5E2Yl+jde+ CRCLGFZVQ9MZlrhMuehPWJ0jZXxI0DGuamm0o65Cgi/qiGGSuZqs3B+ZWLHQA2ZN vIYwSyiw2eG4bY5/dpofXFZeDuNY+qkkXEWzLa1Fm//J/iC+Q2AJLi4ap5w2dyOn THNhSW+ouPowjXSuzASwD8P3P3s0h2/9Yma1PgkV8xwtn6ACS8oTtdoZp8iycd7a yNOTNNEo0wGapSrLrUrZJCYttNTAEqwdyeyrUHv4/C1BQxOJQHzEXh6w/VDtepmD lbZd6roSNBZ+wK8grcmq5nRUEFxTEu+/LkF0fSDTOEvbIwbaPYY572S/GQjJwK9N 7sJbFJgHDWGqEwalXKibPacRQ6WwO9I/E+xq6R+jktgBsEadnLkFNocFhxx6fqoz oXe5RoJxHw/li/7KVBmliu01SHho2Zhosdhx/cDKT6l8TLphPZPOK9TbQ2nUzFwa m6RaDpHpQecRqvJlRUz4FSEp9FjFjBEcW35n2DJKBaV2aWudB4C2ROPbfHbk2HiV d6pgo30pyr3vx+QpAjXdmYP2XBLnnLoIIX726dK6vH3n5+JKCIU= =X7Te -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZF%2BUEjd6huPK7Fu1%40itl-email.
Re: [qubes-users] Re: QSB-089: Qrexec: Memory corruption in service request handling
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, May 11, 2023 at 11:00:41PM -0700, Vít Šesták wrote: > If the process is not reused, just an update without restarting anything is > enough, isn't it? (This wouldn't be the case if the process was forking > from a zygote.) The process forks for each request, so one will need to kill all currently-running qrexec-daemon processes to be protected from this vulnerability. The simplest way to do this is to reboot all domUs. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmRffrwACgkQsoi1X/+c IsE+aBAAyAIS9c03+E6KQJAuKBwoa02szKGHbqUHHUtUCX1t961jXCq8Li/MC14e qEUBrZdniIgvcszPLJ4SDH1nIVCovimUu4a1Z+gN/ofvTrxcAH+kSzxth30aIIuE foh4LGFEZLZVng72X002917lDquw0hs0BaMBKzP/JhKAAlpkDIivEbCn7vOvztET hSCRK4mBhfur1gSogkPF69vJnOfoq4FFz2GIsBaWfDF6j0hfmddUbk+mU2f5ooH/ mg7AUFCfltR7GO7swHksFX+S7p+tI/L6VfoxARFjarHZ4f4PYEEXrV/LQXusL60x /oPDOap8AlmPksjC/OITLRCV11jACjeQCIUX2r9pE8KioXmElrNsKKKMAKjf6FSr fy3ylxX3o1cdX1DhHDpbVtv8GM/6nXPfSDg2sbF3AmMTHh1kfOx5GWp32F+BBL3a pI3AuJbXMirrXRVNIDRsdxQ8v+TwEK0jRaI5Z/IbL2kClMODgwBHuZZ8l1xFTFXG xVfWbrbLvhJC9qupoWTKJKIyjmlisF9Q8vQZm2KURgQ0/qO5oesGf8X+XdkynCqO VTjZvxN/UpvAmxvbQB9YxCwO6hAhvdPLNz70uE8C8PDiMWS3VM2iAAoRLSb7CqTz kmkAXkC4M7Y9wKthgY20I4ZFOc2dvvdoV5uXPMG75La0lOQoG0A= =dX/W -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZF9%2BugKzSKnf6Ah%2B%40itl-email.
Re: [qubes-users] Data recovery -- thin provisioned LVM metadata (?) problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, Apr 25, 2023 at 08:19:48AM +0200, haaber wrote: > Dear all, > > I had a lethally bad hardware failure on computer. Since I had to buy a > new machine this took a while, now I try to save some data: the old SSD > is attached to a brand-new qubes via usb adapter. I started > > sudo pvscan and sudo vgscan --mknodes and sudo vgchange -ay as > manual says. > > unexpected output: > > PV /dev/mapper/OLDSSD VG qubes_dom0 lvm2 [238.27 GiB / <15.79 > GiB free] > Total: 1 [238.27 GiB] / in use: 1 [238.27 GiB] / in no VG: 0 [0 ] > Found volume group "qubes_dom0" using metadata type lvm2 > Check of pool qubes_dom0/pool00 failed (status:1). Manual repair > required! > > 1 logical volume(s) in volume group "qubes_dom0" now active > > then I consulted dr. google for help, and found little help. This one > > https://mellowhost.com/billing/index.php?rp=/knowledgebase/65/How-to-Repair-a-lvm-thin-pool.html > > suggested to deactivate volumed so that a repair can work. Only swap was > active, I deactivated it. But repair does not work: > > lvconvert --repair qubes_dom0/pool00 > terminate called after throwing an instance of 'std::runtime_error' > what(): transaction_manager::new_block() couldn't allocate new block > Child 21255 exited abnormally > Repair of thin metadata volume of thin pool qubes_dom0/pool00 failed > (status:-1). Manual repair required! > > > So now I am struck and ask for help! This is not purely qubes-related, I > known, but I hope to find competent help within the community. > > > cheers, Bernhard I suggest asking on the LVM mailing list. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmRHzzMACgkQsoi1X/+c IsGTQhAAyq6YJy49jm5Hdihcw76C2s+OvUm2yvb2mZbpuPymhpo/ZIX7V1Moqdc3 WJ8cRjrbN8lztlLCPmkL+jAqk5PAw556jYon++9Apt3fwvFGL35hJ0bU7rumRUxF uGQPjCZAWVVxlD3Q0ejbE3pSAafUbbPgroIoCMHnDdIARkF/OliEDdf0/CdALtPL 2KpIAI10Zd9MSlNB5O7KHKhStemfw7huFN6i0TJc284lD/WtkLeIWxHf96RPzb// LMNB1zCAMGDBukHV1+zBqSySo0wSVAIvNX1rQyce4l6vrNO7C8bkHcmKm/FKvvk8 CCNet5QAEEr5+U5mogN+S54mmHrtDT84uonw5QzDAR+SiUJaTwe3auLIez8jtI16 wlZsMv4J4klRM9PqJKXaXV+VTd11QT33Zo53kFrFbEjtKr41Bc/bmVH5U7CdxhkH X2MHeq/ZAs/xzQgEAFhxgnlzcG5qGlNEpzEP4et21cBRNdI68iVmvw7W8VN0fDjx vsTHz1hpAcpfG3XajX08Co75z+DVCmDxWFVTjfUED+ODKx1Z1KJCBtfMYZfSiHyN G4ID0jopbxNYU90PX3HTCS1xRQsT1Gsy3UUc5AjWGXlcMmhkTZch96vXOTlphlu8 cEgQFzJBZ/vWBBMhNPadBY2Pv7MOeAQOaEEBbJKRlVglnclL0Hw= =48UK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZEfPNIQNqrmRAz9P%40itl-email.
Re: [qubes-users] RAM budgeting techniques
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, Mar 26, 2023 at 08:57:45PM +, Qubes OS Users Mailing List wrote: > Is there anything I can do to get more qubes out of my RAM, besides trial > and error with allocation values? I figure there's gotta be some daemon or > other that I never use that's eating up RAM on every instance of > fedora/debian for no good reason. Or perhaps some sort of swap > optimization such as zram or zswap. What's your favorite cure for > qubestyle creep? zram and zswap are potentially vulnerable to timing attacks, so I recommend avoiding them. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmQgwi8ACgkQsoi1X/+c IsFslBAAyx6aoHvTzW1u7StZ8Mr+mLiSU2IlqBsupfrBa/6UD5gvLbT9o8Pj0e8x XWwYbPH1XAqqb8sNZQuAvLxDtI/dDY1F0W9jJgOBQ+o05GzzRp+Q+18IWlXlSmWx uKwT5rx9rb40uPt14sQBMcnMle/0OORFQ6j+ggrzkWhl6RyMVl0g/GZfAyO9/z4k quABcBW6w4u0AgyOoCyckadRg/Zl6VaUGeHYPCENyrf5vIY/hE+OD1B8sbXqk1F3 klNVAToibjCyhpLwdQVDgzWTgB0Xi8NGTJcgVclOOfrjHiSxZMY9enS8Tw7FErW0 VJy+OI6IZCia/ngoXqWxosf8E75NDaJWLf7NMdtmXMwvCO+o2A9MzvWBWcBJcnYM U9oWFB+FjO1cw/M6ckxCzuEoDniGaInoIJcqhUWMWD31HKYP7rg7ePf/EpGIODSc K8n8xBW6hwXmlqDdATAt8jfOQ5ys6Lsf94itBoBgEES+qxrsBK26ccbHBcRlrOn/ rFfpDxtxZ0xwlh5Fx/hGoH1Bj0eZzTlJCvNm83Ak/0M6/gN8I5/kI1e/KKlC22F+ VsYnJhc4TLmMBc0h95UejkxlSWBuicEbGJdIHBqavaVeDZngD5rBbknJhxjGFd5/ nu4bpMLTIWjZ/eVWVHzp4zriJk+FfGotYQ2c+/g/WxFl2DOMxs8= =Ghkd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZCDCMOlDU87sFlP7%40itl-email.
Re: [qubes-users] Issue creating ubuntu template using fedora-37
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, Feb 25, 2023 at 04:24:42PM +, disp...@proslo.dev wrote: > I am trying to create ubuntu template using an app-vm created using template > fedora-37. I have Qubes OS 4.1.2-rc1. I am using instructions in the below > link to create the template > > https://github.com/Qubes-Community/Contents/blob/master/docs/os/ubuntu.md > > I am getting below error when trying to run make qubes-vm. Any idea how to > fix it? Run 'make remount'. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmP6OiYACgkQsoi1X/+c IsGIRw//Yi4cCINhSa660M53PCq01rWBhHwaZldO065fOetybXEgSedQ6tCyxQLJ Jbxj5HJF0RgClL12k73awiTV6ssyXkS/fPl17xxYUxkevq626d8nlJk7T5RKRiiO EypqKzsmhXLHos4fFsiwYFbMiZ7cL48B+upLMTi42O8X70uHqcf4wL6v9iM1LWlz 5qE0ODHxVglmQVSsgFo2djnv8ZgfdAEHHfV5Ct5fg45jhQNo+Kg2XXhj38KXPTIC vXdVGnJB2dL+tlqnMwdhGsPhAUwlNquhvq5/cLYnyffulKFXav1k9wEkVTAbo/Wv a+Te20pCH5oV9IdG7Ie2AliookLvGBoKbGrJ9Hle+5M9CnznucOAmGk6nn3TfXng On3/oEHurRpaiKZUYAE9BvpOyUnV/Fk8fYtZyKifv9igzZ31EywdZ2JkIig5QTIj /Q8oOEwLAUQJD1SjmkO/e/nfQZsiuIoNStFnux36qTNpE+nex5c3D9DPPJM/NGyJ tC0NXGUKtXLb9dzQjsDMfWu20lttvk2t0KEmbUIie7mLxJf8bU6amPrTtC/rJWNu Xc5IkxsCxFxhuqs6r6zP5uvjqKtF0YJ8kBnChoQQw/NygBGwNsVp7s/wgzKWFi5V ZegIyexEqigcNWs8rg7Nx/WnWjXA2kCqsABZG4t17ctKBxY9uRo= =SE+4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Y/o6JR7Q%2BN5mhD74%40itl-email.
Re: [EXT] Re: [qubes-users] Re: Task bar disappeared?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, Nov 06, 2022 at 12:52:19AM +0100, Ulrich Windl wrote: > On 10/28/22 19:52, 'Stuart Perkins' via qubes-users wrote: > > > > On Fri, 28 Oct 2022 09:55:18 -0700 (PDT) > > Scat wrote: > > > > > Update: > > > - I typed: xfce4-panel into the Dom0 terminal > > > - I received errors in the Dom0 terminal and as mentioned the Task bar > > > appeared > > > > > > It didn't survive a reboot of my computer. I typed: xfce4-panel into Dom0 > > > it appeared... > > > > > ... > > I had a similar problem with the desktop wallpaper under Qubes 4.0. It > > went away after doing something similar. > > For a working journaled filesystem I'd expect that only items that were > changed while the power failed would disappear (when the incomplete > transaction is undone). Looks like some bug. > Maybe your disks use local caching or some other volatile write-back cache > (known to fail with journaled filesystems)? It will only fail if one of the following is true: 1. The filesystem does not properly issue FLUSH and/or FUA commands. 2. The disk does not properly implement these commands. 3. Qubes OS is not properly issuing fsync(). - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmNm+pAACgkQsoi1X/+c IsHAoQ//b3yv3bhZwqgCrsE684oxOj3fMVU7FS2JX8xU0eBje1+1JATF9++uSVy0 V5/HA3K1oxv7k7CzHmjfEZfMF1ylw8wYFexUGHxs6RR6QdvhH851QZlc7XBBgRoL 1+M4S8zBiSdGg0YdI6O4BBlgkhOlL6nZO9GGlQ+iUafduHX8oFOLGFoPFBcz0N1h +wRVNFklWX5sr7CxVfN+++LDrJdDrHON3pSgRHesCRyKOxobiAjoZLfrLCdTyGAV 5jyfpfW5klfne2wL3LQMEv7eP6aYrc94sYigQeb4b0MgcJS6KbGIEKwsqOxisTnx nXjfnEKHH8y4zVZFmNvp9p8aQFqyQ+qQHF+Fyu6yCvdPS+whT+kTlBSaq0wC4VaT jlsNbHB3EleVMoO0IbQZcnmP+JFDcrCHZrvI15AknHo8FcqkxMcAHt1ENyibD324 D+WLXApYxX7u1dHmjUAzMl04qS5pVdw2+yPDQVvPe09lIUeyPH5Xsd+gT0fNlEuq xGR5F8UxqaP5OWHpq+zlSO63fwy/nxKp6CX6Z9hLdYjqUdTeeDMWK2UplN/457Qd qOM4nvTBkuo5RWnl4WikjxX/BRBnjAoHcun/e7XWvn6Jq9ydFDRESK6ozbgoGFO/ QVdweJiIk39KY+7ieTozaytAOY+vzeGcSEJObT9czrQBmNgoBGw= =8YcW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Y2b6kTePur0StEzo%40itl-email.
Re: [EXT] Re: [qubes-users] Installer does not work, no templates to install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Sep 16, 2022 at 05:42:05AM -0700, Andrew David Wong wrote: > On 9/15/22 12:25 AM, Demi Marie Obenour wrote: > > On Thu, Sep 15, 2022 at 01:38:57AM +0200, Ulrich Windl wrote: > >> On 7/31/22 15:23, 'awokd' via qubes-users wrote: > >>> 'felix' via qubes-users: > >>>> I want to reinstall Qubes 4.1, but I cannot select any templates in > >>>> the installer. > >>>> > >>>> Qubes 4.0 and 4.1 were already running successfully on my device and > >>>> Qubes 4.0 can still be installed successfully. > >>>> > >>>> In the install menu, Fedora, Debian and Whonix are missing from the > >>>> software selection, which is why all templates and app vm's are > >>>> missing after the installation and only dom0 remains. > >>> > >>> I've seen this before when the USB drive gets only partially created. > >>> Make sure it's large enough for the bigger 4.1 image, and if you didn't > >>> use DD to create it, try that route. > >>> > > > >> A common pitfall when creating the stick with Linux is that even after DD > >> had finished, Linux stil ldoes writeback the dirty buffers. > >> If you have a slower stick without an LED, you are heading fro trouble. > >> Maybe try a sync before ejecting the stick. > > > > Always use conv=fsync to prevent this problem. > > > > Our installation guide currently instructs Linux users to execute the command: > > ``` > $ sudo dd if=Qubes-RX-x86_64.iso of=/dev/sdY status=progress bs=1048576 && > sync > ``` > > Should this be changed to: > > ``` > $ sudo dd if=Qubes-RX-x86_64.iso of=/dev/sdY status=progress bs=1048576 > conv=fsync > ``` I think so, yes. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmMkb3kACgkQsoi1X/+c IsEc7g//fuSDcLaernigimBOHb7zbmhOjMmatIAC7grvGBFrVcxM/gvfW+ROu7E9 nUgxZ+4QyysWZSG4hD84HKNDY7f6OLa7EvrPiMjpVGcmzlvqBBPRVZHtHCndTu7d GOXNDylIbkmKL3r+vKFmLxebyRNQhblnfX8pq6pH38nCdX88/S2Y2pUdqYXKNrU+ MXLt08/K4REQbVb5/8Sfw//LN+xbe2XmfOpJuutBfIJ/SzDqfIzMAJbGf+ywdu5+ z+BR88owad1eJxreUQLepPsriCTXvgYpDH3UFDz/OX+PZLtuysu+DHRg0HrQuWoo FcO8RKZvXtrcQYr6iUBs0TQpqzIX43EBkBkRosTHChme8mwDXF+Jos00A4XpBB0E ZvLKrHRN4IO4TnSfO+16YOVQ26m60UvudV4kp2dvGyVkYOkBznudUhRIzl56tQfm tqbiQOcXn1iygAKzZ+PEh/vr2M89AbBr9VYoNEWpCh/eVQLoAmSoo0huvIMFp2/R EKr4+M1w8Ncdc9Kpni+mR19gGoAtuMBP8QaA+tb7qVpoRz6Ax1ZAcXEnL0pP9Gte 1uOmmrXANSCkX+8nV+CqBrVe0JjO1Gr+lxkLPV4PeIU1cMvKJBhWStNGFKBmRN50 C2TTBgRd5vikqaE73++77wFQcVAeH1mKQA6KiNPTHVF19vrAu70= =Hvoi -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YyRveVobwlpx9zB7%40itl-email.
Re: [EXT] Re: [qubes-users] Installer does not work, no templates to install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Sep 15, 2022 at 01:38:57AM +0200, Ulrich Windl wrote: > On 7/31/22 15:23, 'awokd' via qubes-users wrote: > > 'felix' via qubes-users: > > > I want to reinstall Qubes 4.1, but I cannot select any templates in > > > the installer. > > > > > > Qubes 4.0 and 4.1 were already running successfully on my device and > > > Qubes 4.0 can still be installed successfully. > > > > > > In the install menu, Fedora, Debian and Whonix are missing from the > > > software selection, which is why all templates and app vm's are > > > missing after the installation and only dom0 remains. > > > > I've seen this before when the USB drive gets only partially created. > > Make sure it's large enough for the bigger 4.1 image, and if you didn't > > use DD to create it, try that route. > > > > A common pitfall when creating the stick with Linux is that even after DD > had finished, Linux stil ldoes writeback the dirty buffers. > If you have a slower stick without an LED, you are heading fro trouble. > Maybe try a sync before ejecting the stick. Always use conv=fsync to prevent this problem. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmMi034ACgkQsoi1X/+c IsETKhAAw6UgYPlmlbahXBdlkYHPnf0qD124I94kVY1WiwXvE6Rs7jWg/4vPeSrH SPwzjuXzp+2HNRqNtQxuRK+RE4yDUBN1EgiDQZanEVIpCUMv/MeiatLMmjDgEyhe xLdPRhTnuyjKfQWhk843kKKPrRfQV0d1+3W43EnVnG30X8rKSl9YApm26pEyNjJo kapZ3EeRCmpXbB1WdmjO9qdEU0qp10sARK//QHPEtPHUtlFXeCJ1uaDqZnNjQdLJ G9W9wcSXkCZfCcC85UbVzeJM4Ys2vy1nnnzgnDrAvSfW3ZiO33RK3QhvQCtArH2a AFIpkVWJ35OUfZ1COp5hNlMkFRXzYQ+ZFRWkpZcm9/zcl9TBABjR+RlNuzC0GttA uKelrDySR6zzgwTIQxh0smzsXqJzkavUg1pNrFZsIJ8+i8HczMVSoy8z/5Sh7aRy bHC44Hf9qVPcPnKA9HUG6VlbPS1bnLWHH31xSI5w5k7cPw69Bbr49HfIJ2HEd3Im +j9GuEdl73rDGGbrzLXbQP0sHshbpcj6i4mwy9+7/E7yiLwSMBkawRd5hPZ954su unKBWdsKyIXWwmzu3rxjzKEp1J18y6BpXIdvHhiOJEDYUWqZb7jXmk0PeymwcHuW L4elBvnVgsWRxgXDRLia1xhjRLqwV187O6faUXnvalp1TaHxzcA= =iSFZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YyLTfgAL0mk2CAAB%40itl-email.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Aug 11, 2022 at 11:30:50AM +0200, Martin Holst Swende wrote: > > On 8/11/22 10:59, Demi Marie Obenour wrote: > > On Thu, Aug 11, 2022 at 09:07:22AM +0200, Martin Holst Swende wrote: > > > > >>> Happy to try out any suggestion/experiment. > > >> > > >> 1. Does i915.enable_psr2_sel_fetch=0 help? > > > > > No, no change that I can see. > > > > Okay, so that is not the problem. > > > > >> 2. What X11 driver is Xorg using? If it is using Intel, does > > >> modesetting help? If it is using modesetting, does Intel help? > > > > > > > More full logs/notes can be found at > > > https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-dom0_testing-txt > > > . > > > > > I'm not sure how to interpret the logs, it looks to me like "intel no, > > > modesetting yes". Not sure how/what to change here, given a nudge in the > > > right direction I can try to explore it more. > > > > That is what it looks like to me also. > > > > >> 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? > > > > > I don't have a sys-gui-gpu at the moment, but will test that. This page > > > (https://www.qubes-os.org/doc/guivm-configuration/) is still the most > > > relevant/recent description, right? > > > > I think so? I don’t use sys-gui-gpu myself, and I will admit that there > > are quite a few bugs when using it. Still, if it works, then the > > possible parts of the code that could be to blame is much lower. If > > sys-gui-gpu in PV mode works, then the problem is almost certainly the > > userspace drivers (Mesa). If sys-gui-gpu in HVM mode works, but it > > fails in PV mode, then the problem is likely in the way i915 and Xen > > interact. > > > I have tested this now. When I boot, the problem remains. Opening the Qube > Manager shows that the sys-gui-gpu qube is not running. I tried starting it > from the manager, > and it led to immediate black screen, requiring a hard shutdown. The logs > for that qube are here: dom0 will kernel panic if the GPU is removed from it while in use. I recommend preventing the i915 kernel module from being loaded in dom0 via the dom0 kernel command line. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmL0zgYACgkQsoi1X/+c IsEB3w//V5thcPTmgEQhPwd4/8qSZWx3OqmvEiNDkH4Mj+Aw1mVICbMprqeyhUz0 8rlJK2sjPvZvF0xNRRuHedtdolliw/R5u0pQWoTtQ+CJd3hPJsoEXRja8lyPVYdS UBvSNzPbsWZjCfE4uqEyHIhdEDmd53X/vvTikS9fu7x3+REdKTHd/tMR1yTB7bfw chLg67/FFU1fgHVGQAkj3Hi2Rh8NF1uzG4VRLo0XFf0JG+M+SSb9L9MKijUkZWJZ Qa9iuPn3wCrm9eNhWzskfatNnjh3PsYPVHH1f2X3bqH6TsGkpxbz2YyOVAp9PmDT uvGUooDlouFfClKRPxtmkjqvnrquVbdzUgE6OdW023MgA6m5/eF8nHQYZLw3qcAz apPwx9rjRKzRwE57saI+CFJGwuxlmD/8w9B+oWJ8bgXPcmEgmgM3rqsZrXgYM4uw Ktq6tM1KZYbNN7naMEowPhvrMMbu2xx5OMxkQ9wZsU1HxFVY2zwAcOQttXblt5lj VQEAUeysXvCffmrzhORqaUFuzBIX7iWoU5PCuCG2Pfb0YX9FeBhyaZlLLDA90R6m yp4YWyNAZeq0Gfn3gZd2IVcYSdw+HjuWdYPTdhfhOA0wq5SxVt8MEtKe+ZelSSiw bhZLV0PN+2ZLkIed5a0YM+FDnqIugLRNBMz50eeVzKAl8lInHyY= =Gu+c -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YvTOBm3bzTVfto24%40itl-email.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Aug 11, 2022 at 09:07:22AM +0200, Martin Holst Swende wrote: > > > > Happy to try out any suggestion/experiment. > > > > 1. Does i915.enable_psr2_sel_fetch=0 help? > > No, no change that I can see. Okay, so that is not the problem. > > 2. What X11 driver is Xorg using? If it is using Intel, does > > modesetting help? If it is using modesetting, does Intel help? > > > More full logs/notes can be found at > https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-dom0_testing-txt > . > > I'm not sure how to interpret the logs, it looks to me like "intel no, > modesetting yes". Not sure how/what to change here, given a nudge in the > right direction I can try to explore it more. That is what it looks like to me also. > > 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? > > I don't have a sys-gui-gpu at the moment, but will test that. This page > (https://www.qubes-os.org/doc/guivm-configuration/) is still the most > relevant/recent description, right? I think so? I don’t use sys-gui-gpu myself, and I will admit that there are quite a few bugs when using it. Still, if it works, then the possible parts of the code that could be to blame is much lower. If sys-gui-gpu in PV mode works, then the problem is almost certainly the userspace drivers (Mesa). If sys-gui-gpu in HVM mode works, but it fails in PV mode, then the problem is likely in the way i915 and Xen interact. > > If PV sys-gui-gpu with a dom0-provided kernel works, then the problem is > > almost certainly old dom0 userspace: either an old X server, old Mesa, > > or both. If you could build modern Mesa and/or X11 for dom0 and try > > again, that would be awesome. > > Left for future reference, I'm taking baby steps here :) Valid :) - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmL0xOwACgkQsoi1X/+c IsFd2w/+PURi2vrHaEzWaEJAS9mlUKM4gdel9oqaGuIWpOrFpNnjNSW4xuYy3HSB j9fxftynuJgk36Fz3xza75mrGTY1HQ3ntkJmx/ABNB42YeAanElvo1ZZhLZbI4KD 8EU+EmFRTRlXZqxtvyQX3BqFDW3QTSY+dQLuNOYfe66/SfCYObWu1CeOjPT10Sdj DtFzmzNV0vsF8bxRUGkrJRyNr6HdArRmS3a83PsaAA5KWN3vDasjNl80vBUfEJnN yYPlVtZMdEdopAadPwXbiJ2/l9i2t6NFomm2XI8L4tHreW9BPvkf3BrAIRmnOKqw Nwdvw8s0An9Dn1gdWJFtem9Mf8T+KYQ20aMJzTVbyamotV7vBQE+zPV5zCgjtzBP FIZH/UOT1g3hftnzARUQ53CN7juwMAOLiFV+Nbg8IQeb4y1Anthu6qiJjJMMAkTL mq3PNKqjWsBSk1in3C32RzUrBmSBEsuW0xw+ns/Dm5BnIuFn+0yOssbntMec/RK1 JA3HMVNpX0TY8RX85ZDH3ZoZz6RkjMxQLgJAbeQ5AkkFJgZ7xKACrphC3SAtgJgf iW7v16IoCzwq2vnmWgEAGKYMp7zoeeOqS2DNAWrvPiHQl1CKllYBWvIIB1wWEiEM VFJ0XfIgzr1OTRzoIos9vC5CkXyhuYm0v9HT5GWRTTgUszgvlbc= =fOYw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YvTE7Do1xCeR8rYU%40itl-email.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, Aug 10, 2022 at 08:36:33AM +0200, Martin Holst Swende wrote: > > On 8/10/22 05:10, Demi Marie Obenour wrote: > > On Tue, Aug 09, 2022 at 08:11:35PM +0200, Martin Holst Swende wrote: > > > Some follow-up. I tested also with a Fedora LiveCD, results are on the > > gist > > (here:https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-fedora-live-txt > > > ) . > > > > > The Fedora livecd worked flawlessly, both wifi-wise and graphics-wise. > > It > > > was a fedora 36 -- whereas dom0 is still on Fedora32. > > > > > Is it in any way possible to try out some experimental repo where dom0 > > is > > > more recent? > > > > No, but I would like to know if your problems go away with > > kernel-latest. If they do not, then this means that either Xen does not > > interact well with Linux’s graphics drivers, or that the Mesa version is > > too old for your hardware. > > > Unfortunately, they do not. I did that as the first thing after getting wifi > to work, so the version 5.18.9-1 in the HCL, is kernel-latest. > > Happy to try out any suggestion/experiment. 1. Does i915.enable_psr2_sel_fetch=0 help? 2. What X11 driver is Xorg using? If it is using Intel, does modesetting help? If it is using modesetting, does Intel help? 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? If PV sys-gui-gpu with a dom0-provided kernel works, then the problem is almost certainly old dom0 userspace: either an old X server, old Mesa, or both. If you could build modern Mesa and/or X11 for dom0 and try again, that would be awesome. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLz9W0ACgkQsoi1X/+c IsGr+Q//UJPaZkdHsRSD3cGkhEA0A2faR6eKmJ8VFsVZalfp46ltQKszUrsb2zzo nH8WsVelrODtPk46rRb177SrxOjaqbZZTQ0LZ5VooAghUfWWnYNPGepoCWqipUkd oq4r43fIQUElxzA8bNbaPHBAFVoIwbdigL88+ZVcgysFGYdIegaYNcfWPaYVkMVd mRDaTYgsVOlUMAdPC1KOAycRhB/DODhjnelUaeLVRcBAtNq2VrJHavvjku1gY0gK 7y4J5SI2Fm9YLsZpXBn5kMabUhgw/giqlWZ7p/IFXKPbzyVF+rab2Jji4l3oiqdy k3kZfr3kCrcnoBivrk5P0EdwYzGZvs9GSoKXAKhRONAQ8ME8ELHq1B/HtZuVbclm Ku0NkjNzLj/v89H+d3MNAxZdup5nsxsHdROm2m81Q2ivED9QuzY8WBEwVWkkTQPC bC6AAir83/d9m4sk6tVbI4hVK/fBRbrpoE5rrFEIydxzPu3qvSTp1vlC7HMdvnle 4CzAHjvs20dI7J6RxfGFDI81OPb3REFvIItrS/0t448Vdg2Wjb2oJc8xlP4AZT1A zbAcyuDG7FDOIlsdN2hkVV4SVXenPsen9utv8sn92P6HPl/zH4g7/F73HV9Ixy55 qUWXKKY4/m/ROYFaPkxewtD55062gmwRFK3kWz69gFoohohzJU8= =j+83 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YvP1bc2DMVpxbYrn%40itl-email.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, Aug 09, 2022 at 08:11:35PM +0200, Martin Holst Swende wrote: > Some follow-up. I tested also with a Fedora LiveCD, results are on the gist > (here:https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-fedora-live-txt > ) . > > The Fedora livecd worked flawlessly, both wifi-wise and graphics-wise. It > was a fedora 36 -- whereas dom0 is still on Fedora32. > > Is it in any way possible to try out some experimental repo where dom0 is > more recent? No, but I would like to know if your problems go away with kernel-latest. If they do not, then this means that either Xen does not interact well with Linux’s graphics drivers, or that the Mesa version is too old for your hardware. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLzIakACgkQsoi1X/+c IsHHLA//WlMdykRac3ryUTFwfm8sO3rRGGDyfNy8uIDoJ2DDRyEKqxbYFb6ZuZiS xpxz07THDzEOIOqAQk8zJ+pj35P3R1mbkQw2J/q3xtVqxNrvI3kGVLX/MT5NM1a5 7YrjJ5cF8H279Vs2YtCR8TgmGi+RlnY1jYWWZ3p5oN5EYL96QLclj+2PEtur0Tpe dR1kaFmRmBUnAz1/Mz9VCOn0LMWEJ0vWpDTuHcIIuSkgW4aXEyWwtyKiXwSmhUs/ feVNHeZOO8UUqlckk3e7cLnzQM8skWO4ZO0BdBZd2DNOtsFJMrx4opW00jDB0aKz k7aLsTh7zl1+2Xx/mrMNXB5TgPhr9vt+ikWC3AK1THQ3DPF/LbT/CDxEI7SAZgBJ fexcDFajFe2fFIVR1px20CTHtNGTj3UqX7TYFxFD3YAAB9z+KUvImNlypwxY5snK ilNfxTLCrJYCPcatlYpDXXHAX/zm2UrhulbMfHSKPVDk4CCJSCQsv1q+0wtDCc4V OR6vVJehDnPVcgy05lt1r9TIdCK9xZmjZBneyUNgBdP7gee9rc1owYxfOAzB4Fup rXhloewao1p8ttizSw4FFPFJeWs+jHiNnygDuNbYxldnz6V6hFyZ4uQPIefjhDln pBiQaEpQIcRaG0uy7XzF8VLLLfSgeNoLKPKYI3dOWCPFsSK6Hy8= =Ux9E -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YvMhqRnHu850pOU%2B%40itl-email.
Re: [qubes-users] Problems with debian-11 after VM update attempt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, Aug 08, 2022 at 11:29:57PM +0200, Ulrich WIndl wrote: > Hi! > > I have a problem 8-( > > After using Qubes OS after a longer break, I tried to install all updates. > That worked for all template VMs except debian-11. Even when re-trying after > all the rest was updated and the system rebooted, it won't work. > > Even worse I can start a debian-11-based app VM, but I cannot launch any > program there. Even "qvm-run debian-11 gnome-terminal" fails. > > I have saved the lengthy protocol of the first attempt, however (attached). > > It seems the problem was: > > Unpacking thunderbird (1:91.12.0-1~deb11u1) over (1:91.8.0-1~deb11u1) ... > dpkg: error processing archive > /tmp/apt-dpkg-install-GfbHjN/38-thunderbird_1%3a91.12.0-1~deb11u1_amd64.deb > (--unpack): > cannot copy extracted data for > './usr/share/thunderbird/omni.ja' to > '/usr/share/thunderbird/omni.ja.dpkg-new': failed to write (No space left on > device) > dpkg-deb: error: paste subprocess was killed by > signal (Broken pipe) > > Note: It's not pool00 that is full. How can I recover from this? > > (I'm still at Qubes OS 4.0. I wanted to install the last updates, then > backup, then try upgrading to 4.1) You don’t actually need to install the latest updates first, FYI. I suggest just upgrading. This particular problem means that your debian-11 template’s privage volume is full. Growing it via the GUI should fix it. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLyJMEACgkQsoi1X/+c IsGr/BAAv8gzKK38Gdh3W7oUjp14j4XrfZpE1GNaS4N9NP8LQazlSlN0WSySnCPj xURkVQbeYQCiG6zaqk5/6PbxqPfRbBtoL3DRe1IY6YCGacgrgT7RU7OJxTOTQLey gD/PohysV+vMKRjq6/ACHndxxhE3u/yiV0yYueefCy70a9lHATJImLzuKor6mHr0 ycueV6SPGViZ3EZXAuSyK6saXxN8NKMIt26jcQkRn2XIoiBD0Kxu6gRAtoYwjIXw frVejv3kJCb+nRUSHoLyUvwJR1yXzJNJzN8brXssf4xJRvE4KwlGdYr5ZLyS+Pcm 19WChtL8kU+sr8ooRjQDjqyQjXhEaEK5DySbOsM38lc+dppXLRRDbzaNg8HTUFs4 OPfN2eAaBJJLKfOQQr+VrZufxh3JnBWMytbiyqNNOsC9RJMqZkaFg1ZEFROjRVdw QHnl2e+htCEWXFLRpHPUXynjyWTkDViOyMwgbo0gX0I6Q7ui/AhwjH5HhDUklhp7 Bf7xuq7jXoq554DIZb/y242WODd/QX9aboNm9jfy0oIXwQvGSKH4QoQkRNdE6NtS 9tvudspIfrGAxAC9jV2+M88M1BVDF8jkhzu5q0n9IMSo6Hpcv0Z4vhtJ+T0gY00l PKH3i+Ma2WWTjnzb7uMtDMPSJULIljPStKfvK/DrHBbIjeYOkp4= =F50T -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YvIkwWEwVQ8TxmPK%40itl-email.
Re: [qubes-users] Qubes Manager not honoring colour scheme selection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, Jul 22, 2022 at 05:45:13PM -0700, TheGardner wrote: > Great! It's working now with the following steps in dom0 terminal: > > Download qt5-qtstyleplugins RPM file from: > > https://kojipkgs.fedoraproject.org//packages/qt5-qtstyleplugins/5.0.0/39.fc32/x86_64/qt5-qtstyleplugins-5.0.0-39.fc32.x86_64.rpm > > Move it from your AppVM to dom0 with: > > qvm-run --pass-io 'cat > /home/user/Download/qt5-qtstyleplugins-5.0.0-39.fc32.x86_64.rpm' > > /home//Downloads/qt5-qtstyleplugins-5.0.0-39.fc32.x86_64.rpm > > Install the package with: > > sudo dnf install -y qt5-qtstyleplugins-5.0.0-39.fc32.x86_64.rpm This is not safe. You can do: sudo qubes-dom0-update qt5-qtstyleplugins and it will work as with any other package. That reminds me: Marek, should we set repo_gpgcheck=1 and/or %_pkgverify_level all in dom0, to protect against mistakes like this? - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLbV8wACgkQsoi1X/+c IsEEPA//XejMBSNBzh4aZJuxfWmvK1ie50x8oK7/NH8QpIEeFIWMRaZNZSs9RxVi cMC17g62ZSyoxb9bwwFHsF3SLxmuSvl1ucBeHSQqfS5SdkwYOeiml38bNXauryaI fGjVzq6CJFNSfBbhDMcskkP8wcKmBrQFXlK5yfSAZ7OL/Cv5i5yGeuXka1Ij9qLY 8OY/qe331pAa++n4KyJp3Qvx3/tS/ZuaKna8Tt6GincXE6RdnsvWm2iP6HfFsIRb lk3KSyM6fodA5uyCJGtcFAY6sJi9/5Fy8TlavMZxtv3xVQqVjZRVsKnMsld2TXnS qPNSwGrKa6P9Z8gMUIufcLpNlNWccP5wvAOGtcJP6xVV9ALfXUGnnBP9scd3mGqo 7RighrDtMdVhbxHu268iuduILHe/TWcWxpRigrOt2+oUNBD/PNAeUZkKx9slFisY sof5/HDNDBNnfqwCPxjtn54PEfa+biK+cWwcjC0gov06otIRskp/Cwr193kwJi/D K4KppbHsk1swCuQf06Cy/X2yvq67Xbe7g/HgqXrRgFPkPuWpSSpRWIeIdDaklCej eXvQNQRbhAk6euYHJLjV8XMW1eC06Kaeo+ZvtEwBeZlBdnfkA1VlFc+XLfb2L3L/ 9dff6pkqjr82mS64hGB9ocDRZgx3iikD5F79OL/X/ZcTF+uC+Wo= =p8Nh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YttXy5xoHaOVv7bM%40itl-email.
Re: [qubes-users] Refreshing Qubes Manager data/statistic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, Jul 17, 2022 at 05:59:48PM +0200, Qubes wrote: > Demi Marie Obenour wrote: > > On Sat, Jul 16, 2022 at 11:12:34PM +0200, Qubes wrote: > > > Is there a way to tell Qubes Manager to refresh its statistics, like disk > > > space usage for example. Currently the only way for me to refresh the > > > statistics is to close and open. There must be a better way? > > > > Qubes Manager really ought to be refreshing them automatically. The > > disk space widget already does so. I filed > > https://github.com/QubesOS/qubes-issues/issues/7619 for this. > > > > Thank you for filing the enhancement Demi, much appreciated. You’re welcome! - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLVX2MACgkQsoi1X/+c IsGFCw/+PRaQg75bEeQSy3zuqNU88Gcioz3M76pFy5RZWiay/37i3lVAl0GGMCV5 w14M+rMPvQXB51969nRbEvT1jNg5zQRE1uGXxzDyIod/ZrBvx/QYaTJ3meBll57B 2I5m6Hk41oJUEWOERP6gM3piuUZvgSgjyYbwDeGa+SJGLBTmAhOFkbO/oll5jky7 AhH6GuE2Oyet+NQMytbtRo9VcC0boYX0SJsfRlbA72Bdl3/Vv6BqhAPKj6wD605e d6Jf2BbOiCL+Bjfikdwmx2U6QiYbZYZyLI71ngEIyhNMbcGc5kwIb4qKjtU9sQmB 7ks/tFfSz+uOvrPtMYZFBa7+cw/yjD3cSOv1dFQhzWNq+bPdpJUjKohdVrtCM1zb 3VWDxjA4ePqC+9NVO2g5Nj24Y3UDlO2rSp+wJGqnr8LWjMxZUTPKTG9Yh5+hu5uG 4t1iCLo7ASP5bd7eFaN6P4CHO+oJE2QIwDcXatLAOCcWFBW+VlsO4ehRtOR2Q/+5 ILHbJVdicXBl9JECN6pRHTTymtL1+kn7KSI+Vj5BBA1t3y0ECFdGTZVeDjKf47mq 3JIcg1L0BUoMDhRub7U+ktS0YGoUiD/kNZjQcWaHrZPADuulYLQMqnfEy0JYI7CJ I8dmbnmg2d4/b9l2XvZxKMRpgZO6PeQg6tspf1dgv+ZPdAqi8OM= =uACS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YtVfZLHN8KOZqvF%2B%40itl-email.
Re: [qubes-users] Refreshing Qubes Manager data/statistic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, Jul 16, 2022 at 11:12:34PM +0200, Qubes wrote: > Is there a way to tell Qubes Manager to refresh its statistics, like disk > space usage for example. Currently the only way for me to refresh the > statistics is to close and open. There must be a better way? Qubes Manager really ought to be refreshing them automatically. The disk space widget already does so. I filed https://github.com/QubesOS/qubes-issues/issues/7619 for this. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLUFHsACgkQsoi1X/+c IsHrzBAApbPuqMMdm6E1X40BVMNLcVjdWWBooTMu0uBfYmK+mdVq5h9WWgDzdGsL RiYKXJ5rRxG0CfP0rMTse6nTXQi8EdMZcgpzwsAtUXeYOOe6D2vtMo/pdDlkNjMB sLr2mYnYwvum/UO4tecBYSPy2nYxmX68e9Ahjbr9YUepT4OM1JAiZuKqdxKnsmLN LoWrm7eQ1MOjlxkBGHSFXX0bjBPtCsOGgE2wDgPQPvyRf+i3nBNaQe5O/yL+Uu9V Sc/XH1XQtOgXpjv03gKSQoY33hTR63NHMg/yQlOyzWaoWlVI70tlkq32Xgbae5P5 uzf5YHIij4wXgo0yF3idmVJKAqvGcwd3b4/lDNZyiZPzWnk1AYcgI6ky8uu9Wxlk 2XfAcoVoXxzJk4od/+4NZRhxta/RbvMS1D3CWm7mIOACCEyATyt/wdQv2fj5yGmS eKlCQxv7qZS5Z5FgARnUzRG0YRYbUFVQXbanofNWByH/72RMlQaqNdPGR83+WYXQ GcCJ0k3Xn7eLMOUlBEPCwJVWzAsxdamT24xKPSxg3sYZsJZqmhhWIJMemJ4Hn/hH CWkRoqpF7YAk0OOixC+n/SA1DnBjcCB2yj650GfsH/YOIf/gEXl0KvbvkVY9D4CF Hz/5HfrL6xysgh3gOgz7YWK2hSgGuRJ0JXuLuP2SS7iyJHBZveY= =ciF+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YtQUevDZNmw4wD/U%40itl-email.
Re: [qubes-users] Onion site and repos are down
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Jul 14, 2022 at 04:48:01PM -0700, Howard Chen wrote: > Where's the SSL key for the onion site? It does not need one. Onion services are self-authenticating: the URL itself includes the public key, and the protocol proves that the service possesses the corresponding private key. Therefore, onion services do not rely on TLS. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLQ8u8ACgkQsoi1X/+c IsGosw/7BgUTOuX2m6et7scSd08tv4oyVS1vG8S/5t5xo9gG5tpMwIj/luNm7SLH lHqVdwv1zCEZhSdYHOfC/lFSHHfo7xKkhIGNR87XcP8IYr77n2M5ZLCLB7lpDnPh DK9mW4HoK7DFxxgO46PxpzFHtE+2oCiFp1P3GXZ1XA8EJWVw8XoXcIZTNPpyZ8Pw u46P6ESkLultfBmtQnCsmHXzVeUM+1MJjqGICKDAwcsvLNsiZg/XwsH4xMc/8SXh gtq12ytaWuH/NKn/qSVwmkYFWc26eVxMkBxw0h8CGrq1xWAI8s0jZ8GvyZqRz/0X t/Zdx+MJRNiLrzGa4bCKB7Q3vTGIjuuHkiKKAh5lxAgu5ceSftrfn3CWGzM9wzTw 0gLVrvMyg1C5oixLtpkESNvfjQadtTipkl0oCaunFnD/Clme1ukWlIvq6i0Q49Nr edLrG8VXXbdWI7SlEUo3YkqtgIpXdKJuh1gxgAcfp4zXZZGPM/oGJbQguAZVOxkc B56Q4K3ccZrMQqvo8adfj3Utm5vNMnC671pfhtRyBQMJmJkWNLiiwJBmRnEll5w2 iA8SlM94Z55xpCxLZWauOCGTs46KXbPlBEqf1uDs3g8IsyRWpcaddOMGF0wGnkNK 9RGYd+RDGvXaoWSn5EwvuYAUee3FABqogQ99/9eT26ihyK3txDg= =hhIH -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YtDzA/Z5uXh4aIdL%40itl-email.
Re: [qubes-users] Fedora 36 templates available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, Jul 13, 2022 at 09:10:25AM +0200, Qubes wrote: > Metatron wrote: > > On Mon, Jun 27, 2022 at 07:41:57PM -0700, Andrew David Wong wrote: > > > Dear Qubes Community, > > > > > > New Fedora 36 templates are now available for Qubes 4.1! > > > > Is anyone else having this problem: > > # sudo qubes-dom0-update qubes-template-fedora-36 > > Redirecting to 'qvm-template install fedora-36' > > Downloading 'qubes-template-fedora-36-0:4.0.6-202205270243'... > > qubes-template-fedora-36-0:4.0.6-202205270243: 0%| | 0.00/1.72G > > [00:00 > qubes-template-fedora-36-0:4.0.6-202205270243: 0%| | 0.00/1.72G > > [00:01 > ERROR: [Errno 2] No such file or directory: > > '/root/.cache/qvm-template/tmps3hgqf8e/qubes-template-fedora-36-0:4.0.6-202205270243.rpm.UNTRUSTED' > > > > I haven't tried to install a Fedora-36 template, I was just about to, but > when I search for available templates they are definitely not listed. > > Strangely enough the output from the below command doesn't list my installed > templates either. Not sure if this has anything to do with the switch I made > in the last 2 days from whonix-15 to whonix-16. > > sudo qubes-dom0-update --action=list qubes-template-* > Using sys-whonix as UpdateVM to download updates for Dom0; this may take > some time... > Unable to detect release version (use '--releasever' to specify release > version) > Fedora 25 - x86_64 - Updates140 B/s | 4.5 kB 00:33 > Fedora 25 - x86_64 3.0 kB/s | 4.9 kB 00:01 > Qubes Dom0 Repository (updates) 1.4 kB/s | 2.7 kB 00:01 > Qubes Dom0 Repository (updates) 436 kB/s | 6.8 MB 00:16 > Qubes Templates repository 1.7 kB/s | 2.7 kB 00:01 > Available Packages > qubes-template-debian-9.noarch 4.0.1-201901281256 > qubes-templates-itl > qubes-template-debian-9-minimal.noarch 4.0.1-201901271906 > qubes-templates-itl > qubes-template-fedora-29.noarch 4.0.1-201909150719 > qubes-templates-itl > qubes-template-fedora-29-minimal.noarch 4.0.1-201909141946 > qubes-templates-itl > qubes-template-fedora-29-xfce.noarch 4.0.1-201909141946 > qubes-templates-itl > qubes-template-fedora-30.noarch 4.0.1-201912252234 > qubes-templates-itl > qubes-template-fedora-30-minimal.noarch 4.0.1-201912251612 > qubes-templates-itl > qubes-template-fedora-30-xfce.noarch 4.0.1-201912251612 > qubes-templates-itl > qubes-template-fedora-31.noarch 4.0.1-202002142323 > qubes-templates-itl > qubes-template-fedora-31-minimal.noarch 4.0.1-202002142323 > qubes-templates-itl > qubes-template-fedora-31-xfce.noarch 4.0.1-202002142323 > qubes-templates-itl > qubes-template-fedora-32.noarch 4.0.6-202101091318 > qubes-templates-itl > qubes-template-fedora-32-minimal.noarch 4.0.6-202101091323 > qubes-templates-itl > qubes-template-fedora-32-xfce.noarch 4.0.6-202101091323 > qubes-templates-itl > qubes-template-fedora-33-minimal.noarch 4.0.6-202102261802 > qubes-templates-itl > qubes-template-fedora-33-xfce.noarch 4.0.6-202102261802 > qubes-templates-itl > qubes-template-fedora-34-xfce.noarch 4.0.6-202110020209 > qubes-templates-itl > qubes-template-fedora-35-xfce.noarch 4.0.6-202205192300 > qubes-templates-itl Fedora 36 will not be made available for R4.0. R4.0 is also going end of life soon, so you should upgrade to R4.1. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLOrMkACgkQsoi1X/+c IsGmYRAA0WArrKOIQSxSXqe15i71NUoL2opjZnxOoqLk1tXUyDe3GpF86fEOIuex qdwClAeb7/sgBUxvz27pYyiAoef479zB9OFB+M9OoAc2G4vb6uh4S6Ho6ZCXcYZ3 +7iqaNTvrykVygxoyrjLWmh7yw9QDkAOW9RuwVaj3GWhNQtRxy3blE2Zc8KtJhlI VW1Acbm98MLQZ4wmnQRoPFsF1v0m9pRpr/Lzz9LmSX6dmuGD3nnIA9RvtuSGZpBd yLx4+CFzBdEHBWIFkGpiTlH0bAZW0YTH8Wx5598qJ4IDU3B0Ud6KBHDaBV+lrSu8 7cS1YBS1AZtdouWvrHxvpwTFtx0bPGAEKaHklnRIhk2k6DzuXWaR5HMWrK/ulNPh j1aqBpFO+usBJrpmlohqZmEPLGjPj59D5rFnKpl8SkxG3PasyT/b0HdOZ2ZdCwPv ZSpDOp29b27/pTfb3LLiAJJ5wYu9D2RTdLeXue6p7BZ5A4r1aFHU9Nq69oF/S/dL fEiEHoAnY+c4yA0Dh48zKBNKoy42uwr5UVo1ITpMUWMV59fhzypViSyBSV2Hk673 B9M8uadIhZIi/WNpN9u1s5GAivGcADVkZp3ZhZs/NVhT10NIG7oLZq9i3YXmtNSH yfnyBLifUAqOlPNUIw2WohWwDNrTYCv2IyBp/GEBAoPcQ3FM4aA= =jIak -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Ys6sya47qqOrI5VS%40itl-email.
Re: [qubes-users] Re: [qubes-announce] Qubes OS 4.0 reaches EOL on 2022-08-04
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, Jul 06, 2022 at 11:15:45AM +0200, Bernhard wrote: > On 7/6/22 10:02, Demi Marie Obenour wrote: > > On Wed, Jul 06, 2022 at 12:27:11AM -0700, Peter Palensky wrote: > > > Same here. Only 4.x and 5.4.175 kernel works for me (Dell hardware :-( ). > > > I am afraid of losing that when updating... > > > > You see the 4.1 ISO contains an "extrakernels" folder (empty). The > question is: which files go there, and how modify the iso-boot procedure > so that one were allowed to select the kernel. Sounds like a reasonable > feature, no? It does. > I failed on this: iso's are complicated, linux boot is complicated (and > therefore abstracted out into software). > > > Yeah, this really needs to be addressed. Would it be possible to > > bisect > > between kernels 5.4.x and 5.10.x to see what went wrong? The relevant > > git tags are signed by Linus Torvalds or Greg Kroah-Hartman, and their > > public keys are in the (signed) qubes-linux-kernel git repository.> > > but as far as my dell hardware is concerned, 5.4 kernels are already > unstable. I expect no gain from this! I guess adding the 4.19 > (extra)kernel to the iso is the least painful way to go. What about between bisecting between 4.19 and 5.4? The problem with staying on 4.19 is that eventually it will lose support upstream. Qubes is not RHEL, and we can't support an old kernel forever. That you cannot use your hardware on Linux 5.4+ is a bug, but without access to the hardware in question there is no way (that I am aware of) to figure out what the bug is so that it can be fixed. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLFcnUACgkQsoi1X/+c IsGtZhAAyPLPFFD4mpyhPXy0BuKtUuqSqXw/TBp3TvLCp1YgAS/BbREd9V4k8iDb h3JGz+WmrymWRtoTfv+3Ia2V7MojMMColSFoMwSJblIS+ccg9BRokLajGIFD74RC p3+ZZX44fw5U7IZKB8Wf+g0izcI8lQAHgQFCBE9WDMELYPDd4SfDx4TTcz4pTxSy i6qJO9bDDtt48nMP/8QouxbMcxTU/QUMibjq4YArRdITJ99+fSCa99P1wd0mvSP2 wg1WntaV5Qu/dUkcb34gEu1d0JlxD10G6KSnPYn1F+C6jXKeY143njU9EP+e+gi5 tpFfoZK/cdt6QnEO2fs3KppDxSR5cOza1lgPz2keVcf/oR/SQxia76GBe4qJ+zZg a79uBn8AfAQ0WOtJ8dk+ElF09ZLJxDNmnByg7BV0DtocOcmMPeqpa6JF4p3jWSmf +0xZdm0Pq1h+3gxcCG/AqkZ2n8YkCxvDBL54t4g4RrFF+KL8Rhop73w66uAr1sYR uwu1yH3Yym5o+stCvT2DIRDTAO13MqwR4FUzuFRWINMYjFtmLHkzePyzZ31DPxWv GvULyMPDm6yL6wTaTg7sHYQhksQhNkQwBm75yn8++U1eFf8GkH5HU1uoJN5Ng4LN +DqbCxHrxJab/Fg+DG/I+VGeRT0wJPI7RwtOKMAFV9nShnSh/7E= =3fn/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YsVydQTc4V4xpQqj%40itl-email.
Re: [qubes-users] Re: [qubes-announce] Qubes OS 4.0 reaches EOL on 2022-08-04
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, Jul 06, 2022 at 12:27:11AM -0700, Peter Palensky wrote: > Same here. Only 4.x and 5.4.175 kernel works for me (Dell hardware :-( ). > I am afraid of losing that when updating... Yeah, this really needs to be addressed. Would it be possible to bisect between kernels 5.4.x and 5.10.x to see what went wrong? The relevant git tags are signed by Linus Torvalds or Greg Kroah-Hartman, and their public keys are in the (signed) qubes-linux-kernel git repository. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLFQaAACgkQsoi1X/+c IsH1uw/+PL5e6IKGZ/MVM48DO37xNFQdegP47fobmMV7xgK3sK4LQCNY8Mk38mEd PpAaMq4r2YezSYmh3CBO/e/i+ccx3h9IsyeUtXLdiGM3FNVAmVZS4ARMiQTUs9Qc B+BG0YpohSNedGc/exjKI3Sk92U/FTghe364ySFqUL4+U8zzk1eO2Gd5utLLfcBP TskTB9LWEuHocvjhT0mNASe0+RVJrek00F3TYMpDpLJlJATWRjjWxsChNAK8bpzu QMuqkDjWGvBJco6a0AwZizyJWjGU7gpmv1AWyvZPLbSk/1v4M6B82n9H/vEflUv5 QdwIFrMy/w0ePUnJ6XAp1Y35uB7K9IOV/KFdMFPEgROQfjQ2sR1G3bjLhbAiKl2B TNwnPeo7cafeDSHxtnmAQGfiGW+7xRnZEvNyUBYf2fB6c1bxZXyaaQBSYvrkvYo1 iEydRrmOgvG8OhMvXvRQ2nhQRixlzbz/qLc/PmLkMaZhzTsiu5h8A4DEPeFUunXP RtctcT/eG91I/5MoM8i4sOk1obyPBcbQIvFJKxEKz1IRrxsrs+j1vxyBOdRICrHb sgm/0+izSNNNmI3n7igukvd6LlK0VSGVobx1WkMTlhzbRuthvizDZlUV/aKmi6XW pQktXACFcSIep46DWTeH0InxhlQdOHSL8VKtwyxOE6gKlgDhPJA= =8ULj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YsVBoZEbAtq0PDFB%40itl-email.
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 15, 2022 at 11:43:32PM -0700, Viktor Ransmayr wrote: > Hello Demi, > > The never ending story took an unexpected turn ... > > Viktor Ransmayr schrieb am Donnerstag, 16. Juni 2022 um 07:34:42 UTC+2: > > > > > It looks like I'm running out of options - and - I an now considering a > > new installation from scratch as my only way going forward! > > > > Or do you still have any other suggestion? > > > > For whatever reason I re-tried to install the 'fedora-35' template - and - > succeeded. > > Based on the 'naming' ( * :4.0.6-202205081759) I initially thought that the > repos were again pointing to R4.0 - but - they are pointing to R4.1 :-) > > See "Log-001" & "Log-002". > > ### Log-001 from 'dom0' > > [vr@dom0 ~]$ > [vr@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-35 > Redirecting to 'qvm-template install fedora-35' > Downloading 'qubes-template-fedora-35-0:4.0.6-202205081759'... > qubes-template-fedora-35-0:4.0.6-202205081759: 100%|▉| 1.75G/1.75G > [06:25<00:00, > Installing template 'fedora-35'... > fedora-35: Importing data > [vr@dom0 ~]$ > > ### Log-002 from 'fedora-35' template > > [user@fedora-35 ~]$ > [user@fedora-35 ~]$ cd /etc/yum.repos.d > [user@fedora-35 yum.repos.d]$ > [user@fedora-35 yum.repos.d]$ > [user@fedora-35 yum.repos.d]$ cat qubes-r4.repo > [qubes-vm-r4.1-current] > name = Qubes OS Repository for VM (updates) > baseurl = https://yum.qubes-os.org/r4.1/current/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.1/current/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > skip_if_unavailable=False > gpgcheck = 1 > repo_gpgcheck = 1 > enabled=1 > > [qubes-vm-r4.1-current-testing] > name = Qubes OS Repository for VM (updates-testing) > baseurl = https://yum.qubes-os.org/r4.1/current-testing/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.1/current-testing/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > skip_if_unavailable=False > gpgcheck = 1 > repo_gpgcheck = 1 > enabled=0 > > [qubes-vm-r4.1-security-testing] > name = Qubes OS Repository for VM (security-testing) > baseurl = > https://yum.qubes-os.org/r4.1/security-testing/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.1/security-testing/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > skip_if_unavailable=False > gpgcheck = 1 > repo_gpgcheck = 1 > enabled=0 > > [qubes-vm-r4.1-unstable] > name = Qubes OS Repository for VM (unstable) > baseurl = https://yum.qubes-os.org/r4.1/unstable/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.1/unstable/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-unstable > gpgcheck = 1 > repo_gpgcheck = 1 > enabled=0 > > [user@fedora-35 yum.repos.d]$ > > ### Congratulations! I guess you can disregard my last email. Be sure to update your new template :) - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKq5awACgkQsoi1X/+c IsEBehAA2X7lWNyKq9mpHUzM6oM8QSl4cg/tTTO+S6Up7HuvmsmmZWwGPpnKkor/ OnQFxZwFo3CGTPvXH/KA1qkgiSHssvIbcRx+iQxI4a5ukHgpxHotUZlAbSn0Iv2R d86I54vG2JDXrdEMid3WljnwLP5P90IXZ/tIRiqKJaqf4ZkT93bbr92ybZH3QqTv 83xIknqcOqj/P/u7TugRtlOEF8PeEf+44RH+49W+9VllUphfLknvrM+1rmv+yJ6q 1rhjjU3H2FJZeXvnwMujXxFRB303BZXsfYdaO5zfQTEs4IWZ8DMdALyn1Dad/t5B Rv0mBPct7FNY4vCDMuRlo5pxN+98Q5ROGZF/NnEb9XSNWE4oGfCYykS8Iorvc1Iz NO6t9uB4esH9t0MYRnhYv4/ngrbPR4IbG4VXLSdpDVje+wV53FG8hpGjuhkwx5ll xlhr8VQOAzlObwYUUHiv4Zl//dPMecFyeZ2FNLhJCETpf0gO/95/uezvz6FZTsA/ KU/kM7WCi4tXXnCufCaect7VKD2XoDIOrNe5k7DyKorfqoPOzB4BGGAA/JhZTOxN CbNXMEKx6+aqr5epjsI+0GI60q6+G0EdCyHCnxSjd6l6H0R5wYex75iNHy3FglCF SeNZjcQviKCBxFHWy9wBwALkpdcm+wLWK0k1eQA+WFeW7OhIKvk= =s4Nh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqrlrIWzIUBVneoZ%40itl-email.
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 15, 2022 at 10:34:42PM -0700, Viktor Ransmayr wrote: > Hello Demi, > > The never ending story - episode 2 ;-) > > Demi Marie Obenour schrieb am Mittwoch, 15. Juni 2022 um 18:57:07 UTC+2: > > > > > Don’t use -y, that way you can check what is going to happen before it > > does. Also you might want to clone the VM first; feel free to delete > > the clone once everything is working. > > > > I cloned the template - and - revised the cmd until no further improvement > suggestions were given. > > Unfortunately w/o success. - Below you find again my notes & logs: > > ### Notes > > Clone 'fedora-34' template - and - apply the revised dnf command - Not OK - > See "Log-001". > > * Re-try command with the new additional option suggested - Not OK - See > "Log-002". > > ### Log-001 > > [user@fedora-34-test ~]$ > [user@fedora-34-test ~]$ sudo dnf --refresh --best --allowerasing upgrade > Fedora 34 - x86_64 63 kB/s | 21 kB > 00:00 > Fedora 34 openh264 (From Cisco) - x86_64959 B/s | 989 B > 00:01 > Fedora 34 - x86_64 - Updates 80 kB/s | 19 kB > 00:00 > Qubes OS Repository for VM (updates) 16 kB/s | 3.8 kB > 00:00 > Error: > Problem: cannot install the best update candidate for package > qubes-gui-agent-4.1.25-1.fc34.x86_64 > - problem with installed package qubes-gui-agent-4.1.25-1.fc34.x86_64 > - cannot install the best update candidate for package > qubes-libvchan-xen-4.0.9-1.fc34.x86_64 > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires > libvchan-xen.so()(64bit), but none of the providers can be installed > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires qubes-libvchan, > but none of the providers can be installed > - package qubes-libvchan-xen-4.1.7-1.fc34.x86_64 requires > libxenctrl.so.4.14()(64bit), but none of the providers can be installed > - package qubes-libvchan-xen-4.1.7-1.fc34.x86_64 requires > libxenvchan.so.4.14()(64bit), but none of the providers can be installed > - cannot install both xen-libs-4.14.1-7.fc34.x86_64 and > xen-libs-2001:4.8.5-39.fc34.x86_64 > - cannot install both xen-libs-4.14.5-1.fc34.x86_64 and > xen-libs-2001:4.8.5-39.fc34.x86_64 > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires > libxengnttab.so.1()(64bit), but none of the providers can be installed > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires > libxengnttab.so.1(VERS_1.0)(64bit), but none of the providers can be installed > - cannot install the best update candidate for package > xen-libs-2001:4.8.5-39.fc34.x86_64 > (try to add '--skip-broken' to skip uninstallable packages) > [user@fedora-34-test ~]$ > > ### Log-002 > > [user@fedora-34-test ~]$ > [user@fedora-34-test ~]$ sudo dnf --refresh --best --allowerasing > --skip-broken upgrade > Fedora 34 - x86_64 75 kB/s | 21 kB > 00:00 > Fedora 34 openh264 (From Cisco) - x86_643.9 kB/s | 989 B > 00:00 > Fedora 34 - x86_64 - Updates 82 kB/s | 19 kB > 00:00 > Qubes OS Repository for VM (updates) 15 kB/s | 3.8 kB > 00:00 > Error: > Problem: cannot install the best update candidate for package > qubes-gui-agent-4.1.25-1.fc34.x86_64 > - problem with installed package qubes-gui-agent-4.1.25-1.fc34.x86_64 > - cannot install the best update candidate for package > qubes-libvchan-xen-4.0.9-1.fc34.x86_64 > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires > libvchan-xen.so()(64bit), but none of the providers can be installed > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires qubes-libvchan, > but none of the providers can be installed > - package qubes-libvchan-xen-4.1.7-1.fc34.x86_64 requires > libxenctrl.so.4.14()(64bit), but none of the providers can be installed > - package qubes-libvchan-xen-4.1.7-1.fc34.x86_64 requires > libxenvchan.so.4.14()(64bit), but none of the providers can be installed > - cannot install both xen-libs-4.14.1-7.fc34.x86_64 and > xen-libs-2001:4.8.5-39.fc34.x86_64 > - cannot install both xen-libs-4.14.5-1.fc34.x86_64 and > xen-libs-2001:4.8.5-39.fc34.x86_64 > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires > libxengnttab.so.1()(64bit), but none of the providers can be installed > - package qubes-gui-agent-4.1.25-1.fc34.x86_64 requires > lib
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jun 14, 2022 at 08:34:51PM -0700, Viktor Ransmayr wrote: > Hello Demi, > > This turns into a never ending story ;-) > > Demi Marie Obenour schrieb am Dienstag, 14. Juni 2022 um 20:41:32 UTC+2: > > > > > > >> > You were right - but - I have no clue what went wrong & what to do > > next > > > >> ... > > > >> > > > >> $ sudo sed -i 's/4\.0/4.1/g' /etc/yum.repos.d/qubes-r4.repo > > > >> > > > >> should fix that > > > >> > > > > > > > > Upgrade of template is still running ... > > > > > > > > I'll provide another update as soon as it's finished. > > > > > > > > > > It is still running, after more than 10 hours. - This should have > > finished > > > by now, correct? > > > > Yes, unless you have a very slow network connection. I recommend using > > dnf interactively for this, not Salt; Salt’s lack of progress feedback > > will make this extremely frustrating. > > > > I performed the operation you suggested, but it did not succeed either ... > > Here's the log from dnf: > > [user@fedora-34 ~]$ > [user@fedora-34 ~]$ sudo dnf -y --refresh upgrade > Fedora 34 - x86_64 78 kB/s | 21 kB > 00:00 > Fedora 34 openh264 (From Cisco) - x86_641.0 kB/s | 989 B > 00:00 > Fedora 34 - x86_64 - Updates 93 kB/s | 20 kB > 00:00 > Qubes OS Repository for VM (updates) 13 kB/s | 3.8 kB > 00:00 > Dependencies resolved. > > Problem 1: package qubes-libvchan-xen-4.1.7-1.fc34.x86_64 requires > libxenctrl.so.4.14()(64bit), but none of the providers can be installed > - package qubes-libvchan-xen-4.1.7-1.fc34.x86_64 requires > libxenvchan.so.4.14()(64bit), but none of the providers can be installed > - cannot install both xen-libs-4.14.1-7.fc34.x86_64 and > xen-libs-2001:4.8.5-39.fc34.x86_64 > - cannot install both xen-libs-4.14.5-1.fc34.x86_64 and > xen-libs-2001:4.8.5-39.fc34.x86_64 > - cannot install the best update candidate for package > qubes-libvchan-xen-4.0.9-1.fc34.x86_64 > - problem with installed package xen-libs-2001:4.8.5-39.fc34.x86_64 > Problem 2: package qubes-vm-dependencies-4.1.21-1.fc34.noarch requires > xen-runtime, but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenctrl.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenguest.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxendevicemodel.so.1()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenlight.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxentoolcore.so.1()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxlutil.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenfsimage.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenhypfs.so.1()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenstat.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenvchan.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxencall.so.1(VERS_1.2)(64bit), but none of the providers can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenfsimage.so.4.14(libfsimage.so.1.0)(64bit), but none of the providers > can be installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxengnttab.so.1(VERS_1.2)(64bit), but none of the providers can be > installed > - package xen-runtime-4.14.1-7.fc34.x86_64 requires > libxenhypfs.so.1(VERS_1.0)(64bit), but none of the providers can be > installed > - package xen-runtime-4.14.5-1.fc34.x86_64 requires > libxenctrl.so.4.14()(64bit), but none of the providers can be installed > - package xen-runtime-4.14.5-1.fc34.x86_64 requires > libxenguest.so.4.14(
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jun 13, 2022 at 09:42:14PM -0700, Viktor Ransmayr wrote: > Hello Demi, > > Viktor Ransmayr schrieb am Montag, 13. Juni 2022 um 21:14:57 UTC+2: > > > > > On Sun, 12 Jun 2022, 22:59 Demi Marie Obenour, < > > de...@invisiblethingslab.com> wrote: > > > >> > >> > You were right - but - I have no clue what went wrong & what to do next > >> ... > >> > >> $ sudo sed -i 's/4\.0/4.1/g' /etc/yum.repos.d/qubes-r4.repo > >> > >> should fix that > >> > > > > Upgrade of template is still running ... > > > > I'll provide another update as soon as it's finished. > > > > It is still running, after more than 10 hours. - This should have finished > by now, correct? Yes, unless you have a very slow network connection. I recommend using dnf interactively for this, not Salt; Salt’s lack of progress feedback will make this extremely frustrating. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKo1lMACgkQsoi1X/+c IsGXCRAAmIRX1+KRbpgC6wfYjsBPMPpp15R5LA5DfLWdmvzW+y2RtwNdGXCM8bOj Z0rkl8OXHwIgYq9Y7B9YT99zQ9nvM6Gv32/VQ8fE3RDKAnqsVx1Uu2HvO8krcEtL 5saEE0ZagSFP16ncQPStkKVnmhpSiGumy6dthQV9noXB3PUM9Yrr85QQfxgeGrbb nR7Xf9tEx8btIcdEkyTJXlBYcvtz0ff4M4RKRFXaS3yhQHq8sQOkp6PWcEBtro5u wutdFC5lE5i3JWnwjtf4nWxNYg4Ivhbszz+1CpdwskOGvx2eWGtICmZe86960AWx /c7htwvIH45tNMNA04hsLeZel2zfwcLUaj90D4wEE7MLzgt1KX4iND0wEAQaspeo x+8apP/dBVxeNaVmUohzmc7hvustAvDqTNzwcFpjOE4i73Y0zp/0la8bXfdg1Csv P1F3Vp+8kQHUQO5pgtY/Jdyd3rckF4rRewglvJS50Z6q6SdtfCtG8k7XL2NEvpry st23C0IO2p/Fd59/tuUMiXXgDF9nYc/3ngF5PP/bBkjvLmn6fA7ow2MOrCGGUFPZ UW6Us8PZs8kiJYWwZ2/Goe1wIfIxtRyKbGjt3HPEc8eVBjCRQkw1akJZkKEwbgJh Z3JgN24yJffMySH8B3dq2Bizy8rKfncmQlt9p4VztGQKByILqks= =hjJB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqjWU2O8McNsNa4S%40itl-email.
Re: [qubes-users] qubes update -- how to hold an old kernel ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jun 12, 2022 at 02:57:49AM -0700, Peter Palensky wrote: > > > On Saturday, June 11, 2022 at 7:21:20 PM UTC+2 Demi Marie Obenour wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Sat, Jun 11, 2022 at 03:00:09AM -0700, Peter Palensky wrote: > > > > > > On Saturday, June 11, 2022 at 1:09:47 AM UTC+2 haa...@web.de wrote: > > > > > > > > Which kernel version do you need to hold? You can update a subset of > > > > > packages by giving them as arguments to qubes-dom0-update, but I > > would > > > > > like to know what the forseeable problems are. > > > > > > > > The reason is simple: all (!) 5.x xen kernels I tested so far > > > > crash/freeze my system in less than 5 minutes, often only seconds > > (open > > > > issue on github since 18 months). Therefore I keep a 4.19 kernel for > > xen > > > > (only) -- until now the updater respected that: it installed some new > > > > 5.x kernel and kernel-latest. Every single time, I bravely try them > > out, > > > > and each time they crash: each time I can revert back to 4.19 by a > > > > linux-life usb hack. > > > > > > > > Last kernel update wants to remove my 4.19 kernel, and no way I can > > > > accept that, given the history. ( again a curse on Intel and Dell for > > > > their buggy hardware ). > > > > > > > > best, Bernhard > > > > > > > > > > > Same here (Dell XPS13). The only usable dom0 kernels are 4.x and 5.4.88 > > > (already gone :-0) and 5.4.175 (please let me keep that!). > > > Everything else either crashes dom0 (e.g., 5.15) or stalls sys-usb (e.g. > > > 5.12.). > > > > > > It says "00:14.0 USB controller problem", might be a usb3.0 problem, > > tried > > > various things, nothing helped, my BIOS has no option to disable xHCI. > > > > I am hesitant to ask, since it would require running unsigned code > > (yuck!), but would you be comfortable doing a kernel git bisection? > > That would allow figuring out exactly which commit caused the problem, > > and would vastly improve the likelihood of the bug being fixed. > > > > - -- > > Sincerely, > > Demi Marie Obenour (she/her/hers) > > Invisible Things Lab > > -BEGIN PGP SIGNATURE- > > > > iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKkzwoACgkQsoi1X/+c > > IsH4GBAAjTkR270uIN2dukR91U3Ed/c6SYkY3VDiIcyACBg4eYSnKp15U64sfqcX > > tormUiDo5EJgVJmMn5//XovQh6HhKC0NxDz29Gt3bVMTaUXKhxZsTYNdq0gaNxWZ > > soYVwIW0e5+qXnu5vMytl2mLJaFKo+an1o4KxooF89D8IDHjY1hThOKOB8REPsEu > > sOY1xal74dxJVNiWivJaHd0Unru41Of6oegFZQVqZ2fty7NJiSPBdu6GB591rBBH > > jbce2YfwR5R4nllpvx3lKHZxxLfwvTHYbz3BxLpMvdof2IheE2+cxv2vstTT6ykV > > t9SYnApBT3ytddgypa6iOsmhlccCJ/h+TZEvJN+1/HNBTRzZcSE2c4Fv9+OxTa03 > > NK2wrIDYRa6LeZHe6RJU8ykeJB+m1Ojap+N2J1nhlC+/5C/bUhPvDScwfXbrP9pJ > > JyGAvuonGXagBY6vjg2tSMM4eeNpetHURHm5iuufVsarlAUg/IQkzERhnWY2saov > > DB1hmouC0aKf8O5riLKmudQWNGl+CY7VCMAJu97GHBBPN8edSEhSg5jXoRA4JRrV > > +5nPf8VQfgry+IEsSeSqWedcU6CJ0Q14j2LxsklrqANS7pTrh9eGQFLPALptiWTM > > 7Zl6ODTqqTZyv/XQCnrg34LUEH08tiubr7lN3BLfNfiX+Wx+3g0= > > =S7ZL > > -END PGP SIGNATURE- > > > > Aaehm... It is my work computer, i need it every day and can not risk > anything... > Is there a safe/standard procedure in qubes to compile the bisects, add > them to grub without removing the working kernel, etc.? Not that I am aware of, sadly. Marek (CCd) might have suggestions. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKmVR4ACgkQsoi1X/+c IsF58Q/+JzZexj7w/tQodLlJ4WrELfqVZ7eODyqX+4oJmh7YzzABkDJBgB9+z5p4 Ucftj7MyCjb9sYBrE2Lj9BDjw/uNQXhwL/eOakLScSdHwoO5q4xMsGiCsEheZ7jP G6bOGpF5LPlNegDJR2bXpgKg+snbQ0MAAXydBp1WtWs+GF8oKUl/WSFxLZiPK2/v tDmGECM0Uw0hNd5P4SD1Pz9P78A6U5mK5mW4bHVDyCQM2hTmIweR7iCBi4K8C0Jf toH1eC6YG5LMFfNApltYk3yZrvbUYOkfOE8T94txgW9xJuLWOAqxu1mTgZTp1VNb BKMzYClPJQYti4vd61I/E06Pc321SxsmbFh3gCywOPCLrIRyFD/8zKuw7p3cDOtB B37MYk/JeFhl3tyTIHfTqIF+FbhL+EVkEvkM4jvMWEA3BiPhQif1dLXexCwDoh/S yeHPWzq1ISI5oMZeepNlfQJYhcUZn3qCYWYkbO3lp+FD5V1RbWV9TijSb1R8OsUP SwdTXO/xXVriSiTucuNg30r/4gzZxjPcHXHM8+f0Z8+wUauRr6zG6ijdxCipg4b/ sdw3Jqxxk1abxWJeUk1/asBxwm0PpWlCQJAws+rqrt43kOGwhRW23+KXou6bkMZ9 NMvJ8KMlQp3fbBmGRk/2Dy80n+Car+EeI1JJL5SXVbrkek8r4JM= =+YEO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqZVH4SndaqyEm9f%40itl-email.
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jun 12, 2022 at 03:40:17PM -0400, Steve Coleman wrote: > On 6/12/22 12:35, Viktor Ransmayr wrote: > > Hello Demi, > > > > Am So., 12. Juni 2022 um 18:18 Uhr schrieb Demi Marie Obenour > > : > > > > > > What is the contents of /etc/yum.repos.d in your fedora-34 > > template? > > > > You might have repositories pointing at the R4.0 repos. > > > > > > Here's the content: > > > > > > [user@fedora-34 ~]$ > > > [user@fedora-34 ~]$ cd /etc/yum.repos.d > > > [user@fedora-34 yum.repos.d]$ ls -all > > > total 68 > > > drwxr-xr-x 2 root root 4096 May 20 21:05 . > > > drwxr-xr-x 114 root root 12288 Jun 12 17:11 .. > > > -rw-r--r-- 1 root root 183 Oct 2 2021 > > adobe-linux-x86_64.repo > > > -rw-r--r-- 1 root root 728 Apr 28 2021 > > fedora-cisco-openh264.repo > > > -rw-r--r-- 1 root root 1344 Apr 28 2021 > > fedora-updates-testing.repo > > > -rw-r--r-- 1 root root 1286 Apr 28 2021 fedora-updates.repo > > > -rw-r--r-- 1 root root 1239 Apr 28 2021 fedora.repo > > > -rw-r--r-- 1 root root 191 Oct 2 2021 google-chrome.repo > > > -rw-r--r-- 1 root root 1483 May 5 02:00 qubes-r4.repo > > > -rw-r--r-- 1 root root 1324 Oct 2 2021 > > > rpmfusion-free-updates-testing.repo > > > -rw-r--r-- 1 root root 1264 Oct 2 2021 > > rpmfusion-free-updates.repo > > > -rw-r--r-- 1 root root 1248 Oct 2 2021 rpmfusion-free.repo > > > -rw-r--r-- 1 root root 1369 Oct 2 2021 > > > rpmfusion-nonfree-updates-testing.repo > > > -rw-r--r-- 1 root root 1309 Oct 2 2021 > > > rpmfusion-nonfree-updates.repo > > > -rw-r--r-- 1 root root 1312 Oct 2 2021 > > rpmfusion-nonfree.repo > > > [user@fedora-34 yum.repos.d]$ > > > > > > With kind regards, > > > > Can you check that qubes-r4.repo points to the R4.1 repository and not > > the R4.0 repository? The symptoms you are describing are consistent > > with it pointing to the R4.0 repository. > > > > > > Here's the content of this file: > > > > [user@fedora-34 yum.repos.d]$ > > [user@fedora-34 ~]$ cd /etc/yum.repos.d > > [user@fedora-34 yum.repos.d]$ cat qubes-r4.repo > > [qubes-vm-r4.0-current] > > name = Qubes OS Repository for VM (updates) > > baseurl = https://yum.qubes-os.org/r4.0/current/vm/fc$releasever > > #baseurl = > > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current/vm/fc$releasever > > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > > skip_if_unavailable=False > > gpgcheck = 1 > > enabled=1 > > > > [qubes-vm-r4.0-current-testing] > > name = Qubes OS Repository for VM (updates-testing) > > baseurl = https://yum.qubes-os.org/r4.0/current-testing/vm/fc$releasever > > #baseurl = > > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current-testing/vm/fc$releasever > > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > > skip_if_unavailable=False > > gpgcheck = 1 > > enabled=0 > > > > [qubes-vm-r4.0-security-testing] > > name = Qubes OS Repository for VM (security-testing) > > baseurl = https://yum.qubes-os.org/r4.0/security-testing/vm/fc$releasever > > #baseurl = > > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/security-testing/vm/fc$releasever > > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > > skip_if_unavailable=False > > gpgcheck = 1 > > enabled=0 > > > > [qubes-vm-r4.0-unstable] > > name = Qubes OS Repository for VM (unstable) > > baseurl = https://yum.qubes-os.org/r4.0/unstable/vm/fc$releasever > > #baseurl = > > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/unstable/vm/fc$releasever > > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-unstable > > gpgcheck = 1 > > enabled=0 > > > > [user@fedora-34 yum.repos.d]$ > > > > You were right - but - I have no clue what went wrong & what to do next > > ... > > > > With kind regards, > > It looks to me like your template is a 4.0 Template regardless of the fedora > revision. > > Here is what I would do: >
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jun 12, 2022 at 06:35:17PM +0200, Viktor Ransmayr wrote: > Hello Demi, > > Am So., 12. Juni 2022 um 18:18 Uhr schrieb Demi Marie Obenour < > d...@invisiblethingslab.com>: > > > > > What is the contents of /etc/yum.repos.d in your fedora-34 template? > > > > You might have repositories pointing at the R4.0 repos. > > > > > > Here's the content: > > > > > > [user@fedora-34 ~]$ > > > [user@fedora-34 ~]$ cd /etc/yum.repos.d > > > [user@fedora-34 yum.repos.d]$ ls -all > > > total 68 > > > drwxr-xr-x 2 root root 4096 May 20 21:05 . > > > drwxr-xr-x 114 root root 12288 Jun 12 17:11 .. > > > -rw-r--r-- 1 root root 183 Oct 2 2021 adobe-linux-x86_64.repo > > > -rw-r--r-- 1 root root 728 Apr 28 2021 > > fedora-cisco-openh264.repo > > > -rw-r--r-- 1 root root 1344 Apr 28 2021 > > fedora-updates-testing.repo > > > -rw-r--r-- 1 root root 1286 Apr 28 2021 fedora-updates.repo > > > -rw-r--r-- 1 root root 1239 Apr 28 2021 fedora.repo > > > -rw-r--r-- 1 root root 191 Oct 2 2021 google-chrome.repo > > > -rw-r--r-- 1 root root 1483 May 5 02:00 qubes-r4.repo > > > -rw-r--r-- 1 root root 1324 Oct 2 2021 > > > rpmfusion-free-updates-testing.repo > > > -rw-r--r-- 1 root root 1264 Oct 2 2021 > > rpmfusion-free-updates.repo > > > -rw-r--r-- 1 root root 1248 Oct 2 2021 rpmfusion-free.repo > > > -rw-r--r-- 1 root root 1369 Oct 2 2021 > > > rpmfusion-nonfree-updates-testing.repo > > > -rw-r--r-- 1 root root 1309 Oct 2 2021 > > > rpmfusion-nonfree-updates.repo > > > -rw-r--r-- 1 root root 1312 Oct 2 2021 rpmfusion-nonfree.repo > > > [user@fedora-34 yum.repos.d]$ > > > > > > With kind regards, > > > > Can you check that qubes-r4.repo points to the R4.1 repository and not > > the R4.0 repository? The symptoms you are describing are consistent > > with it pointing to the R4.0 repository. > > > > Here's the content of this file: > > [user@fedora-34 yum.repos.d]$ > [user@fedora-34 ~]$ cd /etc/yum.repos.d > [user@fedora-34 yum.repos.d]$ cat qubes-r4.repo > [qubes-vm-r4.0-current] > name = Qubes OS Repository for VM (updates) > baseurl = https://yum.qubes-os.org/r4.0/current/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > skip_if_unavailable=False > gpgcheck = 1 > enabled=1 > > [qubes-vm-r4.0-current-testing] > name = Qubes OS Repository for VM (updates-testing) > baseurl = https://yum.qubes-os.org/r4.0/current-testing/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current-testing/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > skip_if_unavailable=False > gpgcheck = 1 > enabled=0 > > [qubes-vm-r4.0-security-testing] > name = Qubes OS Repository for VM (security-testing) > baseurl = https://yum.qubes-os.org/r4.0/security-testing/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/security-testing/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary > skip_if_unavailable=False > gpgcheck = 1 > enabled=0 > > [qubes-vm-r4.0-unstable] > name = Qubes OS Repository for VM (unstable) > baseurl = https://yum.qubes-os.org/r4.0/unstable/vm/fc$releasever > #baseurl = > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/unstable/vm/fc$releasever > gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-unstable > gpgcheck = 1 > enabled=0 > > [user@fedora-34 yum.repos.d]$ > > You were right - but - I have no clue what went wrong & what to do next ... $ sudo sed -i 's/4\.0/4.1/g' /etc/yum.repos.d/qubes-r4.repo should fix that. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKmU7IACgkQsoi1X/+c IsEu8w/9E4EhJw1XTyY40RJ0QuTZJeD8DlnMW6NRn57qMIpzfdp2zEnWlkpUrO1R 8pzzREOSiZSwy9LU73V4VApkJBgGH4ERoiM7wedZlvst44/jGS1KEJyuE1ALJF1D S5f4/DDgQsOxat0b4EzSv1NFRbROxv0VkYdvEkFTaiMV8L2LfpJVbadpDfS5Q615 rrHYzgZF4Fr5F+p/sF0h/YLcefCXMidvBiVs0RhTHVcNqCH5v0VGBPtOLqXfbARq bwvWb3pHo++RDUmTPbkvh80f0suBlTqLSuPS4DLcm21mrPHcDAlmHOiYispcS9JO FHXf7rJkpIbpvtQGI6fop0+WchOENulU/l15L+ECpzwm+GeM6Z7/7/QEyckPyUFu wB3oUfrY
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jun 12, 2022 at 09:01:02AM -0700, Viktor Ransmayr wrote: > Hello Demi, > > Demi Marie Obenour schrieb am Sonntag, 12. Juni 2022 um 16:48:52 UTC+2: > > > > > What is the contents of /etc/yum.repos.d in your fedora-34 template? > > You might have repositories pointing at the R4.0 repos. > > > > Here's the content: > > [user@fedora-34 ~]$ > [user@fedora-34 ~]$ cd /etc/yum.repos.d > [user@fedora-34 yum.repos.d]$ ls -all > total 68 > drwxr-xr-x 2 root root 4096 May 20 21:05 . > drwxr-xr-x 114 root root 12288 Jun 12 17:11 .. > -rw-r--r-- 1 root root 183 Oct 2 2021 adobe-linux-x86_64.repo > -rw-r--r-- 1 root root 728 Apr 28 2021 fedora-cisco-openh264.repo > -rw-r--r-- 1 root root 1344 Apr 28 2021 fedora-updates-testing.repo > -rw-r--r-- 1 root root 1286 Apr 28 2021 fedora-updates.repo > -rw-r--r-- 1 root root 1239 Apr 28 2021 fedora.repo > -rw-r--r-- 1 root root 191 Oct 2 2021 google-chrome.repo > -rw-r--r-- 1 root root 1483 May 5 02:00 qubes-r4.repo > -rw-r--r-- 1 root root 1324 Oct 2 2021 > rpmfusion-free-updates-testing.repo > -rw-r--r-- 1 root root 1264 Oct 2 2021 rpmfusion-free-updates.repo > -rw-r--r-- 1 root root 1248 Oct 2 2021 rpmfusion-free.repo > -rw-r--r-- 1 root root 1369 Oct 2 2021 > rpmfusion-nonfree-updates-testing.repo > -rw-r--r-- 1 root root 1309 Oct 2 2021 > rpmfusion-nonfree-updates.repo > -rw-r--r-- 1 root root 1312 Oct 2 2021 rpmfusion-nonfree.repo > [user@fedora-34 yum.repos.d]$ > > With kind regards, Can you check that qubes-r4.repo points to the R4.1 repository and not the R4.0 repository? The symptoms you are describing are consistent with it pointing to the R4.0 repository. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKmEeoACgkQsoi1X/+c IsHoSw//WbVx6GB+e+uC2HRtt0i3kj1FdxU05FMqHEtL/mdjQ7DStoZCDrsl4BP5 ZsLznbO3XsXSIZgJKFS7CjHUFhJkDjB8kxP/1jQhGwhzF6ngqWTs4MMQA/jmNSq0 apqu7U8p+PElXyzU3aXIO3WLpuujIX+jmNzb2GRybmpVkei4AsMPhEhQn5Aan0cB 8sIyHJXxcM9n5oh0uLpLyEIaUw9qroW0OX5Akit/Qb6xGGypHawyJElslzA32KPF WG9tGTyPICKgeIjXiJOM0TrLEOCwZGFQ7OzuNA8XRTw2UfZ5DU3n/0FlUehcxXAB 1kYfubwNiKfaLTyM+yHy9AIhTOTJBTEC158/75lXqfyuWZXGyHhkQZs+rZH4mwiZ brj1hVhyRafMU2XxxShrpYejBJJc9MuPxxU8dpTmaeTw/w/CW0rNpLNXjzprbo6J j5r7YDZR6oKDF9NEtfNRji4D8Mu0kvNVXaE0d8LQY4fqmaGDB2dEpLKgChkdDxQ4 EPaIWCgwm0JN4p9Fltw+AwmBOweeKJS/Y+gWSgFyicolSDEd9tgJoYfJvLZC811K HUIZKEZJ5YBlvKawpLT5H+SacGcgFAbyxEmbMzpb3HcwRNMTsyO+Wbq4oCdTjUIG S+OUJbP6tFFOzGhcB+rgbWCusFCeErj2zsd8CUCBUCduxN3R5MA= =Ih/Q -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqYR6tMU643AmX8z%40itl-email.
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jun 12, 2022 at 12:48:45AM -0700, Viktor Ransmayr wrote: > Hello Demi, > > Demi Marie Obenour schrieb am Samstag, 11. Juni 2022 um 19:03:38 UTC+2: > > > > Do you have any further suggestions, what I could still try? > > > > You should be able to manually change your DNF repositories in > > sys-firewall’s template. “dnf --best --refresh distro-sync” should then > > take care of the rest, unless I have missed something. > > > > This sounded like a very simple exercise, however it did not improve > anything :-( > > Here are my logs & notes: What is the contents of /etc/yum.repos.d in your fedora-34 template? You might have repositories pointing at the R4.0 repos. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKl/M0ACgkQsoi1X/+c IsEGzw//ex9Dg92JaQilUQDIy2UD+H8VPiWMo+mRUQwM9Ydtp4GdjH3Veal5542R aWxB6ScO84hK+6JIBx3DsiAbXKOZCiLqtGCmuy6M7BCLagXj6ExSxT9iCtRqKAFM V0GxitfS8bZ6GqsH9ve+7sHAHr6Q4eTAnVGbxeAv60wDqt97/EDhWK+P1A1/CYkg 86eQvdk5bSqQEbKCdDAb1ydTd8aacEcXxsQ3saY+NWoSIquqq55YFQkFBMBVebOy CX8YXYopWM/HdnywAwLE7Iusb4DW1xwjAoh72yQkbi1zGVy6WGdSQ+rHYZQMrxd5 3q8ZujynmI3iCdPVHjRFHodWVQ5xwRxZZd9ccNK+J/4fZpsMPXidPnaAFJUtK/b4 ZRWJuAzqOt85a5026AjVKz/0Pxpqwy3njVqggmypkJwtzWdIgFauCEKR4ncKN6aY 3X+wWlJOTgz4T+DkKlRH6ID+78PE1274wOaQh4AVdyGODO3zmfIp4/AXIT2iNcn/ pS+W30lVnPqunu4uqTJLfXbiKBCcSkbfRk7ZZ3KbEuxc5TFKJi2VhuV299Tq0iCs +jsHBUyBYy2JEG0v9KfE1JyNKUlV+H3knF+zChn+cOB5VVPFjYYXIBfn28P82BKM 5+m6wiXncbzVDF18QRtWmntQHaN2qLI+7lUTnJT+J46o2n48wA4= =vGIz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqX8zqK3LiQQ4cQn%40itl-email.
Re: [qubes-users] qubes update -- how to hold an old kernel ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jun 11, 2022 at 03:00:09AM -0700, Peter Palensky wrote: > > On Saturday, June 11, 2022 at 1:09:47 AM UTC+2 haa...@web.de wrote: > > > > Which kernel version do you need to hold? You can update a subset of > > > packages by giving them as arguments to qubes-dom0-update, but I would > > > like to know what the forseeable problems are. > > > > The reason is simple: all (!) 5.x xen kernels I tested so far > > crash/freeze my system in less than 5 minutes, often only seconds (open > > issue on github since 18 months). Therefore I keep a 4.19 kernel for xen > > (only) -- until now the updater respected that: it installed some new > > 5.x kernel and kernel-latest. Every single time, I bravely try them out, > > and each time they crash: each time I can revert back to 4.19 by a > > linux-life usb hack. > > > > Last kernel update wants to remove my 4.19 kernel, and no way I can > > accept that, given the history. ( again a curse on Intel and Dell for > > their buggy hardware ). > > > > best, Bernhard > > > > > Same here (Dell XPS13). The only usable dom0 kernels are 4.x and 5.4.88 > (already gone :-0) and 5.4.175 (please let me keep that!). > Everything else either crashes dom0 (e.g., 5.15) or stalls sys-usb (e.g. > 5.12.). > > It says "00:14.0 USB controller problem", might be a usb3.0 problem, tried > various things, nothing helped, my BIOS has no option to disable xHCI. I am hesitant to ask, since it would require running unsigned code (yuck!), but would you be comfortable doing a kernel git bisection? That would allow figuring out exactly which commit caused the problem, and would vastly improve the likelihood of the bug being fixed. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKkzwoACgkQsoi1X/+c IsH4GBAAjTkR270uIN2dukR91U3Ed/c6SYkY3VDiIcyACBg4eYSnKp15U64sfqcX tormUiDo5EJgVJmMn5//XovQh6HhKC0NxDz29Gt3bVMTaUXKhxZsTYNdq0gaNxWZ soYVwIW0e5+qXnu5vMytl2mLJaFKo+an1o4KxooF89D8IDHjY1hThOKOB8REPsEu sOY1xal74dxJVNiWivJaHd0Unru41Of6oegFZQVqZ2fty7NJiSPBdu6GB591rBBH jbce2YfwR5R4nllpvx3lKHZxxLfwvTHYbz3BxLpMvdof2IheE2+cxv2vstTT6ykV t9SYnApBT3ytddgypa6iOsmhlccCJ/h+TZEvJN+1/HNBTRzZcSE2c4Fv9+OxTa03 NK2wrIDYRa6LeZHe6RJU8ykeJB+m1Ojap+N2J1nhlC+/5C/bUhPvDScwfXbrP9pJ JyGAvuonGXagBY6vjg2tSMM4eeNpetHURHm5iuufVsarlAUg/IQkzERhnWY2saov DB1hmouC0aKf8O5riLKmudQWNGl+CY7VCMAJu97GHBBPN8edSEhSg5jXoRA4JRrV +5nPf8VQfgry+IEsSeSqWedcU6CJ0Q14j2LxsklrqANS7pTrh9eGQFLPALptiWTM 7Zl6ODTqqTZyv/XQCnrg34LUEH08tiubr7lN3BLfNfiX+Wx+3g0= =S7ZL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqTPCSB3lZrCpAWk%40itl-email.
Re: [qubes-users] qubes update -- how to hold an old kernel ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jun 11, 2022 at 10:54:39AM +0200, haaber wrote: > Dear Marie, > > > Try removing one of the newer kernels on your system. > > lets think it the other way round: if I, say, safe-copy the > vmlinuz and initramfs-files of my 4.19 kernel, can I just play them back > to the EFI/qubes folder & modify the xen.cfg "as usual" in case of 5.x > kernels bugging? As a kind of "very manual install" -- or wouldn't that > work ?? That would likely leave you without the needed kernel module packages, which would be bad. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKkzk8ACgkQsoi1X/+c IsH2Dw//fAMldDf1ghepx1mz2tBBUz3zij5TwNvYAIhrWRMFDly8I1m9oChRzQh1 taWE60N8Cm9F14DKFQeY469ZgUbjbtRsKcJGjopsokKtRJ8o3sFZQ1fcNm8aTsIh av8nsL+A86P4YDp3LDeLPn9pxXbDDq78FhDxBgOLKALECxUJMAstkpCIFcEoCC7m WY30nHop6k+u87nZw4Db8zbEPORmBpcstaUSLPLtkwyHg1m0qLcA3lkuhikU80h0 +rxo42SSYwMxFoeyAHbQ9rhn+nOVnL8osFR4z+LZ4x77cVwTVIIYKYqQE4GnSJkw XehQ2SLIhQd4E0CZ6NZjZcCHLvkSYepGpxQxn8whxz5LR2VT/KkzOgn9ZykHU5t5 oEuU4+K4PShhlZAIgEmwpo+QMKEY0DENIJL5i94ao8NS28lKHvlPkefOtJh4Q/oI kuzolBI+wEytm75MdWJXqnVcFsKiqUW2JobnxfV2wnAho6Q4AMYgK6XL4GiB8VyP 1GkncV4SUxzoxUHsxg9N15WTzZu5M6oM0m5szIPGx409CxuK35U0v7vLXVgLSe/P pr1PHLMwupXvvQnpXWJHoA4NZ0OlOpvb+mg2dIy425+SfG/HZcj/ret2rP28WaYk a1McpvNYuZHzZc+Vf0/Ulz1YV5+quWA8MxKhnKE0fdgdFabGgdI= =SZac -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqTOT%2BN5EjZOvyCf%40itl-email.
Re: [qubes-users] qubes update -- how to hold an old kernel ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 (FYI, it looks like you forgot to CC the mailing list) On Sat, Jun 11, 2022 at 10:45:44AM +0200, haaber wrote: > Dear Marie, > > > > > Which kernel version do you need to hold? You can update a subset of > > > > packages by giving them as arguments to qubes-dom0-update, but I would > > > > like to know what the forseeable problems are. > > > > > The reason is simple: all (!) 5.x xen kernels I tested so far > > > crash/freeze my system in less than 5 minutes, often only seconds (open > > > issue on github since 18 months). Therefore I keep a 4.19 kernel for xen > > > (only) -- until now the updater respected that: it installed some new > > > 5.x kernel and kernel-latest. Every single time, I bravely try them out, > > > and each time they crash: each time I can revert back to 4.19 by a > > > linux-life usb hack. > > > > > Last kernel update wants to remove my 4.19 kernel, and no way I can > > > accept that, given the history. ( again a curse on Intel and Dell for > > > their buggy hardware ). > > > > Try removing one of the newer kernels on your system. > That did not help. But I could use the output and manually install all > the lines qubes-update suggests, but not remove the old-kernel. > qubes-update did download them all. I would have to make sure not to > introduce a security flaw (not checking signatures), and invoking maybe > dnf directly with the correct full package name?: the (terminal > qubes-update) line qubes-dom0-update unpacks the packages in a temporary directory. They are then copied to an anonymous temporary file in the final directory by rpmcanon, and only linked into the filesystem if rpmcanon verifies the signature successfully. The signature is then checked *again* by rpmkeys before you even get the “Is this ok [y/N]” prompt. In short, no, you will not introduce a security flaw doing this. > microcode_ctl.x86_64 2.1-35.qubes1.fc25 qubes-dom0-cached > > would have to become one word, but I do not know the "linking char": a > dot? like > > microcode_ctl.x86_64.2.1-35.qubes1.fc25 > > or underscore? like > > microcode_ctl.x86_64_2.1-35.qubes1.fc25 You need to move the architecture to the end, and then use a dash to join the name and epoch/version. In your example, you would run $ sudo dnf upgrade microcode_ctl-2.1-35.qubes1.fc32.x86_64 > But I am unsure if that is a "safe way" to go It is. > > Also, would you > > be willing to try disabling panic_on_oops? That won’t fix the bug, but > > it has a chance of leaving the system running afterwards. Adding > > kernel.panic_on_oops=0 and kernel.panic_on_warn=0 to /etc/sysctl.conf > > should do the trick. > > I'll try that, of course. I'll keep you informed ... That would be great. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKkzgMACgkQsoi1X/+c IsFILA/+J7K+pc8P60DufMajZscukK6blfOFUd0BCyb9uEWgoVaE/b0K4hXDCVRE 3sud/2qz6arpjZxCdmrNk48/0S2r+lpeAHghhM/osOWNBb/1b4jZdgH2bJemaS5N KSuoLDCNpqUhKN8kzNP6XiuMZrkvluv2nsRr+w1cbdJREB92PFyJGvkIJfqHQOuE 1lJu39qW/msIJrU1Zki3f9cUsJ9vG9pFVOo98P7Uxa6C9Utu2wP9OZdLNojOMEDc yXmob1YwbNJYiFW6SN7blCO79Qhgo+WZaSq0CYxDnM7r8C0YJbd64UNOR+F0NuA8 2f9ySzc+kB9HLUqf3iJOaYXLZIbvHUQaSUQaY0zRVrjhg8gt2p3ylTyjQwzsOza0 P/jKclYz+woXJwQr8Pq7CeIvcUM9doinB+u/9NCjDiQiUuJIINrHPbZ9kuQvhDoi QvMZ5Pm6fp6a6uya+FeNfVSoQ4V2xCYlgfW5cD0noyldrzqNFrQ9Qz5kCLuMAawS NVL3OOmzyENSJrLntaZkRnBr2X4H6H0s5C1zBCE47gsoW47R5x/91wuyOAk2r2zO gi5mFKwSx7in0H8umSwAJ4o2yHsbnesuSSVmTAZW2vIV/TWOSLAMHmpuj1iI6M7w TGM9ffsUDsEATlEUVdBNBsM4JlVe4Uxh26glzd73v0OI9gOwSQw= =U8A5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqTOA7V4NYy/KAPw%40itl-email.
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jun 11, 2022 at 08:52:18AM -0700, Steve Coleman wrote: > > > On Thursday, June 9, 2022 at 1:10:45 AM UTC-4 viktor@gmail.com wrote: > > > Hello Qubes Community, > > > > > > Here's the content of /etc/qubes-rpc/ : > >> > >> [user@sys-firewall ~]$ cd /etc/qubes-rpc/ > >> [user@sys-firewall qubes-rpc]$ ls > >> qubes.Backup qubes.PdfConvertqubes.SuspendPostAll > >> qubes.ConnectTCP qubes.PostInstall qubes.SuspendPre > >> qubes.DetachPciDevicequbes.ResizeDiskqubes.SuspendPreAll > >> qubes.Filecopy qubes.Restore qubes.USB > >> qubes.GetAppmenusqubes.SaltLinuxVM qubes.USBAttach > >> qubes.GetDatequbes.SelectDirectory qubes.USBDetach > >> qubes.GetImageRGBA qubes.SelectFilequbes.UpdatesProxy > >> qubes.Gpgqubes.SetDateTime qubes.VMRootShell > >> qubes.GpgImportKey qubes.SetMonitorLayout qubes.VMShell > >> qubes.InstallUpdatesGUI qubes.ShowInTerminalqubes.WaitForSession > >> qubes.OpenInVM qubes.StartApp > >> qubes.OpenURLqubes.SuspendPost > >> [user@sys-firewall qubes-rpc]$ > >> > > > > With Fedora 34 having reached EOL now, is there anything else I can do, > > other than a complete new installation of Qubes OS R4.1 ? > > > > > Sorry for not replying for a while but somehow I had been blacklisted from > posting to the forum. Still not sure why that happened. I did reply by > email but that bounced with a forum gateway denial response. I could login > to the forum but it would not let me reply to anything. Other Discourse > forums were also giving me problems so its possible somebody was spamming > using my email address and thus put me on some kind of global blacklist, > but that is just a guess. The forum mirror of the mailing list is read-only. Not sure if that is the culprit. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKky7IACgkQsoi1X/+c IsH/AhAAnVrY9/dKsAeplvGFe4YStiCDMOZ4OjhVWVZUUWMDBLliWO97BM6Mngd6 gq1RTUF4tyXoaCEu3hgChB/zlWJsRAZeaJcR1AXixULHvIy5zDdbUGqhB5fthqTm 9pOeKCElb9SXKbwpWXkSoP3XidYRn+nG4wrGziASfHRI7LTvIRBVa08Zr5b0Bn8f ngmFjMmQ5LTdYf+1cszfjwvL/YsVAvOfCwShuixt8EjFt30f0fTAlYEQ1At7aTdL ISp+P4BLgg01oZ63+gHyW8aYpRNtMjCig4EmTHXhfruI5Z9j+uK7FpYZ9jhE5V/B Yg4bIvGxWXIM5PoCKSuU3/jqG+9m9R/X7iCbw7Bv6YAXgBHTXwuVczj74L1Afr2O /5wupFiMQGVXetiVZPpdsXPEnHrmcpzdoV7cJ3yKdnF5YGTpbEui3fL6c3w+Hpj/ 9GOkUhs4/y+8myNEhq5EGpuFCHnUBeOjWznlarITOwSXdKIwWi2NKj/PL27k3eSf htsNhI7LMRC9j5rC/SVFoItZWfmRJ/nabxdzIBL1Gwb5ewYKMp1h9T5Pkvltg021 i0oy8Ief4r3QyIoeHwYpeE3zqwTa7G+3zCRrVtGUVEOkysYM4y2xJcBUhgihfH0b fx+49ILWrBeMeorTFCy/2dKlW01m1z6hF383RwgNdsacKC/HM+U= =j6j5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqTLsnbZ1bw7x1hQ%40itl-email.
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jun 11, 2022 at 12:41:08AM -0700, Viktor Ransmayr wrote: > Hello Demi, > > Demi Marie Obenour schrieb am Freitag, 10. Juni 2022 um 23:42:57 UTC+2: > > > > >> I've not modified anything - and - the "Global Settings" look OK. > > > >> > > > >> I tried to open a console in 'sys-firewall' - but - can't login :-( > > > >> > > > >> I had expected that I could do so, using my credentials, i.e. user > > 'vr' > > > >> plus my password ... > > > >> > > > > At least in the default setup (no sys-gui-gpu), your credentials are > > specific to dom0. Everything else will let you log in on the console > > as any valid user without a password. “root” will give you a root > > shell, while “user” will give you a shell as the same user that GUI > > programs run as. > > > > Thanks for that clear explanation. You’re welcome! > > > > I tried to open a console in 'sys-firewall' - and - could not login. > > > > > > > > However, I (obviously) could open a terminal in 'sys-firewall' ... > > > > > > > > Here's the content of /etc/qubes-rpc/ : > > > > > > > > [user@sys-firewall ~]$ cd /etc/qubes-rpc/ > > > > [user@sys-firewall qubes-rpc]$ ls > > > > qubes.Backup qubes.PdfConvert qubes.SuspendPostAll > > > > qubes.ConnectTCP qubes.PostInstall qubes.SuspendPre > > > > qubes.DetachPciDevice qubes.ResizeDisk qubes.SuspendPreAll > > > > qubes.Filecopy qubes.Restore qubes.USB > > > > qubes.GetAppmenus qubes.SaltLinuxVM qubes.USBAttach > > > > qubes.GetDate qubes.SelectDirectory qubes.USBDetach > > > > qubes.GetImageRGBA qubes.SelectFile qubes.UpdatesProxy > > > > qubes.Gpg qubes.SetDateTime qubes.VMRootShell > > > > qubes.GpgImportKey qubes.SetMonitorLayout qubes.VMShell > > > > qubes.InstallUpdatesGUI qubes.ShowInTerminal qubes.WaitForSession > > > > qubes.OpenInVM qubes.StartApp > > > > qubes.OpenURL qubes.SuspendPost > > > > [user@sys-firewall qubes-rpc]$ > > > > > > > > > > With Fedora 34 having reached EOL now, is there anything else I can do, > > > other than a complete new installation of Qubes OS R4.1 ? > > > > Installing “qubes-core-agent-dom0-updates” in sys-firewall’s template > > should fix the problem. > > > > I checked which 'qubes-core' packages are installed in the 'sys-firewall' > VM on my system. > > Here are the results: > > [user@sys-firewall ~]$ > [user@sys-firewall ~]$ dnf list --installed | grep qubes-core > qubes-core-agent.x86_64 4.0.65-1.fc34 > @qubes-vm-r4.0-current > qubes-core-agent-dom0-updates.x86_644.0.65-1.fc34 > @qubes-vm-r4.0-current > qubes-core-agent-nautilus.x86_644.0.65-1.fc34 > @qubes-vm-r4.0-current > qubes-core-agent-network-manager.x86_64 4.0.65-1.fc34 > @qubes-vm-r4.0-current > qubes-core-agent-networking.x86_64 4.0.65-1.fc34 > @qubes-vm-r4.0-current > qubes-core-agent-passwordless-root.x86_64 4.0.65-1.fc34 > @qubes-vm-r4.0-current > qubes-core-agent-qrexec.x86_64 4.0.65-1.fc34 > @qubes-vm-r4.0-current > qubes-core-agent-systemd.x86_64 4.0.65-1.fc34 > @qubes-vm-r4.0-current > [user@sys-firewall ~]$ > > So the package is installed - but - it is on version '4.0.65-1.fc34'. - > That does not look right to me ... > > Do you have any further suggestions, what I could still try? You should be able to manually change your DNF repositories in sys-firewall’s template. “dnf --best --refresh distro-sync” should then take care of the rest, unless I have missed something. > Or should I just wait until the dev-team will release Qubes OS version > 4.1.1? You should not have to do this. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKkyuUACgkQsoi1X/+c IsFmyQ/+Mvzo04A53PLM8Oc6Iu3hZzK6MbqMNon9Tc+YGDU2Wizwhdj02Xy0XXIt BshmNrnPn0bAtZs5hbcjRFc1Bvk6fnQ8/7tscHEuauqnXe1yN8TsB/Zt6JWxKAbl VvkWb33/+fGZyMn3FJxrvsDRMgjYDn020hEfic+R0jAmJubpzfBva0x
Re: [qubes-users] qubes update -- how to hold an old kernel ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jun 11, 2022 at 01:09:40AM +0200, haaber wrote: > > Which kernel version do you need to hold? You can update a subset of > > packages by giving them as arguments to qubes-dom0-update, but I would > > like to know what the forseeable problems are. > > The reason is simple: all (!) 5.x xen kernels I tested so far > crash/freeze my system in less than 5 minutes, often only seconds (open > issue on github since 18 months). Therefore I keep a 4.19 kernel for xen > (only) -- until now the updater respected that: it installed some new > 5.x kernel and kernel-latest. Every single time, I bravely try them out, > and each time they crash: each time I can revert back to 4.19 by a > linux-life usb hack. > > Last kernel update wants to remove my 4.19 kernel, and no way I can > accept that, given the history. ( again a curse on Intel and Dell for > their buggy hardware ). Try removing one of the newer kernels on your system. Also, would you be willing to try disabling panic_on_oops? That won’t fix the bug, but it has a chance of leaving the system running afterwards. Adding kernel.panic_on_oops=0 and kernel.panic_on_warn=0 to /etc/sysctl.conf should do the trick. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmH3JoAACgkQsoi1X/+c IsGmrA/+MhaHGQotnhmzS0Ipf13o4WunxvFBJb+kzRnbmS8QDpxqYlg0seZ7cxtZ dCV9CjGjEEK1AfElAl/JOc0NgW0ltz6wAK3nsg9nfZ5bnq4NMpXOJ2L+Nx5qI91O jqWvQBMnupl6ETpdX6YGsA9lDc4yCbr31L+1y/8euc+CuJja5a5Mn8AaaisjEtFK fZdyN2PLIGnC+Jp0kUR9PK2p9YT1I8tyDljv/nvW/wTVdTV4ExBv94U4hHNH5ALe QQ4iQp8eg/1TDcRKTgTPhc3O9rfgyeRTwgPGAIIe8CcX6NngOHfAkURHTJp7BYSx bYVVULcQheOHx8yiMgE/rXxI2mpWlp8x6xDBVO6bc+BZZOYb6HqQXS6j+iRucpx5 s3NA8Jo8H7KDw1bin+r+LN13evWUwn0fmQJ5Ffq1zmVRuRwc+qT8okVbaubxAgJE 6C47u7Vs6p9sp8m29mBsUPR2Z84F2NXNNAMJNndWUAAzn0FZjgs4j/Al7ZSerhcz 2zrfqNJUD3fRsKFAN4Uf893xT+xTiy1g5+8YNVi45H+B7smykZIlU7NiSNTNyFci 3SGIXbb73v/CLsMg2ysj35FbFP1bqdZXL08jjF95NFf6Y9T09OfWvvaPTskwJkmD 6v/wd8qIdvfEpkh5UQPkWpTXAIql2iDvyVmcyx0usir5dz9GenQ= =6j7H -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqQ8Wa7G90Pv2jb0%40itl-email.
Re: [qubes-users] Re: Is it possible to build any BSD template on QubesOS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jun 07, 2022 at 05:34:10PM -0700, J Holsapple wrote: > Yeah, a more integrated BSD OS would be nice. Something like Windows tools. > The only gui I'd be interested in though is macos. > > In this case, I'm just running the cli and using the webapp for management. > Sure it's a HVM and is more isolated and more resource hungry. Yet it's a > lot like my stand alone pfSense box. It just works. And over the months > I've gone back to my integration guide/script and refined it. > > Keep in mind that I answered the OP's question for the use case where "any" > means a HVM with a CLI and using a webapp for "gui" management. The > integration guide/script is optional for people wanting to replicate my > implementation of pfSense/OPNsense. > > BTW, could you expound a little on your concern for xnf(4) (netfront) and > xbf(4) (blkfront) drivers? Or point me to a reference? I wish to better > understand your concern for threat vectors. Right now, the OpenBSD netfront and netback drivers are not hardened against malicious backends, so they can be attacked by malicious backends. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKj3gYACgkQsoi1X/+c IsHgQRAAqFGBEd8zJCSZ4W8+qbIzbs8/rMojEqrqcZIjBo1PtW4JHgNbl42/PEAc yRs1FNVu7TVELibYle0INnTVR6emm89P5s3r/ym4x0tghfuUAM3yQeZV8g+g5ivQ +UP/7kLN+Gu6gPa4YNANMctRs3FP5Y7KwuIyzvO3yhBgEC4cS10sjM3KYaO80Ue4 ZFjjyg504ZvllbOjgid2LR18j4mC4BUe1f/Lf/IviUggfK/ZCAW3rExqlMU5KbGr i8/3XXRl4YFLXsbrCm20vUvQlW844GkKuECW8OMbjt2gkt3f/2gSeT+Xl8FVd8TD oAMijumqmRKlsm2dd3i58blQjJ5c1T5Hzfwb0VJybN9YUOCjil+oxGOL9nJqkTig bUh6eojSDi65Ld8WwE1KL2vYKO7JiXZ0la9whZeUG6bFs68Gx7AWcfZ+xfJ4k9Ga +FV89WiM79R+HJvVpZphxT1xRdNaVP73rHKIpar88pyUOorZHfM71ANfj1FfOuCY v8FAU9ByLiwgO4Hv3eS6XXAUsTi9NMlWFNeO/Zg9Pc/1Au0sglBR1+LIOmq/iRtF N7j0fPoA0Fp5ZnDOgq2iQ45SzPY3IqEw9ra4dTiBlP5Q7l9RG2Nu5aTyWmjtE55x ASeeo379ZVvPFhDdq8DBzUElTFxURa5zrOWZJoTvltQf2TO66wI= =5I/r -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqPeBkmp21FXJaE9%40itl-email.
Re: [qubes-users] Re: sys-firewall freezing on resume from suspend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jun 03, 2022 at 04:00:20PM +0200, Qubes OS Users Mailing List wrote: > So, apparently, this is not a sys-firewall, but a clocksync issue. To root > out any causes, I moved the clocksync service to a separate, brand new qube > (named sys-clock). And voila: sys-firewall no longer 'crashes' on resume > from suspend, now it's sys-clock. https://github.com/QubesOS/qubes-core-admin/pull/473 will (hopefully) fix this. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKjvE8ACgkQsoi1X/+c IsEWOxAArQT0n0LBpJhoQcDsGhiB0ute7pr5jkGTv2QW02EmSXXrKwdr9+QwZS7P 6xMA1mdcfPHNZfA4Y4z3ZRdUbd943sSn2IYhZ2s75dbVkHEp7hSaL1SJfT1cdSlW j/CeF7nc2S1OA+sEJcWxKlwiX8gTRgMW3PeDNcRL/v2vxG7fte3Pj/2GSZ8wJFFR +x19nrmp8KEJ4/Nx5JYSKLs74M75JFJPXrVOsPN4NiPa/e/0r77MY6+KytbXHm9L i9CitXzVZnAp5voVX/CC4XkPa13M2YGAmQ+WQQFTKy35qUK9Ae97x18M+llxqsLN eIZIvAGYmwTWPOXYMTadGL8xAveA6lnGIMA4EgYolqWGzxGCg1WyKnoOAXWhe7F+ BHeuTlt7YVwCaENa5XeweYy7gH6cnFXiqh5fcFFUPb9UJmjftlowLwUI4Ggnz112 7aDDOTPz73v0nLdAriRKxMqbf5n259eozsaZDnq1yrg2hdZGV8ptPxs+xvniSB4F GpCvLBblAAXKDjZWyOeTNGGWA8YjBS4+9ExDTHo1vYU9yVob3Y3QfgFW364EeFeG wYv/sqiRv6sDSBjw9fsHPX09tx8zRV9pAGy3wHvSWO6+bqsyl8o8usT6NRGNq4Tl WaGar1+jiNvuEJ4DEtckMnKiO6UhSEsigYLjWlDZkEitO6Tq0sw= =Bysk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqO8T3pAxkX/sCeZ%40itl-email.
Re: [qubes-users] Re: sys-firewall freezing on resume from suspend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jun 03, 2022 at 04:00:20PM +0200, Qubes OS Users Mailing List wrote: > So, apparently, this is not a sys-firewall, but a clocksync issue. To root > out any causes, I moved the clocksync service to a separate, brand new qube > (named sys-clock). And voila: sys-firewall no longer 'crashes' on resume > from suspend, now it's sys-clock. > > The cause is probably somewhere in some logfile, but with the many moving > parts, Qubes really needs a better bugfixing howto. With relatively many > minor bugs like this, bugfixing takes too much time. I don't mind spending > some time fixing bugs, but lately it is really becoming too much, to the > extend that I am considering switching back to an easier regular Linux > distro. I have been a paid Linux sysadmin, no total expert, but that is also > not a requirement to use Qubes. I should be able to diagnose bugs on my own > laptop (and contribute to the project by properly reporting them). Indeed, you should be able to. The fact that you cannot is itself a bug. Please report it. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKju30ACgkQsoi1X/+c IsGmFw/+J44uxpsEAEXAD1bVrxv1xA4sOtcZC+EjyWEVRGc61GTy5/uh69pb2ROi 9x0+ynfuxOTn2+9SZHNPyJtt5L5gNC7hSVrwNzzsMQX3OUySBjjh867DRdHHg7Zn EvESFmPorOm+3LVdSEbA3QssOPTLSoHPrENuEnQ5yfsYURrNONIvSfwB+zCNexfP Ay8IgyAaH8HKEhigu7VKCIn2XRV1JlRNzSC53fKJPhtwZq/NXc0JX+2NnX6KeOvE VmxCQwF2Fvr6K2cMLdlm019XGVHifTqMnwi3/qdkbsxD2ntcovTs6kpMC0knWsT5 tMfgN0jS1CXyu+dGbupSjxtt1O9FEoXt45eOnA55oqc1jSZcYqgtaCbeq0QiPBi3 pXOf9ErJJjtrrxHr7CxoNRR3pyyXGb3gGKy2gElsT4Pm1qkioHSb/lEZMNqaU4YT bI+R5sAE/DgTry8+S1uAwMNZthpS8FG5WjUwQ9SYr1a7jZOQCbDKyuw91n9/sU+6 a0bNoxk2cEnGngZpbQq0oXCT1V18WnU/JdfRCP9+I7NI7WAlVDOjB8QKlen0d1+y d8WS1BBrfhxuDco1T+XNQCOtftdtuKV1PhzUGjR0hMQtBsuJWvfbsLIIs00/H+ET x30l8RXDQw/+4s4cnSsd/IKN0d7KCpr18pQkyEWeE2Bp136pLpw= =fc6P -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqO7fUsAEpR%2BzyAl%40itl-email.
Re: [qubes-users] Problems with announced Fedora 35 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 08, 2022 at 10:10:45PM -0700, Viktor Ransmayr wrote: > Hello Qubes Community, > > Viktor Ransmayr schrieb am Montag, 30. Mai 2022 um 11:31:56 UTC+2: > > > Viktor Ransmayr schrieb am Montag, 30. Mai 2022 um 10:37:56 UTC+2: > > > >> stevenlc...@gmail.com schrieb am Sonntag, 29. Mai 2022 um 20:45:29 UTC+2: > >> > >>> On Sun, May 29, 2022 at 4:39 AM Viktor Ransmayr > >>> wrote: > >>> > >>>> stevenlc...@gmail.com schrieb am Samstag, 28. Mai 2022 um 21:54:40 > >>>> UTC+2: > >>>> > >>>>> > >>>>> Thanks for your quick reply! > >>>> > >>>> However, when I try to list the available templates using the > >>>> 'qvm-template' command, I get the same error message: > >>>> > >>>> [vr@dom0 ~]$ qvm-template list > >>>> [Qrexec] /bin/sh: /etc/qubes-rpc/qubes.TemplateSearch: No such file > >>>> or directory > >>>> ERROR: qrexec call 'qubes.TemplateSearch' failed. > >>>> [vr@dom0 ~]$ > >>>> > >>>> > >>>> > >>> I just checked my own system and ran a python3 trace on the command. The > >>> file /etc/qubes-rpc/qubes.TemplateSearch should be on the sys-firewall > >>> , assuming the default configuration. If you use a different OS or > >>> changed > >>> your "Dom0 update qube" in the "Global Settings" for dom0 updates then > >>> that > >>> update VM may not have this file installed. I would start by looking > >>> there. > >>> > >> > >> I've not modified anything - and - the "Global Settings" look OK. > >> > >> I tried to open a console in 'sys-firewall' - but - can't login :-( > >> > >> I had expected that I could do so, using my credentials, i.e. user 'vr' > >> plus my password ... > >> At least in the default setup (no sys-gui-gpu), your credentials are specific to dom0. Everything else will let you log in on the console as any valid user without a password. “root” will give you a root shell, while “user” will give you a shell as the same user that GUI programs run as. > > I tried to open a console in 'sys-firewall' - and - could not login. > > > > However, I (obviously) could open a terminal in 'sys-firewall' ... > > > > Here's the content of /etc/qubes-rpc/ : > > > > [user@sys-firewall ~]$ cd /etc/qubes-rpc/ > > [user@sys-firewall qubes-rpc]$ ls > > qubes.Backup qubes.PdfConvertqubes.SuspendPostAll > > qubes.ConnectTCP qubes.PostInstall qubes.SuspendPre > > qubes.DetachPciDevicequbes.ResizeDiskqubes.SuspendPreAll > > qubes.Filecopy qubes.Restore qubes.USB > > qubes.GetAppmenusqubes.SaltLinuxVM qubes.USBAttach > > qubes.GetDate qubes.SelectDirectory qubes.USBDetach > > qubes.GetImageRGBA qubes.SelectFilequbes.UpdatesProxy > > qubes.Gpgqubes.SetDateTime qubes.VMRootShell > > qubes.GpgImportKey qubes.SetMonitorLayout qubes.VMShell > > qubes.InstallUpdatesGUI qubes.ShowInTerminalqubes.WaitForSession > > qubes.OpenInVM qubes.StartApp > > qubes.OpenURLqubes.SuspendPost > > [user@sys-firewall qubes-rpc]$ > > > > With Fedora 34 having reached EOL now, is there anything else I can do, > other than a complete new installation of Qubes OS R4.1 ? Installing “qubes-core-agent-dom0-updates” in sys-firewall’s template should fix the problem. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKjutoACgkQsoi1X/+c IsGWOhAAolEkyR9ouRejSxMZi1MFngp04eHAUa4r2eARrD74FVkHNaiJ5h3d90JT fEEO+e+zFnIRvXGxXG8ITtjJsep9ohuYSOY0kiIHWYkAU+FSHrCO8QDnLlqCt5Nx 9rBbgfgKAmpU8/wJxWOm8++rrCuW/7jp79hQ1VwcrPsZuc0fkvq9FB8WgbCPiV+X qcOmWdeP5OVu/QQ8Rb7HPARLDqYVjiuYaDkVklmgsaEKlI87dsgRryVYIl3SmLyL 8ga4fJoiGaKAu57FcgkvEiXLS06qdBMYYJUwtc+c3EFnnaVbILKfJopa9dDeDsEa J8JOjJr+ZKpnnxVQMIffaPmWVGlTcirAuqv4QV88Z6tEdqAO2OwIvjieefQ28REc h3/DnpjAtbo6rDnz2QLkcawNp7kETA+GYuhC6HNrUML4RnxTaN4BJI+DzQEyWHsX FNhV6ce2pLv4lzNXAQby8NRSqQdHd2bhCiMNFcdKR4QZIX0ZzS0bQmGyBJYQu5vt LHjTLb+582mpNZowL8X0caCrYNUWCQhfUn75a/5pUqAbA3ud1Hwfgo9025eogha4 F0MWiRhnCOfpGY/eCJqo34vMv+RVG9MReSlzO4mLxFKuFlrjJMVVZ8qeXJUc8gdk qwUsNDhB7h+7EudL4Vl8SOIKJxCfCeQ7bye1vz7LOaJlj68QEoM= =19/c -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqO620Nyzmj%2Be4Y7%40itl-email.
Re: [qubes-users] qubes update -- how to hold an old kernel ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jun 10, 2022 at 08:55:41AM +0200, haaber wrote: > Recent QSB made me run the qubes-update. Regrettably, it wants to remove > a kernel version that I need to hold (in case of foreseeable problems > with newer ones). How can I freeze that older version and forbid its > uninstall? Which kernel version do you need to hold? You can update a subset of packages by giving them as arguments to qubes-dom0-update, but I would like to know what the forseeable problems are. I am not aware of any way to do what you want given how DNF works. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKjs1wACgkQsoi1X/+c IsGmqw//euPsJPLo1LiC4OuzMWuHWgqNS3xtxyCaVbX8FmSlSSWDB1V8iyxSVajp SDoGY7qU1x9hgEe0PIvrt8DAOG0XnkRcPzzlQv2xkjj0qTn8boFum3LigUQ6/lAr P7xkc3ELnd+sXAP2Urn1XtmgcMN9oLexUNpQCN2LOaFtvzpCCQpjeVLW9U5dCqN0 dFKtH/iwxGBsMKcizkSnCmExm67lVhG5qD/oSLcvrE1VpR+nw61nLXlKTC1OFG0y Bue6m+0FNpoRGGnDFOkUktrybLLu1RHmUkBs5Hxyzn16eL8HFx1/o4JqF4RjXgq5 dj17uugo9azVmEX7Z/Ngq9uKnUeC/328sT/7Cu/Zy9op0IdMPTHtZ+wzQwfOjM4w JpXWxE96a+gXnqPD0Q13nbTwiurvD3vrr5rgv0QqWn6xUa9+SHHyXJQR45nR8YVe sOGRifKoZgCtcOemF6A6hveFF8fwALb55CIKgGwM6K4Q6FXNMip/FqJl2mwVxXn7 jNYG4qQveRRyzSsGdN1O4yDgTFDC36EZSPOtxKVnYs1VFbXfcCpQW7rKQPDy+S8w tnykq7Qdvg2lK/uztgDtfs2iEqZJlt1KHN2UrU0cHRF16h/cZQm2L+RBgY6l8tvY f2QRoBYzof29dj4Ald8JskKvBlo7sQ5tZhXEySB6T4Vq86xIOzU= =ormh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqOzXSFhnImIAK5f%40itl-email.
Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jun 03, 2022 at 10:51:53AM +0200, Johannes Graumann wrote: > On Mon, 2022-05-30 at 14:11 -0400, Demi Marie Obenour wrote: > > On Sat, May 28, 2022 at 12:56:42PM +0200, Johannes Graumann wrote: > > > On Tue, 2022-05-24 at 12:35 -0400, Demi Marie Obenour wrote: > > > > On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing > > > > List > > > > wrote: > > > > > https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable > > > > > states: > > > > > > To do this [make a particular application open everything in > > > > > > a > > > > > > disposable VM], enable a service named app-dispvm.X in that > > > > > > qube, > > > > > > where X is the application ID. > > > > > > > > > > and invokes `app-dispvm.thunderbird` as an example. > > > > > > > > > > How would you do that for an application installes and run > > > > > through > > > > > flatpak? > > > > > > > > Flatpak-installed applications still have an application ID, > > > > which is > > > > what gets passed to qubes.StartApp to launch the application. > > > > > > Thank you for your answer. Lengthy googling has dug up no answer to > > > what an "application ID" actually is or how to look it up. Could > > > you > > > please help with that? Given a running program, how do I identify > > > it? > > > > It is the name of the .desktop file the application has within the > > VM. > > For Flatpak apps, I believe it will always be the ID of the flatpak > > (the > > reverse-DNS name). > > Thank you. > I did the following: > 1) in `dom0`: > > qvm-service task-privcom app-dispvm.org.gnome.Evolution on > > 2) restart task-privcom > > This does not work: neither *.pdf, nor *.jpeg, etc. get opened in a > dispvm when opening (double clicking) from within Evolution ... That is not good. Does it work if you set XDG_DATA_DIRS to /usr/share/qubes/xdg-override in the launch script for the flatpak? - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKjsAsACgkQsoi1X/+c IsHwWBAAyWtn+ogxFSf7Y9Y3QN762ePZzx9X3aPSRbVIWiSsY0H51VTzQRJBG6tS Np3yRPSjZrj9iDRv3zaEWMKZ+1ekvH18JkXTulv9W/r6ia1UkfrsIC8fwLrkNE7o lg1RvLcJLNXu0JkOEor1fRzFyY0VZTLRlnFjxVL7JNugF+56iIigrMUYwsIP2JLx zS38N3cG+aRtXV9ujWJQtRFULH+CVcPFmAM7NGy4uLeYRApObAsosPasxdNPZPYy pbTLxBYz0O7WKi5Q0n/aFW8ootdtoZZxHNPosw5wWhAPrVny69/MqxMg839piSQW umPAdTqpUHdXZKPfM/5exuphg9RBJCPxkukurS6tvDLz9RYg8yLHVFuc5wdc7jvQ HU9nCnSNsSzunowosks0z68pp8XTE7ruUf+HLZkcGrc5e733cE0UbLp5E8d34+eJ JDgwC/zCj5NwIoUdtIE9pe3G3oDhUNlL6YyCNvIHkuhydN2sUkIC+uxHOMIZeHS1 Dw73E2M22oRud7s4QOeQGQwpv9QYpQ5WBHlsUECJiqJWm4oeW2yMThuxgEHBuh5i lVH/UIvHmO5XXXA2J/28h+QZBcqO1z1EF5CTdSX+DIWqNO+u7KL5ohgYEMeKhYZW OldqpRTMH6uYPQSinbrSWlXy9Ucb6yjibGt1moWZapeZidSftwU= =/nkQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqOwDMZb2s4NZwi/%40itl-email.
Re: [qubes-users] yggdrasil & qubes netvm question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jun 10, 2022 at 04:29:08PM +0300, Oleg Artemiev wrote: > 1) Has anyone succeeded in enabling the yggdrasil network in NetVM qube? > I'm thinking about Qubes standalone PC as a server machine with the > ability to use NetVM as a shell box via yggdrasil IP. I suggest not running the server in sys-net if possible, and instead running it in a qube attached to sys-net. sys-net has lots of attack surface against the hypervisor via the PCI devices attached to it. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKjfCMACgkQsoi1X/+c IsHGBRAAstI3qMSbYWwTr5Hfq235YJwNtZFyePXaYcze5mhWfje7fH0eZiM6V8RA qbcQ2V4LLuHIGELemK7wrk9ELt9So3LThNaW+Xx+YFIzpzkcQp+mxwbDx8Je4xnQ VkuXlzBLp6rLN/R6Ezs4xgTiaM1Xq+UR3s4pUYriYX7mOUM8tF7BeSlHnEJ7+/It JPpBdX+GuA/EUxH9BF4IumkUvSdEU9R82cF4Gw/XGdfAg+rmethL9ZAn3BxYVRf0 uaHlOD0Cm3lKGzzhgXfAKToRbNUcOIG0JrYZ3dNafsu+6RWGhhfEb2f0R9q0gnZ8 L0uO/n7+GedtRExhTD9t/t2PO9wRu4UeLAADVz9y6ROgyd15tn3/U1H6DHTqsN2A j86l/7rQNEN1gkE1udA+KQafGudb9IVg7/SOC66sMEhcLehSP9/Vj7bSYfSVL+8w 8kINXDOpHA9asOu6AKLxEnFTKBA8yLTZzuMEUouUN8mk9rjdkvVmA8hkL5KXkyy3 Q9w/4bLwDD5Bt7XweLXgD6m7yOj+zgKR1SHGRODlUrPZ8LH99SzsnLk9NL5WiQIe eTm9/HS2WSNlqSRMt4GONob9GIlg3mHIbNtXdDVxWy5R7HmODaZnXCkRYoGUcJJT hqaENpR0iXSWWpzMLOwDrbIC1pm02oWVRRU3BaSuJoPquH4slNo= =RKYH -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqN8JHiC3Mv82GVa%40itl-email.
Re: [qubes-users] Re: How to check that an 'in-place upgrade' from Qubes R4.0 to R4.1 was successful?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 02, 2022 at 03:24:50AM -0700, Viktor Ransmayr wrote: > Hello Demi, > > Demi Marie Obenour schrieb am Donnerstag, 2. Juni 2022 um 01:18:35 UTC+2: > > > On Wed, Jun 01, 2022 at 10:03:14PM +, Qubes OS Users Mailing List > > wrote: > > > On Tue, May 31, 2022 at 11:54:24PM -0700, Viktor Ransmayr wrote: > > > > I've performed the same task today - and - the same 14 packages were > > > > removed again ... > > > > > > > > So it's clear now that something went wrong with my 'in-place upgrade' > > ! > > > > > > > > Anything that I could try, beside a completely fresh installation of > > Qubes > > > > OS R4.1 ? > > > > > > I've had similar issues: > > > https://github.com/QubesOS/qubes-issues/issues/7503 > > > > > > Maybe try some of the ideas suggested there? > > > > The Python 2 packages should be safe to remove, unless I have missed > > something. > > > > It's unclear to me, why I should ... > > If I would manually delete those packages, would they not get re-installed > the next day? In dom0, this is leftover cruft from R4.0. It serves no purpose in R4.1. My R4.1 dom0 does not even have a Python 2 interpreter. > Or asked differently: > > If they are not needed in R4.1 / Fedora 32 for dom0, why have they been > included in the first place? Not sure. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKYtjsACgkQsoi1X/+c IsHjAxAAnHZxC2XvYHm9gutkeQVq8keTtMKD2IxnbLG4VA68KjHow2pAAUPhOtpG wwG6xOboBCAGeOqG7cOiZQ6UiYsyW9bOxbEimWjZban4SHTKPLJ17lGVIBmi59+B RWCZOCeQExvQ3zcNMZStKJtz1Fh1C/WrzF6TdzJbIMvVR+0TkH0D1In0kC2zkXte xWZnWq7Ab1eDRNKMiwKkYvCGbsYPajO32y5aqTO8JIFuUYnybg6RYORfhyRW78jN hDPGb9rdc9YSP/Q/WHzYRaKBJRIy+IzEGqyQcP2UtS/nuuHj4FOOz3ycmPzp09cq JYdciJZyJjJlZ7rOTcVU0SV2dnM7TR1iQObg75SaXVvUl/D9Z9uRBCdQd7RkSZ+6 7tzJPAi5p8ltCeM6F+a99ZmlxhGhPVOS0WZ7WcyzxXEG5CLwlSHd/yB+QBx4ZxLU xDWLJmZk6qPaoJ+hwK6WgzpUACYakE8kGNTbRyZlEORM/iWKpo4C+o9CTDhVDrFK 6db0qvt4aX3wA2qRvnw1oSljoypC0WpOfvy3DgBp6fkUH/0R9GVdnu1TmZ0RaMik JGkJzBUGtjV2oO/LNLrEOvYrnQ3VrrexP3yme1dTCU5BMLqbnoGDu8aLHzTw875P 2oXxhIabEjiRtoFfEyeyXAZGcTkjYRGD937vwjxDotEdqNNcPE8= =pX7T -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Ypi2O76CVf/xZnv/%40itl-email.
[qubes-users] Automatically using inline PGP for qubes-devel and qubes-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I figured out how to tell Mutt to use inline PGP for messages to be sent to qubes-devel and qubes-users, without changing the default for all other messages. If (as I do) you default to encrypting all messages, this can be done with the following in muttrc: send2-hook '~A' "unset pgp_autoinline; set crypt_autoencrypt; set crypt_protected_headers_write" send2-hook '~C ^qubes-(users\|devel)@googlegroups\\.com$' "set pgp_autoinline; unset crypt_autoencrypt" The first line matches all messages, enables automatic encryption using PGP/MIME, and enables encryption of Subject: headers. The second line matches messages to qubes-devel and qubes-users, disables automatic encryption, and causes messages to be signed using inline PGP instead of PGP/MIME. The first line is necessary because the effects of a hook are not reverted automatically. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKX/cUACgkQsoi1X/+c IsErQA/+MM0IUA1h5moT55drwpK8t8o5grZfURuIxkuuUEVVXURIeDok2x5DBMfb l4xs4Hu80G/5VP4Vq+9iNTv+MxatwBkoHP8ymQxA8tnMZ8Duk23FvDLuDh7O9oin HHYRrIsTlOEsCWgo3ZRxmBXRb21wlR6haIOgXBFNZdjNjZPQ7Jo2y3PWpB5Zj4nn t84Q3Dro6iH6jAYuj0jRg4E43FHTSbo4yiIywsDd778+WA5u6Uu4B5i+YklgZ8I+ lOMqWpvYwzEJ3aBXTYSz/rXO9DBrvcT+QwDnnwhDL7bKX3IkVdNJipA4zqEpFGM3 fOxVzMvx8G2QqgTU+9Os6EG4FOIcTyykJX5zrsDJ0G5xjZBqTuyxZkqKJ4QHkXq3 y9kiYGmt3mpnHbsz1h58GDZipUyTmag8zSDQtr/XYSg794Ni/F7YCM774Fae1jB3 fF2bHp6dMxINB30oMT3bVUsR4YDLv2RKqTEerE2qFtVHCaXTmQrLqi9KfSBFo89C yoKayqvyN4SoFajH4GRYz4Nhtw8c0e7i5QNrP5wQUcY29DzC8UXOxptyrzePGKA/ r9oRXGXUKGPhfPYgiL10oJTxXMyRQDIztAgkCTWxGJrIdl9xGj2MDPL/tmfBkDRn u7vL6SQXJkMxsLBkst2i5PlGho2Hq3eG0WozXcOnX9Pxu4C1vsw= =Bo1z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Ypf9xqUb/mPQO%2BCT%40itl-email.
Re: [qubes-users] Re: How to check that an 'in-place upgrade' from Qubes R4.0 to R4.1 was successful?
On Wed, Jun 01, 2022 at 10:03:14PM +, Qubes OS Users Mailing List wrote: > On Tue, May 31, 2022 at 11:54:24PM -0700, Viktor Ransmayr wrote: > > I've performed the same task today - and - the same 14 packages were > > removed again ... > > > > So it's clear now that something went wrong with my 'in-place upgrade' ! > > > > Anything that I could try, beside a completely fresh installation of Qubes > > OS R4.1 ? > > I've had similar issues: > https://github.com/QubesOS/qubes-issues/issues/7503 > > Maybe try some of the ideas suggested there? The Python 2 packages should be safe to remove, unless I have missed something. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YpfzxZ8AwiY5ooJj%40itl-email. signature.asc Description: PGP signature
Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
On Sat, May 28, 2022 at 12:56:42PM +0200, Johannes Graumann wrote: > On Tue, 2022-05-24 at 12:35 -0400, Demi Marie Obenour wrote: > > On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing List > > wrote: > > > https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable > > > states: > > > > To do this [make a particular application open everything in a > > > > disposable VM], enable a service named app-dispvm.X in that > > > > qube, > > > > where X is the application ID. > > > > > > and invokes `app-dispvm.thunderbird` as an example. > > > > > > How would you do that for an application installes and run through > > > flatpak? > > > > Flatpak-installed applications still have an application ID, which is > > what gets passed to qubes.StartApp to launch the application. > > Thank you for your answer. Lengthy googling has dug up no answer to > what an "application ID" actually is or how to look it up. Could you > please help with that? Given a running program, how do I identify it? It is the name of the .desktop file the application has within the VM. For Flatpak apps, I believe it will always be the ID of the flatpak (the reverse-DNS name). -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YpUI0vyWFUt%2B6/o9%40itl-email. signature.asc Description: PGP signature
Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing List wrote: > https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable > states: > > To do this [make a particular application open everything in a > > disposable VM], enable a service named app-dispvm.X in that qube, > > where X is the application ID. > > and invokes `app-dispvm.thunderbird` as an example. > > How would you do that for an application installes and run through > flatpak? Flatpak-installed applications still have an application ID, which is what gets passed to qubes.StartApp to launch the application. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKNCU4ACgkQsoi1X/+c IsEMuA//VFfRexOsdHC7jd1eb7tZOCsBgeXlX6e/jU84XDvwCETveFUWrP0jRjva cZshRg3AilVXQVuLfLQMyqTP2w5izlsXQByFdTo5/V3vWiHIvO1ohl+Ugrkg7sZc albGEfGnOoNheGjGhdCWX4XLmteR79DR8tyjhTyP3hc6KvHAKmrT4ighPFVI+hRn 6XZbP5BWQOZ1QSva9wwa6bXJh2/7ZujsNrMOR5V+vLXa/wEc/Xwx4Hwv83UljD8E BkccHrp3nfEuorV9PTiBVavVKHZfaPbZu1wxkA9ws2Hh0Akse1PyRtABk1TJAQgT 2hZwHs0mbjstrgTjSb8SgG/oXwkyIxubLljBcRpbU1XRSmOZzr8QbGd3Mh3JU2xx mDZs7i1qTM+Vbb4SyTMfN8gKtv9TyREOGdKNP247g3SxzRUw4u/ZJ2OthUH1+vwC 4o8ohCSfVgvMBcM3BhQN7i3jr0wD38KCdJHSL6OkxVdPn7H2DWZorhfm6Ov14qr7 UKX1/tErPMbv6GTlwBjVHx9X1WSkCrzWOZNxssXs6e4OoDA+LF8PJuLFiIMT89as DAu/PKwD0cyBPM+91weSRgp3XgI8gETPLTAxRC9WwIBpPBjQ3Yf/H6mHWkH76rBU +BLIE5mOwBCqawxb4azFF0Ww0fgd8NXzZ3TISK2H86hdTPFxheM= =1FBd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yo0JTb%2Bzm3cYGmtI%40itl-email.
Re: [qubes-users] Re: Is it possible to build any BSD template on QubesOS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, May 08, 2022 at 08:01:08PM -0700, J Holsapple wrote: > I have pfSense (BSD) installed, and working fine for over 6 mos now, as my > network IDPS on the external interface. Went OCD and created a complete > installation guide and integration script. > It's a bit long and detailed but it works like a charm: > https://github.com/jcholsap/freemod/issues/1#issue-1016495279 I managed to get an OpenBSD template sort of working a while back. I was able to get networking and storage to work, and X11 worked via emulated VGA, but I ultimately gave up because of some clashes on the OpenBSD mailing lists. A proper integration would require substantial additions to the OpenBSD kernel: - - nullfs (BSD version of bind mounts) for /home and /usr/local. The workaround (a loopback NFS mount) is not something I would be okay with for production use. - - Hardened xnf(4) (netfront) and xbf(4) (blkfront) drivers. The current drivers are not safe in the presence of malicious backends. - - Userspace access to Xen event channels and grant tables, so that libvchan and gui-agent can work. Additionally, a Xen-aware bootloader would be needed if booting other than in HVM mode is desired. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKD3PIACgkQsoi1X/+c IsFFlA/+P76WfNwmIKDoTdoP3J9SQ1e5PQ+fMDF+phjeQmli4AB3MErGMUn0LcOX kTT+8E0o/+OiUmEjKpPTlxhVWsXqDDwsbqqiipSg9mZBygWzoECXMP6g6Rd3I38F WQV0Hpm2W0ha7a/oqPdlE5Kklnk76VTAdr6DhIlXvcAc31hEZklUdfUifRNAMmpQ prKiNdwYBcC+k+PUMwITgzvwP2CgiUc+Hf8wDt7Hj+CjVoi9uVkg0lv4KSRQI9Dj w3Dxvt6S59P86fPqfce7DwBnGM+hBHem/brkV+mrH+ZTmhSZLxW4DyT28x7/65JM hgggZxiZ9Z6pfiavZ1CKQaArX+Yc7WzUpigLEZnv6dMZHysbEf44v4uD3T1tz77k EPv4qtyEXGyKQplmuLWo+eoK8eJxDCHBly2fKef3QEtji+F9HWLs66oVpWyaT6r0 IP5k8ew+oWTcLhgvu0mSKwztJWFaWzw4vmKD0X2vikGybXlKmICffD14OOPuVpL4 gCbh/aU615glPMn+u1vhIYjGrbFZLi8/wCQCfI1rp4rX/ElzoVpA7SvCmc5Cy5b2 oE+ylbLkxe5opfkkJICpCUNRbWDe0Do+54aKdJCQn4pl6qhAGMwI3nYPQ0jbM30y /0lOYqwqYTlwiZFASIxATZYftUZMzddeNmFoV4fSUN14FCQ8tIU= =gLNM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YoPc8pybMUv0leba%40itl-email.
Re: [qubes-users] Circumventing autostart of apps when updating the appVM by `salt`?
On Thu, May 12, 2022 at 11:26:53AM +0200, Qubes OS Users Mailing List wrote: > I have a setup with appVMs that are configured to autostart a subset of > apps when they get fired up - one example is `app-privcom` that runs > `evolution`, `signal-desktop` (from a user level installed flatpak just > in that VM) and `liferea` (also a flatpak) when coming online. > > Given the user-level flatpaked nature of some of the apps, the appVMs > themselves have to be maintained (`flatpak update` etc.), which I do > using `salt`. > > As a side effect of the convenient autostarting this results in apps > popping up left and right when my fleet of appVMs is being updated by > `salt` - which is a nuisance. > > Can anyone think of a way to circumvent app autostart in the context of > firing up the the appVMs via `salt`? I don’t think this is possible right now. This would require that the VM know that it is being started via Salt, which it currently does not. Feel free to submit an enhancement request on GitHub. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YnzhC7Vhi/yK1wYv%40itl-email. signature.asc Description: PGP signature
Re: [qubes-users] Temporary failure in name resolution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Apr 19, 2022 at 06:17:58AM -0700, Qubes OS Users Mailing List wrote: > After upgrading the following, I lost dns functionality in sys-firewall and > all vms using sys-firewall. > > Using tcpdump on sys-net, it does not seem to receive the dns query. > > When I run `systemctl stop systemd-resolved` in an appvm, dns works again. > > (I removed some clearly uninteresting packages) > ``` > > PackageArch Version Repo > Size > > Upgrading: > babl x86_64 0.1.92-1.fc35 updates > 533 k > dhcp-clientx86_64 12:4.4.3-2.fc35 updates > 799 k > dhcp-commonnoarch 12:4.4.3-2.fc35 updates > 126 k > evolution-data-server x86_64 3.42.4-2.fc35 updates > 2.2 M > evolution-data-server-langpacksnoarch 3.42.4-2.fc35 updates > 1.3 M > gegl04 x86_64 0.4.36-1.fc35 updates > 3.0 M > havegedx86_64 1.9.18-1.fc35 updates > 74 k > libsolvx86_64 0.7.22-1.fc35 updates > 403 k > nspr x86_64 4.32.0-6.fc35 updates > 137 k > nssx86_64 3.77.0-1.fc35 updates > 691 k > nss-softoknx86_64 3.77.0-1.fc35 updates > 376 k > nss-softokn-freebl x86_64 3.77.0-1.fc35 updates > 323 k > nss-sysinitx86_64 3.77.0-1.fc35 updates > 20 k > nss-util x86_64 3.77.0-1.fc35 updates > 88 k > ostree x86_64 2022.2-1.fc35 updates > 229 k > ostree-libsx86_64 2022.2-1.fc35 updates > 424 k > perl-CPAN noarch 2.33-1.fc35 updates > 557 k > pipewire x86_64 0.3.50-1.fc35 updates > 39 k > pipewire-alsa x86_64 0.3.50-1.fc35 updates > 62 k > pipewire-jack-audio-connection-kit x86_64 0.3.50-1.fc35 updates > 135 k > pipewire-libs x86_64 0.3.50-1.fc35 updates > 1.5 M > python3-tqdm noarch 4.64.0-1.fc35 updates > 132 k > rsync x86_64 3.2.3-9.fc35 updates > 388 k > systemdx86_64 249.11-1.fc35 updates > 4.1 M > systemd-libs x86_64 249.11-1.fc35 updates > 603 k > systemd-networkd x86_64 249.11-1.fc35 updates > 523 k > systemd-pamx86_64 249.11-1.fc35 updates > 323 k > systemd-resolved x86_64 249.11-1.fc35 updates > 266 k > systemd-udev x86_64 249.11-1.fc35 updates > 1.8 M > tzdata noarch 2022a-2.fc35 updates > 432 k > xorg-x11-xinit x86_64 1.4.0-14.fc35 updates > 55 k > Installing dependencies: > botan2 x86_64 2.18.2-1.fc35 updates > 1.9 M > minizipx86_64 3.0.2-4.fc35 fedora > 70 k > perl-Digest-SHA1 x86_64 2.13-34.fc35 fedora > 52 k > perl-Module-Signature noarch 0.87-5.fc35 fedora > 82 k > ``` This is a known problem with Qubes OS and systemd-resolved. It’s fixed in the current-testing repository. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmJeyZ4ACgkQsoi1X/+c IsGzMRAAgFE+70bAIjg0DMDjtJYttAjt8iYvXG7/UKUqHwRk0tFZSAzrHJyqN3mn bOuXwhV4lCfASiRiop8wuvIabkbtUFzV9fbyganzu2WwWdEphlQVXDGv1SJgyhmG PW1IwsqABS0FA2vMvjrAgvsObwNB+ITprM8WgMTWLExK/zXnxIlvLC4QzB3B7sDC XBfj2ARAqKBEh0hUa98tt5E0w6BDpQiTIWMI1nmZxgHzq04+IVZxc+PXAT9V20IY yoSWX68UG75Jz6O/C1ieiZGzefcK8cL6Of8L0YYs2tDrF0eRfcB/RxUTd3Wx6hK4 0eg0TrNOpUUJXrD+zxyg48sWpkVy2BopUOE1pZnvNm1aNID+PvCDsOUJOqPVfmlC xm2yZbybO+4Eu8/YAjeoh9/8zJdoor6HLVara6B3G3gx0KWjWRh9FFbNQeJQ6B0p igQN823F4RI/G3p4WGu7BSF8QvGErW4OiRgCPLp9LTLi8gut9Sg51eLRxvsz+EfC euMpJziyZyXVSK7ffnF0jDQeiNkbeOeOmXhtdyWxqjNLBXF/OOTUgPFtsbYHn5n0 CaqPut/INo89QfnWxnez5HIoQy9g4+yrCkH4jdc6WeAu+vSgAChT8/IBgB+l0eOl coWyuITzN1Tt+P07cLfv5D3bzwNFNIh7H02gCdFSFUtLIlhnMyI= =2S01 -END PGP SIGNATURE- --
Re: [qubes-users] nVidia binary in dom0 (ThinkPad P1 gen4)
On Mon, Apr 18, 2022 at 06:04:59PM +, Michał "rysiek" Woźniak wrote: > On Monday, 18 April 2022 15:40:32 GMT Michał "rysiek" Woźniak wrote: > > > Have you considered using sys-gui-gpu instead? > > > > I have not, for a very specific reason: in the laptop in question, all > > external video outputs are hard-wired to the nvidia card. That is, I > > *cannot* use an external display *unless* I get the nvidia card to work, > > somehow. > > Wait, that was almost certainly a brainfart. With sys-gui-gpu, the nVidia GPU > would get passed-through to that VM, and so any driver installed there (and > presumably more likely to work than in dom0) would also have access to all > the > external displays hard-wired to that GPU. Right? Yup! You can even assign the nvidia card to the VM while leaving the iGPU in dom0. If you do that, you will want to set your qrexec policies to ensure that sys-gui-gpu can’t harm VMs it isn’t the GUIVM of. That basically means removing lots of Admin API access from it that it doesn’t need. > That's something I will try next then, and report back. Thank you for the > suggestion! You’re welcome! -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yl3bXnc8FzKi9ZHC%40itl-email. signature.asc Description: PGP signature
Re: [qubes-users] nVidia binary in dom0 (ThinkPad P1 gen4)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Apr 18, 2022 at 02:57:32AM +, Michał "rysiek" Woźniak wrote:
> Hey all,
>
> I am trying to get the nVidia binary driver to work in dom0. Using the latest
> version of it (510.60.02) always ends up with this line in `Xorg.0.log`,
> followed by X crashing:
> > Failed to allocate push buffer
>
> Running `nvidia-smi` shows the card is available, kernel modules loaded; I
> can
> get temperature readouts, for example.
>
> Tried changing UEFI settings ("discrete" vs "hybrid" mode), tried fiddling
> with
> kernel parameters (modesetting, iommu), to no avail.
>
> Not sure what I could try next. Any ideas welcome!
Have you considered using sys-gui-gpu instead? Binary drivers in dom0
are a bad idea, both from a security and reliability perspective. In
particular, dom0 has an old version of both X11 and Mesa, which may well
be incompatible with the blob driver.
Alternatively, if your computer has an integrated Intel GPU, you could
use that. Nouveau might also be an option, if it supports your card.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmJdaZYACgkQsoi1X/+c
IsEXhw/+LB9voMNQ+1WEr8/ipDJ1ZSggH+EzoCONhmhlM/X+oeyZ6OHzqJ4FKbgv
U+zI/CH05rZoRd4Fda6CQRiH4xMIoCQ+rIHp2+15vkof8FAIOQpykDWWm/pJ4G/F
kfK6oh/OStZcHQWh8d3ShiDi5bbeVIFmW1ix4CvJ+F2wpPMX2vOYUbgI+j2SxasU
n0s4EVnjdRfFBuxpGG4pK+6YJ/Tepkf25izQZyEQuZ1PgrJL7sgKpieBRWNyCw7q
+wJDAV77vx3/rBp90zCEWJ0HR3CJGXWLduwCs0HN2Zg/jJ7zs55cViOK79D3bAlS
DrH7TWOwHqDMj8C0zPuozEMb5a+W7dPZZOlQy9KLWAmy8swnC1ED0SKf+u5v+qvn
4BbFVgxYAYisDMAwDAY/ZwU+AgfxMHHgVucauM20MVJPgxV0NObMgddw//iWHWGx
fMG6F4KI28R7L0asa/Tpc982GaisRZQ/MC5WPJamE7ZIIAA95lDEXqnJXOKTG4GQ
NNtmTYN65JC+lAkGKOV6ZwagxgWCRUAHWQk6WRWNY9uyD5cKHCpZz+Qi9JPwcEXn
iWQ52795aEUTT1ehZZgXU9hjVRSoGzXccvS/ZKw4X1Au/Cgux/hupagIMeKVk/Lt
8KkS5QNOIgDD3plK7qGs57ZzzC5bG3Qj7A5fqfbLB5fyxhNOtFg=
=pAEG
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/Yl1pleHXpcBxomkj%40itl-email.
Re: [qubes-users] modifying Qubes ISO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Mar 30, 2022 at 09:20:31AM +0100, Mike Keehan wrote: > On 3/30/22 08:46, haaber wrote: > > On 3/29/22 22:55, 'awokd' via qubes-users wrote: > > > haaber: > > > > I need help to modify the Q4.1 installer ISO file. I did learn how to > > > > pack & unpack isos. That is fine. The idea is a new install on a larger > > > > SSD of Q4.1 instead of risky "upgarde" tentatives that finish less > > > > clean. (benefit: if it fails I can go back to running Q4.0) > > > > > > > > 1) I naïvely placed a new kernel in /extrakernels but that does not seem > > > > to impress the boot-loader. I find no way to select which kernel > > > > to boot. > > > > > > Not entirely sure what you are trying to accomplish here. A Qubes 4.1 > > > install ISO with a newer kernel? Can't you install 4.1 with a recent > > > prebuilt ISO and update the kernel after? If it's due to hardware > > > incompatibilities, I've seen some install and update on one system, then > > > move the hard drive to the one with newer hardware. > > > > Thanks for your reply! Badly enough, I rather need a "kernel downgrade": > > any xen kernel 5.x will freeze my Q4.0 system between seconds and some > > minutes (a curse on Intel and Dell at this point for selling shit at > > high prices). So my qubes runs for one year now in a "disaster mode" > > with a 4.19 kernel for xen, and normal 5.x kernels in guest VM's (mainly > > debian). The same happens when I try a fresh install with Q4.1: install > > attempts with the std ISO fail 100% by system freeze before finishing > > installand leave an unbootable SSD behind. > > > Hi Haaber, > > I used to have similar freezing problems with 4.0 on my Dell laptop. > I found that it was due to an upgrade to the intel-i915 driver in X. > Replacing the new version with an older version cured it for me. > > However, I've had no trouble with Qubes 4.1. > > A search for "linux xorg driver for i915" gives some idea of the > problems, but it is all a bit confusing. > > Mike Does using the modesetting driver instead of the intel driver help? If not, please report this as an i915 kernel driver bug. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmJEm/wACgkQsoi1X/+c IsG+Uw/+MqgJ7SfFVQDF8/TDQsdt/FJgP8Aiugoc76neJicqKrK+R94NtzkuhKDb k+dTwnrIDKWqB38zLsfsglgmEt2/Skita5nXvLysqQvPVvur3wIyCTnaU3cHAFIB MgyHT01+AvVJec89LeKXjmk4kX83Iux9sQ+TniKuQSuFHd3oKQJFugtxeiLj+pbu 88j0Jg2IEP8ICGnwx/EsZbCbKgAkQmYq31Pavu4zlUZYSao1waqK3NM+pKHGuxAP to5Hj4nkbEEiOVNDdnPmvsCw32RJmboXU68iqo0bE5Au/9q70FiuNV9S4hS+/5QJ z1wVwLX0iyoqNDNowBLxytC9IpZ3tQyyIIL2MQQvXi8fTmrNMbMs/2nXzzDpXGjC RsDPfKyCgGEKnQW/RRuMsSVeIL77AeT0SwHG8c6evvf72WSaXAOf23keMewaLZzf uGgH43K7FcandBySoWaQTRpvxiTFtpID4YS/p8kVitN13ZPN7QasocYXiPau5v6x hu/2UEKkDu2249fJnIsgY9RexQRbyerukJ4fvSjNOz3aIp7kQnH9lNjl9NJUW3c+ vVo3aNsCiZdAw1jNu1XY5Hh1q69UneR1JOh37gACy/l6KHwvQebBu9HcsmEwqmXD bxzTxAXbPIjHc/rDRR4mgI3BDcpV61JE2tTgOH9HBz4jv+SP8LE= =Ii/V -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YkSb%2B2fWM21xok9L%40itl-email.
Re: [qubes-users] Qubes 4.1 & ThinkPad P15 Gen 2 (type 20YQ): Help in Remedying Reduced Functionality?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Mar 24, 2022 at 04:01:25PM +0100, Johannes Graumann wrote: > > On Thu, Mar 24, 2022 at 02:38:16PM +0100, 'Johannes Graumann' via > > qubes-users wrote: > > > > On 24.03.2022 13:39 'Johannes Graumann' via qubes-users > > > > wrote: > > > > > > > > > > > > > > > > > > > > > On 24.03.2022 12:16 'Johannes Graumann' via qubes-users > > > > > wrote: > > > > > ... > > > > > As the laptop's HDMI port also does not work (likely due to being > > > > > hardwired to the NVDIA card), I currently have no means of setting up > > > > > multiple screens. > > > > > > > > > > I want to use Qubes and this machine as my daily driver and non > > > > > functioning dock as well as the lack of a multiple screen options are > > > > > show stoppers for this. > > > > > The latter is possibly fixable through NVIDIA support in `dom0` and > > > > > that's what I'm working on next, but I would highly appreciate any > > > > > hint on how to get the dock working. > > > > > > > > > Installing `kernel-latest` in `dom0` (which currently brings in 5.16) > > > > and setting graphics to `discrete` in the BIOS renders the on board > > > > HDMI port active. `Hybrid` graphics settings results in a black screen > > > > when the display manager comes up. > > > > > > > > Still having issues with the screens only being shown mirrored, but I'm > > > > getting somewhere. > > > > > > > To get the multiscreen setup to behave properly, I had to switch of the > > > compositor: > > > > > > ` Q → System Tools → Window Manager Tweaks → Compositor → uncheck “Enable > > > display compositing” ` > > > > Does unchecking the “Mirror displays” option (in Q → System Tools → > > Display) also work? If not, that’s a bug; please report it. If so, > > that’s a user experience problem and should also be reported. > > No it doesn't. See https://github.com/QubesOS/qubes-issues/issues/7373. Does > this serve? Yes it does, thanks! - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmI9+vQACgkQsoi1X/+c IsGgOA/+L2Dww5MWG8Vw6a6s9T76c2CItOFBEpLLSDVnhIizxQGLa/rVxvzLdOKs /fYYoGaMkCGkYwc3YwakCoODUkZ9DGWqHOFJBZqdz6We1mUlZJEAjgRpfSEimy4r cQ6cFcHoSAMtRerls+y4K3XHiKPQRn97+hh7qNt0X5gPiebV4xXpvgZgZbG3v5Ot 1aBolRwExDj7LRVDqO+pXFk9pkGbij/L2gMERNHcdYZu2Jh1YWHT351vLZCiOOkt tyM7nBULryyv2t8MqbZlcDGvkKlPGcYLgRa4fxSBH2nRJ4td7CYkZEiM7EYHIlB3 ToFRw4V2vh1rhyGP9JMwTvHzlryy0oTPFUKCVpcBnXuJ2a/jMk8fhNmejPT49epF r1Xqkcex+5YZqaJfSqMwbQ4d8L249lEClYEyGxIo/+IXLQFWpEl34R/x/467/w4h gVFnDBfgjHNZ0eetWE545yt+84qEmqosEcfTJkGC/6HS6vFVq9kH0HuljPRCjhUd ZmN5b88PZRFSa51umSbaeGibDuLtFxM1oqltKZqEL2TZn0vwhLLKCTMhxlwZG4nw jrr3ulDSddqIyKJSfZGCV0bnaMzcX//yNQk71OnPRN6jYMXXWLrWuQo5oiZ3OsBz qmFKNXiIW476JNcvwy14zUIAPKbuF2ozKK5nUANkpSj/HuHnxyM= =6yus -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yj369X0M%2BlJtAyq8%40itl-email.
Re: [qubes-users] qvm-kill -- bug ???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Mar 25, 2022 at 03:00:58PM +0100, haaber wrote: > Hi observed that killing sys-net will kill all VM's that depend on it as > well, which was not the case little time ago. I consider this a bug, but > it has maybe some intention?? Thanks for comments. Bernhard It is indeed a bug: Linux’s netfront driver failed to properly clean up when the backend dies, causing a kernel panic soon afterwards. The bug has been fixed in kernels from the updates-testing repository. See https://lore.kernel.org/xen-devel/20220220134202.2187485-1-marma...@invisiblethingslab.com/ and https://github.com/QubesOS/qubes-issues/issues/7257 for details. Marek, time to push the fix to stable? - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmI95fIACgkQsoi1X/+c IsFzlBAAi8wFBs3zTvFbbVn4Ue8VQww3PTV5nv5I/gBcp+HJJ9GQT0t0ho7Hqy3r ElOoaXZ/zw0NFxZ+6Gj6itk0+BdTIMBSq/xN7kXha69GEmMIWTRLdtIZKjXrqv6L 2/28tpDmiwUzIfsLMyF8lc4WMoedJPyAjsauz1WuSa/BmDPsRN9JsAKebvBgyZek 2tSRGNheBk1mqCWklzi0AVfm46b+YgH5EOQQT6/VDKan4DSFuuVt5YQkIg82lUC4 oM6EzXGqnwt1NIjmEA5FPoP34dv0N6UKLWpTXk77mPO6loCIjoBHeQhPMvzJIopn zKWGpGqgjhx6R7F8qfrkS8EJnS13UncA7dxTpqIf5zl+bT/SYgJhy25lAPCmKoQr hvEVB7ig1im7fYJ9bmLW2C7C5nbmP2ViNb+D/DSHERxWlJjZVTnmzzLue7BB211p MeHEFIZFEp3+2O9KVFpNojN1fWl1I4pmx2V5cnbCE0ufpO3wuBVjThyDa5Gh9Ud4 ufQdXEk28BKcWTqhNINQiUypTz2V2aM9rjqv+9Z8/kR28Tkvujtb0nQe+crOClzH BNtJUsvM7M3GUBTVczmvSSbnEikzRaQiMWyFWo+uexPLGXpdsc0fhAn2dK8b581L OGDn2tgJKcZswUTI2GoETOG/YwZQx2eV23bdZ0lgaMfUCouM7lw= =v9iY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yj3l8mX9nn7BRhCs%40itl-email.
Re: [qubes-users] Qubes 4.1 & ThinkPad P15 Gen 2 (type 20YQ): Help in Remedying Reduced Functionality?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Mar 24, 2022 at 02:38:16PM +0100, 'Johannes Graumann' via qubes-users wrote: > > On 24.03.2022 13:39 'Johannes Graumann' via qubes-users > > wrote: > > > > > > > > > > > On 24.03.2022 12:16 'Johannes Graumann' via qubes-users > > > wrote: > > > ... > > > As the laptop's HDMI port also does not work (likely due to being > > > hardwired to the NVDIA card), I currently have no means of setting up > > > multiple screens. > > > > > > I want to use Qubes and this machine as my daily driver and non > > > functioning dock as well as the lack of a multiple screen options are > > > show stoppers for this. > > > The latter is possibly fixable through NVIDIA support in `dom0` and > > > that's what I'm working on next, but I would highly appreciate any hint > > > on how to get the dock working. > > > > > Installing `kernel-latest` in `dom0` (which currently brings in 5.16) and > > setting graphics to `discrete` in the BIOS renders the on board HDMI port > > active. `Hybrid` graphics settings results in a black screen when the > > display manager comes up. > > > > Still having issues with the screens only being shown mirrored, but I'm > > getting somewhere. > > > To get the multiscreen setup to behave properly, I had to switch of the > compositor: > > ` Q → System Tools → Window Manager Tweaks → Compositor → uncheck “Enable > display compositing” ` Does unchecking the “Mirror displays” option (in Q → System Tools → Display) also work? If not, that’s a bug; please report it. If so, that’s a user experience problem and should also be reported. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmI8eZ0ACgkQsoi1X/+c IsFmOw/+KwMKEu5zSvzHseQdcPnuoVYM46/DgXge/Zgs+sm19HTcaNH8VXwgT0ky MVAvSZeN3epTXM23I1uaEC9ZNYT4zxUfb1i8IG2Uk0AXhD9lEeGBZaiYlpslSCid RzHDubzJJYuyxmQ6guo9tSfoqocbz1E1/ZrnQ5C2a6dMGVL9APeYfv+zYPxK+LtH px4TeDY5648seTCNv/r9LJR5PMGtgkyzhW7N+AFxehhloIjLVfSQxTkICVe1EAo3 EgoSVEdXVjEu4lW3YMk8XJf1+hUM47ldGC8iy/K0vbAGpAmqI3uEB+obfd4+6C6c 32v64AhwV6b1Ly/4I45Jl+Cg77uWwbnlZ3bA8nR4IyUF8dHVMhVQB+i+eU/vJIkv C4I9+HuwUiYkRVnwaIwz8SNYjgZEuI6v+gPhD32tOrM2QdmYnNvAnNESIxEwzFpY v5//GLLaoI2jf00R+Cin32FTAXk3bPWTm76BMt+hpBUhLlOENSLeO+v00A54McP0 M6EZ5nCcAyGU2wi+zomBmFVIMgVblFj+vzRVGwfwECU4uKp8J86At7eegI1BHaz7 HpV+TxcrEM1DJsxyQcWBfnYQFi1ouVOtZMd/t03zaK8ct+nB/gvp9phXkgVxgIJg T2hzntBTNZIb8iAPucsixRzFde1eLaPyw+Hcx88kY3O2aGbWbAQ= =hrYN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yjx5nUCZLBhWN9F1%40itl-email.
Re: [qubes-users] Isolating USB devices
On 3/22/22 13:21, 'Dan' via qubes-users wrote: > Hello fellow Qubies, > > I have my USB controller (the PCI device) assigned to sys-net because I have > a USB-Ethernet device. I also have my USB keyboard and mouse in sys-net on > the same USB controller, and the keyboard and mouse can control dom0. My > system has only one USB controller. > > I want to isolate compromises of sys-net. Would there be any advantage to > creating sys-usb and then attaching only the USB-Ethernet device to sys-net? > My USB-Ethernet device shows up as a device in the device widget (currently > under sys-net as described above). > > So then my plan would be to put the USB controller in sys-usb, then attach > just the USB-Ethernet device to sys-net. Would that reduce the ability of > sys-net to compromise the USB controller and the keyboard? Perhaps? It depends on the specific NIC in question. Fixing this properly will require switching to a unikernel for sys-usb. I also suggest blocklisting the USB Ethernet drivers in sys-usb’s template, and loading them manually in sys-net. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12660ead-9f36-5a41-d6a9-200310889899%40invisiblethingslab.com. OpenPGP_0xB288B55FFF9C22C1.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: [qubes-users] Re: Qubes 4.1 qrexec issue?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Mar 16, 2022 at 10:02:41AM +, 'taran1s' via qubes-users wrote: > > > unman: > > On Wed, Mar 09, 2022 at 11:20:53AM +, 'taran1s' via qubes-users wrote: > > > > > > > > > taran1s: > > > > I have an issue with Split GPG as well as with opening files in the > > > > disposable VMs and with the qrexec in the guide How to use Monero > > > > CLI/daemon with Qubes + Whonix too. > > > > > > > > https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html > > > > > > > > > > > > Split GPG > > > > > > > > Opening Thunderbird, I get following errors in the notification popup: > > > > > > > > Denied: whonix.NewStatus > > > > Denied whonix.NewStatus+status from work-email to sys-whonix > > > > > > > > I have to as well make every gpg action confirm in the Dom0 Operation > > > > Execution with Target GPG backend. > > > > > > > > Using dispVMs from within AppVM > > > > > > > > When trying to convert file or open it in the disposable VM from within > > > > the normal AppVM, I get an error popuplike : > > > > > > > > Denied: qubes.PdfConvert > > > > Denied qubes.pdfConvert from work-email to @dispvm > > > > > > > > Any advice appreciated! > > > > > > Is this mailing list still active or one needs to better go to a different > > > place? > > > > > > > Still active, but the Forum has more traffic, although it's often low > > grade and noisy. > > > > On your questions, the first looks like a Whonix issue - Patrick has > > asked that Qubes-Whonix questions be put in the Whonix forums, where > > they will get better oversight. > > The second looks like permissions - look in the policy file at > > /etc/qubes-rpc/policy/qubes.PdfConvert > > The /etc/qubes-rpc/policy/qubes.PdfConvert has allowed anyvm to run > PdfConvert > $anyvm $dispvm allow What do the files under “/etc/qubes/policy.d” contain? R4.1 has a new policy syntax and the files are located in a different directory. That could easily cause denials. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmI4jTgACgkQsoi1X/+c IsGQwBAA0qZzYydofkEOcKdahuyyRzlYAr+n/V07TQEtfURAsbdpJvdu8d7/G1je U5kcwLbjPyr+auHGZ1xqytwxyT+sRVD9YIXYoBscKyirf0uQzUuNxJI2IywxhOV4 Z8NDt6xsithbHL4ia3VWMNRv6MhDxmFOEI3Qrx4QcLwiBFp3WHm/G+1LYTSBSGjI VEHmeeyT3ZEDg16sNeAHQCLa+lgEawTvcf3i55B8W39wn/48zaQ22L/aCqRJ9Yc/ kUgV86LE1BanLX8w7fQN6qXth0++taG1tsoCyzeIL1iHCB2vax+x03Km6Q8lKxAT DJYxVC7qbmHsHsAIaU7JgOrEeIfj6xvjO2+1yCb124wx2eO1AmcyylbVApZXGzkV zOcWly1zQ04QjMiBaB8cOxnm18djomVoQpS+WQDtrcQ38VniDTI6d6tCfjknIbym Hfxot70Q6IE8Bz8GcfsGASFFVCM68FSMtXTTbV/UUp+FJN1csXTlJ2PNGbTFMjuW W7V3ucIdH4eyTBJo3VKYvO4JgPKACvS+zjzRxNQLN+r+SXQl7bV0rvl5LQHvQwxo uqmc7rff0iA1pXHv1Iv7ivC3HJG+oo+JcX25zY8m7U2UB+6txFuoxPOJbBrTf/+Z df3fXrLqHB23IeE99Yx8Y9B/Ccr8zsOcr50pQKw/bsPAKC11tg4= =GFsR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YjiNN9MjLND2gGNG%40itl-email.
Re: [qubes-users] QSB-078: Linux kernel PV driver issues and LVM misconfiguration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Mar 13, 2022 at 08:13:39PM +, 'awokd' via qubes-users wrote: > Demi Marie Obenour: > > > > + # "r|.*|" ] > > > > > I see how it allows crypt-luks volumes in general, along with nvme, sata, > > > and raid. What does that last line allow? > > > > /dev/md.* matches devices provided by the Linux Multiple Device (RAID) > > driver. > > Thanks; I should have specified what does "r|.*|" cover? It is a generic deny-all. LVM sadly defaults to allow-all. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIvvdoACgkQsoi1X/+c IsHd0BAAq9qJP3HO21+RLlblBb6o0f9s4QB2G048HHv0bYNRJQ3Ndexp/qurTWaj LRMaMG8wAAAJQ+1eR5cfsBHpbPSid3h/wby6TTQEyL3rZDoF3EQCzqbv3IilCePq 5r07JXAOnXHna4X2iqlGgliCIf5tBAIpN0ARs013wWi28Gb8v5+/9KiXUNniwacE y9VbyTZF9mrNO1QR/8TjZCNXSwue1qqvNTH54c5d+U6nilnJDHdYxNCvno96apPQ XWtE9wBTCPFaHEstHXUlxU3Z1ocf5B5U/6utYgP25u8mstTnY/FY3f8JWQUKfxAn t7Vg7LfZ/dEXgg3ptRlNV3q379ZWJF+OnNuM/oZgOTbjEAXjzPyf1RkzadZukO1E 4+3u/6IRQbSPmNbPYdfkiMuLMqNi0IbRT3NXWVvVtJ81lXbG42psIj7cFvIHTvvd 7CaDy3G7GqkmY/yE+G2dM/Rx+JYF+ySYs25xSDCq7QNgOHnFGcbwwT8LGurbnmd5 pxRAss6PfoNXQe+//rpiBhb+oT0wlVfez3ZTdKl21gLWmZ9+kQhyX5hDLY5ymZD6 dvw52AqH3+YVcQbrRUmZtEgbo+ZqiIs9EdE6BJvyRMhySpYoMoW06xZeI8JmbzZo 3xifBwTVOLv/DYW2V8sso8qHMEhSAI5EMc0KF18ZZgYH4yQww9o= =S/o6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi%2B92ow7Fdcywdmh%40itl-email.
Re: [qubes-users] QSB-078: Linux kernel PV driver issues and LVM misconfiguration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Mar 14, 2022 at 06:12:44PM -0400, Demi Marie Obenour wrote: > On Sun, Mar 13, 2022 at 08:13:39PM +, 'awokd' via qubes-users wrote: > > Demi Marie Obenour: > > > > > > + # "r|.*|" ] > > > > > > > I see how it allows crypt-luks volumes in general, along with nvme, > > > > sata, > > > > and raid. What does that last line allow? > > > > > > /dev/md.* matches devices provided by the Linux Multiple Device (RAID) > > > driver. > > > > Thanks; I should have specified what does "r|.*|" cover? > > It is a generic deny-all. LVM sadly defaults to allow-all. Marek, should we patch LVM to add a trailing "r|.*|" if none is present? Not having it creates a vulnerable system, which is bad. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIvx2oACgkQsoi1X/+c IsFd5RAAk8Vi3MeA/J3uEgRwfFdZDhUBTO7e17dRl0IP4oIjNXW70axe12n4mGGE ddByGs1dFF2efilzesm1A6GBjQeUNWqO1wKNO3lRvrtFuct8oHeWcPMZer15Kyjo BHBzok2vCT//HJ2atSG1tlB9u7LQ3EcDl42NwPBLtntUtQyV+blOBg2wHqfIcdQV Wca80Ev20t9YhxrerFsDkFIHyvEEkXjvI1hQVKQq8NtXQq1DziIyvAHgkLlMhtr8 8aHFthIbG30pp7m5e83jLqcLk1TKamliQZNIQvjbx0GeZxExEW/ob/f2xp4jXz7Z HYAjxBUc8+fsCKy5sa3uZHtHx091nakjAH7CDKZopR1PJzWzgmGIVTaoHksNzqZh sVrxeQ+OvSQwcTJgltHnAUDEx85DZrGt+0GMBCTc64dSD6oVas45CWKITkuXU97v LYChsyqxUb1vJBmxUjm0ZkaFEzShDHu+tEkfl8RpNQ9W/B9hKpbdRYY7c+xYnzXr mGp3GzrwjKsUTcEuZrinFJaxlMaryQuWknSUQ+YznuH0GTcPfNk7TgUAug1O0CvH Irzbzx1XUVRXCv2n734JFD+NjZm6HxN/7hyuRchi+prJFPjwv6QHD8BJcRWIVDKP vgvbf3ymEIF9SxjTbIz5MLAs+2YJBlA0cmNgtxgWH8RRZp1j/iI= =woZS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi/HaXRXKMWxcZcA%40itl-email.
Re: [qubes-users] How to use optical media (audio CDs and CDR, DVD, etc...) in qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Mar 13, 2022 at 08:10:23PM +, 'awokd' via qubes-users wrote: > Peter Funk: > > > So for the moment I've given up any hope that I could use my builtin > > bluray drive of my laptop in Qubes-OS to work with any optical media. > > > > The next thing I tried was to plug an external USB optical > > drive into one of the USB ports. > > > > This also appears fine in the device manager menu similar to the builtin > > optical drive before when I put a audio media into that one. > > > > I can assign this sys-usb:sr0 device to the qube with the gnome sound > > juicer application installed. > > > > However this will not work either, because the virtual block device > > (/dev/xvdi in my case) appears not have some magical properties of > > a real audio cdrom this application seems to expect. > > USB drive may be accessible to apps run within sys-usb, which is a bit > better than running them in dom0. You might also be able to use USB pass-through. That said, is there any chance that SCSI pass-through could be supported, Marek? - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIuUIkACgkQsoi1X/+c IsFLPBAAxB7TOWIODf5PVXScGPd+e7zimCrpmS+Js4D2Ips+rIDEIkSnYfe9wYVc 9yxC/9DrQ4YETLHnRFQrQl1SBC74McDHn8fHTD6P3ZD4AsBR2QdVlr9Tmi5nyx+v hwiIiYRvYrhg+GzGKhAZEsSDQST+FUDu7QQ3hNaY/um39U/J6y4BsC9Go3Spxr56 6Xhpmh5feAuB2zTqGRX8CBPABryDB45nTWXIfdugQCisG7pMiN8t8QMDN9gHeQcm pZJXRHi5wBN4GOnzKAybTV7QaEnpDefqMevRMiL8ZPZr4udEnCfXfBuX1X7IOKCK 9+T50q8Q3hGIcAMHcyEqPzMLL1Xv0rsCyqLLKEZ9OtjQORhYc/k6SEduvtlqVrEB 7amD02hFQvIRbgznk3EZiUn9C3sMJN+oinxrTGuhsPN13HMZpKgUG6BMOYKhIpBt HHDGn6XavSLa32j/FrG4FciXaDZWw3CYTUx7BqjgV/RhV2QLsdEAJZ4oFqGRSnoi TEqkkVqfd2baEYVxJp1ey7UncR8EowV92lcPG286YLLQNJR1HMGgwRKcACzbDKrW B0OstPVRQ+fCoLgRBSwMo9bDQkgdRhFVk4hbHnrM8iHZQv61MyfXqX1eI3eAU5hL TiPhBEqprOHmuAsp7mVQlOh4Tv3xsacC+y2BVvX2Mx4VK1tK2Qk= =NHTL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi5QieYQO4LoMtbJ%40itl-email.
Re: [qubes-users] QSB-078: Linux kernel PV driver issues and LVM misconfiguration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Mar 13, 2022 at 07:46:12PM +, 'awokd' via qubes-users wrote: > Andrew David Wong: > > > In addition, advanced users with customized setups are advised that the > > LVM patch changes the LVM's default value for "global_filter" [5]. This > > means you must ensure that the device that contains the LVM with Qubes' > > rootfs is allowed, or else your system will not boot. > > > [5] > > https://github.com/QubesOS/qubes-lvm2/blob/v2.03.09-2/lvm2-set-default-global_filter.patch > > From looking at part of the patch: > > - # global_filter = [ "a|.*|" ] > + # global_filter = [ "a|^/dev/disk/by-id/dm-uuid-CRYPT-LUKS[12]-.*|", > + # "a|^/dev/nvme.*|", > + # "a|^/dev/sd.*|", > + # "a|^/dev/md.*|", > + # "r|.*|" ] > > I see how it allows crypt-luks volumes in general, along with nvme, sata, > and raid. What does that last line allow? /dev/md.* matches devices provided by the Linux Multiple Device (RAID) driver. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIuSpEACgkQsoi1X/+c IsGpDA/+PvefYI7ea7y4MJuOahKdTidj6q0ohF/rvPx/CeVmCHVKROnLzKPVMpk3 FzmP72JAcd4ad0Wg6Co3pCgpVk0hNqX2hners+Ve23Krjmh1V1c12JrjzcknpAOl wl5qtPTaFnsSXHks85a9qphR0ff4mwf7OB3DRX/CEioe7bfCjMQ8vfgv8HXCQdsR +A0kHPNG0toL9KHRWCXTsF7oDaaiVsK3jMf17sAHmLV67xrhq76JPT3YD5vB32Ce qMo5DyBGjDuHRFK1MGdMx16MhbCDyLlYw9eUB+cJ2sR2C6wZD4dLyplF6JychfhV VBaRvbOpnuqX8RcPj1KhiJOfYiIBCQ6mJzXjXxSUY6zIE2baTAXxGTEbUi31FBSH N1zpMn+KCbXMgsYkSvifEio79ipk9F/lzv4D7HxDt+dh8L8V+Og1cp6UP6Taeyrz o9/XrBtQYkrPk++aGfjmFvG4+QHY+4U0l6GehFHtKDEoNIX6dXdqCIj4gZiHDf9v PYW7F4/Vdppd2QEONpzTErcpLkuUOvYCNmKK7L8v6UpFkxfFrGmT1l3OzNxprpVa HJPFmgx/qw6GkcPiD0UO71IciRPwvWQ38+045fAuuuMoUX9JDvvP9dz72cLl5z5r HOKmuB89eBepZ+GCU8Iqi+rJjPAKWyF8XZJ8em+N3UdVrCKi5rs= =joMG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi5KkUDlSNO5Drbg%40itl-email.
Re: [qubes-users] modeles & firmware packages for the kernel-latest packages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Mar 11, 2022 at 05:57:46PM +0100, 'Johannes Graumann' via qubes-users wrote: > Hi, > > The wireless card in my new machine (AX260) is reported to only start working > with kernel 5.12, which means the stable kernel is not enough, but the > kernel-latest package (now 5.16 in security-testing) should be fine. The wireless card is handled by sys-net if it is a PCI device, or sys-usb if it is a USB device. The kernel and kernel-latest packages provide the kernel used in dom0, which is distinct and not relevant here. You need to install the kernel-latest-qubes-vm package and set the kernel of your network-providing VM appropriately. > I am wondering though where to get the appropriate firmware and modules > packages from ... they appear to be only available for 5.11 in > security-testing. Kernel modules for dom0 are provided by the main kernel and kernel-latest packages. The firmware will need to come from whichever qube the device is attached to. > When I tried kernel-latest yesterday (it was still 5.15), booting worked just > fine until the login manager GUI was supposed to come up and than the machine > blacked out, which I assum to mean missing modules? I am not sure. Do the system logs from that time show anything interesting? > Thank you for any advise in this matter. You are welcome. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIrqOAACgkQsoi1X/+c IsELSA/+IYtot7VnqOsgMiIAezSUR4DtKcb2VHZSqJAhc6Cv9bHff+0iroL7iexy otbDERGqhyzCoK35EuX6uHNSIU60UHMxnhWp0i5cOXLVTRuOa1tRLQR9WJ63jaGz SJ0Nqc1GFw0UXAT4jcHJ0e+MiWFE2mmYjQ1Xe7eRQzW5KB0oM2NwYw3Udh89XbIe ZLJw6l5fnW/8TXFe4KvFAvT9YiLDYxbAUWpfa0D92guRqYx28CxyKPnONOntAxZ0 HgRDyP9uuO4u3SYsZ1rMCbr0OIxfzzVPNV0pZyp6Y8VS7t9B5AHtAjWfFqiS0EZg SSergQjPk81DReRdilMpFRVg1tB/rS0oUErz5OqL6jfbtRvYPZ2Lt4H/V9iU3nKe 0aBwDqRP1LrhLfmrZHjVzw8v6/4uTA2A8Ii41fRuZwuM1hx+d/G7vQ3v3T2C4Xiw eY6E1tpAEMtrWc1R0/A7FSqRhwo1bp0SBMeZGSQQxWUXy2tArIwXKNwHcOc7/37M KhxuKprkS9IRvEK8QuC74XUE/HWpgmldTxhGKPlEpPdq9VJVaPOrDA0FlsE1RGrQ 0Ref984zd8QEypkT+LkQZgDAEBuzxKJ1v9xavkx+SmhUGq+CQ+mOhUC74PeKNbSw xje107jBr14kI8G1464g4SILLKYFGMgPSXx8ghqeoyaLCLvMMUM= =oDvJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yiuo31QjIIRI6VP6%40itl-email.
Re: [qubes-users] Should the footer at the bottom of the mailing list be deleted?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Mar 10, 2022 at 01:10:36PM -0600, Eric W. Biederman wrote: > Demi Marie Obenour writes: > > > The footer on each message is rather annoying, mostly because it breaks > > digital signatures. Should it be set to the empty string, or do its > > benefits outweigh the drawbacks? > > Doesn't it also break DMARC? I remember that was a big fight 5 or so > years ago to get all of the mailing list software to do something that > was compatible with DMARC because all messages that came through > mailling lists from a source that enabled DMARC to a MTA that enforced > DMARC were bouncing. I suspect Google Groups deals with the problem by mangling the `From:` header where necessary. That reminds me: Marek, should Qubes OS have p=reject? - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIqg3gACgkQsoi1X/+c IsFswRAA3X9KucHeAu7p+6TspfWScVrfyCRQ6lgcBiYG7PAoqk1My8LtogGJR2O2 BSYJPVPZCiI8/rN2XPwyeN9iihbaCUgN9IQoaSQXBQJO9z1obr7q4VErBQOEyK86 VqAKHk2VrMbJ2GTJ6mA31xAmQruPGzaYAxfMZmgA4bvs8spm36U6ANbSpxqjvz6R QDnqQ1+nN35qcwYLyvCi4J9LojcPW26mrc12BAdqlgpZq9qfs7PzflR+EJBaH20E gVU81VFmR7T5dnVAdVYoBgAA468T+JKqg1fGXRZr72dry5WOUxAsByGXtlkOYoPy BAJA81N1Uto4qUGIaCcpyYXp8eK+vGhKUXYkJbE0y3NSKWzGPNFUQAce+0lBu/TQ 0riuasJtFUD/EaCpVo6vByJlIoSmjbMSQbn/z08CeUYQMOK76sFV9Ox9VmNJOozg qy8yiPDRFSKacTQnkjsg21qg6aAC2reei3dJt3tx4cN6f63uu8x8qYoSYBxmXOQ8 tf2jJe+O1QN1JhG47HOucbjfoal96ZDxdxyY2zsSDXnLkYug5XJGW86Iw/p/aFJx +jttydCAaaF/d3Cw7Ip8a7+m0hTC0dtdChoRXdCLKWuKB2xNgWHr6ztxOcMBzg/Z wK6OC/FVGHRS4cAOFaIEuUhawtO+O4zFeKKv6pKvnx/cZSmYgf0= =tOeR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YiqDeKK2USDTg1Eh%40itl-email.
Re: How to use "inline PGP"? (was: Re: [qubes-users] Should the footer at the bottom of the mailing list be deleted?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Mar 10, 2022 at 12:35:24PM +0100, Peter Funk wrote: > Hello, > > Demi Marie Obenour wrote Wednesday, 09.03.2022 16:33: > > On Wed, Mar 09, 2022 at 04:25:11PM -0500, Demi Marie Obenour wrote: > > > The footer on each message is rather annoying, mostly because it breaks > > > digital signatures. Should it be set to the empty string, or do its > > > benefits outweigh the drawbacks? > > > > Looks like Google mangles the message in other ways, too. In my case, > > the charset is changed from us-ascii to UTF-8, and the > > Content-Transfer-Encoding header is removed, with the `=20` at the end > > of one line being replaced by a space. So the only solutions are either > > inline PGP or to switch list hosting solutions. > > Where can I learn, how to use inline PGP (GPG) properly in my messages? > I use 'mutt' as my preferred MUA. Use ‘p’ to select the PGP menu, then select “inline format” and “sign”. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIqguQACgkQsoi1X/+c IsE4mBAAzByF24lzF5vheGsxTG65DB4XykyJgrdFRjEmO7SzfwxMDGTpiMqxq/Ly l+oYzBDB4thUx/qv23i+67hx14WiVDHU8VQFfSh0Q1DiWEHv3WOzX7zz1GF3QE3p Zv8ZATYaWIBlO8PonbnH3w2ZNjBUFOxsbEBBoCq6mYD7QCractKfxcpCf8XZKaFX v+rJgVNDA8yBPpWIrZzstSY2blm9nB2EA2Ly6eiB8g0L4ID+13GXwx9HEAnTTL7G quh9A1MnEmnJrpJBBUhrfIW7GM6qzMQtfksxRbIo3+oZUlnOfkDgsVA6JzxjZuW7 kQWHt0ZIJ77xyqPgGODUZF1IsTbOSC5kYyAkb/3l/whTDLtD/2F8nPZ8kgC0EY3z 0YG1nTQYbzOpKxcYZIQM6dZJPTbFKvLzq97HZabHhLDhvY+KF+v1AUxcSacWM3hm jkx/VOrrJU8x6TwxomxaXY2bEueq7RB6a1XHkQfE/v/0jFqxNLt+qvisTrV2DbU2 vSFDv/6mePJV+/MKYlMjwfQfNMNRtjEMJnWlI0dGqtSJ+ZGCXZc3IF63v+6S7txA b9ywfj/2m4tz66Y6VLqntv5SmQ+71BwIp4P3jFw30Gg5dPxhcEncp8LrMFebEI1W L+C57TW+QpF2vaab25KMw22uFdYSzVQBryfcpNoTvIpZwqW/+cU= =gZeP -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YiqC5K7DPkIjniOa%40itl-email.
Re: [qubes-users] Re: Should the footer at the bottom of the mailing list be deleted?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Mar 10, 2022 at 03:46:53AM +0100, Marek Marczykowski-Górecki wrote: > On Wed, Mar 09, 2022 at 06:19:16PM -0800, Andrew David Wong wrote: > > On 3/9/22 1:25 PM, Demi Marie Obenour wrote: > > > The footer on each message is rather annoying, mostly because it breaks > > > digital signatures. Should it be set to the empty string, or do its > > > benefits outweigh the drawbacks? > > > > As far as I can tell from examining the settings interface, it can't be > > entirely removed or entirely replaced with an empty string. Google Groups > > will not allow it. > > And to be honest, I think some kind of automatic footer with basic ML > info is a good thing. I am on a few ML that don't have it, and every now > and then somebody sends an email _to the list_ asking how to > unsubscribe... > Having a link to the message in the footer is also convenient sometimes. > Google used to put the footer in a separate mime part, which was > compatible with signatures, but they changed it. I have no idea what > other (non-self-hosted) providers do. Why did Google make this change? Has anyone complained to them about it? - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIpmEkACgkQsoi1X/+c IsHMXg/9EX/TSaQFvMTxI4LXy7OXMZJj92WjYEez7IA08k57NIz+Ti/bSZraR/pe hCxysxnRhqJ1S7r/Ap2YP/wV1BYnUaEBg5k8XdGiqFtU/WfGMk3Oh0fCNaq/tkm6 Fu2xrQzfHI5gsZC7gWXTIoIoqieJpy4UGvrTHmaM+E1AXc4A20VWBPAjW6jYS3+S UO1vTyWTbJ7t7BE1pVRmi5zEfkxR+/S8mH6icdil4E9Fl+6R6AAbEWrhDjcXbEAB BUjt8EPC/y6qvZTALLH+BvefOelTFlJyekAQowUFyfdrk+/lemmzMN+iJBFKcY+O v0NaRGWdBTtODLk0MrTmY0C4RWyXkr9Ka5KEPH5OVNtihjQAFH2GaPBbEoQ4yusn ElqdWf+knHi1p22LQ0gXIuSSJ/Zim3BkyIdLTpXZvPl3vI4WjxUv9dVu0mRbrQhJ TMgMDQxNIah/Z/k3IGxO8bd8fOwHnstb0zYO5yj5Jfld2Aw4WOoVwM32tzeYVoUL 6vdx1/Ew8f9nO8Uj1WHuTFGwCmeAaFg5MWWSDDYec1ZfuhoKzE2Y9QC9X0o17CrI dEC1iD/YRanquCMwMhO7WNGOjaHI3A+saA0hNAg/qf3KbfatOy7UzeIP7erTllOL rPDmTS64sRo803gFtrM52wGFbPiaSmUIH6X+h2AdXkYcVBWG9kc= =FpSD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YimYSSr0F58bKJH7%40itl-email.
Re: [qubes-users] Should the footer at the bottom of the mailing list be deleted?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Mar 09, 2022 at 04:25:11PM -0500, Demi Marie Obenour wrote: > The footer on each message is rather annoying, mostly because it breaks > digital signatures. Should it be set to the empty string, or do its > benefits outweigh the drawbacks? Looks like Google mangles the message in other ways, too. In my case, the charset is changed from us-ascii to UTF-8, and the Content-Transfer-Encoding header is removed, with the `=20` at the end of one line being replaced by a space. So the only solutions are either inline PGP or to switch list hosting solutions. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIpHTwACgkQsoi1X/+c IsHSmRAAw2exmoy38TFa+ZzBtAOl0qhxt5DlVRYN8ery1xODhN9tHG5ZBDAV4JdA hbMHhVZmMOVufb3SFVCGYBukiIuLSValNAeCMr1Ml6Dmfi3wONg5HWIvP9JVcrL0 29EXuFvAah8IpsS+kjti9f0opVY8XUFNgk6TpetMkt1B250P0IdLdK4qPHzXYlR/ O+VW7mWeVk6R803n+oWlHIyMQn8nJr0fN6QaMNqKs7iRY/Wl8GrKd0VSiYN5G+2n QQAXKPeBLmAwz4mBvGVlm7ulpttoksHjFXsDCCylFjWGpCrGhTJCKyRmaVrtyWBW 4oeXgmOBI8N1w9NqQ11fQPSyAbgaIQ8hU8YMV5XeOusGmYCquU2u/SswBPwPFt8c KqPvcnsxOL41cWTh5Z6MDtxd6X1HKf2RXzAAM1yJLOwXa54BA1Ybc/2dSWkRtp1U PvNrgJxl46SsBnzme6lTjm7yZ88I7iAcPbNl55e6PnjuvimIcqidiprCFyWFC9ox YsokpkzKbng39NY+UeS7nVBSSZe4oXaABkAxN8iMlv1kcjyHYnYxdUIJF0rdUmks Q1RB275a21Y17h+1qpr+ppfp9qRZn4Kz0NPhqDV9yhhzmCmohXnFB6aJ49iy6uYJ Py/JnUhfErKq42QlQ2qLV90xLnsK8gJMNVOGYuW2KUwHDGzFnBg= =XAap -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YikdPNrxf0twDLSq%40itl-email.
[qubes-users] Should the footer at the bottom of the mailing list be deleted?
The footer on each message is rather annoying, mostly because it breaks digital signatures. Should it be set to the empty string, or do its benefits outweigh the drawbacks? -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YikbOpUqba2VOTiY%40itl-email. signature.asc Description: PGP signature
Re: [qubes-users] Qubes 4.1 qrexec issue?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Mar 06, 2022 at 09:03:29PM +, 'taran1s' via qubes-users wrote: > I have an issue with Split GPG as well as with opening files in the > disposable VMs and with the qrexec in the guide How to use Monero CLI/daemon > with Qubes + Whonix too. > > https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html > > Split GPG > > Opening Thunderbird, I get following errors in the notification popup: > > Denied: whonix.NewStatus > Denied whonix.NewStatus+status from work-email to sys-whonix This is a Whonix problem I am not familiar with. > I have to as well make every gpg action confirm in the Dom0 Operation > Execution with Target GPG backend. You can solve this problem by adding a line such as: qubes.Gpg + work-email allow to `/etc/qubes/policy.d/30-user.policy`. Be sure to replace with the name of the backend qube. > Using dispVMs from within AppVM > > When trying to convert file or open it in the disposable VM from within the > normal AppVM, I get an error popuplike : > > Denied: qubes.PdfConvert > Denied qubes.pdfConvert from work-email to @dispvm What is work-email’s default DisposableVM template? It’s in the “Default DispVM” column in Qubes Manager. If it is “None” or “default (None)” you will get this error. Setting it to a valid DisposableVM Template (such as whonix-ws-16-dvm) should solve the problem. > Any advice appreciated! > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/3c5f45cb-0e56-5bb5-a4ea-f68d001e2856%40mailbox.org. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIpF/UACgkQsoi1X/+c IsG7xw/+NHkZRQNjCCVkXOGEEl4U686VFcsWPHXsn7XckelHDRTRfq7a70xzkDHS 9PzCwH3F7nnro88vJ0CF82kAqA/a8HfZ2OBEfvPa+VmubVX3HFW9hgIBiTUyuW4S SvGC2xrnsDfT/JUyyaNS6hldRydZPRMJq/LVEWgixoLZIxGpl00edGN7/QecAnm/ 9J5ml03pUVftRAsc10G47zEnZzFcz7/nTlVNlnXOAXiKlZ7xGkPv+8+vbDDjcMTt iKTNKorsbqaTyaJExdglpPMKmWGyxFgItyic50qMj27aDr00ymRfQ0yypPX66A3/ 1uyJd5f2Fyni1MvAY3KukC0ipbBs3EuXlNhBtN8W1cU5ZJkHFUU8iBgYelBHliTe cvimJCfB+6M1kDuYLztC82T8z3vfmNx2qJB+Pbtc8yEyu8b/NDlxjz763/z7kghk A6L/Nx1YKSd4WZv+NOWpWp/p5MvXa/imQ+XDBq5Ggehrc6NgZywjEWcJZrJb3sfW Rfr70sh7pPqq9vak3igwlf6bUvoyNICfe2lpclss6il1J09t2u1+krSFal1LjEoi Vm2o2Y1HqNPJG6SzRVFpITVo6U9Pi3VrKW7YHegrYXCO7M5Gbqvv4d9CmUhp8p8Q mG5DJ8xT54BNQItUaosbiy6RZPedYhvoJ+XrxfpUKm9d0ReKt/I= =Lf2e -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YikX9jGKX7e9bn5D%40itl-email.
Re: [qubes-users] How to use optical media (audio CDs and CDR, DVD, etc...) in qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Feb 25, 2022 at 05:54:17PM +0100, Peter Funk wrote: > Hello, > > In the past I used the builtin SATA optical drive of my laptop > to play audio CDs from my collection or convert them into .ogg > or .mp3 files. This was before I migrated from Ubuntu to Qubes-OS. > Now I'm looking for a suitable way to use the application > sound-juicer which worked really nice in Ubuntu. After reading > the documentation here: > https://www.qubes-os.org/doc/how-to-use-optical-discs/ > I'm now a little bit concerned that I might not be able to make > proper use of the Vendor: TSSTcorp Model: BDDVDW SN-506BB optical > drive built into my laptop. > > Any advice how I can get around this? Or do I have to hope that > a future version von Qubes-OS/Xen might include a driver which will > allow to run sound-juicer in qube (guest)? I wonder if scsifront/scsiback could do the job, were Qubes OS to have support for it. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIcJ/IACgkQsoi1X/+c IsGFag//dD5BdKS5fqxQ7s8rK4GwvFVSG8FUM9ejHF5kvaSPyk1rDFwTqL09p9mJ Fv530rtX5gQ8u+VoFOobXyjk5hcyln1IT6cGKngnUwBZdAaYVha8io1VE0JYpLoD Vo+wnT/TV+Il6SKmCXBtosZilGBWcEUYjGRBqVPq8Tu5sAitrHAsnKkR8tW4gT9N MbZ4Ft2JJYZUQv3+UKiUiyZUv89Y2xPR2HowDs0C5TsF5rGj7dV+6RyDR2v6+YCV AQz5hmxxWabP45cKN/7S9kbBiEDiVX2u6GoG8oQslG94zFnhFbr3/FCxeLaD4sY0 P1WfWC95wv1v2zEk6RWHeq4ook0dj0b8zY+CxVJG0RP3WwubdV3Yb3XMOQUKRNY0 4V2mXv6qfEymzZmCgXaQVvnaTLPvy8Awum3dgiYrdtj/ljlsuK7EKfPaqtj7blLw xzKNao/BT95YA8ZPHKxe971cUxPBFETC8o5tdm3rdRnrAmHyXi2L4ayCbAxriiX+ U/C8Wg93hCqV8rwOa9PZTMlC/p0RBxvGRKbNhvgCHBxzrjNkfAEtB4WDTKsYqFI0 L8XxCbfmEQcwbjJJBmyhWvMRR+D1gH2iNPYXt+LXDOn9ccH6v7pG79pnITPKFAt9 PXFucnfLvsRrqbkXj50J57D0600apL+ZzzjLXgEXdAyFGFyzb9c= =Idd3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YhwqGJK%2BDVobySHE%40itl-email.
[qubes-users] blkback errors in dmesg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Occasionally, when my system is under heavy load, it will freeze for a few seconds. During this time, the pointer is still reasonably responsive, but nothing else is. When the freeze ends, I get these entries in dmesg: Feb 16 13:37:23 dom0 kernel: xen-blkback: Scheduled work from previous purge is still busy, cannot purge list Feb 16 13:37:23 dom0 kernel: xen-blkback: Scheduled work from previous purge is still busy, cannot purge list What is the meaning of these entries? Is it a red herring? - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmINZzwACgkQsoi1X/+c IsF9eA//ZMJzvHhQ2Zeib7f0rortG4XF5cljT1QF3Dxtl9wALPZpW676mCVNB68E UJI1hvs/TY2NbICQgiyA06JUXAyt8wB57Spe7zMNacLxFbv1f4XcpvL9cHGF4SJU Gq4+O1R2sIAvEbRkI0KJB3JyvlVE878cCpUQdzqShKBqsJRLT+ves8yRuirskG8v EzWEzZImOT31X0Nc23m8XCqYOb6qDklOGFECcy0NrTE8pfelQK41HoIk3mE0Pa9G QQuqY20KN4P0GWIgNdO0GDF5np75VG/XzaX1yhdiE7HAV52YLZo2e+QT2rsPFhJk 0u+u+v1P0o5DWRZXwiBwUCVZF62XJJmrgHTSIZQwzGKRRQE8ndZEBkwLi4/9jdkO y9YmSbXGIG4WdQZGqnshe5W9UlC+hfh3d3olHgDXCGpJPh4EqcI4oFcrVHrLcxGP Mt6//Wgpkw/6i2MFxc9X14DLB9T9TJpecugORIRcD1AHJnocE/fpGNC/xagYiKhW YfESoR14l4m2llAMIHmBislqBRpntNOZyask2MHAFb9iSwp3PxqyI/hg/ysJJp3k 3U7jBxnxme+U4JhWDG4D9/RJG7vuXE83PKLIQnMJKaT9i1/Z2pwcQo3heQ42YFjj 6NKmIo9L9K6sIl41+4RfnlhV2hq+uCvReewnv0xoyWzQEqYRGsM= =Jjcr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yg1nPKwLwwFcmgyc%40itl-email.
