Re: [qubes-users] Debian onion repo v2 deprecation - any debian v3 onions alternatives
Not sure how to get the sources.list automatically updated with the new v3 onions. You can copy+paste them manually, for a guide look here: https://www.whonix.org/wiki/Onionizing_Repositories I didn´t even have apt-transport-tor installed in debian templates, but installing it does not add the v3 onions. On Tuesday, July 6, 2021 at 4:18:24 PM UTC+2 taran1s wrote: > > > unman: > > On Tue, Jul 06, 2021 at 10:00:23AM +, 'taran1s' via qubes-users > wrote: > >> I have my debian based templates updating repos onionized through > existing > >> v2 onions. Tor Project announced that it will deprecate the v2 onions. > Are > >> there any alternative debian v3 onions for debian updates? > >> > > > > The Qubes onion repos are v3. > > If you have updated apt-transport-tor, then you should already be using > > v3 onions. > > I onionized the debian and whonix templates long time ago. In my > /etc/apt/sources.list and etc/apt/sources.list.d/qubes-r4.list in debian > I can still see v2 onions only: > > deb http://vwakviie2ienjx6t.onion/debian buster main contrib non-free > deb http://sgvtcaew4bxjd7ln.onion buster/updates main contrib non-free > > Should I run sudo apt update apt-transport-tor in each debian-based > template to include the v3 onions? > > > -- > Kind regards > taran1s > > gpg: 12DDA1FE5FB39C110F3D1FD5A664B90BD3BE59B3 > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a2d92ae-fd28-4bfc-afc5-b49b092657c4n%40googlegroups.com.
[qubes-users] Re: Known issue: Qubes extension not yet working with Thunderbird 78
I just got a new extension version 2.0.6 in both my Fedora and Debian VM's. Doesn´t seem to have fixed the 78 compatibility yet, and I can´t find on github what is new in version 2.0.6. On Thursday, October 8, 2020 at 9:38:42 AM UTC+2 a...@qubes-os.org wrote: > Dear Qubes Community, > > Many of you are upgrading to Thunderbird 78. The Qubes Thunderbird > extension, which allows you to easily open attachments in DisposableVMs, > has not yet been updated to work with this new Thunderbird release. You > can find the details in this bug report: > > https://github.com/QubesOS/qubes-issues/issues/5861 > > However, while you wait for the extension to be updated, it is important > to understand that this extension is purely for convenience. It is not > required to do anything. You can do everything that the extension does > manually. For example, to view an email attachment in a DisposableVM: > > 1. Save the attachment in your email VM. > 2. Open the file manager in your email VM (e.g., nautilus). > 3. Right-click on the attachment and select "View in DisposableVM." > > The extension makes this more convenient by automating the process, but > it doesn't do anything that you can't do yourself. Nonetheless, we are > working on upgrading the extension as soon as reasonably possible. > > Further discussion can be found on this forum thread: > > https://qubes-os.discourse.group/t/thunderbird-qubes-attachments/865/ > > -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d8110a4f-d7da-4f0c-98a2-6fb32f71afd8n%40googlegroups.com.
Re: [qubes-users] Re: QSB-067: Multiple RPM vulnerabilities
Maybe it should be stated explicitly that Qubes update tool or qubesctl is needed and just updating manually through vm or Qube Manager is not sufficient. Btw, the workaround can also be confirmed by updating manually through vm or Qubes Manager, dnf will then state that GPG signature check is enforced globally. On Saturday, March 20, 2021 at 12:49:27 AM UTC+1 a...@qubes-os.org wrote: > On 3/19/21 4:35 PM, Marek Marczykowski-Górecki wrote: > > On Fri, Mar 19, 2021 at 03:42:23PM -0700, Andrew David Wong wrote: > >> On 3/19/21 3:12 PM, Vít Šesták wrote: > >>> It seems to have been fixed now. The dom0 updates have passed. The DomU > >>> Fedora updates have succeeded with updating the macros.qubes file, > which is > >>> supposingly the workaround by Qubes team. > >>> > >>> Regards, > >>> Vít Šesták 'v6ak' > >>> > > > >> I now realize that we neglected to state, in the QSB, what the desired > >> result from updating Fedora-based TemplateVMs and StandaloneVMs should > be. I > >> presume this is it: > > > >> -- > >> ID: /usr/lib/rpm/macros.d/macros.qubes > >> Function: file.managed > >> Result: True > >> Comment: File /usr/lib/rpm/macros.d/macros.qubes updated > >> Started: > >> Duration: > >> Changes: > >> -- > >> diff: > >> New file > >> -- > >> ID: dnf-makecache > >> Function: cmd.script > >> Result: True > >> Comment: DNF cache successfully created > >> Started: > >> Duration: > >> Changes: > >> -- > > > >> Marek or Demi, can you confirm? > > > > Yes this seems right (in subsequent runs, the > > /usr/lib/rpm/macros.d/macros.qubes state will not have "New file" > > comment, but will still have "Result: True"). > > Below you should also see a summary with "Failed: 0". > > > > Thanks, that is indeed the output I received. > > However, on a few update attempts, I saw this: > > Function: cmd.script > Result: False > Comment: Could not create DNF metadata cache > Started: > Duration: > Changes: > -- > ID: update > Function: pkg.uptodate > Result: False > Comment: One or more requisite failed: update.qubes-vm.dnf-makecache > Started: > Duration: > Changes: > -- > > Subsequent attempts were successful (had the expected output), though. > > -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b266984b-3775-45ad-a74e-869e65753e52n%40googlegroups.com.
[qubes-users] Re: Please help test kernel 5.4 in anticipation of Qubes 4.0.4-rc2
I installed the updates from security-testing to fix QSB-063. I was still running kernel 4.19.x, but instead of the fixed 4.19 version, the fixed 5.4 version was installed. It has been running a few days now and I have not noticed any issues.(Sandy Bridge i5 notebook.) On Friday, November 27, 2020 at 3:59:11 PM UTC+1 a...@qubes-os.org wrote: > Hi all, > > Based on the feedback we've received for Qubes 4.0.4-rc1, we've decided > to make one additional change for 4.0.4, namely updating the kernel to > at least 5.4. This means that we'll need a second release candidate > before the stable release of 4.0.4. [1] > > The official announcement for 4.0.4-rc2 will come soon. This is just an > informal request for anyone willing to help test kernel 5.4 on Qubes 4.0 > to do so and report any problems. [2] The package is already available > in current-testing. [3] Thank you! > > [1] https://github.com/QubesOS/qubes-issues/issues/6170 > [2] https://www.qubes-os.org/doc/reporting-bugs/ > [3] https://www.qubes-os.org/doc/testing/ > > -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a039e86-954a-4055-a794-cbdd0c1c53f4n%40googlegroups.com.
[qubes-users] Re: Hardening Guide for Paranoid Noobs?
For the Whonix VM's, you can enable AppArmor by just changing the kernel parameters in the Qube settings. https://www.whonix.org/wiki/Qubes/AppArmor For more VM hardening, you can install Linux Kernel Runtime Guard(LKRG). For Whonix and Debian VM's, this is made real easy by Whonix(note that Whonix recommends using a VM kernel, but for me it works fine with the default kernel supplied by dom0): https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG More instructions: https://bitbucket.org/Adam_pi3/lkrg-main/src/master/README On Saturday, September 5, 2020 at 5:02:57 PM UTC+2 Stumpy wrote: > I was reminded about qubes hardening that Chris L has been working on > and also noticed that Patrick/Whonix is now basing whonix on thier > kicksecure distro and was trying (not so successfully) to absorb all of > this. I got the impression that Chris's work wouldnt jive so well with > kicksecure (fair enough, can just use it on non-whoinx setups) but wasnt > sure. Also there is the idea of DVM sys-* (net/usb/firewall/etc) vms > sounded like they would add an extra layer of security, maybe based on > centos (I have seen conversations about how fedora doesnt sign or > something apps in their repos? please dont troll me, i am not trying to > pretend like i understand that) and some other things that i am sure i > have missed (maybe a iptable/firewall gui [apart from whats built into > qubes settings... i just dont find that intuitive). > > In short, it just seems like there are quite a few additional hardening > things that can be done but for novices like myself a step by step spoon > feeding explanation/howto that brings it all together would be awesome. > If i ever get something working I will try to document it but as its > taken me like 3 years to just get comfortable with qubes i am not > holding my breath... anyone interested in crowd funding something like > this? (*not* for me to write, more like to crowd fund for a qubes guru > to write) :P > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f97a1c84-8310-4b35-babe-562279f816a2n%40googlegroups.com.
Re: [qubes-users] Grsecurity+Debian 10 has issues when PCI devices are being attached
On Sunday, October 11, 2020 at 12:26:46 AM UTC+2 drw...@gmail.com wrote: > Offtopic: I suggest you contact them to buy it, that's what we did. > Support your local and only noteworthy linux kernel security project. > It is now possible for individuals to buy a license? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/021836f6-23d0-4d67-8c9b-fc7cef6987cdn%40googlegroups.com.
Re: [qubes-users] Re: Black Screen when installing 4.0.3 & 4.1 on AMD Ryzen 4750U
On Thursday, August 6, 2020 at 1:29:49 AM UTC+2 Dylanger Daly wrote: > > You have good taste in laptops. :) > > Haha thank you, as do you, the T14 was second on my list, yeah I suspect > there will be plenty of Qubes users on these devices they tick a lot of > boxes, I've never used Qubes with >4 Cores so it'll be a nice experience. > > Yes, better support for new Ryzen CPU's would be nice. I would like an 4800H in my next machine, they're so fast. Maybe newer kernel versions like the kernel-latest package can be included as optional kernel versions in the Qubes ISO. That would make it a lot more user friendly to install Qubes on newer hardware without having to manually create an ISO with a newer kernel. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/79deb305-a97e-41f5-b829-01a597b32e3cn%40googlegroups.com.
