Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-25 Thread john s.


>>
>> Tasket,
>>
>> Does this mean that a upgrade to testing  is as good as   uninstalling -
>> re-installing templates ?
> 
> Yes. Everything in the template's root and private volumes is wiped
> before the new package is added.
> 
> However we found out this doesn't work for Whonix if your updatevm is
> set to sys-whonix. For debian-9 its fine.


.but, otherwise Marek's original Patch howto  remains  OK  for
whonix-14  Q4.0 ?


>> I guess your cloning debian-9-nonpatch'd just in case the upgrade fails
>> , which you'd rather do  than  reinstall  fresh clean
>> debian-9-new-apt-version?
> 
> Its less hassle to qvm-clone to a backup, then run the upgrade.

less hassle meaning than new Templates , ?because one would not then
need to add back any useradded packagesor  both ?






-- 
A895 0C7C A244 8E2E FD77 A3DB 180B 7D4D D158 F8B6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46e7687e-99ed-b513-df07-7321ac5fbd9a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-25 Thread Chris Laprise

On 01/25/2019 03:01 PM, John S.Recdep wrote:

On 1/23/19 9:52 PM, Chris Laprise wrote:

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:


Patching
=

If you are a Qubes user, you should remove all APT-based (including
Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
ones. You can do this by performing the following steps on each such
TemplateVM:



A shortened update procedure for debian-9:

1. If your "debian-9" template is customized or contains data, you may
wish to back it up with qvm-clone first...

[dom0]$ qvm-clone debian-9 d9-backup

2. Run the upgrade command...

[dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
--enablerepo=qubes*testing --action=upgrade

This will display package info as it begins downloading. The package
version-date should begin with "4.0.1-20190123" or later.

3. Shutdown all VMs so the upgrade can take effect...

[dom0]$ qvm-shutdown --all --wait --timeout=30

This method also works with whonix-gw-14 and whonix-ws-14 templates.



Tasket,

Does this mean that a upgrade to testing  is as good as   uninstalling -
re-installing templates ?


Yes. Everything in the template's root and private volumes is wiped 
before the new package is added.


However we found out this doesn't work for Whonix if your updatevm is 
set to sys-whonix. For debian-9 its fine.




I guess your cloning debian-9-nonpatch'd just in case the upgrade fails
, which you'd rather do  than  reinstall  fresh clean
debian-9-new-apt-version?


Its less hassle to qvm-clone to a backup, then run the upgrade.




btw, somewhere in this thread I think I saw  howto  find which debian-9
  useradded  packages  were installed,  but maybe someone could confirm
how please


That was the post from Fidel Ramos:

https://groups.google.com/d/msgid/qubes-users/DM9_q5vgod4jYvlICr67Wg1SpGKDv2BNytlGZBHx2Tmd6J6w9DmZ2s__jTMhGtfAHvjigwMnaFYKLLhkEQHliA%3D%3D%40fidelramos.net


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed68420f-2fb6-a2d6-f11d-8bfa681c83fc%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-25 Thread John S.Recdep
On 1/23/19 9:52 PM, Chris Laprise wrote:
> On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:
> 
>> Patching
>> =
>>
>> If you are a Qubes user, you should remove all APT-based (including
>> Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
>> ones. You can do this by performing the following steps on each such
>> TemplateVM:
> 
> 
> A shortened update procedure for debian-9:
> 
> 1. If your "debian-9" template is customized or contains data, you may
> wish to back it up with qvm-clone first...
> 
> [dom0]$ qvm-clone debian-9 d9-backup
> 
> 2. Run the upgrade command...
> 
> [dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
> --enablerepo=qubes*testing --action=upgrade
> 
> This will display package info as it begins downloading. The package
> version-date should begin with "4.0.1-20190123" or later.
> 
> 3. Shutdown all VMs so the upgrade can take effect...
> 
> [dom0]$ qvm-shutdown --all --wait --timeout=30
> 
> This method also works with whonix-gw-14 and whonix-ws-14 templates.
> 

Tasket,

Does this mean that a upgrade to testing  is as good as   uninstalling -
re-installing templates ?

I guess your cloning debian-9-nonpatch'd just in case the upgrade fails
, which you'd rather do  than  reinstall  fresh clean
debian-9-new-apt-version?


btw, somewhere in this thread I think I saw  howto  find which debian-9
 useradded  packages  were installed,  but maybe someone could confirm
how please

rec

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1fca1c4-4c8f-9dfc-b79c-906904141b65%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-25 Thread Chris Laprise

On 01/25/2019 02:03 PM, gone wrote:

Chris Laprise wrote on Wed, 23 January 2019 21:52

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki
wrote:

A shortened update procedure for debian-9:

.

This method also works with whonix-gw-14 and
whonix-ws-14 templates.

--


This worked very well on the debian-9 template and thanks
again for it. But when I try that method for whonix-gw-14
template I get the following errors:

@dom0 ~]$ sudo qubes-dom0-update qubes-template-whonix-gw-14
--enablerepo=qubes*testing --action=upgrade
WARNING: Replacing a template will erase all files in
template's /home and /rw !
Template VM halted
Attempting to operate on template of UpdateVM... backing up
whonix-gw-14 to whonix-gw-14-backup-20190125-mhQ
qvm-clone: error: VM name must be shorter than 32
characters
ERROR: Unable to make backup of UpdateVM template!


This looks like a qubes-dom0-update bug.



I had already cloned the template (using a shorter name ;-)
) before starting this command. So this automatic backup
could be omitted in order to bring it forth if there exists
some option for that or an option to assign a custom name to
this automated backup file.

Or do I have to switch the default upgrade template for dom0
to something else instead of whonix-gw-14 before performing
the update action?


You can try to change the updatevm as a workaround. If downloading the 
template without Tor is OK you can just change it to sys-firewall or 
similar VM.



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99f69f5c-c651-31b3-4a00-25377ca3a830%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-25 Thread gone
Chris Laprise wrote on Wed, 23 January 2019 21:52
> On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki
> wrote:
> 
> A shortened update procedure for debian-9:
> 
> .
> 
> This method also works with whonix-gw-14 and
> whonix-ws-14 templates.
> 
> --

This worked very well on the debian-9 template and thanks
again for it. But when I try that method for whonix-gw-14
template I get the following errors:

@dom0 ~]$ sudo qubes-dom0-update qubes-template-whonix-gw-14
--enablerepo=qubes*testing --action=upgrade
WARNING: Replacing a template will erase all files in
template's /home and /rw !
Template VM halted
Attempting to operate on template of UpdateVM... backing up
whonix-gw-14 to whonix-gw-14-backup-20190125-mhQ
qvm-clone: error: VM name must be shorter than 32
characters
ERROR: Unable to make backup of UpdateVM template!

I had already cloned the template (using a shorter name ;-)
) before starting this command. So this automatic backup
could be omitted in order to bring it forth if there exists
some option for that or an option to assign a custom name to
this automated backup file.

Or do I have to switch the default upgrade template for dom0
to something else instead of whonix-gw-14 before performing
the update action? 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98f.5c4b5d8b%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-25 Thread Chris Laprise

On 01/24/2019 10:12 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 23/01/2019 3.52 PM, Chris Laprise wrote:

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:


Patching
=

If you are a Qubes user, you should remove all APT-based (including
Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
ones. You can do this by performing the following steps on each such
TemplateVM:



A shortened update procedure for debian-9:

1. If your "debian-9" template is customized or contains data, you may
wish to back it up with qvm-clone first...

[dom0]$ qvm-clone debian-9 d9-backup

2. Run the upgrade command...

[dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
--enablerepo=qubes*testing --action=upgrade

This will display package info as it begins downloading. The package
version-date should begin with "4.0.1-20190123" or later.



Will this step work with templates where installed_by_rpm = false?


No, that's why I wrote "debian-9" template and referenced the package name.

I'm just now starting to address my non-rpm templates that were 
originally cloned from the old debian-9. Probably will make new clones 
of upgraded debian-9, apply customizations (its great to have them 
written down), then use my 'findpref' script to switch all the relevant 
VMs to the new template at once.


Alternately, if you know LVM commands you could just duplicate the 
upgraded template's root volume into target (non-rpm) templates using 
'lvcreate' and maybe zero-out the target private volume with 
'blkdiscard' for extra safety. If I had a lot of specific Qubes settings 
on the target template VMs I might have chosen this option.


Also see Fidel Ramos' advice about duplicating existing package 
selections in the upgraded template.


Finally, if anyone suspects that malware may have taken hold in their 
VMs because the old template was exploited (or other reason), my 
Qubes-VM-hardening project installs a service that activates at VM 
startup before any private-volume scripts are executed. This can 
immunize the VM against malware persistence and also provides a shell 
that can examine VM contents at the moment the private volume is first 
mounted:


https://github.com/tasket/Qubes-VM-hardening

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5081a8e-5e2e-8be8-e312-638f0b529e60%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-24 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 23/01/2019 3.52 PM, Chris Laprise wrote:
> On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:
> 
>> Patching
>> =
>>
>> If you are a Qubes user, you should remove all APT-based (including
>> Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
>> ones. You can do this by performing the following steps on each such
>> TemplateVM:
> 
> 
> A shortened update procedure for debian-9:
> 
> 1. If your "debian-9" template is customized or contains data, you may
> wish to back it up with qvm-clone first...
> 
> [dom0]$ qvm-clone debian-9 d9-backup
> 
> 2. Run the upgrade command...
> 
> [dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
> --enablerepo=qubes*testing --action=upgrade
> 
> This will display package info as it begins downloading. The package
> version-date should begin with "4.0.1-20190123" or later.
> 

Will this step work with templates where installed_by_rpm = false?

> 3. Shutdown all VMs so the upgrade can take effect...
> 
> [dom0]$ qvm-shutdown --all --wait --timeout=30
> 
> This method also works with whonix-gw-14 and whonix-ws-14 templates.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxKfqsACgkQ203TvDlQ
MDDe8xAAoEDmpIWBbhdeRUtQQsIbsKS/RexE8tRZoWgl68IIHMCL/SBsPU4aw4sl
lmp+AUXkiko3mMutWBP+AujscnF2V+rTuGAKRSBwf90qd0sHkL4MUq2jVhwELnOq
xT8N8vQOGBQckeTN9iqGw+6Yg4lrPSmB2evi/Ma7B7f5x9rfkk22tZNEB3oGDSyk
z6NCjxRWvNKHYi/h3UzGvfrFHJdMrC1s6gcd9+h+Tw9WOU5/ZkLqIGB1mDV9FKQF
EzwgU2zy1QiUaNEihjDghohqJOoxDPvqA3muil2qpReKLhqGkBrtpJGN8mjnjIdW
lmtUWipBOCFEgnrPfvPD9wbmwp64mc86qFDlTIskKHvZYjEMJV5ILw7w3s5hZTnk
KlAz6iAyW09E5JE1hQplZdpKAx+Z+Oc5mAdJzHI8j1ytKiHfk40nupyM07QCm/GR
iiXlZTYMRgsy5+s8SkBVhLFL9CLWWje7eH63TLQ5hwHm+rJTshjI3BycV5m+3fdv
StIvgg5u6LVXITkfSUxwOlOR1somjwddWB+zSVME6vAQJ7+LfBRqB/eD0mcSrmtQ
nhDHgyOfulu3IHjm3TbSLl5d8bqk2/GTTBsvsIfoKeo9eSdGO/+nuQb4G5AhqOJ2
bD0NWIQaMqNdhi7V3hzIYiYkh2fQVV0fSzHjmeUbqUShxt0IOfg=
=UuFd
-END PGP SIGNATURE-


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2c553bf-709f-1ee8-b3e2-1a823a1856e2%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-24 Thread Fidel Ramos
‐‐‐ Original Message ‐‐‐
On Wednesday, January 23, 2019 9:52 PM, Chris Laprise  wrote:

> On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:
>
> > Patching
> >
> > =
> >
> > If you are a Qubes user, you should remove all APT-based (including
> > Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
> > ones. You can do this by performing the following steps on each such
> > TemplateVM:
>
> A shortened update procedure for debian-9:
>
> 1.  If your "debian-9" template is customized or contains data, you may
> wish to back it up with qvm-clone first...
>
> [dom0]$ qvm-clone debian-9 d9-backup
>
> 2.  Run the upgrade command...
>
> [dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
> --enablerepo=qubes*testing --action=upgrade
>
> This will display package info as it begins downloading. The package
> version-date should begin with "4.0.1-20190123" or later.
>
> 3.  Shutdown all VMs so the upgrade can take effect...
>
> [dom0]$ qvm-shutdown --all --wait --timeout=30
>
> This method also works with whonix-gw-14 and whonix-ws-14 templates.

Also in case people don't know there is an easy procedure to store the list of 
installed packages from the old debian 9 template and reinstall the same 
packages in the fresh template:

https://unix.stackexchange.com/questions/176134/installing-packages-by-importing-the-list-with-dpkg-set-selections/177187#177187

I reproduce the steps here for convenience:

debian-9-old$ dpkg --get-selections > /tmp/dpkg_selections.txt
debian-9-old$ qvm-copy-to-vm debian-9 /tmp/dpkg_selections.txt

debian-9$ avail=`mktemp`
debian-9$ apt-cache dumpavail > "$avail"
debian-9$ dpkg --merge-avail "$avail"
debian-9$ rm -f "$avail"
debian-9$ sudo dpkg --set-selections < 
~/QubesIncoming/debian-9-old/dpkg-selections.txt
debian-9$ sudo apt-get dselect-upgrade

That should do the trick. Of course check dpkg-selections.txt, it's a simple 
text file.

Note that with this procedure the information of which packages have been 
installed manually and which automatically as a dependency is not kept. If you 
want to transfer this information use this procedure:

debian-9-old$ apt-mark showmanual > pkgs_manual.lst
debian-9-old$ apt-mark showauto > pkgs_auto.lst
debian-9-old$ qvm-copy-to-vm debian-9 pkgs_auto.lst pkgs_manual.lst

debian-9$ sudo apt-mark manual $(cat QubesIncoming/debian-9-old/pkgs_manual.lst)
debian-9$ sudo apt-mark auto $(cat QubesIncoming/debian-9-old/pkgs_auto.lst)

https://askubuntu.com/questions/101931/restoring-all-data-and-dependencies-from-dpkg-set-selections/108760#108760

Hope that's useful.

Fidel Ramos
PGP 7F07 1B7C 479F EDD1
https://www.fidelramos.net

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/DM9_q5vgod4jYvlICr67Wg1SpGKDv2BNytlGZBHx2Tmd6J6w9DmZ2s__jTMhGtfAHvjigwMnaFYKLLhkEQHliA%3D%3D%40fidelramos.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone
has worked fine with debian-9. Thank you Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/939.5c490d51%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread John S.Recdep
On 1/23/19 9:08 PM, gone wrote:
> unfortunately the reboot brought no change. Still the
> 201812091508 version.
> 


this is for Fedora, is there something akin to this for  Debian ?


--
What you can do to get the differences between two templates:

1) run "dnf list installed > packagelist1.txt
Do the same in the other VM

2) compare both lists:
grep -Fxv -f packagelist1.txt packagelist2.txt



The problem with that is that it outputs version numbers, which isnt
particularly helpful.
dnf repoquery --qf "%{name}" --userinstalled
Will give you just the names.
--

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6924c217-3eb9-0cb6-1560-b626bbccdcb8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread goldsmith
On 2019-01-23 21:08, gone wrote:
> unfortunately the reboot brought no change. Still the
> 201812091508 version.

Try sudo
qubes-dom0-update
--enablerepo=qubes-templates-itl-testing
qubes-template-debian-9

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13bb066f990aff75a307a5589d1fdd5b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Chris Laprise

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:


Patching
=

If you are a Qubes user, you should remove all APT-based (including
Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
ones. You can do this by performing the following steps on each such
TemplateVM:



A shortened update procedure for debian-9:

1. If your "debian-9" template is customized or contains data, you may 
wish to back it up with qvm-clone first...


[dom0]$ qvm-clone debian-9 d9-backup

2. Run the upgrade command...

[dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
--enablerepo=qubes*testing --action=upgrade

This will display package info as it begins downloading. The package 
version-date should begin with "4.0.1-20190123" or later.


3. Shutdown all VMs so the upgrade can take effect...

[dom0]$ qvm-shutdown --all --wait --timeout=30

This method also works with whonix-gw-14 and whonix-ws-14 templates.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone
unfortunately the reboot brought no change. Still the
201812091508 version.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/932.5c48d7c4%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone
@seshu: OK, thanks, so I'll try and reboot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/930.5c48cf43%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread seshu
On Wednesday, January 23, 2019 at 8:06:20 PM UTC, gone wrote:
> seshu wrote on Wed, 23 January 2019 17:49
> > On Wednesday, January 23, 2019 at 5:32:38 PM UTC,
> > Brendan Hoar wrote:
> > >  Thank you, Marek et al, for your work over what was
> > > presumably a longer than usual work day.
> > >  
> > >  
> > >  B
> > 
> > Agreed, thanks everyone! 
> > 
> > --
> 
> I'd also like to thank you for doing all that.
> 
> I've tried it for the debian-9 template with sudo
> qubes-dom0-update
> --enablerepo=qubes-templates-community-testing
> qubes-template-debian-9 but this only brings up the
> 4.0.1.-201812091508 version.
> Is that repo only right for the whonix tempate as in the
> example or is there another reason? What have I done wrong?

I followed the same steps you did and I did get the right version.  I did 
notice that after deleting the old templateVMs I needed to reboot my system. 
Not necessarily to get or see the new versions but, I was getting a signature 
error when I downloaded the new version and dnf wouldn't install them because 
it did not match the signature of the 201812091508 version.  

But, after rebooting the system, that seemed to clean the cache or something 
and then the qubes-dom0-update process worked.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e690329e-e33c-46e4-8a2d-d1fc8f4c35c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone
seshu wrote on Wed, 23 January 2019 17:49
> On Wednesday, January 23, 2019 at 5:32:38 PM UTC,
> Brendan Hoar wrote:
> >  Thank you, Marek et al, for your work over what was
> > presumably a longer than usual work day.
> >  
> >  
> >  B
> 
> Agreed, thanks everyone! 
> 
> --

I'd also like to thank you for doing all that.

I've tried it for the debian-9 template with sudo
qubes-dom0-update
--enablerepo=qubes-templates-community-testing
qubes-template-debian-9 but this only brings up the
4.0.1.-201812091508 version.
Is that repo only right for the whonix tempate as in the
example or is there another reason? What have I done wrong?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/929.5c48c937%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread seshu
On Wednesday, January 23, 2019 at 5:32:38 PM UTC, Brendan Hoar wrote:
> Thank you, Marek et al, for your work over what was presumably a longer than 
> usual work day.
> 
> 
> B

Agreed, thanks everyone!  One question Marek, the ubuntu distros you recently 
made available to the community could be affected also? They are APT based 
distro's right?

If so, I'm assuming I'll have to apply the same procedure for those right?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23a34e4e-413a-4acb-b739-b04fe1dd75c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Brendan Hoar
Thank you, Marek et al, for your work over what was presumably a longer
than usual work day.

B

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOajFedqetKhXx9FOCUW4OTydnrPxJzjw2SPQL49Y8bAcqCNOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.