Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 14/02/2019 1.27 PM, Vít Šesták wrote: > On February 14, 2019 6:18:47 PM GMT+01:00, "Marek Marczykowski-Górecki" wrote: >> On Thu, Feb 14, 2019 at 05:58:09PM +0100, Vít Šesták wrote: >>> When I update dom0 and then Debian/Whonix without restarting the Qube >> Manager or Update “widget”*, is it enough? Or I need to restart the >> updater app (or maybe whole Qubes)? >> >> No, you need to restart it - just close its main window. Unlike 3.2, >> there is no need for additional steps like right-clicking on Q->quit. >> Similarly, closing updater gui is enough, even if "updates available" >> icon/widget stays there (the updater gui is a separate process). > > That sounds like something that informed users are able to do, but uninformed > users might feel no reason for doing so. It is (obviously) up to you, but I > suggest adding this information somewhere near downloads. > PR submitted: https://github.com/QubesOS/qubes-doc/pull/790 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxmXssACgkQ203TvDlQ MDAefg/+IaYYzdc4HOPT4H90cyzdCMJ6E4su5tv/3TNKhydYPaQcZzvBPhfpOgEu IB13O41+WgW/nyGv/+S8BWZirmVZP004uY+fP6QnxFsKbWO3afZlNILh9VbNaGyE U38GOy2umIb5DThMcShl2m8IAHO/OmjJw9Sw7m95vV7fYTNHrVQI1VUXnaQl6i+K YA4lKBRkZTZdEUk65z4Nk287rylPXYqUD1MmIboUcqv+vHVi9A2nRXFU94WlgG5X ILStvuaNkHAaG8cUDDX4nduk/xz12NGdEbx4L6NrD02QetWAY7deih5B3X7EvZ5E BWVS/411LU+oyF9JnxIGgCU3ymzdQkzg2HBZt58X3YmteuqgzZQ0QBxyIhbZqD4K l0FVRwbzKoLNEPC8EgYk3KrmujiecD86Mxjr4Md+QDj+TlabiK8Jwu7MnDuaudrK VByKVFSmMX69PMQuMMWFlO662p3JfCKecE3Gi7tErow+BV23Nt7diR5ZYuiGVTvC sji/p7+JVZEEhWokyVjMvrJ1mLd6EgCNMHfHIycrEcYz06Sz/DTpj+r01owYOrgg tIP9UPYffwhsxnTljpak8j3tBKsFWIaJS7jxVPvPILpWuLNwE7IEkYBAPWzKKCz2 Zm5bbF1gp9FP+dxv60GrOIBeg4BabHDmtNnWB+qtL0jFZFpi8KM= =4qP7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/484d2644-26d9-ebad-47e6-dc3c56e0102f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
On February 14, 2019 6:18:47 PM GMT+01:00, "Marek Marczykowski-Górecki" wrote: >On Thu, Feb 14, 2019 at 05:58:09PM +0100, Vít Šesták wrote: >> When I update dom0 and then Debian/Whonix without restarting the Qube >Manager or Update “widget”*, is it enough? Or I need to restart the >updater app (or maybe whole Qubes)? > >No, you need to restart it - just close its main window. Unlike 3.2, >there is no need for additional steps like right-clicking on Q->quit. >Similarly, closing updater gui is enough, even if "updates available" >icon/widget stays there (the updater gui is a separate process). That sounds like something that informed users are able to do, but uninformed users might feel no reason for doing so. It is (obviously) up to you, but I suggest adding this information somewhere near downloads. >> *) I don't like calling a „widget“ something that opens a real >window. It reminds me Android widgets, so I rather imagine the >something on desktop what is available only when all windows are >minimized/closed/nonmaximized. > >I agree. But right now we have two similar functionalities and I try to >name them differently. So, I call the new updater "widget", because >it's >started from a widget... Maybe I use it differently than I am supposed to. Alt+F3, “qubes update”*, enter. I don't know any widget I can start it from. >PS was dropping mailing list intentional? Just accidental… *) Well, I usually just type some prefix that makes the relevant item first. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0B42755A-8FF3-4E8A-9B91-441E46CF1B94%40v6ak.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Feb 13, 2019 at 04:12:27AM -0800, Vít Šesták wrote: > Since Qubes 4.0.1 was released [1] before your message and before the DSA > [2], I assume it is not a good idea to install Debian and Whonix from the > 4.0.1 installation media, is it? > > If it is right, then I suggest adding a note on the download page [3] until > 4.0.2 release. Qubes update tools (qubes manager, updates widget) do include safe apt upgrade method. So, as long as you update dom0 before updating VMs, it is safe to use Debian/Whonix from 4.0.1. > Regards, > Vít Šesták 'v6ak' > > [1] https://www.qubes-os.org/news/2019/01/09/qubes-401/ > [2] https://www.debian.org/security/2019/dsa-4371 > [3] https://www.qubes-os.org/downloads/ > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxll1oACgkQ24/THMrX 1yxRSQf/XNSo8g5Fv6Yqj6h6GDEIZ2RDeaMYall0SrB58WcYur2zgDY4mzc4suOh kXNokEhn89f2NXDiidNnpBlLrwvF4FeViRRfmZHy7eGsgIbh5IURFEtoToxKz6gw Kel+9CzlsGk6y8fnPYutU0IRZvhGQ39MQ9jOd2FLs9kLU1AzIlD/PiZ+wUEZZS2l dyn9c/a1GeHZPlRSibPHdFMkLIuZpGmfFuspwvuZOqbxg5drOQaktJjKSsDXKhHe q1EuBQU0PAZ5LtKe44vSqFo2z73GqeReCpJB1VNR9Ep7JIN97MLfZzGtexzFjte+ v8jU3EqjZPGNhJNFA57w1KzYbydQbQ== =2JNk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190214162914.GE9610%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
Since Qubes 4.0.1 was released [1] before your message and before the DSA [2], I assume it is not a good idea to install Debian and Whonix from the 4.0.1 installation media, is it? If it is right, then I suggest adding a note on the download page [3] until 4.0.2 release. Regards, Vít Šesták 'v6ak' [1] https://www.qubes-os.org/news/2019/01/09/qubes-401/ [2] https://www.debian.org/security/2019/dsa-4371 [3] https://www.qubes-os.org/downloads/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a232d218-afb4-47c5-a3f2-bacd702731bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
On 1/26/19 6:41 PM, Aly Abdellatif wrote: > @John S.cde > > 1. Go into sys-firewall and delete rpms available in > /var/lib/qubes/dom0-updates/packages > > and then in dom0 use sudo qubes-dom0-update qubes-template-whonix-gw-14 > --enablerepo=qubes*testing --clean > > there is nothing in that dir/ (in sys-firewall) nor in sys-net /packagesbut it seems removing them from /var/lib/qubes/updates/rpm fixed the diskquota error on an interesting note folks over at other distros like linuxmint seem wholly unconcerned with reinstall and seem certainthat just upgrading apt is all that is necessary when I mentioned that recent comment in this thread about "stolen keys" I am asked for a reference for this, and accused of FUD :) I am not a SA, so that comment would be very serious if true correct ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9886bfcb-7e87-85b6-c8c2-46eb6a7d5499%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
@John S.Recdep 1. Go into sys-firewall and delete rpms available in /var/lib/qubes/dom0-updates/packages and then in dom0 use sudo qubes-dom0-update qubes-template-whonix-gw-14 --enablerepo=qubes*testing --clean -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5c645f57-61b9-4be9-ba46-f88db35e2270%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
On 1/26/19 9:30 AM, Aly Abdellatif wrote: > @John S redcap > > Go into the updateVM and delete unneeded rpms : > /var/lib/qubes/dom0-updates/packages > > If you didnt change your updateVM, it will be in sys-firewall > > And then add - - clean in your qubes-dom0-update > Command > hmm, this is a /var/lib/qubes/updates/rpm/directory with 4 rpm in it (2 whonix-gw one is the 2018, one the 2019, 1 deb-9 2019 and 1 whonix-ws 2018) (there is no /var/lib/qubes/dom0-updatesjust /updatesin this 4.0-> 4.1 install) suppose that is the one, not sure what you mean by sys-firewall being "it" so something like sudo qubes-dom0-update qubes-template-whonix-gw-14 --enablerepo=qubes*testing --clean ?? after deleting the 4 template rpms in /rpm ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b32a9e8-4b82-88ba-48ad-56dec611c6a3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
@John S redcap Go into the updateVM and delete unneeded rpms : /var/lib/qubes/dom0-updates/packages If you didnt change your updateVM, it will be in sys-firewall And then add - - clean in your qubes-dom0-update Command -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec709af9-a8a0-41fd-902f-cdad95a1ad9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
On 1/26/19 5:22 AM, John S.Recdep wrote: > > When I remove the whonix templates I get about 12 errors complaining > about /var/lib/qubes/vm-templates/whonix-ws-14/app.tempicons > /vm-whitelisted-appmenus.list > > etc > > no such file or directory > > > I suppose just another one of those mystery errors to ignore ? > sh**t now I am getting the correct whonix 2019 started but it fails with "Disk quota exceeded"dnf clean packages 0 files removed so what now please -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/760d0277-ca5b-0c63-b58d-5ce08cc4890b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
somewhere in this large thread it probably states there is an error in the original whonix install invocation right ? if one just uses community-testing they end up with 2018 version so use the --enablerepo=qubes*testing instead -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04b3d0f9-034a-1675-c41b-7a5f070b9bd8%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
When I remove the whonix templates I get about 12 errors complaining about /var/lib/qubes/vm-templates/whonix-ws-14/app.tempicons /vm-whitelisted-appmenus.list etc no such file or directory I suppose just another one of those mystery errors to ignore ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc4a2f0f-b966-0339-f88f-9e1b2112c6f0%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
On Thursday, January 24, 2019 at 7:35:59 PM UTC-8, Andrew David Wong wrote: > pixel fairy, please let us know of fully removing the old template first > doesn't fix the problem. thats what i ended up doing. i had to reinstall to delete them. then it worked. then, with whonix, sys-firewall was full. changed the templates system storage max size to 20G. that problems hit me a few times before, but i think this should fix it. dnf clean all was not enough, probably because of how much is installed in the template. > >> Why would using > >> qubes*testing instead fix whatever is causing that command to fail? > >> Would that somehow force cache busting for some reason? > > > > No. But it would be easier - no need to think in which repository given > > template is. In this particular case, it should be fine as given > > template is only in one of those repositories. > > > > Sure, I can see it being easier. I'd specify it as > `qubes-templates*testing` to be safe, though. Otherwise, user error > could easily lead to pulling updates from `qubes-dom0-current-testing` > that they didn't mean to get and aren't prepared to deal with. > > >>> Also, using the 'upgrade' action is a lot less confusing. The official > >>> steps are needlessly painful. > > > >> Would it be worth updating the QSB? (CC: Marek) > > > > PR: https://github.com/QubesOS/qubes-secpack/pull/26 > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxKhAcACgkQ203TvDlQ > MDBmVQ//dSU4Jyi/Cg2m7+YkdGyjJB3W8TmS1HFDrGEFlVKsTl5WL8TSxjNPb0tS > yHMRlOzDDA5POiTBPmLAPk6zwUDkiDSMt+DQ1GZ5b7NIxcnKNZjHM5EMOCzcCoW2 > 7DB/wYpp5AndG+3pHM8TWcCTOC7cSAqMxj5pgqUMnOOunG5Ic8nVnUEU1YdBSM51 > uPJuXeR7/sZ33eWUKN5QrRP/Yb4TLORYjouWR6tI60j8ReE7xyYre5TpTBnroIZE > Aq4+IYBrjqqSZcBJRhqcshtgDF6A2/AUhLeZZpokA9eL7KDxCG2L1QVjiO6c6DhM > ARc0SxsKhAOzxRUj1PqHQvtQCEhX5MvjkjgfwY7aDD9IGMmZU7/7+CR8QrilMICq > p4dJQWyiMmvwyQS0xBJEPEkUuHO89CTZ7VNs8/S1jhPwyo6myDwekKhmAS7Nc/Iz > G71YjwrV3+C7I31JiEEwe2y30RLncZdn9t+oySoCeznrvwtoK8cFzeJ9616As5Yz > smXgoGKQmyKnRw7WIto1MuLbvVr8NUGzY7PWCOmPASDu2UAnWgkIn6aTrJd9KWPB > 4TZHhu+YVHVahkqugZSQ8g7aoaJ/7aURERlURASz1yDEPsmbmLt+4oI4PZUpCjHC > 2fpXTSCqOPK1GqX1Hyxi5EnldbBCyoMbU+LwikD+8k+zc02U/iY= > =DiKo > -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d5de408-2582-411a-934b-17dde3d5cc1d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 24/01/2019 9.15 PM, Marek Marczykowski-Górecki wrote: > On Thu, Jan 24, 2019 at 08:57:16PM -0600, Andrew David Wong wrote: >> On 23/01/2019 11.54 PM, Chris Laprise wrote: >>> On 01/23/2019 10:39 PM, Andrew David Wong wrote: On 23/01/2019 9.36 PM, pixel fairy wrote: > On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong > wrote: > >> The Whonix packages are in qubes-templates-community-testing. > > > $ sudo qubes-dom0-update > --enablerepo=qubes-templates-community-testing > qubes-template-whonix-gw-14 > Using sys-firewall as UpdateVM to download updates for Dom0; this may > take some time... > Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019. > No match for argument: qubes-template-whonix-gw-14 > Error: Unable to find a match > That's strange. I was just able to install them with the same command. Maybe try it again with --clean? >>> >>> That's why I found its better to just specify qubes*testing for the >>> templates: >>> >>> https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net >>> > >> I don't understand. How would that help here? To recap, this command >> worked for me: > >> $ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing >> qubes-template-whonix-gw-14 > >> The very same command failed for pixel fairy. > > I think the issue is about the previous point in the patching > instruction: remove buggy template version. Otherwise it will fail > exactly like this (indeed the message is confusing...). Feature request > about simplifying this process is tracked here: > https://github.com/QubesOS/qubes-issues/issues/4518 > Oh, the old template is still installed? Ok, that makes sense. pixel fairy, please let us know of fully removing the old template first doesn't fix the problem. >> Why would using >> qubes*testing instead fix whatever is causing that command to fail? >> Would that somehow force cache busting for some reason? > > No. But it would be easier - no need to think in which repository given > template is. In this particular case, it should be fine as given > template is only in one of those repositories. > Sure, I can see it being easier. I'd specify it as `qubes-templates*testing` to be safe, though. Otherwise, user error could easily lead to pulling updates from `qubes-dom0-current-testing` that they didn't mean to get and aren't prepared to deal with. >>> Also, using the 'upgrade' action is a lot less confusing. The official >>> steps are needlessly painful. > >> Would it be worth updating the QSB? (CC: Marek) > PR: https://github.com/QubesOS/qubes-secpack/pull/26 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxKhAcACgkQ203TvDlQ MDBmVQ//dSU4Jyi/Cg2m7+YkdGyjJB3W8TmS1HFDrGEFlVKsTl5WL8TSxjNPb0tS yHMRlOzDDA5POiTBPmLAPk6zwUDkiDSMt+DQ1GZ5b7NIxcnKNZjHM5EMOCzcCoW2 7DB/wYpp5AndG+3pHM8TWcCTOC7cSAqMxj5pgqUMnOOunG5Ic8nVnUEU1YdBSM51 uPJuXeR7/sZ33eWUKN5QrRP/Yb4TLORYjouWR6tI60j8ReE7xyYre5TpTBnroIZE Aq4+IYBrjqqSZcBJRhqcshtgDF6A2/AUhLeZZpokA9eL7KDxCG2L1QVjiO6c6DhM ARc0SxsKhAOzxRUj1PqHQvtQCEhX5MvjkjgfwY7aDD9IGMmZU7/7+CR8QrilMICq p4dJQWyiMmvwyQS0xBJEPEkUuHO89CTZ7VNs8/S1jhPwyo6myDwekKhmAS7Nc/Iz G71YjwrV3+C7I31JiEEwe2y30RLncZdn9t+oySoCeznrvwtoK8cFzeJ9616As5Yz smXgoGKQmyKnRw7WIto1MuLbvVr8NUGzY7PWCOmPASDu2UAnWgkIn6aTrJd9KWPB 4TZHhu+YVHVahkqugZSQ8g7aoaJ/7aURERlURASz1yDEPsmbmLt+4oI4PZUpCjHC 2fpXTSCqOPK1GqX1Hyxi5EnldbBCyoMbU+LwikD+8k+zc02U/iY= =DiKo -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbbf08bc-841a-54e3-6a61-e0ca64131d7f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jan 24, 2019 at 08:57:16PM -0600, Andrew David Wong wrote: > On 23/01/2019 11.54 PM, Chris Laprise wrote: > > On 01/23/2019 10:39 PM, Andrew David Wong wrote: > >> On 23/01/2019 9.36 PM, pixel fairy wrote: > >>> On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong > >>> wrote: > >>> > The Whonix packages are in qubes-templates-community-testing. > >>> > >>> > >>> $ sudo qubes-dom0-update > >>> --enablerepo=qubes-templates-community-testing > >>> qubes-template-whonix-gw-14 > >>> Using sys-firewall as UpdateVM to download updates for Dom0; this may > >>> take some time... > >>> Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019. > >>> No match for argument: qubes-template-whonix-gw-14 > >>> Error: Unable to find a match > >>> > >> > >> That's strange. I was just able to install them with the same command. > >> Maybe try it again with --clean? > > > > That's why I found its better to just specify qubes*testing for the > > templates: > > > > https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net > > > > I don't understand. How would that help here? To recap, this command > worked for me: > > $ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing > qubes-template-whonix-gw-14 > > The very same command failed for pixel fairy. I think the issue is about the previous point in the patching instruction: remove buggy template version. Otherwise it will fail exactly like this (indeed the message is confusing...). Feature request about simplifying this process is tracked here: https://github.com/QubesOS/qubes-issues/issues/4518 > Why would using > qubes*testing instead fix whatever is causing that command to fail? > Would that somehow force cache busting for some reason? No. But it would be easier - no need to think in which repository given template is. In this particular case, it should be fine as given template is only in one of those repositories. > > Also, using the 'upgrade' action is a lot less confusing. The official > > steps are needlessly painful. > > Would it be worth updating the QSB? (CC: Marek) - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxKfzYACgkQ24/THMrX 1yy/RQf/aHFY61ViLRp9IRosZegJ/CybS5uioPxQf/GEy/d5JbkXMYEKWyTgyA7c HsPB1z/HVfA+I7CRidrtKufr9jgeuE5KGrposFNxG/yCvzDh7nQaVF6svw3gozJw pO4ULJ02zRg8YaJF+aBv25/p6jI7CQYs93OFZ0x0pVli4+BlkUY8gzhTgrf0V/bU cpaC9UmzKfWR8TxR6gFTTmVqs5K+WxcBo3LfXF1yNoBlHCgJdhfK5kqmvANE5apS gw5pM0ccsNYV//cmVr8fULAa05gRPRIQgepPUoj/442fGesfHDMVCm48pta/uhZ2 OPh0sBdqAgmlbRjrAGFi3a0b36ewww== =7+Ci -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190125031501.GD1429%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23/01/2019 11.54 PM, Chris Laprise wrote: > On 01/23/2019 10:39 PM, Andrew David Wong wrote: >> On 23/01/2019 9.36 PM, pixel fairy wrote: >>> On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong >>> wrote: >>> The Whonix packages are in qubes-templates-community-testing. >>> >>> >>> $ sudo qubes-dom0-update >>> --enablerepo=qubes-templates-community-testing >>> qubes-template-whonix-gw-14 >>> Using sys-firewall as UpdateVM to download updates for Dom0; this may >>> take some time... >>> Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019. >>> No match for argument: qubes-template-whonix-gw-14 >>> Error: Unable to find a match >>> >> >> That's strange. I was just able to install them with the same command. >> Maybe try it again with --clean? > > That's why I found its better to just specify qubes*testing for the > templates: > > https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net > I don't understand. How would that help here? To recap, this command worked for me: $ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-whonix-gw-14 The very same command failed for pixel fairy. Why would using qubes*testing instead fix whatever is causing that command to fail? Would that somehow force cache busting for some reason? > > Also, using the 'upgrade' action is a lot less confusing. The official > steps are needlessly painful. > Would it be worth updating the QSB? (CC: Marek) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxKev0ACgkQ203TvDlQ MDBgmw/+IgsI5x0xAjdetKXzcdsOJUyeMd4ksZc0EWItQhQRN/ZD56KEODRQNryc f1NkApyRi9WdH6PC+G2X5UiVXWNwx3Zu52J718qsWB1WkRnvQKlUvPI24uBXZH5x f1f8L2OulK0dDikxSYTPSnRkPNQ+kmOyr0W50lJLbPufHH+tRhIKWCHIVdU45QXD qpLnARlkNusH3uJA8lRmMZjhyg/ipsz6bM+z31n7Odf9M6sp+cD7mIgRCUqv4K20 3KbA+QWfREV67sgvgZ4NYFkGof/qJa4SF+rMbc0LOYbn9gzvnzNabLsQFHZhuCVk DXyFGqXauLsF9ksmmyd2sskaiv3Y+mIiBXgL/F3Ks0AR8KsQZ+vJyIKnCG3o9doJ brUucluIaPtDfD0fmSlRyHfM3XQOEuHHIOrkwY6QxfyBOpuMSPB2lAY1yfg9Er9z NWbi8bcDknjiS9U1ZMih3Ox0bLthef/B3V1M6A4x3lINp5J/1aJ6VB7BwmkU6tON 2oBl0IY+KkrcA5eX3OkDt5ZRuo8syFDdB9CvHft1WKweL8FkQmhfOR2HDB52IRGr YGSsd9m9V999dKs7zkPcExhdU3BNhK11aEp84ZX3S11NeXf2iqSZw6ORN3qi5Nf2 Y++BFwE3vjLnssWCTCj8YcI69C8jUoLaPmZkdEVIUqTvGQL9YEY= =BVTN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f7f59e8-703b-fc85-888e-83aa21327035%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
On Thursday, January 24, 2019 at 4:13:36 PM UTC+1, Lorenzo Lamas wrote: > Please help, after updating dom0 with security-testing(which installed not > only qubes-desktop-linux-manager and qubes-manager, but also > qubes-mgmt-salt-dom0-update-4.0.5-1 and reboot, no VM at all will start. > Failed to connect to qmmemman:[Errno 2] No such file or directory. > Text boot shows: > Failed to start Qubes memory management daemon. > > systemctl status qubes-qmemman.service shows: > "qubes-qmemman.service - Qubes memory management daemon > Loaded: loaded (/usr/lib/systemd/system/qubes-qmemman.service; enabled; > vendor preset: enabled) > Active: failed (Result: exit code) since Thu 2019-01-24 15:41:40 CET; 1min 1s > ago > Proces: 2094 ExecStart=/usr/bin/qmemmand (code=exited, status=1/FAILURE] > Main PID: 2094 (code-exited, status=1/FAILURE) > > Jan 24 15:41:40 dom0 qmemmand[2094]: sys.exit(main()) > Jan 24 15:41:40 dom0 qmemmand[2094]: File > "/usr/lib/python3.5/site-packages/qubes/tools/qmemmand.py", line 261, in main > Jan 24 15:41:40 dom0 > qmemmand[2094]:qubes.utils.parse_size(config.get('global', vm-min-mem')) > Jan 24 15:41:40 dom0 qmemmand[2094]: File > "/usr/lib/python3.5/site-packages/qubes/utils.py", line 107, in parse_size > Jan 24 15:41:40 dom0 qmemmand[2094]: raise qubes.exc.QubesException("Invalid > size: {0}.".format(size)) > Jan 24 15:41:40 dom0 qmemmand[2094]: qubes.exc.QubesException: Invalid size > 190MIB. > Jan 24 15:41:40 dom0 systemd[1]: qubes-qmemman.service: Main proces exited, > code-exited, status=1/FAILURE > Jan 24 15:41:40 dom0 systemd[1]: Failed to start Qubes memory management > daemon. > Jan 24 15:41:40 dom0 systemd[1]: qubes-qmemman.service: Unit entered failed > state. > Jan 24 15:41:40 dom0 systemd[1]: qubes-qmemman.service: Failed with result > 'exit-code'. > > I tried to undo the update with dnf history undo but it says the package is > not available. Well, thanks to the help of someone more knowledgeable than me, I was able to fix it. The trick was to edit /etc/qubes/qmemman.conf. In the line vm-min-mem = 190MIB replace with 190M In the line dom0-mem-boost = 333MIB replace with 333M. Maybe a typo in one of the patches? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ca4c96e-4499-4837-9090-7639891ea82b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
Please help, after updating dom0 with security-testing(which installed not only qubes-desktop-linux-manager and qubes-manager, but also qubes-mgmt-salt-dom0-update-4.0.5-1 and reboot, no VM at all will start. Failed to connect to qmmemman:[Errno 2] No such file or directory. Text boot shows: Failed to start Qubes memory management daemon. systemctl status qubes-qmemman.service shows: "qubes-qmemman.service - Qubes memory management daemon Loaded: loaded (/usr/lib/systemd/system/qubes-qmemman.service; enabled; vendor preset: enabled) Active: failed (Result: exit code) since Thu 2019-01-24 15:41:40 CET; 1min 1s ago Proces: 2094 ExecStart=/usr/bin/qmemmand (code=exited, status=1/FAILURE] Main PID: 2094 (code-exited, status=1/FAILURE) Jan 24 15:41:40 dom0 qmemmand[2094]: sys.exit(main()) Jan 24 15:41:40 dom0 qmemmand[2094]: File "/usr/lib/python3.5/site-packages/qubes/tools/qmemmand.py", line 261, in main Jan 24 15:41:40 dom0 qmemmand[2094]:qubes.utils.parse_size(config.get('global', vm-min-mem')) Jan 24 15:41:40 dom0 qmemmand[2094]: File "/usr/lib/python3.5/site-packages/qubes/utils.py", line 107, in parse_size Jan 24 15:41:40 dom0 qmemmand[2094]: raise qubes.exc.QubesException("Invalid size: {0}.".format(size)) Jan 24 15:41:40 dom0 qmemmand[2094]: qubes.exc.QubesException: Invalid size 190MIB. Jan 24 15:41:40 dom0 systemd[1]: qubes-qmemman.service: Main proces exited, code-exited, status=1/FAILURE Jan 24 15:41:40 dom0 systemd[1]: Failed to start Qubes memory management daemon. Jan 24 15:41:40 dom0 systemd[1]: qubes-qmemman.service: Unit entered failed state. Jan 24 15:41:40 dom0 systemd[1]: qubes-qmemman.service: Failed with result 'exit-code'. I tried to undo the update with dnf history undo but it says the package is not available. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43c0921f-3f54-4fe2-8a2a-5dfba7959e01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
On 01/23/2019 10:39 PM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23/01/2019 9.36 PM, pixel fairy wrote: On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong wrote: The Whonix packages are in qubes-templates-community-testing. $ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-whonix-gw-14 Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019. No match for argument: qubes-template-whonix-gw-14 Error: Unable to find a match That's strange. I was just able to install them with the same command. Maybe try it again with --clean? That's why I found its better to just specify qubes*testing for the templates: https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net Also, using the 'upgrade' action is a lot less confusing. The official steps are needlessly painful. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eac8fdff-5e8a-8031-e60f-dbac1b71cacb%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23/01/2019 9.36 PM, pixel fairy wrote: > On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong wrote: > >> The Whonix packages are in qubes-templates-community-testing. > > > $ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing > qubes-template-whonix-gw-14 > Using sys-firewall as UpdateVM to download updates for Dom0; this may take > some time... > Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019. > No match for argument: qubes-template-whonix-gw-14 > Error: Unable to find a match > That's strange. I was just able to install them with the same command. Maybe try it again with --clean? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxJM4UACgkQ203TvDlQ MDA6xg//f6Z108hVsOt0NShRKr0ymesvupANPfoVSE4LmuNr3rh3sHiRCNrUQUFw jbX2K05aig82smbqwya/+qxTs5IY50zLzPYaBHMVLthFNI2YRXir0VFPGf2z5YA0 59/dEjxXWkmB+itSZ94dFLEwiwwPJwl1nzYSPb5xCfhT6gTus0Ur0Ig1HL71jgTz HWmXKkUHMrXl92ET87yCEBB9yT4NKyhii8qQKauyrCKsDL2Z1Xr1jbO6ezY34Mjw EKYiau97vvpdEEPH9xHkXkFSZI22PJ5TNcsbFOYWwevQdlWonSX9u9EQqV+DVueP 0jGiA+68cV9ih99mhciOt6cKajPmD7sMak0TqgBGET0s21Jal0vBLbJhK4kYIpYf DJ8TOHKsSogEI0stxyqyGZgJ1Nlj1urffXdYsuJL53WtlNy9X06Qxa5aGYM/Kk1+ HWAVMkG5pjAxtlJ73+MVO4/7pRWsYOwma67bmcpQ+D6mcj/IPn4FFVue6bOq4t5t iWOlPvzMH8xm8yPlmEdtOkdE1BbsxcORlXQig/5b+T3W0ZCSDXPLkO+Cgn6Yb6P9 URxspGf+lU/7R5lUDWjV2X/b3dAVNzUHyQ0tlNqAdqmfg6abi21YgnAl2nFPkHtF 9wYajSzhRK7ytFGcGT7UKY8yjZEbG58nMOO+XHJxc2ixYbpP+Jo= =oMb9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b65af735-4a3a-5db6-a3d2-c5f40baff68a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong wrote: > The Whonix packages are in qubes-templates-community-testing. $ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-whonix-gw-14 Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019. No match for argument: qubes-template-whonix-gw-14 Error: Unable to find a match -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/832a3574-1531-4fbf-93df-a5b0c55b423d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23/01/2019 8.53 PM, pixel fairy wrote: > is whonix in the repo? i keep getting "Error: Unable to find a > match" tried copy/pasting from the command to delete the templates > to make sure they're spelled right. tried qubes-templates-itl and > qubes-templates-itl-testing. > The Whonix packages are in qubes-templates-community-testing. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxJL/sACgkQ203TvDlQ MDBw/w//YOWTVN8shPoHSzkKUmz6tnG3PZ4xr0gq4Nc3eJeC1Oz9GJT92TJwQZiU O0BGHg5vI6lXes5KYJWPl0aKVCmbdI23HoSGh/9C0PryGapAJ8+b+Y0M4DE3tA1k znQKRZezs5XudXfX0Zy2jR1wXGON59D8XIOK1SDQQLQjha8jFPBwCNcjDPvmibX+ 9lx+Gt8+SOkOI13Bg3WBruZ10mSAJhC7nVKLMkEy9xE2UlSJeCxfdKqyCTdnCG7R VSaDRsX4b46XjiSVnVgCoKG/00wPeU2Ix+p9CmsYIbtNmKB4jybHIvX/6Qa365Fl ieBHy0lEMIhs9cDeFRYM4Lo+tdCslwMEkk1Acx90kP/PQI4moo5qRR3yMxwYmXNX llua+ijV6ONE9nDhj/Lvi62GzSMhZwq18pwTUqDUXKm8Z8hUAwmaZL3Ay4o2/qE5 3LFgaBIgY8HHdV96xxZZxOpcp1itNgU17xpkz9gphIpCLIkccjrjulQilRdSHKa1 1KH1DnVxKtC/TM4RFOFywuFX7GpZklPEBPXRAtHhzmfkENX//+3h1rKXA9k3iCam axTGjQGOnmA2tXkGYEUi6VOJ/6WD6K6YPcovlEm7ao2d3HZU+SQKKiJ53B41dJJO stk9jV51h0r19XIA/1dcYbKaMgZDdWF7Z0TW/AhyuqVUCMsuvG0= =iiJY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7560a230-3e75-fbdf-dfb5-2a9f00da53ad%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #46: APT update mechanism vulnerability
is whonix in the repo? i keep getting "Error: Unable to find a match" tried copy/pasting from the command to delete the templates to make sure they're spelled right. tried qubes-templates-itl and qubes-templates-itl-testing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b29c776f-2da3-4d04-932a-ae6387576130%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.