[qubes-users] Re: Looking to explicitly not use mirrors to download fedora updates

2019-06-13 Thread Sphere
Tried things on an AppVM turned fedora.repo and fedora-updates.repo on /etc/yum.repos.d/ into just the following content: [fedora] name=Fedora baseurl=https://download-ib01.fedoraproject.org/pub/fedora-secondary It did execute update well somehow just that IDK why it's still probing Fedora

[qubes-users] Updated bionic template

2019-06-13 Thread unman
There's a PR in which allows build of bionic template - finally. If you cant wait for that, or you dont want to build your own, there's a ready built template at https://qubes.3isec.org/ Updated packages are also available, if you have an existing bionic qube. unman -- You received this

Re: [qubes-users] Looking to explicitly not use mirrors to download fedora updates

2019-06-13 Thread unman
On Wed, Jun 12, 2019 at 11:23:14PM -0700, Sphere wrote: > Hi, I checked DNS queries being made as I was updating templateVMs today and > I noticed that there is an extreme bias preference of using ftp.riken.jp > which didn't sit well with me since that would mean that it was downloading >

Re: [qubes-users] gpg-split, what am I signing/encrypting

2019-06-13 Thread unman
On Thu, Jun 13, 2019 at 07:13:00AM +, scurge1tl wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > > On 07/06/2019 10.04 AM, scurge1tl wrote: > >> I have been playing with the gpg-split and would like to know, > >> if there is an option to see precisely for what specific task the

Re: [qubes-users] Re: Does Qubes-OS 4.0.1 have support for KDE or GNOME desktop environment?

2019-06-13 Thread unman
On Thu, Jun 13, 2019 at 03:34:53AM +, Jon deps wrote: > On 6/5/19 8:00 PM, Chris Laprise wrote: > > On 6/2/19 3:41 AM, Finn wrote: > > > I've installed Qubes-OS 4.0.1 and it's XFCE desktop environment but I > > > would rather prefer either KDE or GNOME desktop environment. I found > > > this

Re: [qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread Mike Keehan
On Thu, 13 Jun 2019 07:14:47 + "'awokd' via qubes-users" wrote: > Jon deps: > > On 6/12/19 8:14 AM, Jon deps wrote: > > >> Jun 12 07:52:01 dom0 kernel: MDS CPU bug present and SMT on, data > >> leak possible. See > >> https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html >

Re: [qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread 'awokd' via qubes-users
Jon deps: in my case turns out, I have an Intel i5  which apparently doesn't have multithreading, I did look around the UEFI anyway, and see no references to it sudo cat /boot/efi/EFI/qubes/xen.cfg has 4.19.43-1   smt=off on cold reboot  I don't see  the  kernel vuln  journal entry If

Re: [qubes-users] Will AEM work with UEFI boot (A.K.A. GPT)?

2019-06-13 Thread 'awokd' via qubes-users
'interested_in_QubesOS' via qubes-users: No, you said GRUB rather than GRUB2 in your first reply. I see. I think most, if not all distributions these days (Qubes included) use GRUB2 instead of GRUB legacy. So when you see "GRUB" mentioned, it is safe to assume they are talking about GRUB2

Re: [qubes-users] Will AEM work with UEFI boot (A.K.A. GPT)?

2019-06-13 Thread 'interested_in_QubesOS' via qubes-users
"Yes. Didn't I say that in my first reply?" No, you said GRUB rather than GRUB2 in your first reply. Anyway I think I will just leave CSM enabled for installation because many sources seem to be hinting toward GRUB being needed for AEM (emphasis on hinting) and any article or web page on GRUB2

[qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread Jon deps
On 6/13/19 7:14 AM, 'awokd' via qubes-users wrote: Jon deps: On 6/12/19 8:14 AM, Jon deps wrote: Jun 12 07:52:01 dom0 kernel: MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. .any idea on

Re: [qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread 'awokd' via qubes-users
Mike Keehan: There has been a thread on the Linux Kernel mailing list recently, discussing the need to re-enable the SMT chips during resume else something breaks, and then turn them off again. You may be one of the unlucky ones to heave this affecting your system. I'm not sure which new

[qubes-users] Re: Does Qubes-OS 4.0.1 have support for KDE or GNOME desktop environment?

2019-06-13 Thread Jon deps
On 6/13/19 2:04 PM, unman wrote: On Thu, Jun 13, 2019 at 03:34:53AM +, Jon deps wrote: On 6/5/19 8:00 PM, Chris Laprise wrote: On 6/2/19 3:41 AM, Finn wrote: I've installed Qubes-OS 4.0.1 and it's XFCE desktop environment but I would rather prefer either KDE or GNOME desktop environment.

[qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread Jon deps
On 6/13/19 8:55 PM, 'awokd' via qubes-users wrote: Jon deps: in my case turns out, I have an Intel i5  which apparently doesn't have multithreading, I did look around the UEFI anyway, and see no references to it sudo cat /boot/efi/EFI/qubes/xen.cfg has 4.19.43-1   smt=off on cold reboot 

Re: [qubes-users] gpg-split, what am I signing/encrypting

2019-06-13 Thread scurge1tl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > On 07/06/2019 10.04 AM, scurge1tl wrote: >> I have been playing with the gpg-split and would like to know, >> if there is an option to see precisely for what specific task the >> work-email AppVM is connecting to the work-gpg AppVM. > >>

Re: [qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread 'awokd' via qubes-users
Jon deps: On 6/12/19 8:14 AM, Jon deps wrote: Jun 12 07:52:01 dom0 kernel: MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. .any idea on the  "data leak possible"    journal entry? sounds a

Re: [qubes-users] Will AEM work with UEFI boot (A.K.A. GPT)?

2019-06-13 Thread 'awokd' via qubes-users
'interested_in_QubesOS' via qubes-users: "GRUB2. Should be UEFI with CSM disabled." As in GRUB2 is needed for AEM? (Just a good ol' yes or no will do, unless I'm missing an important piece of info.) Yes. Didn't I say that in my first reply? -- You received this message because you are

[qubes-users] Looking to explicitly not use mirrors to download fedora updates

2019-06-13 Thread Sphere
Hi, I checked DNS queries being made as I was updating templateVMs today and I noticed that there is an extreme bias preference of using ftp.riken.jp which didn't sit well with me since that would mean that it was downloading updates in plaintext and thus, unprotected against MITM attacks.