From 48d10b0280b659c938d384512c6986864cf72df6 Mon Sep 17 00:00:00 2001 From: xn0px90 Date: Mon, 3 Oct 2016 13:51:18 -0400 Subject: [PATCH 001/103] Create managing-o --- managing-o | 215 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 managing-o diff --git a/managing-o b/managing-o new file mode 100644 index 00000000..c908ea43 --- /dev/null +++ b/managing-o @@ -0,0 +1,215 @@ +--- +layout: doc +title: Upgrading the Fedora 21 Template +permalink: /doc/fedora-template-upgrade-21/ +redirect_from: +- /en/doc/fedora-template-upgrade-21/ +- /doc/FedoraTemplateUpgrade21/ +- /wiki/FedoraTemplateUpgrade21/ +--- + +Upgrading the Fedora 21 Template +================================ + +Summary: Upgrading the Standard Fedora 21 Template to Fedora 23 +--------------------------------------------------------------- + + [user@dom0 ~]$ qvm-clone fedora-21 fedora-23 + [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ qvm-run -a fedora-23 gnome-terminal + [user@dom0 ~]$ qvm-block -A fedora-23 dom0:/var/tmp/template-upgrade-cache.img + [user@fedora-23 ~]$ sudo mkfs.ext4 /dev/xvdi + [user@fedora-23 ~]$ sudo mount /dev/xvdi /mnt/removable + [user@fedora-23 ~]$ sudo mkdir /mnt/removable/modules + [user@fedora-23 ~]$ sudo cp -rp /usr/lib/modules /mnt/removable/modules + [user@fedora-23 ~]$ sudo mount --bind /mnt/removable/modules /usr/lib/modules + [user@fedora-23 ~]$ sudo yum clean all + [user@fedora-23 ~]$ sudo yum --releasever=23 --enablerepo=qubes*current-testing --setopt=cachedir=/mnt/removable distro-sync + + (Shut down TemplateVM by any normal means.) + + [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ qvm-trim-template fedora-23 + + (Done.) + +Detailed: Upgrading the Standard Fedora 21 Template to Fedora 23 +---------------------------------------------------------------- + +These instructions will show you how to upgrade the standard Fedora 21 +TemplateVM to Fedora 23. The same general procedure may be used to upgrade any +template based on the standard Fedora 21 template. + + 1. Ensure the existing template is not running. + + [user@dom0 ~]$ qvm-shutdown fedora-21 + + 2. Clone the existing template and start a terminal in the new template. + + [user@dom0 ~]$ qvm-clone fedora-21 fedora-23 + [user@dom0 ~]$ qvm-run -a fedora-23 gnome-terminal + + 2. Attempt the upgrade process in the new template. For now you need to enable testing repository to do that. + + [user@fedora-23 ~]$ sudo yum clean all + [user@fedora-23 ~]$ sudo yum --releasever=23 --enablerepo=qubes*current-testing distro-sync + + 3. Shutdown the new TemplateVM via dom0 command line or Qubes VM Manager; + + [user@dom0 ~]$ qvm-shutdown fedora-23 + + If you encounter no errors, proceed to step 7. + + 4. If `yum` reports that you do not have enough free disk space to proceed with + the upgrade process, create an empty file in dom0 to use as a cache and + attach it to the template as a virtual disk. + + [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ qvm-block -A fedora-23 dom0:/var/tmp/template-upgrade-cache.img + + Then reattempt the upgrade process, but this time using the virtual disk as + a cache. + + [user@fedora-23 ~]$ sudo mkfs.ext4 /dev/xvdi + [user@fedora-23 ~]$ sudo mount /dev/xvdi /mnt/removable + [user@fedora-23 ~]$ sudo yum clean all + [user@fedora-23 ~]$ sudo yum --releasever=23 --enablerepo=qubes*current-testing --setopt=cachedir=/mnt/removable distro-sync + + (Poweroff via Qubes VM Manager. May need to be killed.) + + 5. If `yum` complains that there is not enough free space in `/usr/lib/modules`, + do this before reattempting the upgrade: + + [user@fedora-23 ~]$ sudo mkdir /mnt/removable/modules + [user@fedora-23 ~]$ sudo cp -rp /usr/lib/modules /mnt/removable/modules + [user@fedora-23 ~]$ sudo mount --bind /mnt/removable/modules /usr/lib/modules + + 6. `yum` may complain: + + At least X MB more space needed on the / filesystem. + + In this case, one option is to [resize the TemplateVM's disk + image](/doc/ResizeDiskImage/) before reattempting the upgrade process. + (See **Additional Information** below for other options.) + + 7. After the upgrade process is finished, remove the cache file, if you + created one. + + [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img + + 8. Trim the new template (see **Compacting the Upgraded Template** for details + and other options). + + [user@dom0 ~]$ qvm-trim-template fedora-23 + + 9. (Optional) Remove the old default template. + + [user@dom0 ~]$ sudo yum remove qubes-template-fedora-21 + + +Summary: Upgrading the Minimal Fedora 21 Template to Fedora 23 +-------------------------------------------------------------- + + [user@dom0 ~]$ qvm-clone fedora-21-minimal fedora-23-minimal + [user@dom0 ~]$ qvm-run -a fedora-23-minimal xterm + [user@fedora-23-minimal ~]$ su - + [root@fedora-23-minimal ~]# yum clean all + [user@fedora-23-minimal ~]# yum --releasever=23 --enablerepo=qubes*current-testing distro-sync + + (Shut down TemplateVM by any normal means.) + + [user@dom0 ~]$ qvm-trim-template fedora-23-minimal + +(If you encounter insufficient space issues, you may need to use the methods +described for the standard template above.) + + +Differences Between the Standard and Minimal Upgrade Procedures +--------------------------------------------------------------- + +The procedure for upgrading the minimal template (or any template based on the +minimal template) is the same as the procedure for the standard template above, +**with the following exceptions**: + + 1. `gnome-terminal` is not installed by default. Unless you've installed it + (or another terminal emulator), use `xterm`. (Of course, you can also use + `xterm` for the standard template, if you prefer.) + 2. `sudo` is not installed by default. Unless you've installed it, use `su` as + demonstrated above. (Of course, you can also use `su` for the standard + template, if you prefer.) + + +Compacting the Upgraded Template +================================ + +Neither `fstrim` nor the `discard` mount option works on the TemplateVM's root +filesystem, so when a file is removed in the template, space is not freed in +dom0. This means that the template will use about twice as much space as is +really necessary after upgrading. + +If you have at least `qubes-core-dom0-2.1.68` installed or are on Qubes R3.0, +you can use the `qvm-trim-template` tool: + + [user@dom0 ~]$ qvm-trim-template fedora-23 + +If you do not have `qubes-core-dom0-2.1.68` or are on older Qubes version, you can +compact the `root.img` manually. To do this, you will need about 15GB (the +TemplateVM's max size + the actually used space there) free space in dom0. + + 1. Start the template and fill all the free space with zeros, for example + with: + + [user@fedora-23 ~]$ dd if=/dev/zero of=/var/tmp/zero + + 2. Wait for the "No space left on device" error. Then: + + [user@fedora-23 ~]$ rm -f /var/tmp/zero + + 3. Shut down the template and all VMs based on it. Then: + + [user@dom0 ~]$ cd /var/lib/qubes/vm-templates/fedora-23 + [user@dom0 ~]$ cp --sparse=always root.img root.img.new + [user@dom0 ~]$ mv root.img.new root.img + + +Additional Information +====================== + +As mentioned above, you may encounter the following `yum` error: + + At least X MB more space needed on the / filesystem. + +In this case, you have several options: + + 1. [Increase the TemplateVM's disk image size](/doc/resize-disk-image/). + This is the solution mentioned in the main instructions above. + 2. Delete files in order to free up space. One way to do this is by + uninstalling packages. You may then reinstalling them again after you + finish the upgrade process, if desired). However, you may end up having to + increase the disk image size anyway (see previous option). + 3. Increase the `root.img` size with `qvm-grow-root`. It should be easy to + extend the `qvm-grow-root` tool in order to support PV (and not only HVM) + VMs. This is already done in R3.1. + 4. Do the upgrade in parts, e.g., by using package groups. (First upgrade + `@core` packages, then the rest.) + 5. Do not perform an in-place upgrade. Instead, simply download and install a + new template package, then redo all desired template modifications. + +With regard to the last option, here are some useful messages from the mailing +list which also apply to TemplateVM management and migration in general: + + * [Marek](https://groups.google.com/d/msg/qubes-users/mCXkxlACILQ/dS1jbLRP9n8J) + * [Jason M](https://groups.google.com/d/msg/qubes-users/mCXkxlACILQ/5PxDfI-RKAsJ) + +Upgrading to Fedora 22 +====================== + +You may choose to upgrade to Fedora 22 instead of Fedora 23. In that case, +simply replace version "23" with "22" in all above commands. + +Known issues with Fedora 23 +=========================== + +* [Graphical update tools (using PackageKit) does not work](https://github.com/QubesOS/qubes-issues/issues/982). +* [Dnf (new Fedora package manager) needs a lot of time to process repository metadata](https://bugzilla.redhat.com/show_bug.cgi?id=1227014), you may want to use `yum-deprecated` for now +* ["Terminal" shortcuts do not work because the desktop file in the VM has been renamed](https://github.com/QubesOS/qubes-issues/issues/1428). See the issue report for how to update your configuration to match. From d3c8a82d12bd38f41d24a308f8b03768d7822dda Mon Sep 17 00:00:00 2001 From: xn0px90 Date: Wed, 14 Nov 2018 16:28:16 -0500 Subject: [PATCH 002/103] upgrade-28-to-29 --- .../templates/fedora/upgrade-28-to-29.md | 390 ++++++++++++++++++ 1 file changed, 390 insertions(+) create mode 100644 managing-os/templates/fedora/upgrade-28-to-29.md diff --git a/managing-os/templates/fedora/upgrade-28-to-29.md b/managing-os/templates/fedora/upgrade-28-to-29.md new file mode 100644 index 00000000..bec5dff8 --- /dev/null +++ b/managing-os/templates/fedora/upgrade-28-to-29.md @@ -0,0 +1,390 @@ +--- +layout: doc +title: Upgrading the Fedora 28 Template to Fedora 29 +permalink: /doc/template/fedora/upgrade-28-to-29/ +redirect_from: +- /doc/fedora-template-upgrade-28/ +- /en/doc/fedora-template-upgrade-28/ +- /doc/FedoraTemplateUpgrade28/ +- /wiki/FedoraTemplateUpgrade28/ +--- + +Upgrading the Fedora 28 Template to Fedora 29 +============================================= + +This page provides instructions for performing an in-place upgrade of an +installed Fedora 28 [TemplateVM] to Fedora 29. If you wish to install a new, +unmodified Fedora 29 template instead of upgrading a template that is already +installed in your system, please see the [Fedora TemplateVM] page instead. + +These instructions can also be used to upgrade a Fedora 26 TemplateVM to +Fedora 29. Simply start by cloning `fedora-26` instead of `fedora-28` in the +instructions below. + + +Important information regarding RPM Fusion repos +------------------------------------------------ + +If your RPM Fusion repositories are **disabled** when you upgrade a TemplateVM from Fedora 28 to 29, all RPM Fusion packages and RPM Fusion repo definitions will be removed from that TemplateVM. +If your RPM Fusion repositories are **enabled** when upgrading, all RPM Fusion packages and repo definitions will be retained and updated as expected. +For most users, this behavior should not cause a problem, since a TemplateVM in which the RPM Fusion repos are disabled is probably a TemplateVM in which you never wish to use them. +However, if you wish to have the RPM Fusion repo definitions after upgrading in a TemplateVM in which they are currently disabled, you may wish to temporarily enable them prior to upgrading or manually create, copy, or download them after upgrading. + + +Workaround for `python2-xcffib` upgrade error +--------------------------------------------- + +When attempting to upgrade from Fedora 26 or 28 to Fedora 29, you may encounter an error similar to this: + + Error: Transaction check error: + file /usr/lib/python2.7/site-packages/xcffib-0.5.1-py2.7.egg-info/PKG-INFO from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch + file /usr/lib/python2.7/site-packages/xcffib/_ffi.pyc from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch + file /usr/lib/python2.7/site-packages/xcffib/_ffi.pyo from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch + file /usr/lib/python2.7/site-packages/xcffib/xinput.pyc from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch + file /usr/lib/python2.7/site-packages/xcffib/xinput.pyo from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch + +To work around this error: + +1. Upgrade while excluding the problematic packages by using `-x python2-xcffib -x qubes-gui-vm -x qubes-gui-agent`. +2. Upgrade `python2-xcffib` using `sudo dnf swap python-xcffib python2-xcffib`. + (This should automatically upgrade the other excluded packages too.) + + +Qubes 3.2 Instructions +---------------------- + +### Summary: Upgrading the Standard Fedora 28 Template to Fedora 29 ### + +**Note:** The prompt on each line indicates where each command should be entered +(`@dom0` or `@fedora-29`). + + [user@dom0 ~]$ qvm-clone fedora-28 fedora-29 + [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ qvm-run -a fedora-29 gnome-terminal + [user@dom0 ~]$ qvm-block -A fedora-29 dom0:/var/tmp/template-upgrade-cache.img + [user@fedora-29 ~]$ sudo mkfs.ext4 /dev/xvdi + [user@fedora-29 ~]$ sudo mount /dev/xvdi /mnt/removable + [user@fedora-29 ~]$ sudo dnf clean all + [user@fedora-29 ~]$ sudo dnf --releasever=29 --setopt=cachedir=/mnt/removable --best --allowerasing -x python2-tornado distro-sync + + (Shut down TemplateVM by any normal means.) + + [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ qvm-trim-template fedora-29 + +(Optional cleanup: Switch everything over to the new template and delete the old +one. See instructions below for details.) + + +### Detailed: Upgrading the Standard Fedora 28 Template to Fedora 29 ### + +These instructions will show you how to upgrade the standard Fedora 28 +TemplateVM to Fedora 29. The same general procedure may be used to upgrade any +template based on the standard Fedora 28 template. + +**Note:** The command-line prompt on each line indicates where each command +should be entered (`@dom0` or `@fedora-29`). + + 1. Ensure the existing template is not running. + + [user@dom0 ~]$ qvm-shutdown fedora-28 + + 2. Clone the existing template and start a terminal in the new template. + + [user@dom0 ~]$ qvm-clone fedora-28 fedora-29 + [user@dom0 ~]$ qvm-run -a fedora-29 gnome-terminal + + 3. Attempt the upgrade process in the new template. + + [user@fedora-29 ~]$ sudo dnf clean all + [user@fedora-29 ~]$ sudo dnf --releasever=29 distro-sync --best --allowerasing + + **Note:** `dnf` might ask you to approve importing a new package signing + key. For example, you might see a prompt like this one: + + warning: /mnt/removable/updates-0b4cc238d1aa4ffe/packages/kernel-4.18.17-300.fc29.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 429476b4: NOKEY + Importing GPG key 0x429476B4: + Userid : "Fedora 29 (29) " + Fingerprint: 5A03 B4DD 8254 ECA0 2FDA 1637 A20A A56B 4294 76B4 + From : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-x86_64 + Is this ok [y/N]: y + + + This key was already checked when it was installed (notice that the "From" + line refers to a location on your local disk), so you can safely say yes to + this prompt. + + **Note:** If you encounter no errors, proceed to step 4. If you do encounter + errors, see the next two points first. + + * If `dnf` reports that you do not have enough free disk space to proceed + with the upgrade process, create an empty file in dom0 to use as a cache + and attach it to the template as a virtual disk. + + [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ qvm-block -A fedora-29 dom0:/var/tmp/template-upgrade-cache.img + + Then reattempt the upgrade process, but this time use the virtual disk + as a cache. + + [user@fedora-29 ~]$ sudo mkfs.ext4 /dev/xvdi + [user@fedora-29 ~]$ sudo mount /dev/xvdi /mnt/removable + [user@fedora-29 ~]$ sudo dnf clean all + [user@fedora-29 ~]$ sudo dnf --releasever=29 --setopt=cachedir=/mnt/removable --best --allowerasing distro-sync + + If this attempt is successful, proceed to step 4. + + * `dnf` may complain: + + At least X MB more space needed on the / filesystem. + + In this case, one option is to [resize the TemplateVM's disk + image][resize-disk-image] before reattempting the upgrade process. + (See [Additional Information] below for other options.) + + 4. Check that you are on the correct (new) fedora release. + + [user@fedora-29 ~]$ cat /etc/fedora-release + + 5. Shut down the new TemplateVM (from the command-line or Qubes VM Manager). + + [user@dom0 ~]$ qvm-shutdown fedora-29 + + 6. Remove the cache file, if you created one. + + [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img + + 7. Trim the new template (see [Compacting the Upgraded Template] for details + and other options). + + [user@dom0 ~]$ qvm-trim-template fedora-29 + + 8. (Recommended) [Switch everything that was set to the old template to the new + template.][switching-3.2] + + 9. (Optional) Remove the old template. (Make sure to type `fedora-28`, not + `fedora-29`.) + + [user@dom0 ~]$ sudo dnf remove qubes-template-fedora-28 + + +### Compacting the Upgraded Template ### + +Neither `fstrim` nor the `discard` mount option works on the TemplateVM's root +filesystem, so when a file is removed in the template, space is not freed in +dom0. This means that the template will use about twice as much space as is +really necessary after upgrading. + +You can use the `qvm-trim-template` tool: + + [user@dom0 ~]$ qvm-trim-template fedora-29 + + +### Upgrading StandaloneVMs ### + +The procedure for upgrading a StandaloneVM from Fedora 28 to Fedora 29 is the +same as for a TemplateVM, except that `qvm-trim-template` does not work on +StandaloneVMs. Instead, you should run the following command inside the +StandaloneVM in order to compact it: + + $ sudo fstrim -v -a + + +### Summary: Upgrading the Minimal Fedora 28 Template to Fedora 29 ### + +**Note:** The prompt on each line indicates where each command should be entered +(`@dom0` or `@fedora-29`). + + [user@dom0 ~]$ qvm-clone fedora-28-minimal fedora-29-minimal + [user@dom0 ~]$ qvm-run -u root -a fedora-29-minimal xterm + [root@fedora-29-minimal ~]# dnf clean all + [user@fedora-29-minimal ~]# dnf --releasever=29 --best --allowerasing distro-sync + + (Shut down TemplateVM by any normal means.) + + [user@dom0 ~]$ qvm-trim-template fedora-29-minimal + +(If you encounter insufficient space issues, you may need to use the methods +described for the standard template above.) + + +Qubes 4.0 Instructions +---------------------- + +### Summary: Upgrading the Standard Fedora 28 Template to Fedora 29 ### + +**Note:** The prompt on each line indicates where each command should be entered +(`@dom0` or `@fedora-29`). + + [user@dom0 ~]$ qvm-clone fedora-28 fedora-29 + [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ qvm-run -a fedora-29 gnome-terminal + [user@dom0 ~]$ dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img) + [user@dom0 ~]$ qvm-block attach fedora-29 dom0:${dev##*/} + [user@fedora-29 ~]$ sudo mkfs.ext4 /dev/xvdi + [user@fedora-29 ~]$ sudo mount /dev/xvdi /mnt/removable + [user@fedora-29 ~]$ sudo dnf clean all + [user@fedora-29 ~]$ sudo dnf --releasever=29 --setopt=cachedir=/mnt/removable --best --allowerasing distro-sync + [user@fedora-29 ~]$ sudo fstrim -v / + + (Shut down TemplateVM by any normal means.) + + [user@dom0 ~]$ sudo losetup -d $dev + [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img + +(Optional cleanup: Switch everything over to the new template and delete the old +one. See instructions below for details.) + + +### Detailed: Upgrading the Standard Fedora 28 Template to Fedora 29 ### + +These instructions will show you how to upgrade the standard Fedora 28 +TemplateVM to Fedora 29. The same general procedure may be used to upgrade any +template based on the standard Fedora 28 template. + +**Note:** The command-line prompt on each line indicates where each command +should be entered (`@dom0` or `@fedora-29`). + + 1. Ensure the existing template is not running. + + [user@dom0 ~]$ qvm-shutdown fedora-28 + + 2. Clone the existing template and start a terminal in the new template. + + [user@dom0 ~]$ qvm-clone fedora-28 fedora-29 + [user@dom0 ~]$ qvm-run -a fedora-29 gnome-terminal + + 3. Attempt the upgrade process in the new template. + + [user@fedora-29 ~]$ sudo dnf clean all + [user@fedora-29 ~]$ sudo dnf --releasever=29 distro-sync --best --allowerasing + + **Note:** `dnf` might ask you to approve importing a new package signing + key. For example, you might see a prompt like this one: + + warning: /mnt/removable/updates-0b4cc238d1aa4ffe/packages/kernel-4.18.17-300.fc29.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 429476b4: NOKEY + Importing GPG key 0x429476B4: + Userid : "Fedora 29 (29) " + Fingerprint: 5A03 B4DD 8254 ECA0 2FDA 1637 A20A A56B 4294 76B4 + From : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-x86_64 + Is this ok [y/N]: y + + This key was already checked when it was installed (notice that the "From" + line refers to a location on your local disk), so you can safely say yes to + this prompt. + + **Note:** If you encounter no errors, proceed to step 4. If you do encounter + errors, see the next two points first. + + * If `dnf` reports that you do not have enough free disk space to proceed + with the upgrade process, create an empty file in dom0 to use as a cache + and attach it to the template as a virtual disk. + + [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img + [user@dom0 ~]$ dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img) + [user@dom0 ~]$ qvm-block attach fedora-29 dom0:${dev##*/} + + Then reattempt the upgrade process, but this time use the virtual disk + as a cache. + + [user@fedora-29 ~]$ sudo mkfs.ext4 /dev/xvdi + [user@fedora-29 ~]$ sudo mount /dev/xvdi /mnt/removable + [user@fedora-29 ~]$ sudo dnf clean all + [user@fedora-29 ~]$ sudo dnf --releasever=29 --setopt=cachedir=/mnt/removable --best --allowerasing distro-sync + + If this attempt is successful, proceed to step 4. + + * `dnf` may complain: + + At least X MB more space needed on the / filesystem. + + In this case, one option is to [resize the TemplateVM's disk + image][resize-disk-image] before reattempting the upgrade process. + (See [Additional Information] below for other options.) + + 4. Check that you are on the correct (new) fedora release. + + [user@fedora-29 ~]$ cat /etc/fedora-release + + 5. Trim the new template. + + [user@fedora-29 ~]$ sudo fstrim -v / + + 6. Shut down the new TemplateVM (from the command-line or Qubes VM Manager). + + [user@dom0 ~]$ qvm-shutdown fedora-29 + + 7. Remove the cache file, if you created one. + + [user@dom0 ~]$ sudo losetup -d $dev + [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img + + 8. (Recommended) [Switch everything that was set to the old template to the new + template.][switching-4.0] + + 9. (Optional) Remove the old template. (Make sure to type `fedora-28`, not + `fedora-29`.) + + [user@dom0 ~]$ sudo dnf remove qubes-template-fedora-28 + + +### Upgrading StandaloneVMs ### + +The procedure for upgrading a StandaloneVM from Fedora 28 to Fedora 29 is the +same as for a TemplateVM. + + +### Summary: Upgrading the Minimal Fedora 28 Template to Fedora 29 ### + +**Note:** The prompt on each line indicates where each command should be entered +(`@dom0` or `@fedora-29`). + + [user@dom0 ~]$ qvm-clone fedora-28-minimal fedora-29-minimal + [user@dom0 ~]$ qvm-run -u root -a fedora-29-minimal xterm + [root@fedora-29-minimal ~]# dnf clean all + [user@fedora-29-minimal ~]# dnf --releasever=29 --best --allowerasing distro-sync + [user@fedora-29-minimal ~]# fstrim -v / + + (Shut down TemplateVM by any normal means.) + +(If you encounter insufficient space issues, you may need to use the methods +described for the standard template above.) + + +Additional Information +---------------------- + +As mentioned above, you may encounter the following `dnf` error: + + At least X MB more space needed on the / filesystem. + +In this case, you have several options: + + 1. [Increase the TemplateVM's disk image size][resize-disk-image]. + This is the solution mentioned in the main instructions above. + 2. Delete files in order to free up space. One way to do this is by + uninstalling packages. You may then reinstalling them again after you + finish the upgrade process, if desired). However, you may end up having to + increase the disk image size anyway (see previous option). + 3. Do the upgrade in parts, e.g., by using package groups. (First upgrade + `@core` packages, then the rest.) + 4. Do not perform an in-place upgrade. Instead, simply download and install a + new template package, then redo all desired template modifications. + + With regard to the last option, here are some useful messages from the + mailing list which also apply to TemplateVM management and migration in + general: + + * [Marek](https://groups.google.com/d/msg/qubes-users/mCXkxlACILQ/dS1jbLRP9n8J) + * [Jason M](https://groups.google.com/d/msg/qubes-users/mCXkxlACILQ/5PxDfI-RKAsJ) + + +[TemplateVM]: /doc/templates/ +[Fedora TemplateVM]: /doc/templates/fedora/ +[resize-disk-image]: /doc/resize-disk-image/ +[Additional Information]: #additional-information +[Compacting the Upgraded Template]: #compacting-the-upgraded-template +[switching-3.2]: /doc/templates/#how-to-switch-templates-32 +[switching-4.0]: /doc/templates/#how-to-switch-templates-40 +[DispVM]: /doc/dispvm/ + From 2fdce93774dcfeaee33ad0b33d381007027b72e9 Mon Sep 17 00:00:00 2001 From: xn0px90 Date: Wed, 14 Nov 2018 16:30:39 -0500 Subject: [PATCH 003/103] error = nil --- managing-o | 215 ----------------------------------------------------- 1 file changed, 215 deletions(-) delete mode 100644 managing-o diff --git a/managing-o b/managing-o deleted file mode 100644 index c908ea43..00000000 --- a/managing-o +++ /dev/null @@ -1,215 +0,0 @@ ---- -layout: doc -title: Upgrading the Fedora 21 Template -permalink: /doc/fedora-template-upgrade-21/ -redirect_from: -- /en/doc/fedora-template-upgrade-21/ -- /doc/FedoraTemplateUpgrade21/ -- /wiki/FedoraTemplateUpgrade21/ ---- - -Upgrading the Fedora 21 Template -================================ - -Summary: Upgrading the Standard Fedora 21 Template to Fedora 23 ---------------------------------------------------------------- - - [user@dom0 ~]$ qvm-clone fedora-21 fedora-23 - [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img - [user@dom0 ~]$ qvm-run -a fedora-23 gnome-terminal - [user@dom0 ~]$ qvm-block -A fedora-23 dom0:/var/tmp/template-upgrade-cache.img - [user@fedora-23 ~]$ sudo mkfs.ext4 /dev/xvdi - [user@fedora-23 ~]$ sudo mount /dev/xvdi /mnt/removable - [user@fedora-23 ~]$ sudo mkdir /mnt/removable/modules - [user@fedora-23 ~]$ sudo cp -rp /usr/lib/modules /mnt/removable/modules - [user@fedora-23 ~]$ sudo mount --bind /mnt/removable/modules /usr/lib/modules - [user@fedora-23 ~]$ sudo yum clean all - [user@fedora-23 ~]$ sudo yum --releasever=23 --enablerepo=qubes*current-testing --setopt=cachedir=/mnt/removable distro-sync - - (Shut down TemplateVM by any normal means.) - - [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img - [user@dom0 ~]$ qvm-trim-template fedora-23 - - (Done.) - -Detailed: Upgrading the Standard Fedora 21 Template to Fedora 23 ----------------------------------------------------------------- - -These instructions will show you how to upgrade the standard Fedora 21 -TemplateVM to Fedora 23. The same general procedure may be used to upgrade any -template based on the standard Fedora 21 template. - - 1. Ensure the existing template is not running. - - [user@dom0 ~]$ qvm-shutdown fedora-21 - - 2. Clone the existing template and start a terminal in the new template. - - [user@dom0 ~]$ qvm-clone fedora-21 fedora-23 - [user@dom0 ~]$ qvm-run -a fedora-23 gnome-terminal - - 2. Attempt the upgrade process in the new template. For now you need to enable testing repository to do that. - - [user@fedora-23 ~]$ sudo yum clean all - [user@fedora-23 ~]$ sudo yum --releasever=23 --enablerepo=qubes*current-testing distro-sync - - 3. Shutdown the new TemplateVM via dom0 command line or Qubes VM Manager; - - [user@dom0 ~]$ qvm-shutdown fedora-23 - - If you encounter no errors, proceed to step 7. - - 4. If `yum` reports that you do not have enough free disk space to proceed with - the upgrade process, create an empty file in dom0 to use as a cache and - attach it to the template as a virtual disk. - - [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img - [user@dom0 ~]$ qvm-block -A fedora-23 dom0:/var/tmp/template-upgrade-cache.img - - Then reattempt the upgrade process, but this time using the virtual disk as - a cache. - - [user@fedora-23 ~]$ sudo mkfs.ext4 /dev/xvdi - [user@fedora-23 ~]$ sudo mount /dev/xvdi /mnt/removable - [user@fedora-23 ~]$ sudo yum clean all - [user@fedora-23 ~]$ sudo yum --releasever=23 --enablerepo=qubes*current-testing --setopt=cachedir=/mnt/removable distro-sync - - (Poweroff via Qubes VM Manager. May need to be killed.) - - 5. If `yum` complains that there is not enough free space in `/usr/lib/modules`, - do this before reattempting the upgrade: - - [user@fedora-23 ~]$ sudo mkdir /mnt/removable/modules - [user@fedora-23 ~]$ sudo cp -rp /usr/lib/modules /mnt/removable/modules - [user@fedora-23 ~]$ sudo mount --bind /mnt/removable/modules /usr/lib/modules - - 6. `yum` may complain: - - At least X MB more space needed on the / filesystem. - - In this case, one option is to [resize the TemplateVM's disk - image](/doc/ResizeDiskImage/) before reattempting the upgrade process. - (See **Additional Information** below for other options.) - - 7. After the upgrade process is finished, remove the cache file, if you - created one. - - [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img - - 8. Trim the new template (see **Compacting the Upgraded Template** for details - and other options). - - [user@dom0 ~]$ qvm-trim-template fedora-23 - - 9. (Optional) Remove the old default template. - - [user@dom0 ~]$ sudo yum remove qubes-template-fedora-21 - - -Summary: Upgrading the Minimal Fedora 21 Template to Fedora 23 --------------------------------------------------------------- - - [user@dom0 ~]$ qvm-clone fedora-21-minimal fedora-23-minimal - [user@dom0 ~]$ qvm-run -a fedora-23-minimal xterm - [user@fedora-23-minimal ~]$ su - - [root@fedora-23-minimal ~]# yum clean all - [user@fedora-23-minimal ~]# yum --releasever=23 --enablerepo=qubes*current-testing distro-sync - - (Shut down TemplateVM by any normal means.) - - [user@dom0 ~]$ qvm-trim-template fedora-23-minimal - -(If you encounter insufficient space issues, you may need to use the methods -described for the standard template above.) - - -Differences Between the Standard and Minimal Upgrade Procedures ---------------------------------------------------------------- - -The procedure for upgrading the minimal template (or any template based on the -minimal template) is the same as the procedure for the standard template above, -**with the following exceptions**: - - 1. `gnome-terminal` is not installed by default. Unless you've installed it - (or another terminal emulator), use `xterm`. (Of course, you can also use - `xterm` for the standard template, if you prefer.) - 2. `sudo` is not installed by default. Unless you've installed it, use `su` as - demonstrated above. (Of course, you can also use `su` for the standard - template, if you prefer.) - - -Compacting the Upgraded Template -================================ - -Neither `fstrim` nor the `discard` mount option works on the TemplateVM's root -filesystem, so when a file is removed in the template, space is not freed in -dom0. This means that the template will use about twice as much space as is -really necessary after upgrading. - -If you have at least `qubes-core-dom0-2.1.68` installed or are on Qubes R3.0, -you can use the `qvm-trim-template` tool: - - [user@dom0 ~]$ qvm-trim-template fedora-23 - -If you do not have `qubes-core-dom0-2.1.68` or are on older Qubes version, you can -compact the `root.img` manually. To do this, you will need about 15GB (the -TemplateVM's max size + the actually used space there) free space in dom0. - - 1. Start the template and fill all the free space with zeros, for example - with: - - [user@fedora-23 ~]$ dd if=/dev/zero of=/var/tmp/zero - - 2. Wait for the "No space left on device" error. Then: - - [user@fedora-23 ~]$ rm -f /var/tmp/zero - - 3. Shut down the template and all VMs based on it. Then: - - [user@dom0 ~]$ cd /var/lib/qubes/vm-templates/fedora-23 - [user@dom0 ~]$ cp --sparse=always root.img root.img.new - [user@dom0 ~]$ mv root.img.new root.img - - -Additional Information -====================== - -As mentioned above, you may encounter the following `yum` error: - - At least X MB more space needed on the / filesystem. - -In this case, you have several options: - - 1. [Increase the TemplateVM's disk image size](/doc/resize-disk-image/). - This is the solution mentioned in the main instructions above. - 2. Delete files in order to free up space. One way to do this is by - uninstalling packages. You may then reinstalling them again after you - finish the upgrade process, if desired). However, you may end up having to - increase the disk image size anyway (see previous option). - 3. Increase the `root.img` size with `qvm-grow-root`. It should be easy to - extend the `qvm-grow-root` tool in order to support PV (and not only HVM) - VMs. This is already done in R3.1. - 4. Do the upgrade in parts, e.g., by using package groups. (First upgrade - `@core` packages, then the rest.) - 5. Do not perform an in-place upgrade. Instead, simply download and install a - new template package, then redo all desired template modifications. - -With regard to the last option, here are some useful messages from the mailing -list which also apply to TemplateVM management and migration in general: - - * [Marek](https://groups.google.com/d/msg/qubes-users/mCXkxlACILQ/dS1jbLRP9n8J) - * [Jason M](https://groups.google.com/d/msg/qubes-users/mCXkxlACILQ/5PxDfI-RKAsJ) - -Upgrading to Fedora 22 -====================== - -You may choose to upgrade to Fedora 22 instead of Fedora 23. In that case, -simply replace version "23" with "22" in all above commands. - -Known issues with Fedora 23 -=========================== - -* [Graphical update tools (using PackageKit) does not work](https://github.com/QubesOS/qubes-issues/issues/982). -* [Dnf (new Fedora package manager) needs a lot of time to process repository metadata](https://bugzilla.redhat.com/show_bug.cgi?id=1227014), you may want to use `yum-deprecated` for now -* ["Terminal" shortcuts do not work because the desktop file in the VM has been renamed](https://github.com/QubesOS/qubes-issues/issues/1428). See the issue report for how to update your configuration to match. From 2b60f7e39dd7960434eb2baf147919d904009983 Mon Sep 17 00:00:00 2001 From: Oleg Artemev Date: Fri, 28 Dec 2018 00:59:39 +0300 Subject: [PATCH 004/103] added note on DevOps/CI with Salt and with ansible --- about/faq.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/about/faq.md b/about/faq.md index 3afde8b2..e46a80bc 100644 --- a/about/faq.md +++ b/about/faq.md @@ -582,3 +582,10 @@ Arguably secure boot reliance on UEFI integrity is not the best design. The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested. Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS. See the Heads project [[1]](https://trmm.net/Heads) [[2]](http://osresearch.net/) for a better-designed non-UEFI-based secure boot scheme with very good support for Qubes. + +### Is there a way to automate tasks like with Continuous Integration / DevOps? + +Yes. Since Qubes 3.1 there is [Salt / SaltStack](/doc/salt/) support by Qubes Team. +Also there is an [external project for Qubes 3.x that uses ansible](https://github.com/Rudd-O/ansible-qubes) . +With it "you can completely script the setup and maintenance of an entire network of Qubes OS machines". Though note, that this stuff is NOT from Qubes Team and managing Dom0 from qube in Qubes 3.x is against Qubes security model (you have been warned). + From 68f3beaf5e9b5b0241ffe57c464e11856e824fce Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 29 Dec 2018 02:07:28 -0600 Subject: [PATCH 005/103] Improve language --- about/faq.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/about/faq.md b/about/faq.md index e46a80bc..6d19084b 100644 --- a/about/faq.md +++ b/about/faq.md @@ -583,9 +583,8 @@ The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS. See the Heads project [[1]](https://trmm.net/Heads) [[2]](http://osresearch.net/) for a better-designed non-UEFI-based secure boot scheme with very good support for Qubes. -### Is there a way to automate tasks like with Continuous Integration / DevOps? +### Is there a way to automate tasks for continuous integration or DevOps? -Yes. Since Qubes 3.1 there is [Salt / SaltStack](/doc/salt/) support by Qubes Team. -Also there is an [external project for Qubes 3.x that uses ansible](https://github.com/Rudd-O/ansible-qubes) . -With it "you can completely script the setup and maintenance of an entire network of Qubes OS machines". Though note, that this stuff is NOT from Qubes Team and managing Dom0 from qube in Qubes 3.x is against Qubes security model (you have been warned). +Yes, Qubes natively supports automation via [Salt (SaltStack)](/doc/salt/). +There is also the unofficial [ansible-qubes toolkit](https://github.com/Rudd-O/ansible-qubes) (which has not been reviewed or endorsed by the Qubes team). From 40c64a0dd2a27a088f437ade7772d5b4918b5e99 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 29 Dec 2018 17:32:42 -0600 Subject: [PATCH 006/103] Add explicit security warning about ansible-qubes --- about/faq.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/about/faq.md b/about/faq.md index 6d19084b..cffb36aa 100644 --- a/about/faq.md +++ b/about/faq.md @@ -586,5 +586,6 @@ See the Heads project [[1]](https://trmm.net/Heads) [[2]](http://osresearch.net/ ### Is there a way to automate tasks for continuous integration or DevOps? Yes, Qubes natively supports automation via [Salt (SaltStack)](/doc/salt/). -There is also the unofficial [ansible-qubes toolkit](https://github.com/Rudd-O/ansible-qubes) (which has not been reviewed or endorsed by the Qubes team). +There is also the unofficial [ansible-qubes toolkit](https://github.com/Rudd-O/ansible-qubes). +(**Warning:** Since this is an external project that has not been reviewed or endorsed by the Qubes team, [allowing it to manage dom0 may be a security risk](/doc/security-guidelines/#dom0-precautions).) From f23d1e22b647c79b4142f5bd99f32423cfd1306e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 7 Jan 2019 22:57:09 +0100 Subject: [PATCH 007/103] upgrade-28-to-29: drop parts not applicable anymore - there is no Fedora 29 for R3.2 - workaround for python2-xcffib isn't needed anymore --- .../templates/fedora/upgrade-28-to-29.md | 182 +----------------- 1 file changed, 5 insertions(+), 177 deletions(-) diff --git a/managing-os/templates/fedora/upgrade-28-to-29.md b/managing-os/templates/fedora/upgrade-28-to-29.md index bec5dff8..73d1581f 100644 --- a/managing-os/templates/fedora/upgrade-28-to-29.md +++ b/managing-os/templates/fedora/upgrade-28-to-29.md @@ -31,183 +31,6 @@ For most users, this behavior should not cause a problem, since a TemplateVM in However, if you wish to have the RPM Fusion repo definitions after upgrading in a TemplateVM in which they are currently disabled, you may wish to temporarily enable them prior to upgrading or manually create, copy, or download them after upgrading. -Workaround for `python2-xcffib` upgrade error ---------------------------------------------- - -When attempting to upgrade from Fedora 26 or 28 to Fedora 29, you may encounter an error similar to this: - - Error: Transaction check error: - file /usr/lib/python2.7/site-packages/xcffib-0.5.1-py2.7.egg-info/PKG-INFO from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch - file /usr/lib/python2.7/site-packages/xcffib/_ffi.pyc from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch - file /usr/lib/python2.7/site-packages/xcffib/_ffi.pyo from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch - file /usr/lib/python2.7/site-packages/xcffib/xinput.pyc from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch - file /usr/lib/python2.7/site-packages/xcffib/xinput.pyo from install of python2-xcffib-0.5.1-5.fc29.noarch conflicts with file from package python-xcffib-0.5.1-1.fc26.noarch - -To work around this error: - -1. Upgrade while excluding the problematic packages by using `-x python2-xcffib -x qubes-gui-vm -x qubes-gui-agent`. -2. Upgrade `python2-xcffib` using `sudo dnf swap python-xcffib python2-xcffib`. - (This should automatically upgrade the other excluded packages too.) - - -Qubes 3.2 Instructions ----------------------- - -### Summary: Upgrading the Standard Fedora 28 Template to Fedora 29 ### - -**Note:** The prompt on each line indicates where each command should be entered -(`@dom0` or `@fedora-29`). - - [user@dom0 ~]$ qvm-clone fedora-28 fedora-29 - [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img - [user@dom0 ~]$ qvm-run -a fedora-29 gnome-terminal - [user@dom0 ~]$ qvm-block -A fedora-29 dom0:/var/tmp/template-upgrade-cache.img - [user@fedora-29 ~]$ sudo mkfs.ext4 /dev/xvdi - [user@fedora-29 ~]$ sudo mount /dev/xvdi /mnt/removable - [user@fedora-29 ~]$ sudo dnf clean all - [user@fedora-29 ~]$ sudo dnf --releasever=29 --setopt=cachedir=/mnt/removable --best --allowerasing -x python2-tornado distro-sync - - (Shut down TemplateVM by any normal means.) - - [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img - [user@dom0 ~]$ qvm-trim-template fedora-29 - -(Optional cleanup: Switch everything over to the new template and delete the old -one. See instructions below for details.) - - -### Detailed: Upgrading the Standard Fedora 28 Template to Fedora 29 ### - -These instructions will show you how to upgrade the standard Fedora 28 -TemplateVM to Fedora 29. The same general procedure may be used to upgrade any -template based on the standard Fedora 28 template. - -**Note:** The command-line prompt on each line indicates where each command -should be entered (`@dom0` or `@fedora-29`). - - 1. Ensure the existing template is not running. - - [user@dom0 ~]$ qvm-shutdown fedora-28 - - 2. Clone the existing template and start a terminal in the new template. - - [user@dom0 ~]$ qvm-clone fedora-28 fedora-29 - [user@dom0 ~]$ qvm-run -a fedora-29 gnome-terminal - - 3. Attempt the upgrade process in the new template. - - [user@fedora-29 ~]$ sudo dnf clean all - [user@fedora-29 ~]$ sudo dnf --releasever=29 distro-sync --best --allowerasing - - **Note:** `dnf` might ask you to approve importing a new package signing - key. For example, you might see a prompt like this one: - - warning: /mnt/removable/updates-0b4cc238d1aa4ffe/packages/kernel-4.18.17-300.fc29.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 429476b4: NOKEY - Importing GPG key 0x429476B4: - Userid : "Fedora 29 (29) " - Fingerprint: 5A03 B4DD 8254 ECA0 2FDA 1637 A20A A56B 4294 76B4 - From : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-x86_64 - Is this ok [y/N]: y - - - This key was already checked when it was installed (notice that the "From" - line refers to a location on your local disk), so you can safely say yes to - this prompt. - - **Note:** If you encounter no errors, proceed to step 4. If you do encounter - errors, see the next two points first. - - * If `dnf` reports that you do not have enough free disk space to proceed - with the upgrade process, create an empty file in dom0 to use as a cache - and attach it to the template as a virtual disk. - - [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img - [user@dom0 ~]$ qvm-block -A fedora-29 dom0:/var/tmp/template-upgrade-cache.img - - Then reattempt the upgrade process, but this time use the virtual disk - as a cache. - - [user@fedora-29 ~]$ sudo mkfs.ext4 /dev/xvdi - [user@fedora-29 ~]$ sudo mount /dev/xvdi /mnt/removable - [user@fedora-29 ~]$ sudo dnf clean all - [user@fedora-29 ~]$ sudo dnf --releasever=29 --setopt=cachedir=/mnt/removable --best --allowerasing distro-sync - - If this attempt is successful, proceed to step 4. - - * `dnf` may complain: - - At least X MB more space needed on the / filesystem. - - In this case, one option is to [resize the TemplateVM's disk - image][resize-disk-image] before reattempting the upgrade process. - (See [Additional Information] below for other options.) - - 4. Check that you are on the correct (new) fedora release. - - [user@fedora-29 ~]$ cat /etc/fedora-release - - 5. Shut down the new TemplateVM (from the command-line or Qubes VM Manager). - - [user@dom0 ~]$ qvm-shutdown fedora-29 - - 6. Remove the cache file, if you created one. - - [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img - - 7. Trim the new template (see [Compacting the Upgraded Template] for details - and other options). - - [user@dom0 ~]$ qvm-trim-template fedora-29 - - 8. (Recommended) [Switch everything that was set to the old template to the new - template.][switching-3.2] - - 9. (Optional) Remove the old template. (Make sure to type `fedora-28`, not - `fedora-29`.) - - [user@dom0 ~]$ sudo dnf remove qubes-template-fedora-28 - - -### Compacting the Upgraded Template ### - -Neither `fstrim` nor the `discard` mount option works on the TemplateVM's root -filesystem, so when a file is removed in the template, space is not freed in -dom0. This means that the template will use about twice as much space as is -really necessary after upgrading. - -You can use the `qvm-trim-template` tool: - - [user@dom0 ~]$ qvm-trim-template fedora-29 - - -### Upgrading StandaloneVMs ### - -The procedure for upgrading a StandaloneVM from Fedora 28 to Fedora 29 is the -same as for a TemplateVM, except that `qvm-trim-template` does not work on -StandaloneVMs. Instead, you should run the following command inside the -StandaloneVM in order to compact it: - - $ sudo fstrim -v -a - - -### Summary: Upgrading the Minimal Fedora 28 Template to Fedora 29 ### - -**Note:** The prompt on each line indicates where each command should be entered -(`@dom0` or `@fedora-29`). - - [user@dom0 ~]$ qvm-clone fedora-28-minimal fedora-29-minimal - [user@dom0 ~]$ qvm-run -u root -a fedora-29-minimal xterm - [root@fedora-29-minimal ~]# dnf clean all - [user@fedora-29-minimal ~]# dnf --releasever=29 --best --allowerasing distro-sync - - (Shut down TemplateVM by any normal means.) - - [user@dom0 ~]$ qvm-trim-template fedora-29-minimal - -(If you encounter insufficient space issues, you may need to use the methods -described for the standard template above.) - - Qubes 4.0 Instructions ---------------------- @@ -351,6 +174,11 @@ same as for a TemplateVM. described for the standard template above.) +Qubes 3.2 +--------- + +Fedora 29 is currently not supported on Qubes 3.2. Since official support for Qubes 3.2 ends (2019-03-28) before end of support for Fedora 28 (not earlier than 2019-05-30), Qubes team does not plan to add support for Fedora 29 to Qubes 3.2. + Additional Information ---------------------- From 4db8af204adce14559c9d9a66983ce5f0897d0cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 7 Jan 2019 23:23:40 +0100 Subject: [PATCH 008/103] Update main templates page --- managing-os/templates.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/managing-os/templates.md b/managing-os/templates.md index f41d9669..1cd20712 100644 --- a/managing-os/templates.md +++ b/managing-os/templates.md @@ -81,9 +81,8 @@ When you install a new template or upgrade a clone of a template, it is recommen Applications Menu --> System Tools --> Qubes Global Settings --> Default template 2. Base AppVMs on the new template. - In Qubes Manager, for each VM that is currently based on `old-template` that you would like to base on `new-template`, enter its VM settings and change the Template selection: - Applications Menu --> (select a VM) --> VM settings --> Template + Applications Menu --> System Tools --> Qubes Template Manager 3. Base the [DVM Template](/doc/glossary/#dvm-template) on the new template. @@ -99,7 +98,7 @@ Invisible Things Lab (ITL) Supported templates These are the templates ITL builds and releases updates for. ITL guarantees that the binary updates are compiled from exactly the same source code as we publish. - * Fedora (default base template) + * [Fedora](/doc/templates/fedora/) (default base template) * [Fedora - Minimal](/doc/templates/fedora-minimal) * [Debian](/doc/templates/debian/) From 1b84b7b53f2307e86094376fff00eeefba852d69 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 7 Jan 2019 21:19:45 -0600 Subject: [PATCH 009/103] Add link to Fedora 28 to 29 upgrade instructions --- managing-os/templates/fedora.md | 1 + 1 file changed, 1 insertion(+) diff --git a/managing-os/templates/fedora.md b/managing-os/templates/fedora.md index ebe8e980..9e23322d 100644 --- a/managing-os/templates/fedora.md +++ b/managing-os/templates/fedora.md @@ -55,6 +55,7 @@ Upgrading To upgrade your Fedora TemplateVM, please consult the guide that corresponds to your situation: + * [Upgrading the Fedora 28 Template to Fedora 29](/doc/template/fedora/upgrade-28-to-29/) * [Upgrading the Fedora 27 Template to Fedora 28](/doc/template/fedora/upgrade-27-to-28/) * [Upgrading the Fedora 26 Template to Fedora 27](/doc/template/fedora/upgrade-26-to-27/) * [Upgrading the Fedora 25 Template to Fedora 26](/doc/template/fedora/upgrade-25-to-26/) From e6d3ad3b7d1966d45a3bb5359e24967fd249f877 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 8 Jan 2019 21:12:41 -0600 Subject: [PATCH 010/103] Encourage all good changes, not just fixing errors --- basics_user/doc-guidelines.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/basics_user/doc-guidelines.md b/basics_user/doc-guidelines.md index 4aef9550..6f325f1d 100644 --- a/basics_user/doc-guidelines.md +++ b/basics_user/doc-guidelines.md @@ -34,12 +34,12 @@ To report an issue with the documentation, please follow our standard [issue rep How to Contribute ----------------- -Editing the documentation is easy, so if you spot any errors, please help us -fix them! (As mentioned above, the documentation maintainers are just volunteers -who have day jobs of their own, so we rely heavily on the community to improve -the documentation.) Since Qubes is a security-oriented project, every -documentation change will be reviewed before it's published to the web. This -allows us to maintain quality control and protect our users. +Editing the documentation is easy, so if you see that a change should be made, +please contribute it! (As mentioned above, the documentation maintainers are +just volunteers who have day jobs of their own, so we rely heavily on the +community to improve the documentation.) Since Qubes is a security-oriented +project, every documentation change will be reviewed before it's published to +the web. This allows us to maintain quality control and protect our users. As mentioned above, we keep all the documentation in a dedicated [Git repository][qubes-doc] hosted on [GitHub]. Thanks to the GitHub's interface, you can From 154c307931fde71cc6c23a0ac5177394433d8765 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 9 Jan 2019 07:33:13 -0600 Subject: [PATCH 011/103] Update doc guidelines - Suggest filing an issue to discuss major work before starting - Note that nonconforming PRs can still be submitted for content review - Unwrap lines - Minor textual fixes and improvements --- basics_user/doc-guidelines.md | 98 +++++++++++++++++------------------ 1 file changed, 47 insertions(+), 51 deletions(-) diff --git a/basics_user/doc-guidelines.md b/basics_user/doc-guidelines.md index 6f325f1d..8a7edca9 100644 --- a/basics_user/doc-guidelines.md +++ b/basics_user/doc-guidelines.md @@ -11,15 +11,12 @@ redirect_from: Documentation Guidelines ======================== -All Qubes OS documentation pages are stored as plain text files in the -dedicated [qubes-doc] repository. By cloning and regularly pulling from -this repo, users can maintain their own up-to-date offline copy of all Qubes -documentation rather than relying solely on the Web. +All Qubes OS documentation pages are stored as plain text files in the dedicated [qubes-doc] repository. +By cloning and regularly pulling from this repo, users can maintain their own up-to-date offline copy of all Qubes documentation rather than relying solely on the web. -The documentation is a community effort. Volunteers work hard trying to -keep everything accurate and comprehensive. If you notice a problem with the -documentation or some way it can be improved, please [report] it! Better -yet, you can [edit the documentation][contribute] yourself, both to add or improve existing content. +The documentation is a community effort. Volunteers work hard trying to keep everything accurate and comprehensive. +If you notice a problem with the documentation or some way it can be improved, please [report][issue] it! +Better yet, you can [edit the documentation][contribute] yourself, both to add or improve existing content. Questions, problems, and improvements @@ -27,32 +24,35 @@ Questions, problems, and improvements If you have a question about something you read in the documentation, please send it to the appropriate [mailing list][support]. If you see that something in the documentation should be fixed or improved, please [contribute] the change yourself. -To report an issue with the documentation, please follow our standard [issue reporting guidelines][report]. +To report an issue with the documentation, please follow our standard [issue reporting guidelines][issue]. (If you report an issue with the documentation, you will likely be asked to address it, unless there is a clear indication in your report that you are not willing or able to do so.) How to Contribute ----------------- -Editing the documentation is easy, so if you see that a change should be made, -please contribute it! (As mentioned above, the documentation maintainers are -just volunteers who have day jobs of their own, so we rely heavily on the -community to improve the documentation.) Since Qubes is a security-oriented -project, every documentation change will be reviewed before it's published to -the web. This allows us to maintain quality control and protect our users. +Editing the documentation is easy, so if you see that a change should be made, please contribute it! -As mentioned above, we keep all the documentation in a dedicated [Git -repository][qubes-doc] hosted on [GitHub]. Thanks to the GitHub's interface, you can -edit the documentation even if you don't know Git at all! The only thing you -need is a GitHub account, which is free. +A few notes before we get started: -(Note: If you're already familiar with GitHub or wish to work from the command -line, you can skip the rest of this section. All you need to do to contribute is -to [fork and clone][gh-fork] the [qubes-doc] repo, make your changes, then -[submit a pull request][gh-pull].) + * Since Qubes is a security-oriented project, every documentation change will be reviewed before it's accepted. + This allows us to maintain quality control and protect our users. + * We don't want you to spend time and effort on a contribution that we can't accept. + If your contribution would take a lot of time, please [file an issue][issue] for it first so that we can make sure we're on the same page before significant works begins. + * Alternatively, you may already have written content that doesn't conform to these guidelines, but you'd be willing to modify it so that it does. + In this case, you can still submit it by following the instructions below. + Just make a note in your pull request that you're aware of the changes that need to be made and that you're just asking for the content to be reviewed before you spend time making those changes. -Ok, let's start. Every documentation page has an "Edit this page" button. It may -be on the right side (in the desktop layout): +As mentioned above, we keep all the documentation in a dedicated [Git repository][qubes-doc] hosted on [GitHub]. +Thanks to GitHub's interface, you can edit the documentation even if you don't know Git at all! +The only thing you need is a GitHub account, which is free. + +(**Note:** If you're already familiar with GitHub or wish to work from the command line, you can skip the rest of this section. +All you need to do to contribute is to [fork and clone][gh-fork] the [qubes-doc] repo, make your changes, then [submit a pull request][gh-pull].) + +Ok, let's start. +Every documentation page has an "Edit this page" button. +It may be on the side (in the desktop layout): ![edit-button-desktop](/attachment/wiki/doc-edit/03-button2.png) @@ -60,48 +60,43 @@ Or at the bottom (in the mobile layout): ![edit-button-mobile](/attachment/wiki/doc-edit/02-button1.png) -When you click on it, you'll be prompted for your GitHub username and password -(if you aren't already logged in). You can also create an account from here. +When you click on it, you'll be prompted for your GitHub username and password (if you aren't already logged in). +You can also create an account from here. ![github-sign-in](/attachment/wiki/doc-edit/04-sign-in.png) -If this is your first contribution to the documentation, you need to "fork" the -repository (make your own copy). It's easy --- just click the big green button -on the next page. This step is only needed the first time you make a -contribution. +If this is your first contribution to the documentation, you need to "fork" the repository (make your own copy). It's easy --- just click the big green button on the next page. +This step is only needed the first time you make a contribution. ![fork](/attachment/wiki/doc-edit/05-fork.png) -Now you can make your modifications. You can also preview the changes to see how -they'll be formatted by clicking the "Preview changes" tab. **Important:** If -you're making any formatting changes, please [render the site locally] to verify -that everything looks correct before submitting any changes. +Now you can make your modifications. +You can also preview the changes to see how they'll be formatted by clicking the "Preview changes" tab. +If you're making formatting changes, please [render the site locally] to verify that everything looks correct before submitting any changes. ![edit](/attachment/wiki/doc-edit/06-edit.png) -Once you're finished, describe your changes at the bottom and click "Propose file -change". +Once you're finished, describe your changes at the bottom and click "Propose file change". ![commit](/attachment/wiki/doc-edit/07-commit-msg.png) -After that, you'll see exactly what modifications you've made. At this stage, -those changes are still in your own copy of the documentation ("fork"). If -everything looks good, send those changes to us by pressing the "Create pull -request" button. +After that, you'll see exactly what modifications you've made. +At this stage, those changes are still in your own copy of the documentation ("fork"). +If everything looks good, send those changes to us by pressing the "Create pull request" button. ![pull-request](/attachment/wiki/doc-edit/08-review-changes.png) -You will be able to adjust the pull request message and title there. In most -cases, the defaults are ok, so you can just confirm by pressing the "Create pull -request" button again. +You will be able to adjust the pull request message and title there. +In most cases, the defaults are ok, so you can just confirm by pressing the "Create pull request" button again. ![pull-request-confirm](/attachment/wiki/doc-edit/09-create-pull-request.png) -That's all! We will review your changes. If everything looks good, we'll pull -them into the official documentation. Otherwise, we may have some questions for -you, which we'll post in a comment on your pull request. (GitHub will -automatically notify you if we do.) If, for some reason, we can't accept your -pull request, we'll post a comment explaining why we can't. +That's all! +We will review your changes. +If everything looks good, we'll pull them into the official documentation. +Otherwise, we may have some questions for you, which we'll post in a comment on your pull request. +(GitHub will automatically notify you if we do.) +If, for some reason, we can't accept your pull request, we'll post a comment explaining why we can't. ![done](/attachment/wiki/doc-edit/10-done.png) @@ -115,7 +110,7 @@ To add an image to a page, use the following syntax in the main document: ![Image Title](/attachment/wiki/page-title/image-filename.png) ``` -Then, submit your image(s) in a separate pull request to the [qubes-attachment](https://github.com/QubesOS/qubes-attachment) repository using the same path and filename. +Then, submit your image(s) in a separate pull request to the [qubes-attachment] repository using the same path and filename. Version-specific Documentation @@ -297,7 +292,7 @@ Please try to write good commit messages, according to the [qubes-doc]: https://github.com/QubesOS/qubes-doc [glossary]: /doc/glossary/ -[report]: /doc/reporting-bugs/ +[issue]: /doc/reporting-bugs/ [contribute]: #how-to-contribute [qubes-issues]: https://github.com/QubesOS/qubes-issues/issues [gh-fork]: https://guides.github.com/activities/forking/ @@ -311,4 +306,5 @@ Please try to write good commit messages, according to the [md]: https://daringfireball.net/projects/markdown/ [git-commit]: /doc/coding-style/#commit-message-guidelines [render the site locally]: https://github.com/QubesOS/qubesos.github.io#instructions +[qubes-attachment]: https://github.com/QubesOS/qubes-attachment From 3ebcd9e5565a0cc50460a6040e105edc65d04dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marta=20Marczykowska-G=C3=B3recka?= Date: Fri, 11 Jan 2019 13:27:50 +0100 Subject: [PATCH 012/103] Updated resize-disk-image for clarity Rewritten the doc for more clarity and explicit mention of GUI tools. The R4.0 section was needlessly complicated and seemed more scary than the procedure really is (resize and don't worry, in most cases). Depends on https://github.com/QubesOS/qubes-attachment/pull/17 --- configuration/resize-disk-image.md | 77 ++++++++++++++++-------------- 1 file changed, 41 insertions(+), 36 deletions(-) diff --git a/configuration/resize-disk-image.md b/configuration/resize-disk-image.md index 88b0fcee..08566001 100644 --- a/configuration/resize-disk-image.md +++ b/configuration/resize-disk-image.md @@ -15,40 +15,19 @@ Resize Disk Image ----------------- There are several disk images which can be easily extended, but pay attention to the overall consumed space of your sparse/thin disk images. +In most cases, the GUI tool Qube Settings (available for every qube from the Start menu, and also in the Qube Manager) will allow you to easily increase maximum disk image size. + +![vm-settings-disk-image.png](/attachment/wiki/DiskSize/vm-settings-disk-image.png) + +In case of standalone qubes and templates, just change the Disk Storage settings above. +In case of template-based qubes, the private storage (the /home directory and user files) can be changed in the qube's own settings, but the system root image is [inherited from the template](/getting-started/#appvms-qubes-and-templatevms), and so it must be changed in the template settings. +If you are increasing the disk image size for Linux-based qubes installed from Qubes OS repositories in Qubes 4.0 or later, changing the settings above is all you need to do - in other cases, you may need to do more, according to instructions below. See also [OS Specific Follow-up Instructions](/doc/resize-disk-image/#os-specific-follow-up-instructions) at the end of this page. -Since a TemplateBasedVM [inherits its system filesystem from the Template on which it is based](/getting-started/#appvms-qubes-and-templatevms), it is not possible to resize the system disk for a TemplateBasedVM. +### Resize disk image (R4.0) -### Template disk image (R4.0) - -If you want install a lot of software in your TemplateVM, you may need to increase the amount of disk space your TemplateVM can use. -*Make sure changes in the TemplateVM between reboots don't exceed 10G.* - -1. Resize the *root image* using Qubes version specific procedure below. -2. Start the template. -3. Resize the filesystem using OS appropriate tools (Qubes will handle this automatically under Linux). -4. Verify available space in the template using `df -h` or OS specific tools. -5. Shutdown the template. - -### Template disk image (R3.2) - -If you want install a lot of software in your TemplateVM, you may need to increase the amount of disk space your TemplateVM can use. -*Make sure changes in the TemplateVM between reboots don't exceed 10G.* - -1. Make sure that all the VMs based on this template are shut down (including netvms etc). -2. Resize the *root image* using Qubes version specific procedure below. -3. If any netvm/proxyvm used by this template is based on it, set template's netvm to none. -4. Start the template. -5. Resize the filesystem using OS appropriate tools (Linux is `sudo resize2fs /dev/mapper/dmroot`). -6. Verify available space in the template using `df -h` or OS specific tools. -7. Shutdown the template. -8. Restore original netvm setting (if changed), and check firewall settings (setting netvm to none causes the firewall to reset to "block all") - -### Expand disk image (R4.0) - -1048576 MiB is the maximum size which can be assigned to storage through Qube Manager. - -To grow the root or private disk image of an AppVM beyond this limit, `qvm-volume` can be used: +Use either GUI tool Qube Settings (`qubes-vm-settings`) or the CLI tool `qvm-volume`. +Maximum size which can be assigned through Qube Settings is 1048576 MiB - if you need more, use `qvm-volume`: ~~~ qvm-volume extend :root @@ -60,6 +39,31 @@ qvm-volume extend :private Note: Size is the target size (i.e. 4096MB or 16GB, ...), not the size to add to the existing disk. +If you have run out of space for software in your Template, you need to increase *root image* of the Template (not private storage!). +**Make sure changes in the Template between reboots don't exceed 10G.** +It is recommended to restart (or start and then shutdown, if it is not running) the template after resizing the root image. + +If you are **not** using Linux in the qube, you will also need to: + +1. Start the template. +2. Resize the filesystem using OS appropriate tools. +3. Verify available space in the template using `df -h` or OS specific tools. +4. Shutdown the template. + +### Template disk image (R3.2) + +If you want install a lot of software in your TemplateVM, you may need to increase the amount of disk space your TemplateVM can use. +*Make sure changes in the TemplateVM between reboots don't exceed 10G.* + +1. Make sure that all the VMs based on this template are shut down (including netvms etc). +2. Resize the *root image* using the procedure below. +3. If any netvm/proxyvm used by this template is based on it, set template's netvm to none. +4. Start the template. +5. Resize the filesystem using OS appropriate tools (Linux is `sudo resize2fs /dev/mapper/dmroot`). +6. Verify available space in the template using `df -h` or OS specific tools. +7. Shutdown the template. +8. Restore original netvm setting (if changed), and check firewall settings (setting netvm to none causes the firewall to reset to "block all") + ### Expand disk image (R3.2) 1048576 MB is the maximum size which can be assigned to storage through Qubes Manager. @@ -78,8 +82,8 @@ Note: Size is the target size (i.e. 4096MB or 16GB, ...), not the size to add to ### Resize a StandaloneVM Root Image -For more flexibility, you may also turn your TemplateVM into a StandaloneVM. -Doing this means it will have its own root filesystem *(StandaloneVMs use a copy of the template, instead of smart sharing)*. +For more flexibility, you may also turn your Template into a Standalone qube. +Doing this means it will have its own root filesystem *(Standalone qubes use a copy of the template, instead of smart sharing)*. To do this run `qvm-create --standalone` from `dom0` console, then perform the [OS Specific Follow-up Instructions](/doc/resize-disk-image/#os-specific-follow-up-instructions) below. ### Shrinking a disk image @@ -94,7 +98,8 @@ Note that we don't want to touch the VM filesystem directly in dom0 for security OS Specific Follow-up Instructions ----------------- -After expanding volumes, the partition table and file-system may need to be adjusted. +In the case of Linux-based qubes installed from Qubes repositories, no further actions are required. +In some other cases, after expanding volumes, the partition table and file-system may need to be adjusted. Use tools appropriate to the OS in your qube. Brief instructions for Windows 7, FreeBSD, and Linux are provided below. @@ -118,6 +123,6 @@ zpool online -e poolname ada0 #### Linux -Qubes will automatically grow the filesystem for you on AppVMs but not HVMs (or Template root images on R3.2). -You will see that there is unallocated free space at the end of your primary disk. +Qubes will automatically grow the filesystem for you on all AppVMs with Qubes packages installed (which are all AppVMs installed from templates, cloned from templates etc. - if you have not created an empty HVM and installed a Linux distribution in it, without using Qubes repositories, you are almost certainly safe). +Otherwise, you will see that there is unallocated free space at the end of your primary disk. You can use standard linux tools like `fdisk` and `resize2fs` to make this space available. From 66d6918be65a03099ab0d81a53257d03d3b21456 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 12 Jan 2019 15:26:37 -0600 Subject: [PATCH 013/103] Update custom installation instructions for 4.0 --- installing/custom-install.md | 186 +++++++++++++++++++++++++++++++---- 1 file changed, 169 insertions(+), 17 deletions(-) diff --git a/installing/custom-install.md b/installing/custom-install.md index 56c540c3..1ff9547a 100644 --- a/installing/custom-install.md +++ b/installing/custom-install.md @@ -13,35 +13,183 @@ In the present context, "custom installation" refers to things like manual partitioning, setting up LVM and RAID, and manual LUKS encryption configuration. -Installer Defaults (R3.2) -------------------------- +## Qubes 4.0 + +### Installer Defaults + +For reference, these are the typical defaults for a single disk: + +~~~ +Mount Point: /boot +Desired Capacity: 1024 MiB +Device Type: Standard Partition +File System: ext4 +Name: (none) + +Mount Point: / +Desired Capacity: (your choice) +Device Type: LVM Thin Provisioning +Volume Group: qubes_dom0 +File System: ext4 +Name: root + +Mount Point: (none) +Desired Capacity: 15.37 GiB +Device Type: LVM +Volume Group: qubes_dom0 +File System: swap +Name: swap +~~~ + +~~~ +SUMMARY OF CHANGES + +Order Action Type Device Mount point + +1 Destroy Format Unknown Disk (sda) +2 Create Format partition table (MSDOS) Disk (sda) +3 Create Device partition sda1 on Disk +4 Create Format ext4 sda1 on Disk /boot +5 Create Device partition sda2 on Disk +6 Create Format LUKS sda2 on Disk +7 Create Device luks/dm-crypt luks-sda2 +8 Create Format physical volume (LVM) luks-sda2 +9 Create Device lvmvg qubes_dom0 +10 Create Device lvmthinpool qubes_dom0-pool00 +11 Create Device lvmthinlv qubes_dom0-root +12 Create Device lvmlv qubes_dom0-swap +13 Create Format swap qubes_dom0-swap +14 Create Format ext4 qubes_dom0-root / +~~~ + + +### Typical Partition Schemes + +If you want your partition/LVM scheme to look like the Qubes default but +with a few tweaks, follow these examples. With a single disk, the result +should look something like this: + +~~~ +NAME SIZE TYPE MOUNTPOINT +sda disk +├──sda1 1G part /boot +└──sda2 part + └──luks- crypt + ├──qubes_dom0-pool00_tmeta lvm + ├──qubes_dom0-pool00_tdata lvm + └──qubes_dom0-swap lvm [SWAP] +~~~ + + +### Encryption Defaults + +By default, `cryptsetup 1.7.5` will create a LUKS/dm-crypt volume as follows: + +~~~ +Version: 1 +Cipher name: aes +Cipher mode: xts-plain64 +Hash spec: sha256 +~~~ + +~~~ +$ cryptsetup --help +[...] +Default compiled-in device cipher parameters: + loop-AES: aes, Key 256 bits + plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripdemd160 + LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha256, RNG: /dev/urandom +~~~ + +This means that, by default, Qubes inherits these upstream defaults: + + - AES-128 [[1]][cryptsetup-faq][[2]][dm-crypt][[3]][tomb-238] + - SHA-256 + - `/dev/urandom` + - probably an `iter-time` of one second + +If, instead, you'd like to use AES-256, SHA-512, `/dev/random`, and a longer `iter-time`, you can configure encryption manually by following the instructions below. + + +### Example: Custom LUKS Configuration + +Boot into the Qubes installer, then press `ctrl`+`alt`+`F2` to get a virtual console. + +1. (Optional) Wipe the disk: + + # dd if=/dev/zero of=/dev/sda bs=1M status=progress && sync + +2. Create partiions: + + # fdisk /dev/sda + n + p + 1 + +1G + a + n + p + 2 + (your choice; might want to leave overprovisioning space on an SSD) + p (check and confirm that everything makes sense) + w + +4. Create LUKS encrypted volume: + + # cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512 --use-random --iter-time 10000 --verify-passphrase luksFormat /dev/sda2 + +5. Open encrypted volume: + + # cryptsetup open /dev/sda2 luks + +6. Create LVM volumes: + + # pvcreate /dev/mapper/luks + # vgcreate qubes_dom0 /dev/mapper/luks + # lvcreate -n swap -L 10G qubes_dom0 + # lvcreate -T -l +100%FREE qubes_dom0/pool00 + # lvcreate -V1G -T qubes_dom0/pool00 -n root + # lvextend -L /dev/qubes_dom0/root + +8. Proceed with the installer. + At the disk selection screen, select: + + [x] I will configure partitioning. + [ ] Encrypt my data. + +Decrypt your partition, then assign `/`, `/boot`, and `swap`. +Proceed normally from there. + + +## Qubes 3.2 + +### Installer Defaults For reference, these are the defaults for a single disk: ~~~ -Mount Point: `/` +Mount Point: / Desired Capacity: (your choice) -Device Type: `LVM` -Volume Group: `qubes_dom0` -File System: `ext4` -Name: `root` +Device Type: LVM +Volume Group: qubes_dom0 +File System: ext4 +Name: root -Mount Point: `/boot` +Mount Point: /boot Desired Capacity: 500 MiB (recommended) Device Type: Standard Partition -File System: `ext4` +File System: ext4 Mount Point: (none) Desired Capacity: 9.44 GiB (recommended) Device Type: LVM Volume Group: qubes_dom0 -File System: `swap` -Name: `swap` +File System: swap +Name: swap ~~~ -Typical Partition Schemes -------------------------- +### Typical Partition Schemes If you want your partition/LVM scheme to look like the Qubes default but with a few tweaks, follow these examples. With a single disk, the result @@ -80,8 +228,7 @@ If you're using `mdadm` software RAID, it should look something like this: ~~~ -Example: LVM on LUKS on RAID (R3.2) ------------------------------------ +### Example: LVM on LUKS on RAID0 Boot into the Qubes installer, then press `ctrl`+`alt`+`F2` to get a virtual console. @@ -128,8 +275,9 @@ console. Continue normally from here. -Manual Encryption Configuration (R3.1) --------------------------------------- +## Qubes 3.1 + +### Manual Encryption Configuration Qubes OS uses full disk encryption (FDE) by default. If you are an advanced user who wishes to customize your encryption parameters during installation, @@ -191,3 +339,7 @@ configure the encryption options while installing Qubes as follows: # cryptsetup luksDump /dev/sda2 +[cryptsetup-faq]: https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions +[dm-crypt]: https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption +[tomb-238]: https://github.com/dyne/Tomb/issues/238 + From 1b5ea5fd08bdf39701dd63fb008bde9a94756ff2 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 12 Jan 2019 15:35:51 -0600 Subject: [PATCH 014/103] Fix typo --- installing/custom-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installing/custom-install.md b/installing/custom-install.md index 1ff9547a..d1a19752 100644 --- a/installing/custom-install.md +++ b/installing/custom-install.md @@ -53,7 +53,7 @@ Order Action Type Device Mount po 5 Create Device partition sda2 on Disk 6 Create Format LUKS sda2 on Disk 7 Create Device luks/dm-crypt luks-sda2 -8 Create Format physical volume (LVM) luks-sda2 +8 Create Format physical volume (LVM) luks-sda2 9 Create Device lvmvg qubes_dom0 10 Create Device lvmthinpool qubes_dom0-pool00 11 Create Device lvmthinlv qubes_dom0-root From 2f51f414a33a5b729b61ab308448d96316c8a59a Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 14 Jan 2019 00:14:00 -0600 Subject: [PATCH 015/103] Minor cleanup and clarification --- installing/custom-install.md | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/installing/custom-install.md b/installing/custom-install.md index d1a19752..b21b2ecb 100644 --- a/installing/custom-install.md +++ b/installing/custom-install.md @@ -9,15 +9,14 @@ redirect_from: Custom Installation =================== -In the present context, "custom installation" refers to things like manual -partitioning, setting up LVM and RAID, and manual LUKS encryption configuration. +In the present context, "custom installation" refers to things like manual partitioning, setting up LVM and RAID, and manual LUKS encryption configuration. ## Qubes 4.0 ### Installer Defaults -For reference, these are the typical defaults for a single disk: +For reference, these are the typical defaults for a single disk with legacy boot: ~~~ Mount Point: /boot @@ -34,7 +33,7 @@ File System: ext4 Name: root Mount Point: (none) -Desired Capacity: 15.37 GiB +Desired Capacity: 10 GiB Device Type: LVM Volume Group: qubes_dom0 File System: swap @@ -65,9 +64,8 @@ Order Action Type Device Mount po ### Typical Partition Schemes -If you want your partition/LVM scheme to look like the Qubes default but -with a few tweaks, follow these examples. With a single disk, the result -should look something like this: +If you want your partition/LVM scheme to look like the Qubes default but with a few tweaks, follow this example. +With a single disk, the result should look something like this: ~~~ NAME SIZE TYPE MOUNTPOINT @@ -108,7 +106,7 @@ This means that, by default, Qubes inherits these upstream defaults: - `/dev/urandom` - probably an `iter-time` of one second -If, instead, you'd like to use AES-256, SHA-512, `/dev/random`, and a longer `iter-time`, you can configure encryption manually by following the instructions below. +If, instead, you'd like to use AES-256, SHA-512, `/dev/random`, and a longer `iter-time`, for example, you can configure encryption manually by following the instructions below. ### Example: Custom LUKS Configuration @@ -119,20 +117,14 @@ Boot into the Qubes installer, then press `ctrl`+`alt`+`F2` to get a virtual con # dd if=/dev/zero of=/dev/sda bs=1M status=progress && sync -2. Create partiions: +2. Create partitions: # fdisk /dev/sda - n - p - 1 - +1G - a - n - p - 2 - (your choice; might want to leave overprovisioning space on an SSD) - p (check and confirm that everything makes sense) - w + + Follow the steps to create two partitions: + + - ~500MiB-1GiB for `/boot` + - The rest for `/` (might want to leave some for overprovisioning if it's an SSD) 4. Create LUKS encrypted volume: From c36933c0180b73e55b1a81c6384096f527ac7c0c Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 19 Jan 2019 00:14:57 -0600 Subject: [PATCH 016/103] Fix typo --- common-tasks/backup-emergency-restore-v4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-tasks/backup-emergency-restore-v4.md b/common-tasks/backup-emergency-restore-v4.md index a0199af9..6cdbfab5 100644 --- a/common-tasks/backup-emergency-restore-v4.md +++ b/common-tasks/backup-emergency-restore-v4.md @@ -176,7 +176,7 @@ Emergency Recovery Instructions https://github.com/QubesOS/qubes-doc.git [scrypt]: https://www.tarsnap.com/scrypt.html -[verify signatures]: https://www.qubes-os.org/security/verifying-signatures) +[verify signatures]: https://www.qubes-os.org/security/verifying-signatures [get and verify the Release 4 Signing Key]: https://www.qubes-os.org/security/verifying-signatures/#2-get-the-release-signing-key [Emergency Backup Recovery without Qubes (v2)]: https://www.qubes-os.org/doc/backup-emergency-restore-v2/ [Emergency Backup Recovery without Qubes (v3)]: https://www.qubes-os.org/doc/backup-emergency-restore-v3/ From b4216553da022cde6166d8beceb25e2f172d480c Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 19 Jan 2019 17:27:13 -0600 Subject: [PATCH 017/103] Make intro consistent with the rest of the page --- basics_user/doc-guidelines.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/basics_user/doc-guidelines.md b/basics_user/doc-guidelines.md index 8a7edca9..de986b3a 100644 --- a/basics_user/doc-guidelines.md +++ b/basics_user/doc-guidelines.md @@ -15,8 +15,7 @@ All Qubes OS documentation pages are stored as plain text files in the dedicated By cloning and regularly pulling from this repo, users can maintain their own up-to-date offline copy of all Qubes documentation rather than relying solely on the web. The documentation is a community effort. Volunteers work hard trying to keep everything accurate and comprehensive. -If you notice a problem with the documentation or some way it can be improved, please [report][issue] it! -Better yet, you can [edit the documentation][contribute] yourself, both to add or improve existing content. +If you notice a problem or some way it can be improved, please [edit the documentation][contribute]! Questions, problems, and improvements From 2507fe125561775c15ab1fccbb38d416ba006f07 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 19 Jan 2019 17:27:37 -0600 Subject: [PATCH 018/103] Acknowledge special USB drives --- installing/install-security.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/installing/install-security.md b/installing/install-security.md index e82d65b3..1eba07e3 100644 --- a/installing/install-security.md +++ b/installing/install-security.md @@ -75,6 +75,10 @@ Cons: untrusted ISO to dom0 in order to burn it to disc, which leaves only the other two options.) +Considering the pros and cons of each, perhaps a USB drive with non-rewritable +(or at least cryptographically-signed) firmware and a physical write-protect +switch might be the option. + [verify]: /security/verifying-signatures/ [classic problem]: https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf From 7102d0817d3d663d5ca8de7f2ae65f688d9f1090 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 20 Jan 2019 23:57:18 -0600 Subject: [PATCH 019/103] Fix heading levels --- about/video-tours.html | 12 +++--- basics_user/intro.md | 9 ++--- doc.md | 86 +++++++++++++++++++++--------------------- 3 files changed, 52 insertions(+), 55 deletions(-) diff --git a/about/video-tours.html b/about/video-tours.html index 381ede16..4ea7dacd 100644 --- a/about/video-tours.html +++ b/about/video-tours.html @@ -15,21 +15,21 @@ permalink: /video-tours/
-

Introduction

+

Introduction

Learn the basics in this introduction to Qubes OS.


What is Qubes OS?
-

Screenshots

+

Screenshots

See what using Qubes actually looks like with these screenshots of various applications running in Qubes.

See Screenshots
-

Getting Started

+

Getting Started

Ready to get started with Qubes? Here's what you need to know after installing.

Getting Started @@ -68,21 +68,21 @@ permalink: /video-tours/
-

Docs

+

Docs

Dive into the Qubes documentation with guides, tips, and troubleshooting help.

 Documentation
-

Downloads

+

Downloads

Download an ISO, verify your download, and install Qubes.

Downloads
-

Security

+

Security

Get PGP keys, security bulletins, and canaries. Learn more about our security practices.

Security Center diff --git a/basics_user/intro.md b/basics_user/intro.md index ab259012..265fc22e 100644 --- a/basics_user/intro.md +++ b/basics_user/intro.md @@ -175,30 +175,29 @@ pros and cons of this approach relative to Qubes: [Software compartmentalization vs. physical separation][paper-compart].)
-
+
-

Video Tours

+

Video Tours

Want to see Qubes OS in action? Sit back and watch a guided tour!

 Video Tours
-

Screenshots

+

Screenshots

See what using Qubes actually looks like with these screenshots of various applications running in Qubes.

Screenshots
-

Getting Started

+

Getting Started

Ready to get started with Qubes? Here's what you need to know after installing.

Getting Started
-
More information ---------------- diff --git a/doc.md b/doc.md index e3d12731..3a23a050 100644 --- a/doc.md +++ b/doc.md @@ -14,11 +14,10 @@ redirect_from: - /community/ --- -User Documentation -================== +## User Documentation + +### The Basics -The Basics ----------- * [What is Qubes OS?](/intro/) * [Video Tours](/video-tours/) * [Screenshots](/screenshots/) @@ -27,8 +26,8 @@ The Basics * [Help, Support, and Mailing Lists](/support/) * [How to Contribute](/doc/contributing/) -Security Information --------------------- +### Security Information + * [Security Center](/security/) * [Security FAQ](/faq/#general--security) * [Security Pack](/security/pack/) @@ -38,14 +37,14 @@ Security Information * [Why and How to Verify Signatures](/security/verifying-signatures/) * [Qubes PGP Keys](https://keys.qubes-os.org/keys/) -Choosing Your Hardware ----------------------- +### Choosing Your Hardware + * [System Requirements](/doc/system-requirements/) * [Certified Hardware](/doc/certified-hardware/) * [Hardware Compatibility List (HCL)](/hcl/) -Installing & Upgrading Qubes ----------------------------- +### Installing & Upgrading Qubes + * [Qubes Downloads](/downloads/) * [Qubes Download Mirrors](/downloads/mirrors/) * [Installation Guide](/doc/installation-guide/) @@ -58,8 +57,8 @@ Installing & Upgrading Qubes * [Custom Installation](/doc/custom-install/) * [Testing new releases and updates](/doc/testing/) -Common Tasks ------------- +### Common Tasks + * [Copying and Pasting Text Between Domains](/doc/copy-paste/) * [Copying and Moving Files Between Domains](/doc/copying-files/) * [Copying from (and to) dom0](/doc/copy-from-dom0/) @@ -73,8 +72,8 @@ Common Tasks * [Enabling Fullscreen Mode](/doc/full-screen-mode/) * [Tips and Tricks](/doc/tips-and-tricks/) -Managing Operating Systems within Qubes ---------------------------------------- +### Managing Operating Systems within Qubes + * [TemplateVMs](/doc/templates/) * [Templates: Fedora](/doc/templates/fedora/) * [Templates: Fedora Minimal](/doc/templates/fedora-minimal/) @@ -93,8 +92,8 @@ Managing Operating Systems within Qubes * [How to Reinstall a TemplateVM](/doc/reinstall-template/) -Security Guides ---------------- +### Security Guides + * [Qubes OS Project Security Information](/security/) * [Security Guidelines](/doc/security-guidelines/) * [Understanding Qubes Firewall](/doc/firewall/) @@ -109,8 +108,8 @@ Security Guides * [Note regarding password-less root access in VM](/doc/vm-sudo/) -Privacy Guides --------------- +### Privacy Guides + * [Whonix for Privacy & Anonymity](/doc/whonix/) * [Running Tails in Qubes](/doc/tails/) * [Anonymizing your MAC Address](/doc/anonymizing-your-mac-address/) @@ -119,8 +118,8 @@ Privacy Guides * [Reducing the fingerprint of the text-based web browser w3m](/doc/w3m/) -Configuration Guides --------------------- +### Configuration Guides + * [Configuration Files](/doc/config-files/) * [How to set up a ProxyVM as a VPN Gateway](/doc/vpn/) * [Storing AppVMs on Secondary Drives](/doc/secondary-storage/) @@ -147,8 +146,8 @@ Configuration Guides * [How to Make a Multimedia TemplateVM](/doc/multimedia/) -Customization Guides --------------------- +### Customization Guides + * [DispVM Customization](/doc/dispvm-customization/) * [Customizing Fedora minimal templates](/doc/fedora-minimal-template-customization/) * [Customizing Windows 7 templates](/doc/windows-template-customization/) @@ -162,8 +161,8 @@ Customization Guides * [Safely Removing TemplateVM Packages (Example: Thunderbird)](/doc/removing-templatevm-packages/) -Troubleshooting ---------------- +### Troubleshooting + * [Home directory is out of disk space error](/doc/out-of-memory/) * [Newer hardware doesn't work](/doc/newer-hardware-troubleshooting/) * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) @@ -178,8 +177,8 @@ Troubleshooting * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) -Reference Pages ---------------- +### Reference Pages + * [Command-Line Tools: Qubes 3.2, dom0](/doc/tools/3.2/dom0/) * [Command-Line Tools: Qubes 3.2, domU](/doc/tools/3.2/domU/) * [Command-Line Tools: Qubes 4.0, dom0](/doc/tools/4.0/dom0/) @@ -189,18 +188,17 @@ Reference Pages * [Command Execution in VMs (and Qubes RPC)](/doc/qrexec/) -Presentation Slides -------------------- +### Presentation Slides + * [[PDF] LinuxCon 2014 -- Qubes OS R2 Tutorial](/attachment/wiki/slides/LinuxCon_2014_Qubes_Tutorial.pdf) * [[PDF] LinuxCon 2014 -- Qubes OS Keynote](/attachment/wiki/slides/LinuxCon_2014_Qubes_Keynote.pdf) * [[PDF] RMLL 2016 -- Improving client systems security with Qubes OS](/attachment/wiki/slides/RMLL_2016_Improving-client-systems-security.pdf) * [[PDF] Golem and Friends 2017 -- Towards Reasonably Secure Computing in the Decentralized World](/attachment/wiki/slides/Secure_Computing_in_Decentralized_World.pdf) -Developer Documentation -======================= +## Developer Documentation + +### The Basics -The Basics ----------- * [Developer FAQ](/faq/#developers) * [Report a Security Issue](/security/) * [Report a Bug](/doc/reporting-bugs/) @@ -217,8 +215,8 @@ The Basics * [Style Guide](/doc/style-guide/) * [Usability & UX](/doc/usability-ux/) -Security Information --------------------- +### Security Information + * [Security Center](/security/) * [Security FAQ](/faq/#general--security) * [Security Pack](/security/pack/) @@ -231,8 +229,8 @@ Security Information * [Why and How to Verify Signatures](/security/verifying-signatures/) * [Qubes PGP Keys](http://keys.qubes-os.org/keys/) -System ------- +### System + * [Qubes OS Architecture Overview](/doc/architecture/) * [Qubes OS Architecture Spec v0.3 [PDF]](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf) * [Security-critical Code in Qubes OS](/doc/security-critical-code/) @@ -246,16 +244,16 @@ System * [Implementation of template sharing and updating](/doc/template-implementation/) * [Storage Pools](/doc/storage-pools/) -Services --------- +### Services + * [Inter-domain file copying](/doc/qfilecopy/) (deprecates [`qfileexchgd`](/doc/qfileexchgd/)) * [Dynamic memory management in Qubes](/doc/qmemman/) * [Implementation of DisposableVMs](/doc/dvm-impl/) * [Article about DisposableVMs](http://theinvisiblethings.blogspot.com/2010/06/disposable-vms.html) * [Dom0 secure update mechanism](/doc/dom0-secure-updates/) -Debugging ---------- +### Debugging + * [Profiling python code](/doc/profiling/) * [Test environment in separate machine for automatic tests](/doc/test-bench/) * [Automated tests](/doc/automated-tests/) @@ -263,8 +261,8 @@ Debugging * [Debugging Windows VMs](/doc/windows-debugging/) * [Safe Remote Dom0 Terminals](/doc/safe-remote-ttys/) -Building --------- +### Building + * [Building Qubes](/doc/qubes-builder/) (["API" Details](/doc/qubes-builder-details/)) * [Development Workflow](/doc/development-workflow/) * [Building Qubes OS ISO](/doc/qubes-r3-building/) @@ -274,8 +272,8 @@ Building * [Building the Whonix Templates](/doc/building-whonix-template/) * [How to compile kernels for dom0](https://groups.google.com/d/topic/qubes-users/yBeUJPwKwHM/discussion) -Releases --------- +### Releases + * [Release notes](/doc/releases/notes/) * [Release schedules](/doc/releases/schedules/) * [Release checklist](/doc/releases/todo/) From d048740d0115e336e63ffec6c256b91aee1f686b Mon Sep 17 00:00:00 2001 From: goldiqubes <46892173+goldiqubes@users.noreply.github.com> Date: Mon, 21 Jan 2019 12:15:28 +0000 Subject: [PATCH 020/103] Update disposablevm-customization.md --- customization/disposablevm-customization.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/customization/disposablevm-customization.md b/customization/disposablevm-customization.md index 361243a0..2a482455 100644 --- a/customization/disposablevm-customization.md +++ b/customization/disposablevm-customization.md @@ -246,6 +246,15 @@ Using DisposableVMs in this manner is ideal for untrusted qubes which require pe [user@dom0 ~]$ qvm-prefs disp-sys-usb autostart true 7. Users should now follow instructions on [How to hide USB controllers from dom0](/doc/usb/#how-to-hide-all-usb-controllers-from-dom0) +8. At this point your mouse may not work. In which case you should follow this qubes guide https://www.qubes-os.org/doc/usb/ + +Edit the qubes.InputMouse policy file in dom0, which is located here: + +/etc/qubes-rpc/policy/qubes.InputMouse + +Add a line like this to the top of the file: + +disp-sys-usb dom0 allow,user=root #### Starting the DisposableVMs #### From 055776a87cb858db6b62955605ded885e76179db Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 21 Jan 2019 21:51:52 -0600 Subject: [PATCH 021/103] Fix Markdown syntax and clean up text --- customization/disposablevm-customization.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/customization/disposablevm-customization.md b/customization/disposablevm-customization.md index 2a482455..6394b45a 100644 --- a/customization/disposablevm-customization.md +++ b/customization/disposablevm-customization.md @@ -246,15 +246,15 @@ Using DisposableVMs in this manner is ideal for untrusted qubes which require pe [user@dom0 ~]$ qvm-prefs disp-sys-usb autostart true 7. Users should now follow instructions on [How to hide USB controllers from dom0](/doc/usb/#how-to-hide-all-usb-controllers-from-dom0) -8. At this point your mouse may not work. In which case you should follow this qubes guide https://www.qubes-os.org/doc/usb/ -Edit the qubes.InputMouse policy file in dom0, which is located here: +8. At this point, your mouse may not work. + Edit the `qubes.InputMouse` policy file in dom0, which is located here: -/etc/qubes-rpc/policy/qubes.InputMouse + /etc/qubes-rpc/policy/qubes.InputMouse -Add a line like this to the top of the file: + Add a line like this to the top of the file: -disp-sys-usb dom0 allow,user=root + disp-sys-usb dom0 allow,user=root #### Starting the DisposableVMs #### From eed9431e93f07e6b4feca41eb39b3396386cade0 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 21 Jan 2019 21:54:27 -0600 Subject: [PATCH 022/103] Remove superfluous horizontal rules --- about/faq.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/about/faq.md b/about/faq.md index 3afde8b2..75c12aec 100644 --- a/about/faq.md +++ b/about/faq.md @@ -175,7 +175,6 @@ So, if feature X isn't enabled, it's most likely for one of three reasons: 3. Our platform supports it, but we're not aware that we can enable it or have forgotten to do so. (If it seems like this is the case, let us know!) ----------- ## Users @@ -513,8 +512,6 @@ Please don't ask for your favorite program to be installed by default or for som This is an incredibly selfish attitude that demonstrates a complete lack of consideration for the thousands of other Qubes users who don't happen to share your preferences. ----------- - ## Developers ### Are there restrictions on the software that the Qubes developers are willing to use? From b0e0af3f0c3313309ee155ebd82c6f9be114b8ae Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 21 Jan 2019 21:55:00 -0600 Subject: [PATCH 023/103] Remove superfluous table border --- installing/version-scheme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installing/version-scheme.md b/installing/version-scheme.md index f538ec78..c055d1e5 100644 --- a/installing/version-scheme.md +++ b/installing/version-scheme.md @@ -67,7 +67,7 @@ The next RC is released five weeks after the former. All packets are published in `current` repository and the cycle starts over. There should be no less than 1 and no more than 3 release candidates before final release. - +
From f66fbabc85eb9e9e5d4d3694ae810853051a097b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 21 Jan 2019 21:55:18 -0600 Subject: [PATCH 024/103] Document qubes.StartApp security advantages Thanks to @marmarek and @jpouellet for providing these explanations: https://groups.google.com/d/topic/qubes-devel/BsrjCN3Vg_g/discussion --- services/qrexec3.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/services/qrexec3.md b/services/qrexec3.md index 90cae014..c6ff4449 100644 --- a/services/qrexec3.md +++ b/services/qrexec3.md @@ -167,6 +167,35 @@ be fatal to Qubes security. On the other hand, this mechanism allows to delegate processing of untrusted input to less privileged (or disposable) AppVMs, thus wise usage of it increases security. +For example, this command will run the `firefox` command in a DisposableVM based +on `work`: + +``` +$ qvm-run --dispvm=work firefox +``` + +By contrast, consider this command: + +``` +$ qvm-run --dispvm=work --service qubes.StartApp+firefox +``` + +This will look for a `firefox.desktop` file in a standard location in a +DisposableVM based on `work`, then launch the application described by that +file. The practical difference is that the bare `qvm-run` command uses the +`qubes.VMShell` service, which allows you to run an arbitrary command with +arbitrary arguments, essentially providing full control over the target VM. By +contrast, the `qubes.StartApp` service allows you to run only applications that +are advertised in `/usr/share/applications` (or other standard locations) +*without* control over the arguments, so giving a VM access to `qubes.StartApp` +is much safer. While there isn't much practical difference between the two +commands above when starting an application from dom0 in Qubes 4.0, there is a +significant security risk when launching applications from a domU (e.g., from +a separate GUI domain). This is why `qubes.StartApp` uses our standard `qrexec` +argument grammar to strictly filter the permissible grammar of the `Exec=` lines +in `.desktop` files that are passed from untrusted domUs to dom0, thereby +protecting dom0 from command injection by maliciously-crafted `.desktop` files. + ### Extra keywords available in Qubes 4.0 and later **This section is about a not-yet-released version, some details may change** From cd40428d5c3cd6c45f7adb7f6f3c3cc4a3b6a0cb Mon Sep 17 00:00:00 2001 From: Tom Schlenkhoff Date: Tue, 22 Jan 2019 18:08:09 +0100 Subject: [PATCH 025/103] Added info on Intel TXT requirement --- security/anti-evil-maid.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/security/anti-evil-maid.md b/security/anti-evil-maid.md index f70dcbfb..bd3ab5d3 100644 --- a/security/anti-evil-maid.md +++ b/security/anti-evil-maid.md @@ -16,6 +16,16 @@ Background Please read [this blog article](https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html). +Prerequsites +---------- + +The current package requires a TPM 1.2 interface and a working Intel TXT engine. +If you neutered your Intel Management Engine with e.g. [me_cleaner](https://github.com/corna/me_cleaner) +while installing [CoreBoot](https://www.coreboot.org/) then you are out of luck. +So, for now, you have to choose between deblobbing your BIOS and Anti Evil Maid. + +[Discussion](https://groups.google.com/d/msg/qubes-users/sEmZfOZqYXM/j5rHeex1BAAJ) + Installing ---------- From 7e447917c7b55cbc9d2a500bbb6b6cdf652093fe Mon Sep 17 00:00:00 2001 From: Tom Schlenkhoff Date: Wed, 23 Jan 2019 11:01:56 +0100 Subject: [PATCH 026/103] Clarify/fix typo in - now - Requirements --- security/anti-evil-maid.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/anti-evil-maid.md b/security/anti-evil-maid.md index bd3ab5d3..97bb1da3 100644 --- a/security/anti-evil-maid.md +++ b/security/anti-evil-maid.md @@ -16,13 +16,13 @@ Background Please read [this blog article](https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html). -Prerequsites +Requirements ---------- The current package requires a TPM 1.2 interface and a working Intel TXT engine. -If you neutered your Intel Management Engine with e.g. [me_cleaner](https://github.com/corna/me_cleaner) +If you cleaned your Intel Management Engine with e.g. [me_cleaner](https://github.com/corna/me_cleaner) while installing [CoreBoot](https://www.coreboot.org/) then you are out of luck. -So, for now, you have to choose between deblobbing your BIOS and Anti Evil Maid. +For now you have to choose between cleaning your BIOS and deploying Anti Evil Maid. [Discussion](https://groups.google.com/d/msg/qubes-users/sEmZfOZqYXM/j5rHeex1BAAJ) From d3ac750f2690cae451105d6a5df54c9f5791f2f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 23 Jan 2019 18:10:42 +0100 Subject: [PATCH 027/103] Add QSB#46 to the list --- security-info/security-bulletins.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security-info/security-bulletins.md b/security-info/security-bulletins.md index b114c480..3585fffd 100644 --- a/security-info/security-bulletins.md +++ b/security-info/security-bulletins.md @@ -97,3 +97,8 @@ Qubes Security Bulletins are published through the [Qubes Security Pack](/securi - [Qubes Security Bulletin \#44](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-044-2018.txt) (Multiple Xen vulnerabilities (XSA-275, XSA-280)) - [Qubes Security Bulletin \#45](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-045-2018.txt) (Insecure default Salt configuration) +2019 +---- + +- [Qubes Security Bulletin \#46](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-046-2019.txt) (APT update mechanism vulnerability) + From b7b29f01434c70982b25a0022133f41d7355c49b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 26 Jan 2019 17:13:20 -0600 Subject: [PATCH 028/103] Revise in accordance with documentation guidelines --- common-tasks/disposablevm.md | 108 ++++++++++++++++++++++++++++------- 1 file changed, 86 insertions(+), 22 deletions(-) diff --git a/common-tasks/disposablevm.md b/common-tasks/disposablevm.md index 8f1025f3..631ca8ff 100644 --- a/common-tasks/disposablevm.md +++ b/common-tasks/disposablevm.md @@ -9,8 +9,7 @@ redirect_from: - /wiki/DisposableVMs/ --- -DisposableVMs -============= +# DisposableVMs # A DisposableVM (previously known as a "DispVM") is a lightweight VM that can be created quickly and will disappear when closed. DisposableVMs are usually created in order to host a single application, like a viewer, editor, or web browser. @@ -24,8 +23,7 @@ While running, DisposableVMs will appear in Qubes VM Manager with the name `disp See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a DisposableVM. -Security --------- +## Security ## If a [DVM Template] becomes compromised, then any DisposableVM based on that DVM Template could be compromised. In particular, the *default* DVM Template is important because it is used by the "Open in DisposableVM" feature. @@ -40,8 +38,10 @@ For details, see [this thread](https://groups.google.com/d/topic/qubes-devel/QwL When it is essential to avoid leaving any trace, consider using [Tails](https://tails.boum.org/). -DisposableVMs and Networking (R4.0 and later) ------------------------------ +## Qubes 4.0 ## + + +### DisposableVMs and Networking ### Similarly to how AppVMs are based on their underlying [TemplateVM](https://www.qubes-os.org/doc/glossary/#templatevm), DisposableVMs are based on their underlying [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). R4.0 introduces the concept of multiple DVM Templates, whereas R3.2 was limited to only one. @@ -85,11 +85,75 @@ Some DVM Templates will automatically create a menu item to launch a DVM, if you To launch a DVM from the command line, in dom0 please type the following: qvm-run --dispvm=NameOfDVM --service qubes.StartApp+NameOfApp - - -DisposableVMs and Networking (R3.2 and earlier) ------------------------------ + +### Opening a file in a DisposableVM via GUI ### + +In an AppVM's file manager, right click on the file you wish to open in a DisposableVM, then choose "Open in DisposableVM". +Wait a few seconds and the default application for this file type should appear displaying the file content. +This app is running in its own dedicated VM -- a DisposableVM created for the purpose of viewing or editing this very file. +Once you close the viewing application the whole DisposableVM will be destroyed. +If you have edited the file and saved the changes, the changed file will be saved back to the original AppVM, overwriting the original. + +![r1-open-in-dispvm-1.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-1.png) ![r1-open-in-dispvm-2.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-2.png) + + +### Opening a fresh web browser instance in a new DisposableVM ### + +Sometimes it is desirable to open an instance of Firefox within a new fresh DisposableVM. +This can be done easily using the Start Menu: just go to **Application Menu -\> DisposableVM -\> DisposableVM:Firefox web browser**. +Wait a few seconds until a web browser starts. +Once you close the viewing application the whole DisposableVM will be destroyed. + +![r1-open-in-dispvm-3.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-3.png) + + +### Opening a file in a DisposableVM via command line (from AppVM) ### + +Use the `qvm-open-in-dvm` command from a terminal in your AppVM: + +~~~ +[user@work-pub ~]$ qvm-open-in-dvm Downloads/apple-sandbox.pdf +~~~ + +Note that the `qvm-open-in-dvm` process will not exit until you close the application in the DisposableVM. + + +### Starting an arbitrary program in a DisposableVM from an AppVM ### + +Sometimes it can be useful to start an arbitrary program in a DisposableVM. This can be done from an AppVM by running + +~~~ +[user@vault ~]$ qvm-run '$dispvm' xterm +~~~ + +The created DisposableVM can be accessed via other tools (such as `qvm-copy-to-vm`) using its `disp####` name as shown in the Qubes Manager or `qvm-ls`. + + +### Starting an arbitrary application in a DisposableVM via command line from dom0 ### + +The Application Launcher has shortcuts for opening a terminal and a web browser in dedicated DisposableVMs, since these are very common tasks. +However, it is possible to start an arbitrary application in a DisposableVM directly from dom0 by running: + +~~~ +$ qvm-run --dispvm=dvm-template --service qubes.StartApp+xterm +~~~ + +The label color will be inherited from the `dvm-template`. +(The DisposableVM Application Launcher shortcut used for starting programs runs a very similar command to the one above.) + + +### Customizing DisposableVMs ### + +You can change the template used to generate the DisposableVMs, and change settings used in the DisposableVM savefile. +These changes will be reflected in every new DisposableVM based on that template. +Full instructions can be found [here](/doc/disposablevm-customization/). + + +## Qubes 3.2 ## + + +### DisposableVMs and Networking ### NetVM and firewall rules for DisposableVMs can be set as they can for a normal VM. By default a DisposableVM will inherit the NetVM and firewall settings of the VM from which it is launched. @@ -102,8 +166,8 @@ By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". Note that changing the "NetVM for DisposableVM" setting for the DVM Template does *not* affect the NetVM of DisposableVMs launched from the Start Menu; only changing the DVM Template's own NetVM does. -Opening a file in a DisposableVM via GUI ------------------------------------------ + +### Opening a file in a DisposableVM via GUI ### In an AppVM's file manager, right click on the file you wish to open in a DisposableVM, then choose "Open in DisposableVM". Wait a few seconds and the default application for this file type should appear displaying the file content. @@ -113,8 +177,8 @@ If you have edited the file and saved the changes, the changed file will be save ![r1-open-in-dispvm-1.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-1.png) ![r1-open-in-dispvm-2.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-2.png) -Opening a fresh web browser instance in a new DisposableVM ------------------------------------------------------------ + +### Opening a fresh web browser instance in a new DisposableVM ### Sometimes it is desirable to open an instance of Firefox within a new fresh DisposableVM. This can be done easily using the Start Menu: just go to **Application Menu -\> DisposableVM -\> DisposableVM:Firefox web browser**. @@ -123,8 +187,8 @@ Once you close the viewing application the whole DisposableVM will be destroyed. ![r1-open-in-dispvm-3.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-3.png) -Opening a file in a DisposableVM via command line (from AppVM) ---------------------------------------------------------------- + +### Opening a file in a DisposableVM via command line (from AppVM) ### Use the `qvm-open-in-dvm` command from a terminal in your AppVM: @@ -134,8 +198,8 @@ Use the `qvm-open-in-dvm` command from a terminal in your AppVM: Note that the `qvm-open-in-dvm` process will not exit until you close the application in the DisposableVM. -Starting an arbitrary program in a DisposableVM from an AppVM --------------------------------------------------------------- + +### Starting an arbitrary program in a DisposableVM from an AppVM ### Sometimes it can be useful to start an arbitrary program in a DisposableVM. This can be done from an AppVM by running @@ -145,8 +209,8 @@ Sometimes it can be useful to start an arbitrary program in a DisposableVM. This The created DisposableVM can be accessed via other tools (such as `qvm-copy-to-vm`) using its `disp####` name as shown in the Qubes Manager or `qvm-ls`. -Starting an arbitrary application in a DisposableVM via command line (from Dom0) ---------------------------------------------------------------------------------- + +### Starting an arbitrary application in a DisposableVM via command line (from Dom0) ### The Start Menu has shortcuts for opening a terminal and a web browser in dedicated DisposableVMs, since these are very common tasks. However, it is possible to start an arbitrary application in a DisposableVM directly from Dom0 by running @@ -163,8 +227,8 @@ R3.2 (border colour can be specified in the command) (The DisposableVM appmenu used for starting Firefox runs a very similar command to the one above.) -Customizing DisposableVMs --------------------------- + +### Customizing DisposableVMs ### You can change the template used to generate the DisposableVMs, and change settings used in the DisposableVM savefile. These changes will be reflected in every new DisposableVM based on that template. From 3f9f87ec633df4306b9f889cc7469bc820fd32e0 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 26 Jan 2019 17:14:47 -0600 Subject: [PATCH 029/103] Document opening in DipsVM based on non-default DVM Template Closes QubesOS/qubes-issues#4753 --- common-tasks/disposablevm.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/common-tasks/disposablevm.md b/common-tasks/disposablevm.md index 631ca8ff..d92ff57f 100644 --- a/common-tasks/disposablevm.md +++ b/common-tasks/disposablevm.md @@ -143,6 +143,20 @@ The label color will be inherited from the `dvm-template`. (The DisposableVM Application Launcher shortcut used for starting programs runs a very similar command to the one above.) +#### Opening a link in a DisposableVM based on a non-default DVM Template from a qube #### + +Suppose that the default DVM Template for your `email` qube has no networking (e.g., so that untrusted attachments can't phone home). +However, sometimes you want to open email links in DisposableVMs. +Obviously, you can't use the default DVM Template, since it has no networking, so you need to be able to specify a different DVM Template. +You can do that with this command from the `email` qube (as long as your RPC policies allow it): + +~~~ +$ qvm-open-in-vm @dispvm:online-dvm-template https://www.qubes-os.org +~~~ + +This will create a new DisposableVM based on `online-dvm-template`, open the default web browser in that DisposableVM, and navigate to `https://www.qubes-os.org`. + + ### Customizing DisposableVMs ### You can change the template used to generate the DisposableVMs, and change settings used in the DisposableVM savefile. From 9c9ac43e564b92058596e8ea1a0fb3263418fcf2 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 26 Jan 2019 17:17:55 -0600 Subject: [PATCH 030/103] Remove 4.0 example from 3.2 section; update context --- common-tasks/disposablevm.md | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/common-tasks/disposablevm.md b/common-tasks/disposablevm.md index d92ff57f..27c00ec3 100644 --- a/common-tasks/disposablevm.md +++ b/common-tasks/disposablevm.md @@ -226,20 +226,15 @@ The created DisposableVM can be accessed via other tools (such as `qvm-copy-to-v ### Starting an arbitrary application in a DisposableVM via command line (from Dom0) ### -The Start Menu has shortcuts for opening a terminal and a web browser in dedicated DisposableVMs, since these are very common tasks. -However, it is possible to start an arbitrary application in a DisposableVM directly from Dom0 by running +The Application Launcher has shortcuts for opening a terminal and a web browser in dedicated DisposableVMs, since these are very common tasks. +However, it is possible to start an arbitrary application in a DisposableVM directly from dom0 by running: -R4.0 (border colour will be inherited from that set in the `dispvm-template`) ~~~ -[joanna@dom0 ~]$ qvm-run --dispvm=dispvm-template --service qubes.StartApp+xterm +$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red ~~~ -R3.2 (border colour can be specified in the command) -~~~ -[joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red -~~~ - -(The DisposableVM appmenu used for starting Firefox runs a very similar command to the one above.) +The label color will be inherited from the `dvm-template`. +(The DisposableVM Application Launcher shortcut used for starting programs runs a very similar command to the one above.) ### Customizing DisposableVMs ### From 69d879015b0c4d0c2769675744779f6fdf861335 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 26 Jan 2019 18:50:45 -0600 Subject: [PATCH 031/103] Fix link --- managing-os/templates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/templates.md b/managing-os/templates.md index 1cd20712..d1de8abe 100644 --- a/managing-os/templates.md +++ b/managing-os/templates.md @@ -136,7 +136,7 @@ Important Notes (R4.0) (1) Upon creation (2) Following shutdown -(3) Including [DVM Templates](/doc/disposablevm/#disposablevms-and-networking-r40-and-later) +(3) Including [DVM Templates](/doc/glossary/#dvm-template) Important Notes (R3.2 and earlier) --------------- From ec698e8035174f5e40eabaf6598543179d3f17ff Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 27 Jan 2019 23:42:35 -0600 Subject: [PATCH 032/103] Fix top-level heading syntax for ToC generation --- configuration/disk-trim.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/disk-trim.md b/configuration/disk-trim.md index 0dc2d1eb..c1164f18 100644 --- a/configuration/disk-trim.md +++ b/configuration/disk-trim.md @@ -9,7 +9,7 @@ redirect_from: --- Disk Trim ----------- +========= Disk trimming is the procedure by which the operating system informs the underlying storage device of which storage blocks are no longer in use. It does this by issuing an `ATA_TRIM` command for the block. This is also known as a `discard`. From 63897d859aed1c3860f45638fe67cbd511901d00 Mon Sep 17 00:00:00 2001 From: AJ Jordan Date: Tue, 29 Jan 2019 01:00:16 -0500 Subject: [PATCH 033/103] Link to R4 storage pool documentation --- system/storage-pools.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/system/storage-pools.md b/system/storage-pools.md index c4129208..8886f406 100644 --- a/system/storage-pools.md +++ b/system/storage-pools.md @@ -9,6 +9,9 @@ Storage Pools in Qubes Qubes OS R3.2 introduced the concept of storage drivers and pools. This feature was a first step towards a saner storage API, which is heavily rewritten in R4. +See [here](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-storage.html) +for documentation on storage pools in R4. + A storage driver provides a way to store VM images in a Qubes OS system. Currently, the default driver is `xen` which is the default way of storing volume images as files in a directory tree like `/var/lib/qubes/`. From 36048c065cd657b4a0573fd6da021e6f1adc1fe7 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 1 Feb 2019 21:04:31 -0600 Subject: [PATCH 034/103] Add Canary 18 --- security-info/canaries.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security-info/canaries.md b/security-info/canaries.md index 0fd53c96..0d503041 100644 --- a/security-info/canaries.md +++ b/security-info/canaries.md @@ -43,3 +43,8 @@ Qubes Canaries are published through the [Qubes Security Pack](/security/pack/). - [Qubes Canary \#16](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-016-2018.txt) - [Qubes Canary \#17](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-017-2018.txt) +2019 +---- + +- [Qubes Canary \#18](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-018-2019.txt) + From 62858dedf539d78c3b5366fc456e91b271a6de93 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 3 Feb 2019 14:09:52 -0600 Subject: [PATCH 035/103] Generalize optical disc documentation - Rename file - Rename title - Update premalink - Add redirect to old permalink - Generalize content - Unwrap lines - Add link to /doc/security-guidelines/#dom0-precautions - Update doc index link Fixes QubesOS/qubes-issues#4783 --- common-tasks/optical-discs.md | 20 ++++++++++++++++++++ common-tasks/recording-optical-discs.md | 22 ---------------------- doc.md | 2 +- 3 files changed, 21 insertions(+), 23 deletions(-) create mode 100644 common-tasks/optical-discs.md delete mode 100644 common-tasks/recording-optical-discs.md diff --git a/common-tasks/optical-discs.md b/common-tasks/optical-discs.md new file mode 100644 index 00000000..00aec3db --- /dev/null +++ b/common-tasks/optical-discs.md @@ -0,0 +1,20 @@ +--- +layout: doc +title: Optical Discs +permalink: /doc/optical-discs/ +redirect_from: + - /doc/recording-optical-discs/ + - /en/doc/recording-optical-discs/ +--- + +Optical Discs +============= + +Passthrough reading and recording (a.k.a., "burning") is not supported by Xen. +Currently, the only options for reading and recording optical discs (e.g., CDs, DVDs, BRDs) in Qubes are: + + 1. Use a USB optical drive. + 2. Attach a SATA optical drive to a secondary SATA controller, then assign this secondary SATA controller to a VM. + 3. Use a SATA optical drive attached to dom0. + (**Caution:** This option is [potentially dangerous](/doc/security-guidelines/#dom0-precautions). + diff --git a/common-tasks/recording-optical-discs.md b/common-tasks/recording-optical-discs.md deleted file mode 100644 index 5d4bca74..00000000 --- a/common-tasks/recording-optical-discs.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -layout: doc -title: Recording Optical Discs -permalink: /doc/recording-optical-discs/ -redirect_from: /en/doc/recording-optical-discs/ ---- - -Recording Optical Discs -======================= - -Passthrough recording (a.k.a., "burning") is not supported by Xen. Currently, -the only options for recording optical discs (e.g., CDs, DVDs, BRDs) in Qubes -are: - - 1. Use a USB optical drive. - 2. Attach a SATA optical drive to a secondary SATA controller, then assign this - secondary SATA controller to a VM. - 3. Use a SATA optical drive attached to dom0. - (**Caution:** This option may violate the Qubes security model if it entails - transferring untrusted data (e.g., an ISO) to dom0 in order to record it on - an optical disc.) - diff --git a/doc.md b/doc.md index 3a23a050..7c3e1f0e 100644 --- a/doc.md +++ b/doc.md @@ -67,7 +67,7 @@ redirect_from: * [Backup, Restoration, and Migration](/doc/backup-restore/) * [Using DisposableVMs](/doc/disposablevm/) * [Using and Managing USB Devices](/doc/usb/) - * [Recording Optical Discs](/doc/recording-optical-discs/) + * [Optical Discs](/doc/optical-discs/) * [Managing Application Shortcuts](/doc/managing-appvm-shortcuts/) * [Enabling Fullscreen Mode](/doc/full-screen-mode/) * [Tips and Tricks](/doc/tips-and-tricks/) From eb1ea05c6b99686731e746fd26bae97bec1d464f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 3 Feb 2019 15:45:23 -0600 Subject: [PATCH 036/103] Fix typos --- common-tasks/optical-discs.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/common-tasks/optical-discs.md b/common-tasks/optical-discs.md index 00aec3db..028857c2 100644 --- a/common-tasks/optical-discs.md +++ b/common-tasks/optical-discs.md @@ -10,11 +10,11 @@ redirect_from: Optical Discs ============= -Passthrough reading and recording (a.k.a., "burning") is not supported by Xen. +Passthrough reading and recording (a.k.a., "burning") are not supported by Xen. Currently, the only options for reading and recording optical discs (e.g., CDs, DVDs, BRDs) in Qubes are: 1. Use a USB optical drive. 2. Attach a SATA optical drive to a secondary SATA controller, then assign this secondary SATA controller to a VM. - 3. Use a SATA optical drive attached to dom0. - (**Caution:** This option is [potentially dangerous](/doc/security-guidelines/#dom0-precautions). + 3. Use a SATA optical drive attached to dom0. + (**Caution:** This option is [potentially dangerous](/doc/security-guidelines/#dom0-precautions).) From eb0e6b92d7edb604c881f0c90b54ed5b0f51e68c Mon Sep 17 00:00:00 2001 From: arvog <31415602+arvog@users.noreply.github.com> Date: Tue, 5 Feb 2019 16:11:20 +0100 Subject: [PATCH 037/103] Update fedora-minimal instructions to current template version NOTES: - currently only works with --enablerepo=qubes-templates-itl-testing. stable minimal template appears to be broken. - firewall VM needs to have iproute installed (see https://qubes-os.info/index.php?t=msg&th=506&goto=2017&#msg_2017) --- managing-os/templates/fedora-minimal.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/managing-os/templates/fedora-minimal.md b/managing-os/templates/fedora-minimal.md index ab1e25e2..13b8afac 100644 --- a/managing-os/templates/fedora-minimal.md +++ b/managing-os/templates/fedora-minimal.md @@ -12,7 +12,7 @@ redirect_from: Fedora - minimal ================ -The template only weighs about 600 MB compressed (2 GB on disk) and has only the most vital packages installed, including a minimal X and xterm installation. +The template only weighs about 600 MB compressed (1.6 GB on disk) and has only the most vital packages installed, including a minimal X and xterm installation. The minimal template, however, can be easily extended to fit your requirements. The sections below contain the instructions on duplicating the template and provide some examples for commonly desired use cases. Installation @@ -21,7 +21,7 @@ Installation The Fedora minimal template can be installed with the following command: ~~~ -[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-27-minimal +[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-29-minimal ~~~ The download may take a while depending on your connection speed. @@ -32,7 +32,7 @@ Duplication and first steps It is highly recommended to clone the original template, and make any changes in the clone instead of the original template. The following command clones the template. Replace `your-new-clone` with your desired name. ~~~ -[user@dom0 ~]$ qvm-clone fedora-27-minimal your-new-clone +[user@dom0 ~]$ qvm-clone fedora-29-minimal your-new-clone ~~~ You must start the template in order to customize it. @@ -68,7 +68,7 @@ Use case | Description | Required steps --- | --- | --- **Standard utilities** | If you need the commonly used utilities | Install the following packages: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` **Audio** | If you want sound from your VM... | Install `pulseaudio-qubes` -**FirewallVM** | You can use the minimal template as a [FirewallVM](/doc/firewall/), such as the basis template for `sys-firewall` | Install at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the updatevm (which is normally sys-firewall). +**FirewallVM** | You can use the minimal template as a [FirewallVM](/doc/firewall/), such as the basis template for `sys-firewall` | Install at least `qubes-core-agent-networking` and `iproute`, and also `qubes-core-agent-dom0-updates` if you want to use it as the updatevm (which is normally sys-firewall). **NetVM** | You can use this template as the basis for a NetVM such as `sys-net` | Install the following packages: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `dejavu-sans-fonts` `notification-daemon` `gnome-keyring` `polkit` `@hardware-support`. **NetVM (extra firmware)** | If your network devices need extra packages for the template to work as a network VM | Use the `lspci` command to identify the devices, then run `dnf search firmware` (replace `firmware` with the appropriate device identifier) to find the needed packages and then install them. **Network utilities** | If you need utilities for debugging and analyzing network connections | Install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat` @@ -84,7 +84,7 @@ Qubes 4.0 In Qubes R4.0 the minimal template is not configured for passwordless root. To update or install packages to it, from a dom0 terminal window: ~~~ -[user@dom0 ~]$ qvm-run -u root fedora-27-minimal xterm +[user@dom0 ~]$ qvm-run -u root fedora-29-minimal xterm ~~~ to open a root terminal in the template, from which you can use dnf without sudo. You will have to do this every time if you choose not to enable passwordless root. @@ -107,7 +107,7 @@ In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be neede - `qubes-core-agent-qrexec`: Qubes qrexec agent. Installed by default. - `qubes-core-agent-systemd`: Qubes unit files for SystemD init style. Installed by default. -- `qubes-core-agent-passwordless-root`, `polkit`: By default the 'fedora-27-minimal' template doesn't have passwordless root. These two packages enable this feature. (Note from R4.0 a design choice was made that passwordless should be optional, so is left out of the minimal templates) +- `qubes-core-agent-passwordless-root`, `polkit`: By default the 'fedora-29-minimal' template doesn't have passwordless root. These two packages enable this feature. (Note from R4.0 a design choice was made that passwordless should be optional, so is left out of the minimal templates) - `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it things like "copy to VM/open in disposable VM" will not be shown in Nautilus). - `qubes-core-agent-sysvinit`: Qubes unit files for SysV init style or upstart. - `qubes-core-agent-networking`: Networking support. Required for general network access and particularly if the template is to be used for a `sys-net` or `sys-firewall` VM. From 1e0425cacc18fff2b27d8383cc5d7b5a52c8441e Mon Sep 17 00:00:00 2001 From: Michael Carbone Date: Tue, 5 Feb 2019 18:40:54 +0100 Subject: [PATCH 038/103] update to 2019 --- basics_dev/gsoc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index f3988a5c..cefde781 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -5,7 +5,7 @@ permalink: /gsoc/ redirect_from: /GSoC/ --- -2018 Google Summer of Code +2019 Google Summer of Code ================ ## Information for Students From 2b215ef53c2c61a51c39108e352037afe56f30be Mon Sep 17 00:00:00 2001 From: alcreator <24826469+alcreator@users.noreply.github.com> Date: Wed, 6 Feb 2019 13:11:20 +1100 Subject: [PATCH 039/103] Minor spelling/grammatical fixes --- basics_dev/gsoc.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index f3988a5c..0fa3e1e4 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -455,22 +455,22 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618). **Project**: Qubes Converters -**Brief explanation**: One of the pioneering ideas of Qubes is to use disposable virtual machines to convert untrustworthy files (such as documents given to journalists by unknown and potentially malicious whistleblowers) into trusthworhty files. See [Joanna's blog on the Qubes PDF Convert](http://theinvisiblethings.blogspot.co.uk/2013/02/converting-untrusted-pdfs-into-trusted.html) for details of the idea. Joanna has implemented a prototype for PDF documents. The goal of this project would be to generalize beyond the simple prototype to accommodate a wide variety of file formats, including Word documents, audio files, video files, spreadsheets, and so on. The converters should prioritise safety over faithful conversion. For example the Qubes PDF converter typically leads to lower quality PDFs (e.g. cut and paste is no longer possible), because this makes the conversion process safer. +**Brief explanation**: One of the pioneering ideas of Qubes is to use disposable virtual machines to convert untrustworthy files (such as documents given to journalists by unknown and potentially malicious whistleblowers) into trustworthy files. See [Joanna's blog on the Qubes PDF Convert](http://theinvisiblethings.blogspot.co.uk/2013/02/converting-untrusted-pdfs-into-trusted.html) for details of the idea. Joanna has implemented a prototype for PDF documents. The goal of this project would be to generalize beyond the simple prototype to accommodate a wide variety of file formats, including Word documents, audio files, video files, spreadsheets, and so on. The converters should prioritise safety over faithful conversion. For example the Qubes PDF converter typically leads to lower quality PDFs (e.g. cut and paste is no longer possible), because this makes the conversion process safer. **Expected results**: We expect that in the timeframe, it will be possible to implement many converters for many file formats. However, if any unexpected difficulties arise, we would prioritise a small number of safe and high quality converters over a large number of unsafe or unuseful converters. -**Knowledge prerequisite**: Most of the coding will probably be implemented as shell scripts to interface with pre-existing converts (such as ImageMagick in the Qubes PDF converter). However, shell scripts are not safe for processing untrusted data, so any extra processing will need to be implemented in another language -- probably Python. +**Knowledge prerequisite**: Most of the coding will probably be implemented as shell scripts to interface with pre-existing converters (such as ImageMagick in the Qubes PDF converter). However, shell scripts are not safe for processing untrusted data, so any extra processing will need to be implemented in another language -- probably Python. **Mentors**: Andrew Clausen and Jean-Philippe Ouellet ### Mitigate focus-stealing attacks **Project**: Mitigate focus-stealing attacks -**Brief explanation**: [Focus stealing attacks](https://en.wikipedia.org/wiki/Focus_stealing) have long been an issue in Qubes OS. The Qubes community has long punted the issue due to having higher priority things to work on, and it being viewed as the responsability of the window manager, but nevertheless it remains a serious issue, and an *effective* mitigation would be most welcome. Any student wishing to work on this would need to engage the community in a discussion about the effectiveness of their proposed earlier rather than later. [#1166](https://github.com/QubesOS/qubes-issues/issues/1166) +**Brief explanation**: [Focus stealing attacks](https://en.wikipedia.org/wiki/Focus_stealing) have long been an issue in Qubes OS. The Qubes community has long punted the issue due to having higher priority things to work on, and it being viewed as the responsibility of the window manager, but nevertheless it remains a serious issue, and an *effective* mitigation would be most welcome. Any student wishing to work on this would need to engage the community in a discussion about the effectiveness of their proposed solution earlier rather than later. [#1166](https://github.com/QubesOS/qubes-issues/issues/1166) **Expected results**: Working robust focus stealing prevention for Xfce (currently the default Qubes desktop environment) or Gnome (the targeted future Qubes desktop environment). -**Knoledge prerequisite**: X APIs, Qubes GUI protocol, familiarity with the targeted window manager. +**Knowledge prerequisite**: X APIs, Qubes GUI protocol, familiarity with the targeted window manager. **Mentor**: Inquire on [qubes-devel][ml-devel]. @@ -487,7 +487,7 @@ for more information and qubes-specific background. **Expected results**: Significant progress towards making the Qubes build process deterministic. This would likely involve cooperation with and hacking on several upstream build tools to eliminate sources of variability. -**Knoledge prerequisite**: qubes-builder [[1]](/doc/qubes-builder/) [[2]](/doc/qubes-builder-details/) [[3]](https://github.com/QubesOS/qubes-builder/tree/master/doc), and efficient at introspecting complex systems: comfortable with tracing and debugging tools, ability to quickly identify and locate issues within a large codebase (upstream build tools), etc. +**Knowledge prerequisite**: qubes-builder [[1]](/doc/qubes-builder/) [[2]](/doc/qubes-builder-details/) [[3]](https://github.com/QubesOS/qubes-builder/tree/master/doc), and efficient at introspecting complex systems: comfortable with tracing and debugging tools, ability to quickly identify and locate issues within a large codebase (upstream build tools), etc. **Mentor**: [Marek Marczykowski-Górecki](/team/) From 08d2d3b2ddf116539b3b1a35c8dc35183664b2b5 Mon Sep 17 00:00:00 2001 From: alcreator <24826469+alcreator@users.noreply.github.com> Date: Wed, 6 Feb 2019 14:23:07 +1100 Subject: [PATCH 040/103] GSOC Idea: Porting Qubes to ARM/aarch64 --- basics_dev/gsoc.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 0fa3e1e4..760dcc6b 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -491,6 +491,28 @@ for more information and qubes-specific background. **Mentor**: [Marek Marczykowski-Górecki](/team/) +### Porting Qubes to ARM/aarch64 + +**Project**: Porting Qubes to ARM/aarch64 + +**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for ARM32/ARM64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): +[#4318](https://github.com/QubesOS/qubes-issues/issues/4318). + +**Expected results**: + + - Add cross-compilation support to qubes-builder and related components. + - Make aarch64 specific adjustments to Qubes toolstacks/manager (including passthrough of devices from device tree to guest domains). + - Aarch64 specific integration and unit tests. + - Production of generic u-boot or uefi capable image/iso for target hardware. + +**Knowledge prerequisite**: + + - Libvirt and Qubes toolstacks (C and python languages). + - Xen debugging. + - General ARM architecture knowledge. + +**Mentor**: Inquire on [qubes-devel][ml-devel]. + ### Android development in Qubes **Project**: Research running Android in Qubes VM (probably HVM) and connecting it to Android Studio From 5b6c5dd5049197da1a0c4d169e55539a79190813 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 6 Feb 2019 14:37:30 +0100 Subject: [PATCH 041/103] Add new ideas for GSoC 2019, drop outdated/completed --- basics_dev/gsoc.md | 127 +++++++++++++++++++++++++++++---------------- 1 file changed, 83 insertions(+), 44 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index cefde781..cd616f2e 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -143,31 +143,72 @@ would override all the user changes there). More details: **Mentor**: [Marek Marczykowski-Górecki](/team/) -### Easy inter-VM networking configuration +### USB passthrough to Windows qubes -**Project**: Easy inter-VM networking configuration +**Project**: USB passthrough to Windows qubes -**Brief explanation**: Utility to easily configure selected VMs to be reachable (by network) from other VMs or outside network. Currently such configuration require adding iptables rules in multiple VMs manually. For exposing VM to outside network, it may be good to adopt qrexec-based TCP forwarding ([#2148](https://github.com/QubesOS/qubes-issues/issues/2148)). +**Brief explanation**: Add ability to use individual USB devices in Windows qubes. Right now the only option to do that, is to assign the whole USB controller (PCI device), which applies to all the devices connected to it. USB passthrough on Qubes is based on USBIP project, with transport over qrexec instead of TCP/IP. **Expected results**: -- support firewall rules for inter-VM traffic in qubes-firewall - both VM side (qubes-firewall service) and dom0 configuration side (relevant Admin API calls) -- mechanism for configuring firewall in target VM, especially INPUT iptables chain - currently it is hardcoded to drop new incoming connections -- convenient tool (or modification to existing tool) for controlling above mechanisms -- integration the above with existing GUI tools (especially VM settings) - -Relevant links: - - [Qubes networking and firewall documentation](/doc/firewall/) - - [qubes-firewall service code](https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubesagent/firewall.py) + - Evaluate possible approaches (including flexibility, compatibility and performance), suggested ideas: + - use [USBIP for Windows](https://github.com/cezuni/usbip-win) and make it work with qrexec - similar as done for Linux + - use qrexec+USBIP in Linux-based stubdomain and plug it into USB emulation in qemu + - Choose one approach, write (very simple) design documentation + - Write relevant new code (applies mostly for usbip-win case) + - Plug the mechanism into Qubes core toolstack ([Devices API](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-devices.html)) **Knowledge prerequisite**: -- iptables -- basics of nft -- python3 +- basic USB architecture knowledge (buses, devices, interfaces, functions) +- Python and Bash scripting +- C +- Windows USB stack and/or qemu USB stack **Mentor**: [Marek Marczykowski-Górecki](/team/) +### Dedicated Audio qube + +**Project**: Dedicated Audio qube + +**Brief explanation**: Moving audio subsystem from dom0 to a dedicated AudioVM and/or a preexisting VM (e.g sys-usb with attached usb audio device). This would allow using USB audio devices system-wide, without leaving a USB controller in dom0. [Relevant github issue](https://github.com/QubesOS/qubes-issues/issues/1590). + +**Expected results**: + +- Make audio virtualization components work with non-dom0 backend (in short: add configuration option for the backend, instead of assuming "dom0") +- Possibly per-qube setting what should be used as an AudioVM +- Make other audio-related tools work with the new setup, especially enabling/disabling microphone (`qvm-device mic`) and volume control. + +**Knowledge prerequisite**: + +- Pulseaudio +- C +- Python + +**Mentor**: [Marek Marczykowski-Górecki](/team/) + +### Qubes as a Vagrant provider + +**Project**: Qubes as a Vagrant provider + +**Brief explanation**: Currently using Vagrant on Qubes requires finding an image that uses Docker as isolation provider and running Docker in a qube, or downloading the Vagrantfile and manually setting up a qube according to the Vagrantfile. This project aims at simplifying this workflow. Since introduction of Admin API, it's possible for a qube to provision another qube - which is exactly what is needed for Vagrant. [Related discussion](https://groups.google.com/d/msgid/qubes-devel/535299ca-d16a-4a70-8223-a4ac6be4be41%40googlegroups.com) + +**Expected results**: + + - Design how Vagrant Qubes provider should look like, including: + - [box format](https://www.vagrantup.com/docs/plugins/providers.html#box-format) + - method for running commands inside (ssh vs qvm-run) + - Write a Vagrant provider able to create/start/stop/etc a VM + - Document how to configure and use the provider, including required qrexec policy changes and possibly firewall rules + - Write integration tests + +**Knowledge prerequisite**: + + - Ruby + - Vagrant concepts + +**Mentor**: [Wojtek Porczyk](/team/), [Marek Marczykowski-Górecki](/team/) + ### Mechanism for maintaining in-VM configuration **Project**: Mechanism for maintaining in-VM configuration @@ -186,7 +227,7 @@ Relevant links: - shell and/or python scripting - Qubes OS qrexec services -**Mentor**: [Marek Marczykowski-Górecki](/team/), [Wojtek Porczyk](/team/). +**Mentor**: [Frédéric Pierret](/team/) ### Wayland support in GUI agent and/or GUI daemon @@ -253,7 +294,7 @@ details: [#1552](https://github.com/QubesOS/qubes-issues/issues/1552), - Python and Bash scripting - Filesystems and block devices: loop devices, device-mapper, tmpfs, overlayfs, sparse files. -**Mentor**: [Marek Marczykowski-Górecki](/team/) +**Mentor**: [Frédéric Pierret](/team/) ### Unikernel-based firewallvm with Qubes firewall settings support @@ -271,32 +312,6 @@ details: [#1552](https://github.com/QubesOS/qubes-issues/issues/1552), **Mentor**: [Thomas Leonard](mailto:talex5@gmail.com), [Marek Marczykowski-Górecki](/team/) -### Thunderbird, Firefox and Chrome extensions - -**Project**: additional Thunderbird, Firefox and Chrome extensions - -**Brief explanation**: - -* browser/mail: open link in vm -* browser/mail: open link in dispvm -* browser: save destination to vm -* mail: add whitelisted senders option (address-based and signing key-based) [#845](https://github.com/QubesOS/qubes-issues/issues/845) - -**Expected results**: - - - Extend existing Thunderbird extension to decide on action (where to open/save attachments) based on message sender - recognized as email address, or signing key - - Add Firefox extension to open links in DisposableVM / selected VM (right-click option and a default action for not-whitelisted URLs/domains) - - The same for Chrome - - Add tests for above enhancements - - Update user documentation - -**Knowledge prerequisite**: - - - writing Thunderbird/Firefox extensions (XUL, javascript) - - writing Chrome extensions (javascript) - -**Mentor**: Inquire on [qubes-devel][ml-devel]. - ### LogVM(s) **Project**: LogVM(s) @@ -326,7 +341,7 @@ immune to altering past entries. See - systemd - Python/Bash scripting -**Mentor**: [Marek Marczykowski-Górecki](/team/) +**Mentor**: [Frédéric Pierret](/team/) ### Xen GPU pass-through for Intel integrated GPUs **Project**: Xen GPU pass-through for Intel integrated GPUs (largely independent of Qubes) @@ -415,6 +430,30 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618). **Mentor**: [Rafał Wojdyła](/team/) +### Unattended Windows installation + +**Project**: Unattended Windows installation + +**Brief explanation**: Simplify Windows usage by providing a tool that perform unattended installation given required input data (installation image, license key, user name, etc). Similar feature is already supported in other virtualization solutions, including VMWare Workstation and VirtualBox. [Related github issue](https://github.com/QubesOS/qubes-issues/issues/4688). + +**Expected results**: + + - A template for `autounattended.xml` file for Windows installer - the template should have placeholders for settings that need to be provided by the user. + - A tool for generating actual `autounattended.xml` file based on the template and user settings. + - A tool for launching Windows installation, given installation image and `autounattended.xml` file (can be the same as in the above point). + - (Optional) Unattended installation should also include Qubes Windows Tools. + - (Optional) A tool should be able to use Windows license embedded in ACPI tables - [related discussion](https://groups.google.com/d/msgid/qubes-devel/0b7fabae-f843-e7ce-40cf-193326cecdb0%40zrubi.hu) + - User documentation + - Automated tests (unit tests, integration tests) + +**Knowledge prerequisite**: + + - Python scripting + - Linux administration, including handling loop devices, partition tables, filesystems etc + - For optional features, C language and x86 architecture (ACPI tables) + +**Mentor**: [Rafał Wojdyła](/team/), [Marek Marczykowski-Górecki](/team/) + ### GNOME support in dom0 / GUI VM **Project**: GNOME support in dom0 @@ -449,7 +488,7 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618). - C language (patching metacity) - Probably also javascript - for modifying GNOME shell extensions -**Mentor**: [Marek Marczykowski-Górecki](/team/) +**Mentor**: [Frédéric Pierret](/team/), [Marek Marczykowski-Górecki](/team/) ### Generalize the Qubes PDF Converter to other types of files From 4769672e545c6cc7a1431133198a83a576c899d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 6 Feb 2019 14:40:19 +0100 Subject: [PATCH 042/103] Set myself as a mentor for porting Qubes for ARM project --- basics_dev/gsoc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index c2795a74..6e5d0b00 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -550,7 +550,7 @@ for more information and qubes-specific background. - Xen debugging. - General ARM architecture knowledge. -**Mentor**: Inquire on [qubes-devel][ml-devel]. +**Mentor**: [Marek Marczykowski-Górecki](/team/) ### Android development in Qubes From 51f45eecf83d5960d70dd6e332c379e94a07dbf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 6 Feb 2019 14:42:54 +0100 Subject: [PATCH 043/103] Add GSoC page to the doc index --- doc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc.md b/doc.md index 7c3e1f0e..259c91ef 100644 --- a/doc.md +++ b/doc.md @@ -211,6 +211,7 @@ redirect_from: * [Documentation Guidelines](/doc/doc-guidelines/) * [Code Signing](/doc/code-signing/) * [Community-Developed Feature Tracker](/qubes-issues/) + * [Google Summer of Code](/gsoc/) * [Books for Developers](/doc/devel-books/) * [Style Guide](/doc/style-guide/) * [Usability & UX](/doc/usability-ux/) From 253b5da05b61a506b8eb1104984bb85fd914b8d2 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 20:34:26 +0700 Subject: [PATCH 044/103] Fix typo "passsthrough" --- managing-os/windows/windows-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/windows/windows-tools.md b/managing-os/windows/windows-tools.md index 8ce1f196..0610bbd0 100644 --- a/managing-os/windows/windows-tools.md +++ b/managing-os/windows/windows-tools.md @@ -26,7 +26,7 @@ NOTES: - Qubes Windows Tools are currently unmaintained - Currently only 64-bit versions of Windows 7 are supported by Qubes Windows Tools. Only emulated SVGA GPU is supported (although [there has been reports](https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA) on working GPU pass-through). - There is currently no audio support for Windows HVMs. -- There is currently no USB passsthrough support for Windows HVMs. +- There is currently no USB pass-through support for Windows HVMs. - __This page documents the process of installing Qubes Windows Tools on versions up to R3.2.__. Installation on Qubes R4.0 is possible but is a work in progress and there are limitations/bugs (see [issue #3585](https://github.com/QubesOS/qubes-issues/issues/3585)). From 9d687e8b7d19da2639c534026139e3be74a0b96c Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 20:50:22 +0700 Subject: [PATCH 045/103] Fix typo: "acccess" --- about/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/about/faq.md b/about/faq.md index 75c12aec..c666f9ca 100644 --- a/about/faq.md +++ b/about/faq.md @@ -262,7 +262,7 @@ Now, how does this apply to Qubes OS? The above attack requires access to a PCI device, which means that it can be performed only from NetVM / UsbVM, so someone must first break into one of those VMs. But this isn't that hard, because there is a lot of complex code handling network traffic. Recent bugs include DHCP client, DNS client, etc. -Most attacks on NetVM / UsbVM (but not all!) require being somewhat close to the target system - for example connected to the same WiFi network, or in the case of a UsbVM, having physical acccess to a USB port. +Most attacks on NetVM / UsbVM (but not all!) require being somewhat close to the target system - for example connected to the same WiFi network, or in the case of a UsbVM, having physical access to a USB port. ### Can I use AMD-v instead of VT-x? From ec997acbb4ab14627c28f2a461d9158747f1f77b Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 21:13:43 +0700 Subject: [PATCH 046/103] Fix typo: "enviroment" --- common-tasks/tips-and-tricks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-tasks/tips-and-tricks.md b/common-tasks/tips-and-tricks.md index 91349303..f3419984 100644 --- a/common-tasks/tips-and-tricks.md +++ b/common-tasks/tips-and-tricks.md @@ -46,7 +46,7 @@ Preventing data leaks --------------------- First make sure to read [Understanding and Preventing Data Leaks](/doc/data-leaks/) section to understand the limits of this tip. -Suppose that you have within a not so trusted enviroment - for example, a Windows VM - an application that tracks and reports its usage, or you simply want to protect your data. +Suppose that you have within a not so trusted environment - for example, a Windows VM - an application that tracks and reports its usage, or you simply want to protect your data. Start the Windows TemplateVM (which has no user data), install/upgrade apps; then start Windows AppVM (with data) in offline mode. So, if you worry (hypothetically) that your Windows or app updater might want to send your data away, this Qubes OS trick will prevent this. This applies also to any TemplateBasedVM relative to its parent TemplateVM, but the privacy risk is especially high in the case of Windows. From 9d5d88f2674f57dc728e1998199483b406657002 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 21:18:08 +0700 Subject: [PATCH 047/103] Fix typo: "thow" and remove extraspaces Fix typo: "thow" and remove extraspaces --- managing-os/templates/debian.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/managing-os/templates/debian.md b/managing-os/templates/debian.md index 82d93c2f..447ed13d 100644 --- a/managing-os/templates/debian.md +++ b/managing-os/templates/debian.md @@ -96,11 +96,11 @@ The lesson is that you should carefully look at what is being installed to your By default, templates in 4.0 only have a loopback interface. -Some packages will thow an error on installation in this situation. For example, Samba expects to be configured using a network interface post installation. +Some packages will throw an error on installation in this situation. For example, Samba expects to be configured using a network interface post installation. One solution is to add a dummy interface to allow the package to install correctly: - ip link add d0 type dummy + ip link add d0 type dummy ip addr add 192.168.0.1/24 dev d0 ip link set d0 up From b17678d4a7962b2beeff91bb1295b17251dfd828 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 21:22:18 +0700 Subject: [PATCH 048/103] Fix typo: "offical" Fix typo: "offical" --- managing-os/pentesting/kali.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md index 7d4cc774..08e03362 100644 --- a/managing-os/pentesting/kali.md +++ b/managing-os/pentesting/kali.md @@ -29,7 +29,7 @@ Kali Linux is the most widely used penetration testing Linux distribution. There are multiple ways to create a Kali Linux VM: - 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm3_2). + 1. Create a HVM and use the official ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm3_2). 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution: - using [katoolin]. Explained [here](#katoolin3_2). - manually. Explained [here](#templatevm-from-debian3_2). @@ -321,7 +321,7 @@ Kali Linux is the most widely used penetration testing Linux distribution. There are multiple ways to create a Kali Linux VM: - 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm4_0). + 1. Create a HVM and use the official ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm4_0). 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution: - using [katoolin]. Explained [here](#katoolin4_0). - manually. Explained [here](#templatevm-from-debian4_0). From 7bb45a06b65f3858c29a65834f5a1d539d445660 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 21:29:59 +0700 Subject: [PATCH 049/103] Fix typo: "defintions" Fix typo: "defintions" --- security/split-gpg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/split-gpg.md b/security/split-gpg.md index 94bf4d0d..f5455009 100644 --- a/security/split-gpg.md +++ b/security/split-gpg.md @@ -256,7 +256,7 @@ unparalleled security for one's master secret key. ### Setup Description ### In this example, the following keys are stored in the following locations -(see below for defintions of these terms): +(see below for definitions of these terms): | PGP Key(s) | VM Name | | ---------- | ------------ | From 4b8fe46ee672f72430124af3c137c7e1784cf045 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 21:43:10 +0700 Subject: [PATCH 050/103] Fix typo: "trafic" Fix typo: "trafic" --- configuration/network-bridge-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/network-bridge-support.md b/configuration/network-bridge-support.md index 4df4c5f0..822d991f 100644 --- a/configuration/network-bridge-support.md +++ b/configuration/network-bridge-support.md @@ -47,7 +47,7 @@ An option is available in the AppVM Settings to enable setting the NetVM in brid NetVM patch (Qubes R2B2) ------------------------ -You need to modify manually the NetVM iptable script inside the NetVM. The reason is that by default the NetVM only accepts traffic coming from network interfaces called vif\* (in our case, we will use an additional interface called bridge0. The second reason is that all trafic is NATed by default. In our case, we want to forward traffic from the bridge interface without modifying it, while NATing traffic coming from vif\* interfaces. +You need to modify manually the NetVM iptable script inside the NetVM. The reason is that by default the NetVM only accepts traffic coming from network interfaces called vif\* (in our case, we will use an additional interface called bridge0. The second reason is that all traffic is NATed by default. In our case, we want to forward traffic from the bridge interface without modifying it, while NATing traffic coming from vif\* interfaces. Modify manually the Template you use for your NetVM (not the NetVM itself). This is by default fedora-x86\_64. Edit the file /etc/sysconfig/iptables. You need to modify two parts of the file. From 6b36509b2bac6c3a967f3b6c4a41f3ad37146c9a Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 21:57:55 +0700 Subject: [PATCH 051/103] Fix typo: "becuase" Fix typo: "becuase" --- customization/disposablevm-customization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/customization/disposablevm-customization.md b/customization/disposablevm-customization.md index 6394b45a..67ac6c40 100644 --- a/customization/disposablevm-customization.md +++ b/customization/disposablevm-customization.md @@ -18,7 +18,7 @@ Security If a DVM Template becomes compromised, then any DisposableVM based on that DVM Template could be compromised. Therefore, you should not make any risky customizations (e.g., installing untrusted browser plugins) in important DVM Templates. -In particular, the *default* DVM Template is important becuase it is used by the "Open in DisposableVM" feature. +In particular, the *default* DVM Template is important because it is used by the "Open in DisposableVM" feature. This means that it will have access to everything that you open with this feature. For this reason, it is strongly recommended that you base the default DVM Template on a trusted TemplateVM and refrain from making any risky customizations to it. From 1f7545f54c65e3677bf9adfae996468016e5d98c Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 22:02:40 +0700 Subject: [PATCH 052/103] Fox broken page layout Fox broken page layout --- customization/fedora-minimal-template-customization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/customization/fedora-minimal-template-customization.md b/customization/fedora-minimal-template-customization.md index 7cc1a4b0..d4280f24 100644 --- a/customization/fedora-minimal-template-customization.md +++ b/customization/fedora-minimal-template-customization.md @@ -156,9 +156,9 @@ Choose theme packages for each framework. I recommend the following documentatio > clearlooks-phenix-gtk2-theme clearlooks-phenix-gtk3-theme -You can search for other themes using dnf search theme gtk +You can search for other themes using `dnf search theme gtk`. -You can check your currently installed theme packages (to eventually remove them) using rpm -qa | grep theme +You can check your currently installed theme packages (to eventually remove them) using `rpm -qa | grep theme`. ### Tweaking theme and appearance From 813d392cdeb8df687776cd7d5c9b4feed31c6918 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 22:16:40 +0700 Subject: [PATCH 053/103] Fix several typos and small problems Fix several typos and small problems (e.g. "parition", "empy"). --- troubleshooting/macbook-troubleshooting.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/troubleshooting/macbook-troubleshooting.md b/troubleshooting/macbook-troubleshooting.md index ca7d1fd9..5743a67b 100644 --- a/troubleshooting/macbook-troubleshooting.md +++ b/troubleshooting/macbook-troubleshooting.md @@ -180,7 +180,7 @@ For security reasons, you should install Qubes using the whole disk. I preferred Download and prepare a USB with Qubes 3.2 You can install Qubes using BIOS or UEFI: -* BIOS/CSM/Legacy: I have not been able to install using legagy, but I did not spend a lot of time on it. +* BIOS/CSM/Legacy: I have not been able to install using legacy, but I did not spend a lot of time on it. * UEFI plain: grub menu appears, but any gave me a quick flash and returned the main menu. I can boot it manually fixing the grub.cfg file, adding commands linuexefi and initrdefi, pointing proper files in /efi/boot. After boot, I end up with no root file system. * UEFI, using rEFInd: I have been successful, despite some issues to be fixed manually, after installation completion * download [rEFInd] refind-bin-0.10.4.zip: this file is not signed, so decide if you trust it or not. SHA1 sum is 3d69c23b7d338419e5559a93cd6ae3ec66323b1e @@ -197,12 +197,12 @@ You can install Qubes using BIOS or UEFI: * As a general rule, keep the default values proposed during installation: you can change them later on * Keep English, as language, locale -* My macbook has a US keyboard, so I cannot say what happens if you change keyboard layout +* My Macbook has a US keyboard, so I cannot say what happens if you change keyboard layout * DO NOT CHANGE the timezone, because it will trigger the wifi card, leading to a system freeze * Choose the "installation destination": do not change anything and press DONE button * Insert your password for Full Disk Encryption * If you do not already have free space on internal SSD disk, you will be prompted to reclaim some space: -* If you shrunk OSX partition, disk utility left an empy partition: delete useless partition (eg: if you shrunk OSX parition, diskutil created an empty partition) +* If you shrunk OSX partition, disk utility left an empty partition: delete useless partition (e.g.: if you shrunk OSX partition, diskutil created an empty partition) * Press on "reclaim space" * Press on "begin installation" * create your user and password @@ -279,7 +279,7 @@ Everything should now be ok, Qubes OS boots using EFI and you will get the last ### 6. Fix pulseaudio, which locks CPU freezing the system often for 20 seconds -My macbook has frequent freezes. Looking at journalctl output I saw that pulseaudio locks CPU for 20 seconds, very often. +My Macbook has frequent freezes. Looking at journalctl output I saw that pulseaudio locks CPU for 20 seconds, very often. You can fix this issue, killing audio support with this quick workaround: * open a dom0 terminal, as root and edit /etc/pulse/client.conf @@ -303,7 +303,7 @@ You can fix this issue, killing audio support with this quick workaround: Press Fn+F2 and complete setup * reboot and you finally have your Qubes OS * DO NOT launch sys-net machine -* Open its setting and remove wifi adapter from the Selected devices, using Qubes Manager or use the following command line. Get the BFD of the adapter and remove it. On my macbook BFD is 04:00.0 and you will use it later on, also +* Open its setting and remove wifi adapter from the Selected devices, using Qubes Manager or use the following command line. Get the BFD of the adapter and remove it. On my Macbook BFD is 04:00.0 and you will use it later on, also ~~~ qvm-pci -l sys-net qvm-pci -d sys-net 04:00.0 @@ -319,7 +319,7 @@ qvm-start sys-net xl pci-attach sys-net 04:00.0 ~~~ -These latest steps are required to launch sys-net with wifi access. They can be automated in a custom systemd service +These latest steps are required to launch sys-net with wifi access. They can be automated in a custom systemd service. From afb14854c4ca471ef8224c44acf148f284c8fe7e Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Fri, 8 Feb 2019 22:18:22 +0700 Subject: [PATCH 054/103] Fix typo: "relflashing" Fix typo: "relflashing" --- troubleshooting/sony-vaio-tinkering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/troubleshooting/sony-vaio-tinkering.md b/troubleshooting/sony-vaio-tinkering.md index b029f01a..022e8bfa 100644 --- a/troubleshooting/sony-vaio-tinkering.md +++ b/troubleshooting/sony-vaio-tinkering.md @@ -24,7 +24,7 @@ If you think you are ready to reflash you BIOS, here are the instructions that w [http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html) -**WARNING**: We take absolutely no responsibility that the BIOS relflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. +**WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied tha patched image. If you don't know what are you doing, just get a different laptop, really! From d6814049663013b86c3e557d3da34fe96bd88c17 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Sat, 9 Feb 2019 19:45:41 +0700 Subject: [PATCH 055/103] Update windows-tools.md --- managing-os/windows/windows-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/windows/windows-tools.md b/managing-os/windows/windows-tools.md index 8ce1f196..b60a15ec 100644 --- a/managing-os/windows/windows-tools.md +++ b/managing-os/windows/windows-tools.md @@ -24,7 +24,7 @@ Qubes Windows Tools are open source and are distributed under a GPL license. NOTES: - Qubes Windows Tools are currently unmaintained -- Currently only 64-bit versions of Windows 7 are supported by Qubes Windows Tools. Only emulated SVGA GPU is supported (although [there has been reports](https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA) on working GPU pass-through). +- Currently only 64-bit versions of Windows 7 are supported by Qubes Windows Tools. Only emulated SVGA GPU is supported (although [there has been reports](https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA) on working GPU passthrough). - There is currently no audio support for Windows HVMs. - There is currently no USB passsthrough support for Windows HVMs. - __This page documents the process of installing Qubes Windows Tools on versions up to R3.2.__. Installation on Qubes R4.0 is possible but is a work in progress and there are limitations/bugs (see [issue #3585](https://github.com/QubesOS/qubes-issues/issues/3585)). From 4c21ba3a24586df09a247306eb9fb4140a816a21 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Sat, 9 Feb 2019 19:45:51 +0700 Subject: [PATCH 056/103] Update assigning-devices.md --- configuration/assigning-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configuration/assigning-devices.md b/configuration/assigning-devices.md index d2ee6543..a5ee7bd4 100644 --- a/configuration/assigning-devices.md +++ b/configuration/assigning-devices.md @@ -12,7 +12,7 @@ Assigning Devices to VMs ======================== Sometimes you may need to assign an entire PCI or PCI Express device directly to a qube. -This is also known as PCI pass-through. +This is also known as PCI passthrough. The Qubes installer does this by default for `sys-net` (assigning all network class controllers), as well as `sys-usb` (assigning all USB controllers) if you chose to create the USB qube during install. While this covers most use cases, there are some occasions when you may want to manually assign one NIC to `sys-net` and another to a custom NetVM, or have some other type of PCI controller you want to manually assign. @@ -84,7 +84,7 @@ This will show you a list of available devices, which you can select to be assig Finding the right USB controller -------------------------------- -Some USB devices are not compatible with the USB pass-through method Qubes employs. +Some USB devices are not compatible with the USB passthrough method Qubes employs. In situations like this, you can still often get the USB device to work by passing through the entire USB controller to a qube. However, with this approach one cannot assign single USB devices, only the whole USB controller with whatever USB devices are connected to it. More information on using and managing USB devices with qubes is available on the [USB] page. From 23177cc1bc9bcf95f28cc5a241aad51ecf97cc93 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Sat, 9 Feb 2019 19:45:58 +0700 Subject: [PATCH 057/103] Update gsoc.md --- basics_dev/gsoc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 6e5d0b00..a321201c 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -343,8 +343,8 @@ immune to altering past entries. See **Mentor**: [Frédéric Pierret](/team/) -### Xen GPU pass-through for Intel integrated GPUs -**Project**: Xen GPU pass-through for Intel integrated GPUs (largely independent of Qubes) +### Xen GPU passthrough for Intel integrated GPUs +**Project**: Xen GPU passthrough for Intel integrated GPUs (largely independent of Qubes) **Brief explanation**: This project is prerequisite to full GUI domain support, where all desktop environment is running in dedicated VM, isolated from From dcc2d545ef74050bc12da1dbae3be92eaf3cf963 Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Sun, 10 Feb 2019 11:11:20 +0700 Subject: [PATCH 058/103] Fix typo --- customization/bind-dirs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/customization/bind-dirs.md b/customization/bind-dirs.md index 7dbdca99..b8a327b1 100644 --- a/customization/bind-dirs.md +++ b/customization/bind-dirs.md @@ -72,7 +72,7 @@ If you want to circumvent this process, you can create the relevant filestructur * Re-running `sudo /usr/lib/qubes/bind-dirs.sh` without a previous `sudo /usr/lib/qubes/bind-dirs.sh umount` does not work. * Running `sudo /usr/lib/qubes/bind-dirs.sh umount` after boot (before shutdown) is probably not sane and nothing can be done about that. * Many editors create a temporary file and copy it over the original file. If you have bind mounted an individual file this will break the mount. -Any changes you make will not survive a reboot. If you think it likely you will want to edit a file, then either include the parent directory in bind-dirs.rather than the file, or perform the file operation on the file in /rw/bind-dirs. +Any changes you make will not survive a reboot. If you think it likely you will want to edit a file, then either include the parent directory in bind-dirs rather than the file, or perform the file operation on the file in /rw/bind-dirs. * Some files are altered when a qube boots - e.g. /etc/hosts. If you try to use bind-dirs on such files you may break your qube in unpredictable ways. From 0ea0c5e3ad1a0cf4b1de2f59340d419bf915362b Mon Sep 17 00:00:00 2001 From: jamke <47451874+jamke@users.noreply.github.com> Date: Sun, 10 Feb 2019 12:01:14 +0700 Subject: [PATCH 059/103] Add solution to make persistent rules in /etc/hosts Add solution to make persistent rules in /etc/hosts. I checked that it works, but I hope the approach will be checked before approval for being qubes-way and clean enough. If it's not, different solution should be provided to modify /etc/hosts permanently for TemplateBasedVMs, because, it seems, there is no one in the documentation. --- customization/bind-dirs.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/customization/bind-dirs.md b/customization/bind-dirs.md index 7dbdca99..1b84f152 100644 --- a/customization/bind-dirs.md +++ b/customization/bind-dirs.md @@ -73,7 +73,16 @@ If you want to circumvent this process, you can create the relevant filestructur * Running `sudo /usr/lib/qubes/bind-dirs.sh umount` after boot (before shutdown) is probably not sane and nothing can be done about that. * Many editors create a temporary file and copy it over the original file. If you have bind mounted an individual file this will break the mount. Any changes you make will not survive a reboot. If you think it likely you will want to edit a file, then either include the parent directory in bind-dirs.rather than the file, or perform the file operation on the file in /rw/bind-dirs. -* Some files are altered when a qube boots - e.g. /etc/hosts. If you try to use bind-dirs on such files you may break your qube in unpredictable ways. +* Some files are altered when a qube boots - e.g. `/etc/hosts`. If you try to use bind-dirs on such files you may break your qube in unpredictable ways. + +You can add persistent rules to `/etc/hosts` file using script `/rw/config/rc.local` that is designed to override configuration in /etc, starting services and etc. For example, to make software inside some TemplateBasedVM resolving the domain `example.com` as `127.0.0.1` open `/rw/config/rc.local` inside this TemplateBasedVM and add: + +~~~ +echo '127.0.0.1 example.com' >> /etc/hosts +~~~ + +After every boot of the TemplateBasedVM `rc.local` script will add line `127.0.0.1 example.com` to `/etc/hosts` file and the software inside the TemplateBasedVM will resolve domain `example.com` accordingly. You cam add several rules to `/etc/hosts` the same way. + ## How to remove binds from bind-dirs.sh? ## From a838306d2892aa1d29b55f9eb54b68bf4bfdb358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 10 Feb 2019 22:48:07 +0100 Subject: [PATCH 060/103] builder: explain how to use Qubes pre-built packages QubesOS/qubes-issues#4788 --- building/qubes-builder.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/building/qubes-builder.md b/building/qubes-builder.md index 7cabbc29..62415811 100644 --- a/building/qubes-builder.md +++ b/building/qubes-builder.md @@ -135,6 +135,20 @@ If you want to somehow modify sources, you can also do it, here are some basic s make iso +### Use pre-build Qubes packages + +For building just few selected packages, it's very useful to download pre-built qubes-specific dependencies from `{yum,deb}.qubes-os.org`. This is especially true for gcc, which takes several hours to build. + +Before creating the chroot, add to your builder.conf + + USE_QUBES_REPO_VERSION = $(RELEASE) + +It will add the 'current' Qubes repository to your chroot environment. In that case, you can build only the packages you are interested in. If you want to use also the 'current-testing' repository, add also to your configuration + + USE_QUBES_REPO_TESTING = 0 + +Please note that if you have an existing chroot, this will not add the necessary configuration into the build environement. In that case, you will have to clean first your chroot. + Code verification keys management --------------------------------- From 3daf19985f995bf758088a1ca019fecf7dc8f80b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 10 Feb 2019 23:31:53 +0100 Subject: [PATCH 061/103] Adjust explaination with respect to Marek's comment https://github.com/fepitre/qubes-doc/commit/a838306d2892aa1d29b55f9eb54b68bf4bfdb358 --- building/qubes-builder.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/building/qubes-builder.md b/building/qubes-builder.md index 62415811..82634d68 100644 --- a/building/qubes-builder.md +++ b/building/qubes-builder.md @@ -145,9 +145,11 @@ Before creating the chroot, add to your builder.conf It will add the 'current' Qubes repository to your chroot environment. In that case, you can build only the packages you are interested in. If you want to use also the 'current-testing' repository, add also to your configuration - USE_QUBES_REPO_TESTING = 0 + USE_QUBES_REPO_TESTING = 1 -Please note that if you have an existing chroot, this will not add the necessary configuration into the build environement. In that case, you will have to clean first your chroot. +In case of an existing chroot, for mock-enabled builds, it works immediately because chroot is constructed each time separately. For legacy builds, it will not add the necessary configuration into the build environement unless specific builder change or configuration would force rebuilding chroot. + +Also, once enabled, disabling this setting will not disable repositories in relevant chroots. And even if it would, there may be left packages installed from those repos (which may or may not be desirable). Code verification keys management --------------------------------- From 4138c85ec061549962876a0ef87c63dacda2ce8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 11 Feb 2019 16:16:42 +0100 Subject: [PATCH 062/103] FAQ: add info how to detect Qubes VM Fixes QubesOS/qubes-issues#1963 --- about/faq.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/about/faq.md b/about/faq.md index c666f9ca..375237bc 100644 --- a/about/faq.md +++ b/about/faq.md @@ -579,3 +579,8 @@ Arguably secure boot reliance on UEFI integrity is not the best design. The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested. Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS. See the Heads project [[1]](https://trmm.net/Heads) [[2]](http://osresearch.net/) for a better-designed non-UEFI-based secure boot scheme with very good support for Qubes. + +### What is the canonical way to detect Qubes VM? + +Check `/usr/share/qubes/marker-vm` file existence. Additionally, its last line contains Qubes release version (`3.2`, `4.0` etc). +The file was introduced after initial Qubes 3.2 and 4.0 release. If you need to support not-fully-updated systems, check `/usr/bin/qrexec-client-vm` existence. From 3a8624ed20dccffd0b78db875a2ea90e69707429 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 11 Feb 2019 23:36:39 -0600 Subject: [PATCH 063/103] Clean up text --- building/qubes-builder.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/building/qubes-builder.md b/building/qubes-builder.md index 82634d68..0aefb037 100644 --- a/building/qubes-builder.md +++ b/building/qubes-builder.md @@ -135,21 +135,26 @@ If you want to somehow modify sources, you can also do it, here are some basic s make iso -### Use pre-build Qubes packages +### Use pre-built Qubes packages -For building just few selected packages, it's very useful to download pre-built qubes-specific dependencies from `{yum,deb}.qubes-os.org`. This is especially true for gcc, which takes several hours to build. +For building just few selected packages, it's very useful to download pre-built qubes-specific dependencies from `{yum,deb}.qubes-os.org`. +This is especially true for `gcc`, which takes several hours to build. -Before creating the chroot, add to your builder.conf +Before creating the `chroot`, add this to your `builder.conf`: USE_QUBES_REPO_VERSION = $(RELEASE) -It will add the 'current' Qubes repository to your chroot environment. In that case, you can build only the packages you are interested in. If you want to use also the 'current-testing' repository, add also to your configuration +It will add the 'current' Qubes repository to your `chroot` environment. +This way, you can build only the packages you are interested in. +If you also want to use the 'current-testing' repository, add this to your configuration: USE_QUBES_REPO_TESTING = 1 -In case of an existing chroot, for mock-enabled builds, it works immediately because chroot is constructed each time separately. For legacy builds, it will not add the necessary configuration into the build environement unless specific builder change or configuration would force rebuilding chroot. +In the case of an existing `chroot`, for mock-enabled builds, it works immediately because `chroot` is constructed each time separately. +For legacy builds, it will not add the necessary configuration into the build environment unless a specific builder change or configuration would force rebuilding chroot. -Also, once enabled, disabling this setting will not disable repositories in relevant chroots. And even if it would, there may be left packages installed from those repos (which may or may not be desirable). +Also, once enabled, disabling this setting will not disable repositories in relevant chroots. +And even if it did, there could be leftover packages installed from those repos (which may or may not be desirable). Code verification keys management --------------------------------- From 9ace8bd0947fe5f7c43d9ff2a8610fdc6cb8365f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 11 Feb 2019 23:38:52 -0600 Subject: [PATCH 064/103] Remove unnecessary ellipsis --- managing-os/templates/fedora-minimal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/templates/fedora-minimal.md b/managing-os/templates/fedora-minimal.md index 13b8afac..4bafa214 100644 --- a/managing-os/templates/fedora-minimal.md +++ b/managing-os/templates/fedora-minimal.md @@ -67,7 +67,7 @@ Use case | Description | Required steps Use case | Description | Required steps --- | --- | --- **Standard utilities** | If you need the commonly used utilities | Install the following packages: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` -**Audio** | If you want sound from your VM... | Install `pulseaudio-qubes` +**Audio** | If you want sound from your VM | Install `pulseaudio-qubes` **FirewallVM** | You can use the minimal template as a [FirewallVM](/doc/firewall/), such as the basis template for `sys-firewall` | Install at least `qubes-core-agent-networking` and `iproute`, and also `qubes-core-agent-dom0-updates` if you want to use it as the updatevm (which is normally sys-firewall). **NetVM** | You can use this template as the basis for a NetVM such as `sys-net` | Install the following packages: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `dejavu-sans-fonts` `notification-daemon` `gnome-keyring` `polkit` `@hardware-support`. **NetVM (extra firmware)** | If your network devices need extra packages for the template to work as a network VM | Use the `lspci` command to identify the devices, then run `dnf search firmware` (replace `firmware` with the appropriate device identifier) to find the needed packages and then install them. From 35ad95a23f7ea01b558f7463bf7824594d30ccde Mon Sep 17 00:00:00 2001 From: tlaurion Date: Tue, 12 Feb 2019 09:10:48 -0500 Subject: [PATCH 065/103] ppc64 port suggestion Duplicate ARM entry for PPC64. --- basics_dev/gsoc.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index a321201c..b480e5ce 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -552,6 +552,28 @@ for more information and qubes-specific background. **Mentor**: [Marek Marczykowski-Górecki](/team/) +### Porting Qubes to POWER9/PPC64 + +**Project**: Porting Qubes to POWER9/PPC64 + +**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for Power9/PPC64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): +[#4318](https://github.com/QubesOS/qubes-issues/issues/4318). + +**Expected results**: + + - Add cross-compilation support to qubes-builder and related components. + - Make ppc64 specific adjustments to Qubes toolstacks/manager (including passthrough of devices from device tree to guest domains). + - ppc64 specific integration and unit tests. + - Production of generic u-boot or uefi capable image/iso for target hardware. + +**Knowledge prerequisite**: + + - Libvirt and Qubes toolstacks (C and python languages). + - Xen debugging. + - General ARM architecture knowledge. + +**Mentor**: [Marek Marczykowski-Górecki](/team/) + ### Android development in Qubes **Project**: Research running Android in Qubes VM (probably HVM) and connecting it to Android Studio From f7a20ed062509a3d04eeb89f25c95a9cdac8a6f4 Mon Sep 17 00:00:00 2001 From: tlaurion Date: Wed, 13 Feb 2019 13:19:44 -0500 Subject: [PATCH 066/103] PPC64 gsoc changes Corrections related to KVM and replacement of ARM missed reference. --- basics_dev/gsoc.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index b480e5ce..782c2884 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -556,7 +556,7 @@ for more information and qubes-specific background. **Project**: Porting Qubes to POWER9/PPC64 -**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for Power9/PPC64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): +**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen currently has NO support for Power9/PPC64 processors, KVM related modifications needs to be done to integrate this into the Qubes virtualization abstraction layer and build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). **Expected results**: @@ -569,8 +569,8 @@ for more information and qubes-specific background. **Knowledge prerequisite**: - Libvirt and Qubes toolstacks (C and python languages). - - Xen debugging. - - General ARM architecture knowledge. + - KVM internals + - General ppc64 architecture knowledge. **Mentor**: [Marek Marczykowski-Górecki](/team/) From 20148497cb2699528ef96e603c1b986cec3055a5 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 15 Feb 2019 00:33:48 -0600 Subject: [PATCH 067/103] Replace old HTTPS repo warning with APT vuln warning --- installing/installation-guide.md | 36 +++++--------------------------- 1 file changed, 5 insertions(+), 31 deletions(-) diff --git a/installing/installation-guide.md b/installing/installation-guide.md index 62265cbf..a097583c 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -28,37 +28,11 @@ Therefore, we *strongly* recommended that, prior to starting the Qubes installer Furthermore, if you are installing Qubes on a potentially compromised system, we *strongly* recommended that you wipe your target installation disk before starting the installer. -Qubes 4.0 Warning ------------------ +Qubes 4.0.1 Warning +------------------- -In new installations of Qubes 4.0, the following steps may need to be applied in dom0 and Fedora 26 TemplateVMs in order to receive updates (see [#3737]). - -Steps for dom0 updates: - -1. Open the Qubes Menu by clicking on the "Q" icon in the top-left corner of the screen. -2. Select `Terminal Emulator`. -3. In the window that opens, enter this command: - - sudo nano /etc/yum.repos.d/qubes-dom0.repo - -4. This opens the nano text editor. Change all four instances of `http` to `https`. -5. Press `CTRL+X`, then `Y`, then `ENTER` to save changes and exit. -6. Check for updates normally. - -Steps for Fedora 26 TemplateVM updates: - -1. Open the Qubes Menu by clicking on the "Q" icon in the top-left corner of the screen. -2. Select `Template: fedora-26`, then `fedora-26: Terminal`. -3. In the window that opens, enter the command for your version: - - [Qubes 3.2] sudo gedit /etc/yum.repos.d/qubes-r3.repo - [Qubes 4.0] sudo gedit /etc/yum.repos.d/qubes-r4.repo - -4. This opens the gedit text editor in a window. Change all four instances of `http` to `https`. -5. Click the "Save" button in the top-right corner of the window. -6. Close the window. -7. Check for updates normally. -8. Shut down the TemplateVM. +After installing Qubes 4.0.1, please install fresh APT-based (e.g., Debian and Whonix) TemplateVMs in order to be protected from the APT update mechanism vulnerability that was patched after the release of 4.0.1. +For instructions and further details, please see [QSB #46]. Hardware Requirements @@ -168,7 +142,7 @@ Getting Help [Bug 1374983]: https://bugzilla.redhat.com/show_bug.cgi?id=1374983 [Bug 1268700]: https://bugzilla.redhat.com/show_bug.cgi?id=1268700 [#2835]: https://github.com/QubesOS/qubes-issues/issues/2835 -[#3737]: https://github.com/QubesOS/qubes-issues/issues/3737 +[QSB #46]: /news/2019/01/23/qsb-46/ [system requirements]: /doc/system-requirements/ [Hardware Compatibility List]: /hcl/ [live USB]: /doc/live-usb/ From 82e94c1a04988e1c07554ea688d23e97f94105f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 15 Feb 2019 20:31:19 +0100 Subject: [PATCH 068/103] Describe expected files in /var/lib/qubes/vm-kernels/*/ --- configuration/managing-vm-kernel.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/configuration/managing-vm-kernel.md b/configuration/managing-vm-kernel.md index fe2616dc..87f77605 100644 --- a/configuration/managing-vm-kernel.md +++ b/configuration/managing-vm-kernel.md @@ -207,6 +207,18 @@ mke2fs 1.42.12 (29-Aug-2014) --> Done. ~~~ +Kernel files structure +----------------------- + +Kernel for a VM is stored in `/var/lib/qubes/vm-kernels/KERNEL_VERSION` directory (`KERNEL_VERSION` replaced with actual version). Qubes supports the following files there: + +- `vmlinuz` - kernel binary (may not be a Linux kernel) +- `initramfs` - initramfs for the kernel to load +- `modules.img` - ext4 filesystem image containing Linux kernel modules (to be mounted at `/lib/modules`); additionally it should contain a copy of `vmlinuz` and `initramfs` in its root directory (for loading by qemu inside stubdomain) +- `default-kernelopts.txt` - default kernel options, in addition to those specified with `kernelopts` VM property + +All the files besides `vmlinuz` are optional. + Using kernel installed in the VM (R4.0) -------------------------------- From 0ac02ff40ceb41f99988bf5df05b1408f10ee1eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 15 Feb 2019 22:21:02 +0100 Subject: [PATCH 069/103] Accessing installer Rescue mode on UEFI --- troubleshooting/uefi-troubleshooting.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/troubleshooting/uefi-troubleshooting.md b/troubleshooting/uefi-troubleshooting.md index 8c4e75a6..a0d096bb 100644 --- a/troubleshooting/uefi-troubleshooting.md +++ b/troubleshooting/uefi-troubleshooting.md @@ -225,3 +225,13 @@ If that's not an option there, or legacy mode does not work either, you can try 7. Continue with setting up default templates and logging in to Qubes. Whenever there is a kernel or Xen update for Qubes, you will need to follow these [other steps above](/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing) because your system is using the fallback UEFI bootloader in `[...]/EFI/BOOT` instead of directly booting to the Qubes entry under `[...]/EFI/qubes`. + +Accessing installer Rescue mode on UEFI +--------------------------------------- + +In UEFI mode installer do not have boot menu, but starts directly the installation wizard. To get into Rescue mode, you need to switch to tty2 (Ctrl+Alt+F2) and then execute: + +~~~ +pkill -9 anaconda +anaconda --rescue +~~~ From 58901695283739dec6b2bce3ba937db7cd28fbf8 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 15 Feb 2019 23:09:33 -0600 Subject: [PATCH 070/103] Recommend simpler template upgrade method --- installing/installation-guide.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/installing/installation-guide.md b/installing/installation-guide.md index a097583c..da52d683 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -31,8 +31,16 @@ Furthermore, if you are installing Qubes on a potentially compromised system, we Qubes 4.0.1 Warning ------------------- -After installing Qubes 4.0.1, please install fresh APT-based (e.g., Debian and Whonix) TemplateVMs in order to be protected from the APT update mechanism vulnerability that was patched after the release of 4.0.1. -For instructions and further details, please see [QSB #46]. +Immediately after installing Qubes 4.0.1, please upgrade all of your APT-based (e.g., Debian and Whonix) TemplateVMs by executing the following command in a dom0 terminal for each such TemplateVM: + + $ sudo qubes-dom0-update --action=upgrade + +For example, the command for the `debian-9` TemplateVM would be: + + $ sudo qubes-dom0-update --action=upgrade qubes-template-debian-9 + +These upgrades are required in order to be protected from the APT update mechanism vulnerability that was announced and patched in [QSB #46], which was after the release of Qubes 4.0.1. +This method is simpler than the method recommended in [QSB #46], but it is just as safe and effective so long as it is performed immediately after installing Qubes OS. Hardware Requirements From b86488af6441b907cc150d38f6c0a83406c53d8f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 16 Feb 2019 15:24:32 -0600 Subject: [PATCH 071/103] Provide exact commands to upgrade ISO-installed templates --- installing/installation-guide.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/installing/installation-guide.md b/installing/installation-guide.md index da52d683..b2f5b3c6 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -31,13 +31,11 @@ Furthermore, if you are installing Qubes on a potentially compromised system, we Qubes 4.0.1 Warning ------------------- -Immediately after installing Qubes 4.0.1, please upgrade all of your APT-based (e.g., Debian and Whonix) TemplateVMs by executing the following command in a dom0 terminal for each such TemplateVM: - - $ sudo qubes-dom0-update --action=upgrade - -For example, the command for the `debian-9` TemplateVM would be: +Immediately after installing Qubes 4.0.1, please upgrade all of your Debian and Whonix TemplateVMs by executing the following commands in a dom0 terminal, as applicable for the templates you chose to install: $ sudo qubes-dom0-update --action=upgrade qubes-template-debian-9 + $ sudo qubes-dom0-update --enablerepo=qubes-templates-community --action=upgrade qubes-template-whonix-gw-14 + $ sudo qubes-dom0-update --enablerepo=qubes-templates-community --action=upgrade qubes-template-whonix-ws-14 These upgrades are required in order to be protected from the APT update mechanism vulnerability that was announced and patched in [QSB #46], which was after the release of Qubes 4.0.1. This method is simpler than the method recommended in [QSB #46], but it is just as safe and effective so long as it is performed immediately after installing Qubes OS. From 9ff230e9be616ff573ff8d6831103bc20706b0d5 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 12:27:44 -1000 Subject: [PATCH 072/103] Update gsoc.md Just a little bit more information. --- basics_dev/gsoc.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 782c2884..a43cd5a1 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -556,7 +556,15 @@ for more information and qubes-specific background. **Project**: Porting Qubes to POWER9/PPC64 -**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen currently has NO support for Power9/PPC64 processors, KVM related modifications needs to be done to integrate this into the Qubes virtualization abstraction layer and build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): +**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: + +- Port Qubes to KVM then work on ppc64 specifics +Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. + +- Port Xen to ppc64 then work on Qubes specifics +For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). + +More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). **Expected results**: @@ -569,7 +577,7 @@ for more information and qubes-specific background. **Knowledge prerequisite**: - Libvirt and Qubes toolstacks (C and python languages). - - KVM internals + - KVM or XEN internals - General ppc64 architecture knowledge. **Mentor**: [Marek Marczykowski-Górecki](/team/) From 078e8aab68c46ef7ff7c79a82d3de5a90f11f70f Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 12:36:23 -1000 Subject: [PATCH 073/103] Update gsoc.md --- basics_dev/gsoc.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index a43cd5a1..e2559bdd 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -534,18 +534,17 @@ for more information and qubes-specific background. **Project**: Porting Qubes to ARM/aarch64 -**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for ARM32/ARM64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): +**Brief explanation**: +Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for ARM32/ARM64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). **Expected results**: - - Add cross-compilation support to qubes-builder and related components. - Make aarch64 specific adjustments to Qubes toolstacks/manager (including passthrough of devices from device tree to guest domains). - Aarch64 specific integration and unit tests. - Production of generic u-boot or uefi capable image/iso for target hardware. **Knowledge prerequisite**: - - Libvirt and Qubes toolstacks (C and python languages). - Xen debugging. - General ARM architecture knowledge. @@ -556,7 +555,8 @@ for more information and qubes-specific background. **Project**: Porting Qubes to POWER9/PPC64 -**Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: +**Brief explanation**: +Qubes currently only supports the x86_64 CPU architecture. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: - Port Qubes to KVM then work on ppc64 specifics Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. @@ -568,14 +568,12 @@ More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). **Expected results**: - - Add cross-compilation support to qubes-builder and related components. - Make ppc64 specific adjustments to Qubes toolstacks/manager (including passthrough of devices from device tree to guest domains). - ppc64 specific integration and unit tests. - Production of generic u-boot or uefi capable image/iso for target hardware. **Knowledge prerequisite**: - - Libvirt and Qubes toolstacks (C and python languages). - KVM or XEN internals - General ppc64 architecture knowledge. From c4536db6fb9cbc0b75dea85440d054752ade16b9 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 12:47:20 -1000 Subject: [PATCH 074/103] Update gsoc.md --- basics_dev/gsoc.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index e2559bdd..bd9ed9b4 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -535,8 +535,10 @@ for more information and qubes-specific background. **Project**: Porting Qubes to ARM/aarch64 **Brief explanation**: -Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for ARM32/ARM64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion (porting to ppc64): -[#4318](https://github.com/QubesOS/qubes-issues/issues/4318). +Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for ARM32/ARM64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. +Some related discussion: +[#4318](https://github.com/QubesOS/qubes-issues/issues/4318) on porting to ppc64. +[#3894](https://github.com/QubesOS/qubes-issues/issues/3894) on porting to L4 microkernel. **Expected results**: - Add cross-compilation support to qubes-builder and related components. From ebf1097eaf99c33e31838d379a9f74d73810b2e4 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 12:49:15 -1000 Subject: [PATCH 075/103] Update gsoc.md --- basics_dev/gsoc.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index bd9ed9b4..01f46cfd 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -535,18 +535,21 @@ for more information and qubes-specific background. **Project**: Porting Qubes to ARM/aarch64 **Brief explanation**: + Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for ARM32/ARM64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. Some related discussion: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318) on porting to ppc64. [#3894](https://github.com/QubesOS/qubes-issues/issues/3894) on porting to L4 microkernel. **Expected results**: + - Add cross-compilation support to qubes-builder and related components. - Make aarch64 specific adjustments to Qubes toolstacks/manager (including passthrough of devices from device tree to guest domains). - Aarch64 specific integration and unit tests. - Production of generic u-boot or uefi capable image/iso for target hardware. **Knowledge prerequisite**: + - Libvirt and Qubes toolstacks (C and python languages). - Xen debugging. - General ARM architecture knowledge. @@ -558,6 +561,7 @@ Some related discussion: **Project**: Porting Qubes to POWER9/PPC64 **Brief explanation**: + Qubes currently only supports the x86_64 CPU architecture. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: - Port Qubes to KVM then work on ppc64 specifics @@ -570,12 +574,14 @@ More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). **Expected results**: + - Add cross-compilation support to qubes-builder and related components. - Make ppc64 specific adjustments to Qubes toolstacks/manager (including passthrough of devices from device tree to guest domains). - ppc64 specific integration and unit tests. - Production of generic u-boot or uefi capable image/iso for target hardware. **Knowledge prerequisite**: + - Libvirt and Qubes toolstacks (C and python languages). - KVM or XEN internals - General ppc64 architecture knowledge. From 64304333596a38aa8d041057584893271800ba38 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 12:57:27 -1000 Subject: [PATCH 076/103] Update gsoc.md --- basics_dev/gsoc.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 01f46cfd..8adee31e 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -537,9 +537,11 @@ for more information and qubes-specific background. **Brief explanation**: Qubes currently only supports the x86_64 CPU architecture. Xen currently has additional support for ARM32/ARM64 processors, however work needs to be done to integrate this into the Qubes build process, as well as work in integrating this with the Qubes toolstack and security model. This may also be beneficial in simplifying the process of porting to other architectures. + Some related discussion: -[#4318](https://github.com/QubesOS/qubes-issues/issues/4318) on porting to ppc64. -[#3894](https://github.com/QubesOS/qubes-issues/issues/3894) on porting to L4 microkernel. + + - [#4318](https://github.com/QubesOS/qubes-issues/issues/4318) on porting to ppc64. + - [#3894](https://github.com/QubesOS/qubes-issues/issues/3894) on porting to L4 microkernel. **Expected results**: From 2dff9b5dd975b2fdd91b9b49014dfde1870f1687 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 13:12:15 -1000 Subject: [PATCH 077/103] Update gsoc.md --- basics_dev/gsoc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 8adee31e..d853bc85 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -560,11 +560,11 @@ Some related discussion: ### Porting Qubes to POWER9/PPC64 -**Project**: Porting Qubes to POWER9/PPC64 +**Project**: Porting Qubes to POWER9/ppc64 **Brief explanation**: -Qubes currently only supports the x86_64 CPU architecture. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: +Qubes currently supports the x86_64 CPU architecture. PowerPC is desirable for security purposes as it is the only architecture where one can get performant hardware with entirely open source firmware. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: - Port Qubes to KVM then work on ppc64 specifics Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. From aaea6bc924e8f34eb17295df9916beb5a4b8b126 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 13:18:23 -1000 Subject: [PATCH 078/103] Update gsoc.md --- basics_dev/gsoc.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index d853bc85..7d58741b 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -567,10 +567,11 @@ Some related discussion: Qubes currently supports the x86_64 CPU architecture. PowerPC is desirable for security purposes as it is the only architecture where one can get performant hardware with entirely open source firmware. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: - Port Qubes to KVM then work on ppc64 specifics -Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. +- Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. + - Port Xen to ppc64 then work on Qubes specifics -For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). +- For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). From 11784ad6cb7a41d573b815fffa56cbf35c6d850e Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 13:20:46 -1000 Subject: [PATCH 079/103] Update gsoc.md --- basics_dev/gsoc.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 7d58741b..bc2e4fd5 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -566,12 +566,12 @@ Some related discussion: Qubes currently supports the x86_64 CPU architecture. PowerPC is desirable for security purposes as it is the only architecture where one can get performant hardware with entirely open source firmware. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: -- Port Qubes to KVM then work on ppc64 specifics -- Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. +#### Port Qubes to KVM then work on ppc64 specifics +Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. -- Port Xen to ppc64 then work on Qubes specifics -- For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). +#### Port Xen to ppc64 then work on Qubes specifics +For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). From 7236a5832d8b6e6af3b974320c5031edfb571df9 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 13:21:59 -1000 Subject: [PATCH 080/103] Update gsoc.md --- basics_dev/gsoc.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index bc2e4fd5..f608470f 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -566,11 +566,10 @@ Some related discussion: Qubes currently supports the x86_64 CPU architecture. PowerPC is desirable for security purposes as it is the only architecture where one can get performant hardware with entirely open source firmware. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: -#### Port Qubes to KVM then work on ppc64 specifics +##### Port Qubes to KVM then work on ppc64 specifics Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. - -#### Port Xen to ppc64 then work on Qubes specifics +##### Port Xen to ppc64 then work on Qubes specifics For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). More information and further links can be found in the related issue: From d29f0d8b2fe34da6b7296d5cb2521ba79c8b0d4a Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 13:23:17 -1000 Subject: [PATCH 081/103] Update gsoc.md --- basics_dev/gsoc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index f608470f..3dd08c5b 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -567,10 +567,10 @@ Some related discussion: Qubes currently supports the x86_64 CPU architecture. PowerPC is desirable for security purposes as it is the only architecture where one can get performant hardware with entirely open source firmware. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: ##### Port Qubes to KVM then work on ppc64 specifics -Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. +- Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. ##### Port Xen to ppc64 then work on Qubes specifics -For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). +- For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). From 95510bf1782dda654733c5a36a377724b4064f30 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 13:27:16 -1000 Subject: [PATCH 082/103] Update gsoc.md --- basics_dev/gsoc.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 3dd08c5b..3d8a8496 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -566,11 +566,11 @@ Some related discussion: Qubes currently supports the x86_64 CPU architecture. PowerPC is desirable for security purposes as it is the only architecture where one can get performant hardware with entirely open source firmware. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: -##### Port Qubes to KVM then work on ppc64 specifics -- Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. +- Port Qubes to KVM then work on ppc64 specifics +- - Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. -##### Port Xen to ppc64 then work on Qubes specifics -- For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). +- Port Xen to ppc64 then work on Qubes specifics +- - For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). From 8f57a5f645e09bcb38d785b2b9ca4f1e7b365543 Mon Sep 17 00:00:00 2001 From: Thovthe <3664947+Thovthe@users.noreply.github.com> Date: Sun, 17 Feb 2019 13:29:03 -1000 Subject: [PATCH 083/103] Update gsoc.md --- basics_dev/gsoc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index 3d8a8496..230171e4 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -567,10 +567,10 @@ Some related discussion: Qubes currently supports the x86_64 CPU architecture. PowerPC is desirable for security purposes as it is the only architecture where one can get performant hardware with entirely open source firmware. Xen has **deprecated** support for Power9/PPC64 processors. Here are two directions to tackle this project from: - Port Qubes to KVM then work on ppc64 specifics -- - Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. + - Implement some missing functionality in KVM then implement KVM support in the Qubes Hypervisor Abstraction Layer and build process. Improving the HAL will also be beneficial for simplifying the process of porting to further architectures and hypervisors. - Port Xen to ppc64 then work on Qubes specifics -- - For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). + - For more information on porting Xen see [this thread](https://markmail.org/message/vuk7atnyqfq52epp). More information and further links can be found in the related issue: [#4318](https://github.com/QubesOS/qubes-issues/issues/4318). From 8ad86ddf98f767a6e62dffc757a4818b7ffd7ac9 Mon Sep 17 00:00:00 2001 From: Boris Nagaev Date: Mon, 18 Feb 2019 00:14:51 +0100 Subject: [PATCH 084/103] Update instructions in vm-sudo.md (su.qubes) --- security/vm-sudo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/vm-sudo.md b/security/vm-sudo.md index b7bebbad..535ab5e8 100644 --- a/security/vm-sudo.md +++ b/security/vm-sudo.md @@ -142,7 +142,7 @@ this for extra security.** [root@debian-8]# rm /etc/polkit-1/rules.d/00-qubes-allow-all.rules [root@debian-8]# rm /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla - - In /etc/pam.d/su, comment out this line near the bottom of the file: + - In /etc/pam.d/su.qubes, comment out this line near the bottom of the file: auth sufficient pam_permit.so From ae29a134666f4ca36bd1408af661c27d3f242905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 18 Feb 2019 23:43:18 +0100 Subject: [PATCH 085/103] Add a note about disp-* VMs creating when restoring R3.2 backup --- installing/upgrade/upgrade-to-r4.0.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/installing/upgrade/upgrade-to-r4.0.md b/installing/upgrade/upgrade-to-r4.0.md index 21a90c3c..f54d4e81 100644 --- a/installing/upgrade/upgrade-to-r4.0.md +++ b/installing/upgrade/upgrade-to-r4.0.md @@ -90,6 +90,22 @@ Restore from your backup For the TemplateVM OS versions supported in R4.0, see [Supported Versions](/doc/supported-versions/#templatevms). If the restore tool complains about missing templates, you can select the option to restore the AppVMs anyway, then change them afterward to use one of the default R4.0 templates. +Note about additional disp-\* qubes created during restore +---------------------------------------------------------- + +One of differences between R3.2 and R4.0 is handling Disposable qubes. +In R3.2, Disposable qube inherited its network settings (netvm, firewall rules) from the calling qube. +In R4.0 it is no longer the case. +Instead, in R4.0 it's possible to create multiple DVM templates and choose which one should be used by each qube. +It's even possible to use different DVM templates for different operations from the same qube. +This allows much more flexibility, as not only network settings can be differentiated, but all the qubes properties (including template, memory settings etc). + +Restoring a backup from R3.2 preserve the old behavior by creating separate DVM template for each network-providing VM (and also `disp-no-netvm` for network-isolated qubes). +Then, each restored qubes are configured to use appropriate DVM template, according to its `netvm` or `dispvm_netvm` property from R3.2. +This way, DispVMs started on R4.0 by qubes restored from R3.2 backup have the same netvm settings as they had on R3.2. + +If this behavior is undesired for you, or you want to configure it differently, you can remove those `disp-*` DVM templates. +But to do so, you first need make sure they are not set for any `default_dispvm` property anywhere. Both Qubes Manager and `qvm-remove` tool will show you where such DVM template is used, so you can go there and change the setting. Upgrade all Template and Standalone VM(s) ----------------------------------------- From 9dbfc6e4a474c8229e003a471e85be4b675cc893 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 18 Feb 2019 18:32:48 -0600 Subject: [PATCH 086/103] Send EOL notices to qubes-announce It is very important to send EOL notices to qubes-announce, since the type of user for whom qubes-announce is intended (i.e., one who may be too busy to find or receive all but essential information about Qubes) is also the type of user who is at risk of continuing to use an EOL release without realizing that it has reached EOL. --- about/support.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/about/support.md b/about/support.md index 1251f6ea..6bced5da 100644 --- a/about/support.md +++ b/about/support.md @@ -243,10 +243,9 @@ Thunderbird will automatically remove the newsgroup. ## qubes-announce ## -This is a read-only list for those who wish to receive only very important, -infrequent messages. Only the core Qubes team can post to this list, and only -[Qubes Security Bulletins (QSBs)][qsb] and new stable Qubes OS releases are -announced here. +This is a read-only list for those who wish to receive only very important, infrequent messages. +Only the core Qubes team can post to this list. +Only [Qubes Security Bulletins (QSBs)][qsb], new stable releases, and end-of-life notices are announced here. To subscribe, send a blank email to `qubes-announce+subscribe@googlegroups.com`. (Note: A Google account is *not* required. Any email address will work.) From 30b72d8913fa1d997cd8a7ccfd082c09e6a1ae2e Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 18 Feb 2019 23:38:53 -0600 Subject: [PATCH 087/103] Improve clarity, grammar, and orthography --- installing/upgrade/upgrade-to-r4.0.md | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/installing/upgrade/upgrade-to-r4.0.md b/installing/upgrade/upgrade-to-r4.0.md index f54d4e81..003c2091 100644 --- a/installing/upgrade/upgrade-to-r4.0.md +++ b/installing/upgrade/upgrade-to-r4.0.md @@ -90,22 +90,23 @@ Restore from your backup For the TemplateVM OS versions supported in R4.0, see [Supported Versions](/doc/supported-versions/#templatevms). If the restore tool complains about missing templates, you can select the option to restore the AppVMs anyway, then change them afterward to use one of the default R4.0 templates. -Note about additional disp-\* qubes created during restore ----------------------------------------------------------- +Note about additional disp-* qubes created during restore +--------------------------------------------------------- -One of differences between R3.2 and R4.0 is handling Disposable qubes. -In R3.2, Disposable qube inherited its network settings (netvm, firewall rules) from the calling qube. -In R4.0 it is no longer the case. -Instead, in R4.0 it's possible to create multiple DVM templates and choose which one should be used by each qube. -It's even possible to use different DVM templates for different operations from the same qube. -This allows much more flexibility, as not only network settings can be differentiated, but all the qubes properties (including template, memory settings etc). +One of differences between R3.2 and R4.0 is the handling of DisposableVMs. +In R3.2, a DisposableVM inherited its network settings (NetVM and firewall rules) from the calling qube. +In R4.0, this is no longer the case. +Instead, in R4.0 it's possible to create multiple DVM Templates and choose which one should be used by each qube. +It's even possible to use different DVM Templates for different operations from the same qube. +This allows much more flexibility, since it allows you to differentiate not only network settings, but all of a qube's properties (including its template, memory settings, etc.). -Restoring a backup from R3.2 preserve the old behavior by creating separate DVM template for each network-providing VM (and also `disp-no-netvm` for network-isolated qubes). -Then, each restored qubes are configured to use appropriate DVM template, according to its `netvm` or `dispvm_netvm` property from R3.2. -This way, DispVMs started on R4.0 by qubes restored from R3.2 backup have the same netvm settings as they had on R3.2. +Restoring a backup from R3.2 preserves the old behavior by creating separate DVM Template for each network-providing qube (and also `disp-no-netvm` for network-isolated qubes). +Then, each restored qube is configured to use the appropriate DVM Template according to its `netvm` or `dispvm_netvm` property from R3.2. +This way, DisposableVMs started on R4.0 by qubes restored from a R3.2 backup have the same NetVM settings as they had on R3.2. -If this behavior is undesired for you, or you want to configure it differently, you can remove those `disp-*` DVM templates. -But to do so, you first need make sure they are not set for any `default_dispvm` property anywhere. Both Qubes Manager and `qvm-remove` tool will show you where such DVM template is used, so you can go there and change the setting. +If you find this behavior undesirable and want to configure it differently, you can remove those `disp-*` DVM Templates. +But, to do so, you must first make sure they are not set as the value for the `default_dispvm` property on any other qube. +Both Qubes Manager and the `qvm-remove` tool will show you where a DVM Template is being used, so you can go there and change the setting. Upgrade all Template and Standalone VM(s) ----------------------------------------- From 98f5eb14a6a7af1869d7568ae02b39d0518f0717 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 19 Feb 2019 20:37:14 -0600 Subject: [PATCH 088/103] Add QSB 47 --- security-info/security-bulletins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/security-info/security-bulletins.md b/security-info/security-bulletins.md index 3585fffd..2508d1f2 100644 --- a/security-info/security-bulletins.md +++ b/security-info/security-bulletins.md @@ -101,4 +101,5 @@ Qubes Security Bulletins are published through the [Qubes Security Pack](/securi ---- - [Qubes Security Bulletin \#46](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-046-2019.txt) (APT update mechanism vulnerability) +- [Qubes Security Bulletin \#47](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-047-2019.txt) (Insecure default DisposableVM networking configuration) From fc19b6cf5df0589035e09a67178ee8b0d6660003 Mon Sep 17 00:00:00 2001 From: Christopher Laprise Date: Wed, 20 Feb 2019 17:32:32 -0500 Subject: [PATCH 089/103] Prevent ipv6 leaks. Addresses qubes-users report from evastar. --- configuration/vpn.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configuration/vpn.md b/configuration/vpn.md index 38a2d3c8..7d2d63ee 100644 --- a/configuration/vpn.md +++ b/configuration/vpn.md @@ -80,6 +80,8 @@ Set up a ProxyVM as a VPN gateway using NetworkManager # (in case the vpn tunnel breaks) iptables -I FORWARD -o eth0 -j DROP iptables -I FORWARD -i eth0 -j DROP + ip6tables -I FORWARD -o eth0 -j DROP + ip6tables -I FORWARD -i eth0 -j DROP ``` 6. Configure your AppVMs to use the new VM as a NetVM. From 7709735a2d3299af993cd1c50cc233b895ceab14 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 20 Feb 2019 20:36:13 -0600 Subject: [PATCH 090/103] Fix terminology and line breaks --- customization/disposablevm-customization.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/customization/disposablevm-customization.md b/customization/disposablevm-customization.md index 67ac6c40..e57456a4 100644 --- a/customization/disposablevm-customization.md +++ b/customization/disposablevm-customization.md @@ -25,7 +25,9 @@ For this reason, it is strongly recommended that you base the default DVM Templa Qubes 4.0 ---------- -A DisposableVM (previously known as a "DispVM") in Qubes 4.0 can be based on any TemplateBasedVM. You can also choose to use different AppVMs for different DisposableVMs. To prepare AppVM to be a base for DisposableVM, you need to set `template_for_dispvms` property, for example: +A DisposableVM (previously known as a "DispVM") in Qubes 4.0 can be based on any TemplateBasedVM. +You can also choose to use different DVM Templates for different DisposableVMs. +To prepare AppVM to be a DVM Template, you need to set `template_for_dispvms` property, for example: [user@dom0 ~]$ qvm-prefs fedora-26-dvm template_for_dispvms True @@ -33,7 +35,7 @@ Additionally, if you want to have menu entries for starting applications in Disp [user@dom0 ~]$ qvm-features fedora-26-dvm appmenus-dispvm 1 -### Creating new DisposableVM base AppVM ### +### Creating a new DVM Template ### In Qubes 4.0, you're no longer restricted to a single DVM Template. Instead, you can create as many as you want. Whenever you start a new DisposableVM, you can choose to base it on whichever DVM Template you like. To create new DVM Template, lets say `custom-dvm`, based on `debian-9` template, use following commands: @@ -53,9 +55,10 @@ If you wish to use the `fedora-minimal` template as a DVM Template, see the "DVM ### Customization of DisposableVM ### -It is possible to change the settings for each new DisposableVM. This can be done by customizing the base AppVM: +It is possible to change the settings for each new DisposableVM. +This can be done by customizing the DVM Template on which it is based: -1. Start a terminal in the `fedora-26-dvm` qube (or another base for DisposableVM) by running the following command in a dom0 terminal. (If you enable `appmenus-dispvm` feature (as explained at the top), applications menu for this VM (`fedora-26-dvm`) will be "Disposable: fedora-26-dvm" (instead of "Domain: fedora-26-dvm") and entries there will start new DisposableVM based on that VM (`fedora-26-dvm`). Not in that VM (`fedora-26-dvm`) itself). +1. Start a terminal in the `fedora-26-dvm` qube (or another DVM Template) by running the following command in a dom0 terminal. (If you enable `appmenus-dispvm` feature (as explained at the top), applications menu for this VM (`fedora-26-dvm`) will be "Disposable: fedora-26-dvm" (instead of "Domain: fedora-26-dvm") and entries there will start new DisposableVM based on that VM (`fedora-26-dvm`). Not in that VM (`fedora-26-dvm`) itself). [user@dom0 ~]$ qvm-run -a fedora-26-dvm gnome-terminal @@ -143,7 +146,7 @@ Using DisposableVMs in this manner is ideal for untrusted qubes which require pe >_**Note:**_ Users who want customized VPN or firewall rule sets must create a separate dvm for use by each DisposableVM. If dvm customization is not needed, then a single dvm is used as a template for all DisposableVMs. -#### Create and configure the dvm from which the DisposableVM will be based on #### +#### Create and configure the DVM Template on which the DisposableVM will be based #### 1. Create the dvm From 66ffeab2008288b07967e8835f5540bd146dfd08 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 21 Feb 2019 20:41:30 -0600 Subject: [PATCH 091/103] Turn the QSB page into a data-driven table --- security-info/security-bulletins.md | 109 +++++----------------------- 1 file changed, 18 insertions(+), 91 deletions(-) diff --git a/security-info/security-bulletins.md b/security-info/security-bulletins.md index 2508d1f2..4e56f073 100644 --- a/security-info/security-bulletins.md +++ b/security-info/security-bulletins.md @@ -1,6 +1,6 @@ --- layout: security -title: Security Bulletins +title: Qubes Security Bulletins permalink: /security/bulletins/ redirect_from: - /doc/security-bulletins/ @@ -10,96 +10,23 @@ redirect_from: - /trac/wiki/SecurityBulletins/ --- -Qubes Security Bulletins -======================== +Qubes Security Bulletins (QSBs) +=============================== -Qubes Security Bulletins are published through the [Qubes Security Pack](/security/pack/). +Qubes Security Bulletins (QSBs) are published through the [Qubes Security Pack](/security/pack/). -2010 ----- - -- None - -2011 ----- - -- [Qubes Security Bulletin \#01](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-001-2011.txt) (Gui daemon bug, Intel VT-d escape on non-IR hardware) - -2012 ----- - -- [Qubes Security Bulletin \#02](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-002-2012.txt) (Intel SYSRET bug) -- [Qubes Security Bulletin \#03](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-003-2012.txt) (Xen hypervisor bugs: XSA 13, others with DoS potential) -- [Qubes Security Bulletin \#04](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-004-2012.txt) (Qubes firewall misconfiguration: ipv6 allowed) -- [Qubes Security Bulletin \#05](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-005-2012.txt) (Xen hypervisor bugs: XSA 29, others with DoS potential) - -2013 ----- - -- [Qubes Security Bulletin \#06](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-006-2013.txt) (Xen hypervisor bugs: XSA 50, others with DoS potential) -- [Qubes Security Bulletin \#07](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-007-2013.txt) (Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 with potential leaks) -- [Qubes Security Bulletin \#08](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-008-2013.txt) (Xen hypervisor bugs: XSA 45,58 potential DoS) - -2014 ----- - -- [Qubes Security Bulletin \#09](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-009-2014.txt) (Qubes qvm-open-in-[d]vm environment inter-VM leak) -- [Qubes Security Bulletin \#10](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-010-2014.txt) (Qubes pulseaudio & vchan bugs, Xen XSA 87) -- [Qubes Security Bulletin \#11](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-011-2014.txt) (Qubes clipboard inter-VM leak) -- [Qubes Security Bulletin \#12](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-012-2014.txt) (Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108)) - -2015 ----- - -- [Qubes Security Bulletin \#13](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt) (Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsistency) -- [Qubes Security Bulletin \#14](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt) (Race condition in Qubes Inter-VM File-Copy Mechanism) -- [Qubes Security Bulletin \#15](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-015-2015.txt) (Critical Xen Hypervisor Vulnerability (XSA 109)) -- [Qubes Security Bulletin \#16](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-016-2015.txt) (Xen Hypervisor Information Leaks Vulnerabilities (XSA 121 & 122)) -- [Qubes Security Bulletin \#17](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-017-2015.txt) (Xen DoS from malicious driver domains or devices (XSA 120 & 124)) -- [Qubes Security Bulletin \#18](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-018-2015.txt) (Xen Hypervisor Instruction Emulation Bug (XSA 123)) -- [Qubes Security Bulletin \#19](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-019-2015.txt) (Anti Evil Maid bypass through unusual LUKS header) -- [Qubes Security Bulletin \#20](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-020-2015.txt) (Fedora os-prober considered harmful) -- [Qubes Security Bulletin \#21](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-021-2015.txt) (Anti Evil Maid bypass through filesystem ID collision) -- [Qubes Security Bulletin \#22](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt) (Critical Xen bug in PV memory virtualization code (XSA 148)) -- [Qubes Security Bulletin \#23](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-023-2015.txt) (Race condition bugs in Xen code (XSA-155 and XSA-166), other Xen bugs) - -2016 ----- - -- [Qubes Security Bulletin \#24](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt) (Critical Xen bug in PV memory virtualization code (XSA 182)) -- [Qubes Security Bulletin \#25](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-025-2016.txt) (Xen bug in event channel handling code (XSA 188)) -- [Qubes Security Bulletin \#26](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-026-2016.txt) (Colored window border handling bug in Qubes GUI daemon) -- [Qubes Security Bulletin \#27](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt) (Xen 64-bit bit test instruction emulation broken (XSA 195)) -- [Qubes Security Bulletin \#28](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-028-2016.txt) (Debian update mechanism vulnerability) - -2017 ----- - -- [Qubes Security Bulletin \#29](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt) (Critical Xen bug in PV memory virtualization code (XSA-212)) -- [Qubes Security Bulletin \#30](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-030-2017.txt) (Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)) -- [Qubes Security Bulletin \#31](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-031-2017.txt) (Xen hypervisor vulnerabilities with unresearched impact (XSA 216-224)) -- [Qubes Security Bulletin \#32](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-032-2017.txt) (Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)) -- [Qubes Security Bulletin \#33](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-033-2017.txt) (Xen hypervisor (XSA-231 through XSA-234)) -- [Qubes Security Bulletin \#34](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-034-2017.txt) (GUI issue and Xen vulnerabilities (XSA-237 through XSA-244)) -- [Qubes Security Bulletin \#35](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-035-2017.txt) (Xen hypervisor issue related to grant tables (XSA-236)) -- [Qubes Security Bulletin \#36](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-036-2017.txt) (Xen hypervisor issue in populate-on-demand code (XSA-247)) - -2018 ----- - -- [Qubes Security Bulletin \#37](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt) (Information leaks due to processor speculative execution bugs) -- [Qubes Security Bulletin \#38](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-038-2018.txt) (Qrexec policy bypass and possible information leak) -- [Qubes Security Bulletin \#39](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-039-2018.txt) (Xen vulnerability (XSA-260) and GUI daemon issue) -- [Qubes Security Bulletin \#40](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-040-2018.txt) (Information leaks due to processor speculative store bypass (XSA-263)) -- [Qubes Security Bulletin \#41](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-041-2018.txt) (Speculative register leakage from lazy FPU context switching (XSA-267)) -- [Qubes Security Bulletin \#42](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-042-2018.txt) (Linux netback driver OOB access in hash handling (XSA-270)) -- [Qubes Security Bulletin \#43](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-043-2018.txt) (L1 Terminal Fault speculative side channel (XSA-273)) -- [Qubes Security Bulletin \#44](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-044-2018.txt) (Multiple Xen vulnerabilities (XSA-275, XSA-280)) -- [Qubes Security Bulletin \#45](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-045-2018.txt) (Insecure default Salt configuration) - -2019 ----- - -- [Qubes Security Bulletin \#46](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-046-2019.txt) (APT update mechanism vulnerability) -- [Qubes Security Bulletin \#47](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-047-2019.txt) (Insecure default DisposableVM networking configuration) +
stagetime
+ + + + + +{% for qsb in site.data.qsb %} + + + + + +{% endfor %} +
QSBDateTitle
{{ qsb.qsb }}{{ qsb.date }}{{ qsb.title | truncate: 76 }}
From 29a3a578bc70660a51e709fab4ede62f5ec0fc7a Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 21 Feb 2019 20:49:19 -0600 Subject: [PATCH 092/103] Update QSB checklist --- security-info/security-bulletins-checklist.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security-info/security-bulletins-checklist.md b/security-info/security-bulletins-checklist.md index 04ea1f7b..a94883af 100644 --- a/security-info/security-bulletins-checklist.md +++ b/security-info/security-bulletins-checklist.md @@ -20,5 +20,7 @@ Announcement * Upload packages to `security-testing` and `current-testing` repositories * Push QSB to public repository - * Announce on the [mailing lists](/support/) using the [QSB Template](/security/bulletins/template/) - * Announce on social media + * Publish a [news post](/news/) using the [QSB Template](/security/bulletins/template/) + * Send the content of the news post to the appropriate [mailing lists](/support/) + * Share link to news post on social media + From 216d8e714660495c592d5568bc089f2bad6e07eb Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 21 Feb 2019 20:49:30 -0600 Subject: [PATCH 093/103] Create canary checklist --- security-info/canary-checklist.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 security-info/canary-checklist.md diff --git a/security-info/canary-checklist.md b/security-info/canary-checklist.md new file mode 100644 index 00000000..feef1bd7 --- /dev/null +++ b/security-info/canary-checklist.md @@ -0,0 +1,24 @@ +--- +layout: security +title: Canary Checklist +permalink: /security/canaries/checklist/ +--- + +Canary Checklist +================ + +Preparation +----------- + + * Draft canary and push to private repository + * Finalize canary, sign, and add signed tags + +Announcement +------------ + + * Push canary to public repository + * Publish a [news post](/news/) using the [canary Template](/security/canaries/template/) + * Send the content of the news post to the appropriate [mailing lists](/support/) + * Share link to news post on social media + * Set a reminder for the next canary + From b9ff10709eb437795c4d6db20270f084d182a456 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 21 Feb 2019 20:52:22 -0600 Subject: [PATCH 094/103] Fix typo --- security-info/canary-checklist.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-info/canary-checklist.md b/security-info/canary-checklist.md index feef1bd7..af1fd820 100644 --- a/security-info/canary-checklist.md +++ b/security-info/canary-checklist.md @@ -17,7 +17,7 @@ Announcement ------------ * Push canary to public repository - * Publish a [news post](/news/) using the [canary Template](/security/canaries/template/) + * Publish a [news post](/news/) using the [Canary Template](/security/canaries/template/) * Send the content of the news post to the appropriate [mailing lists](/support/) * Share link to news post on social media * Set a reminder for the next canary From 070dc3e8f28fef02343bd76babd29efee7c8c646 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 23 Feb 2019 00:00:37 -0600 Subject: [PATCH 095/103] Turn the canary page into a data-driven table; standardize similar tables --- security-info/canaries.md | 51 ++++++++--------------------- security-info/security-bulletins.md | 10 +++--- 2 files changed, 19 insertions(+), 42 deletions(-) diff --git a/security-info/canaries.md b/security-info/canaries.md index 0d503041..e91d1bb3 100644 --- a/security-info/canaries.md +++ b/security-info/canaries.md @@ -10,41 +10,18 @@ Qubes Canaries Qubes Canaries are published through the [Qubes Security Pack](/security/pack/). -2015 ----- - -- [Qubes Canary \#1](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-001-2015.txt) -- [Qubes Canary \#2](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-002-2015.txt) -- [Qubes Canary \#3](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-003-2015.txt) -- [Qubes Canary \#4](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-004-2015.txt) -- [Qubes Canary \#5](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-005-2015.txt) - -2016 ----- - -- [Qubes Canary \#6](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-006-2016.txt) -- [Qubes Canary \#7](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-007-2016.txt) -- [Qubes Canary \#8](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-008-2016.txt) -- [Qubes Canary \#9](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-009-2016.txt) -- [Qubes Canary \#10](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-010-2016.txt) - -2017 ----- - -- [Qubes Canary \#11](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-011-2017.txt) -- [Qubes Canary \#12](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-012-2017.txt) -- [Qubes Canary \#13](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-013-2017.txt) -- [Qubes Canary \#14](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-014-2017.txt) - -2018 ----- - -- [Qubes Canary \#15](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-015-2018.txt) -- [Qubes Canary \#16](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-016-2018.txt) -- [Qubes Canary \#17](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-017-2018.txt) - -2019 ----- - -- [Qubes Canary \#18](https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-018-2019.txt) + + + + + + +{% for canary in site.data.canary reversed %} + + + + + +{% endfor %} +
DateQubes Canary
{{ canary.date }}Qubes Canary #{{ canary.canary }}
diff --git a/security-info/security-bulletins.md b/security-info/security-bulletins.md index 4e56f073..0b2f287e 100644 --- a/security-info/security-bulletins.md +++ b/security-info/security-bulletins.md @@ -17,15 +17,15 @@ Qubes Security Bulletins (QSBs) are published through the [Qubes Security Pack]( - + - + -{% for qsb in site.data.qsb %} +{% for qsb in site.data.qsb reversed %} - + - + {% endfor %}
QSB DateTitleQubes Security Bulletin
{{ qsb.qsb }} {{ qsb.date }}{{ qsb.title | truncate: 76 }}QSB #{{ qsb.qsb }}: {{ qsb.title | truncate: 68 }}
From 775072417bb04e24e157222b17aa9ef2322d152a Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 23 Feb 2019 16:53:26 -0600 Subject: [PATCH 096/103] Add guideline on using the provided issue template --- basics_user/reporting-bugs.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/basics_user/reporting-bugs.md b/basics_user/reporting-bugs.md index a4d1f408..03712811 100644 --- a/basics_user/reporting-bugs.md +++ b/basics_user/reporting-bugs.md @@ -65,6 +65,16 @@ If you're reporting a bug in a package that is in a [testing] repository, please Project maintainers really appreciate thorough explanations. It usually helps them address the problem more quickly, so everyone wins! +### Use the provided issue template ### + +Please use the provided issue template. +Do not delete it or remove parts of it. +The issue template is carefully designed to elicit important information. +Without this information, the issue is likely to be incomplete. + +It is also important to note the placement and content of the HTML comments in the issue template. +These help us to have issues with a consistent format. + ### There are no guarantees that your issue will be addressed ### Keep in mind that `qubes-issues` is an issue tracker, not a support system. From 62661cc4aa4fabd2fccac8ad5d7eca0a52128c2b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 23 Feb 2019 17:14:08 -0600 Subject: [PATCH 097/103] Add important notes about fedora-minimal --- managing-os/templates/fedora-minimal.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/managing-os/templates/fedora-minimal.md b/managing-os/templates/fedora-minimal.md index 4bafa214..9af24f1c 100644 --- a/managing-os/templates/fedora-minimal.md +++ b/managing-os/templates/fedora-minimal.md @@ -13,7 +13,20 @@ Fedora - minimal ================ The template only weighs about 600 MB compressed (1.6 GB on disk) and has only the most vital packages installed, including a minimal X and xterm installation. -The minimal template, however, can be easily extended to fit your requirements. The sections below contain the instructions on duplicating the template and provide some examples for commonly desired use cases. +The minimal template, however, can be easily extended to fit your requirements. +The sections below contain the instructions on duplicating the template and provide some examples for commonly desired use cases. + +Important +--------- + +1. The Fedora minimal template is intended only for advanced users. + If you encounter problems with the Fedora minimal template, we recommend that you use the [default Fedora template] instead. + +2. If something works with the default Fedora template but not the minimal template, this is most likely due to user error (e.g., a missing package or misconfiguration) rather than a bug. + In such cases, you should write to [qubes-users] to ask for help rather than filing a bug report, then [contribute what you learn to the documentation][doc-guidelines]. + +3. The Fedora minimal template is intentionally *minimal*. + [Do not ask for your favorite package to be added to the minimal template by default.][pref-default] Installation ------------ @@ -126,4 +139,10 @@ Users requiring the `rsyslog` service should install it manually. To access the `journald` log, use the `journalctl` command. + +[default Fedora template]: /doc/templates/fedora/ +[qubes-users]: /support/#qubes-users +[doc-guidelines]: /doc/doc-guidelines/ +[pref-default]: /faq/#could-you-please-make-my-preference-the-default [GUIDE]: /doc/fedora-minimal-template-customization/ + From f0108e4618a1ea62d6081a629ccbd9c050e03de5 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 23 Feb 2019 17:20:02 -0600 Subject: [PATCH 098/103] Change "DispVM" to "DisposableVM" --- doc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.md b/doc.md index 259c91ef..377396b9 100644 --- a/doc.md +++ b/doc.md @@ -148,7 +148,7 @@ redirect_from: ### Customization Guides - * [DispVM Customization](/doc/dispvm-customization/) + * [DisposableVM Customization](/doc/dispvm-customization/) * [Customizing Fedora minimal templates](/doc/fedora-minimal-template-customization/) * [Customizing Windows 7 templates](/doc/windows-template-customization/) * [Using KDE in dom0](/doc/kde/) From 3bbb1d7d76e72b2e1d5ea71b6489135840876902 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 23 Feb 2019 17:21:02 -0600 Subject: [PATCH 099/103] Update link --- doc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.md b/doc.md index 377396b9..cbba7bb5 100644 --- a/doc.md +++ b/doc.md @@ -148,7 +148,7 @@ redirect_from: ### Customization Guides - * [DisposableVM Customization](/doc/dispvm-customization/) + * [DisposableVM Customization](/doc/disposablevm-customization/) * [Customizing Fedora minimal templates](/doc/fedora-minimal-template-customization/) * [Customizing Windows 7 templates](/doc/windows-template-customization/) * [Using KDE in dom0](/doc/kde/) From 3dab015caee62118a9c94bcafac47e74c8ba361c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 23 Feb 2019 00:27:43 +0100 Subject: [PATCH 100/103] managing-vm-kernel: update default kernelopts files --- configuration/managing-vm-kernel.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configuration/managing-vm-kernel.md b/configuration/managing-vm-kernel.md index 87f77605..60ab50f1 100644 --- a/configuration/managing-vm-kernel.md +++ b/configuration/managing-vm-kernel.md @@ -210,12 +210,12 @@ mke2fs 1.42.12 (29-Aug-2014) Kernel files structure ----------------------- -Kernel for a VM is stored in `/var/lib/qubes/vm-kernels/KERNEL_VERSION` directory (`KERNEL_VERSION` replaced with actual version). Qubes supports the following files there: +Kernel for a VM is stored in `/var/lib/qubes/vm-kernels/KERNEL_VERSION` directory (`KERNEL_VERSION` replaced with actual version). Qubes 4.x supports the following files there: - `vmlinuz` - kernel binary (may not be a Linux kernel) - `initramfs` - initramfs for the kernel to load - `modules.img` - ext4 filesystem image containing Linux kernel modules (to be mounted at `/lib/modules`); additionally it should contain a copy of `vmlinuz` and `initramfs` in its root directory (for loading by qemu inside stubdomain) -- `default-kernelopts.txt` - default kernel options, in addition to those specified with `kernelopts` VM property +- `default-kernelopts-common.txt` - default kernel options, in addition to those specified with `kernelopts` qube property (can be disabled with `no-default-kernelopts` feature) All the files besides `vmlinuz` are optional. From afa78902d795035704415df83b85be305e9e7b65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marta=20Marczykowska-G=C3=B3recka?= Date: Sun, 24 Feb 2019 19:01:26 +0100 Subject: [PATCH 101/103] Added info on using qvm-prefs to change kernelopts Fixes the lack-of-documentation issue described in QubesOS/qubes-issues#4797 --- configuration/managing-vm-kernel.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/configuration/managing-vm-kernel.md b/configuration/managing-vm-kernel.md index 60ab50f1..ab0c9665 100644 --- a/configuration/managing-vm-kernel.md +++ b/configuration/managing-vm-kernel.md @@ -11,8 +11,8 @@ VM kernel managed by dom0 By default, VMs kernels are provided by dom0. This means that: -1. You can select the kernel version in VM settings; -2. You can modify kernel options in VM settings; +1. You can select the kernel version (using GUI VM Settings tool or `qvm-prefs` commandline tool); +2. You can modify kernel options (using `qvm-prefs` commandline tool); 3. You can **not** modify any of the above from inside a VM; 4. Installing additional kernel modules is cumbersome. @@ -48,6 +48,14 @@ updatevm : sys-firewall [user@dom0 ~]$ qubes-prefs -s default-kernel 3.19.fc20 ~~~ +To view kernel options, you can use the GUI VM Settings tool; to view and change them, use `qvm-prefs` commandline tool: + +~~~ +[user@dom0 ~]$ qvm-prefs -g work kernelopts +nopat +[user@dom0 ~]$ qvm-prefs -s work kernelopts "nopat apparmor=1 security=apparmor" +~~~ + Installing different kernel using Qubes kernel package ---------------------------------- From fec5fe0755905afd43bfdce94bd19814dc509cdb Mon Sep 17 00:00:00 2001 From: unman Date: Mon, 25 Feb 2019 14:06:32 +0000 Subject: [PATCH 102/103] Add Notes on debian-minimal template --- doc.md | 1 + managing-os/templates/debian-minimal.md | 115 ++++++++++++++++++++++++ 2 files changed, 116 insertions(+) create mode 100644 managing-os/templates/debian-minimal.md diff --git a/doc.md b/doc.md index cbba7bb5..487b8d64 100644 --- a/doc.md +++ b/doc.md @@ -78,6 +78,7 @@ redirect_from: * [Templates: Fedora](/doc/templates/fedora/) * [Templates: Fedora Minimal](/doc/templates/fedora-minimal/) * [Templates: Debian](/doc/templates/debian/) + * [Templates: Debian Minimal](/doc/templates/debian-minimal/) * [Templates: Archlinux](/doc/templates/archlinux/) * [Templates: Ubuntu](/doc/templates/ubuntu/) * [Templates: Whonix](/doc/whonix/) diff --git a/managing-os/templates/debian-minimal.md b/managing-os/templates/debian-minimal.md new file mode 100644 index 00000000..967049fa --- /dev/null +++ b/managing-os/templates/debian-minimal.md @@ -0,0 +1,115 @@ +--- +layout: doc +title: Debian Minimal Template +permalink: /doc/templates/debian-minimal/ +--- + +Debian - minimal +================ + +The template weighs about 200 MB compressed (0.75 GB on disk) and has only the most vital packages installed, including a minimal X and xterm installation. +The minimal template, however, can be easily extended to fit your requirements. +The sections below contain instructions on cloning the template and provide some examples for commonly desired use cases. + +Note that use of the minimal template requires some familiarity with the command line and basics of Qubes. + +Installation +------------ + +The Debian minimal template can be installed with the following command: + +~~~ +[user@dom0 ~]$ sudo qubes-dom0-update --enable-repo qubes-templates-itl-testing qubes-template-debian-9-minimal +~~~ + +The download may take a while depending on your connection speed. + +Duplication and first steps +--------------------------- + +It is highly recommended that you clone the original template, and make any changes in the clone instead of the original template. +The following command clones the template. +(Replace `your-new-clone` with your desired name.) + +~~~ +[user@dom0 ~]$ qvm-clone debian-9-minimal your-new-clone +~~~ + +You must start the template in order to customize it. + +Customization +------------- + +Customizing the template for specific use cases normally only requires installing additional packages. +The following table provides an overview of which packages are needed for which purpose. + +As you would expect, the required packages can be installed in the running template with any apt-based command. +For example : (Replace "packages` with a space-delimited list of packages to be installed.) + +~~~ +[user@your-new-clone ~]$ sudo apt install packages +~~~ + +Qubes 4.0 +--------- + +In Qubes R4.0 the minimal template is not configured for passwordless root. +To update or install packages to it, from a dom0 terminal window run: + +~~~ +[user@dom0 ~]$ qvm-run -u root debian-9-minimal xterm +~~~ +to open a root terminal in the template, from which you can use apt tools without sudo. +You will have to do this every time you want root access if you choose not to enable passwordless root. + +If you want the usual qubes `sudo ...` commands, open the root terminal using the above command, and in the root xterm window enter + +~~~ +bash-4.4# apt install qubes-core-agent-passwordless-root polkit +~~~ + +Optionally check this worked: from the gui open the minimal template's xterm and give the command: + +~~~ +[user@debian-9-minimal ~]$ sudo -l +~~~ + +which should give you output that includes the NOPASSWD keyword. + +### Package table for Qubes 4.0 + +Use case | Description | Required steps +--- | --- | --- +**Standard utilities** | If you need the commonly used utilities | Install the following packages: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` +**Networking** | If you want networking | Install qubes-core-agent-networking +**Audio** | If you want sound from your VM... | Install `pulseaudio-qubes` +**FirewallVM** | You can use the minimal template as a template for a [FirewallVM](/doc/firewall/), like `sys-firewall` | Install `qubes-core-agent-networking`, and `nftables`. Also install `qubes-core-agent-dom0-updates` if you want to use a qube based on the template as an updateVM (normally sys-firewall). +**NetVM** | You can use this template as the basis for a NetVM such as `sys-net` | Install the following packages: `qubes-core-agent-networking`, `qubes-core-agent-network-manager`, and `nftables`. +**NetVM (extra firmware)** | If your network devices need extra packages for a network VM | Use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. +**Network utilities** | If you need utilities for debugging and analyzing network connections | Install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat` +**USB** | If you want to use this template as the basis for a [USB](/doc/usb/) qube such as `sys-usb` | Install `qubes-usb-proxy`. To use USB mouse or keyboard install `qubes-input-proxy-sender`. +**VPN** | You can use this template as basis for a [VPN](/doc/vpn/) qube | You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. + + +In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly. +These packages are: + +- `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in Nautilus). +- `qubes-core-agent-thunar`: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in thunar). +- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template on which the qube responsible for 'dom0' updates (e.g. `sys-firewall`) is based must contain this package. +- `qubes-menus`: Defines menu layout. +- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience. + +Also, there are packages to provide additional services: +- `qubes-gpg-split`: For implementing split GPG. +- `qubes-u2f`: For implementing secure forwarding of U2F messages. +- `qubes-pdf-converter`: For implementing safe conversion of PDFs. +- `qubes-image-converter`: For implementing safe conversion of images. +- `qubes-snapd-helper`: If you want to use snaps in qubes. +- `qubes-thunderbird`: Additional tools for use in thunderbird. +- `qubes-app-shutdown-idle`: If you want qubes to automatically shutdown when idle. +- `qubes-mgmt-\*`: If you want to use salt management on the template and qubes. + +Documentation on all of these can be found in the [docs](/doc) + +You could, of course, use qubes-vm-recommended to automatically install many of these, but in that case you are well on the way to a standard Debian template. From 78b185edc513429d2974b9de198d35492f57074b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 2 Mar 2019 01:37:08 -0600 Subject: [PATCH 103/103] Explain how to decrypt qubes.xml.000.enc Closes QubesOS/qubes-issues#4728 --- common-tasks/backup-emergency-restore-v4.md | 34 ++++++++++++++------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/common-tasks/backup-emergency-restore-v4.md b/common-tasks/backup-emergency-restore-v4.md index 6cdbfab5..ec9731d4 100644 --- a/common-tasks/backup-emergency-restore-v4.md +++ b/common-tasks/backup-emergency-restore-v4.md @@ -39,11 +39,11 @@ uses an RPM-based system (Fedora), but the same general procedure should work on any GNU/Linux system. 1. If you're not on Qubes 4.X, [get and verify the Release 4 Signing Key]. - 2. If you're not on Qubes 4.X, import the Release 4 Signing Key: + 2. If you're not on Qubes 4.X, import the Release 4 Signing Key. [user@restore ~]$ sudo rpm --import qubes-release-4-signing-key.asc - 3. Download the `scrypt` RPM: + 3. Download the `scrypt` RPM. [user@restore ~]$ dnf download scrypt @@ -51,7 +51,7 @@ any GNU/Linux system. [user@restore ~]$ curl -O https://yum.qubes-os.org/r4.0/current/vm/fc28/rpm/scrypt-1.2.1-1.fc28.x86_64.rpm - 4. Verify the signature on the `scrypt` RPM: + 4. Verify the signature on the `scrypt` RPM. [user@restore ~]$ rpm -K scrypt-*.rpm scrypt-*.rpm: digests signatures OK @@ -59,15 +59,15 @@ any GNU/Linux system. The message `digests signatures OK` means that both the digest (i.e., the output of a hash function) and PGP signature verification were successful. - 5. Install `rpmdevtools`: + 5. Install `rpmdevtools`. [user@restore ~]$ sudo dnf install rpmdevtools - 6. Extract the `scrypt` binary from the RPM: + 6. Extract the `scrypt` binary from the RPM. [user@restore ~]$ rpmdev-extract scrypt-*.rpm - 7. (Optional) Create an alias for the new binary: + 7. (Optional) Create an alias for the new binary. [user@restore ~]$ alias scrypt="scrypt-*/usr/bin/scrypt" @@ -92,12 +92,24 @@ Emergency Recovery Instructions vm1/whitelisted-appmenus.list.000.enc dom0-home/dom0user.000.enc - **Note:** Each VM in the backup file has its path listed in - `qubes.xml.000.enc` (search for the `backup-path` property). You can - extract only the files necessary for your VM (`vmX`) with `tar -i -xvf - qubes-backup-2015-06-05T123456 backup-header backup-header.hmac vmX/`. + **To extract only specific VMs:** Each VM in the backup file has its path + listed in `qubes.xml.000.enc`. Decrypt it. (In this example, the password is + `password`.) - 2. Set the backup passhprase environment variable. While this isn't strictly + [user@restore ~]$ cat backup-header | grep backup-id + backup-id=20190128T123456-1234 + [user@restore ~]$ scrypt dec -P qubes.xml.000.enc qubes.xml.000 + Please enter passphrase: 20190128T123456-1234!qubes.xml.000!password + [user@restore ~]$ tar -i -xvf qubes.xml.000 + + Now that you have the decrypted `qubes.xml.000` file, search for the + `backup-path` property inside of it. With the `backup-path`, extract only + the files necessary for your VM (`vmX`). + + [user@restore ~]$ tar -i -xvf qubes-backup-2015-06-05T123456 \ + backup-header backup-header.hmac vmX/ + + 2. Set the backup passphrase environment variable. While this isn't strictly required, it will be handy later and will avoid saving the passphrase in the shell's history.