This forum thread will be used for community documentation discussions (currently under Organizational sub forum).
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sat, Sep 14
Sat, Sep 14
Sat, Aug 31
Sat, Aug 31
Fri, Aug 30
Fri, Aug 30
Fri, Aug 23
Fri, Aug 23
Patrick renamed T900: Installation and setup of Kicksecure tutorials from Installation and setup of Hardened Debian Linux tutorials to Installation and setup of Kicksecure tutorials.
Season of Docs starts on Sep 02 2019.
Wed, Aug 21
Wed, Aug 21
Patrick changed the status of T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on from Open to testing-in-next-build-required.
Should work on manual invocation.
Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.
For the record, this is the diff being generated.
Mon, Aug 19
Mon, Aug 19
Patrick triaged T928: install xfce4-power-manager on Whonix Host and Kicksecure Host as Normal priority.
Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.
By default, the VMs do not start because the virtual disks are not set to readonly. This is only needed when using the ISO though. Might stay this way as long as the user is correctly advised to change to set the disk to readonly mode.
Sat, Aug 17
Sat, Aug 17
Aug 16 2019
Aug 16 2019
Aug 11 2019
Aug 11 2019
Aug 9 2019
Aug 9 2019
install electrum appimage by default:
https://github.com/Whonix/anon-meta-packages/commit/71d40f5316ee7eb38eb04142d80d23c56a48407b
Jul 27 2019
Jul 27 2019
Looks like mine.
Jul 25 2019
Jul 25 2019
TNTBOMBOM renamed T926: TBB removed obfs3 support But still in ACW from TBB removed obfs3 suppor But still in ACW to TBB removed obfs3 support But still in ACW.
Patrick added a project to T926: TBB removed obfs3 support But still in ACW: graphical user interface.
Patrick added a project to T926: TBB removed obfs3 support But still in ACW: anon-connection-wizard.
Patrick edited projects for T921: Installing git-all will delete some Whonix packages , added: Whonix; removed anon-meta-packages, Whonix 16.
Patrick updated the task description for T921: Installing git-all will delete some Whonix packages .
remove qubes-core-agent dependency on initscripts
https://github.com/QubesOS/qubes-issues/issues/5133
but it doesnt happen on plain debian-qubes template , any idea why?
<?xml encoding="UTF-8" version="1.0"?> <actions> <action> <icon>utilities-terminal</icon> <name>Open Terminal Here</name> <unique-id>1555514114536034-1</unique-id> <command>exo-open --working-directory %f --launch TerminalEmulator</command> <description>Example for a custom action</description> <patterns>*</patterns> <startup-notify/> <directories/> </action> <action> <icon>folder-copy</icon> <name>Copy to VM</name> <unique-id>1507455450991127-4</unique-id> <command>/usr/lib/qubes/qvm-actions.sh copy %F</command> <description></description> <patterns>*</patterns> <directories/> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>folder-move</icon> <name>Move to VM</name> <unique-id>1507455437157027-3</unique-id> <command>/usr/lib/qubes/qvm-actions.sh move %F</command> <description></description> <patterns>*</patterns> <directories/> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>document-open</icon> <name>Open in VM</name> <unique-id>1507455471075266-5</unique-id> <command>/usr/lib/qubes/qvm-actions.sh openvm %F</command> <description></description> <patterns>*</patterns> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>gtk-convert</icon> <name>Convert in DisposableVM</name> <unique-id>1507455488971315-6</unique-id> <command>/usr/lib/qubes/qvm-actions.sh pdf %F</command> <description></description> <patterns>*.pdf</patterns> <other-files/> </action> <action> <icon>gtk-convert</icon> <name>Convert in DisposableVM</name> <unique-id>1507455503129941-7</unique-id> <command>/usr/lib/qubes/qvm-actions.sh img %F</command> <description></description> <patterns>*</patterns> <image-files/> </action> <action> <icon>document-open</icon> <name>Edit in DisposableVM</name> <unique-id>1507455559234996-8</unique-id> <command>/usr/lib/qubes/qvm-actions.sh opendvm %F</command> <description></description> <patterns>*</patterns> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>document-open</icon> <name>View in DisposableVM</name> <unique-id>1507455559234997-9</unique-id> <command>/usr/lib/qubes/qvm-actions.sh viewdvm %F</command> <description></description> <patterns>*</patterns> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> </actions>
Jul 22 2019
Jul 22 2019
Yes Zulucrypt included and functional on KVM 15. However fixes for both zulucrypt and tomb haven't made it into Buster from what I've tested. Zulucrypt has a tomb plugin to open Tomb files too.
Whonix 15 has since come out. Has this been resolved? Not reproducible on Debian Buster either.
Problem has since been reported and fixed upstream. Let's look into re-including by Bullseye.
HulaHoop added a comment to T897: Unable to write to '/sys/fs/cgroup/blkio/machine.slice/machine....
This bug does not exist on Debian stable after I upgraded. I have it documented for Arch and a work around for it. Nothing more to be done on my end.
Jul 21 2019
Jul 21 2019
Sounds good, thanks.
Done in git master.
Sounds good?
Does lowering "severity could be lowered to "info" and not causing non-zero exit codes" + `journalctl -p err -b` sound like a good solution?
journal keeps metadata about each message, so it's possible to avoid it with `journalctl -p err -b` (I've added `-b` to avoid listing messages from previous boot).
Jul 19 2019
Jul 19 2019
Jul 16 2019
Jul 16 2019
marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
In T913#18744, @Patrick wrote:Do you see any issues with "create home directory on first login" in Qubes?
Patrick added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
In T913#18743, @marmarek wrote:Can you give some more context here?
Jul 15 2019
Jul 15 2019
marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Can you give some more context here? Is it the problem that user is created too early (before /etc/skel is fully populated)? Or is it a problem that it's created at all? Should there be a difference between Qubes and non-Qubes case?
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 14 2019
Jul 14 2019
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 11 2019
Jul 11 2019
Jul 8 2019
Jul 8 2019
Removed a few. Would not start without openat, so kept.
Yay, we have ProtectSystem=strict now.
Yay, we have ProtectSystem=strict now.
Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?
Jul 7 2019
Jul 7 2019
Error back after reboot.
Jul 6 2019
Jul 6 2019
https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?
marmarek added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.
It was copied from native setup_ip script, details here:
https://github.com/qubesos/qubes-core-agent-linux/commit/5cbb38a2
https://github.com/qubesos/qubes-issues/issues/700
It definitely was relevant for old stubdomain hosting qemu (which is still possible to use in R4.0). Not sure if applies to new linux-based stubdomain.
It may be not needed anymore. To verify that, try removing those lines and check networking in Windows (or other OS without Xen PV drivers).
https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?
Any update?
Dead upstream.
Patrick added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.
Any idea? @marmarek
There is none indeed for VMs but it has to be re-checked once/if Whonix-Host becomes a thing.
Dead upstream.
Jul 4 2019
Jul 4 2019
It's a file, not a folder.
It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.
Jul 3 2019
Jul 3 2019
I just re-read the error message. Try adding
I can test it but I doubt lockdown will help at all.
That's weird. Onion-grater is trying to write to somewhere that's being mounted read-only by systemd.
Could you test this please by installing in VM and/or host please? @madaidan
Jul 1 2019
Jul 1 2019
Merged your changes.
Jun 29 2019
Jun 29 2019
In T324#18696, @Patrick wrote:What is a good way to detect that users are using VM kernel in Qubes? @marmarek If uname -r outputs 4.19.43-1.pvops.qubes.x86_64 i.e. matches *pvops* it means that no VM kernel is being used?
needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).
Jun 27 2019
Jun 27 2019
Blocked by Qubes.
Qubes start menu incompatible with DispVMs launching GUI applications into the background
https://github.com/QubesOS/qubes-issues/issues/5129
I see.
BTW it's certainly about fonts. here you can select whonix_firstrun-whonix-14-firstrun-20180915 from the dropdown above the screenshot (click eye icon at the right) and slide vertical bar to see old and new version.
marmarek (Marek Marczykowski-Górecki):
Is there a reason for fixed geometry of those widgets, instead of letting Qt figure it out based on the content?
Maybe different fonts installed? Is there a reason for fixed geometry of those widgets, instead of letting Qt figure it out based on the content? I suppose there may be more problems like this in the future. Especially if proper HiDPI support will come into play...
Patrick added a project to T923: Some texts on whonix connection wizard are truncated: anon-connection-wizard.
I have no idea why this started happening without changes. Perhaps due to underlying libraries changes. Anyhow, fixed in git master.
Work for me too in new build https://forums.whonix.org/t/qubes-whonix-15-templatevms-debian-buster-based-4-0-1-201906232114-testers-wanted/7601
Patrick removed a project from T891: upgrade build_sources/rpi-preferences for Debian 10/ buster: Whonix 15.
Implementation looks good enough for now.
Will keep watching what Tails is doing.
Patrick edited projects for T582: revisit handling of /var/lib/dbus/machine-id, added: Whonix 16; removed Whonix 15.
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).
Seems ok after full removal and re-creation.
Patrick edited projects for T921: Installing git-all will delete some Whonix packages , added: Whonix 16, anon-meta-packages; removed Whonix 15.
Jun 25 2019
Jun 25 2019
GUI isolation is very important, no?
In T869#18656, @madaidan wrote:Xpra is only used for GUI isolation.
Jun 24 2019
Jun 24 2019
The problem is, xpra (actually xpra | xserver-xephyr | xvfb) isn't in the list of Recommends: of the firejail package by accident. We don't really know the rationale of that. Could be an optional dependency and without it, some things someone who knows firejail who is happy to find it installed would wonder why it actually does not work.
Patrick edited projects for T631: re-enable tor-controlport-filter.service systemd hardening, added: Whonix 15; removed Whonix 16.
Whonix Issue Tracker · Unread Notifications · Open Issues · Homepage · Blog · Forum · Github · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer