Nov 19 2015
Nov 5 2015
qubes-whonix-firewall: Preventing race condition with Qubes Whonix Setup.:
That's alright as a workaround for Whonix 12. Let's see if there is a more efficient solution.
The easiest (but maybe not the most efficient) way would be adding
Before= ordering in service. In Qubes case, it would be
How to have an /etc/xdg/autostart/app.desktop service wait for a (systemd) service?
Sep 8 2015
abolished hack to write to /etc/localtime and /etc/timezone because now using Qubes protected files mechanism:
fixed 'triggers interest-noawait /etc/resolv.conf will probably not work' - https://phabricator.whonix.org/T173:
Aug 19 2015
Couldn't find any irregularities compared to non-Qubes systems.
No longer the case with Whonix 11.
fixed obfsproxy AppArmor issue "OSError: [Errno 13] Permission denied: '/rw/usrlocal/lib/python2.7/dist-packages'" using superior /etc/apparmor.d/tunables/home.d/qubes-whonix-anondist solution - https://phabricator.whonix.org/T396:
Aug 18 2015
Added an info level message when running with --verbose if dom0 is telling us the time. As long as https://phabricator.whonix.org/T397 is unsolved. - https://phabricator.whonix.org/T398:
/etc/qubes-rpc/qubes.SetDateTime.anondist: dom0 should not tell us its time. But if it does, create a file /var/run/qubes-whonix/qubes.SetDateTime so whonixcheck could warn in case this file exists. - https://phabricator.whonix.org/T398:
Aug 16 2015
Aug 15 2015
Those are all fixed in latest master.
Actually, that's a much better solution.
Got another answer.
Go nuts at it ;)
Done in Whonix 11.
Aug 14 2015
State of /usr/lib/qubes-whonix/init/qubes-whonix-sysinit at time of writing:
AppArmor upstream feature request - symlink support:
A real fix would require having an AppArmor option to follow symlinks.
No longer using taksel. Building Whonix templates now with flavor minimal and no-recommends to get better control of the installed packages. Therefore also no more build error.
Aug 12 2015
Actually there is a very elegant solution to this that requires no changes in Qubes.
Stage 1 sounds good.
It would be nice to eliminate anything that is not Qubes specific in qubes-whonix pacakge completely, or as much as possible. Anything you can take out of it by intergrating into Whonix would be a good thing.
https://github.com/Whonix/whonixcheck/blob/master/lib/systemd/system/whonixcheck.service is already using Wants=tor.service.
get rid of etc/systemd/system/qubes-whonix-tor.service which is error prone, code simplification - https://phabricator.whonix.org/T349:
Aug 11 2015
Aug 10 2015
Is it possible to read PVclock from user space?:
Aug 7 2015
Aug 6 2015
I think those are two totally unrelated issues:
- Build failure
- Usage of tasksel (and more generally - default package list for Qubes Debian template) in Whonix template build
How to read clocksource xen as a [root] user?: