Nov 19 2015
Nov 5 2015
qubes-whonix-firewall: Preventing race condition with Qubes Whonix Setup.:
https://github.com/Whonix/qubes-whonix/commit/790679d88bba74a587dbaedaae1ea166dcdf0989
That's alright as a workaround for Whonix 12. Let's see if there is a more efficient solution.
The easiest (but maybe not the most efficient) way would be adding
Before= ordering in service. In Qubes case, it would be
Before=qubes-gui-agent.service.
How to have an /etc/xdg/autostart/app.desktop service wait for a (systemd) service?
http://unix.stackexchange.com/questions/241058/how-to-have-an-etc-xdg-autostart-app-desktop-service-wait-for-a-systemd-servi
Sep 8 2015
abolished hack to write to /etc/localtime and /etc/timezone because now using Qubes protected files mechanism:
https://github.com/Whonix/qubes-whonix/commit/d11e42836f027c00e321c2660e332bbd47bd2670
fixed 'triggers interest-noawait /etc/resolv.conf will probably not work' - https://phabricator.whonix.org/T173:
https://github.com/Whonix/qubes-whonix/commit/d299505b6c7bbf7b2e856e5e2d87b5de4d664f9e
Aug 19 2015
Couldn't find any irregularities compared to non-Qubes systems.
No longer the case with Whonix 11.
fixed obfsproxy AppArmor issue "OSError: [Errno 13] Permission denied: '/rw/usrlocal/lib/python2.7/dist-packages'" using superior /etc/apparmor.d/tunables/home.d/qubes-whonix-anondist solution - https://phabricator.whonix.org/T396:
https://github.com/Whonix/apparmor-profile-anondist/commit/8785d3124c75dc39c6da2f1753e19b02d625a987
Aug 18 2015
Added an info level message when running with --verbose if dom0 is telling us the time. As long as https://phabricator.whonix.org/T397 is unsolved. - https://phabricator.whonix.org/T398:
https://github.com/Whonix/whonixcheck/commit/0019e00e28ef85cdd95937d4d1e134335a03af18
/etc/qubes-rpc/qubes.SetDateTime.anondist: dom0 should not tell us its time. But if it does, create a file /var/run/qubes-whonix/qubes.SetDateTime so whonixcheck could warn in case this file exists. - https://phabricator.whonix.org/T398:
https://github.com/Whonix/qubes-whonix/commit/300d09b2514019e67fec16403177092f14504ba2
Aug 16 2015
Aug 15 2015
Those are all fixed in latest master.
Alright! :)
Actually, that's a much better solution.
Got another answer.
Go nuts at it ;)
Done in Whonix 11.
Aug 14 2015
State of /usr/lib/qubes-whonix/init/qubes-whonix-sysinit at time of writing:
https://github.com/Whonix/qubes-whonix/blob/df04392a60c6c0c9edc0fe0909610f9711b31d4c/usr/lib/qubes-whonix/init/qubes-whonix-sysinit
AppArmor upstream feature request - symlink support:
https://bugs.launchpad.net/apparmor/+bug/1485055
A real fix would require having an AppArmor option to follow symlinks.
No longer using taksel. Building Whonix templates now with flavor minimal and no-recommends to get better control of the installed packages. Therefore also no more build error.
Aug 12 2015
Actually there is a very elegant solution to this that requires no changes in Qubes.
Stage 1 sounds good.
It would be nice to eliminate anything that is not Qubes specific in qubes-whonix pacakge completely, or as much as possible. Anything you can take out of it by intergrating into Whonix would be a good thing.
https://github.com/Whonix/whonixcheck/blob/master/lib/systemd/system/whonixcheck.service is already using Wants=tor.service.
get rid of etc/systemd/system/qubes-whonix-tor.service which is error prone, code simplification - https://phabricator.whonix.org/T349:
https://github.com/adrelanos/qubes-whonix/commit/a1a022a974b8c13132369b391cd3194207f3bf19
Aug 11 2015
Aug 10 2015
Is it possible to read PVclock from user space?:
http://unix.stackexchange.com/questions/222287/is-it-possible-to-read-pvclock-from-user-space
Aug 7 2015
Aug 6 2015
I think those are two totally unrelated issues:
- Build failure
- Usage of tasksel (and more generally - default package list for Qubes Debian template) in Whonix template build
How to read clocksource xen as a [root] user?:
http://lists.xen.org/archives/html/xen-users/2015-08/msg00020.html