Merged your pull request.
Updated qubes-core-admin-addon-whonix
committed 07:59PM - 12 Jul 18 UTC
Added policies in qubes-core-admin. without the .policy extension.
committed 09:13PM - 12 Jul 18 UTC
I do not see what I can do in GitHub - QubesOS/qubes-core-agent-linux: Qubes component: core-agent-linux
Or do we need a new qvm-features-request somewhere ?
1 Like
add "anon-gateway" tag · troubadoour/qubes-core-admin-addon-whonix@4bcaa19 · GitHub - this seems wrong, since all of this happens after if 'whonix-ws' in template.features:.
add policies for sdwdate-gui-qubes · troubadoour/qubes-core-admin@a55b8ae · GitHub - this looks good. Could you please also add sys-whonix verbatim? Reason: I guess many people will miss the anon-gateway tag. The problem is, we will invent it after qubes-core-admin-addon-whonix was run for the first time. Or will we delay Whonix 14 until there is a new qubes-core-admin-addon-whonix? By adding sys-whonix verbatim we avoid issues of refused qrexec connections for most users who just use a single sys-whonix. This needs to be explained in the pull request.
I guess we have to invent qvm-features-request whonix-gw=1.
I hope not.
Moved anon-gateway tag before the if whonix-ws block.
committed 09:17PM - 13 Jul 18 UTC
See https://forums.whonix.org/t/sdwdate-gui-for-qubes-testers-wanted-developpers… -welcome/5469/8
Added sys-whonix in policies.
committed 10:09PM - 13 Jul 18 UTC
The anon-gateway tag is meant for Whonix 15, when qubes-core-admin-addon-whonix … has been run.
In the meantine, most users using one anon-gateway (sys-whonix) should be satisfied with the sys-whonix <--> $tag:anon-vm policies.
1 Like
Add "anon-gateway" tag, for Whonix-15. · troubadoour/qubes-core-admin-addon-whonix@5111da0 · GitHub - that would result adding the anon-gateway tag to to workstations as well. It needs some if 'whonix-gw' in template.features: above if 'whonix-ws' in template.features: or so.
opened 09:52AM - 14 Jul 18 UTC
closed 04:35PM - 15 Jul 18 UTC
C: core
T: task
C: Whonix
r4.0-dom0-stable
Added `qvm-features-request whonix-gw=1`.
https://github.com/Whonix/qubes-who… nix/commit/436a278cf1e9f92e046b1ecf8a8dd97b9364a039
Required for sdwdate-gui-qubes.
Should [`/etc/qubes/post-install.d/30-whonix-ws.sh`](https://github.com/Whonix/qubes-whonix/blob/master/etc/qubes/post-install.d/30-whonix-ws.sh) have `errtrace` (`set -e`)? I.e. should it `exit` non-zero and therefore break apt when it fails? Better not?
Any other changes required? https://github.com/QubesOS/qubes-core-admin-addon-whonix/blob/master/qubeswhonix/__init__.py needs some ` if 'whonix-gw' in template.features:` above ` if 'whonix-ws' in template.features:` to add the `anon-gateway` tag but that's about all?
Related:
* https://github.com/QubesOS/qubes-core-admin/pull/216
* https://forums.whonix.org/t/sdwdate-gui-for-qubes-testers-wanted-developpers-welcome
* https://phabricator.whonix.org/T534
committed 09:46AM - 14 Jul 18 UTC
Policies for sdwdate-gui-qubes. · troubadoour/qubes-core-admin@daca453 · GitHub - looks good. Created a pull request for it.
QubesOS:master ← troubadoour:master
opened 09:43AM - 14 Jul 18 UTC
Using `sys-whonix $tag:anon-vm allow` verbatim in case anyone is missing the tag… . That sorts out at least most users who just go with the defaults.
(As far I know qubes-core-admin-addon-whonix does not have a mechanism to add tags for already created VMs.)
References:
* https://forums.whonix.org/t/sdwdate-gui-for-qubes-testers-wanted-developpers-welcome
* https://phabricator.whonix.org/T534
sdwdate-gui[qubes] in VirtualBox.
Ref: http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/kdesudo-error-popup-window-sdwdate-gui/5642/22?u=troubadour
This is whonix-firewall not coming up. sdwdate-gui creates /usr/lib/qubes/notify-shutdown
In whonix-gateway-firewall line 135, we have:
if [ -d "/usr/lib/qubes" ]; then
[ -n "$qubes_vm_type" ] || qubes_vm_type="$(qubesdb-read /qubes-vm-type)"
Command qubesdb-read is unknown in VirtualBox, crashing whonix-firewall.
committed 07:13PM - 21 Aug 18 UTC
Recommended dependency tor-control-panel was accidentally removed. Will amend.
1 Like
Oh, what a bug. Another reason to solve Provide a cannoncial way to detect Qubes · Issue #1963 · QubesOS/qubes-issues · GitHub to prevent such very difficult to foreseeable issues.if [ -d "/usr/lib/qubes" ]; then with something better.
It could be if [ -d "/var/lib/qubes" ];. Seems less prone to be created.
By the way, we are using if [ -d "/usr/lib/qubes" ] in start-maybe, which is most likely why sdwdate-gui does not start in VirtualBox. That is the next debugging step.
1 Like
I think this is best
if command -v "qubesdb-read" >/dev/null 2>&1 ; then
Patrick
August 23, 2018, 10:33am
20
Not sure if this is the best place to post, but I’ve been experiencing an issue with sdw-date gui widget on Qubes 4.2 using Whonix 17 for the last couple of days where no running workstation vm will show up in the sdw-date widget, only sys-whonix.
Is this the result of a planned change? I think it started happening after the last big Whonix 17 update (I think I’m on the testing repo). Should I be worried about this?
I’ve also been dealing with the problem described in the Qubes github issue #8672 (I can’t post links) regarding the gui widget.
Edit: just noticed this topic was 5 years old…my bad.
Patrick
December 25, 2023, 7:27pm
22
opened 12:23PM - 30 Oct 23 UTC
T: bug
C: gui-virtualization
C: desktop-linux-xfce4
P: default
needs diagnosis
affects-4.1
affects-4.2
### Qubes OS release
Qubes 4.1.2
Whonix 16
Also on (it's worse with these):…
Qubes 4.2
Whonix 17
### Brief summary
I've noticed that since I disabled sys-whonix autostart at boot of QubesOS there are issues with the Time Synchronization Monitor (TSM) in the Notification Area of the panel (top panel right side by default). The issues seem to be:
1. it either takes longer for the full initialization to complete (lock with full circle icon) or the notification icon doesn't show the correct status (this point looks to be fixed in 4.2 with Whonix 17)
2. interacting with the notification icon is not possible, because the little popup that appears when clicking on it, immediately disappears again. (worse on 4.2 with Whonix 17)
For Qubes 4.1.2: this only occurs when starting, e.g. a new Whonix WS DVM while sys-whonix is not running, such that it will automatically start sys-whonix as well. If sys-whonix was already running and the full lock icon displayed then starting new DVMs does not cause this issue; starting sys-whonix alone (e.g. autostart on boot or manually later) does not cause this issue if one waits for "full lock" of the icon before starting sys-whonix-connected VMs.
For Qubes 4.2: occurs on every observed start of sys-whonix (the popup window closes as soon as it's opened), but turning off "focus stealing prevention" in the Window Manager Tweaks dom0 app fixes the issue (that feature is pretty important in QubesOS, though, so it would be nice to fix this without requiring that feature to be off).
This issue can also be fixed by running the "Reload Firewall" or "Reload Tor" apps of sys-whonix, though the former seems to be more efficient in terms of time until full lock is displayed. Edit: Actually, opening any window, including a regular terminal, from `sys-whonix` will fix this issue.
~~I've also noticed that when disconnecting Whonix WS DVMs from sys-whonix and reconnecting them to it later, those don't always show up in the TSM again, even though they do regain network access through sys-whonix (as per Qube Manager), though this may be a different problem.~~ Edit: now reported under #8798
### Steps to reproduce
Put a checkmark on "Activate focus stealing prevention" in Window Manager Tweaks, Focus tab.
On Qubes 4.1: Launch Whonix WS DVM without sys-whonix running (should autostart together).
On Qubes 4.2: Launch sys-whonix
Observe and try to interact with the TSM icon in the Notification Area of the panel.
### Expected behavior
Normal TSM functionality
### Actual behavior
Interaction not possible, needs fix via e.g. "Reload Firewall" or opening a terminal window in sys-whonix to work normally again.
No.
Valid Compromise Indicators versus Invalid Compromise Indicators
Okay, but it seems that this is still relevant to the security of Qubes-Whonix, as it’s now not obvious if sdwdate has completed the synchronization for the workstation.
IIUC the new issue tracker is basically this forum; should I open a new topic for this issue, as it’s distinct from the one already reported to the qubes-os github?
Patrick
December 25, 2023, 8:24pm
24
No additional reports required.
Patrick
December 25, 2023, 8:27pm
25
This is probably fixed with this commit:
committed 08:19PM - 25 Dec 23 UTC
(Whonix is based on Kicksecure.)
This fix is now in all Whonix 17 repositories.
(This was fixed using “Instant Package Migration” (link ).)
1 Like
Confirmed fixed by the update on my end, thank you!
