Qubes-Whonix Development / Qubes Integration

Patrick · October 19, 2022, 11:37am

Patrick · October 19, 2022, 11:39am

Place for build template commands · Issue #566 · QubesOS/updates-status · GitHub
Place for build template commands · Issue #566 · QubesOS/updates-status · GitHub

Patrick · October 23, 2022, 11:14pm

Place for build template commands · Issue #566 · QubesOS/updates-status · GitHub
Place for build template commands · Issue #566 · QubesOS/updates-status · GitHub

Patrick · October 24, 2022, 3:25pm

Place for build template commands · Issue #566 · QubesOS/updates-status · GitHub
Place for build template commands · Issue #566 · QubesOS/updates-status · GitHub

Patrick · October 25, 2022, 1:12pm

github.com/QubesOS/updates-status

qubes-template-whonix-gw-16 4.0.6-202210241524 (r4.1)

opened 03:25PM - 24 Oct 22 UTC

closed 01:54AM - 19 Nov 22 UTC

qubesos-bot

r4.1-stable

Template whonix-gw-16 4.0.6-202210241524 for Qubes r4.1, see comments below for …details. If you're release manager, you can issue GPG-inline signed command (depending on template): * `Upload linux-template-builder 4.0.6-202210241524 r4.1 templates-itl vm-whonix-gateway-16 repo` (available 7 days from now) * `Upload linux-template-builder 4.0.6-202210241524 r4.1 templates-community vm-whonix-gateway-16 repo` (available 7 days from now) Above commands will work only if package in testing repository isn't superseded by newer version.

github.com/QubesOS/updates-status

qubes-template-whonix-ws-16 4.0.6-202210241524 (r4.1)

opened 04:27PM - 24 Oct 22 UTC

closed 01:54AM - 19 Nov 22 UTC

qubesos-bot

r4.1-stable

Template whonix-ws-16 4.0.6-202210241524 for Qubes r4.1, see comments below for …details. If you're release manager, you can issue GPG-inline signed command (depending on template): * `Upload linux-template-builder 4.0.6-202210241524 r4.1 templates-itl vm-whonix-workstation-16 repo` (available 7 days from now) * `Upload linux-template-builder 4.0.6-202210241524 r4.1 templates-community vm-whonix-workstation-16 repo` (available 7 days from now) Above commands will work only if package in testing repository isn't superseded by newer version.

Patrick · November 30, 2022, 6:24pm

Patrick · November 30, 2022, 6:24pm

github.com/QubesOS/updates-status

qubes-template-whonix-gw-16 4.0.6-202211291224 (r4.1)

opened 12:25PM - 29 Nov 22 UTC

closed 11:45AM - 18 Dec 22 UTC

qubesos-bot

r4.1-stable

Template whonix-gw-16 4.0.6-202211291224 for Qubes r4.1, see comments below for …details. If you're release manager, you can issue GPG-inline signed command (depending on template): * `Upload linux-template-builder 4.0.6-202211291224 r4.1 templates-itl vm-whonix-gateway-16 repo` (available 7 days from now) * `Upload linux-template-builder 4.0.6-202211291224 r4.1 templates-community vm-whonix-gateway-16 repo` (available 7 days from now) Above commands will work only if package in testing repository isn't superseded by newer version.

github.com/QubesOS/updates-status

qubes-template-whonix-ws-16 4.0.6-202211291224 (r4.1)

opened 01:06PM - 29 Nov 22 UTC

closed 11:45AM - 18 Dec 22 UTC

qubesos-bot

r4.1-stable

Template whonix-ws-16 4.0.6-202211291224 for Qubes r4.1, see comments below for …details. If you're release manager, you can issue GPG-inline signed command (depending on template): * `Upload linux-template-builder 4.0.6-202211291224 r4.1 templates-itl vm-whonix-workstation-16 repo` (available 7 days from now) * `Upload linux-template-builder 4.0.6-202211291224 r4.1 templates-community vm-whonix-workstation-16 repo` (available 7 days from now) Above commands will work only if package in testing repository isn't superseded by newer version.

Patrick · December 3, 2022, 4:52pm

Patrick · December 18, 2022, 11:45am

qubes-template-whonix-gw-16 4.0.6-202211291224 (r4.1) · Issue #3212 · QubesOS/updates-status · GitHub
qubes-template-whonix-ws-16 4.0.6-202211291224 (r4.1) · Issue #3213 · QubesOS/updates-status · GitHub

Patrick · December 21, 2022, 2:16pm

github.com/adrelanos/qubes-template-whonix

Refactor for supporting both legacy and next generation of Qubes OS builder

adrelanos:master ← fepitre:builderv2

opened 08:26AM - 20 Dec 22 UTC

fepitre

+109 -54

While writing the new Qubes OS builder, we integrated the content of the templat…e-whonix repository into qubes-builderv2 repository directly to simplify the development. We are putting back refactored content for templates supporting both legacy and new Qubes builder into original repositories. Once this is merged into Whonix/qubes-template-whonix, we will adapt configuration file examples in qubes-builderv2 to use your key as maintainer for Whonix. See: - https://github.com/QubesOS/qubes-builderv2/pull/24 - https://github.com/QubesOS/qubes-builder-rpm/pull/120 - https://github.com/QubesOS/qubes-builder-debian/pull/63 - https://github.com/QubesOS/qubes-linux-template-builder/pull/25

Patrick · February 2, 2023, 7:25pm

qubes-template-whonix-gw-16 4.0.6-202302011525 (r4.1) · Issue #3479 · QubesOS/updates-status · GitHub
qubes-template-whonix-ws-16 4.0.6-202302011525 (r4.1) · Issue #3480 · QubesOS/updates-status · GitHub

Patrick · February 6, 2023, 11:17am

Above templates are working fine for me.

Patrick · February 8, 2023, 10:43am

https://github.com/QubesOS/qubes-issues/issues/5009#issuecomment-1422389814

Patrick · February 13, 2023, 12:07pm

Patrick · May 5, 2023, 1:40pm

github.com/QubesOS/qubes-issues

Qubes dom0 clock fix difficult, ClockVM does not fix its own clock

opened 01:39PM - 05 May 23 UTC

adrelanos

T: bug P: default

### Qubes OS release `4.1.2` ### Brief summary Qubes is difficult to re…cover from wrong system time. `sudo qvm-sync-clock` is confusing and doesn't fix dom0 or VM clocks. ### Impact Why does it matter? If system time is too far off it breaks TLS (https websites), Tor, system upgrades and more. ### Steps to reproduce 1. set a wrong time in dom0 `sudo date --utc --set "Fri 04 May 2023 01:16:10 PM UTC"` 2. reboot (or at least restart sys-net (actually ClockVM)) 3. Try to fix in dom0 `sudo qvm-sync-clock`. 4. Alternatively try to fix dom0 clock by using GNU date (or any other mechanism). ### Expected behavior * `qvm-sync-clock` fixes the dom0 clock. * Newly started VMs have the correct time. * ClockVM should have a mechanism to fix its own time even if it is far off. ### Actual behavior * `qvm-sync-clock` sets the dom0 to the incorrect (outdated, slow) time, which it gets from ClockVM. Technically speaking, dom0 `/usr/bin/qvm-sync-clock` simply calls the ClockVMs `/etc/qubes-rpc/qubes.GetDate`, which still has the wrong time which then dom0 uses. * Newly started VMs the an incorrect time. * If just manually fixed using GNU date, then newly started VMs will get the correct time of a while. Except, until... * After `qvm-sync-clock` was automatically run (it seems to be periodically run), it will set again the wrong time from ClockVM. * dom0 clock will be periodically (whenever `qvm-sync-clock` automatically runs in dom0) be reverted to the wrong clock coming from ClockVM. * Highly confusing and took me a while to debug. ### Workaround 1. Shutdown all VMs. (Or at least ClockVM, most likely the default sys-net.) 2. Correct the time in dom0. 3. Restart VMs. 4. Done.

Patrick · May 6, 2023, 7:17am

Switch to nftables by DemiMarie · Pull Request #407 · QubesOS/qubes-core-agent-linux · GitHub

Patrick · June 17, 2023, 11:00am

github.com/QubesOS/qubes-issues

Qubes R4.2 build failing - qubes-builder/qubes-src/builder-debian/keys/qubes-debian-r4.2.asc: No such file or directory

opened 11:00AM - 17 Jun 23 UTC

adrelanos

T: bug P: default

``` /home/user/qubes-builder/qubes-src/builder-debian//prepare-chroot-debian: l…ine 193: /home/user/qubes-builder/qubes-src/builder-debian/keys/qubes-debian-r4.2.asc: No such file or directory make[1]: *** [/home/user/qubes-builder/qubes-src/builder-debian//Makefile-legacy.debian:28: /home/user/qubes-builder/chroot-vm-bookworm/home/user/.prepared_base] Error 1 make: *** [Makefile:265: core-vchan-xen-vm] Error 1 ```

Patrick · June 20, 2023, 8:26am

github.com/QubesOS/qubes-issues

Debian 12 (bookworm) Template has broken DNS resolution when using http_proxy=http://127.0.0.1:8082/ (Qubes UpdatesProxy) (tinyproxy)

opened 08:21AM - 20 Jun 23 UTC

adrelanos

T: bug P: default

### Qubes OS release 4.1 ### Brief summary Setting `http_proxy=http://1…27.0.0.1:8082/` is broken in `debian-12` (bookworm) Template. ### Steps to reproduce Use `debian-12` (bookworm) Template. http_proxy=http://127.0.0.1:8082/ curl https://check.torproject.org ### Expected behavior Functional DNS. ### Actual behavior Broken DNS. > curl: (6) Could not resolve host: check.torproject.org ### Additional information This is reproducible if `sys-net` (UpdateVM) is using as Template: * `debian-11` * `debian-12` * `fedora-38` Template: * This did not happen with `debian-11` (bullseye) Template. * Only `debian-12` (bookworm) Template is affected by this bug. dom0 journalctl qubes qrexec-policy-daemon does not see the request when using DNS. (It does see the request when using IP.) It could be that curl (and other applications) are using `http_proxy=http://127.0.0.1:8082/` for IP but ignore it for DNS resolution. ### Impact Breaks various things, including: * curl repository signing key download * extrepo: `http_proxy=http://127.0.0.1:8082/ sudo extrepo enable kicksecure` * flatpak: `http_proxy=http://127.0.0.1:8082 flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo` * Qubes-Whonix: Tor Browser updates by `update-torbrowser` running inside Template

Patrick · June 28, 2023, 12:25pm

github.com/QubesOS/qubes-issues

PS/2 touchpad broken in 4.2.0-rc1

opened 12:25PM - 28 Jun 23 UTC

adrelanos

T: bug P: default

### Qubes OS release `4.2.0-rc1` ### Brief summary PS/2 touchpad broke…n. ### Steps to reproduce Install Qubes `4.2.0-rc1` and try using the touchpad. ### Expected behavior Functional touchpad. ### Actual behavior Broken touchpad. ### Additional information Was functional in Qubes `R4.1`. Using USBVM. (This was OK in `R4.1` too.) But the touchpad is not an internal USB touchpad. It much be PS/2. This is because it was functional in Qubes `R4.1` previously too, because it was functional along with the internal keyboard while USBVM was shutdown (while USB connected mice was dysfunctional as expected when USBVM is shutdown). ### Debugging How to debug this? journalctl doesn't show any error related to `touchpad`, `pad`, `touch`, `mouse`, `mice`. Neither xorg log showing any errors. `xinput` doesn't show the device. Have any changes been made in Qubes `R4.2` which might result in the disabling of the internal PS/2 touchpad?

Patrick · June 28, 2023, 12:26pm