diff --git a/docs/misc/iaq.adoc b/docs/misc/iaq.adoc index 6782cdc..b7468aa 100644 --- a/docs/misc/iaq.adoc +++ b/docs/misc/iaq.adoc @@ -7,6 +7,7 @@ toc::[] +# Qubes common ## Troubleshooting @@ -14,12 +15,6 @@ toc::[] Set `xpti=false` option in Xen command line (xen.gz option in grub, or options= line in xen.cfg for UEFI). -### How can I switch R4.0 stubdomains back to qemu-traditional? - -``` -qvm-features VMNAME linux-stubdom '' -``` - ### How can I upgrade to testing? dom0: `sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --clean` (or --check-only instead for dom0). @@ -95,27 +90,6 @@ In the `/var/log/libvirst/libxl/`, `/var/log/qubes/` and `/var/log/xen/console/` ## Development -### What is a good IDE for Qubes? - -QtCreator. - -### What is the process flow when starting an AppVM under Qubes R4.x? - -1. qvm-start sends a request to qubesd, using Admin API -2. qubesd starts required netvm (recursively), if needed -3. qubesd request qmemman to allocate needed memory for new VM (according to VM's 'memory' property) -4. qubesd calls into appropriate storage pool driver to prepare for VM startup (create copy-on-write layers etc) -5. qubesd gathers needed VM properties etc and builds libvirt VM configuration (XML format, can be seen using `virsh dumpxml`) -6. qubesd calls into libvirt to start the VM (but in paused mode) -7. libvirt setup the VM using libxl, this include starting stubdomain if needed -8. qubesd start auxiliary processes, including: - - qrexec-daemon - - qubesdb-daemon (and fill its content) -9. libvirt unpause the VM -10. qvm-start-gui process (running separately from qubesd, as part of dom0 user GUI session) starts gui daemon - -See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-vm/qubesvm.html#qubes.vm.qubesvm.QubesVM.start). - ### What is the process flow when opening a link/file in another VM ? 1. in an AppVM ('srcVM') a link - or file - is set to be opened with the graphical "open in VM" or "open in dispVM" extensions (or respectively with the `/usr/bin/qvm-open-in-vm` or `/usr/bin/qvm-open-in-dvm` command line tools) @@ -124,35 +98,10 @@ See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/ 4. in dstVM, `/etc/qubes-rpc/qubes.OpenURL` is called upon reception of the `qubes.OpenURL` RPC event above, which validates the url and executes `/usr/bin/qubes-open` 5. in dstVM, `/usr/bin/qubes-open` executes `xdg-open`, which then opens the url/file with the program registered to handle the associated mime type (for additional info see the [freedesktop specifications](https://www.freedesktop.org/wiki/)). -### How can I contribute to developing Qubes Windows Tools for R4.0? - -See [this post](https://www.mail-archive.com/qubes-devel@googlegroups.com/msg02808.html) and thread. - ### What are some undocumented QWT registry keys? MaxFPS, UseDirtyBits. -### How can I build an ISO from existing packages without having to compile them all? - -``` -gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-developers-keys.asc -git clone https://github.com/QubesOS/qubes-builder.git -cd qubes-builder -git verify-commit HEAD || echo DANGER DANGER HIGH VOLTAGE -cp example-configs/qubes-os-r4.0.conf builder.conf -variables='DISTS_VM= USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-full.ks' -make $variables COMPONENTS='installer-qubes-os builder-rpm' get-sources -make $variables COMPONENTS=intel-microcode get-sources qubes clean-rpms -[Customize as desired here] -sudo chroot chroot-fc25 dnf -y install dnf-yum -make $variables COMPONENTS= iso -``` - -If any step fails due to a download error, just rerun it. -If you wish to customize the kernel or another package, include it (e.g. `linux-kernel`) in `COMPONENTS` to actually include that package on the image. -You may also need to either adjust `qubes-src/installer-qubes-os/conf/comps-qubes.xml` (kernel -> kernel-latest), or build the package as "kernel" not "kernel-latest" (edit `suffix` file in the linux-kernel sources). -Make sure `audit=0` is not present in kernelopts / `/proc/cmdline`. - ## Tweaks ### Disable auto-maximize when dragging window to top of screen in XFCE @@ -208,11 +157,91 @@ swapon swapfile See https://groups.google.com/d/msg/qubes-users/LLSo_3oWXJI/0clWN0BUBgAJ for more details. +### How can I "sparsify" an existing volume? ### + +Use the `fallocate` command. It has a way to deallocate zero blocks in-place so you probably won't need to use issue lvm commands directly: + +`sudo fallocate --dig-holes /dev/mapper/qubes_dom0-vm--untrusted--private` + +This method can also be used on .img files (for Qubes installations that use them). + +### How do I change display resolution on a Linux HVM? + +You only get one resolution at a time. +In the HVM's `/etc/X11/xorg.conf`, in Subsection "Display" for Depth 24, make a single mode like this: + +``` +... + Subsection "Display" + Viewport 0 0 + Depth 24 + Modes "1200x800" + EndSubSection +EndSection +``` + +Only some modes will work. check wikipedia. if your host display is +1080p(1920x1080), then an hvm at 1440x900 works well. if its more than that, might +as well do 1080p in the hvm. + +### How can I get Bluetooth audio working? ### + +Either use a 3.5mm jack to BT adapter, or see [this](https://m7i.org/tips/qubes-VM-bluetooth-audio/). + +Hint: [this guide](../configuration/bluetooth.md) might come in handy too. + +### Manually install Whonix templates + +See the [official Whonix documentation](https://www.whonix.org/wiki/Qubes/Install) for supported installation methods. + +*Thanks to all mailing list contributors, from where most of these came.* + +# Qubes 3.2 + +### In Qubes 3.2, how do I remove old entries from "Move/copy to other AppVM"? ### + +The rogue entries are stored in ~/.config/qvm-mru-filecopy in the qube you are trying to copy from. +You can just edit that file to remove them from the list. + ### How can I permanently attach a block device to an HVM? ### In 3.2 you can just edit the conf file under /var/lib/qubes. -In 4.0: +# Qubes 4.0 + +### How can I contribute to developing Qubes Windows Tools for R4.0? + +See [this post](https://www.mail-archive.com/qubes-devel@googlegroups.com/msg02808.html) and thread. + +### How can I switch R4.0 stubdomains back to qemu-traditional? + +``` +qvm-features VMNAME linux-stubdom '' +``` + +### How can I build an ISO from existing packages without having to compile them all? + +``` +gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-developers-keys.asc +git clone https://github.com/QubesOS/qubes-builder.git +cd qubes-builder +git verify-commit HEAD || echo DANGER DANGER HIGH VOLTAGE +cp example-configs/qubes-os-r4.0.conf builder.conf +variables='DISTS_VM= USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-full.ks' +make $variables COMPONENTS='installer-qubes-os builder-rpm' get-sources +make $variables COMPONENTS=intel-microcode get-sources qubes clean-rpms +[Customize as desired here] +sudo chroot chroot-fc25 dnf -y install dnf-yum +make $variables COMPONENTS= iso +``` + +If any step fails due to a download error, just rerun it. +If you wish to customize the kernel or another package, include it (e.g. `linux-kernel`) in `COMPONENTS` to actually include that package on the image. +You may also need to either adjust `qubes-src/installer-qubes-os/conf/comps-qubes.xml` (kernel -> kernel-latest), or build the package as "kernel" not "kernel-latest" (edit `suffix` file in the linux-kernel sources). +Make sure `audit=0` is not present in kernelopts / `/proc/cmdline`. + +### How can I permanently attach a block device to an HVM? ### + Have a look at https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html @@ -251,79 +280,28 @@ Then we define a new disk device - the syntax here is quite obvious and follows Now when you boot foo, Qubes will pick up this file, and attach /dev/sdb to the foo qube, where it will appear as /dev/xvde. You can put an entry in to /etc/fstab so that the /dev/xvde device will be automatically mounted where you will. -### How can I "sparsify" an existing volume? ### +### What is the process flow when starting an AppVM under Qubes R4.x? -Use the `fallocate` command. It has a way to deallocate zero blocks in-place so you probably won't need to use issue lvm commands directly: +1. qvm-start sends a request to qubesd, using Admin API +2. qubesd starts required netvm (recursively), if needed +3. qubesd request qmemman to allocate needed memory for new VM (according to VM's 'memory' property) +4. qubesd calls into appropriate storage pool driver to prepare for VM startup (create copy-on-write layers etc) +5. qubesd gathers needed VM properties etc and builds libvirt VM configuration (XML format, can be seen using `virsh dumpxml`) +6. qubesd calls into libvirt to start the VM (but in paused mode) +7. libvirt setup the VM using libxl, this include starting stubdomain if needed +8. qubesd start auxiliary processes, including: + - qrexec-daemon + - qubesdb-daemon (and fill its content) +9. libvirt unpause the VM +10. qvm-start-gui process (running separately from qubesd, as part of dom0 user GUI session) starts gui daemon -`sudo fallocate --dig-holes /dev/mapper/qubes_dom0-vm--untrusted--private` +See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-vm/qubesvm.html#qubes.vm.qubesvm.QubesVM.start). -This method can also be used on .img files (for Qubes installations that use them). +# Qubes 4.1 -### In Qubes 3.2, how do I remove old entries from "Move/copy to other AppVM"? ### - -The rogue entries are stored in ~/.config/qvm-mru-filecopy in the qube you are trying to copy from. -You can just edit that file to remove them from the list. - -### How do I change display resolution on a Linux HVM? - -You only get one resolution at a time. -In the HVM's `/etc/X11/xorg.conf`, in Subsection "Display" for Depth 24, make a single mode like this: +### How can I permanently attach a block device to an HVM? ### +Assuming that block device is labeled as `sdb`, run the following command: ``` -... - Subsection "Display" - Viewport 0 0 - Depth 24 - Modes "1200x800" - EndSubSection -EndSection +qvm-block attach --persistent sys-net:sdb ``` - -Only some modes will work. check wikipedia. if your host display is -1080p(1920x1080), then an hvm at 1440x900 works well. if its more than that, might -as well do 1080p in the hvm. - -### How can I get Bluetooth audio working? ### - -Either use a 3.5mm jack to BT adapter, or see [this](https://m7i.org/tips/qubes-VM-bluetooth-audio/). - -### Manually install Whonix 14 templates - -Note: See the [official documentation](https://www.whonix.org/wiki/Qubes/Install) for supported installation methods. -There should be no need to complete the following procedure manually any more. - -``` -sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-core-admin-addon-whonix - -sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-gw-14 -qvm-create sys-whonix-14 --class AppVM --template whonix-gw-14 --label black -qvm-prefs sys-whonix-14 provides_network True -qvm-tags whonix-gw-14 a whonix-updatevm - -sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-ws-14 -qvm-features whonix-ws-14 whonix-ws 1 -qvm-create whonix-ws-dvm-14 --class AppVM --template whonix-ws-14 --label green -qvm-features whonix-ws-dvm-14 appmenus-dispvm 1 -qvm-prefs whonix-ws-dvm-14 template_for_dispvms true -qvm-prefs whonix-ws-dvm-14 netvm sys-whonix-14 -qvm-prefs whonix-ws-dvm-14 default_dispvm whonix-ws-dvm-14 -qvm-tags whonix-ws-14 a whonix-updatevm -``` -To use the new `sys-whonix-14` for your UpdateVM, perform the following steps: -``` -qubes-prefs updatevm sys-whonix-14 -``` -Then, edit `/etc/qubes-rpc/policy/qubes.UpdatesProxy` and modify the top lines: -``` -$type:TemplateVM $default allow,target=sys-whonix -$tag:whonix-updatevm $default allow,target=sys-whonix -``` -to become: -``` -$type:TemplateVM $default allow,target=sys-whonix-14 -$tag:whonix-updatevm $default allow,target=sys-whonix-14 -``` - - - -*Thanks to all mailing list contributors, from where most of these came.*