mirror of
https://github.com/Qubes-Community/Contents.git
synced 2025-01-02 19:10:53 -05:00
Merge pull request #223 from aronowski/iaq
Refactor with common / release-specific documentation
This commit is contained in:
commit
3f34b0da5f
@ -7,6 +7,7 @@
|
|||||||
|
|
||||||
toc::[]
|
toc::[]
|
||||||
|
|
||||||
|
# Qubes common
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
@ -14,12 +15,6 @@ toc::[]
|
|||||||
|
|
||||||
Set `xpti=false` option in Xen command line (xen.gz option in grub, or options= line in xen.cfg for UEFI).
|
Set `xpti=false` option in Xen command line (xen.gz option in grub, or options= line in xen.cfg for UEFI).
|
||||||
|
|
||||||
### How can I switch R4.0 stubdomains back to qemu-traditional?
|
|
||||||
|
|
||||||
```
|
|
||||||
qvm-features VMNAME linux-stubdom ''
|
|
||||||
```
|
|
||||||
|
|
||||||
### How can I upgrade to testing?
|
### How can I upgrade to testing?
|
||||||
|
|
||||||
dom0: `sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --clean` (or --check-only instead for dom0).
|
dom0: `sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --clean` (or --check-only instead for dom0).
|
||||||
@ -95,27 +90,6 @@ In the `/var/log/libvirst/libxl/`, `/var/log/qubes/` and `/var/log/xen/console/`
|
|||||||
|
|
||||||
## Development
|
## Development
|
||||||
|
|
||||||
### What is a good IDE for Qubes?
|
|
||||||
|
|
||||||
QtCreator.
|
|
||||||
|
|
||||||
### What is the process flow when starting an AppVM under Qubes R4.x?
|
|
||||||
|
|
||||||
1. qvm-start sends a request to qubesd, using Admin API
|
|
||||||
2. qubesd starts required netvm (recursively), if needed
|
|
||||||
3. qubesd request qmemman to allocate needed memory for new VM (according to VM's 'memory' property)
|
|
||||||
4. qubesd calls into appropriate storage pool driver to prepare for VM startup (create copy-on-write layers etc)
|
|
||||||
5. qubesd gathers needed VM properties etc and builds libvirt VM configuration (XML format, can be seen using `virsh dumpxml`)
|
|
||||||
6. qubesd calls into libvirt to start the VM (but in paused mode)
|
|
||||||
7. libvirt setup the VM using libxl, this include starting stubdomain if needed
|
|
||||||
8. qubesd start auxiliary processes, including:
|
|
||||||
- qrexec-daemon
|
|
||||||
- qubesdb-daemon (and fill its content)
|
|
||||||
9. libvirt unpause the VM
|
|
||||||
10. qvm-start-gui process (running separately from qubesd, as part of dom0 user GUI session) starts gui daemon
|
|
||||||
|
|
||||||
See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-vm/qubesvm.html#qubes.vm.qubesvm.QubesVM.start).
|
|
||||||
|
|
||||||
### What is the process flow when opening a link/file in another VM ?
|
### What is the process flow when opening a link/file in another VM ?
|
||||||
|
|
||||||
1. in an AppVM ('srcVM') a link - or file - is set to be opened with the graphical "open in VM" or "open in dispVM" extensions (or respectively with the `/usr/bin/qvm-open-in-vm` or `/usr/bin/qvm-open-in-dvm` command line tools)
|
1. in an AppVM ('srcVM') a link - or file - is set to be opened with the graphical "open in VM" or "open in dispVM" extensions (or respectively with the `/usr/bin/qvm-open-in-vm` or `/usr/bin/qvm-open-in-dvm` command line tools)
|
||||||
@ -124,35 +98,10 @@ See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/
|
|||||||
4. in dstVM, `/etc/qubes-rpc/qubes.OpenURL` is called upon reception of the `qubes.OpenURL` RPC event above, which validates the url and executes `/usr/bin/qubes-open`
|
4. in dstVM, `/etc/qubes-rpc/qubes.OpenURL` is called upon reception of the `qubes.OpenURL` RPC event above, which validates the url and executes `/usr/bin/qubes-open`
|
||||||
5. in dstVM, `/usr/bin/qubes-open` executes `xdg-open`, which then opens the url/file with the program registered to handle the associated mime type (for additional info see the [freedesktop specifications](https://www.freedesktop.org/wiki/)).
|
5. in dstVM, `/usr/bin/qubes-open` executes `xdg-open`, which then opens the url/file with the program registered to handle the associated mime type (for additional info see the [freedesktop specifications](https://www.freedesktop.org/wiki/)).
|
||||||
|
|
||||||
### How can I contribute to developing Qubes Windows Tools for R4.0?
|
|
||||||
|
|
||||||
See [this post](https://www.mail-archive.com/qubes-devel@googlegroups.com/msg02808.html) and thread.
|
|
||||||
|
|
||||||
### What are some undocumented QWT registry keys?
|
### What are some undocumented QWT registry keys?
|
||||||
|
|
||||||
MaxFPS, UseDirtyBits.
|
MaxFPS, UseDirtyBits.
|
||||||
|
|
||||||
### How can I build an ISO from existing packages without having to compile them all?
|
|
||||||
|
|
||||||
```
|
|
||||||
gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-developers-keys.asc
|
|
||||||
git clone https://github.com/QubesOS/qubes-builder.git
|
|
||||||
cd qubes-builder
|
|
||||||
git verify-commit HEAD || echo DANGER DANGER HIGH VOLTAGE
|
|
||||||
cp example-configs/qubes-os-r4.0.conf builder.conf
|
|
||||||
variables='DISTS_VM= USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-full.ks'
|
|
||||||
make $variables COMPONENTS='installer-qubes-os builder-rpm' get-sources
|
|
||||||
make $variables COMPONENTS=intel-microcode get-sources qubes clean-rpms
|
|
||||||
[Customize as desired here]
|
|
||||||
sudo chroot chroot-fc25 dnf -y install dnf-yum
|
|
||||||
make $variables COMPONENTS= iso
|
|
||||||
```
|
|
||||||
|
|
||||||
If any step fails due to a download error, just rerun it.
|
|
||||||
If you wish to customize the kernel or another package, include it (e.g. `linux-kernel`) in `COMPONENTS` to actually include that package on the image.
|
|
||||||
You may also need to either adjust `qubes-src/installer-qubes-os/conf/comps-qubes.xml` (kernel -> kernel-latest), or build the package as "kernel" not "kernel-latest" (edit `suffix` file in the linux-kernel sources).
|
|
||||||
Make sure `audit=0` is not present in kernelopts / `/proc/cmdline`.
|
|
||||||
|
|
||||||
## Tweaks
|
## Tweaks
|
||||||
|
|
||||||
### Disable auto-maximize when dragging window to top of screen in XFCE
|
### Disable auto-maximize when dragging window to top of screen in XFCE
|
||||||
@ -208,11 +157,91 @@ swapon swapfile
|
|||||||
|
|
||||||
See https://groups.google.com/d/msg/qubes-users/LLSo_3oWXJI/0clWN0BUBgAJ for more details.
|
See https://groups.google.com/d/msg/qubes-users/LLSo_3oWXJI/0clWN0BUBgAJ for more details.
|
||||||
|
|
||||||
|
### How can I "sparsify" an existing volume? ###
|
||||||
|
|
||||||
|
Use the `fallocate` command. It has a way to deallocate zero blocks in-place so you probably won't need to use issue lvm commands directly:
|
||||||
|
|
||||||
|
`sudo fallocate --dig-holes /dev/mapper/qubes_dom0-vm--untrusted--private`
|
||||||
|
|
||||||
|
This method can also be used on .img files (for Qubes installations that use them).
|
||||||
|
|
||||||
|
### How do I change display resolution on a Linux HVM?
|
||||||
|
|
||||||
|
You only get one resolution at a time.
|
||||||
|
In the HVM's `/etc/X11/xorg.conf`, in Subsection "Display" for Depth 24, make a single mode like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
...
|
||||||
|
Subsection "Display"
|
||||||
|
Viewport 0 0
|
||||||
|
Depth 24
|
||||||
|
Modes "1200x800"
|
||||||
|
EndSubSection
|
||||||
|
EndSection
|
||||||
|
```
|
||||||
|
|
||||||
|
Only some modes will work. check wikipedia. if your host display is
|
||||||
|
1080p(1920x1080), then an hvm at 1440x900 works well. if its more than that, might
|
||||||
|
as well do 1080p in the hvm.
|
||||||
|
|
||||||
|
### How can I get Bluetooth audio working? ###
|
||||||
|
|
||||||
|
Either use a 3.5mm jack to BT adapter, or see [this](https://m7i.org/tips/qubes-VM-bluetooth-audio/).
|
||||||
|
|
||||||
|
Hint: [this guide](../configuration/bluetooth.md) might come in handy too.
|
||||||
|
|
||||||
|
### Manually install Whonix templates
|
||||||
|
|
||||||
|
See the [official Whonix documentation](https://www.whonix.org/wiki/Qubes/Install) for supported installation methods.
|
||||||
|
|
||||||
|
*Thanks to all mailing list contributors, from where most of these came.*
|
||||||
|
|
||||||
|
# Qubes 3.2
|
||||||
|
|
||||||
|
### In Qubes 3.2, how do I remove old entries from "Move/copy to other AppVM"? ###
|
||||||
|
|
||||||
|
The rogue entries are stored in ~/.config/qvm-mru-filecopy in the qube you are trying to copy from.
|
||||||
|
You can just edit that file to remove them from the list.
|
||||||
|
|
||||||
### How can I permanently attach a block device to an HVM? ###
|
### How can I permanently attach a block device to an HVM? ###
|
||||||
|
|
||||||
In 3.2 you can just edit the conf file under /var/lib/qubes.
|
In 3.2 you can just edit the conf file under /var/lib/qubes.
|
||||||
|
|
||||||
In 4.0:
|
# Qubes 4.0
|
||||||
|
|
||||||
|
### How can I contribute to developing Qubes Windows Tools for R4.0?
|
||||||
|
|
||||||
|
See [this post](https://www.mail-archive.com/qubes-devel@googlegroups.com/msg02808.html) and thread.
|
||||||
|
|
||||||
|
### How can I switch R4.0 stubdomains back to qemu-traditional?
|
||||||
|
|
||||||
|
```
|
||||||
|
qvm-features VMNAME linux-stubdom ''
|
||||||
|
```
|
||||||
|
|
||||||
|
### How can I build an ISO from existing packages without having to compile them all?
|
||||||
|
|
||||||
|
```
|
||||||
|
gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-developers-keys.asc
|
||||||
|
git clone https://github.com/QubesOS/qubes-builder.git
|
||||||
|
cd qubes-builder
|
||||||
|
git verify-commit HEAD || echo DANGER DANGER HIGH VOLTAGE
|
||||||
|
cp example-configs/qubes-os-r4.0.conf builder.conf
|
||||||
|
variables='DISTS_VM= USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-full.ks'
|
||||||
|
make $variables COMPONENTS='installer-qubes-os builder-rpm' get-sources
|
||||||
|
make $variables COMPONENTS=intel-microcode get-sources qubes clean-rpms
|
||||||
|
[Customize as desired here]
|
||||||
|
sudo chroot chroot-fc25 dnf -y install dnf-yum
|
||||||
|
make $variables COMPONENTS= iso
|
||||||
|
```
|
||||||
|
|
||||||
|
If any step fails due to a download error, just rerun it.
|
||||||
|
If you wish to customize the kernel or another package, include it (e.g. `linux-kernel`) in `COMPONENTS` to actually include that package on the image.
|
||||||
|
You may also need to either adjust `qubes-src/installer-qubes-os/conf/comps-qubes.xml` (kernel -> kernel-latest), or build the package as "kernel" not "kernel-latest" (edit `suffix` file in the linux-kernel sources).
|
||||||
|
Make sure `audit=0` is not present in kernelopts / `/proc/cmdline`.
|
||||||
|
|
||||||
|
### How can I permanently attach a block device to an HVM? ###
|
||||||
|
|
||||||
Have a look at
|
Have a look at
|
||||||
https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html
|
https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html
|
||||||
|
|
||||||
@ -251,79 +280,28 @@ Then we define a new disk device - the syntax here is quite obvious and follows
|
|||||||
Now when you boot foo, Qubes will pick up this file, and attach /dev/sdb to the foo qube, where it will appear as /dev/xvde.
|
Now when you boot foo, Qubes will pick up this file, and attach /dev/sdb to the foo qube, where it will appear as /dev/xvde.
|
||||||
You can put an entry in to /etc/fstab so that the /dev/xvde device will be automatically mounted where you will.
|
You can put an entry in to /etc/fstab so that the /dev/xvde device will be automatically mounted where you will.
|
||||||
|
|
||||||
### How can I "sparsify" an existing volume? ###
|
### What is the process flow when starting an AppVM under Qubes R4.x?
|
||||||
|
|
||||||
Use the `fallocate` command. It has a way to deallocate zero blocks in-place so you probably won't need to use issue lvm commands directly:
|
1. qvm-start sends a request to qubesd, using Admin API
|
||||||
|
2. qubesd starts required netvm (recursively), if needed
|
||||||
|
3. qubesd request qmemman to allocate needed memory for new VM (according to VM's 'memory' property)
|
||||||
|
4. qubesd calls into appropriate storage pool driver to prepare for VM startup (create copy-on-write layers etc)
|
||||||
|
5. qubesd gathers needed VM properties etc and builds libvirt VM configuration (XML format, can be seen using `virsh dumpxml`)
|
||||||
|
6. qubesd calls into libvirt to start the VM (but in paused mode)
|
||||||
|
7. libvirt setup the VM using libxl, this include starting stubdomain if needed
|
||||||
|
8. qubesd start auxiliary processes, including:
|
||||||
|
- qrexec-daemon
|
||||||
|
- qubesdb-daemon (and fill its content)
|
||||||
|
9. libvirt unpause the VM
|
||||||
|
10. qvm-start-gui process (running separately from qubesd, as part of dom0 user GUI session) starts gui daemon
|
||||||
|
|
||||||
`sudo fallocate --dig-holes /dev/mapper/qubes_dom0-vm--untrusted--private`
|
See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-vm/qubesvm.html#qubes.vm.qubesvm.QubesVM.start).
|
||||||
|
|
||||||
This method can also be used on .img files (for Qubes installations that use them).
|
# Qubes 4.1
|
||||||
|
|
||||||
### In Qubes 3.2, how do I remove old entries from "Move/copy to other AppVM"? ###
|
### How can I permanently attach a block device to an HVM? ###
|
||||||
|
|
||||||
The rogue entries are stored in ~/.config/qvm-mru-filecopy in the qube you are trying to copy from.
|
|
||||||
You can just edit that file to remove them from the list.
|
|
||||||
|
|
||||||
### How do I change display resolution on a Linux HVM?
|
|
||||||
|
|
||||||
You only get one resolution at a time.
|
|
||||||
In the HVM's `/etc/X11/xorg.conf`, in Subsection "Display" for Depth 24, make a single mode like this:
|
|
||||||
|
|
||||||
|
Assuming that block device is labeled as `sdb`, run the following command:
|
||||||
```
|
```
|
||||||
...
|
qvm-block attach --persistent <HVM> sys-net:sdb
|
||||||
Subsection "Display"
|
|
||||||
Viewport 0 0
|
|
||||||
Depth 24
|
|
||||||
Modes "1200x800"
|
|
||||||
EndSubSection
|
|
||||||
EndSection
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Only some modes will work. check wikipedia. if your host display is
|
|
||||||
1080p(1920x1080), then an hvm at 1440x900 works well. if its more than that, might
|
|
||||||
as well do 1080p in the hvm.
|
|
||||||
|
|
||||||
### How can I get Bluetooth audio working? ###
|
|
||||||
|
|
||||||
Either use a 3.5mm jack to BT adapter, or see [this](https://m7i.org/tips/qubes-VM-bluetooth-audio/).
|
|
||||||
|
|
||||||
### Manually install Whonix 14 templates
|
|
||||||
|
|
||||||
Note: See the [official documentation](https://www.whonix.org/wiki/Qubes/Install) for supported installation methods.
|
|
||||||
There should be no need to complete the following procedure manually any more.
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-core-admin-addon-whonix
|
|
||||||
|
|
||||||
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-gw-14
|
|
||||||
qvm-create sys-whonix-14 --class AppVM --template whonix-gw-14 --label black
|
|
||||||
qvm-prefs sys-whonix-14 provides_network True
|
|
||||||
qvm-tags whonix-gw-14 a whonix-updatevm
|
|
||||||
|
|
||||||
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-ws-14
|
|
||||||
qvm-features whonix-ws-14 whonix-ws 1
|
|
||||||
qvm-create whonix-ws-dvm-14 --class AppVM --template whonix-ws-14 --label green
|
|
||||||
qvm-features whonix-ws-dvm-14 appmenus-dispvm 1
|
|
||||||
qvm-prefs whonix-ws-dvm-14 template_for_dispvms true
|
|
||||||
qvm-prefs whonix-ws-dvm-14 netvm sys-whonix-14
|
|
||||||
qvm-prefs whonix-ws-dvm-14 default_dispvm whonix-ws-dvm-14
|
|
||||||
qvm-tags whonix-ws-14 a whonix-updatevm
|
|
||||||
```
|
|
||||||
To use the new `sys-whonix-14` for your UpdateVM, perform the following steps:
|
|
||||||
```
|
|
||||||
qubes-prefs updatevm sys-whonix-14
|
|
||||||
```
|
|
||||||
Then, edit `/etc/qubes-rpc/policy/qubes.UpdatesProxy` and modify the top lines:
|
|
||||||
```
|
|
||||||
$type:TemplateVM $default allow,target=sys-whonix
|
|
||||||
$tag:whonix-updatevm $default allow,target=sys-whonix
|
|
||||||
```
|
|
||||||
to become:
|
|
||||||
```
|
|
||||||
$type:TemplateVM $default allow,target=sys-whonix-14
|
|
||||||
$tag:whonix-updatevm $default allow,target=sys-whonix-14
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
*Thanks to all mailing list contributors, from where most of these came.*
|
|
||||||
|
Loading…
Reference in New Issue
Block a user