Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2025-01-03 03:21:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #223 from aronowski/iaq

Browse Source 
Refactor with common / release-specific documentation
This commit is contained in:
Ivan 2022-10-29 10:15:39 +00:00 committed by GitHub
commit 3f34b0da5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 100 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
docs/misc/iaq.adoc
View File

@ -7,6 +7,7 @@
toc::[]
# Qubes common
## Troubleshooting
@ -14,12 +15,6 @@ toc::[]
Set `xpti=false` option in Xen command line (xen.gz option in grub, or options= line in xen.cfg for UEFI).
### How can I switch R4.0 stubdomains back to qemu-traditional?
```
qvm-features VMNAME linux-stubdom ''
```
### How can I upgrade to testing?
dom0: `sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --clean` (or --check-only instead for dom0).
@ -95,27 +90,6 @@ In the `/var/log/libvirst/libxl/`, `/var/log/qubes/` and `/var/log/xen/console/`
## Development
### What is a good IDE for Qubes?
QtCreator.
### What is the process flow when starting an AppVM under Qubes R4.x?
1. qvm-start sends a request to qubesd, using Admin API
2. qubesd starts required netvm (recursively), if needed
3. qubesd request qmemman to allocate needed memory for new VM (according to VM's 'memory' property)
4. qubesd calls into appropriate storage pool driver to prepare for VM startup (create copy-on-write layers etc)
5. qubesd gathers needed VM properties etc and builds libvirt VM configuration (XML format, can be seen using `virsh dumpxml`)
6. qubesd calls into libvirt to start the VM (but in paused mode)
7. libvirt setup the VM using libxl, this include starting stubdomain if needed
8. qubesd start auxiliary processes, including:
- qrexec-daemon
- qubesdb-daemon (and fill its content)
9. libvirt unpause the VM
10. qvm-start-gui process (running separately from qubesd, as part of dom0 user GUI session) starts gui daemon
See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-vm/qubesvm.html#qubes.vm.qubesvm.QubesVM.start).
### What is the process flow when opening a link/file in another VM ?
1. in an AppVM ('srcVM') a link - or file - is set to be opened with the graphical "open in VM" or "open in dispVM" extensions (or respectively with the `/usr/bin/qvm-open-in-vm` or `/usr/bin/qvm-open-in-dvm` command line tools)
@ -124,35 +98,10 @@ See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/
4. in dstVM, `/etc/qubes-rpc/qubes.OpenURL` is called upon reception of the `qubes.OpenURL` RPC event above, which validates the url and executes `/usr/bin/qubes-open`
5. in dstVM, `/usr/bin/qubes-open` executes `xdg-open`, which then opens the url/file with the program registered to handle the associated mime type (for additional info see the [freedesktop specifications](https://www.freedesktop.org/wiki/)).
### How can I contribute to developing Qubes Windows Tools for R4.0?
See [this post](https://www.mail-archive.com/qubes-devel@googlegroups.com/msg02808.html) and thread.
### What are some undocumented QWT registry keys?
MaxFPS, UseDirtyBits.
### How can I build an ISO from existing packages without having to compile them all?
```
gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-developers-keys.asc
git clone https://github.com/QubesOS/qubes-builder.git
cd qubes-builder
git verify-commit HEAD || echo DANGER DANGER HIGH VOLTAGE
cp example-configs/qubes-os-r4.0.conf builder.conf
variables='DISTS_VM= USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-full.ks'
make $variables COMPONENTS='installer-qubes-os builder-rpm' get-sources
make $variables COMPONENTS=intel-microcode get-sources qubes clean-rpms
[Customize as desired here]
sudo chroot chroot-fc25 dnf -y install dnf-yum
make $variables COMPONENTS= iso
```
If any step fails due to a download error, just rerun it.
If you wish to customize the kernel or another package, include it (e.g. `linux-kernel`) in `COMPONENTS` to actually include that package on the image.
You may also need to either adjust `qubes-src/installer-qubes-os/conf/comps-qubes.xml` (kernel -> kernel-latest), or build the package as "kernel" not "kernel-latest" (edit `suffix` file in the linux-kernel sources).
Make sure `audit=0` is not present in kernelopts / `/proc/cmdline`.
## Tweaks
### Disable auto-maximize when dragging window to top of screen in XFCE
@ -208,11 +157,91 @@ swapon swapfile
See https://groups.google.com/d/msg/qubes-users/LLSo_3oWXJI/0clWN0BUBgAJ for more details.
### How can I "sparsify" an existing volume? ###
Use the `fallocate` command. It has a way to deallocate zero blocks in-place so you probably won't need to use issue lvm commands directly:
`sudo fallocate --dig-holes /dev/mapper/qubes_dom0-vm--untrusted--private`
This method can also be used on .img files (for Qubes installations that use them).
### How do I change display resolution on a Linux HVM?
You only get one resolution at a time.
In the HVM's `/etc/X11/xorg.conf`, in Subsection "Display" for Depth 24, make a single mode like this:
```
...
Subsection "Display"
Viewport 0 0
Depth 24
Modes "1200x800"
EndSubSection
EndSection
```
Only some modes will work. check wikipedia. if your host display is
1080p(1920x1080), then an hvm at 1440x900 works well. if its more than that, might
as well do 1080p in the hvm.
### How can I get Bluetooth audio working? ###
Either use a 3.5mm jack to BT adapter, or see [this](https://m7i.org/tips/qubes-VM-bluetooth-audio/).
Hint: [this guide](../configuration/bluetooth.md) might come in handy too.
### Manually install Whonix templates
See the [official Whonix documentation](https://www.whonix.org/wiki/Qubes/Install) for supported installation methods.
*Thanks to all mailing list contributors, from where most of these came.*
# Qubes 3.2
### In Qubes 3.2, how do I remove old entries from "Move/copy to other AppVM"? ###
The rogue entries are stored in ~/.config/qvm-mru-filecopy in the qube you are trying to copy from.
You can just edit that file to remove them from the list.
### How can I permanently attach a block device to an HVM? ###
In 3.2 you can just edit the conf file under /var/lib/qubes.
In 4.0:
# Qubes 4.0
### How can I contribute to developing Qubes Windows Tools for R4.0?
See [this post](https://www.mail-archive.com/qubes-devel@googlegroups.com/msg02808.html) and thread.
### How can I switch R4.0 stubdomains back to qemu-traditional?
```
qvm-features VMNAME linux-stubdom ''
```
### How can I build an ISO from existing packages without having to compile them all?
```
gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-developers-keys.asc
git clone https://github.com/QubesOS/qubes-builder.git
cd qubes-builder
git verify-commit HEAD || echo DANGER DANGER HIGH VOLTAGE
cp example-configs/qubes-os-r4.0.conf builder.conf
variables='DISTS_VM= USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-full.ks'
make $variables COMPONENTS='installer-qubes-os builder-rpm' get-sources
make $variables COMPONENTS=intel-microcode get-sources qubes clean-rpms
[Customize as desired here]
sudo chroot chroot-fc25 dnf -y install dnf-yum
make $variables COMPONENTS= iso
```
If any step fails due to a download error, just rerun it.
If you wish to customize the kernel or another package, include it (e.g. `linux-kernel`) in `COMPONENTS` to actually include that package on the image.
You may also need to either adjust `qubes-src/installer-qubes-os/conf/comps-qubes.xml` (kernel -> kernel-latest), or build the package as "kernel" not "kernel-latest" (edit `suffix` file in the linux-kernel sources).
Make sure `audit=0` is not present in kernelopts / `/proc/cmdline`.
### How can I permanently attach a block device to an HVM? ###
Have a look at
https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html
@ -251,79 +280,28 @@ Then we define a new disk device - the syntax here is quite obvious and follows
Now when you boot foo, Qubes will pick up this file, and attach /dev/sdb to the foo qube, where it will appear as /dev/xvde.
You can put an entry in to /etc/fstab so that the /dev/xvde device will be automatically mounted where you will.
### How can I "sparsify" an existing volume? ###
### What is the process flow when starting an AppVM under Qubes R4.x?
Use the `fallocate` command. It has a way to deallocate zero blocks in-place so you probably won't need to use issue lvm commands directly:
1. qvm-start sends a request to qubesd, using Admin API
2. qubesd starts required netvm (recursively), if needed
3. qubesd request qmemman to allocate needed memory for new VM (according to VM's 'memory' property)
4. qubesd calls into appropriate storage pool driver to prepare for VM startup (create copy-on-write layers etc)
5. qubesd gathers needed VM properties etc and builds libvirt VM configuration (XML format, can be seen using `virsh dumpxml`)
6. qubesd calls into libvirt to start the VM (but in paused mode)
7. libvirt setup the VM using libxl, this include starting stubdomain if needed
8. qubesd start auxiliary processes, including:
- qrexec-daemon
- qubesdb-daemon (and fill its content)
9. libvirt unpause the VM
10. qvm-start-gui process (running separately from qubesd, as part of dom0 user GUI session) starts gui daemon
`sudo fallocate --dig-holes /dev/mapper/qubes_dom0-vm--untrusted--private`
See "source" link [here](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-vm/qubesvm.html#qubes.vm.qubesvm.QubesVM.start).
This method can also be used on .img files (for Qubes installations that use them).
# Qubes 4.1
### In Qubes 3.2, how do I remove old entries from "Move/copy to other AppVM"? ###
The rogue entries are stored in ~/.config/qvm-mru-filecopy in the qube you are trying to copy from.
You can just edit that file to remove them from the list.
### How do I change display resolution on a Linux HVM?
You only get one resolution at a time.
In the HVM's `/etc/X11/xorg.conf`, in Subsection "Display" for Depth 24, make a single mode like this:
### How can I permanently attach a block device to an HVM? ###
Assuming that block device is labeled as `sdb`, run the following command:
```
...
Subsection "Display"
Viewport 0 0
Depth 24
Modes "1200x800"
EndSubSection
EndSection
qvm-block attach --persistent <HVM> sys-net:sdb
```
Only some modes will work. check wikipedia. if your host display is
1080p(1920x1080), then an hvm at 1440x900 works well. if its more than that, might
as well do 1080p in the hvm.
### How can I get Bluetooth audio working? ###
Either use a 3.5mm jack to BT adapter, or see [this](https://m7i.org/tips/qubes-VM-bluetooth-audio/).
### Manually install Whonix 14 templates
Note: See the [official documentation](https://www.whonix.org/wiki/Qubes/Install) for supported installation methods.
There should be no need to complete the following procedure manually any more.
```
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-core-admin-addon-whonix
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-gw-14
qvm-create sys-whonix-14 --class AppVM --template whonix-gw-14 --label black
qvm-prefs sys-whonix-14 provides_network True
qvm-tags whonix-gw-14 a whonix-updatevm
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-ws-14
qvm-features whonix-ws-14 whonix-ws 1
qvm-create whonix-ws-dvm-14 --class AppVM --template whonix-ws-14 --label green
qvm-features whonix-ws-dvm-14 appmenus-dispvm 1
qvm-prefs whonix-ws-dvm-14 template_for_dispvms true
qvm-prefs whonix-ws-dvm-14 netvm sys-whonix-14
qvm-prefs whonix-ws-dvm-14 default_dispvm whonix-ws-dvm-14
qvm-tags whonix-ws-14 a whonix-updatevm
```
To use the new `sys-whonix-14` for your UpdateVM, perform the following steps:
```
qubes-prefs updatevm sys-whonix-14
```
Then, edit `/etc/qubes-rpc/policy/qubes.UpdatesProxy` and modify the top lines:
```
$type:TemplateVM $default allow,target=sys-whonix
$tag:whonix-updatevm $default allow,target=sys-whonix
```
to become:
```
$type:TemplateVM $default allow,target=sys-whonix-14
$tag:whonix-updatevm $default allow,target=sys-whonix-14
```
*Thanks to all mailing list contributors, from where most of these came.*