Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-27 06:47:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'marmarek-translation-prepare'

Browse Source 
Fixes QubesOS/qubes-issues#6489
This commit is contained in:
Andrew David Wong 2021-03-26 20:49:57 -07:00
commit 0824b2d196
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
219 changed files with 4770 additions and 4966 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
developer/building/development-workflow.md
View File

@ -1,23 +1,23 @@
---
lang: en
layout: doc
title: Development Workflow
permalink: /doc/development-workflow/
redirect_from:
- /en/doc/development-workflow/
- /doc/DevelopmentWorkflow/
- /wiki/DevelopmentWorkflow/
ref: 66
title: Development Workflow
---
Development Workflow
====================
# Development Workflow
A workflow for developing Qubes OS+
First things first, setup [QubesBuilder](/doc/qubes-builder/). This guide
assumes you're using qubes-builder to build Qubes.
Repositories and committing Code
--------------------------------
# Repositories and committing Code
Qubes is split into a bunch of git repos. This are all contained in the
`qubes-src` directory under qubes-builder. Subdirectories there are separate
@ -162,8 +162,7 @@ verify tags and show the changes. This do not merge the changes - there are
left for review as FETCH\_HEAD ref. You can merge them using `git merge
FETCH_HEAD` (in each repo directory). Or `make do-merge` to merge all of them.
Copying Code to dom0
--------------------
## Copying Code to dom0
When developing it is convenient to be able to rapidly test changes. Assuming
you're developing Qubes on Qubes, you should be working in a special VM for
@ -309,7 +308,6 @@ to `testbuilder` VM. Otherwise it creates remote pointing at github account of
the same name. In any case it points at repository matching current directory
name.
## Sending packages to different VM
Other useful script(s) can be used to setup local package repository hosted in

4
developer/building/qubes-builder-details.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Qubes Builder Details
permalink: /doc/qubes-builder-details/
redirect_from:
- /en/doc/qubes-builder-details/
- /doc/QubesBuilderDetails/
- /wiki/QubesBuilderDetails/
ref: 65
title: Qubes Builder Details
---
[QubesBuilder](/doc/qubes-builder/) "API"

43
developer/building/qubes-builder.md
View File

@ -1,17 +1,18 @@
---
lang: en
layout: doc
title: Qubes Builder
permalink: /doc/qubes-builder/
redirect_from:
- /en/doc/qubes-builder/
- /doc/QubesBuilder/
- /wiki/QubesBuilder/
ref: 64
title: Qubes Builder
---
**Note: See [ISO building instructions](/doc/qubes-iso-building/) for a streamlined overview on how to use the build system.**
Building Qubes from scratch
===========================
# Building Qubes from scratch
We have a fully automated build system for Qubes, that downloads, builds and
packages all the Qubes components, and finally should spit out a ready-to-use
@ -39,7 +40,9 @@ In order to use it, you should use an rpm-based distro, like Fedora :), and shou
Usually you can install those packages by just issuing:
```shell
sudo dnf install gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog rpm-sign dpkg-dev debootstrap python3-pyyaml devscripts perl-Digest-MD5 perl-Digest-SHA
```
The build system creates build environments in chroots and so no other packages are needed on the host.
All files created by the build system are contained within the qubes-builder directory.
@ -49,24 +52,29 @@ The build system is configured via builder.conf file.
You can use the setup.sh script to create and modify this file.
Alternatively, you can copy the provided default builder.conf, and modify it as needed, e.g.:
```shell
cp example-configs/qubes-os-master.conf builder.conf
# edit the builder.conf file and set the following variables:
NO_SIGN=1
```
One additional useful requirement is that 'sudo root' must work without any prompt, which is default on most distros (e.g. 'sudo bash' brings you the root shell without asking for any password).
This is important as the builder needs to switch to root and then back to user several times during the build process.
Additionally, if building with signing enabled (NO\_SIGN is not set), you must adjust \~/.rpmmacro file so that it points to the GPG key used for package signing, e.g.:
```bash
%_signature gpg
%_gpg_path /home/user/.gnupg
%_gpg_name AC1BF9B3 # <-- Key ID used for signing
```
It is also recommended that you use an empty passphrase for the private key used for signing.
Contrary to a popular belief, this doesn't affect your key or sources security -- if somebody compromised your system, then the game is over anyway, whether you have used an additional passphrase for the key or not.
So, to build Qubes you would do:
```shell
# Import the Qubes master key
gpg --recv-keys 0xDDFA1A3E36879494
@ -98,17 +106,19 @@ So, to build Qubes you would do:
# ... and then to build the ISO
make iso
```
And this should produce a shiny new ISO.
You can also build selected component separately. Eg. to compile only gui virtualization agent/daemon:
```shell
make gui-daemon
```
You can get a full list from make help.
Making customized build
-----------------------
## Making customized build
### Manual source modification
@ -118,10 +128,11 @@ Here are some basic steps:
1. Download qubes-builder as described above (if you want to use marmarek's branches, you should also download qubes-builder from his repo - replace 'QubesOS' with 'marmarek' in above git clone command)
2. Edit builder.conf (still the same as above), some useful additions:
- You can also set GIT\_PREFIX="marmarek/qubes-" to use marmarek's repo instead of "mainstream" - it contains newer (but less tested) versions
3. Download unmodified sources
```shell
make get-sources
```
4. **Make your modifications here**
@ -133,11 +144,15 @@ Here are some basic steps:
6. `get-sources` is already done, so continue with the next one. You can skip `sign-all` if you've disabled signing
```shell
make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates
```
1. build iso installation image
7. build iso installation image
```shell
make iso
```
### Use pre-built Qubes packages
@ -146,19 +161,25 @@ This is especially true for `gcc`, which takes several hours to build.
Before creating the `chroot`, add this to your `builder.conf`:
```
USE_QUBES_REPO_VERSION = $(RELEASE)
```
It will add the 'current' Qubes repository to your `chroot` environment.
Next, specify which components (`gcc`, for example) you want to download instead of compiling:
```
COMPONENTS := $(filter-out gcc,$(COMPONENTS))
```
Alternatively, edit the actual COMPONENTS list which is defined in the included version-dependent config from example-configs (see series of include directives near the beginning of `builder.conf`).
This way, you can build only the packages in which you are interested.
If you also want to use the 'current-testing' repository, add this to your configuration:
```
USE_QUBES_REPO_TESTING = 1
```
In the case of an existing `chroot`, for mock-enabled builds, this works immediately because `chroot` is constructed each time separately.
For legacy builds, it will not add the necessary configuration into the build environment unless a specific builder change or configuration would force rebuilding chroot.
@ -170,22 +191,22 @@ And even if it did, there could be some leftover packages installed from those r
If you are building Ubuntu templates, you cannot use this option.
This is because Qubes does not provide official packages for Ubuntu templates.
Code verification keys management
---------------------------------
## Code verification keys management
[QubesBuilder](/doc/qubes-builder/) by default verifies signed tags on every downloaded code.
Public keys used for that are stored in `keyrings/git`.
By default Qubes developers' keys are imported automatically, but if you need some additional keys (for example your own), you can add them using:
```shell
GNUPGHOME=$PWD/keyrings/git gpg --import /path/to/key.asc
GNUPGHOME=$PWD/keyrings/git gpg --edit-key ID_OF_JUST_IMPORTED_KEY
# here use "trust" command to set key fully or ultimately trusted - only those keys are accepted by QubesBuilder
```
All Qubes developers' keys are signed by the Qubes Master Signing Key (which is set as ultimately trusted key), so are trusted automatically.
If you are the owner of Master key and want to revoke such signature, use the `revsig` gpg key edit command and update the key in qubes-developers-keys.asc - now the key will be no longer trusted (unless manually set as such).
Further information
-------------------
## Further information
For advanced [QubesBuilder](/doc/qubes-builder/) use, and preparing sources, take a look at [QubesBuilderDetails](/doc/qubes-builder-details/) page, or [QubesBuilder's doc directory](https://github.com/marmarek/qubes-builder/tree/master/doc).

6
developer/building/qubes-iso-building.md
View File

@ -1,6 +1,6 @@
---
lang: en
layout: doc
title: Qubes ISO Building
permalink: /doc/qubes-iso-building/
redirect_from:
- /doc/qubes-r3-building/
@ -8,6 +8,8 @@ redirect_from:
- /en/doc/qubes-iso-building/
- /doc/QubesR3Building/
- /wiki/QubesR3Building/
ref: 63
title: Qubes ISO Building
---
Building Qubes OS ISO
@ -68,7 +70,6 @@ git tag -v `git describe`
Assuming the verification went fine, we're good to go with all the rest without ever thinking more about verifying digital signatures on all the rest of the components, apart from an additional step if doing a non-scripted build.
The builder will do that for us for each component, every time we build, even for all auxiliary files (e.g. Xen or Linux kernel sources).
Build using setup script
-----------------
@ -128,7 +129,6 @@ make iso
Enjoy your new ISO!
Build using manual steps
-----------------

35
developer/code/code-signing.md
View File

@ -1,17 +1,16 @@
---
lang: en
layout: doc
title: Code Signing
permalink: /doc/code-signing/
ref: 51
title: Code Signing
---
Code Signing
============
# Code Signing
All contributions to the Qubes OS [source code] must be cryptographically signed by the author's PGP key.
Generating a Key
----------------
## Generating a Key
(Note: If you already have a PGP key, you may skip this step.)
@ -78,8 +77,7 @@ uid Bilbo Baggins <bilbo@shire.org>
sub 4096R/69B0EA85 2013-03-13
~~~
Upload the Key
--------------
## Upload the Key
For others to find the public key, please upload it to a server.
@ -88,8 +86,7 @@ $ gpg --send-keys --keyserver pool.sks-keyservers.net 69B0EA85
gpg: sending key 488BA441 to hkp server pool.sks-keyservers.net
```
Using PGP with Git
------------------
## Using PGP with Git
If you're submitting a patch via GitHub (or a similar Git server), please sign
your Git commits.
@ -141,8 +138,7 @@ your Git commits.
vtag = !git tag -v `git describe`
~~~
GitHub Signature Verification (optional)
----------------------------------------
## GitHub Signature Verification (optional)
GitHub shows a green `Verified` label indicating that the GPG signature could be
verified using any of the contributors GPG keys uploaded to GitHub. You can
@ -150,8 +146,7 @@ upload your public key on GitHub by adding your public GPG key on the [New GPG
key][GitHub New GPG key] under the [SSH GPG keys page][GitHub SSH GPG keys
page].
Code Signature Checks
---------------------
## Code Signature Checks
The [signature-checker] checks if code contributions are signed.
Although GitHub adds a little green `Verified` button next to the commit, the [signature-checker] uses this algorithm to check if a commit is correctly signed:
@ -171,21 +166,27 @@ In this case, you have several options to sign the commit:
1. Amend the commit and replace it with a signed commit.
You can use this command to create a new signed commit:
```
git commit --amend -S
```
This also rewrites the commit so you need to push it forcefully:
```
git push -f
```
2. Create a signed tag for the unsigned commit.
If the commit is back in history and you do not want to change it,
you can create a signed tag for this commit and push the signature.
You can use the alias from above:
```
git checkout <commit>
git spush
```
Now, the signature checker needs to re-check the signature.
Please comment on the pull request that you would like to have the signatures checked again.
@ -198,15 +199,12 @@ but is not able to verify it using the any key available.
This might be that you forgot to upload the key to a key server.
Please upload it.
Using PGP with Email
--------------------
## Using PGP with Email
If you're submitting a patch by emailing the [developer mailing list], simply sign your email with your PGP key.
One good way to do this is with a program like [Enigmail].
Enigmail is a security addon for the Mozilla Thunderbird email client that allows you to easily digitally encrypt and sign your emails.
[guide]: https://alexcabal.com/creating-the-perfect-gpg-keypair/
[source code]: /doc/source-code/
[developer mailing list]: /support/#qubes-devel
@ -214,4 +212,3 @@ Enigmail is a security addon for the Mozilla Thunderbird email client that allow
[signature-checker]: https://github.com/marmarek/signature-checker
[GitHub New GPG key]: https://github.com/settings/gpg/new
[GitHub SSH GPG keys page]: https://github.com/settings/keys

20
developer/code/coding-style.md
View File

@ -1,12 +1,14 @@
---
lang: en
layout: doc
title: Coding Style
permalink: /doc/coding-style/
redirect_from:
- /en/doc/coding-style/
- /doc/CodingStyle/
- /wiki/CodingStyle/
- /trac/wiki/CodingStyle/
ref: 53
title: Coding Style
---
Coding Guidelines for Qubes Developers
@ -124,7 +126,7 @@ Source Code management (Git) guidelines
- Use git to maintain all code for Qubes project.
- Before you start using git, make sure you understand that git is a decentralized Source Code Management system, and that it doesn't behave like traditional, centralized source code management systems, such as SVN. Here's a good [introductory book on git](https://git-scm.com/book). Read it.
- Before you start using git, make sure you understand that git is a decentralized Source Code Management system, and that it doesn't behave like traditional, centralized source code management systems, such as SVN. Here's a good [introductory book on git](http://git-scm.com/book). Read it.
- Qubes code is divided into many git repositories. There are several reasons for that:
- This creates natural boundaries between different code blocks, enforcing proper interfaces, and easing independent development to be conducted on various code parts at the same time, without the fear of running into conflicts.
@ -137,13 +139,13 @@ Commit message guidelines
Please attempt to follow these conventions when writing your Git commit messages:
* Separate the subject line from the body with a blank line.
* Limit the subject line to approximately 50 characters.
* Capitalize the subject line.
* Do not end the subject line with a period.
* Use the imperative mood in the subject line.
* Wrap the body at 72 characters.
* Use the body to explain *what* and *why* rather than *how*.
- Separate the subject line from the body with a blank line.
- Limit the subject line to approximately 50 characters.
- Capitalize the subject line.
- Do not end the subject line with a period.
- Use the imperative mood in the subject line.
- Wrap the body at 72 characters.
- Use the body to explain *what* and *why* rather than *how*.
For details, examples, and the rationale behind each of these conventions, please see [this blog post](https://chris.beams.io/posts/git-commit/), which is the source of this list.

4
developer/code/license.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: License
permalink: /doc/license/
redirect_from:
- /en/doc/license/
- /doc/QubesLicensing/
- /wiki/QubesLicensing/
ref: 52
title: License
---
Qubes OS License

5
developer/code/source-code.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Source Code
permalink: /doc/source-code/
redirect_from:
- /en/doc/source-code/
- /doc/SourceCode/
- /wiki/SourceCode/
ref: 54
title: Source Code
---
Qubes Source Code Repositories
@ -53,7 +55,6 @@ find . -mindepth 1 -maxdepth 1 -type d -exec git -C {} fetch --tags --recurse-su
(Alternatively, you can pull instead of just fetching.)
How to Send Patches
-------------------

27
developer/debugging/automated-tests.md
View File

@ -1,17 +1,17 @@
---
lang: en
layout: doc
title: Automated Tests
permalink: /doc/automated-tests/
redirect_from:
- /en/doc/automated-tests/
- /doc/AutomatedTests/
ref: 45
title: Automated Tests
---
Automated Tests
===============
# Automated Tests
Unit and Integration Tests
--------------------------
## Unit and Integration Tests
Starting with Qubes R3 we use [python unittest][unittest] to perform automatic tests of Qubes OS.
Despite the name, we use it for both [unit tests](https://en.wikipedia.org/wiki/Unit_tests) and [integration tests](https://en.wikipedia.org/wiki/Integration_tests).
@ -46,6 +46,7 @@ Our test runner runs mostly the same as the standard one, but it has some nice a
You can use `python3 -m qubes.tests.run -h` to get usage information:
```
[user@dom0 ~]$ python3 -m qubes.tests.run -h
usage: run.py [-h] [--verbose] [--quiet] [--list] [--failfast] [--no-failfast]
[--do-not-clean] [--do-clean] [--loglevel LEVEL]
@ -83,9 +84,11 @@ You can use `python3 -m qubes.tests.run -h` to get usage information:
When running only specific tests, write their names like in log, in format:
MODULE+"/"+CLASS+"/"+FUNCTION. MODULE should omit initial "qubes.tests.".
Example: basic/TC_00_Basic/test_000_create
```
For instance, to run only the tests for the fedora-21 template, you can use the `-l` option, then filter the list:
```
[user@dom0 ~]$ python3 -m qubes.tests.run -l | grep fedora-21
network/VmNetworking_fedora-21/test_000_simple_networking
network/VmNetworking_fedora-21/test_010_simple_proxyvm
@ -108,6 +111,7 @@ For instance, to run only the tests for the fedora-21 template, you can use the
vm_qrexec_gui/TC_20_DispVM_fedora-21/test_020_gui_app
vm_qrexec_gui/TC_20_DispVM_fedora-21/test_030_edit_file
[user@dom0 ~]$ sudo -E python3 -m qubes.tests.run -v `python3 -m qubes.tests.run -l | grep fedora-21`
```
Example test run:
@ -115,11 +119,12 @@ Example test run:
Tests are also compatible with nose2 test runner, so you can use this instead:
```bash
sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd
```
This may be especially useful together with various nose2 plugins to store tests results (for example `nose2.plugins.junitxml`), to ease presenting results. This is what we use on [OpenQA].
### Unit testing inside a VM
Many unit tests will also work inside a VM. However all of the tests requiring a dedicated VM to be run (mostly the integration tests) will be skipped.
@ -132,6 +137,7 @@ its dependency [qubes-core-qrexec](https://github.com/QubesOS/qubes-core-qrexec)
The below example however will assume that you set up a build environment as described in the [Qubes Builder documentation](/doc/qubes-builder/).
Assuming you cloned the `qubes-builder` repository to your home directory inside a fedora VM, you can use the following commands to run the unit tests:
```{.bash}
cd ~
sudo dnf install python3-pip lvm2 python35 python3-virtualenv
@ -164,10 +170,11 @@ Test runs can be altered using environment variables:
- `QUBES_TEST_LOAD_ALL` - load all tests (including tests for all templates) when relevant test modules are imported; this needs to be set for test runners not supporting [load_tests protocol](https://docs.python.org/3/library/unittest.html#load-tests-protocol)
### Adding a new test to core-admin
After adding a new unit test to [core-admin/qubes/tests](https://github.com/QubesOS/qubes-core-admin/tree/master/qubes/tests) you'll have to include it in [core-admin/qubes/tests/\_\_init\_\_.py](https://github.com/QubesOS/qubes-core-admin/tree/master/qubes/tests/__init__.py)
#### Editing `__init__.py`
You'll also need to add your test at the bottom of the `__init__.py` file, in the method `def load_tests`, in the for loop with `modname`.
Again, given the hypothetical `example.py` test:
@ -237,11 +244,10 @@ class SomeTestCase(unittest.TestCase):
gc.collect()
~~~
Installation Tests with openQA
------------------------------
## Installation Tests with openQA
**URL:** <https://openqa.qubes-os.org/>
**Tests:** <https://github.com/marmarek/openqa-tests-qubesos>
Manually testing the installation of Qubes OS is a time-consuming process.
@ -258,4 +264,3 @@ Thanks to an anonymous donor, our openQA system is hosted in a datacenter on har
[unittest]: https://docs.python.org/3/library/unittest.html
[OpenQA]: http://open.qa/

15
developer/debugging/mount-lvm-image.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Mount LVM image
permalink: /doc/mount-lvm-image/
ref: 46
title: Mount LVM image
---
# How to mount LVM image
@ -26,6 +28,7 @@ From dom0 terminal:
3: Attach the device to your newly created disp VM
From the GUI, or from the command line:
```bash
[user@dom0]$ qvm-block attach NEWLY_CREATED_DISPVM dom0:$dev
```
@ -37,15 +40,19 @@ From the GUI, or from the command line:
```
5: Umount and kill the VM
```
```bash
[user@dispXXXX]$ umount /mnt/
```
6: Remove the image from qubesdb
```
```bash
[user@dom0]$ qubesdb-rm /qubes-block-devices/$dev/
```
# References
https://github.com/QubesOS/qubes-issues/issues/4687#issuecomment-451626625
Please consult this issue's [comment].
[comment]: https://github.com/QubesOS/qubes-issues/issues/4687#issuecomment-451626625

20
developer/debugging/profiling.md
View File

@ -1,22 +1,22 @@
---
lang: en
layout: doc
title: Profiling
permalink: /doc/profiling/
redirect_from:
- /en/doc/profiling/
- /doc/Profiling/
- /wiki/Profiling/
ref: 48
title: Profiling
---
Profiling
=========
# Profiling
This is a python profiling primer.
For the purpose of this document, `qubes-dev` is name of the domain used for postprocessing profiling stats.
Requirements
------------
## Requirements
~~~
yum install gprof2dot graphviz
@ -32,8 +32,7 @@ qvm-run -p qubes-dev 'cat ~/profiling/Upload.sh' > ~/profiling/Upload.sh
- WARNING: this will obviously be running third-party code which is not signed by ITL nor Fedora. You have been warned.
Workflow
--------
## Workflow
### Identify function responsible for some slow action
@ -43,17 +42,21 @@ You have to select the area in which you suspect less than optimal performance.
Replace
```python
def foo(self, bar):
# function content
```
with
```python
def foo(self, *args, **kwargs):
profile.runctx('self.real_foo(*args, **kwargs)', globals(), locals(),
time.strftime('/home/user/profiling/foo-%Y%m%d-%H%M%S.pstats'))
def real_foo(self, bar):
# function content
```
### Run application
@ -88,8 +91,7 @@ This creates `index.html` with all SVG graphics linked to TXT files, ready for u
make REMOTE=example.com:public_html/qubes/profiling/ upload
~~~
Example
-------
## Example
This example is from `qubes-manager` (`qubesmanager/main.py`).

5
developer/debugging/safe-remote-ttys.md
View File

@ -1,10 +1,11 @@
---
lang: en
layout: doc
title: Safe Remote Dom0 Terminals
permalink: /doc/safe-remote-ttys/
redirect_from:
- /en/doc/safe-remote-ttys/
- /doc/safe-remote-ttys/
ref: 49
title: Safe Remote Dom0 Terminals
---
Safe Remote Dom0 Terminals

25
developer/debugging/test-bench.md
View File

@ -1,27 +1,28 @@
---
lang: en
layout: doc
title: Test Bench
permalink: /doc/test-bench/
redirect_from:
- /en/doc/test-bench/
- /doc/TestBench/
- /wiki/TestBench/
ref: 44
title: Test Bench
---
Test bench for Dom0
===================
# Test bench for Dom0
This guide shows how to set up simple test bench that automatically test your code you're about to push. It is written especially for `core3` branch of `core-admin.git` repo, but some ideas are universal.
We will set up a spare machine (bare metal, not a virtual) that will be hosting our experimental Dom0. We will communicate with it via Ethernet and SSH. This tutorial assumes you are familiar with [QubesBuilder](/doc/qubes-builder/) and you have it set up and running flawlessly.
Setting up the machine
----------------------
## Setting up the machine
First, do a clean install from ISO you built or grabbed elsewhere.
You have to fix network, because it is intentionally broken. This script should reenable your network card without depending on anything else.
```bash
#!/bin/sh
# adjust this for your NIC (run lspci)
@ -53,6 +54,7 @@ You have to fix network, because it is intentionally broken. This script should
pcibind ${BDF} e1000e
dhclient
```
TODO: describe how to run this at every startup
@ -66,8 +68,7 @@ yum install openssh-server
Ensure that sudo works without password from your user account (it should by default).
Development VM
--------------
## Development VM
### SSH
@ -95,12 +96,15 @@ This step is optional, but very helpful. Put these scripts somewhere in your `${
`qtb-runtests`:
```bash
#!/bin/sh
ssh testbench python -m qubes.tests.run
```
`qtb-install`:
```bash
#!/bin/sh
TMPDIR=/tmp/qtb-rpms
@ -119,9 +123,11 @@ This step is optional, but very helpful. Put these scripts somewhere in your `${
ssh testbench sudo rpm -i --replacepkgs --replacefiles "${TMPDIR}/$(basename ${1})"
shift
done
```
`qtb-iterate`:
```bash
#!/bin/sh
set -e
@ -136,6 +142,7 @@ This step is optional, but very helpful. Put these scripts somewhere in your `${
make core-admin
qtb-install qubes-src/core-admin/rpm/x86_64/qubes-core-dom0-*.rpm
qtb-runtests
```
### Hooking git
@ -143,14 +150,18 @@ I (woju) have those two git hooks. They ensure tests are passing (or are marked
`core-admin/.git/hooks/pre-commit`: (you may retain also the default hook, here omitted for readability)
```bash
#!/bin/sh
set -e
python -c "import sys, qubes.tests.run; sys.exit(not qubes.tests.run.main())"
```
`core-admin/.git/hooks/pre-push`:
```bash
#!/bin/sh
exec qtb-iterate
```

25
developer/debugging/vm-interface.md
View File

@ -1,16 +1,17 @@
---
lang: en
layout: doc
title: VM Configuration Interface
permalink: /doc/vm-interface/
redirect_from:
- /en/doc/vm-interface/
- /doc/VMInterface/
- /doc/SystemDoc/VMInterface/
- /wiki/SystemDoc/VMInterface/
ref: 47
title: VM Configuration Interface
---
VM Configuration Interface
==========================
# VM Configuration Interface
Qubes VM have some settings set by dom0 based on VM settings. There are multiple configuration channels, which includes:
@ -19,10 +20,9 @@ Qubes VM have some settings set by dom0 based on VM settings. There are multiple
- Qubes RPC (called at VM startup, or when configuration changed)
- GUI protocol
QubesDB
--------------------
## QubesDB
### Keys exposed by dom0 to VM ###
### Keys exposed by dom0 to VM
- `/qubes-vm-type` - VM type, the same as `type` field in `qvm-prefs`. One of `AppVM`, `ProxyVM`, `NetVM`, `TemplateVM`, `HVM`, `TemplateHVM`
- `/qubes-vm-updatable` - flag whether VM is updatable (whether changes in root.img will survive VM restart). One of `True`, `False`
@ -47,7 +47,7 @@ QubesDB
- `/qubes-netvm-secondary-dns` - same as `qubes-secondary-dns` in connected VMs (only when VM serves as network backend - ProxyVM and NetVM); traffic sent to this IP on port 53 should be redirected to secondary DNS server
- `/guivm-windows-prefix` - title prefix for any window not originating from another qube. This means windows of applications running in GuiVM itself
#### Firewall rules in 3.x ####
#### Firewall rules in 3.x
QubesDB is also used to configure firewall in ProxyVMs. Rules are stored in
separate key for each target VM. Entries:
@ -63,7 +63,7 @@ VM after applying rules may signal some error, writing a message to
`/qubes-iptables-error` key. This does not exclude any other way of
communicating problems - like a popup.
#### Firewall rules in 4.x ####
#### Firewall rules in 4.x
QubesDB is also used to configure firewall in ProxyVMs. Each rule is stored as
a separate entry, grouped on target VM:
@ -117,7 +117,7 @@ Example valid rules:
- `action=drop proto=tcp specialtarget=dns` - drop DNS queries sent using TCP
- `action=drop`
### Keys set by VM for passing info to dom0 ###
### Keys set by VM for passing info to dom0
- `memory/meminfo` (**xenstore**) - used memory (updated by qubes-meminfo-writer), input information for qmemman;
- Qubes 3.x format: 6 lines (EOL encoded as `\n`), each in format "FIELD: VALUE kB"; fields: `MemTotal`, `MemFree`, `Buffers`, `Cached`, `SwapTotal`, `SwapFree`; meaning the same as in `/proc/meminfo` in Linux.
@ -130,8 +130,7 @@ Example valid rules:
- `desc` - device description (ASCII text)
- `usb-ver` - USB version (1, 2 or 3)
Qubes RPC
---------
## Qubes RPC
Services called by dom0 to provide some VM configuration:
@ -158,7 +157,6 @@ Services called by dom0 to provide some VM configuration:
Name of disk image is passed on standard input (`root`, `private`, `volatile`,
or other). This is used starting with Qubes 4.0.
Other Qrexec services installed by default:
- `qubes.Backup` - store Qubes backup. The service receives location chosen by
@ -224,7 +222,6 @@ abstraction. This will change in the future. Those tools are:
Additionally, automatic tests extensively run various commands directly in VMs. We do not plan to change that.
GUI protocol
------------
## GUI protocol
GUI initialization includes passing the whole screen dimensions from dom0 to VM. This will most likely be overwritten by qubes.SetMonitorLayout Qubes RPC call.

21
developer/debugging/windows-debugging.md
View File

@ -1,15 +1,16 @@
---
lang: en
layout: doc
title: Windows Debugging
permalink: /doc/windows-debugging/
redirect_from:
- /en/doc/windows-debugging/
- /doc/WindowsDebugging/
- /wiki/WindowsDebugging/
ref: 50
title: Windows Debugging
---
Debugging Windows HVMs
======================
# Debugging Windows HVMs
Debugging Windows code can be tricky in a virtualized environment. The guide below assumes Xen hypervisor and Windows 7 VMs.
@ -23,16 +24,19 @@ Things get complicated if you need to perform kernel debugging or troubleshoot p
- To connect both VM serial ports together you will either need [socat](http://www.dest-unreach.org/socat/) or a custom utility described later.
- To determine which dom0 pty corresponds to VM's serial port you need to read xenstore, example script below:
```bash
#!/bin/sh
id1=$(xl domid "$1-dm")
tty1=$(xenstore-read /local/domain/${id1}/device/console/3/tty)
echo $tty1
```
Pass it a running VM name and it will output the corresponding pty name.
- To connect both ptys you can use [socat](http://www.dest-unreach.org/socat/) like that:
```bash
#!/bin/sh
id1=$(xl domid "$1-dm")
@ -40,11 +44,12 @@ Things get complicated if you need to perform kernel debugging or troubleshoot p
tty1=$(xenstore-read /local/domain/${id1}/device/console/3/tty)
tty2=$(xenstore-read /local/domain/${id2}/device/console/3/tty)
socat $tty1,raw $tty2,raw
```
...but there is a catch. Xen seems to process the traffic that goes through serial ports and changes all **0x0a** bytes into **0x0d, 0x0a** pairs (newline conversion). I didn't find a way to turn that off (setting ptys to raw mode didn't change anything) and it's not mentioned anywhere on the Internet, so maybe it's something on my system. If the above script works for you then you don't need anything more in dom0.
- On the *target* system, run `bcdedit /set debug on` on the console to turn on kernel debugging. It defaults to the first serial port.
- On the *host* system, install [WinDbg](https://msdn.microsoft.com/en-us/library/windows/hardware/ff551063%28v=vs.85%29.aspx) and start the kernel debug (Ctrl-K), choose **com1** as the debug port.
- On the *host* system, install [WinDbg](http://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx) and start the kernel debug (Ctrl-K), choose **com1** as the debug port.
- Reboot the *target* VM.
- Run the above shell script in dom0.
- If everything is fine you should see the proper kernel debugging output in WinDbg. However, if you see something like that:
@ -73,6 +78,7 @@ Things get complicated if you need to perform kernel debugging or troubleshoot p
...then you're most likely a victim of the CRLF issue mentioned above. To get around it I wrote a small utility that basically does what socat would do and additionally corrects those replaced bytes in the stream. It's not pretty but it works:
```c
#include <errno.h>
#include <stdio.h>
#include <fcntl.h>
@ -182,6 +188,7 @@ Things get complicated if you need to perform kernel debugging or troubleshoot p
close(fd2);
return 0;
}
```
> This utility is a unidirectional relay so you need to run two instances to get duplex communication, like:
>
@ -214,7 +221,7 @@ Things get complicated if you need to perform kernel debugging or troubleshoot p
There are two main issues to be adopted to get all things to work in the R4.0.
## Add a virtual serial port ##
## Add a virtual serial port
Qemu in the stub domain with virtual serial port added in a recommended way (```<serial type="pty"/>```) fails to start (Could not open '/dev/hvc1': No such device). It seems like a lack of multiple xen consoles support/configuration. The only way that I have found is to attach serial port explicitly to the available console.
@ -228,15 +235,17 @@ $ gunzip stubdom-linux-rootfs.gz
$ cpio -i -d -H newc --no-absolute-filenames < stubdom-linux-rootfs
$ rm stubdom-linux-rootfs
```
2. Edit Init script to remove last loop and to add "-serial /dev/hvc0" to the qemu command line.
3. Apply changes:
```shell_session
$ find . -print0 | cpio --null -ov --format=newc | gzip -9 > ../stubdom-linux-rootfs
$ sudo mv ../stubdom-linux-rootfs /usr/lib/xen/boot
```
## Connect two consoles ##
## Connect two consoles
Run the following script:

18
developer/general/devel-books.md
View File

@ -1,29 +1,31 @@
---
lang: en
layout: doc
title: Developer Books
permalink: /doc/devel-books/
redirect_from:
- /en/doc/devel-books/
- /doc/DevelBooks/
- /wiki/DevelBooks/
ref: 32
title: Developer Books
---
Below is a list of various books that might be useful in learning some basics needed for Qubes development.
- A must-read about Xen internals:
* _[The Definitive Guide to the Xen Hypervisor](https://www.amazon.com/Definitive-Guide-Xen-Hypervisor/dp/013234971X)_, by David Chisnall
- _[The Definitive Guide to the Xen Hypervisor](https://www.amazon.com/Definitive-Guide-Xen-Hypervisor/dp/013234971X)_, by David Chisnall
- Some good books about the Linux kernel:
* _[Linux Kernel Development](https://www.amazon.com/Linux-Kernel-Development-Robert-Love/dp/0672329468)_, by Robert Love
* _[Linux Device Drivers](https://www.amazon.com/Linux-Device-Drivers-Jonathan-Corbet/dp/0596005903)_, by Jonathan Corbet
- _[Linux Kernel Development](https://www.amazon.com/Linux-Kernel-Development-Robert-Love/dp/0672329468)_, by Robert Love
- _[Linux Device Drivers](https://www.amazon.com/Linux-Device-Drivers-Jonathan-Corbet/dp/0596005903)_, by Jonathan Corbet
- Solid intro into Trusted Computing:
* _[Dynamics of a Trusted Platform](https://www.amazon.com/Dynamics-Trusted-Platform-Buildin-Grawrock/dp/1934053082)_, by David Grawrock (original Intel architect for TXT)
- _[Dynamics of a Trusted Platform](https://www.amazon.com/Dynamics-Trusted-Platform-Buildin-Grawrock/dp/1934053082)_, by David Grawrock (original Intel architect for TXT)
- Good book about GIT:
* _[Pro Git](https://git-scm.com/book/en/v2)_, by Scott Chacon and Ben Straub (complete book available free online)
- _[Pro Git](https://git-scm.com/book/en/v2)_, by Scott Chacon and Ben Straub (complete book available free online)
- Useful books about Python:
* _[Programming in Python 3](http://www.qtrac.eu/py3book.html)_, by Mark Summerfield
* _[Rapid GUI Programming with Python and Qt](http://www.qtrac.eu/pyqtbook.html)_, by Mark Summerfield
- _[Programming in Python 3](http://www.qtrac.eu/py3book.html)_, by Mark Summerfield
- _[Rapid GUI Programming with Python and Qt](http://www.qtrac.eu/pyqtbook.html)_, by Mark Summerfield
(Although note that [Qt is being replaced by GTK](/doc/usability-ux/#gnome-kde-and-xfce) in Qubes code.)

20
developer/general/doc-guidelines.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Documentation Guidelines
permalink: /doc/doc-guidelines/
redirect_from:
- /en/doc/doc-guidelines/
- /wiki/DocStyle/
- /doc/DocStyle/
ref: 30
title: Documentation Guidelines
---
# Documentation guidelines
@ -16,7 +18,6 @@ By cloning and regularly pulling from this repo, users can maintain their own up
The documentation is a community effort. Volunteers work hard trying to keep everything accurate and comprehensive.
If you notice a problem or some way it can be improved, please [edit the documentation][contribute]!
## Security
*Also see: [Should I trust this website?](/faq/#should-i-trust-this-website)*
@ -33,7 +34,6 @@ The documentation maintainer then verifies that the pull request is mechanically
If so, the documentation maintainer then merges the pull request, adds a PGP-signed tag to the latest commit (usually the merge commit), then pushes to the remote.
In cases in which another reviewer is not required, the documentation maintainer may review the pull request (in which case no signed comment is necessary, since it would be redundant with the signed tag).
## Questions, problems, and improvements
If you have a question about something you read in the documentation, please send it to the appropriate [mailing list][support].
@ -41,7 +41,6 @@ If you see that something in the documentation should be fixed or improved, plea
To report an issue with the documentation, please follow our standard [issue reporting guidelines][issue].
(If you report an issue with the documentation, you will likely be asked to address it, unless there is a clear indication in your report that you are not willing or able to do so.)
## How to contribute
Editing the documentation is easy, so if you see that a change should be made, please contribute it!
@ -113,8 +112,7 @@ If, for some reason, we can't accept your pull request, we'll post a comment exp
[![done](/attachment/wiki/doc-edit/10-done.png)](/attachment/wiki/doc-edit/10-done.png)
### How to add images
## How to add images
To add an image to a page, use the following syntax in the main document.
This will make the image a hyperlink to the image file, allowing the reader to click on the image in order to view the image by itself.
@ -127,7 +125,6 @@ Then, submit your image(s) in a separate pull request to the [qubes-attachment]
This is the only permitted way to include images.
Do not link to images on other websites.
## Organizational guidelines
### Do not duplicate documentation
@ -231,7 +228,6 @@ To foo:
Once you foo, make sure to close the baz before fooing the next bar.
## Qubes 4.0 ##
### How to Foo ###
@ -281,7 +277,6 @@ Good general content that was submitted only to one branch would effectively dis
For further discussion about version-specific documentation in Qubes, see [here][version-thread].
## Style guidelines
* Familiarize yourself with the terms defined in the [glossary]. Use these
@ -300,7 +295,6 @@ For further discussion about version-specific documentation in Qubes, see [here]
2. Using underscores (`_`) between words
3. Using all capital letters
## Markdown conventions
All the documentation is written in Markdown for maximum accessibility.
@ -328,6 +322,7 @@ When making contributions, please try to observe the following style conventions
* When writing code blocks, use [syntax highlighting](https://github.github.com/gfm/#info-string) where [possible](https://github.com/jneen/rouge/wiki/List-of-supported-languages-and-lexers) and use `[...]` for anything omitted.
* When providing command line examples:
* Tell the reader where to open a terminal (dom0 or a specific domU), and show the command along with its output (if any) in a code block, e.g.:
~~~markdown
Open a terminal in dom0 and run:
```shell_session
@ -336,10 +331,12 @@ When making contributions, please try to observe the following style conventions
Hello
```
~~~
* Precede each command with the appropriate command prompt:
At a minimum, the prompt should contain a trailing `#` (for the user `root`) or `$` (for other users) on Linux systems and `>` on Windows systems, respectively.
* Don't try to add comments inside the code block.
For example, *don't* do this:
~~~markdown
Open a terminal in dom0 and run:
```shell_session
@ -350,18 +347,17 @@ When making contributions, please try to observe the following style conventions
Hello
```
~~~
The `#` symbol preceding each comment is ambiguous with a root command prompt.
Instead, put your comments *outside* of the code block in normal prose.
([This][md] is a great source for learning about Markdown.)
## Git conventions
Please try to write good commit messages, according to the
[instructions in our coding style guidelines][git-commit].
[qubes-doc]: https://github.com/QubesOS/qubes-doc
[glossary]: /doc/glossary/
[issue]: /doc/reporting-bugs/

14
developer/general/gsoc.md
View File

@ -1,8 +1,10 @@
---
lang: en
layout: sidebar
title: Google Summer of Code
permalink: /gsoc/
redirect_from: /GSoC/
ref: 33
title: Google Summer of Code
---
2021 Google Summer of Code
@ -124,7 +126,6 @@ If applicable, links to more information or discussions
- Implementation of the above mechanism.
- Documentation how to configure it securely.
**Knowledge prerequisite**:
- shell and/or python scripting
@ -151,6 +152,7 @@ Choose either of GUI agent, GUI daemon. Both are of similar complexity and each
- implement tests for new GUI handling, similar to existing tests for X11 based GUI
Relevant links:
- [Low level GUI documentation](/doc/gui/)
- [qubes-gui-agent-linux](https://github.com/qubesos/qubes-gui-agent-linux)
- [qubes-gui-daemon](https://github.com/qubesos/qubes-gui-daemon)
@ -219,7 +221,6 @@ REMOVED as of January 2020: work is being done on this
**Mentor**: [Thomas Leonard](mailto:talex5@gmail.com), [Marek Marczykowski-Górecki](/team/)
-->
### LogVM(s)
**Project**: LogVM(s)
@ -253,14 +254,15 @@ immune to altering past entries. See
### Whonix IPv6 and nftables support
**Project**: Whonix IPv6 and nftables support
**Brief explanation**: [T509](https://phabricator.whonix.org/T509)
**Expected results**:
- Work at upstream Tor: An older version of https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy page was the origin of Whonix. Update that page for nftables / IPv6 support without mentioning Whonix. Then discuss that on the tor-talk mailing list for wider input. - https://trac.torproject.org/projects/tor/ticket/21397
- implement corridor feature request add IPv6 support / port to nftables - https://github.com/rustybird/corridor/issues/39
- Work at upstream Tor: An older version of [TransparentProxy](https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy) page was the origin of Whonix. Update that page for nftables / IPv6 support without mentioning Whonix. Then discuss that on the tor-talk mailing list for wider input. [here](https://trac.torproject.org/projects/tor/ticket/21397)
- implement corridor feature request add IPv6 support / port to nftables - [issue](https://github.com/rustybird/corridor/issues/39)
- port [whonix-firewall](https://github.com/Whonix/whonix-firewall) to nftables
- make connections to IPv6 Tor relays work
- make connections to IPv6 destinations work
@ -358,6 +360,7 @@ immune to altering past entries. See
**Mentors**: Andrew Clausen and Jean-Philippe Ouellet
### Progress towards reproducible builds
**Project**: Progress towards reproducible builds
**Brief explanation**: A long-term goal is to be able to build the entire OS and installation media in a completely bit-wise deterministic manner, but there are many baby steps to be taken along that path. See:
@ -451,6 +454,7 @@ Since it's software emulation it's rather slow.
Details, reference: [#2233](https://github.com/QubesOS/qubes-issues/issues/2233)
**Expected results**:
- a simple way of setting up Android qubes with hardware emulation
(distributed as a template or as a salt, handling various modern Android versions)
- figuring out and implementing an easy and secure way to connect an Android

5
developer/general/join.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: sidebar
title: Join
permalink: /join/
ref: 26
title: Join
---
Joining the Qubes OS Team
@ -10,4 +12,3 @@ Joining the Qubes OS Team
The Qubes OS Project does not currently have any open positions.
This page will be updated when open positions become available.
In the meantime, there are many different ways you can [contribute to the Qubes OS project](/doc/contributing/).

23
developer/general/package-contributions.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Package Contributions
permalink: /doc/package-contributions/
ref: 29
title: Package Contributions
---
Package Contributions
@ -15,6 +17,7 @@ This page explains the inclusion criteria and procedures for such packages, as w
Inclusion Criteria
------------------
In order to be accepted, packages must:
* In no way weaken the security of Qubes OS.
@ -28,6 +31,7 @@ In order to be accepted, packages must:
Contribution Procedure
----------------------
Before you start putting serious work into a package, we recommend that you discuss your idea with the Qubes developers and the broader community on the [qubes-devel mailing list].
Once you have a package that's ready to become part of Qubes OS, please follow this procedure:
@ -47,6 +51,7 @@ Once you have a package that's ready to become part of Qubes OS, please follow t
Update Procedure
----------------
*Anyone* can provide an update (patch) to a contributed package, not just the person who contributed that package!
The update procedure is the same for everyone, including the original package contributor.
@ -57,6 +62,7 @@ Please be prepared to read and respond to these comments.
Review Procedure
----------------
This review procedure covers both original package contributions (see [Contribution Procedure]) and all subsequent updates to those packages, including updates from the original package contributor (see [Update Procedure]).
All changes will be reviewed by a Qubes Core Reviewer (QCR) and the [Package Maintainer] (PM).
In all cases, the QCR will be a core Qubes developer.
@ -76,17 +82,19 @@ The review procedure is as follows:
If the pull request does not pass the QCR's review, the QCR leaves a comment on the pull request explaining why not, and the QCR may decide to close the pull request.
In all the cases, the first condition to be validated by the QCR's review is to ensure that the contribution **will not** hijack any core packages of [QubesOS] and of course, none of the [QubesOS-contrib] packages too. More precisely, particular attention to the whole build pipeline will be made with a specific review of:
- Package dependencies,
- Build scripts (including downloaded ones),
- All downloaded components should be verified against static hash,
- RPM/DEB installation scripts (e.g. looking at constraints who would hijack other packages),
- Makefiles,
- Package build [reproducible]
* Package dependencies,
* Build scripts (including downloaded ones),
* All downloaded components should be verified against static hash,
* RPM/DEB installation scripts (e.g. looking at constraints who would hijack other packages),
* Makefiles,
* Package build [reproducible]
and any steps which would result in partial/total compromise of legitimate components. For this part, you can have a look to an example package called [qubes-skeleton].
Package Maintainers
-------------------
If you contribute a package, we assume that you will be the maintainer of that package, unless you tell us otherwise.
As the maintainer of the package, it is your privilege and responsibility to:
@ -96,7 +104,6 @@ As the maintainer of the package, it is your privilege and responsibility to:
If you do not wish to be the maintainer of your package, please let us know.
If you do not act on your maintainer duties for a given package for an extended period of time and after at least one reminder, we will assume that you no longer wish to be the maintainer for that package.
[installing contributed packages]: /doc/installing-contributed-packages/
[Inclusion Criteria]: #inclusion-criteria
[Contribution Procedure]: #contribution-procedure

95
developer/general/style-guide.md
View File

@ -1,96 +1,7 @@
---
lang: en
layout: doc
title: Style-guide
permalink: /doc/style-guide/
ref: 27
title: Style-guide
---
Style Guide
===========
## Fonts
Currently Qubes OS is using the following fonts for our website, branding, and other public facing (non-OS) materials. The OS itself uses what is normal for a user's desktop environment of choice.
<div class="styleguide">
{% for font in site.data.styleguide.fonts %}
<div class="row">
<div class="col-lg-6 col-md-6 focus">
<div class="font {{font.class}}">Custom Qubes Font</div>
</div>
<div class="col-lg-6 col-md-6">
<strong>Family:</strong> {{font.family}}<br>
</div>
</div>
{% endfor %}
</div>
---
## Colors
The following **grayscale** colors are currently used on the Qubes website and documentation, and they will eventually match colors within the OS itself.
<div class="styleguide">
{% for color in site.data.styleguide.colors %}
{% if color.type == "grayscale" %}
<div class="swatch more-bottom more-right">
<div class="color add-bottom bg-{{color.class}}"></div>
<strong class="add-bottom">{{color.name}}</strong>
<code>#{{color.hex | downcase}}</code>
</div>
{% endif %}
{% endfor %}
</div>
The following **colors** are currently being used on the Qubes website and documentation, and they will eventually match the colors within the OS itself!
<div class="styleguide">
{% for color in site.data.styleguide.colors %}
{% if color.type == "colors" %}
<div class="swatch more-bottom more-right">
<div class="color add-bottom bg-{{color.class}}"></div>
<strong class="add-bottom">{{color.name}}</strong>
<code>#{{color.hex | downcase}}</code>
</div>
{% endif %}
{% endfor %}
</div>
---
## Icons
Currently, all the icons on the Qubes-OS.org website are generated using [FontAwesome](https://fontawesome.com/).
*As more custom work is done to generate icons for the operating system itself, they will be added here!*
---
## Logos
The following is a collection of various sizes and versions of the Qubes logo used both in the OS itself and on our website.
The artwork is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0).
The code is licensed under GNU GPLv2.
GPLv2 and the source code can be [downloaded here](https://github.com/QubesOS/qubes-artwork).
<div class="styleguide">
{% for logo in site.data.styleguide.logos %}
{% for version in logo.versions %}
<div class="row more-bottom">
<div class="col-lg-4 col-md-4">
<div class="focus">
<img class="logo" src="{{version.path}}{{logo.image}}">
</div>
</div>
<div class="col-lg-8 col-md-8">
<p>
<strong>Image:</strong> {{logo.image}}<br>
<strong>Size:</strong> {{version.size}}<br>
<strong>Format:</strong> {{version.format}}<br>
<strong>Download:</strong> <a href="{{version.path}}{{logo.image}}" target="_blank">this image</a>
</p>
</div>
</div>
{% endfor %}
{% endfor %}
</div>

8
developer/general/usability-ux.md
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Usability & UX
permalink: /doc/usability-ux/
ref: 31
title: Usability & UX
---
Usability & UX
==============
# Usability & UX
Software that is too complicated to use, is often unused. Because we want as many people as possible to benefit from its unique security properties, the usability and user experience of Qubes OS is an utmost priority!
@ -39,7 +40,6 @@ Perhaps the most common cause of mistakes is complexity. If there is a configura
In making software easy to use, it is crucial to be mindful of [cognitive load](https://en.wikipedia.org/wiki/Cognitive_load) which dictates that *"humans are generally able to hold only seven +/- two units of information in short-term memory."* Making sure your interfaces don't pass this short-term memory limit is perhaps the most important factor in helping a user feel comfortable instead of overwhelmed.
---
## Easy to Understand

56
developer/releases/1.0/release-notes.md
View File

@ -1,56 +0,0 @@
---
layout: doc
title: Qubes R1.0 Release Notes
permalink: /doc/releases/1.0/release-notes/
redirect_from:
- /en/doc/releases/1.0/release-notes/
---
Qubes R1.0 Release Notes
========================
Detailed release notes in [this blog post](https://blog.invisiblethings.org/2012/09/03/introducing-qubes-10.html).
Known issues
------------
- Installer might not support some USB keyboards (\#230). This seems to include all the Mac Book keyboards (most PC laptops have PS2 keyboards and are not affected).
- If you don't enable Composition (System Setting -\> Desktop -\> Enable desktop effects), which you really should do, then the KDE task bar might get ugly (e.g. half of it might be black). This is some KDE bug that we don't plan to fix.
- Some keyboard layout set by KDE System Settings can cause [keyboard not working at all](https://groups.google.com/group/qubes-devel/browse_thread/thread/77d076b65dda7226). If you hit this issue, you can switch to console (by console login option) and manually edit `/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf` (and `/etc/sysconfig/keyboard`) and place correct keyboard layout settings (details in linked thread). You can check if specific keyboard layout settings are proper using `setxkbmap` tool.
- On systems with more than 8GB of RAM there is problem with DisposableVM. To fix it, limit maximum memory allocation for DispVM to 3GB
~~~
qvm-prefs -s fedora-17-x64-dvm maxmem 3072
qvm-create-default-dvm --default-template --default-script
~~~
- On some systems the KDE Window Manager might freeze upon resuming from S3 sleep when compositing is enabled (and the only method to log in to the system if this happens is to switch to a text console, enter your user's password, kill the kwin process, go back to the Xorg console, log in, and start a new instance of kwin using Konsole application :) If you experience such problems, make sure to disable compositing before putting the system into sleep by pressing Alt-Ctrl-F12 (and then enabling it back once you log in after resume) -- this way you should never see this problem again.
Downloads
---------
See [Qubes Downloads](/doc/QubesDownloads/).
Installation instructions
-------------------------
See [Installation Guide](/doc/installation-guide/).
Upgrading
---------
### From Qubes 1.0-rc1
If you're already running Qubes 1.0-rc1, you don't need to reinstall, it's just enough to update the packages in your Dom0 and the template VM(s). The easiest way for doing this is to click on the Update Button in the Qubes Manger -- one click when you selected Dom0, and one click for each of your template VM (by default there is just one template).
### From Qubes 1.0 Beta 3
If you have Qubes Beta 3 currently installed on your system, you must reinstall from scratch, as we offer no direct upgrade option in the installer (sorry). However, we do offer tools for smooth migration of your AppVMs. In order to do that, please backup your AppVMs using the `qvm-backup` tool [as usual](/doc/backup-restore/). Then, after you install Qubes 1.0 rc1, you can restore them using `qvm-backup-restore` tool. However, because we have changed the default template in RC1, you should tell qvm-back-restore about that by passing `--replace-template` option:
~~~
qvm-backup-restore <backup_dir> --replace-template=fedora-15-x64:fedora-17-x64
~~~

52
developer/releases/1_0/release-notes.md Normal file
View File

@ -0,0 +1,52 @@
---
lang: en
layout: doc
permalink: /doc/releases/1.0/release-notes/
redirect_from:
- /en/doc/releases/1.0/release-notes/
ref: 18
title: Qubes R1.0 Release Notes
---
# Qubes R1.0 Release Notes
Detailed release notes in [this blog post](https://blog.invisiblethings.org/2012/09/03/introducing-qubes-10.html).
## Known issues
- Installer might not support some USB keyboards (\#230). This seems to include all the Mac Book keyboards (most PC laptops have PS2 keyboards and are not affected).
- If you don't enable Composition (System Setting -\> Desktop -\> Enable desktop effects), which you really should do, then the KDE task bar might get ugly (e.g. half of it might be black). This is some KDE bug that we don't plan to fix.
- Some keyboard layout set by KDE System Settings can cause [keyboard not working at all](https://groups.google.com/group/qubes-devel/browse_thread/thread/77d076b65dda7226). If you hit this issue, you can switch to console (by console login option) and manually edit `/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf` (and `/etc/sysconfig/keyboard`) and place correct keyboard layout settings (details in linked thread). You can check if specific keyboard layout settings are proper using `setxkbmap` tool.
- On systems with more than 8GB of RAM there is problem with DisposableVM. To fix it, limit maximum memory allocation for DispVM to 3GB
~~~
qvm-prefs -s fedora-17-x64-dvm maxmem 3072
qvm-create-default-dvm --default-template --default-script
~~~
- On some systems the KDE Window Manager might freeze upon resuming from S3 sleep when compositing is enabled (and the only method to log in to the system if this happens is to switch to a text console, enter your user's password, kill the kwin process, go back to the Xorg console, log in, and start a new instance of kwin using Konsole application :) If you experience such problems, make sure to disable compositing before putting the system into sleep by pressing Alt-Ctrl-F12 (and then enabling it back once you log in after resume) -- this way you should never see this problem again.
## Downloads
See [Qubes Downloads](/doc/QubesDownloads/).
## Installation instructions
See [Installation Guide](/doc/installation-guide/).
## Upgrading
### From Qubes 1.0-rc1
If you're already running Qubes 1.0-rc1, you don't need to reinstall, it's just enough to update the packages in your Dom0 and the template VM(s). The easiest way for doing this is to click on the Update Button in the Qubes Manger -- one click when you selected Dom0, and one click for each of your template VM (by default there is just one template).
### From Qubes 1.0 Beta 3
If you have Qubes Beta 3 currently installed on your system, you must reinstall from scratch, as we offer no direct upgrade option in the installer (sorry). However, we do offer tools for smooth migration of your AppVMs. In order to do that, please backup your AppVMs using the `qvm-backup` tool [as usual](/doc/backup-restore/). Then, after you install Qubes 1.0 rc1, you can restore them using `qvm-backup-restore` tool. However, because we have changed the default template in RC1, you should tell qvm-back-restore about that by passing `--replace-template` option:
~~~
qvm-backup-restore <backup_dir> --replace-template=fedora-15-x64:fedora-17-x64
~~~

34
developer/releases/2.0/release-notes.md → developer/releases/2_0/release-notes.md
View File

@ -1,18 +1,18 @@
---
lang: en
layout: doc
title: Qubes R2.0 Release Notes
permalink: /doc/releases/2.0/release-notes/
redirect_from:
- /en/doc/releases/2.0/release-notes/
ref: 25
title: Qubes R2.0 Release Notes
---
Qubes R2.0 Release Notes
========================
# Qubes R2.0 Release Notes
Detailed release notes in [this blog post](https://blog.invisiblethings.org/2014/09/26/announcing-qubes-os-release-2.html)
New features since 1.0
----------------------
## New features since 1.0
* Support for generic fully virtualized VMs (without qemu in the TCB!)
* Support for Windows-based AppVMs integration (clipboard, file exchange, qrexec, pv drivers)
@ -28,35 +28,31 @@ New features since 1.0
* Support for dynamic screen resolution change
* Dom0 distribution upgraded to Fedora 20
Known issues
------------
## Known issues
- On some graphics cards the Xfce4 Window Manager (one of the two supported Dom0 Windows Managers in Qubes R2, the other being KDE) might behave "strangely", e.g. decorations might not be drawn sometimes. Also the accompanying lightdm login manager might incorrectly display the wallpaper. If you're facing those problems, it's advisable to use the KDE Window Manager and kdm instead of Xfce4 and lightdm (this is default if one chooses the KDE only installation option in the installer).
* On some graphics cards the Xfce4 Window Manager (one of the two supported Dom0 Windows Managers in Qubes R2, the other being KDE) might behave "strangely", e.g. decorations might not be drawn sometimes. Also the accompanying lightdm login manager might incorrectly display the wallpaper. If you're facing those problems, it's advisable to use the KDE Window Manager and kdm instead of Xfce4 and lightdm (this is default if one chooses the KDE only installation option in the installer).
- Some icons in the Qubes Manager application might not be drawn correctly when using the Xfce4 environment in Dom0. If this bothers you, please use the KDE environment instead.
* Some icons in the Qubes Manager application might not be drawn correctly when using the Xfce4 environment in Dom0. If this bothers you, please use the KDE environment instead.
- If your GPU is not correctly supported by the Dom0 kernel (e.g. the 3D desktop effects do not run smoothly) then you might experience "heaviness" with Windows 7-based AppVMs. In that case, please solve the problem with your GPU support in Dom0 in the first place (by using a different kernel), or install Qubes OS on a different system.
* If your GPU is not correctly supported by the Dom0 kernel (e.g. the 3D desktop effects do not run smoothly) then you might experience "heaviness" with Windows 7-based AppVMs. In that case, please solve the problem with your GPU support in Dom0 in the first place (by using a different kernel), or install Qubes OS on a different system.
- Under some circumstances, Qubes backup can create broken backup, without any visible message (\#902). It is advisable to verify a backup to spot the problem. If you encounter this problem, backup VM directory manually.
* Under some circumstances, Qubes backup can create broken backup, without any visible message (\#902). It is advisable to verify a backup to spot the problem. If you encounter this problem, backup VM directory manually.
- System shutdown sometimes is very slow (\#903). To mitigate the problem, shutdown all the VMs first.
* System shutdown sometimes is very slow (\#903). To mitigate the problem, shutdown all the VMs first.
- For other known issues take a look at [our trac tickets](https://wiki.qubes-os.org/query?status=accepted&status=assigned&status=new&status=reopened&type=defect&milestone=Release+2.1+(post+R2)&col=id&col=summary&col=status&col=type&col=priority&col=milestone&col=component&order=priority)
* For other known issues take a look at [our trac tickets](https://wiki.qubes-os.org/query?status=accepted&status=assigned&status=new&status=reopened&type=defect&milestone=Release+2.1+(post+R2)&col=id&col=summary&col=status&col=type&col=priority&col=milestone&col=component&order=priority)
It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems.
Downloads
---------
## Downloads
See [Qubes Downloads](/doc/QubesDownloads/).
Installation instructions
-------------------------
## Installation instructions
See [Installation Guide](/doc/installation-guide/).
Upgrading
---------
## Upgrading
### From Qubes R2 rc1

23
developer/releases/3.0/release-notes.md → developer/releases/3_0/release-notes.md
View File

@ -1,18 +1,18 @@
---
lang: en
layout: doc
title: Qubes R3.0 Release Notes
permalink: /doc/releases/3.0/release-notes/
redirect_from:
- /en/doc/releases/3.0/release-notes/
ref: 19
title: Qubes R3.0 Release Notes
---
Qubes R3.0 Release Notes
========================
### Qubes R3.0 Release Notes
This Qubes OS release is dedicated to the memory of Caspar Bowden.
New features since 2.0
----------------------
## New features since 2.0
* HAL (Hypervisor Abstraction Layer) - based on libvirt, opens a whole new
possibilities of using different hypervisors. Currently Qubes OS uses Xen.
@ -27,8 +27,7 @@ New features since 2.0
templates using DispVM.
* Automated tests - makes much easier to find bugs, before its even shipped to users
Known issues
------------
## Known issues
* Windows Tools: `qvm-block` does not work
@ -42,18 +41,15 @@ Known issues
It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems.
Downloads
---------
## Downloads
See [Qubes Downloads](/doc/QubesDownloads/).
Installation instructions
-------------------------
## Installation instructions
See [Installation Guide](/doc/installation-guide/).
Upgrading
---------
## Upgrading
### From R3.0 release candidate
@ -64,4 +60,3 @@ If you are using Qubes R3.0rc1, R3.0rc2 or R3.0rc3, just install system updates,
The easiest and safest way to upgrade to Qubes R3.0 is to install it from scratch and use [qubes backup and restore tools](/doc/backup-restore/) for migrating of all of the user VMs.
Users of Qubes R2 can upgrade using [experimental procedure](/doc/upgrade-to-r3.0/).

4
developer/releases/3.0/schedule.md → developer/releases/3_0/schedule.md
View File

@ -1,9 +1,11 @@
---
lang: en
layout: doc
title: Qubes R3.0 Release Schedule
permalink: /doc/releases/3.0/schedule/
redirect_from:
- /en/doc/releases/3.0/schedule/
ref: 20
title: Qubes R3.0 Release Schedule
---
Qubes R3.0 Release Schedule

22
developer/releases/3.1/release-notes.md → developer/releases/3_1/release-notes.md
View File

@ -1,14 +1,14 @@
---
lang: en
layout: doc
title: Qubes R3.1 release notes
permalink: /doc/releases/3.1/release-notes/
ref: 16
title: Qubes R3.1 release notes
---
Qubes R3.1 release notes
========================
# Qubes R3.1 release notes
New features since 3.0
----------------------
## New features since 3.0
* Management Stack based of Salt Stack in dom0 - [documentation][salt-doc]
* Out of the box Whonix setup
@ -23,8 +23,7 @@ New features since 3.0
You can get detailed description in [completed github issues][github-release-notes]
Known issues
------------
## Known issues
* Installation image does not fit on DVD, requires either DVD DL, or USB stick (5GB or more)
@ -38,18 +37,15 @@ Known issues
It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems.
Downloads
---------
## Downloads
See [Qubes Downloads](/downloads/).
Installation instructions
-------------------------
## Installation instructions
See [Installation Guide](/doc/installation-guide/).
Upgrading
---------
## Upgrading
### From R3.0

6
developer/releases/3.1/schedule.md → developer/releases/3_1/schedule.md
View File

@ -1,9 +1,11 @@
---
lang: en
layout: doc
title: Qubes R3.1 Release Schedule
permalink: /doc/releases/3.1/schedule/
redirect_from:
- /en/doc/releases/3.1/schedule/
ref: 17
title: Qubes R3.1 Release Schedule
---
Qubes R3.1 Release Schedule
@ -18,4 +20,4 @@ This schedule is based on [Version Scheme](/doc/version-scheme/#release-schedule
| 12 Jan 2016 | 3.1-rc2 release |
| 26 Jan 2016 | decide whether 3.1-rc2 is the final 3.1 |
| 9 Feb 2016 | current-testing freeze before 3.1-rc3 |
| <strike>16 Feb 2016</strike><br/>23 Feb 2016 | 3.1-rc3 release |
| ~~16 Feb 2016~~ <br/> 23 Feb 2016 | 3.1-rc3 release |

22
developer/releases/3.2/release-notes.md → developer/releases/3_2/release-notes.md
View File

@ -1,14 +1,14 @@
---
lang: en
layout: doc
title: Qubes R3.2 release notes
permalink: /doc/releases/3.2/release-notes/
ref: 21
title: Qubes R3.2 release notes
---
Qubes R3.2 release notes
========================
# Qubes R3.2 release notes
New features since 3.1
----------------------
## New features since 3.1
* Management Stack extended to support in-VM configuration - [documentation][salt-doc]
* PV USB - [documentation][usb]
@ -21,8 +21,7 @@ New features since 3.1
You can get detailed description in [completed github issues][github-release-notes]
Known issues
------------
## Known issues
* [Fedora 23 reached EOL in December 2016](https://fedoraproject.org/wiki/End_of_life). There is a [manual procedure to upgrade your VMs](/news/2018/01/06/fedora-26-upgrade/).
@ -34,19 +33,16 @@ Known issues
It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems.
Downloads
---------
## Downloads
See [Qubes Downloads](/downloads/).
Installation instructions
-------------------------
## Installation instructions
See [Installation Guide](/doc/installation-guide/).
After installation, [manually upgrade to Fedora 26](/news/2018/01/06/fedora-26-upgrade/).
Upgrading
---------
## Upgrading
### From R3.1

10
developer/releases/3.2/schedule.md → developer/releases/3_2/schedule.md
View File

@ -1,9 +1,11 @@
---
lang: en
layout: doc
title: Qubes R3.2 Release Schedule
permalink: /doc/releases/3.2/schedule/
redirect_from:
- /en/doc/releases/3.2/schedule/
ref: 22
title: Qubes R3.2 Release Schedule
---
Qubes R3.2 Release Schedule
@ -15,9 +17,9 @@ This schedule is based on [Version Scheme](/doc/version-scheme/#release-schedule
| -----------:| --------------------------------------- |
| 18 Jun 2016 | 3.2-rc1 release |
| 2 Jul 2016 | decide whether 3.2-rc1 is the final 3.2 |
| <strike>16 Jul 2016</strike><br/>20 Jul 2016 | current-testing freeze before 3.2-rc2 |
| <strike>23 Jul 2016</strike><br/>27 Jul 2016 | 3.2-rc2 release |
| <strike> 5 Aug 2016</strike><br/> 9 Aug 2016 | decide whether 3.2-rc2 is the final 3.2 |
| ~~16 Jul 2016~~ <br/> 20 Jul 2016 | current-testing freeze before 3.2-rc2 |
| ~~23 Jul 2016~~ <br/> 27 Jul 2016 | 3.2-rc2 release |
| ~~5 Aug 2016~~ <br/> 9 Aug 2016 | decide whether 3.2-rc2 is the final 3.2 |
| 24 Aug 2016 | current-testing freeze before 3.2-rc3 |
| 31 Aug 2016 | 3.2-rc3 release |
| 29 Sep 2016 | 3.2 release |

5
developer/releases/4.0/release-notes.md → developer/releases/4_0/release-notes.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Qubes R4.0 release notes
permalink: /doc/releases/4.0/release-notes/
ref: 23
title: Qubes R4.0 release notes
---
Qubes R4.0 release notes
@ -103,7 +105,6 @@ supported option to upgrade to Qubes R4.0 is to install it from scratch and use
[qubes backup and restore tools][backup] for migrating of all of the user VMs.
We also provide [detailed instruction][upgrade-to-r4.0] for this procedure.
[backup]: /doc/backup-restore/
[github-release-notes]: https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+milestone%3A%22Release+4.0%22+label%3Arelease-notes+is%3Aclosed
[custom-ip]: https://github.com/QubesOS/qubes-issues/issues/1477

14
developer/releases/4.0/schedule.md → developer/releases/4_0/schedule.md
View File

@ -1,9 +1,11 @@
---
lang: en
layout: doc
title: Qubes R4.0 Release Schedule
permalink: /doc/releases/4.0/schedule/
redirect_from:
- /en/doc/releases/4.0/schedule/
ref: 24
title: Qubes R4.0 Release Schedule
---
Qubes R4.0 Release Schedule
@ -14,15 +16,15 @@ This schedule is based on [Version Scheme](/doc/version-scheme/#release-schedule
| Date | Stage |
| -----------:| --------------------------------------- |
| 31 Jul 2017 | 4.0-rc1 release |
| <strike>28 Aug 2017</strike><br/><strike>11 Sep 2017</strike><br/><strike>9 Oct 2017</strike><br/>18 Oct 2017 | current-testing freeze before 4.0-rc2 |
| <strike> 4 Sep 2017</strike><br/><strike>18 Sep 2017</strike><br/><strike>16 Oct 2017</strike><br/>23 Oct 2017 | 4.0-rc2 release |
| 6 Nov 2017 | decide whether 4.0-rc2 is the final 4.0 |
| ~~28 Aug 2017~~ <br/>~~11 Sep 2017~~ <br/>~~9 Oct 2017~~ <br/>18 Oct 2017 | current-testing freeze before 4.0-rc2 |
| ~~4 Sep 2017~~ <br/> ~~18 Sep 2017~~ <br/>~~16 Oct 2017~~ <br/>23 Oct 2017 | 4.0-rc2 release |
| 6 Nov 2017 | decide whether 4.0-rc2 is the final 4
| 20 Nov 2017 | current-testing freeze before 4.0-rc3 |
| 27 Nov 2017 | 4.0-rc3 release |
| 11 Dec 2017 | decide whether 4.0-rc3 is the final 4.0 |
| 1 Jan 2018 | current-testing freeze before 4.0-rc4 |
| <strike>8 Jan 2018</strike><br/>31 Jan 2018 | 4.0-rc4 release |
| <strike>22 Jan 2018</strike><br/>14 Feb 2018 | decide whether 4.0-rc4 is the final 4.0 |
| ~~8 Jan 2018~~ <br/>31 Jan 2018 | 4.0-rc4 release |
| ~~22 Jan 2018~~ <br/>14 Feb 2018 | decide whether 4.0-rc4 is the final 4.0 |
| 27 Feb 2018 | current-testing freeze before 4.0-rc5 |
| 6 Mar 2018 | 4.0-rc5 release |
| 20 Mar 2018 | decide whether 4.0-rc5 is the final 4.0 |

5
developer/releases/notes.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Release Notes
permalink: /doc/releases/notes/
ref: 13
title: Release Notes
---
Release Notes
@ -13,4 +15,3 @@ Release Notes
* [Qubes R3.1 release notes](/doc/releases/3.1/release-notes/)
* [Qubes R3.2 release notes](/doc/releases/3.2/release-notes/)
* [Qubes R4.0 release notes](/doc/releases/4.0/release-notes/)

5
developer/releases/schedules.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Release Schedules
permalink: /doc/releases/schedules/
ref: 15
title: Release Schedules
---
Release Schedules
@ -11,4 +13,3 @@ Release Schedules
* [Qubes R3.1 release schedule](/doc/releases/3.1/schedule/)
* [Qubes R3.2 release schedule](/doc/releases/3.2/schedule/)
* [Qubes R4.0 release schedule](/doc/releases/4.0/schedule/)

7
developer/releases/todo.md
View File

@ -1,9 +1,11 @@
---
lang: en
layout: doc
title: Release Checklist
permalink: /doc/releases/todo/
redirect_from:
- /en/doc/releases/todo/
ref: 14
title: Release Checklist
---
Release Checklist
@ -13,6 +15,7 @@ Release Checklist
On -rc1
-------
* write schedule
* create package repositories (linux-yum, linux-deb)
* update repository definition (core-agent-linux, installer-qubes-os/qubes-release)
@ -24,6 +27,7 @@ On -rc1
On subsequent -rc
-----------------
* push packages to `current`
* update release notes
* build ISO and push to mirrors
@ -31,6 +35,7 @@ On subsequent -rc
On final release
----------------
* push packages to `current`
* finish release notes
* update InstallationInstructions

6
developer/services/admin-api.md
View File

@ -1,12 +1,14 @@
---
lang: en
layout: doc-full
title: Admin API
permalink: /doc/admin-api/
redirect_from:
- /doc/mgmt/
- /doc/mgmt1/
- /doc/mgmt-architecture/
- /doc/admin-api-architecture/
ref: 36
title: Admin API
---
# Qubes OS Admin API
@ -165,7 +167,6 @@ Method `admin.vm.Stats` returns `vm-stats` events every `stats_interval` seconds
- `cpu_time` - absolute CPU time (in milliseconds) spent by the VM since its startup, normalized for one CPU
- `cpu_usage` - CPU usage in percents
## Returned messages
First byte of a message is a message type. This is 8 bit non-zero integer.
@ -329,6 +330,7 @@ The changes are validated before saving, so that the policy cannot end up in an
invalid state (e.g. syntax error, missing include file).
In addition, there is a mechanism to prevent concurrent modifications of the policy files:
- A `*.Get` call returns a file along with a *token* (currently implemented as
a hash of the file).
- When calling `Replace` or `Remove`, you need to include the current token as

4
developer/services/dom0-secure-updates.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Dom0 Secure Updates
permalink: /doc/dom0-secure-updates/
redirect_from:
- /en/doc/dom0-secure-updates/
- /doc/Dom0SecureUpdates/
- /wiki/Dom0SecureUpdates/
ref: 43
title: Dom0 Secure Updates
---
Qubes Dom0 secure update procedure

4
developer/services/dvm-impl.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: DVMimpl
permalink: /doc/dvm-impl/
redirect_from:
- /en/doc/dvm-impl/
- /doc/DVMimpl/
- /wiki/DVMimpl/
ref: 34
title: DVMimpl
---
DisposableVM implementation in Qubes

4
developer/services/qfilecopy.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Qfilecopy
permalink: /doc/qfilecopy/
redirect_from:
- /en/doc/qfilecopy/
- /doc/Qfilecopy/
- /wiki/Qfilecopy/
ref: 35
title: Qfilecopy
---
InterVM file copy design

5
developer/services/qfileexchgd.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Qfileexchgd
permalink: /doc/qfileexchgd/
redirect_from:
- /en/doc/qfileexchgd/
- /doc/Qfileexchgd/
- /wiki/Qfileexchgd/
ref: 40
title: Qfileexchgd
---
**This mechanism is obsolete as of Qubes Beta 1!**
@ -54,4 +56,3 @@ In order to minimize attack surface presented by necessity to process virtual pe
2. *qfilexchgd* sees that "send" argument=="disposable", and creates a new DisposableVM by calling */usr/lib/qubes/qubes\_restore*. It adds the new DisposableVM to qubesDB via qvm\_collection.add\_new\_disposablevm. Then it attaches the virtual pendrive (previously attached as `/dev/xvdg` at AppVM1) as `/dev/xvdh` in DisposableVM.
3. In DisposableVM, *qubes\_add\_pendrive\_script* sees non-zero `qubes_transaction_seq` key in xenstore, and instead processing the virtual pendrive as in the case of normal copy, treats it as DVM transaction (a request, because we run in DisposableVM). It retrieves the body of the file passed in `/dev/xvdh`, copies to /tmp, and runs *mime-open* utility to open appropriate executable to edit it. When *mime-open* returns, if the file was modified, it is sent back to AppVM1 (by writing "send AppVM1 SEQ" to `device/qpen` xenstore key). Then DisposableVM destroys itself.
4. In AppVM1, a new `/dev/xvdh` appears (because DisposableVM has sent it). *qubes\_add\_pendrive\_script* sees non-zero `qubes_transaction_seq` key, and treats it as DVM transaction (a response, because we run in AppVM, not DisposableVM). It retrieves the filename from `/home/user/.dvm/SEQ`, and copies data from `/dev/xvdh` to it.

5
developer/services/qmemman.md
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Qmemman
permalink: /doc/qmemman/
redirect_from:
- /en/doc/qmemman/
- /doc/Qmemman/
- /wiki/Qmemman/
ref: 41
title: Qmemman
---
qmemman, Qubes memory manager
@ -75,7 +77,6 @@ Whenever *qmemman* is asked to return X megabytes of memory to Xen free pool, th
4. wait BALOON\_DELAY (0.1s)
5. if some domain have not given back any memory, remove it from the donors list, and go to step 2, unless we already did MAX\_TRIES (20) iterations (then return error).
Notes
-----

36
developer/services/qrexec-internals.md
View File

@ -1,12 +1,14 @@
---
lang: en
layout: doc
title: "Qrexec: Qubes RPC internals"
permalink: /doc/qrexec-internals/
redirect_from:
- /doc/qrexec3-implementation/
- /en/doc/qrexec3-implementation/
- /doc/Qrexec3Implementation/
- /wiki/Qrexec3Implementation/
ref: 39
title: 'Qrexec: Qubes RPC internals'
---
# Qubes RPC internals
@ -32,6 +34,7 @@ These tools are not designed to be used by users directly.
One instance is required for every active domain.
`qrexec-daemon` is responsible for both:
- handling execution and service requests from **dom0** (source: `qrexec-client`); and
- handling service requests from the associated domain (source: `qrexec-client-vm`, then `qrexec-agent`).
@ -39,9 +42,9 @@ Command line usage:
`qrexec-daemon domain-id domain-name [default user]`
* `domain-id`: Numeric Qubes ID assigned to the associated domain.
* `domain-name`: Associated domain name.
* `default user`: Optional. If passed, `qrexec-daemon` uses this user as default for all execution requests that don't specify one.
- `domain-id`: Numeric Qubes ID assigned to the associated domain.
- `domain-name`: Associated domain name.
- `default user`: Optional. If passed, `qrexec-daemon` uses this user as default for all execution requests that don't specify one.
### qrexec-client
@ -51,11 +54,11 @@ Used to pass execution and service requests to `qrexec-daemon`.
Command line usage:
* `-d target-domain-name`: Specifies the target for the execution/service request.
* `-l local-program`: Optional. If present, `local-program` is executed and its stdout/stdin are used when sending/receiving data to/from the remote peer.
* `-e`: Optional. If present, stdout/stdin are not connected to the remote peer. Only process creation status code is received.
* `-c <request-id,src-domain-name,src-domain-id>`: used for connecting a VM-VM service request by `qrexec-policy`. Details described below in the service example.
* `cmdline`: Command line to pass to `qrexec-daemon` as the execution/service request. Service request format is described below in the service example.
- `-d target-domain-name`: Specifies the target for the execution/service request.
- `-l local-program`: Optional. If present, `local-program` is executed and its stdout/stdin are used when sending/receiving data to/from the remote peer.
- `-e`: Optional. If present, stdout/stdin are not connected to the remote peer. Only process creation status code is received.
- `-c <request-id,src-domain-name,src-domain-id>`: used for connecting a VM-VM service request by `qrexec-policy`. Details described below in the service example.
- `cmdline`: Command line to pass to `qrexec-daemon` as the execution/service request. Service request format is described below in the service example.
## VM tools implementation
@ -65,8 +68,9 @@ Command line usage:
One instance runs in each active domain.
Responsible for:
* Handling service requests from `qrexec-client-vm` and passing them to connected `qrexec-daemon` in dom0.
* Executing associated `qrexec-daemon` execution/service requests.
- Handling service requests from `qrexec-client-vm` and passing them to connected `qrexec-daemon` in dom0.
- Executing associated `qrexec-daemon` execution/service requests.
The `qrexec-agent` command takes no parameters.
@ -81,26 +85,30 @@ Command line usage:
`qrexec-client-vm target-domain-name service-name local-program [local program arguments]`
* `target-domain-name`: Target domain for the service request. Source is the current domain.
* `service-name`: Requested service name.
* `local-program`: `local-program` is executed locally and its stdin/stdout are connected to the remote service endpoint.
- `target-domain-name`: Target domain for the service request. Source is the current domain.
- `service-name`: Requested service name.
- `local-program`: `local-program` is executed locally and its stdin/stdout are connected to the remote service endpoint.
## Qrexec protocol details
The qrexec protocol is message-based.
All messages share a common header followed by an optional data packet.
```c
/* uniform for all peers, data type depends on message type */
struct msg_header {
uint32_t type; /* message type */
uint32_t len; /* data length */
};
```
When two peers establish connection, the server sends `MSG_HELLO` followed by `peer_info` struct:
```c
struct peer_info {
uint32_t version; /* qrexec protocol version */
};
```
The client then should reply with its own `MSG_HELLO` and `peer_info`.
The lower of two versions define protocol used for this connection.

8
developer/services/qrexec-socket-services.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: "Qrexec: Socket-based services"
permalink: /doc/qrexec-socket-services/
ref: 42
title: 'Qrexec: Socket-based services'
---
# Qrexec: Socket-based services
@ -20,11 +22,15 @@ If the file is a Unix socket, qrexec will try to connect to it.
Before passing user input, the socket service will receive a null-terminated service descriptor, i.e. the part after `QUBESRPC`.
When running in a VM, this is:
```
<service_name> <source>\0
```
When running in dom0, it is:
```
<service_name> <source> <target_type> <target>\0
```
(The target type can be `name`, in which case target is a domain name, or `keyword`, in which the target is a keyword like `@dispvm`).

5
developer/services/qrexec.md
View File

@ -1,16 +1,17 @@
---
lang: en
layout: doc
title: "Qrexec: secure communication across domains"
permalink: /doc/qrexec/
redirect_from:
- /en/doc/qrexec3/
- /doc/Qrexec3/
- /doc/qrexec3/
- /wiki/Qrexec3/
- /doc/qrexec/
- /en/doc/qrexec/
- /doc/Qrexec/
- /wiki/Qrexec/
ref: 37
title: 'Qrexec: secure communication across domains'
---
# Qrexec: secure communication across domains

34
developer/services/qrexec2.md
View File

@ -1,12 +1,14 @@
---
lang: en
layout: doc
title: Qrexec2
permalink: /doc/qrexec2/
redirect_from:
- /doc/qrexec2-implementation/
- /en/doc/qrexec2-implementation/
- /doc/Qrexec2Implementation/
- /wiki/Qrexec2Implementation/
ref: 38
title: Qrexec2
---
# Command execution in VMs #
@ -17,7 +19,6 @@ Qubes **qrexec** is a framework for implementing inter-VM (incl. Dom0-VM)
services. It offers a mechanism to start programs in VMs, redirect their
stdin/stdout, and a policy framework to control this all.
## Qrexec basics ##
During each domain creation a process named `qrexec-daemon` is started in
@ -31,7 +32,9 @@ the stdin/stdout/stderr from this remote process will be passed to the
E.g., to start a primitive shell in a VM type the following in Dom0 console:
```shell_session
[user@dom0 ~]$ /usr/lib/qubes/qrexec-client -d <vm name> user:bash
```
The string before first semicolon specifies what user to run the command as.
@ -55,7 +58,6 @@ There is a similar command line utility available inside Linux AppVMs (note
the `-vm` suffix): `qrexec-client-vm` that will be described in subsequent
sections.
## Qubes RPC services ##
Apart from simple Dom0-\>VM command executions, as discussed above, it is
@ -90,7 +92,6 @@ themselves. Qrexec framework is careful about connecting the stdin/stdout
of the server process with the corresponding stdin/stdout of the requesting
process in the requesting VM (see example Hello World service described below).
## Qubes RPC administration ##
Besides each VM needing to provide explicit programs to serve each supported
@ -100,6 +101,7 @@ In dom0, there is a bunch of files in `/etc/qubes-rpc/policy/` directory,
whose names describe the available RPC actions; their content is the RPC
access policy database. Some example of the default services in Qubes are:
```
qubes.Filecopy
qubes.OpenInVM
qubes.ReceiveUpdates
@ -109,10 +111,13 @@ access policy database. Some example of the default services in Qubes are:
qubes.Gpg
qubes.NotifyUpdates
qubes.PdfConvert
```
These files contain lines with the following format:
```
srcvm destvm (allow|deny|ask)[,user=user_to_run_as][,target=VM_to_redirect_to]
```
You can specify `srcvm` and `destvm` by name, or by one of `$anyvm`,
`$dispvm`, `dom0` reserved keywords (note string `dom0` does not match the
@ -132,12 +137,13 @@ if still there is no policy file after prompting, the action is denied.
On the target VM, the `/etc/qubes-rpc/XYZ` must exist, containing the file
name of the program that will be invoked.
### Requesting VM-VM (and VM-Dom0) services execution ###
In a src VM, one should invoke the qrexec client via the following command:
```
/usr/lib/qubes/qrexec-client-vm <target vm name> <service name> <local program path> [local program arguments]
```
Note that only stdin/stdout is passed between RPC server and client --
notably, no cmdline argument are passed.
@ -169,7 +175,9 @@ to the policy file, which will unconditionally allow further calls for given
In order to remove such authorization, issue this command from a Dom0 terminal
(example below for `qubes.Filecopy` service):
```shell_session
sudo nano /etc/qubes-rpc/policy/qubes.Filecopy
```
and then remove any line(s) ending in "allow" (before the first `##` comment)
which are the "Yes to All" results.
@ -178,7 +186,6 @@ A user might also want to set their own policies in this section. This may
mostly serve to prevent the user from mistakenly copying files or text from
a trusted to untrusted domain, or vice-versa.
### Qubes RPC "Hello World" service ###
We will show the necessary files to create a simple RPC call that adds two
@ -186,27 +193,37 @@ integers on the target VM and returns back the result to the invoking VM.
* Client code on source VM (`/usr/bin/our_test_add_client`)
```bash
#!/bin/sh
echo $1 $2 # pass data to rpc server
exec cat >&$SAVED_FD_1 # print result to the original stdout, not to the other rpc endpoint
```
* Server code on target VM (`/usr/bin/our_test_add_server`)
```bash
#!/bin/sh
read arg1 arg2 # read from stdin, which is received from the rpc client
echo $(($arg1+$arg2)) # print to stdout - so, pass to the rpc client
```
* Policy file in dom0 (`/etc/qubes-rpc/policy/test.Add`)
```shell_session
$anyvm $anyvm ask
```
* Server path definition on target VM (`/etc/qubes-rpc/test.Add`)
```
/usr/bin/our_test_add_server
```
* To test this service, run the following in the source VM:
```
/usr/lib/qubes/qrexec-client-vm <target VM> test.Add /usr/bin/our_test_add_client 1 2
```
and we should get "3" as answer, provided dom0 policy allows the call to pass
through, which would happen after we click "Yes" in the popup that should
@ -227,7 +244,6 @@ users/app developers are always free to run more high-level RPC protocols on
top of qrexec. Care should be taken, however, to consider potential attack
surfaces that are exposed to untrusted or less trusted VMs in that case.
# Qubes RPC internals #
(*This is about the implementation of qrexec v2. For the implementation of
@ -235,7 +251,6 @@ qrexec v3, see [here](/doc/qrexec-internals/). Note that the user
API in v3 is backward compatible: qrexec apps written for Qubes R2 should
run without modification on Qubes R3.*)
## Dom0 tools implementation ##
Players:
@ -249,7 +264,6 @@ Players:
**Note:** None of the above tools are designed to be used by users.
## Linux VMs implementation ##
Players:
@ -263,7 +277,6 @@ Players:
**Note:** None of the above tools are designed to be used by
users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps.
## Windows VMs implementation ##
`%QUBES_DIR%` is the installation path (`c:\Program Files\Invisible Things
@ -280,7 +293,6 @@ Lab\Qubes OS Windows Tools` by default).
**Note:** None of the above tools are designed to be used by
users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps.
## All the pieces together at work ##
**Note:** This section is not needed to use qrexec for writing Qubes

7
developer/system/architecture.md
View File

@ -1,12 +1,14 @@
---
lang: en
layout: doc
title: Architecture
permalink: /doc/architecture/
redirect_from:
- /doc/qubes-architecture/
- /en/doc/qubes-architecture/
- /doc/QubesArchitecture/
- /wiki/QubesArchitecture/
ref: 56
title: Architecture
---
Qubes Architecture Overview
@ -18,7 +20,6 @@ Qubes implements a Security by Isolation approach. To do this, Qubes utilizes vi
Qubes lets the user define many security domains, which are implemented as lightweight Virtual Machines (VMs), or “AppVMs.” For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” AppVMs and can use the applications within those VMs just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between the AppVMs, of course.
Key Architecture features
-------------------------
@ -36,7 +37,6 @@ Key Architecture features
Please note that this document is for historical interest only.
For the latest information, please see the rest of the [System Documentation](/doc/#system).)
Qubes Core Stack
----------------
@ -73,4 +73,3 @@ And all these components are "glued together" by the Qubes Core Stack.
This diagram illustrates the location of all these components in the overall
system architecture. Unlike the other Qubes architecture diagram above, this one
takes an AppVM-centric approach.

5
developer/system/audio.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Audio Virtualization
permalink: /doc/audio-virtualization/
ref: 60
title: Audio Virtualization
---
Audio Virtualization
@ -68,4 +70,3 @@ The current status is written into QubesDB at `/audio-input/VMNAME` (where `VMNA
The lack of a key means that the `pacat-simple-vchan` for a given VM is not running.
In either version, it is exposed to the user as device of class `mic`, which can be attached to a VM (for example, using the `qvm-device mic` command).

12
developer/system/gui.md
View File

@ -1,12 +1,14 @@
---
lang: en
layout: doc
title: GUI
permalink: /doc/gui/
redirect_from:
- /en/doc/gui/
- /en/doc/gui-docs/
- /doc/GUIdocs/
- /wiki/GUIdocs/
ref: 61
title: GUI
---
Qubes GUI protocol
@ -115,7 +117,7 @@ Window manager hints and flags are described in the [Extended Window Manager Hin
Each message starts with the following header:
~~~
```c
struct msghdr {
uint32_t type;
uint32_t window;
@ -126,7 +128,7 @@ struct msghdr {
* whatever it wants! */
uint32_t untrusted_len;
};
~~~
```
This header is followed by message-specific data:
@ -279,12 +281,12 @@ Proper handling of the below messages is NOT security-critical.
Each message starts with the following header
~~~
```c
struct msghdr {
uint32_t type;
uint32_t window;
};
~~~
```
The header is followed by message-specific data:

23
developer/system/networking.md
View File

@ -1,26 +1,25 @@
---
lang: en
layout: doc
title: Networking
permalink: /doc/networking/
redirect_from:
- /doc/qubes-net/
- /en/doc/qubes-net/
- /doc/QubesNet/
- /wiki/QubesNet/
ref: 59
title: Networking
---
VM network in Qubes
===================
# VM network in Qubes
Overall description
-------------------
## Overall description
In Qubes, the standard Xen networking is used, based on backend driver in the driver domain and frontend drivers in VMs. In order to eliminate layer 2 attacks originating from a compromised VM, routed networking is used instead of the default bridging of `vif` devices and NAT is applied at each network hop. The default *vif-route* script had some deficiencies (requires `eth0` device to be up, and sets some redundant iptables rules), therefore the custom *vif-route-qubes* script is used.
The IP address of `eth0` interface in AppVM, as well as two IP addresses to be used as nameservers (`DNS1` and `DNS2`), are passed via QubesDB to AppVM during its boot (thus, there is no need for DHCP daemon in the network driver domain). `DNS1` and `DNS2` are private addresses; whenever an interface is brought up in the network driver domain, the */usr/lib/qubes/qubes\_setup\_dnat\_to\_ns* script sets up the DNAT iptables rules translating `DNS1` and `DNS2` to the newly learned real dns servers. This way AppVM networking configuration does not need to be changed when configuration in the network driver domain changes (e.g. user switches to a different WLAN). Moreover, in the network driver domain, there is no DNS server either, and consequently there are no ports open to the VMs.
Routing tables examples
-----------------------
## Routing tables examples
VM routing table is simple:
@ -40,18 +39,21 @@ Network driver domain routing table is a bit longer:
|192.168.0.0|0.0.0.0|255.255.255.0|U|1|0|0|eth0|
|0.0.0.0|192.168.0.1|0.0.0.0|UG|0|0|0|eth0|
IPv6
----
## IPv6
Starting with Qubes 4.0, there is opt-in support for IPv6 forwarding. Similar to the IPv4, traffic is routed and NAT is applied at each network gateway. This way we avoid reconfiguring every connected qube whenever uplink connection is changed, and even telling the qube what that uplink is - which may be complex when VPN or other tunneling services are employed.
The feature can be enabled on any network-providing qube, and will be propagated down the network tree, so every qube connected to it will also have IPv6 enabled.
To enable the `ipv6` feature use `qvm-features` tool and set the value to `1`. For example to enable it on `sys-net`, execute in dom0:
```
qvm-features sys-net ipv6 1
```
It is also possible to explicitly disable IPv6 support for some qubes, even if it is connected to IPv6-providing one. This can be done by setting `ipv6` feature to empty value:
```
qvm-features ipv4-only-qube ipv6 ''
```
This configuration is presented below - green qubes have IPv6 access, red one does not.
@ -64,8 +66,7 @@ Such configuration can be expressed by enabling `ipv6` feature only on some subs
Besides enabling IPv6 forwarding, standard Qubes firewall can be used to limit what network resources are available to each qube. Currently only `qvm-firewall` command support adding IPv6 rules, GUI firewall editor will have this ability later.
### Limitations ###
### Limitations
Currently only IPv4 DNS servers are configured, regardless of `ipv6` feature state. It is done this way to avoid reconfiguring all connected qubes whenever IPv6 DNS becomes available or not. Configuring qubes to always use IPv6 DNS and only fallback to IPv4 may result in relatively long timeouts and poor usability.
But note that DNS using IPv4 does not prevent to return IPv6 addresses. In practice this is only a problem for IPv6-only networks.

10
developer/system/security-critical-code.md
View File

@ -1,12 +1,14 @@
---
lang: en
layout: doc
title: Security-critical Code
permalink: /doc/security-critical-code/
redirect_from:
- /en/doc/security-critical-code/
- /doc/SecurityCriticalCode/
- /wiki/SecurityCriticalCode/
- /trac/wiki/SecurityCriticalCode/
ref: 55
title: Security-critical Code
---
Security-critical Code in Qubes OS
@ -21,7 +23,6 @@ The size of the current TCB is on the order order of hundreds of thousands of li
For more information, see [Qubes Security Goals].
Security-critical Qubes-specific Components
-------------------------------------------
@ -35,7 +36,6 @@ The following code components are security-critical in Qubes OS:
- Select Qubes RPC servers that run in Dom0: `qubes.ReceiveUpdates` and `qubes.SyncAppMenus`
- The `qubes.Filecopy` RPC server that runs in a VM (critical because it could allow one VM to compromise another if the user allows a file copy operation to be performed between them)
Security-critical Third-party Components
----------------------------------------
@ -48,7 +48,6 @@ At the current stage of the project, we cannot afford to spend the time to thoro
- The RPM program used in Dom0 for verifying signatures on dom0 updates
- Somewhat trusted: log viewing software in dom0 that parses VM-influenced logs
Attacks on Networking Components
--------------------------------
@ -61,7 +60,6 @@ Hypothetically, an adversary could compromise a NetVM, `sys-net-1`, and try to u
However, Qubes allows for the existence of more than one NetVM, so the adversary would not be able to use `sys-net-1` in order to attack VMs connected to a *different* NetVM, `sys-net-2` without also compromising `sys-net-2`.
In addition, the adversary would not be able to use `sys-net-1` (or, for that matter, `sys-net-2`) to attack VMs that have networking disabled (i.e., VMs that are not connected to any NetVM).
Buggy Code vs. Backdoored Code
------------------------------
@ -74,8 +72,6 @@ This means that we must trust at least some of the vendors that supply the code
In practice, we trust the software provided by the [Fedora Project].
This software is signed by Fedora distribution keys, so it is also critical that the tools used in domains for software updates (`dnf` and `rpm`) are trustworthy.
[Qubes Security Goals]: /security/goals/
[Fedora Project]: https://getfedora.org/
[Understanding and Preventing Data Leaks]: /doc/data-leaks/

5
developer/system/storage-pools.md
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Storage Pools
permalink: /doc/storage-pools/
ref: 57
title: Storage Pools
---
Storage Pools in Qubes
@ -32,7 +34,6 @@ When installed, the system has, as you can see from the contents of
default pool is special in R3.2. It will add `dir_path=/var/lib/qubes`
configuration value from `defaults[pool_config]`, if not overwritten.
Currently the only supported driver out of the box is `xen`. The benefit of
pools (besides that you can write your own storage driver e.g. for Btrfs) in R3.2
is that you can store your domains in multiple places.

5
developer/system/system-doc.md
View File

@ -1,6 +1,6 @@
---
lang: en
layout: doc
title: System Documentation
permalink: /doc/system-doc/
redirect_from:
- /en/doc/system-doc/
@ -8,5 +8,6 @@ redirect_from:
- /wiki/SystemDoc/
redirect_to:
- /doc/#developer-documentation
ref: 62
title: System Documentation
---

25
developer/system/template-implementation.md
View File

@ -1,15 +1,16 @@
---
lang: en
layout: doc
title: Template Implementation
permalink: /doc/template-implementation/
redirect_from:
- /en/doc/template-implementation/
- /doc/TemplateImplementation/
- /wiki/TemplateImplementation/
ref: 58
title: Template Implementation
---
Overview of VM block devices
============================
# Overview of VM block devices
Every VM has 4 block devices connected:
@ -18,8 +19,7 @@ Every VM has 4 block devices connected:
- **xvdc** volatile.img, discarded at each VM restart here is placed swap and temporal "/" modifications (see below)
- **xvdd** modules.img kernel modules and firmware
private.img (xvdb)
------------------
## private.img (xvdb)
This is mounted as /rw and here is placed all VM private data. This includes:
@ -29,8 +29,7 @@ This is mounted as /rw and here is placed all VM private data. This includes:
**Note:** Whenever a TemplateBasedVM is created, the contents of the `/home` directory of its parent TemplateVM are copied to the child TemplateBasedVM's `/home`. From that point onward, the child TemplateBasedVM's `/home` is independent from its parent TemplateVM's `/home`, which means that any subsequent changes to the parent TemplateVM's `/home` will no longer affect the child TemplateBasedVM's `/home`. Once a TemplateBasedVM has been created, any changes in its `/home`, `/usr/local`, or `/rw/config` directories will be persistent across reboots, which means that any files stored there will still be available after restarting the TemplateBasedVM. No changes in any other directories in TemplateBasedVMs persist in this manner. If you would like to make changes in other directories which *do* persist in this manner, you must make those changes in the parent TemplateVM.
modules.img (xvdd)
------------------
## modules.img (xvdd)
As the kernel is chosen in dom0, there must be some way to provide matching kernel modules to VM. Qubes kernel directory consists of 3 files:
@ -42,8 +41,7 @@ Normally kernel "package" is common for many VMs (can be set using qvm-prefs). O
There is a special case when the VM can have a custom kernel when it is updateable (StandaloneVM or TemplateVM) and the kernel is set to "none" (by qvm-prefs). In this case the VM uses the kernel from the "kernels" VM subdir and modules.img is attached as R/W device. FIXME: "none" should be renamed to "custom".
Qubes TemplateVM implementation
===============================
# Qubes TemplateVM implementation
TemplateVM has a shared root.img across all AppVMs that are based on it. This mechanism has some advantages over a simple common device connected to multiple VMs:
@ -54,8 +52,7 @@ There are two layers of the device-mapper snapshot device; the first one enables
![TemplateSharing2.png](/attachment/wiki/TemplateImplementation/TemplateSharing2.png)
Snapshot device in Dom0
-----------------------
## Snapshot device in Dom0
This device consists of:
@ -90,8 +87,7 @@ Steps performed by **qvm-revert-template-changes**:
6. Cleanup snapshot device (if nobody uses it at the moment).
7. Move *root-cow.img.old* to *root-cow.img* (overriding existing file).
Snapshot device in AppVM
------------------------
## Snapshot device in AppVM
Root device is exposed to AppVM in read-only mode. AppVM can write only in:
@ -105,8 +101,7 @@ volatile.img is divided into two partitions:
Inside of an AppVM, the root device is wrapped by the snapshot in the first partition of volatile.img. Therefore, the AppVM can write anything to its filesystem however, such changes will be discarded after a restart.
StandaloneVM
------------
## StandaloneVM
Standalone VM enables user to modify root filesystem persistently. It can be created using *--standalone* switch to *qvm-create*.

289
doc.md
View File

@ -1,6 +1,6 @@
---
layout: doc
title: Documentation
lang: en
layout: doc-index
permalink: /doc/
redirect_from:
- /en/doc/
@ -12,287 +12,6 @@ redirect_from:
- /en/help/
- /en/community/
- /community/
ref: 12
title: Documentation
---
# Qubes OS Documentation
Welcome to the Qubes OS documentation!
## Introduction
* [What is Qubes OS?](/intro/)
* [Video Tours](/video-tours/)
* [Screenshots](/screenshots/)
* [User FAQ](/faq/#users)
* [Reporting Bugs and Other Issues](/doc/reporting-bugs/)
* [Help, Support, Mailing Lists, and Forum](/support/)
* [How to Contribute](/doc/contributing/)
## Project Security
* [Security Center](/security/)
* [Security FAQ](/faq/#general--security)
* [Security Pack](/security/pack/)
* [Security Bulletins](/security/bulletins/)
* [Canaries](/security/canaries/)
* [Xen Security Advisory (XSA) Tracker](/security/xsa/)
* [Verifying Signatures](/security/verifying-signatures/)
* [Qubes PGP Keys](https://keys.qubes-os.org/keys/)
## User Documentation
Core documentation for Qubes users.
### Choosing Your Hardware
* [System Requirements](/doc/system-requirements/)
* [Certified Hardware](/doc/certified-hardware/)
* [Hardware Compatibility List (HCL)](/hcl/)
* [Hardware Testing](/doc/hardware-testing/)
### Downloading, Installing, and Upgrading Qubes
* [Downloads](/downloads/)
* [Installation Guide](/doc/installation-guide/)
* [Upgrade Guides](/doc/upgrade/)
* [Supported Versions](/doc/supported-versions/)
* [Version Scheme](/doc/version-scheme/)
* [Testing New Releases and Updates](/doc/testing/)
### Common Tasks
* [Getting Started](/getting-started/)
* [Copying and Pasting Text Between Domains](/doc/copy-paste/)
* [Copying and Moving Files Between Domains](/doc/copying-files/)
* [Copying from (and to) Dom0](/doc/copy-from-dom0/)
* [Updating Qubes OS](/doc/updating-qubes-os/)
* [Installing and Updating Software in Dom0](/doc/software-update-dom0/)
* [Installing and Updating Software in DomUs](/doc/software-update-domu/)
* [Backup, Restoration, and Migration](/doc/backup-restore/)
* [Volume Backup and Revert](/doc/volume-backup-revert/)
* [DisposableVMs](/doc/disposablevm/)
* [Block (or Storage) Devices](/doc/block-devices/)
* [USB Devices](/doc/usb-devices)
* [PCI Devices](/doc/pci-devices/)
* [Device Handling](/doc/device-handling/)
* [Optical Discs](/doc/optical-discs/)
* [Fullscreen Mode](/doc/full-screen-mode/)
### Managing Operating Systems within Qubes
* [TemplateVMs](/doc/templates/)
* [Fedora](/doc/templates/fedora/)
* [Debian](/doc/templates/debian/)
* [Minimal TemplateVMs](/doc/templates/minimal/)
* [Windows](/doc/windows/)
* [StandaloneVMs and HVMs](/doc/standalone-and-hvm/)
### Security in Qubes
* [Qubes Firewall](/doc/firewall/)
* [Understanding and Preventing Data Leaks](/doc/data-leaks/)
* [Passwordless Root Access in VMs](/doc/vm-sudo/)
* [Device Handling Security](/doc/device-handling-security/)
* [Anti Evil Maid](/doc/anti-evil-maid/)
* [Split GPG](/doc/split-gpg/)
* [U2F Proxy](/doc/u2f-proxy/)
* [YubiKey](/doc/yubi-key/)
### Advanced Configuration
* [Configuration Files](/doc/config-files/)
* [Storing AppVMs on Secondary Drives](/doc/secondary-storage/)
* [RPC Policies](/doc/rpc-policy/)
* [USB Qubes](/doc/usb-qubes/)
* [Managing VM Kernels](/doc/managing-vm-kernel/)
* [Salt Management Stack](/doc/salt/)
* [DisposableVM Customization](/doc/disposablevm-customization/)
* [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/)
* [GUI Configuration](/doc/gui-configuration/)
* [Resizing Disk Images](/doc/resize-disk-image/)
* [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/)
* [KDE](/doc/kde/)
* [i3 Window Manager](/doc/i3/)
* [awesome Window Manager](/doc/awesome/)
### Troubleshooting
* [Installation Troubleshooting](/doc/installation-troubleshooting)
* [UEFI Troubleshooting](/doc/uefi-troubleshooting/)
* [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/)
* [Application Shortcut Troubleshooting](/doc/managing-appvm-shortcuts/)
* [VM Troubleshooting](/doc/vm-troubleshooting/)
* [HVM Troubleshooting](/doc/hvm-troubleshooting/)
* [Disk Troubleshooting](/doc/disk-troubleshooting/)
* [PCI Troubleshooting](/doc/pci-troubleshooting/)
* [USB Troubleshooting](/doc/usb-troubleshooting/)
* [GUI Troubleshooting](/doc/gui-troubleshooting/)
* [Media Troubleshooting](/doc/media-troubleshooting/)
* [Firewall Troubleshooting](/doc/firewall/#firewall-troubleshooting)
* [Hardware Troubleshooting](/doc/hardware-troubleshooting/)
* [VPN Troubleshooting](/doc/vpn-troubleshooting/)
* [Update Troubleshooting](/doc/update-troubleshooting/)
### Reference Pages
* [Command-line Tools](/doc/tools/)
* [Glossary](/doc/glossary/)
* [Qubes Service Framework](/doc/qubes-service/)
* [Command Execution in VMs (and Qubes RPC)](/doc/qrexec/)
* [Deprecated Documentation](https://github.com/QubesOS/qubesos.github.io#deprecated-documentation)
## Developer Documentation
Core documentation for Qubes developers and advanced users.
### General
* [Developer FAQ](/faq/#developers)
* [Package Contributions](/doc/package-contributions/)
* [Documentation Guidelines](/doc/doc-guidelines/)
* [Community-Developed Feature Tracker](/qubes-issues/)
* [Google Summer of Code](/gsoc/)
* [Google Season of Docs](/gsod/)
* [Books for Developers](/doc/devel-books/)
* [Style Guide](/doc/style-guide/)
* [Usability & UX](/doc/usability-ux/)
### Code
* [Source Code](/doc/source-code/)
* [Software License](/doc/license/)
* [Coding Guidelines](/doc/coding-style/)
* [Code Signing](/doc/code-signing/)
### System
* [Qubes OS Architecture Overview](/doc/architecture/)
* [Security-critical Code in Qubes OS](/doc/security-critical-code/)
* [Qubes Core Admin](https://dev.qubes-os.org/projects/core-admin/en/latest/)
* [Qubes Core Admin Client](https://dev.qubes-os.org/projects/core-admin-client/en/latest/)
* [Qubes Admin API](/news/2017/06/27/qubes-admin-api/)
* [Qubes Core Stack](/news/2017/10/03/core3/)
* [Qubes GUI virtualization protocol](/doc/gui/)
* [Networking in Qubes](/doc/networking/)
* [Implementation of template sharing and updating](/doc/template-implementation/)
* [Storage Pools](/doc/storage-pools/)
* [Audio virtualization](/doc/audio-virtualization/)
### Services
* [Inter-domain file copying](/doc/qfilecopy/) (deprecates [`qfileexchgd`](/doc/qfileexchgd/))
* [Dynamic memory management in Qubes](/doc/qmemman/)
* [Implementation of DisposableVMs](/doc/dvm-impl/)
* [Dom0 secure update mechanism](/doc/dom0-secure-updates/)
* [Qrexec: secure communication across domains](/doc/qrexec/)
* [Qrexec: Qubes RPC internals](/doc/qrexec-internals/)
* [Qrexec: Socket-based services](/doc/qrexec-socket-services/)
### Debugging
* [Profiling python code](/doc/profiling/)
* [Test environment in separate machine for automatic tests](/doc/test-bench/)
* [Automated tests](/doc/automated-tests/)
* [VM-dom0 internal configuration interface](/doc/vm-interface/)
* [Debugging Windows VMs](/doc/windows-debugging/)
* [Safe Remote Dom0 Terminals](/doc/safe-remote-ttys/)
* [Mount LVM Image](/doc/mount-lvm-image/)
### Building
* [Building Qubes](/doc/qubes-builder/) (["API" Details](/doc/qubes-builder-details/))
* [Development Workflow](/doc/development-workflow/)
* [Building Qubes OS ISO](/doc/qubes-iso-building/)
* [Qubes Template Configuration Files](https://github.com/QubesOS/qubes-template-configs)
### Releases
* [Release notes](/doc/releases/notes/)
* [Release schedules](/doc/releases/schedules/)
* [Release checklist](/doc/releases/todo/)
## External Documentation
Unofficial, third-party documentation from the Qubes community and others.
For more, please see [Qubes Community Documentation](https://github.com/Qubes-Community/Contents/tree/master/docs).
### Operating System Guides
* [Template: Ubuntu](https://github.com/Qubes-Community/Contents/blob/master/docs/os/ubuntu.md)
* [Template: Whonix](https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/whonix.md)
* [Template: CentOS](https://github.com/Qubes-Community/Contents/blob/master/docs/os/centos.md)
* [Template: Gentoo](https://github.com/Qubes-Community/Contents/blob/master/docs/os/gentoo.md)
* [Pentesting](https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting.md)
* [Pentesting: BlackArch](https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/blackarch.md)
* [Pentesting: Kali](https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/kali.md)
* [Pentesting: PTF](https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/ptf.md)
* [Tips for Using Linux in an HVM](https://github.com/Qubes-Community/Contents/blob/master/docs/os/linux-hvm-tips.md)
* [Creating a NetBSD VM](https://github.com/Qubes-Community/Contents/blob/master/docs/os/netbsd.md)
### Security Guides
* [Security Guidelines](https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md)
* [Using Multi-factor Authentication with Qubes](https://github.com/Qubes-Community/Contents/blob/master/docs/security/multifactor-authentication.md)
* [How to Set Up a Split Bitcoin Wallet in Qubes](https://github.com/Qubes-Community/Contents/blob/master/docs/security/split-bitcoin.md)
* [Split dm-crypt](https://github.com/rustybird/qubes-split-dm-crypt)
* [Split SSH](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md)
* [Using OnlyKey with Qubes OS](https://docs.crp.to/qubes.html)
### Privacy Guides
* [Whonix for Privacy & Anonymity](https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/whonix.md)
* [Running Tails in Qubes](https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/tails.md)
* [Anonymizing your MAC Address](https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md)
* [Signal](https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/signal.md)
* [Reducing the fingerprint of the text-based web browser w3m](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/w3m.md)
### Configuration Guides
* [Qubes Tips and Tricks](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/tips-and-tricks.md)
* [How to set up a ProxyVM as a VPN Gateway](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md)
* [Multibooting](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multiboot.md)
* [Changing your Time Zone](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/change-time-zone.md)
* [Installing ZFS in Qubes](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/zfs.md)
* [Mutt Guide](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/mutt.md)
* [Postfix Guide](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/postfix.md)
* [Fetchmail Guide](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/fetchmail.md)
* [Creating Custom NetVMs and ProxyVMs](https://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html)
* [How to make proxy for individual tcp connection from networkless VM](https://groups.google.com/group/qubes-devel/msg/4ca950ab6d7cd11a)
* [Adding Bridge Support to the NetVM (EXPERIMENTAL)](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/network-bridge-support.md)
* [Enabling TRIM for SSD disks](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md)
* [Configuring a Network Printer](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/network-printer.md)
* [Using External Audio Devices](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/external-audio.md)
* [Rxvt Guide](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/rxvt.md)
* [Adding SSD storage cache](https://groups.google.com/d/msgid/qubes-users/a08359c9-9eb0-4d1a-ad92-a8a9bc676ea6%40googlegroups.com)
* [How to Make a Multimedia TemplateVM](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multimedia.md)
* [How to install an Nvidia driver in dom0](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/install-nvidia-driver.md)
### Customization Guides
* [Customizing Fedora minimal templates](https://github.com/Qubes-Community/Contents/blob/master/docs/customization/fedora-minimal-template-customization.md)
* [Customizing Windows 7 templates](https://github.com/Qubes-Community/Contents/blob/master/docs/customization/windows-template-customization.md)
* [Language Localization](https://github.com/Qubes-Community/Contents/blob/master/docs/customization/language-localization.md)
* [Dark Theme in Dom0 and DomU](https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dark-theme.md)
* [Safely Removing TemplateVM Packages (Example: Thunderbird)](https://github.com/Qubes-Community/Contents/blob/master/docs/customization/removing-templatevm-packages.md)
### Troubleshooting
* [Nvidia Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/nvidia-troubleshooting.md)
* [Lenovo ThinkPad Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/thinkpad-troubleshooting.md)
* [Apple MacBook Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/macbook-troubleshooting.md)
* [Sony Vaio Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/sony-vaio-tinkering.md)
* [Intel Integrated Graphics Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/intel-igfx-troubleshooting.md)
* [Multiboot Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multiboot.md#troubleshooting)
* [Application Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/application-troubleshooting.md)
* [Tails Troubleshooting](https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/tails-troubleshooting.md)
### Building Guides
* [Building a TemplateVM based on a new OS (ArchLinux example)](https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-non-fedora-template.md)
* [Building the Archlinux Template](https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-archlinux-template.md)
* [Building the Whonix Templates](https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-whonix-template.md)
* [How to compile kernels for dom0](https://groups.google.com/d/topic/qubes-users/yBeUJPwKwHM/discussion)

7
external/building-guides/building-archlinux-template.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Building Archlinux Template
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-archlinux-template.md
redirect_from:
- /doc/building-archlinux-template/
- /en/doc/building-archlinux-template/
- /doc/BuildingArchlinuxTemplate/
- /wiki/BuildingArchlinuxTemplate/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-archlinux-template.md
ref: 116
title: Building Archlinux Template
---

6
external/building-guides/building-non-fedora-template.md vendored
View File

@ -1,11 +1,13 @@
---
lang: en
layout: doc
title: Building Non-Fedora Template
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-non-fedora-template.md
redirect_from:
- /doc/building-non-fedora-template/
- /en/doc/building-non-fedora-template/
- /doc/BuildingNonFedoraTemplate/
- /wiki/BuildingNonFedoraTemplate/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-non-fedora-template.md
ref: 117
title: Building Non-Fedora Template
---

7
external/building-guides/building-whonix-template.md vendored
View File

@ -1,9 +1,10 @@
---
lang: en
layout: doc
title: Building Whonix Templates
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-whonix-template.md
redirect_from:
- /doc/building-whonix-template/
- /en/doc/building-whonix-template/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/building/building-whonix-template.md
ref: 115
title: Building Whonix Templates
---

7
external/configuration-guides/change-time-zone.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Changing your Time Zone
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/change-time-zone.md
redirect_from:
- /doc/change-time-zone/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/change-time-zone.md
ref: 109
title: Changing your Time Zone
---

7
external/configuration-guides/disk-trim.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Disk TRIM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md
redirect_from:
- /doc/disk-trim/
- /en/doc/disk-trim/
- /doc/DiskTRIM/
- /wiki/DiskTRIM/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md
ref: 104
title: Disk TRIM
---

7
external/configuration-guides/external-audio.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: External Audio
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/external-audio.md
redirect_from:
- /doc/external-audio/
- /en/doc/external-audio/
- /doc/ExternalAudio/
- /wiki/ExternalAudio/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/external-audio.md
ref: 100
title: External Audio
---

7
external/configuration-guides/fetchmail.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Fetchmail
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/fetchmail.md
redirect_from:
- /doc/fetchmail/
- /en/doc/fetchmail/
- /doc/Fetchmail/
- /wiki/Fetchmail/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/fetchmail.md
ref: 114
title: Fetchmail
---

7
external/configuration-guides/install-nvidia-driver.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: How to Install an Nvidia Driver
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/install-nvidia-driver.md
redirect_from:
- /doc/install-nvidia-driver/
- /en/doc/install-nvidia-driver/
- /doc/InstallNvidiaDriver/
- /wiki/InstallNvidiaDriver/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/install-nvidia-driver.md
ref: 96
title: How to Install an Nvidia Driver
---

7
external/configuration-guides/multiboot.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Multibooting
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multiboot.md
redirect_from:
- https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multiboot.md
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multiboot.md
ref: 112
title: Multibooting
---

7
external/configuration-guides/multimedia.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: How to Make a Multimedia TemplateVM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multimedia.md
redirect_from:
- /doc/multimedia/
- /en/doc/multimedia/
- /doc/Multimedia/
- /wiki/Multimedia/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/multimedia.md
ref: 105
title: How to Make a Multimedia TemplateVM
---

7
external/configuration-guides/mutt.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Mutt
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/mutt.md
redirect_from:
- /doc/mutt/
- /en/doc/mutt/
- /doc/Mutt/
- /wiki/Mutt/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/mutt.md
ref: 106
title: Mutt
---

7
external/configuration-guides/network-bridge-support.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Network Bridge Support
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/network-bridge-support.md
redirect_from:
- /doc/network-bridge-support/
- /en/doc/network-bridge-support/
- /doc/NetworkBridgeSupport/
- /wiki/NetworkBridgeSupport/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/network-bridge-support.md
ref: 113
title: Network Bridge Support
---

7
external/configuration-guides/network-printer.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Network Printer
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/network-printer.md
redirect_from:
- /doc/network-printer/
- /en/doc/network-printer/
- /doc/NetworkPrinter/
- /wiki/NetworkPrinter/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/network-printer.md
ref: 108
title: Network Printer
---

142
external/configuration-guides/postfix.md vendored
View File

@ -1,146 +1,12 @@
---
lang: en
layout: doc
title: Postfix
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/postfix.md
redirect_from:
- /doc/postfix/
- /en/doc/postfix/
- /doc/Postfix/
- /wiki/Postfix/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/postfix.md
ref: 107
title: Postfix
---
Postfix
=======
Postfix is full featured MTA (Message Transfer Agent). Here we will configure it in smarthost mode as part of common [Mutt](/doc/mutt/)+Postfix+[Fetchmail](/doc/fetchmail/) stack.
Installation
------------
`dnf install postfix procmail make cyrus-sasl cyrus-sasl-plain`
Cyrus-sasl is installed to authenticate to remote servers. Procmail is not strictly necessary, but is useful to sort your incoming mail, for example to put each mailing list in its own directory. Make is also not necessary, but is used to keep Postfix lookup tables.
You should also check `alternatives` command, to see if it is the default `mta`. It probably is not. You may need to `dnf remove ssmtp` or something
Configuration
-------------
In TemplateVM open `/etc/aliases` and add line:
~~~
root: user
~~~
and run `newaliases`.
This is the only thing to do in TemplateVM, as MTA configuration is AppVM specific, so we will keep it in `/usr/local` (ie. `/rw/usrlocal`) in each AppVM.
Now shutdown TemplateVM, start AppVM. Create directory `/usr/local/etc/postfix` and copy `/etc/postfix/master.cf` and `/etc/postfix/postfix-files` there.
### Makefile
Postfix keeps its lookup tables in bdb hash databases. They need to be compiled from source files. Postfix admins like to keep track of them by means of `/usr/local/etc/postfix/Makefile`:
~~~
all: $(addsuffix .db,$(shell sed -n -e '/^[^#].*hash:\/etc\/postfix/s:.*/::p' main.cf))
newaliases
clean:
$(RM) *.db
.PHONY: all clean
%.db: %
/usr/sbin/postmap hash:$<
~~~
### Postfix main configuration
`/usr/local/etc/postfix/main.cf` (`/etc/postfix` is intentional, don't correct it):
~~~
mydestination = $myhostname, $myhostname.$mydomain, $myhostname.localdomain, localhost, localhost.$mydomain, localhost.localdomain, $mydomain, localdomain
mynetworks_style = host
inet_protocols = ipv4
smtp_generic_maps = hash:/etc/postfix/generic
local_header_rewrite_clients =
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options =
smtp_tls_security_level = encrypt
smtp_sasl_mechanism_filter = plain, login
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
home_mailbox = .maildir/
setgid_group = postdrop
mail_owner = postfix
html_directory = no
manpage_directory = /usr/share/man
queue_directory = /var/spool/postfix
readme_directory = no
mailbox_command = /usr/bin/procmail
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
alias_maps = hash:/etc/aliases
~~~
### Lookup tables
`/usr/local/etc/postfix/generic` (put there your primary address):
~~~
@localhost your.mail@example.com
~~~
`/usr/local/etc/postfix/sender_relay`. This is an important file. Put all your SMTP servers there. Pay attention to port (smtp/submission). Square brackets have their special meaning, they are almost certainly needed. For more info consult Postfix manual.
~~~
your.mail@exmaple.com [mail.example.com]:submission
your.other@mail.com [smtp.mail.com]:smtp
~~~
`/usr/local/etc/postfix/saslpass`. Here you put passwords to above mentioned servers. It depends on your provider if you need to put whole email as username or just the part before `@`.
~~~
[mail.example.com]:submission your.mail:y0urP4ssw0rd
[smtp.mail.com]:smtp your.other@mail.com:supers3cret
~~~
`/usr/local/etc/postfix/sender_access`. I use it to nullroute known spam domains. If you do not need it, comment respective line in `main.cf`.
~~~
spamdomain1.com DISCARD
spamdomain2.com DISCARD
~~~
Now run `make` in `/usr/local/etc/postfix`. It will hopefully compile four above mentioned lookup tables (`generic.db`, `sender_relay.db`, `saslpass.db` and `sender_access`).
### procmail
Don't start postfix or fetchmail yet, first create `/home/user/.procmailrc`:
~~~
MAILDIR = "${HOME}/.maildir"
ORGMAIL = "${MAILDIR}/"
DEFAULT = "${MAILDIR}/"
:0
* ^List-Id:.*qubes-users\.googlegroups\.com
list/qubes-users/
:0
* ^List-Id:.*qubes-devel\.googlegroups\.com
list/qubes-devel/
~~~
Run
---

7
external/configuration-guides/rxvt.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Rxvt
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/rxvt.md
redirect_from:
- /doc/rxvt/
- /en/doc/rxvt/
- /doc/Rxvt/
- /wiki/Rxvt/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/rxvt.md
ref: 103
title: Rxvt
---

7
external/configuration-guides/tips-and-tricks.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Tips and Tricks
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/tips-and-tricks.md
redirect_from:
- /doc/tips-and-tricks/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/tips-and-tricks.md
ref: 110
title: Tips and Tricks
---

7
external/configuration-guides/vpn.md vendored
View File

@ -1,12 +1,13 @@
---
lang: en
layout: doc
title: VPN
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md
redirect_from:
- /doc/vpn/
- /doc/privacy/vpn/
- /en/doc/vpn/
- /doc/VPN/
- /wiki/VPN/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md
ref: 102
title: VPN
---

7
external/configuration-guides/w3m.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Reducing the fingerprint of the text-based web browser w3m
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/w3m.md
redirect_from:
- /doc/w3m/
- /en/doc/mutt/
- /doc/W3m/
- /wiki/W3m/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/w3m.md
ref: 101
title: Reducing the fingerprint of the text-based web browser w3m
---

7
external/configuration-guides/zfs.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: ZFS
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/zfs.md
redirect_from:
- /doc/zfs/
- /en/doc/zfs/
- /doc/ZFS/
- /wiki/ZFS/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/zfs.md
ref: 111
title: ZFS
---

7
external/customization-guides/dark-theme.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Dark Theme in Dom0 and DomU
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dark-theme.md
redirect_from:
- /doc/dark-theme/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dark-theme.md
ref: 74
title: Dark Theme in Dom0 and DomU
---

9
external/customization-guides/fedora-minimal-template-customization.md vendored
View File

@ -1,9 +1,8 @@
---
lang: en
layout: doc
title: Fedora Minimal Template Customization
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/fedora-minimal-template-customization.md
redirect_from:
- /doc/fedora-minimal-template-customization/
redirect_from: /en/doc/fedora-minimal-template-customization/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/fedora-minimal-template-customization.md
ref: 76
title: Fedora Minimal Template Customization
---

7
external/customization-guides/language-localization.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Language Localization
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/language-localization.md
redirect_from:
- /doc/language-localization/
- /en/doc/language-localization/
- /doc/LanguageLocalization/
- /wiki/LanguageLocalization/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/language-localization.md
ref: 73
title: Language Localization
---

7
external/customization-guides/removing-templatevm-packages.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Removing TemplateVM Packages
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/removing-templatevm-packages.md
redirect_from:
- /doc/removing-templatevm-packages/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/removing-templatevm-packages.md
ref: 75
title: Removing TemplateVM Packages
---

8
external/customization-guides/windows-template-customization.md vendored
View File

@ -1,9 +1,9 @@
---
lang: en
layout: doc
title: Windows Template Customization
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/windows-template-customization.md
redirect_from:
- /doc/windows-template-customization/
redirect_from: /en/doc/windows-template-customization/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/windows-template-customization.md
ref: 72
title: Windows Template Customization
---

7
external/os-guides/centos.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: CentOS Template
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/centos.md
redirect_from:
- /doc/templates/centos/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/centos.md
ref: 81
title: CentOS Template
---

6
external/os-guides/gentoo.md vendored
View File

@ -1,7 +1,9 @@
---
lang: en
layout: doc
title: Gentoo Template
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/gentoo.md
redirect_from:
- /doc/templates/gentoo/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/gentoo.md
ref: 221
title: Gentoo Template
---

7
external/os-guides/linux-hvm-tips.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Linux HVM Tips
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/linux-hvm-tips.md
redirect_from:
- /doc/linux-hvm-tips/
- /en/doc/linux-hvm-tips/
- /doc/LinuxHVMTips/
- /wiki/LinuxHVMTips/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/linux-hvm-tips.md
ref: 82
title: Linux HVM Tips
---

7
external/os-guides/netbsd.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: How to Create a NetBSD VM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/netbsd.md
redirect_from:
- /doc/netbsd/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/netbsd.md
ref: 84
title: How to Create a NetBSD VM
---

7
external/os-guides/pentesting.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Penetration Testing
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting.md
redirect_from:
- /doc/pentesting/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting.md
ref: 83
title: Penetration Testing
---

7
external/os-guides/pentesting/blackarch.md vendored
View File

@ -1,9 +1,10 @@
---
lang: en
layout: doc
title: How to Create a BlackArch VM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/blackarch.md
redirect_from:
- /doc/pentesting/blackarch/
- /doc/blackarch/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/blackarch.md
ref: 88
title: How to Create a BlackArch VM
---

7
external/os-guides/pentesting/kali.md vendored
View File

@ -1,9 +1,10 @@
---
lang: en
layout: doc
title: How to create a Kali Linux VM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/kali.md
redirect_from:
- /doc/pentesting/kali/
- /doc/kali/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/kali.md
ref: 87
title: How to create a Kali Linux VM
---

7
external/os-guides/pentesting/ptf.md vendored
View File

@ -1,9 +1,10 @@
---
lang: en
layout: doc
title: How to create Penetration Testers Framework (PTF) VM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/ptf.md
redirect_from:
- /doc/pentesting/ptf/
- /doc/ptf/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/pentesting/ptf.md
ref: 89
title: How to create Penetration Testers Framework (PTF) VM
---

7
external/os-guides/ubuntu.md vendored
View File

@ -1,12 +1,13 @@
---
lang: en
layout: doc
title: Ubuntu Template
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/ubuntu.md
redirect_from:
- /doc/templates/ubuntu/
- /doc/ubuntu/
- /en/doc/templates/ubuntu/
- /doc/Templates/Ubuntu/
- /wiki/Templates/Ubuntu/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/ubuntu.md
ref: 80
title: Ubuntu Template
---

7
external/os-guides/windows/windows-tools.md vendored
View File

@ -1,7 +1,6 @@
---
lang: en
layout: doc
title: Qubes Windows Tools
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools.md
redirect_from:
- /doc/windows-tools/
- /doc/windows-appvms/
@ -13,5 +12,7 @@ redirect_from:
- /doc/WindowsTools3/
- /doc/WindowsTools/
- /wiki/WindowsTools/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools.md
ref: 86
title: Qubes Windows Tools
---

7
external/os-guides/windows/windows-vm.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Installing a Windows VM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-vm.md
redirect_from:
- /doc/windows-vm/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-vm.md
ref: 85
title: Installing a Windows VM
---

7
external/privacy-guides/anonymizing-your-mac-address.md vendored
View File

@ -1,9 +1,10 @@
---
lang: en
layout: doc
title: Anonymizing your MAC Address
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md
redirect_from:
- /doc/anonymizing-your-mac-address/
- /doc/randomizing-your-mac-address/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md
ref: 67
title: Anonymizing your MAC Address
---

7
external/privacy-guides/signal.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Signal
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/signal.md
redirect_from:
- /doc/signal/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/signal.md
ref: 70
title: Signal
---

7
external/privacy-guides/tails.md vendored
View File

@ -1,9 +1,10 @@
---
lang: en
layout: doc
title: Running Tails in Qubes
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/tails.md
redirect_from:
- /doc/tails/
- /doc/running-tails
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/tails.md
ref: 71
title: Running Tails in Qubes
---

7
external/privacy-guides/torvm.md vendored
View File

@ -1,7 +1,6 @@
---
lang: en
layout: doc
title: TorVM
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/torvm.md
redirect_from:
- /doc/torvm/
- /doc/privacy/torvm/
@ -9,5 +8,7 @@ redirect_from:
- /doc/TorVM/
- /doc/UserDoc/TorVM/
- /wiki/UserDoc/TorVM/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/torvm.md
ref: 68
title: TorVM
---

7
external/privacy-guides/whonix.md vendored
View File

@ -1,7 +1,6 @@
---
lang: en
layout: doc
title: Whonix for Privacy & Anonymity
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/whonix.md
redirect_from:
- /doc/whonix/
- /doc/privacy/whonix/
@ -17,5 +16,7 @@ redirect_from:
- /doc/privacy/uninstall-whonix/
- /doc/whonix/update/
- /doc/privacy/updating-whonix/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/whonix.md
ref: 69
title: Whonix for Privacy & Anonymity
---

7
external/security-guides/multifactor-authentication.md vendored
View File

@ -1,10 +1,11 @@
---
lang: en
layout: doc
title: Multifactor Authentication
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/security/multifactor-authentication.md
redirect_from:
- /doc/multifactor-authentication/
- /en/doc/multifactor-authentication/
- /doc/Multi-factorAuthentication/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/security/multifactor-authentication.md
ref: 78
title: Multifactor Authentication
---

7
external/security-guides/security-guidelines.md vendored
View File

@ -1,11 +1,12 @@
---
lang: en
layout: doc
title: Security Guidelines
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md
redirect_from:
- /doc/security-guidelines/
- /en/doc/security-guidelines/
- /doc/SecurityGuidelines/
- /wiki/SecurityGuidelines/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md
ref: 79
title: Security Guidelines
---

7
external/security-guides/split-bitcoin.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Split Bitcoin
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/security/split-bitcoin.md
redirect_from:
- /doc/split-bitcoin/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/security/split-bitcoin.md
ref: 77
title: Split Bitcoin
---

7
external/troubleshooting/application-troubleshooting.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Application Troubleshooting
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/application-troubleshooting.md
redirect_from:
- /doc/application-troubleshooting/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/application-troubleshooting.md
ref: 236
title: Application Troubleshooting
---

7
external/troubleshooting/intel-igfx-troubleshooting.md vendored
View File

@ -1,8 +1,9 @@
---
lang: en
layout: doc
title: Intel Integrated Graphics Troubleshooting
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/intel-igfx-troubleshooting.md
redirect_from:
- /doc/intel-igfx-troubleshooting/
redirect_to: https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/intel-igfx-troubleshooting.md
ref: 90
title: Intel Integrated Graphics Troubleshooting
---

Some files were not shown because too many files have changed in this diff Show More