mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-01-23 13:11:02 -05:00
Fix a few typos
Merge branch 'pr-1396'
This commit is contained in:
commit
10811e675c
@ -14,7 +14,7 @@ title: Qubes builder details
|
||||
<div class="alert alert-warning" role="alert">
|
||||
<i class="fa fa-exclamation-circle"></i>
|
||||
<b>Note:</b> This information concerns the old Qubes builder (v1). It supports
|
||||
only building Qubes 4.1 or earlier.<br>The build process has been completely rewritten in <a href="https://github.com/QubesOS/qubes-builderv2/">qubes-builder v2</a>. This can be be used for building Qubes R4.1 and later, and all related components.</div>
|
||||
only building Qubes 4.1 or earlier.<br>The build process has been completely rewritten in <a href="https://github.com/QubesOS/qubes-builderv2/">qubes-builder v2</a>. This can be used for building Qubes R4.1 and later, and all related components.</div>
|
||||
|
||||
Components Makefile.builder file
|
||||
--------------------------------
|
||||
|
@ -13,7 +13,7 @@ title: Qubes builder
|
||||
<div class="alert alert-warning" role="alert">
|
||||
<i class="fa fa-exclamation-circle"></i>
|
||||
<b>Note:</b> These instructions concern the older Qubes builder (v1). It supports
|
||||
only building Qubes 4.1 or earlier.<br>The build process has been completely rewritten in <a href="https://github.com/QubesOS/qubes-builderv2/">qubes-builder v2</a>. This can be be used for building Qubes R4.1 and later, and all related components.
|
||||
only building Qubes 4.1 or earlier.<br>The build process has been completely rewritten in <a href="https://github.com/QubesOS/qubes-builderv2/">qubes-builder v2</a>. This can be used for building Qubes R4.1 and later, and all related components.
|
||||
</div>
|
||||
|
||||
**Note: See [ISO building instructions](/doc/qubes-iso-building/) for a streamlined overview on how to use the build system.**
|
||||
|
@ -15,7 +15,7 @@ title: Qubes ISO building
|
||||
<div class="alert alert-warning" role="alert">
|
||||
<i class="fa fa-exclamation-circle"></i>
|
||||
<b>Note:</b> These instructions concern the older Qubes builder (v1). It supports
|
||||
only building Qubes 4.1 or earlier.<br>The build process has been completely rewritten in <a href="https://github.com/QubesOS/qubes-builderv2/">qubes-builder v2</a>. This can be be used for building Qubes R4.1 and later, and all related components.
|
||||
only building Qubes 4.1 or earlier.<br>The build process has been completely rewritten in <a href="https://github.com/QubesOS/qubes-builderv2/">qubes-builder v2</a>. This can be used for building Qubes R4.1 and later, and all related components.
|
||||
</div>
|
||||
|
||||
Build Environment
|
||||
|
@ -71,7 +71,7 @@ The review procedure is as follows:
|
||||
1. Someone, S, wishes to make a change to a package, P.
|
||||
2. S submits a fast-forwardable pull request against the fork of P's repo owned by [QubesOS-contrib](https://github.com/QubesOS-contrib).
|
||||
3. The PM reviews the pull request.
|
||||
If the the pull request passes the PM's review, the PM adds a [signed](/doc/code-signing/) *comment* on the pull request stating that it has passed review.
|
||||
If the pull request passes the PM's review, the PM adds a [signed](/doc/code-signing/) *comment* on the pull request stating that it has passed review.
|
||||
(In cases in which S = PM, the PM can simply add a [signed](/doc/code-signing/) *tag* to the HEAD commit prior to submitting the pull request.)
|
||||
If the pull request does not pass the PM's review, the PM leaves a comment on the pull request explaining why not.
|
||||
4. The QCR reviews the pull request.
|
||||
|
@ -251,6 +251,6 @@ It is a [socket-based Qubes RPC service](/doc/qrexec-socket-services/). Requests
|
||||
There are two endpoints:
|
||||
|
||||
- `policy.Ask` - ask the user about whether to execute a given action
|
||||
- `policy.Notify` - notify the user about about an action.
|
||||
- `policy.Notify` - notify the user about an action.
|
||||
|
||||
See [qrexec-policy-agent.rst](https://github.com/QubesOS/qubes-core-qrexec/blob/master/Documentation/qrexec-policy-agent.rst) for protocol details.
|
||||
|
@ -49,7 +49,7 @@ In the case of Qubes, `qubes-gui` does not transfer all changed pixels via vchan
|
||||
and pass this to dom0 via the deprecated `MFNDUMP` message.
|
||||
- New `qubes-gui` versions will rely on `qubes-drv` having allocated
|
||||
memory using gntalloc, and then pass the grant table indexes gntalloc
|
||||
has chosen to the GUI daemon using using the `WINDOW_DUMP` message.
|
||||
has chosen to the GUI daemon using the `WINDOW_DUMP` message.
|
||||
|
||||
Now, `qubes-guid` has to tell the dom0 Xorg server about the location of the buffer.
|
||||
There is no supported way (e.g. Xorg extension) to do this zero-copy style.
|
||||
|
@ -67,7 +67,7 @@ There are three issue **types**: `T: bug`, `T: enhancement`, and `T: task`.
|
||||
- `T: enhancement` --- Type: enhancement. A new feature that does not yet exist **or** improvement of existing functionality.
|
||||
- `T: task` --- Type: task. An action item that is neither a bug nor an enhancement.
|
||||
|
||||
Every open issue should have **exactly one** type. An open issue should not have more than one type, and it should not lack a type entirely. Bug reports are for problems in things that already exist. If something doesn't exist yet, but you think it ought to exist, then use `T: enhancement` instead. If something already exists, but you think it could be improved in some way, you should again use `T: enhancement`. `T: task` is for issues that fall under under neither `T: bug` nor `T: enhancement`.
|
||||
Every open issue should have **exactly one** type. An open issue should not have more than one type, and it should not lack a type entirely. Bug reports are for problems in things that already exist. If something doesn't exist yet, but you think it ought to exist, then use `T: enhancement` instead. If something already exists, but you think it could be improved in some way, you should again use `T: enhancement`. `T: task` is for issues that fall under neither `T: bug` nor `T: enhancement`.
|
||||
|
||||
#### Priority
|
||||
|
||||
|
@ -419,7 +419,7 @@ account is **not** required. Any email address will work.) To post a message to
|
||||
the list, address your email to `qubes-project@googlegroups.com`. If your post
|
||||
does not appear immediately, please allow time for moderation to occur. To
|
||||
unsubscribe, send a blank email to
|
||||
`qubes-project+unsubscribe@googlegroups.com`. This list also also has a
|
||||
`qubes-project+unsubscribe@googlegroups.com`. This list also has a
|
||||
[traditional mail
|
||||
archive](https://www.mail-archive.com/qubes-project@googlegroups.com/) and an
|
||||
optional [Google Groups web
|
||||
|
@ -60,7 +60,7 @@ In this example, we want to make `/var/lib/tor` persistent. Enter all of the fol
|
||||
|
||||
From now on, all files in the `/var/lib/tor` directory will persist across reboots.
|
||||
|
||||
You can make make as many files or folders persist as you want simply by making multiple entries in the `50_user.conf` file, each on a separate line.
|
||||
You can make as many files or folders persist as you want simply by making multiple entries in the `50_user.conf` file, each on a separate line.
|
||||
For example, if you added the file `/etc/tor/torrc` to the `binds` variable, any modifications to *that* file would also persist across reboots.
|
||||
|
||||
```
|
||||
|
@ -27,7 +27,7 @@ Additionally, if you want to have menu entries for starting applications in disp
|
||||
[user@dom0 ~]$ qvm-features <DISPOSABLE_TEMPLATE> appmenus-dispvm 1
|
||||
```
|
||||
|
||||
**Note:** Application shortcuts that existed before setting this feature will not be updated automatically. Please go the the "Applications" tab in the qube's "Settings" dialog and unselect all existing shortcuts by clicking "<<", then click "OK" and close the dialog. Give it a few seconds time and then reopen and re-select all the shortcuts you want to see in the menu. See [this page](/doc/managing-appvm-shortcuts) for background information.
|
||||
**Note:** Application shortcuts that existed before setting this feature will not be updated automatically. Please go the "Applications" tab in the qube's "Settings" dialog and unselect all existing shortcuts by clicking "<<", then click "OK" and close the dialog. Give it a few seconds time and then reopen and re-select all the shortcuts you want to see in the menu. See [this page](/doc/managing-appvm-shortcuts) for background information.
|
||||
|
||||
## Security
|
||||
|
||||
|
@ -197,7 +197,7 @@ you would install it into a normal HVM. Generally, you should install in to the
|
||||
first "system" disk. (Resize it as needed before starting installation.)
|
||||
|
||||
You can then create a new qube using the new template. If you use this Template
|
||||
as is, then any HVMs based on it it will effectively be disposables. All file
|
||||
as is, then any HVMs based on it will effectively be disposables. All file
|
||||
system changes will be wiped when the HVM is shut down.
|
||||
|
||||
Please see [this
|
||||
|
@ -42,7 +42,7 @@ qvm-volume config vmname:private revisions_to_keep 2
|
||||
```
|
||||
|
||||
With the VM stopped, you may revert to an older snapshot of the private volume
|
||||
from the the above list of "Available revisions (for revert)", where the last
|
||||
from the above list of "Available revisions (for revert)", where the last
|
||||
item on the list with the largest integer is the most recent snapshot:
|
||||
|
||||
```
|
||||
|
@ -86,7 +86,7 @@ If you are a hardware vendor, you can have your hardware certified as compatible
|
||||
|
||||
**Note:** This section describes the requirements for hardware *certification*, *not* the requirements for *running* Qubes OS. For the latter, please see the [system requirements](/doc/system-requirements/). A brief list of the requirements described in this section is available [here](/doc/system-requirements/#qubes-certified-hardware).
|
||||
|
||||
A basic requirement is that all Qubes-certified devices must be be available for purchase with Qubes OS preinstalled. Customers may be offered the option to select from a list of various operating systems (or no operating system at all) to be preinstalled, but Qubes OS must be on that list in order to maintain Qubes hardware certification.
|
||||
A basic requirement is that all Qubes-certified devices must be available for purchase with Qubes OS preinstalled. Customers may be offered the option to select from a list of various operating systems (or no operating system at all) to be preinstalled, but Qubes OS must be on that list in order to maintain Qubes hardware certification.
|
||||
|
||||
One of the most important security improvements introduced with the release of Qubes 4.0 was to replace paravirtualization (PV) technology with **hardware-enforced memory virtualization**, which recent processors have made possible thanks to so-called Second Level Address Translation ([SLAT](https://en.wikipedia.org/wiki/Second_Level_Address_Translation)), also known as [EPT](https://ark.intel.com/Search/FeatureFilter?productType=processors&ExtendedPageTables=true&MarketSegment=Mobile) in Intel parlance. SLAT (EPT) is an extension to Intel VT-x virtualization, which originally was capable of only CPU virtualization but not memory virtualization and hence required a complex Shadow Page Tables approach. We hope that embracing SLAT-based memory virtualization will allow us to prevent disastrous security bugs, such as the infamous [XSA-148](https://xenbits.xen.org/xsa/advisory-148.html), which --- unlike many other major Xen bugs --- regrettably did [affect](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt) Qubes OS. Consequently, we require SLAT support of all certified hardware beginning with Qubes OS 4.0.
|
||||
|
||||
|
@ -122,7 +122,7 @@ If you don't see anything that looks like your drive, run `sudo udevadm trigger
|
||||
|
||||
## Recovering From Premature Device Destruction
|
||||
|
||||
If the you fail to detach the device before it's destroyed in the sourceVM (e.g. by physically detaching the thumbdrive), [there will be problems](https://github.com/QubesOS/qubes-issues/issues/1082).
|
||||
If you fail to detach the device before it's destroyed in the sourceVM (e.g. by physically detaching the thumbdrive), [there will be problems](https://github.com/QubesOS/qubes-issues/issues/1082).
|
||||
|
||||
To recover from this error state, in dom0 run
|
||||
|
||||
|
@ -284,7 +284,7 @@ Note the IP addresses you will need, they will be required in the next steps.
|
||||
|
||||
For the following example, we assume that the physical interface ens6 in sys-net is on the local network 192.168.x.y with the IP 192.168.x.n, and that the IP address of sys-firewall is 10.137.1.z.
|
||||
|
||||
In the sys-net VM's Terminal, the first step is to to define an ntables chain that will receive DNAT rules to relay the network traffic on a given port to the qube NetVM, we recommend to define a new chain for each destination qube to ease rules management:
|
||||
In the sys-net VM's Terminal, the first step is to define an ntables chain that will receive DNAT rules to relay the network traffic on a given port to the qube NetVM, we recommend to define a new chain for each destination qube to ease rules management:
|
||||
|
||||
```
|
||||
nft add chain qubes custom-dnat-qubeDEST '{ type nat hook prerouting priority filter +1 ; policy accept; }'
|
||||
|
@ -104,7 +104,7 @@ While using the `no-strict-reset` flag, do not require PCI device to be reset be
|
||||
qvm-pci attach --persistent --option permissive=true --option no-strict-reset=true sys-usb dom0:<BDF_OF_DEVICE>
|
||||
~~~
|
||||
|
||||
Be sure to replace `<BDF_OF_DEVICE>` with the BDF of your PCI device, which can be be obtained from running `qvm-pci`.
|
||||
Be sure to replace `<BDF_OF_DEVICE>` with the BDF of your PCI device, which can be obtained from running `qvm-pci`.
|
||||
|
||||
You can also configure strict reset directly from the Qubes interface by following these steps:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user