From 27a745dd59bcc9e38a1231d378b204f551d60577 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Fri, 30 Oct 2020 15:07:40 +0100 Subject: [PATCH 01/23] Add VPN Troubleshooting --- doc.md | 12 +-------- external/configuration-guides/vpn.md | 4 +-- user/troubleshooting/vpn-troubleshooting.md | 28 +++++++++++++++++++++ 3 files changed, 30 insertions(+), 14 deletions(-) create mode 100644 user/troubleshooting/vpn-troubleshooting.md diff --git a/doc.md b/doc.md index 97581ee9..931ab9ba 100644 --- a/doc.md +++ b/doc.md @@ -130,6 +130,7 @@ Core documentation for Qubes users. * [USB Troubleshooting](/doc/usb-troubleshooting/) * [GUI Troubleshooting](/doc/gui-troubleshooting/) * [Media Troubleshooting](/doc/media-troubleshooting/) + * [VPN Troubleshooting](/doc/vpn-troubleshooting/) ### Reference Pages @@ -271,17 +272,6 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [Language Localization](/doc/language-localization/) * [Dark Theme in Dom0 and DomU](/doc/dark-theme/) * [Safely Removing TemplateVM Packages (Example: Thunderbird)](/doc/removing-templatevm-packages/) - - ### Troubleshooting - - * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) - * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) - * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) - * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) - * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) - * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) - * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) - ### Troubleshooting diff --git a/external/configuration-guides/vpn.md b/external/configuration-guides/vpn.md index 1f843215..002a28f3 100644 --- a/external/configuration-guides/vpn.md +++ b/external/configuration-guides/vpn.md @@ -318,6 +318,4 @@ If you want to update your TemplateVMs through the VPN, you can enable the `qube Troubleshooting --------------- -* Always test your basic VPN connection before adding scripts. -* Test DNS: Ping a familiar domain name from an appVM. It should print the IP address for the domain. -* Use `iptables -L -v` and `iptables -L -v -t nat` to check firewall rules. The latter shows the critical PR-QBS chain that enables DNS forwarding. +See the [VPN Troubleshooting](/doc/vpn-troubleshooting/) guide for tips on how to fix common VPN issues. diff --git a/user/troubleshooting/vpn-troubleshooting.md b/user/troubleshooting/vpn-troubleshooting.md new file mode 100644 index 00000000..5ea4cc12 --- /dev/null +++ b/user/troubleshooting/vpn-troubleshooting.md @@ -0,0 +1,28 @@ +--- +layout: doc +title: VPN Troubleshooting +permalink: /doc/vpn-troubleshooting/ +--- + +# VPN Troubleshooting Guide # + +## Tips + +* Check the VPN service's log in the VPN VM by running: + ~~~ + sudo journalctl -u qubes-vpn-handler + ~~~ +* Always test your basic VPN connection before adding scripts. + +* Test DNS: Ping a familiar domain name from an appVM. It should print the IP address for the domain. + +* Use `iptables -L -v` and `iptables -L -v -t nat` to check firewall rules. The latter shows the critical PR-QBS chain that enables DNS forwarding. + +## VPN does not reconnect after suspend +After suspend/resume, your VPN may not automatically reconnect. In order to get it to work, you must kill your VPN system and restart it. + +## VPN stuck at "Ready to start link" + +After setting up your VPN system and restarting the VM, you may be repeatedly getting the popup "Ready to start link", but the VPN isn't connected. + +To figure out the root of the problem, check the VPN logs in `/var/logs/syslog`. The log may reveal issues like missing libraries, which you can then install. From cf04fba2228bff6c25ce0931eb7e2f50cabca03a Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 1 Nov 2020 14:50:05 +0100 Subject: [PATCH 02/23] Update vpn-troubleshooting.md --- user/troubleshooting/vpn-troubleshooting.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/user/troubleshooting/vpn-troubleshooting.md b/user/troubleshooting/vpn-troubleshooting.md index 5ea4cc12..67882f7b 100644 --- a/user/troubleshooting/vpn-troubleshooting.md +++ b/user/troubleshooting/vpn-troubleshooting.md @@ -8,7 +8,7 @@ permalink: /doc/vpn-troubleshooting/ ## Tips -* Check the VPN service's log in the VPN VM by running: +* If using qubes-vpn, check the VPN service's log in the VPN VM by running: ~~~ sudo journalctl -u qubes-vpn-handler ~~~ @@ -19,10 +19,13 @@ permalink: /doc/vpn-troubleshooting/ * Use `iptables -L -v` and `iptables -L -v -t nat` to check firewall rules. The latter shows the critical PR-QBS chain that enables DNS forwarding. ## VPN does not reconnect after suspend -After suspend/resume, your VPN may not automatically reconnect. In order to get it to work, you must kill your VPN system and restart it. + +This applies when using OpenVPN. + +After suspend/resume, OpenVPN may not automatically reconnect. In order to get it to work, you must kill the OpenVPN process and restart it. ## VPN stuck at "Ready to start link" -After setting up your VPN system and restarting the VM, you may be repeatedly getting the popup "Ready to start link", but the VPN isn't connected. +After setting up OpenVPN and restarting the VM, you may be repeatedly getting the popup "Ready to start link", but the VPN isn't connected. -To figure out the root of the problem, check the VPN logs in `/var/logs/syslog`. The log may reveal issues like missing libraries, which you can then install. +To figure out the root of the problem, check the VPN logs in `/var/logs/syslog`. The log may reveal issues like missing OpenVPN libraries, which you can then install. From 0bd2db66701eec22901163e29af8955f67ec8178 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 7 Nov 2020 22:59:55 -0800 Subject: [PATCH 03/23] Add documentation links and direct users to read them QubesOS/qubes-issues#6191 --- project-security/verifying-signatures.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 28aabd51..4c2a3dfb 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -58,16 +58,17 @@ If you run into any problems, please consult the [Troubleshooting FAQ] below. Before we begin, you'll need a program that can verify PGP signatures. Any such program will do, but here are some examples for popular operating systems: -**Windows:** [Gpg4win](https://gpg4win.org/download.html). +**Windows:** [Gpg4win](https://gpg4win.org/download.html) ([documentation](https://www.gpg4win.org/documentation.html)). Use the Windows command line (`cmd.exe`) to enter commands. -**Mac:** [GPG Suite](https://gpgtools.org/). +**Mac:** [GPG Suite](https://gpgtools.org/) ([documentation](https://gpgtools.tenderapp.com/kb)). Open a terminal to enter commands. -**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html). +**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html) ([documentation](https://www.gnupg.org/documentation/)). Open a terminal to enter commands. The commands below will use `gpg2`, but if that doesn't work for you, try `gpg` instead. +If that still doesn't work, please consult the documentation for your specific program (see links above). ### 1. Get the Qubes Master Signing Key and verify its authenticity From 3e9eaed285eec332d416b546155e85ffc15c0ddc Mon Sep 17 00:00:00 2001 From: donoban Date: Sun, 8 Nov 2020 22:49:27 +0100 Subject: [PATCH 04/23] Added note for disabled repositories --- user/managing-os/minimal-templates.md | 1 + 1 file changed, 1 insertion(+) diff --git a/user/managing-os/minimal-templates.md b/user/managing-os/minimal-templates.md index cc81268e..d16d5940 100644 --- a/user/managing-os/minimal-templates.md +++ b/user/managing-os/minimal-templates.md @@ -32,6 +32,7 @@ There are currently three Minimal TemplateVMs corresponding to the standard [Fed 3. The Minimal TemplateVMs are intentionally *minimal*. [Do not ask for your favorite package to be added to the minimal template by default.][pref-default] +4. In order to reduce unnecessary risk, unused repositories have been disabled by default. Check if you should enable some of them if some package fails to install but it works fine in the standard TemplateVM. ## Installation From 62b0a80086ad16b5931ccd7e7dd09eda939e51b4 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 8 Nov 2020 18:57:23 -0800 Subject: [PATCH 05/23] Fix sentence --- user/managing-os/minimal-templates.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user/managing-os/minimal-templates.md b/user/managing-os/minimal-templates.md index d16d5940..2dff7c51 100644 --- a/user/managing-os/minimal-templates.md +++ b/user/managing-os/minimal-templates.md @@ -32,7 +32,8 @@ There are currently three Minimal TemplateVMs corresponding to the standard [Fed 3. The Minimal TemplateVMs are intentionally *minimal*. [Do not ask for your favorite package to be added to the minimal template by default.][pref-default] -4. In order to reduce unnecessary risk, unused repositories have been disabled by default. Check if you should enable some of them if some package fails to install but it works fine in the standard TemplateVM. +4. In order to reduce unnecessary risk, unused repositories have been disabled by default. + If you wish to install or update any packages from those repositories, you must enable them. ## Installation From cc3b1f82a95b00e2a370a55b823517baa190a6bb Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 08:29:09 -0800 Subject: [PATCH 06/23] Improve instructions regarding QMSK authentication Inspired by a forum discussion: https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441 --- project-security/verifying-signatures.md | 54 ++++++++++++++++-------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 4c2a3dfb..ad519fc6 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -92,38 +92,56 @@ There are several ways to get the Qubes Master Signing Key. $ gpg2 --import ./qubes-master-signing-key.asc - - Get it from a public [keyserver] (specified on first use with `--keyserver `, then saved in `~/.gnupg/gpg.conf`), e.g.: + - Get it from a public [keyserver] (specified on first use with `--keyserver ` along with keyserver options to include key signatures), e.g.: - $ gpg2 --keyserver pool.sks-keyservers.net --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 + $ gpg2 --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://pool.sks-keyservers.net:11371 --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 The Qubes Master Signing Key is also available in the [Qubes Security Pack] and in the archives of the project's [developer][devel-master-key-msg] and [user][user-master-key-msg] [mailing lists]. -Once you have obtained the Qubes Master Signing Key, you should verify the fingerprint of this key very carefully by obtaining copies of the fingerprint from multiple independent sources and comparing them to the downloaded key's fingerprint to ensure they match. -Here are some ideas: - - - Use the PGP Web of Trust. - - Check the key against different keyservers. - - Use different search engines to search for the fingerprint. - - Use Tor to view and search for the fingerprint on various websites. - - Use various VPNs and proxy servers. - - Use different Wi-Fi networks (work, school, internet cafe, etc.). - - Ask people to post the fingerprint in various forums and chat rooms. - - Check against PDFs and photographs in which the fingerprint appears - (e.g., slides from a talk or on a T-shirt). - - Repeat all of the above from different computers and devices. +Once you have obtained the Qubes Master Signing Key, you must verify that it is authentic rather than a forgery. +Anyone can create a PGP key with the name "Qubes Master Signing Key," so you cannot rely on the name alone. +You also should not rely on any single website, not even over HTTPS. +So, what *should* you do? +One option is to use the PGP [Web of Trust](https://en.wikipedia.org/wiki/Web_of_trust). In addition, some operating systems have built-in keyrings containing keys capable of validating the Qubes Master Signing Key. For example, if you have a Debian system, then your keyring may already contain the necessary keys. -For additional security, we also publish the fingerprint of the Qubes Master Signing Key here (but [remember not to blindly trust the live version of this website][website-trust]): +Another option is to rely on the key's fingerprint. +Every PGP key has a fingerprint that uniquely identifies it among all PGP keys (viewable with `gpg2 --fingerprint `). +Therefore, if you know the genuine Qubes Master Signing Key fingerprint, then you always have an easy way to confirm whether any purported copy of it is authentic, simply by comparing the fingerprints. + +For example, here is the Qubes Master Signing Key fingerprint: pub 4096R/36879494 2010-04-01 Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 uid Qubes Master Signing Key -Once you're confident that you have the legitimate Qubes Master Signing Key, set its trust level to "ultimate" so that it can be used to automatically verify all the keys signed by the Qubes Master Signing Key (in particular, Release Signing Keys). +But how do you know that this is the real fingerprint? +After all, [this website could be compromised][website-trust], so the fingerprint you see here may not be genuine. +That's why we strongly suggest obtaining the fingerprint from *multiple, independent sources in several different ways*. - $ gpg2 --edit-key 0x36879494 +Here are some ideas for how to do that: + + - Download the key from different keyservers. + - Use different search engines to search for the fingerprint. + - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social media posts](https://twitter.com/rootkovska/status/496976187491876864), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). + - Check against PDFs, photographs, and videos in which the fingerprint appears + (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). + - Download old Qubes ISOs from different sources and check the included Qubes Master Signing Key. + - Ask people to post the fingerprint on various mailing lists, forums, and chat rooms. + - Repeat the above over Tor. + - Repeat the above over various VPNs and proxy servers. + - Repeat the above on different networks (work, school, internet cafe, etc.). + - Text, email, call, video chat, snail mail, or meet up with people you know to confirm the fingerprint. + - Repeat the above from different computers and devices. + +Once you've obtained the fingerprint from enough independent sources in enough different ways that you feel confident that you know the genuine fingerprint, keep it in a safe place. +Every time you need to check whether a key claiming to be the Qubes Master Signing Key is authentic, compare that key's fingerprint to your trusted copy and confirm they match. + +Now that you've imported the authentic Qubes Master Signing Key, set its trust level to "ultimate" so that it can be used to automatically verify all the keys signed by the Qubes Master Signing Key (in particular, Release Signing Keys). + + $ gpg2 --edit-key 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. From 03e6dd2bdafa15fde11312066851ae9a22068be3 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 08:53:32 -0800 Subject: [PATCH 07/23] Add more supporting links --- project-security/verifying-signatures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index ad519fc6..39eedd36 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -124,8 +124,8 @@ That's why we strongly suggest obtaining the fingerprint from *multiple, indepen Here are some ideas for how to do that: - Download the key from different keyservers. - - Use different search engines to search for the fingerprint. - - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social media posts](https://twitter.com/rootkovska/status/496976187491876864), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). + - Use different search engines to [search](https://duckduckgo.com/?q=%22427F+11FD+0FAA+4B08+0123+F01C+DDFA+1A3E+3687+9494%22) for the fingerprint. + - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). - Check against PDFs, photographs, and videos in which the fingerprint appears (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). - Download old Qubes ISOs from different sources and check the included Qubes Master Signing Key. From c9ce37b388048b10b517df65f8e9bf561598cf39 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 08:55:51 -0800 Subject: [PATCH 08/23] Substitute older mailing list post with key attached --- project-security/verifying-signatures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 39eedd36..6f0b346d 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -125,7 +125,7 @@ Here are some ideas for how to do that: - Download the key from different keyservers. - Use different search engines to [search](https://duckduckgo.com/?q=%22427F+11FD+0FAA+4B08+0123+F01C+DDFA+1A3E+3687+9494%22) for the fingerprint. - - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). + - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-devel/c/RqR9WPxICwg/m/kaQwknZPDHkJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). - Check against PDFs, photographs, and videos in which the fingerprint appears (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). - Download old Qubes ISOs from different sources and check the included Qubes Master Signing Key. From dca896aacddea719a4fbcafb29d8bbbdc81d8226 Mon Sep 17 00:00:00 2001 From: pierwill <19642016+pierwill@users.noreply.github.com> Date: Thu, 12 Nov 2020 21:19:11 -0800 Subject: [PATCH 09/23] Fix markdown links Fixes two malformed links in qrexec socket services doc. --- developer/services/qrexec-socket-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/developer/services/qrexec-socket-services.md b/developer/services/qrexec-socket-services.md index a98045eb..e15adc3d 100644 --- a/developer/services/qrexec-socket-services.md +++ b/developer/services/qrexec-socket-services.md @@ -223,8 +223,8 @@ echo -e 'policy.Ask dom0\0' | nc -U /etc/qubes-rpc/policy.Ask ## Further reading -* [Qrexec overview][qrexec](/doc/qrexec/) -* [Qrexec internals][qrexec](/doc/qrexec-internals/) +* [Qrexec overview](/doc/qrexec/) +* [Qrexec internals](/doc/qrexec-internals/) * [qubes-core-qrexec](https://github.com/QubesOS/qubes-core-qrexec/) repository - contains the above example * [systemd.socket](https://www.freedesktop.org/software/systemd/man/systemd.socket.html) - socket unit configuration * [Streams in Python asyncio](https://docs.python.org/3/library/asyncio-stream.html) From 371d5471a5bbbf6f730e3f548b7331df1d1598cb Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 22:46:59 -0800 Subject: [PATCH 10/23] Remove keyserver and search engine ideas --- project-security/verifying-signatures.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 6f0b346d..6e6c0ca9 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -123,8 +123,6 @@ That's why we strongly suggest obtaining the fingerprint from *multiple, indepen Here are some ideas for how to do that: - - Download the key from different keyservers. - - Use different search engines to [search](https://duckduckgo.com/?q=%22427F+11FD+0FAA+4B08+0123+F01C+DDFA+1A3E+3687+9494%22) for the fingerprint. - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-devel/c/RqR9WPxICwg/m/kaQwknZPDHkJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). - Check against PDFs, photographs, and videos in which the fingerprint appears (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). From 3e8e7cc6b4a9f5429dc32201434bb88de2ceb50b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 13 Nov 2020 02:03:10 -0800 Subject: [PATCH 11/23] Improve template switching instructions --- user/managing-os/templates.md | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/user/managing-os/templates.md b/user/managing-os/templates.md index cf2137d7..bec48afe 100644 --- a/user/managing-os/templates.md +++ b/user/managing-os/templates.md @@ -117,11 +117,11 @@ If this doesn't work, please see [How to Remove VMs Manually]. If the Applications Menu entry doesn't go away after you uninstall a TemplateVM, execute the following type of command in dom0: - $ rm ~/.local/share/applications/ + $ rm ~/.local/share/applications/ Applications Menu entries for backups of removed VMs can also be found in `/usr/local/share/applications/` of dom0. - $ rm /usr/local/share/applications/ + $ rm /usr/local/share/applications/ ## Reinstalling @@ -137,24 +137,22 @@ When you install a new template or upgrade a clone of a template, it is recommen Applications Menu --> System Tools --> Qubes Global Settings --> Default template -2. Base AppVMs on the new template. +2. If your keyboard or mouse is connected through `sys-usb`, switch `sys-usb` to the new template. + (Note that this is a single command to ensure that `sys-usb` restarts. + If it does not, you will not be able to use your USB keyboard or mouse.) + + [user@dom0 ~]$ qvm-shutdown --wait sys-usb; qvm-prefs sys-usb template ; qvm-start sys-usb + +3. Base AppVMs on the new template. Applications Menu --> System Tools --> Qubes Template Manager -3. Base the [DisposableVM Template] on the new template. +4. Base the [DisposableVM Template] on the new template. - [user@dom0 ~]$ qvm-create -l red -t new-template new-template-dvm - [user@dom0 ~]$ qvm-prefs new-template-dvm template_for_dispvms True - [user@dom0 ~]$ qvm-features new-template-dvm appmenus-dispvm 1 - [user@dom0 ~]$ qubes-prefs default-dispvm new-template-dvm - -4. Updating the template for sys-usb if peripheral devices are dependent upon the VM - - If you are running Qubes on a desktop or other device where the peripheral devices such as keyboard / mouse / trackpad are dependent upon the sys-usb appVM then updating the template is a challenge. In this situation, you can use the following commands in a dom0 terminal window to update the templateVM. - - $ qvm-shutdown --wait sys-usb; qvm-prefs sys-usb template fedora-31; qvm-start sys-usb - - Be careful to run this set of commands as shown above (3 commands in a single line) because if the sys-usb VM does not start back up you may be locked out of your machine. + [user@dom0 ~]$ qvm-create -l red -t + [user@dom0 ~]$ qvm-prefs template_for_dispvms True + [user@dom0 ~]$ qvm-features appmenus-dispvm 1 + [user@dom0 ~]$ qubes-prefs default-dispvm ## Advanced From d2c9f07bbcd6a9c81839284b7536a9c040ed7794 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 13 Nov 2020 13:22:35 +0100 Subject: [PATCH 12/23] license: drop note about dual-licensing This was never enforced (and the way it's written is not enforceable). So, lets remove dead text. If we'd like to enforce something like this in the future, we'd need to require contributors signing CLA. But it wouldn't apply to past contributions anyway. --- developer/code/license.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/developer/code/license.md b/developer/code/license.md index 1a7879a2..7064d94c 100644 --- a/developer/code/license.md +++ b/developer/code/license.md @@ -14,8 +14,3 @@ Qubes OS License Qubes is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2. The full text of the GPL v2 license can be found [here](http://www.gnu.org/licenses/gpl-2.0.html). - -Note on rights to double-licensing of the Qubes code ----------------------------------------------------- - -Invisible Things Lab (ITL), who has funded and run the Qubes project since the beginning, and who has contributed the majority of Qubes-specific code (specifically: `core-*`, `gui-*`, and `qubes-*` repositories) would like to have a right to redistribute parts of this code under proprietary licenses. This is especially important for Qubes R3 and later, where the new architecture allows the creation of many editions of Qubes, using different hypervisors, some of which might not be open source. That's why we ask every developer who contributes code to Qubes project to grant ITL permission to reuse the code under a different license, and to express this consent by including the [standard signed-off line](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=HEAD#n416) in the commit. From e0f89ddaebc559fa4fa13cc2b0ef77d3f3d5f157 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sat, 14 Nov 2020 06:26:22 +0100 Subject: [PATCH 13/23] Edit Sony Vaio Tinkering --- doc.md | 2 +- .../troubleshooting/sony-vaio-tinkering.md | 28 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) rename {user => external}/troubleshooting/sony-vaio-tinkering.md (60%) diff --git a/doc.md b/doc.md index 354c1b7a..6b95cd15 100644 --- a/doc.md +++ b/doc.md @@ -279,7 +279,7 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) - * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) + * [Sony Vaio Troubleshooting](/doc/sony-vaio-tinkering/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) ### Building Guides diff --git a/user/troubleshooting/sony-vaio-tinkering.md b/external/troubleshooting/sony-vaio-tinkering.md similarity index 60% rename from user/troubleshooting/sony-vaio-tinkering.md rename to external/troubleshooting/sony-vaio-tinkering.md index 022e8bfa..64e3df26 100644 --- a/user/troubleshooting/sony-vaio-tinkering.md +++ b/external/troubleshooting/sony-vaio-tinkering.md @@ -11,36 +11,37 @@ redirect_from: Instructions for getting your Sony Vaio Z laptop working with Qubes/Linux ========================================================================= -Sony Vaio Z are great laptops -- they are very powerful, yet compact. The newer models, starting from Z12 are, however, not very well supported by Linux kernels (at least 2.6.34 that we currently use in Dom0) and thus some tinkering is needed to get Qubes working on those machines. +The following issues were reported on Qubes 3.2 and may not be prevalent on Qubes 4.0. -Getting the graphics card working under Linux/Qubes OS ------------------------------------------------------- +Graphics card does not work +--------------------------- -Newer models of Sony Vaio Z come with an "intelligent" GPU switch, that automatically chooses either Intel Integrated GPU (IGD) or the discrete NVIDIA GPU. This confuses the Linux graphics so much, that in most cases won't even be able to install a regular Linux on such a machine. Unfortunately, moving the switch into the "Stamina" position apparently doesn't work, and the automatic GPU switching is still active. +Newer models of Sony Vaio Z come with an "intelligent" GPU switch, that automatically chooses either Intel Integrated GPU (IGD) or the discrete NVIDIA GPU. This confuses the Linux graphics so much, that in most cases, it won't even be able to install a regular Linux on such a machine. Unfortunately, moving the switch into the "Stamina" position apparently doesn't work, and the automatic GPU switching is still active. One solution that actually worked for me was to reflash the BIOS (I know, I know, this is scary) and to enable the so called "Advanced Menu" in the BIOS. This Advanced Menu allows you to choose the desired behaviour of the GPU switch, which in our case would be to set it to "Static" and then move the mechanical switch to the "Stamina" position, that enabled the Intel IGD (which is much better supported on Linux). -If you think you are ready to reflash you BIOS, here are the instructions that worked for me: - -[http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html) +If you think you are ready to reflash you BIOS, you can follow [these instructions](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html). **WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. -In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied tha patched image. If you don't know what are you doing, just get a different laptop, really! +In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied that patched image. If you don't know what are you doing, just get a different laptop, really! On a side note, we should note that allowing anybody to reflash the BIOS is really a bad idea from a security point of view (Hello Evil Maids!). Shame on you, Sony! -Getting the touchpad working during installation ------------------------------------------------- +Touchpad does not work during installation +------------------------------------------ -In order to get the touchpad working during installation you should pass the **~~~i8042.nopnp=1~~~** option to the kernel before the installer starts. +In order to get the touchpad working during installation you should pass the `i8042.nopnp=1` option to the kernel before the installer starts: -\ +~~~ +sudo nano /etc/default/grub +GRUB_CMDLINE_LINUX_DEFAULT="i8042.nopnp=1" +~~~ Applying other fixes -------------------- -There are a few more fixes needed for Sony Vaio Z, and we have prepared a special package that you can install in Dom0 that applies them all. After the installation is complete, open console in Dom0 and do the following: +There are a few more fixes needed for Sony Vaio Z, and we have prepared a special package that you can install in dom0 that applies them all. After the installation is complete, open a console in dom0 and do the following: ~~~ $ sudo bash @@ -55,4 +56,3 @@ This script takes care about the following: - Adding special option for the sound module (so you can get sound) - Adding pm-suspend scripts that take care about restoring your screen after resume -... now, having done this all, you will surely feel unprecedented satisfaction and you will love your Vaio very much! ;) From 2711404f7d1e1d8525c2662e58bb608906070001 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 14 Nov 2020 06:32:10 +0100 Subject: [PATCH 14/23] Change word --- external/troubleshooting/sony-vaio-tinkering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external/troubleshooting/sony-vaio-tinkering.md b/external/troubleshooting/sony-vaio-tinkering.md index 64e3df26..34e4552f 100644 --- a/external/troubleshooting/sony-vaio-tinkering.md +++ b/external/troubleshooting/sony-vaio-tinkering.md @@ -24,7 +24,7 @@ If you think you are ready to reflash you BIOS, you can follow [these instructio **WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. -In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied that patched image. If you don't know what are you doing, just get a different laptop, really! +In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied the patched image. If you don't know what are you doing, just get a different laptop, really! On a side note, we should note that allowing anybody to reflash the BIOS is really a bad idea from a security point of view (Hello Evil Maids!). Shame on you, Sony! From fdcaadaeec4d91edc01bdfd8774c9e27de04260d Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 14 Nov 2020 00:16:13 -0800 Subject: [PATCH 15/23] Add info about distribution-gpg-keys; clarify section Thank you to Andrew Clausen for pointing out this package. --- project-security/verifying-signatures.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 6e6c0ca9..758ea596 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -104,8 +104,9 @@ You also should not rely on any single website, not even over HTTPS. So, what *should* you do? One option is to use the PGP [Web of Trust](https://en.wikipedia.org/wiki/Web_of_trust). -In addition, some operating systems have built-in keyrings containing keys capable of validating the Qubes Master Signing Key. -For example, if you have a Debian system, then your keyring may already contain the necessary keys. +In addition, some operating systems include the means to acquire the Qubes Master Signing Key in a secure way. +For example, on Fedora, `dnf install distribution-gpg-keys` will get you the Qubes Master Signing Key along with several other Qubes keys. +On Debian, your keyring may already contain the necessary keys. Another option is to rely on the key's fingerprint. Every PGP key has a fingerprint that uniquely identifies it among all PGP keys (viewable with `gpg2 --fingerprint `). From 8452712d308c4faf61b2637406f1149ec8a48b79 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 14 Nov 2020 18:55:41 +0100 Subject: [PATCH 16/23] Add Multiboot Troubleshooting link --- doc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc.md b/doc.md index 6b95cd15..9c8b3e0d 100644 --- a/doc.md +++ b/doc.md @@ -281,6 +281,7 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Sony Vaio Troubleshooting](/doc/sony-vaio-tinkering/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) + * [Multiboot Troubleshooting](/doc/multiboot/#troubleshooting) ### Building Guides From 2062b31502fb24c9d9c9738de85f13de5fedea3f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 14 Nov 2020 18:25:13 -0800 Subject: [PATCH 17/23] Add Fedora and Debian methods for acquiring the QMSK Thanks to Andrew Clausen for the suggestion. --- project-security/verifying-signatures.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 758ea596..3fc877db 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -84,6 +84,12 @@ There are several ways to get the Qubes Master Signing Key. $ gpg2 --import /usr/share/qubes/qubes-master-key.asc + - If you're on Fedora, you can get it in the `distribution-gpg-keys` package: + + $ dnf install distribution-gpg-keys + + - If you're on Debian, it may already be included in your keyring. + - Fetch it with GPG: $ gpg2 --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc From 968e4a378fbb9abbd1d4bb3e791512b49e2d25e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 15 Nov 2020 09:36:14 +0100 Subject: [PATCH 18/23] Add .gitlab-ci.yml --- .gitlab-ci.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..68adf784 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,5 @@ +include: + - https://raw.githubusercontent.com/QubesOS/qubes-continuous-integration/master/gitlab-website.yml + +build:doc: + extends: .website From 6da63e3878089c9a68b50397f33594e7906c0397 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 02:14:26 -0800 Subject: [PATCH 19/23] Improve cross-linking between pages --- user/advanced-configuration/disposablevm-customization.md | 6 +++--- user/reference/glossary.md | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/user/advanced-configuration/disposablevm-customization.md b/user/advanced-configuration/disposablevm-customization.md index 1e14eddd..35680337 100644 --- a/user/advanced-configuration/disposablevm-customization.md +++ b/user/advanced-configuration/disposablevm-customization.md @@ -15,9 +15,9 @@ redirect_from: ## Introduction -A DisposableVM (previously known as a "DispVM") in can be based on any TemplateBasedVM. -You can also choose to use different DisposableVM Templates for different DisposableVMs. -To prepare AppVM to be a DisposableVM Template, you need to set `template_for_dispvms` property, for example: +A [DisposableVM](/doc/disposablevm) can be based on any [TemplateBasedVM](/doc/glossary/#templatebasedvm). +You can also choose to use different [DisposableVM Templates](/doc/glossary/#disposablevm-template) for different DisposableVMs. +To prepare an AppVM to be a DisposableVM Template, you need to set `template_for_dispvms` property, for example: [user@dom0 ~]$ qvm-prefs fedora-26-dvm template_for_dispvms True diff --git a/user/reference/glossary.md b/user/reference/glossary.md index 9f01fb71..2358aa14 100644 --- a/user/reference/glossary.md +++ b/user/reference/glossary.md @@ -119,8 +119,9 @@ FirewallVM FirewallVMs, as defined here, no longer exist in Qubes 4.0 or later (see [here][pr-748] for technical details).* Firewall Virtual Machine. -A type of [ProxyVM](#proxyvm) that is used to enforce network-level policies (a.k.a. "firewall rules"). +A type of [ProxyVM](#proxyvm) that is used to enforce network-level policies (a.k.a. "firewall rules"). A FirewallVM called `sys-firewall` is created by default in most Qubes installations. +Also see [Qubes Firewall](/doc/firewall/). DisposableVM ------------ @@ -191,7 +192,8 @@ This allows for optimal performance on guest operating systems such as Windows. Windows Tools ----- -Qubes Windows Tools are a set of programs and drivers that provide integration of Windows [AppVMs](#appvm) with the rest of the Qubes system. +[Qubes Windows Tools](/doc/windows-tools/) (QWT) are a set of programs and drivers that provide integration of Windows [AppVMs](#appvm) with the rest of the Qubes system. +Also see [Windows](/doc/windows/). QWT ---- From 84dcf72aec36db9c20a66706a686c44d0750b1b7 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 03:54:14 -0800 Subject: [PATCH 20/23] Improve "copying" documentation --- user/common-tasks/copy-from-dom0.md | 84 +++++++++++++++-------------- user/common-tasks/copy-paste.md | 66 +++++++++++------------ user/common-tasks/copying-files.md | 56 ++++++++++--------- 3 files changed, 105 insertions(+), 101 deletions(-) diff --git a/user/common-tasks/copy-from-dom0.md b/user/common-tasks/copy-from-dom0.md index 67c8fe89..dfe2e467 100644 --- a/user/common-tasks/copy-from-dom0.md +++ b/user/common-tasks/copy-from-dom0.md @@ -9,67 +9,71 @@ redirect_from: - /wiki/CopyToDomZero/ --- -Copying from (and to) dom0 -========================== +# Copying from (and to) dom0 -Copying **from** dom0 ---------------------- +This page covers copying files and clipboard text between [dom0](/doc/glossary/#dom0) and [domUs](/doc/glossary/#domu). +Since dom0 is special, the processes are different from [copying and pasting text between qubes](/doc/copy-paste/) and [copying and moving files between qubes](/doc/copying-files/). -To copy a file from dom0 to a VM (domU), simply use `qvm-copy-to-vm`: +## Copying **from** dom0 -~~~ -qvm-copy-to-vm -~~~ +### Copying files from dom0 -The file will arrive in your destination VM in the `~/QubesIncoming/dom0/` directory. +To copy a file from dom0 to a VM, simply use `qvm-copy-to-vm`: -### Copying logs from dom0 ### + qvm-copy-to-vm + +The file will arrive in the target VM in the `/home/user/QubesIncoming/dom0/` directory. + +### Copying and pasting clipboard text from dom0 + +Use the **Qubes Clipboard** widget: + + 1. Copy text to the clipboard normally in dom0 (e.g., by pressing Ctrl+C). + + 2. Click the **Qubes Clipboard** icon in the Notification Area. + + 3. Click "Copy dom0 clipboard". + This displays a notification that text has been copied to the inter-qube clipboard. + + 4. Press Ctrl+Shift+V in the target qube. + This pastes the inter-qube clipboard contents into the target qube's normal clipboard. + + 5. Paste normally within that qube (e.g., by pressing Shift+V). + +Alternatively, you can put your text in a file, then [copy it as a file](#copying-files-from-dom0). +Or, you can write the data you wish to copy into `/var/run/qubes/qubes-clipboard.bin`, then `echo -n dom0 > /var/run/qubes/qubes-clipboard.bin.source`. +Then use Ctrl+Shift+V to paste the data to the target qube. + +### Copying logs from dom0 In order to easily copy/paste the contents of logs from dom0 to the inter-VM clipboard, you can simply: -1. Right-click on the desired VM in the Qubes VM Manager. -2. Click "Logs." -3. Click on the desired log. -4. Click "Copy to Qubes clipboard." + 1. Right-click on the desired qube in the Qube Manager. -You may now paste the log contents to any VM as you normally would (i.e., Ctrl-Shift-V, then Ctrl-V). + 2. Click "Logs." -### Copy/paste from dom0 ### + 3. Click on the desired log. -For data other than logs, there are several options: + 4. Click "Copy to Qubes clipboard." -1. Use the **Qubes Clipboard** widget: - - Copy text to the clipboard normally in dom0. - - Click the **Qubes Clipboard** icon in the Notification Area. - - Click "Copy dom0 clipboard". - - Receive a notification that text has been copied to the inter-qube clipboard. - - Press Ctrl + Shift + V in a qube to paste into the desired qube's clipboard. - - Paste normally within that qube. -2. Copy it as a file (see above) -3. Write the data you wish to copy into `/var/run/qubes/qubes-clipboard.bin`, then `echo -n dom0 > /var/run/qubes/qubes-clipboard.bin.source`. - Then use Ctrl-Shift-V to paste the data to the desired VM. +You may now paste the log contents in qube as you normally would (e.g., Ctrl+Shift+V, then Ctrl+V). -Copying **to** dom0 -------------------- +## Copying **to** dom0 Copying anything into dom0 is not advised, since doing so can compromise the security of your Qubes system. -For this reason, there is no simple means of copying anything into dom0, unlike [copying from dom0](#copying-from-dom0) and [copying files between VMs](/doc/copying-files/). +For this reason, there is no simple means of copying anything into dom0, unlike [copying from dom0](#copying-from-dom0). -There should normally be few reasons for the user to want to copy anything from VMs to dom0, as dom0 only acts as a "thin trusted terminal", and no user applications run there. -One possible use-case for this is if we want to use a desktop wallpaper in dom0 we have located in one of our AppVMs (e.g. in the 'personal' AppVM where we got the wallpaper from our camera or downloaded it from the Internet). -While this use-case is understandable, imagine what would happen if the wallpaper (e.g. a JPEG file) was somehow malformed or malicious and attempted to exploit a hypothetical JPEG parser bug in dom0 code (e.g. in the dom0's Xorg/KDE code that parses the wallpaper and displays it). +There should normally be few reasons for the user to want to copy anything from domUs to dom0, as dom0 only acts as a "thin trusted terminal", and no user applications run there. +Sometimes, new users feel the urge to copy a desktop wallpaper image into dom0, but that is not necessary. +A safer approach is simply to display the image in [full-screen mode](/doc/full-screen-mode/) in an AppVM, then take a screenshot from dom0, which results in exactly the image needed for a wallpaper, created securely and natively in dom0. If you are determined to copy some files to dom0 anyway, you can use the following method. (If you want to copy text, first save it into a text file.) Run this command in a dom0 terminal: -~~~ -qvm-run --pass-io 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0 -~~~ + qvm-run --pass-io 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0 -Note that you can use the same method to copy files from dom0 to VMs (if, for some reason, you don't want to use `qvm-copy-to-vm`): +Note that you can use the same method to copy files from dom0 to domUs (if, for some reason, you don't want to use `qvm-copy-to-vm`): -~~~ -cat /path/to/file_in_dom0 | qvm-run --pass-io 'cat > /path/to/file_name_in_appvm' -~~~ + cat /path/to/file_in_dom0 | qvm-run --pass-io 'cat > /path/to/file_name_in_appvm' diff --git a/user/common-tasks/copy-paste.md b/user/common-tasks/copy-paste.md index e2d7baeb..03c9b5ed 100644 --- a/user/common-tasks/copy-paste.md +++ b/user/common-tasks/copy-paste.md @@ -1,6 +1,6 @@ --- layout: doc -title: Copy and Paste +title: Copying and pasting text between qubes permalink: /doc/copy-paste/ redirect_from: - /en/doc/copy-paste/ @@ -8,51 +8,49 @@ redirect_from: - /wiki/CopyPaste/ --- -Copy and Paste between domains -============================== +Copying and pasting text between qubes +====================================== -Qubes fully supports secure copy and paste operation between domains. -In order to copy a clipboard from domain A to domain B, follow those steps: +*This page is about copying and pasting plain text. +If you wish to copy more complex data, such as rich text or images, see [copying and moving files between qubes](/doc/copying-files/). +For dom0, see [copying from (and to) dom0](/doc/copy-from-dom0/).* -1. Click on the application window in domain A where you have selected text for copying. - Then use the *app-specific* hot-key (or menu option) to copy this into domain's local clipboard (in other words: do the copy operation as usual, in most cases by pressing Ctrl-C). -2. Then (when the app in domain A is still in focus) press Ctrl-Shift-C magic hot-key. - This will tell Qubes that we want to select this domain's clipboard for *global copy* between domains. -3. Now select the destination app, running in domain B, and press Ctrl-Shift-V, another magic hot-key that will tell Qubes to make the clipboard marked in the previous step available to apps running in domain B. - This step is necessary because it ensures that only domain B will get access to the clipboard copied from domain A, and not any other domain that might be running in the system. -4. Now, in the destination app use the app-specific key combination (usually Ctrl-V) for pasting the clipboard. +Qubes OS features a secure inter-qube clipboard that allows you to copy and paste text between qubes. -Note that the global clipboard will be cleared after step \#3, to prevent accidental leakage to another domain, if the user accidentally pressed Ctrl-Shift-V later. +In order to copy text from qube A to qube B: -This 4-step process might look complex, but after some little practice it really is very easy and fast. -At the same time it provides the user with full control over who has access to the clipboard. + 1. Select text from the source app in qube A, then copy it normally (e.g., by pressing Ctrl+C). -Note that only simple plain text copy/paste is supported between AppVMs. -This is discussed in a bit more detail in [this message](https://groups.google.com/group/qubes-devel/msg/57fe6695eb8ec8cd). + 2. With the source app in qube A still in focus, press Ctrl+Shift+C. + This copies the text from qube A's clipboard to the inter-qube clipboard. -On Copy/Paste Security ----------------------- + 3. Select the target app in qube B and press Ctrl+Shift+V. + This copies the text from the inter-qube clipboard to qube B's clipboard and clears the inter-qube clipboard, ensuring that only qube B will have access to the copied text. -The scheme is *secure* because it doesn't allow other VMs to steal the content of the clipboard. -However, one should keep in mind that performing a copy and paste operation from *less trusted* to *more trusted* domain can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination VM (e.g. -the seemingly innocent link that we copy from untrusted domain, might turn out to be, in fact, a large buffer of junk that, when pasted into the destination VM's word processor could exploit a hypothetical bug in the undo buffer). -This is a general problem and applies to any data transfer between *less trusted to more trusted* domains. -It even applies to copying files between physically separate machines (air-gapped) systems. -So, you should always copy clipboard and data only from *more trusted* to *less trusted* domains. + 4. Paste the text in the target app in qube B normally (e.g., by pressing Ctrl+V). -See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes. +This process might look complicated at first glance, but in practice it is actually very easy and fast once you get used to it. +At the same time, it provides you with full control over exactly which qube receives the content of the inter-qube clipboard every time. -And [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. +Security +-------- -Copy/Paste between dom0 and other domains ------------------------------------------ +The inter-qube clipboard system is secure because it doesn't allow any qube other than your selected target to steal any contents from the inter-qube clipboard. +Without such a system in place, any password you were to copy from the password manager in your vault qube to another qube, for example, would immediately be leaked to every other running qube in the system, including qubes that are untrusted by default, such as `sys-net`. +By giving you precise control over exactly which qube receives the inter-qube clipboard content, then immediately wiping the inter-qube clipboard afterward, Qubes OS protects the confidentiality of the text being copied. -See ["Copying from (and to) dom0"](/doc/copy-from-dom0/). +However, one should keep in mind that performing a copy and paste operation from *less trusted* to *more trusted* qube is always potentially insecure, since the data that we copy could exploit some hypothetical bug in the target qube. +For example, the seemingly-innocent link that we copy from an untrusted qube could turn out to be a large buffer of junk that, when pasted into the target qube's word processor, could exploit a hypothetical bug in the undo buffer. +This is a general problem and applies to any data transfer from *less trusted* to *more trusted* qubes. +It even applies to copying files between physically separate (air-gapped) machines. +Therefore, you should always copy clipboard data only from *more trusted* to *less trusted* qubes. + +See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as wlel as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. Clipboard automatic policy enforcement -------------------------------------- -The Qubes clipboard [RPC policy] is configurable in: +The Qubes clipboard [RPC policy](/doc/rpc-policy/) is configurable in: ~~~ /etc/qubes-rpc/policy/qubes.ClipboardPaste @@ -66,7 +64,7 @@ For example, if you are certain that you never wish to paste *into* your "vault" @anyvm @anyvm ask ~~~ -Shortcut Configuration +Shortcut configuration ---------------------- The copy/paste shortcuts are configurable in: @@ -78,7 +76,3 @@ The copy/paste shortcuts are configurable in: If you edit a line in this file, you must uncomment it (by removing the initial `#` character), or else it will have no effect. VMs need to be restarted in order for changes in `/etc/qubes/guid.conf` to take effect. - - -[RPC policy]: /doc/rpc-policy/ - diff --git a/user/common-tasks/copying-files.md b/user/common-tasks/copying-files.md index 21688795..9db80673 100644 --- a/user/common-tasks/copying-files.md +++ b/user/common-tasks/copying-files.md @@ -1,6 +1,6 @@ --- layout: doc -title: Copying Files between qubes +title: Copying and moving files between qubes permalink: /doc/copying-files/ redirect_from: - /en/doc/copying-files/ @@ -8,31 +8,34 @@ redirect_from: - /wiki/CopyingFiles/ --- -Copying files and folders between qubes -============================= +Copying and moving files between qubes +====================================== -Qubes also supports secure copying of files and folders between qubes. -These instructions refer to file(s) but equally apply to copying folders. +*This page is about copying and moving files. +If you wish to simply copy and paste text, that can be done more easily using the inter-qube clipboard. +See [copying and pasting text between qubes](/doc/copy-paste/). +For dom0, see [copying from (and to) dom0](/doc/copy-from-dom0/).* -In order to copy file(s) from qube A to qube B, follow these steps: +Qubes OS supports the secure copying and moving of files and directories (folders) between qubes. -GUI ---- +For simplicity, these instructions will refer to copying/moving a single file, but they apply equally well to groups of files and directories, which are copied recursively. -1. Open file manager in the source qube (qube A), choose file(s) that you wish to copy, and right click on the selection, and choose `Copy to another AppVM` + 1. Open a file manager in the qube containing the file you wish to copy (the source qube), right-click on the file you wish to copy or move, and select `Copy to Other AppVM...` or `Move to Other AppVM...`. -2. A dialog box will appear asking for the name of the destination qube (qube B). + 2. A dialog box will appear in dom0 asking for the name of the target qube (qube B). + Enter or select the desired destination qube name. -3. A confirmation dialog box will appear(this will be displayed by Dom0, so none of the qubes can fake your consent). - After you click ok, qube B will be started if it is not already running, the file copy operation will start, and the files will be copied into the following folder in qube B: + 3. If the target qube is not already running, it will be started automatically, and the file will be copied there. + It will show up in this directory (which will automatically be created if it does not already exist): - `/home/user/QubesIncoming/` + /home/user/QubesIncoming// -4. You can now move them whenever you like in the qube B filesystem using the file manager there. + If you selected **Move** rather than **Copy**, the original file in the source qube will be deleted. + (Moving a file is equivalent to copying the file, then deleting the original.) + 4. If you wish, you may now move the file in the target qube to a different directory and delete the `/home/user/QubesIncoming/` directory when no longer needed. -CLI ---- +The same operations are also available via these command-line tools: ``` qvm-copy [--without-progress] file [file]+ @@ -42,18 +45,21 @@ qvm-copy [--without-progress] file [file]+ qvm-move [--without-progress] file [file]+ ``` +Security +-------- -On inter-qube file copy security ----------------------------------- - -The scheme is *secure* because it doesn't allow other qubes to steal the files that are being copied, and also doesn't allow the source qube to overwrite arbitrary files on the destination qube. -Also, Qubes's file copy scheme doesn't use any sort of virtual block devices for file copy -- instead we use Xen shared memory, which eliminates lots of processing of untrusted data. +The inter-qube file copy system is secure because it doesn't allow other qubes to steal the files that are being copied, and it doesn't allow the source qube to overwrite arbitrary files on the destination qube. +Moreover, this system doesn't use any sort of virtual block device for file copy. +Instead, we use Xen shared memory, which eliminates a lot of processing of untrusted data. For example, the receiving qube is *not* forced to parse untrusted partitions or file systems. -In this respect our file copy mechanism provides even more security than file copy between two physically separated (air-gapped) machines! +In this respect, the inter-qube file copy system provides even more security than file copy between two physically separated (air-gapped) machines! +(See [Software compartmentalization vs. physical separation](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) for more on this.) -However, one should keep in mind that performing a data transfer from *less trusted* to *more trusted* qubes can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination qube (e.g. a seemingly innocent JPEG that we copy from an untrusted qube might contain a specially crafted exploit for a bug in JPEG parsing application in the destination qube). -This is a general problem and applies to any data transfer between *less trusted to more trusted* qubes. +However, one should keep in mind that performing a data transfer from *less trusted* to *more trusted* qubes is always potentially insecure if the data will be parsed in the target qube. +This is because the data that we copy could try to exploit some hypothetical bug in software running in the target qube. +For example, a seemingly-innocent JPEG that we copy from an untrusted qube might contain a specially-crafted exploit for a bug in a JPEG-parsing application in the target qube. +This is a general problem and applies to any data transfer from *less trusted* to *more trusted* qubes. It even applies to the scenario of copying files between air-gapped machines. -So, you should always copy data only from *more trusted* to *less trusted* qubes. +Therefore, you should always copy data only from *more trusted* to *less trusted* qubes. See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes. From 2535c3a3d1ddcbcca91d5ae1e9bddebb06dcaab8 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 04:09:33 -0800 Subject: [PATCH 21/23] Link to dom0 glossary entry --- user/common-tasks/software-update-dom0.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user/common-tasks/software-update-dom0.md b/user/common-tasks/software-update-dom0.md index 4512605a..daecefbb 100644 --- a/user/common-tasks/software-update-dom0.md +++ b/user/common-tasks/software-update-dom0.md @@ -10,7 +10,7 @@ redirect_from: # Installing and updating software in dom0 -Updating dom0 is one of the main steps in [Updating Qubes OS]. +Updating [dom0] is one of the main steps in [Updating Qubes OS]. It is very important to keep dom0 up-to-date with the latest [security] updates. We also publish dom0 updates for various non-security bug fixes and enhancements to Qubes components. In addition, you may wish to update the kernel, drivers, or libraries in dom0 when [troubleshooting newer hardware]. @@ -218,6 +218,7 @@ For example: sys-whonix. Qubes VM Manager -> System -> Global Settings -> UpdateVM -> sys-whonix +[dom0]: /doc/glossary/#dom0 [Updating Qubes OS]: /doc/updating-qubes-os/ [security]: /security/ [testing]: /doc/testing/ From f5cb15d1a3a69dfc49f880fc75844c23a8f7c334 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 04:54:31 -0800 Subject: [PATCH 22/23] Fix typo --- user/common-tasks/copy-paste.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/common-tasks/copy-paste.md b/user/common-tasks/copy-paste.md index 03c9b5ed..fc27067e 100644 --- a/user/common-tasks/copy-paste.md +++ b/user/common-tasks/copy-paste.md @@ -45,7 +45,7 @@ This is a general problem and applies to any data transfer from *less trusted* t It even applies to copying files between physically separate (air-gapped) machines. Therefore, you should always copy clipboard data only from *more trusted* to *less trusted* qubes. -See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as wlel as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. +See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as well as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. Clipboard automatic policy enforcement -------------------------------------- From 31d28d0ad2f2277212e31b9eb6f77fd4a0469eba Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 05:00:24 -0800 Subject: [PATCH 23/23] Update links --- user/security-in-qubes/split-gpg.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/security-in-qubes/split-gpg.md b/user/security-in-qubes/split-gpg.md index 2dff3068..9a1c1431 100644 --- a/user/security-in-qubes/split-gpg.md +++ b/user/security-in-qubes/split-gpg.md @@ -378,8 +378,8 @@ As always, exercise caution and use your good judgment.) [intro]: #what-is-split-gpg-and-why-should-i-use-it-instead-of-the-standard-gpg [se-pinentry]: https://unix.stackexchange.com/a/379373 [​subkeys]: https://wiki.debian.org/Subkeys -[copied]: /doc/copying-files#on-inter-qube-file-copy-security -[pasted]: /doc/copy-paste#on-copypaste-security +[copied]: /doc/copying-files#security +[pasted]: /doc/copy-paste#security [​MUA]: https://en.wikipedia.org/wiki/Mail_user_agent [covert channels]: /doc/data-leaks [trusting-templates]: /doc/templates/#trusting-your-templatevms