From 9783171ce716dd754c6aa0f06d252c50226aa43b Mon Sep 17 00:00:00 2001 From: apparatius <151992958+apparatius@users.noreply.github.com> Date: Sat, 10 Aug 2024 07:27:24 +0000 Subject: [PATCH 1/6] Fix a dom0 package downgrade/reinstall commands --- .../how-to-install-software-in-dom0.md | 37 ++----------------- 1 file changed, 4 insertions(+), 33 deletions(-) diff --git a/user/advanced-topics/how-to-install-software-in-dom0.md b/user/advanced-topics/how-to-install-software-in-dom0.md index ddd7f869..1aacb840 100644 --- a/user/advanced-topics/how-to-install-software-in-dom0.md +++ b/user/advanced-topics/how-to-install-software-in-dom0.md @@ -65,44 +65,15 @@ commands to `dnf` using `--action=...`. **WARNING:** Downgrading a package can expose your system to security vulnerabilities. -1. Download an older version of the package: +To downgrade a specific package in dom0: - ~~~ - sudo qubes-dom0-update package-version - ~~~ - - Dnf will say that there is no update, but the package will nonetheless be - downloaded to dom0. - -2. Downgrade the package: - - ~~~ - sudo dnf downgrade package-version - ~~~ + sudo qubes-dom0-update --action=downgrade package-version ## How to re-install a package -You can re-install in a similar fashion to downgrading. +To re-install a package in dom0: -1. Download the package: - - ~~~ - sudo qubes-dom0-update package - ~~~ - - Dnf will say that there is no update, but the package will nonetheless be - downloaded to dom0. - -2. Re-install the package: - - ~~~ - sudo dnf reinstall package - ~~~ - - Note that `dnf` will only re-install if the installed and downloaded - versions match. You can ensure they match by either updating the package to - the latest version, or specifying the package version in the first step - using the form `package-version`. + sudo qubes-dom0-update --action=reinstall package ## How to uninstall a package From db7938992d554ce633cd15cfd8144b232430f657 Mon Sep 17 00:00:00 2001 From: deeplow <47065258+deeplow@users.noreply.github.com> Date: Mon, 27 Jan 2025 13:49:56 +0000 Subject: [PATCH 2/6] qrexec: add info about QREXEC_REMOTE_DOMAIN Add information about `QREXEC_REMOTE_DOMAIN` which is still on the qrexec2.md file but not on the V3. However, this still applies, so it should be documented. --- developer/services/qrexec.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/developer/services/qrexec.md b/developer/services/qrexec.md index edee53b1..ded9fa97 100644 --- a/developer/services/qrexec.md +++ b/developer/services/qrexec.md @@ -109,10 +109,6 @@ whether to allow the request, what VM to redirect the execution to, and what use Note that if the request is redirected (`target=` parameter), policy action remains the same -- even if there is another rule which would otherwise deny such request. If no policy rule is matched, the action is denied. -In the target VM, a file in either of the following locations must exist, containing the file name of the program that will be invoked, or being that program itself -- in which case it must have executable permission set (`chmod +x`): - - `/etc/qubes-rpc/RPC_ACTION_NAME` when you make it in the template qube; - - `/usr/local/etc/qubes-rpc/RPC_ACTION_NAME` for making it only in an app qube. - Files in `/run/qubes/policy.d/` are deleted when the system is rebooted. This is useful for temporary policy that contains the name or UUID of a disposable VM, which will not be meaningful after the system has rebooted. Such policy files can be created manually, but they are usually created automatically by a Qrexec call to dom0. @@ -140,6 +136,17 @@ It is also possible to call service without specific client program -- in which $ qrexec-client-vm target_vm_name RPC_ACTION_NAME ``` +### Answering an RPC call + +In other for a RPC call to be answered in the target VM, a file in either of the following locations must exist, containing the file name of the program that will be invoked, or being that program itself -- in which case it must have executable permission set (`chmod +x`): + - `/etc/qubes-rpc/RPC_ACTION_NAME` when you make it in the template qube; + - `/usr/local/etc/qubes-rpc/RPC_ACTION_NAME` for making it only in an app qube. + +The source VM name can then be accessed in the server process via +`QREXEC_REMOTE_DOMAIN` environment variable. (Note the source VM has *no* +control over the name provided in this variable--the name of the VM is +provided by dom0, and so is trusted.) + ### Specifying VMs: tags, types, targets, etc. There are severals methods for specifying source/target VMs in RPC policies. From aa1c72268737e6599b410e8eebeb78b2eedf8c4f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 19 Feb 2025 05:09:27 -0800 Subject: [PATCH 3/6] Remove Facebook from social media list (no longer being updated) --- introduction/support.md | 1 - 1 file changed, 1 deletion(-) diff --git a/introduction/support.md b/introduction/support.md index b12bb55f..e7e9d71a 100644 --- a/introduction/support.md +++ b/introduction/support.md @@ -502,7 +502,6 @@ The Qubes OS Project has a presence on the following social media platforms: - Twitter - Mastodon - Reddit -- Facebook - LinkedIn Generally speaking, these are not intended to be primary support venues. (Those From 832bcf8855b50c5906e9132ec9312dd1c23ada68 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 19 Feb 2025 05:35:26 -0800 Subject: [PATCH 4/6] Add NovaCustom V54 Series --- user/hardware/certified-hardware.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/user/hardware/certified-hardware.md b/user/hardware/certified-hardware.md index 41b825fe..31a53e7e 100644 --- a/user/hardware/certified-hardware.md +++ b/user/hardware/certified-hardware.md @@ -25,6 +25,12 @@ Qubes-certified computers are certified for a [major release](/doc/version-schem The current Qubes-certified models are listed below in reverse chronological order of certification. +### NovaCustom V54 Series 14.0 inch coreboot laptop + +[![Photo of the NovaCustom V54 Series 14.0 inch coreboot laptop](/attachment/site/novacustom-v54-series.png)](https://novacustom.com/product/v54-series/) + +The [NovaCustom V54 Series 14.0 inch coreboot laptop](https://novacustom.com/product/v54-series/) is certified for Qubes OS Release 4. + ### NitroPad V56 [![Photo of the NitroPad V56](/attachment/site/nitropad-v56.png)](https://shop.nitrokey.com/shop/nitropad-v56-684) From cab3bec6a7dd1084143e3b20c314dbc82ff448be Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 19 Feb 2025 06:15:58 -0800 Subject: [PATCH 5/6] Add step for pushing qubes-release to current QubesOS/qubes-issues#9783 --- developer/releases/todo.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/developer/releases/todo.md b/developer/releases/todo.md index 23d370ed..bcac1b17 100644 --- a/developer/releases/todo.md +++ b/developer/releases/todo.md @@ -37,6 +37,7 @@ On final release * finish release notes * update InstallationInstructions * build ISO and push to mirrors +* push `qubes-release` package to `current` * notify @Rudd-O about the new ISO for new torrent hosting -* write blog post -* announce on Twitter +* write news post +* announce From 90235722693d30e4b3f31606aa7b7e76bb3e9248 Mon Sep 17 00:00:00 2001 From: jermanuts <109705802+jermanuts@users.noreply.github.com> Date: Wed, 19 Feb 2025 18:47:19 +0200 Subject: [PATCH 6/6] Update rufus link --- user/downloading-installing-upgrading/installation-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/downloading-installing-upgrading/installation-guide.md b/user/downloading-installing-upgrading/installation-guide.md index a4684667..3377f744 100644 --- a/user/downloading-installing-upgrading/installation-guide.md +++ b/user/downloading-installing-upgrading/installation-guide.md @@ -74,7 +74,7 @@ Change `Qubes-RX-x86_64.iso` to the filename of the version you're installing, a #### Windows ISO to USB -On Windows, you can use the [Rufus](https://rufus.akeo.ie/) tool to write the ISO to a USB key. Be sure to select "Write in DD Image mode" *after* selecting the Qubes ISO and pressing "START" on the Rufus main window. +On Windows, you can use the [Rufus](https://rufus.ie/) tool to write the ISO to a USB key. Be sure to select "Write in DD Image mode" *after* selecting the Qubes ISO and pressing "START" on the Rufus main window.