Git-Mirrors
/
qubes-doc
mirror of https://github.com/QubesOS/qubes-doc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into tails-troubleshooting

This commit is contained in:
Andrew David Wong 2020-11-21 07:27:10 -08:00 committed by GitHub
parent bcc9673178 67a2931257
commit 2667084747
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 99 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc.md
View File

@ -283,6 +283,7 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co
* [Sony Vaio Troubleshooting](/doc/sony-vaio-tinkering/)
* [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/)
* [Multiboot Troubleshooting](/doc/multiboot/#troubleshooting)
* [Application Troubleshooting](/doc/application-troubleshooting/)
* [Tails Troubleshooting](/doc/tails-troubleshooting/)
### Building Guides

45
external/troubleshooting/application-troubleshooting.md vendored Normal file
View File

@ -0,0 +1,45 @@
---
layout: doc
title: Application Troubleshooting
permalink: /doc/application-troubleshooting/
---
# Troubleshooting default applications on Qubes #
## Fullscreen Firefox is frozen ##
Press F11 twice.
## Firefox crashes ##
If you are facing frequent crashes or lags when using Firefox browser (especially when watching videos), you may need to turn off Hardware Acceleration. You can do this by navigating to "Preferences", then "Performance". Untick the "Use recommended performance settings" checkbox, followed by "Use hardware acceleration when available".
If this doesn't fix the issue, try turning off smooth scrolling by unticking "Use smoothing scrolling" under the "Browsing" section.
## LibreOffice open as a tiny window ##
Some programs like LibreOffice open as a tiny window -- small enough that the content of the file is not even visible.
You can open LibreOffice as a larger window using this workaround:
### Using the command line
1. In the VM where you want to open the LibreOffice, open the `registrymodifications.xcu` file in an editor:
~~~
sudo nano ~/.config/libreoffice/4/user/registrymodifications.xcu
~~~
2. Find the lines containing `ooSetupFactoryWindowAttributes`. It will look like this:
~~~
<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.sheet.SpreadsheetDocument']"><prop oor:name="ooSetupFactoryWindowAttributes" oor:op="fuse"><value>61,61,1807,982;5;38,56,1807,982;</value></prop></item>
~~~
3. We are interested in the values between the `<value>` tag. These window position values are specified as: `x-pos,y-pos,width,height ; window-state ; maximized-x-pos,maximized-y-pos,maximized-width,maximized-height`. Edit the third and fourth values to your desired width and height (for example, to 1800 and 900).
4. Do this once for every template and the program will always open at this size.
### Using the GUI
1. Open any Libreoffice app.
2. Navigate to the "Tools" menu, select "Options", then "Advanced". Click the "Open Expert Configuration" button.
3. Search for "ooSetupFactoryWindowAttributes".
4. Scroll right to see the values set for each component as a string value. For example: `61,61,1807,982;5;38,56,1807,982;`. These window position values are specified as: `x-pos,y-pos,width,height ; window-state ; maximized-x-pos,maximized-y-pos,maximized-width,maximized-height`. Edit the third and fourth values to your desired width and height (for example, to 1800 and 900).
5. Do this once for every template and the program will always open at this size.

58
project-security/verifying-signatures.md
View File

@ -188,15 +188,29 @@ Now that you've imported the authentic Qubes Master Signing Key, set its trust l
Now, when you import any of the legitimate Qubes developer keys and Release Signing Keys used to sign ISOs, RPMs, TGZs, Git tags, and Git commits, they will already be trusted in virtue of being signed by the Qubes Master Signing Key.
Before proceeding to the next step, make sure the Qubes Master Signing Key is in your keyring with the correct trust level.
(Note: We have already verified the authenticity of the key, so this final check is not about security.
Rather, it's just a sanity check to make sure that we've imported the key into our keyring correctly.)
$ gpg2 -k "Qubes Master Signing Key"
pub rsa4096 2010-04-01 [SC]
427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid [ultimate] Qubes Master Signing Key
If you don't see the Qubes Master Signing Key here with a trust level of "ultimate," go back and follow the instructions in this section carefully.
### 2. Get the Release Signing Key
The filename of the Release Signing Key for your version is `qubes-release-X-signing-key.asc`, where `X` is the major version number of your Qubes release.
The filename of the Release Signing Key for your version is usually `qubes-release-X-signing-key.asc`, where `X` is the major version number of your Qubes release.
There are several ways to get the Release Signing Key for your Qubes release.
- If you have access to an existing Qubes installation, the release keys are available in dom0 in `/etc/pki/rpm-gpg/`.
- If you have access to an existing Qubes installation, the release keys are available in dom0 in `/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-*`.
These can be [copied][copy-from-dom0] into other VMs for further use.
In addition, every other VM contains the release key corresponding to that installation's release in `/etc/pki/rpm-gpg/`.
In addition, every other VM contains the release key corresponding to that installation's release in `/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-*`.
If you wish to use one of these keys, make sure to import it into your keyring, e.g.:
$ gpg2 --import /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-*
- Fetch it with GPG:
@ -221,13 +235,19 @@ The Release Signing Key should be signed by the Qubes Master Signing Key:
gpg: 2 good signatures
This is just an example, so the output you receive will not look exactly the same.
What matters is the line that shows that this key is signed by the Qubes Master
Signing Key with a `sig!` prefix. This verifies the authenticity of the
Release Signing Key. Note that the `!` flag after the `sig` tag is important
because it means that the key signature is valid. A `sig-` prefix would
indicate a bad signature and `sig%` would mean that gpg encountered an error
while verifying the signature.
It is not necessary to independently verify the authenticity of the Release Signing Key.
What matters is the line that shows that this key is signed by the Qubes Master Signing Key with a `sig!` prefix.
This verifies the authenticity of the Release Signing Key.
Note that the `!` flag after the `sig` tag is important because it means that the key signature is valid.
A `sig-` prefix would indicate a bad signature and `sig%` would mean that gpg encountered an error while verifying the signature.
It is not necessary to independently verify the authenticity of the Release Signing Key, since you already verified the authenticity of the Qubes Master Signing Key.
Before proceeding to the next step, make sure the Release Signing Key is in your keyring:
$ gpg2 -k "Qubes OS Release"
pub rsa4096 2017-03-06 [SC]
5817A43B283DE5A9181A522E1848792F9E2795E9
uid [ full ] Qubes OS Release X Signing Key
If you don't see the correct Release Signing Key here, go back and follow the instructions in this section carefully.
### 3. Verify your Qubes ISO
@ -236,7 +256,9 @@ Every Qubes ISO is released with a detached PGP signature file, which you can fi
If the filename of your ISO is `Qubes-RX-x86_64.iso`, then the name of the signature file for that ISO is `Qubes-RX-x86_64.iso.asc`, where `X` is a specific version of Qubes.
The signature filename is always the same as the ISO filename followed by `.asc`.
Once you've downloaded both the ISO and its signature file, you can verify the ISO using GPG:
Download both the ISO and its signature file.
Put both of them in the same directory, then navigate to that directory.
Now, you can verify the ISO by executing this GPG command in the directory that contains both files:
$ gpg2 -v --verify Qubes-RX-x86_64.iso.asc Qubes-RX-x86_64.iso
gpg: armor header: Version: GnuPG v1
@ -325,8 +347,8 @@ Another way is to use `openssl` to compute each hash value, then compare them to
(Notice that the outputs match the values from the digest file.)
However, it is possible that an attacker replaced `Qubes-RX-x86_64.iso` with a malicious ISO, computed the hash values for that ISO, and replaced the values in `Qubes-RX-x86_64.iso.DIGESTS` with his own set of values.
Therefore, ideally, we should also verify the authenticity of the listed hash values.
However, it is possible that an attacker replaced `Qubes-RX-x86_64.iso` with a malicious ISO, computed the hash values for that malicious ISO, and replaced the values in `Qubes-RX-x86_64.iso.DIGESTS` with his own set of values.
Therefore, we should also verify the authenticity of the listed hash values.
Since `Qubes-RX-x86_64.iso.DIGESTS` is a clearsigned PGP file, we can use GPG to verify it from the command line:
1. [Get the Qubes Master Signing Key and verify its authenticity][QMSK]
@ -400,10 +422,16 @@ The problem could be one or more of the following:
If you still get the same result, try downloading the ISO again from a different source, then try verifying again.
### I'm getting "bash: gpg2: command not found"
### Why am I getting "bash: gpg2: command not found"?
You don't have `gpg2` installed.
Please install it using the method appropriate for your environement (e.g., via your package manager).
Please install it using the method appropriate for your environment (e.g., via your package manager).
### Why am I getting "No such file or directory"?
Your working directory does not contain the required files.
Go back and follow the instructions more carefully, making sure that you put all required files in the same directory *and* navigate to that directory.
### Why am I getting "can't open signed data `Qubes-RX-x86_64.iso' / can't hash datafile: file open error"?

10
user/troubleshooting/usb-troubleshooting.md
View File

@ -81,3 +81,13 @@ Note that this procedure will attach your USB controllers to dom0, so do this on
If your computer has a PS/2 port, you may instead use a PS/2 keyboard to enter the LUKS password.
## "qubes-usb-proxy not installed in the VM" error ##
When trying to [create and use a USB qube](/doc/usb-devices/#creating-and-using-a-usb-qube) with the `qubes-usb-proxy` package, you may receive this error: `ERROR: qubes-usb-proxy not installed in the VM`.
If you encounter this error, you can install the `qubes-usb-proxy` with the package manager in the VM you want to attach the USB device to.
Depending on your operating system, open a terminal in the TemplateVM and enter one of the following commands:
* Fedora: `sudo dnf install qubes-usb-proxy`
* Debian/Ubuntu: `sudo apt-get install qubes-usb-proxy`