diff --git a/doc.md b/doc.md index 7972089b..4ef71dd3 100644 --- a/doc.md +++ b/doc.md @@ -283,6 +283,7 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [Sony Vaio Troubleshooting](/doc/sony-vaio-tinkering/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) * [Multiboot Troubleshooting](/doc/multiboot/#troubleshooting) + * [Application Troubleshooting](/doc/application-troubleshooting/) * [Tails Troubleshooting](/doc/tails-troubleshooting/) ### Building Guides diff --git a/external/troubleshooting/application-troubleshooting.md b/external/troubleshooting/application-troubleshooting.md new file mode 100644 index 00000000..b8aa8d79 --- /dev/null +++ b/external/troubleshooting/application-troubleshooting.md @@ -0,0 +1,45 @@ +--- +layout: doc +title: Application Troubleshooting +permalink: /doc/application-troubleshooting/ +--- + +# Troubleshooting default applications on Qubes # + +## Fullscreen Firefox is frozen ## + +Press F11 twice. + +## Firefox crashes ## + +If you are facing frequent crashes or lags when using Firefox browser (especially when watching videos), you may need to turn off Hardware Acceleration. You can do this by navigating to "Preferences", then "Performance". Untick the "Use recommended performance settings" checkbox, followed by "Use hardware acceleration when available". + +If this doesn't fix the issue, try turning off smooth scrolling by unticking "Use smoothing scrolling" under the "Browsing" section. + +## LibreOffice open as a tiny window ## + +Some programs like LibreOffice open as a tiny window -- small enough that the content of the file is not even visible. + +You can open LibreOffice as a larger window using this workaround: + +### Using the command line +1. In the VM where you want to open the LibreOffice, open the `registrymodifications.xcu` file in an editor: + ~~~ + sudo nano ~/.config/libreoffice/4/user/registrymodifications.xcu + ~~~ + +2. Find the lines containing `ooSetupFactoryWindowAttributes`. It will look like this: + ~~~ + 61,61,1807,982;5;38,56,1807,982; + ~~~ + +3. We are interested in the values between the `` tag. These window position values are specified as: `x-pos,y-pos,width,height ; window-state ; maximized-x-pos,maximized-y-pos,maximized-width,maximized-height`. Edit the third and fourth values to your desired width and height (for example, to 1800 and 900). +4. Do this once for every template and the program will always open at this size. + +### Using the GUI +1. Open any Libreoffice app. +2. Navigate to the "Tools" menu, select "Options", then "Advanced". Click the "Open Expert Configuration" button. +3. Search for "ooSetupFactoryWindowAttributes". +4. Scroll right to see the values set for each component as a string value. For example: `61,61,1807,982;5;38,56,1807,982;`. These window position values are specified as: `x-pos,y-pos,width,height ; window-state ; maximized-x-pos,maximized-y-pos,maximized-width,maximized-height`. Edit the third and fourth values to your desired width and height (for example, to 1800 and 900). +5. Do this once for every template and the program will always open at this size. + diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 3fc877db..af43e0d7 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -188,15 +188,29 @@ Now that you've imported the authentic Qubes Master Signing Key, set its trust l Now, when you import any of the legitimate Qubes developer keys and Release Signing Keys used to sign ISOs, RPMs, TGZs, Git tags, and Git commits, they will already be trusted in virtue of being signed by the Qubes Master Signing Key. +Before proceeding to the next step, make sure the Qubes Master Signing Key is in your keyring with the correct trust level. +(Note: We have already verified the authenticity of the key, so this final check is not about security. +Rather, it's just a sanity check to make sure that we've imported the key into our keyring correctly.) + + $ gpg2 -k "Qubes Master Signing Key" + pub rsa4096 2010-04-01 [SC] + 427F11FD0FAA4B080123F01CDDFA1A3E36879494 + uid [ultimate] Qubes Master Signing Key + +If you don't see the Qubes Master Signing Key here with a trust level of "ultimate," go back and follow the instructions in this section carefully. + ### 2. Get the Release Signing Key -The filename of the Release Signing Key for your version is `qubes-release-X-signing-key.asc`, where `X` is the major version number of your Qubes release. +The filename of the Release Signing Key for your version is usually `qubes-release-X-signing-key.asc`, where `X` is the major version number of your Qubes release. There are several ways to get the Release Signing Key for your Qubes release. - - If you have access to an existing Qubes installation, the release keys are available in dom0 in `/etc/pki/rpm-gpg/`. + - If you have access to an existing Qubes installation, the release keys are available in dom0 in `/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-*`. These can be [copied][copy-from-dom0] into other VMs for further use. - In addition, every other VM contains the release key corresponding to that installation's release in `/etc/pki/rpm-gpg/`. + In addition, every other VM contains the release key corresponding to that installation's release in `/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-*`. + If you wish to use one of these keys, make sure to import it into your keyring, e.g.: + + $ gpg2 --import /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-* - Fetch it with GPG: @@ -221,13 +235,19 @@ The Release Signing Key should be signed by the Qubes Master Signing Key: gpg: 2 good signatures This is just an example, so the output you receive will not look exactly the same. -What matters is the line that shows that this key is signed by the Qubes Master -Signing Key with a `sig!` prefix. This verifies the authenticity of the -Release Signing Key. Note that the `!` flag after the `sig` tag is important -because it means that the key signature is valid. A `sig-` prefix would -indicate a bad signature and `sig%` would mean that gpg encountered an error -while verifying the signature. -It is not necessary to independently verify the authenticity of the Release Signing Key. +What matters is the line that shows that this key is signed by the Qubes Master Signing Key with a `sig!` prefix. +This verifies the authenticity of the Release Signing Key. +Note that the `!` flag after the `sig` tag is important because it means that the key signature is valid. +A `sig-` prefix would indicate a bad signature and `sig%` would mean that gpg encountered an error while verifying the signature. +It is not necessary to independently verify the authenticity of the Release Signing Key, since you already verified the authenticity of the Qubes Master Signing Key. +Before proceeding to the next step, make sure the Release Signing Key is in your keyring: + + $ gpg2 -k "Qubes OS Release" + pub rsa4096 2017-03-06 [SC] + 5817A43B283DE5A9181A522E1848792F9E2795E9 + uid [ full ] Qubes OS Release X Signing Key + +If you don't see the correct Release Signing Key here, go back and follow the instructions in this section carefully. ### 3. Verify your Qubes ISO @@ -236,7 +256,9 @@ Every Qubes ISO is released with a detached PGP signature file, which you can fi If the filename of your ISO is `Qubes-RX-x86_64.iso`, then the name of the signature file for that ISO is `Qubes-RX-x86_64.iso.asc`, where `X` is a specific version of Qubes. The signature filename is always the same as the ISO filename followed by `.asc`. -Once you've downloaded both the ISO and its signature file, you can verify the ISO using GPG: +Download both the ISO and its signature file. +Put both of them in the same directory, then navigate to that directory. +Now, you can verify the ISO by executing this GPG command in the directory that contains both files: $ gpg2 -v --verify Qubes-RX-x86_64.iso.asc Qubes-RX-x86_64.iso gpg: armor header: Version: GnuPG v1 @@ -325,8 +347,8 @@ Another way is to use `openssl` to compute each hash value, then compare them to (Notice that the outputs match the values from the digest file.) -However, it is possible that an attacker replaced `Qubes-RX-x86_64.iso` with a malicious ISO, computed the hash values for that ISO, and replaced the values in `Qubes-RX-x86_64.iso.DIGESTS` with his own set of values. -Therefore, ideally, we should also verify the authenticity of the listed hash values. +However, it is possible that an attacker replaced `Qubes-RX-x86_64.iso` with a malicious ISO, computed the hash values for that malicious ISO, and replaced the values in `Qubes-RX-x86_64.iso.DIGESTS` with his own set of values. +Therefore, we should also verify the authenticity of the listed hash values. Since `Qubes-RX-x86_64.iso.DIGESTS` is a clearsigned PGP file, we can use GPG to verify it from the command line: 1. [Get the Qubes Master Signing Key and verify its authenticity][QMSK] @@ -400,10 +422,16 @@ The problem could be one or more of the following: If you still get the same result, try downloading the ISO again from a different source, then try verifying again. -### I'm getting "bash: gpg2: command not found" +### Why am I getting "bash: gpg2: command not found"? You don't have `gpg2` installed. -Please install it using the method appropriate for your environement (e.g., via your package manager). +Please install it using the method appropriate for your environment (e.g., via your package manager). + + +### Why am I getting "No such file or directory"? + +Your working directory does not contain the required files. +Go back and follow the instructions more carefully, making sure that you put all required files in the same directory *and* navigate to that directory. ### Why am I getting "can't open signed data `Qubes-RX-x86_64.iso' / can't hash datafile: file open error"? diff --git a/user/troubleshooting/usb-troubleshooting.md b/user/troubleshooting/usb-troubleshooting.md index 2cf294eb..d1ef79fd 100644 --- a/user/troubleshooting/usb-troubleshooting.md +++ b/user/troubleshooting/usb-troubleshooting.md @@ -81,3 +81,13 @@ Note that this procedure will attach your USB controllers to dom0, so do this on If your computer has a PS/2 port, you may instead use a PS/2 keyboard to enter the LUKS password. +## "qubes-usb-proxy not installed in the VM" error ## + +When trying to [create and use a USB qube](/doc/usb-devices/#creating-and-using-a-usb-qube) with the `qubes-usb-proxy` package, you may receive this error: `ERROR: qubes-usb-proxy not installed in the VM`. + +If you encounter this error, you can install the `qubes-usb-proxy` with the package manager in the VM you want to attach the USB device to. +Depending on your operating system, open a terminal in the TemplateVM and enter one of the following commands: + +* Fedora: `sudo dnf install qubes-usb-proxy` +* Debian/Ubuntu: `sudo apt-get install qubes-usb-proxy` +