diff --git a/developer/building/development-workflow.rst b/developer/building/development-workflow.rst index 5dbffc41..c9c01945 100644 --- a/developer/building/development-workflow.rst +++ b/developer/building/development-workflow.rst @@ -40,7 +40,7 @@ In ``qubes-builder/artifacts/sources/linux-kernel``: .. code:: console - make prep + $ make prep @@ -48,7 +48,7 @@ The resulting tree will be in kernel-/linux-: .. code:: console - ls -ltrd kernel*/linux* + $ ls -ltrd kernel*/linux* drwxr-xr-x 23 user user 4096 Nov 5 09:50 kernel-3.4.18/linux-3.4.18 drwxr-xr-x 6 user user 4096 Nov 21 20:48 kernel-3.4.18/linux-obj @@ -62,7 +62,7 @@ In ``qubes-builder/artifacts/sources/linux-kernel``: .. code:: console - cd kernel-3.4.18/linux-3.4.18 + $ cd kernel-3.4.18/linux-3.4.18 @@ -74,8 +74,8 @@ In ``kernel-3.4.18/linux-3.4.18``: .. code:: console - cp ../../config .config - make oldconfig + $ cp ../../config .config + $ make oldconfig @@ -83,7 +83,7 @@ Now change the configuration. For example, in ``kernel-3.4.18/linux-3.4.18``: .. code:: console - make menuconfig + $ make menuconfig @@ -91,7 +91,7 @@ Copy the modified config back into the kernel tree: .. code:: console - cp .config ../../../config + $ cp .config ../../../config @@ -103,20 +103,20 @@ TODO: describe the workflow for patching the code, below are some random notes, .. code:: console - ln -s ../../patches.xen - export QUILT_PATCHES=patches.xen - export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" - export QUILT_SERIES=../../series-pvops.conf + $ ln -s ../../patches.xen + $ export QUILT_PATCHES=patches.xen + $ export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" + $ export QUILT_SERIES=../../series-pvops.conf - quilt new patches.xen/pvops-3.4-0101-usb-xen-pvusb-driver-bugfix.patch - quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \ + $ quilt new patches.xen/pvops-3.4-0101-usb-xen-pvusb-driver-bugfix.patch + $ quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \ drivers/usb/host/xen-usbback/* drivers/usb/host/xen-usbfront.c \ include/xen/interface/io/usbif.h *edit something* - quilt refresh - cd ../.. + $ quilt refresh + $ cd ../.. vi series.conf @@ -133,7 +133,7 @@ To actually build RPMs, in qubes-builder: .. code:: console - ./qb -c linux-kernel package fetch prep build + $ ./qb -c linux-kernel package fetch prep build @@ -398,7 +398,7 @@ Then use ``make update-repo-unstable`` to upload the packages. You can also spec .. code:: console - make COMPONENTS="core-agent-linux gui-agent-linux linux-utils" qubes update-repo-unstable + $ make COMPONENTS="core-agent-linux gui-agent-linux linux-utils" qubes update-repo-unstable diff --git a/developer/building/qubes-builder-v2.rst b/developer/building/qubes-builder-v2.rst index 1fc607a5..6b547f0f 100644 --- a/developer/building/qubes-builder-v2.rst +++ b/developer/building/qubes-builder-v2.rst @@ -54,8 +54,8 @@ This is a simple setup using a docker executor. This is a good default choice; i .. code:: console - git clone https://github.com/QubesOS/qubes-builderv2 - cd qubes-builderv2/ + $ git clone https://github.com/QubesOS/qubes-builderv2 + $ cd qubes-builderv2/ 4. If you haven’t previously used docker in the current qube, you need to set up some permissions. In particular, the user has to be added to the ``docker`` group: diff --git a/developer/building/qubes-builder.rst b/developer/building/qubes-builder.rst index 336bb304..e193e46b 100644 --- a/developer/building/qubes-builder.rst +++ b/developer/building/qubes-builder.rst @@ -55,17 +55,23 @@ Usually you can install those packages by just issuing: .. code:: console - sudo dnf install gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog rpm-sign dpkg-dev debootstrap python3-pyyaml devscripts perl-Digest-MD5 perl-Digest-SHA + $ sudo dnf install gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog rpm-sign dpkg-dev debootstrap python3-pyyaml devscripts perl-Digest-MD5 perl-Digest-SHA The build system creates build environments in chroots and so no other packages are needed on the host. All files created by the build system are contained within the qubes-builder directory. The full build requires some 25GB of free space, so keep that in mind when deciding where to place this directory. The build system is configured via builder.conf file. You can use the setup.sh script to create and modify this file. Alternatively, you can copy the provided default builder.conf, and modify it as needed, e.g.: + .. code:: console - cp example-configs/qubes-os-master.conf builder.conf - # edit the builder.conf file and set the following variables: + $ cp example-configs/qubes-os-master.conf builder.conf + + +Edit the builder.conf file and set the following variables: + +.. code:: bash + NO_SIGN=1 @@ -84,39 +90,64 @@ It is also recommended that you use an empty passphrase for the private key used So, to build Qubes you would do: +Import the Qubes master key: + .. code:: console - # Import the Qubes master key - gpg --recv-keys 0xDDFA1A3E36879494 + $ gpg --recv-keys 0xDDFA1A3E36879494 - # Verify its fingerprint, set as 'trusted'. - # This is described here: - # https://www.qubes-os.org/doc/VerifyingSignatures - wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc - gpg --import qubes-developers-keys.asc +Verify its fingerprint, set as 'trusted'. This is described :doc:`here `. - git clone https://github.com/QubesOS/qubes-builder.git qubes-builder - cd qubes-builder +.. code:: console - # Verify its integrity: - git tag -v `git describe` + $ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc + $ gpg --import qubes-developers-keys.asc + + $ git clone https://github.com/QubesOS/qubes-builder.git qubes-builder + $ cd qubes-builder + + +Verify its integrity: + +.. code:: console + + $ git tag -v `git describe` + + +Copy the example ``builder.conf``: + +.. code:: console + + $ cp example-configs/qubes-os-master.conf builder.conf + + +Edit the builder.conf file and set the following variables: + +.. code:: bash - cp example-configs/qubes-os-master.conf builder.conf - # edit the builder.conf file and set the following variables: # NO_SIGN="1" - # Download all components: - make get-sources +Download all components: - # And now to build all Qubes RPMs (this will take a few hours): +.. code:: console - make qubes + $ make get-sources - # ... and then to build the ISO - make iso +And now to build all Qubes RPMs (this will take a few hours): + +.. code:: console + + $ make qubes + + +... and then to build the ISO + +.. code:: console + + $ make iso And this should produce a shiny new ISO. @@ -125,7 +156,7 @@ You can also build selected component separately. Eg. to compile only gui virtua .. code:: console - make gui-daemon + $ make gui-daemon You can get a full list from make help. @@ -154,7 +185,7 @@ You can also modify sources somehow if you wish. Here are some basic steps: .. code:: console - make get-sources + $ make get-sources 4. **Make your modifications here** @@ -165,14 +196,14 @@ You can also modify sources somehow if you wish. Here are some basic steps: .. code:: console - make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates + $ make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates 7. build iso installation image .. code:: console - make iso + $ make iso diff --git a/developer/building/qubes-iso-building.rst b/developer/building/qubes-iso-building.rst index f14523e4..1c9ec826 100644 --- a/developer/building/qubes-iso-building.rst +++ b/developer/building/qubes-iso-building.rst @@ -17,14 +17,14 @@ Fedora 36 (and 37) has been successfully used to build Qubes R4.1 with the below .. code:: console - sudo setenforce 0 + $ sudo setenforce 0 In ``dom0``, install the Fedora 36 (or 37) template if you don’t already have it. .. code:: console - sudo qubes-dom0-update qubes-template-fedora-36 + $ sudo qubes-dom0-update qubes-template-fedora-36 @@ -66,9 +66,9 @@ Now let’s bootstrap the builder. Unfortunately, the builder cannot verify itse .. code:: console - git clone https://github.com/QubesOS/qubes-builder.git - cd qubes-builder - git tag -v `git describe` + $ git clone https://github.com/QubesOS/qubes-builder.git + $ cd qubes-builder + $ git tag -v `git describe` @@ -120,8 +120,8 @@ Continue the build process with: .. code:: console - make install-deps - make get-sources + $ make install-deps + $ make get-sources @@ -133,8 +133,8 @@ Finally, if you are making a test build, use: .. code:: console - make qubes - make iso + $ make qubes + $ make iso @@ -142,9 +142,9 @@ Or for a fully signed build (this requires setting ``SIGN_KEY`` in ``builder.con .. code:: console - make qubes - make sign-all - make iso + $ make qubes + $ make sign-all + $ make iso @@ -160,9 +160,9 @@ If you will be building Whonix templates: .. code:: console - cd ~ - gpg --keyserver pgp.mit.edu --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA - gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA + $ cd ~ + $ gpg --keyserver pgp.mit.edu --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA + $ gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA @@ -185,11 +185,11 @@ Next, prepare the Git keyring directory and copy them in: .. code:: console - export GNUPGHOME=~/qubes-builder/keyrings/git - mkdir --parents "$GNUPGHOME" - cp ~/.gnupg/pubring.gpg "$GNUPGHOME" - cp ~/.gnupg/trustdb.gpg "$GNUPGHOME" - chmod --recursive 700 "$GNUPGHOME" + $ export GNUPGHOME=~/qubes-builder/keyrings/git + $ mkdir --parents "$GNUPGHOME" + $ cp ~/.gnupg/pubring.gpg "$GNUPGHOME" + $ cp ~/.gnupg/trustdb.gpg "$GNUPGHOME" + $ chmod --recursive 700 "$GNUPGHOME" @@ -197,8 +197,8 @@ Copy one of the example configurations: .. code:: console - cd ~/qubes-builder - cp example-configs/qubes-os-master.conf builder.conf + $ cd ~/qubes-builder + $ cp example-configs/qubes-os-master.conf builder.conf @@ -208,9 +208,9 @@ Continue the build process with: .. code:: console - make install-deps - make get-sources - unset GNUPGHOME + $ make install-deps + $ make get-sources + $ unset GNUPGHOME @@ -220,8 +220,8 @@ Finally, if you are making a test build, use: .. code:: console - make qubes - make iso + $ make qubes + $ make iso @@ -229,9 +229,9 @@ Or for a fully signed build (this requires setting ``SIGN_KEY`` in ``builder.con .. code:: console - make qubes - make sign-all - make iso + $ make qubes + $ make sign-all + $ make iso diff --git a/developer/code/code-signing.rst b/developer/code/code-signing.rst index 690c4dd0..094c5f47 100644 --- a/developer/code/code-signing.rst +++ b/developer/code/code-signing.rst @@ -91,7 +91,7 @@ If you’re submitting a patch via GitHub (or a similar Git server), please sign .. code:: console - git config --global user.signingkey + $ git config --global user.signingkey @@ -99,14 +99,14 @@ If you’re submitting a patch via GitHub (or a similar Git server), please sign .. code:: console - git config --global commit.gpgsign true + $ git config --global commit.gpgsign true Alternatively, manually specify when a commit is to be signed: .. code:: console - git commit -S + $ git commit -S @@ -115,7 +115,7 @@ If you’re submitting a patch via GitHub (or a similar Git server), please sign .. code:: console - git tag -s -m "" + $ git tag -s -m "" You can also create an alias to make this easier. Edit your ``~/.gitconfig`` file. In the ``[alias]`` section, add ``stag`` to create signed tags and ``spush`` to create signed tags and push them. @@ -171,14 +171,14 @@ In this case, you have several options to sign the commit: .. code:: console - git commit --amend -S + $ git commit --amend -S This also rewrites the commit so you need to push it forcefully: .. code:: console - git push -f + $ git push -f @@ -186,8 +186,8 @@ In this case, you have several options to sign the commit: .. code:: console - git checkout - git spush + $ git checkout + $ git spush Now, the signature checker needs to re-check the signature. Please comment on the pull request that you would like to have the signatures checked again. diff --git a/developer/code/source-code.rst b/developer/code/source-code.rst index 34db1952..f88b8d8b 100644 --- a/developer/code/source-code.rst +++ b/developer/code/source-code.rst @@ -21,7 +21,7 @@ To clone a repository: .. code:: console - git clone https://github.com/QubesOS/qubes-.git + $ git clone https://github.com/QubesOS/qubes-.git @@ -29,7 +29,7 @@ e.g.: .. code:: console - git clone https://github.com/QubesOS/qubes-core-admin.git core-admin + $ git clone https://github.com/QubesOS/qubes-core-admin.git core-admin @@ -39,8 +39,8 @@ If you really do want to clone **all** of the repositories, you can use these co .. code:: console - curl "https://api.github.com/orgs/QubesOS/repos?page=1&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone - curl "https://api.github.com/orgs/QubesOS/repos?page=2&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone + $ curl "https://api.github.com/orgs/QubesOS/repos?page=1&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone + $ curl "https://api.github.com/orgs/QubesOS/repos?page=2&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone diff --git a/developer/debugging/automated-tests.rst b/developer/debugging/automated-tests.rst index 2e9ed06c..75bf92a8 100644 --- a/developer/debugging/automated-tests.rst +++ b/developer/debugging/automated-tests.rst @@ -119,7 +119,7 @@ Tests are also compatible with nose2 test runner, so you can use this instead: .. code:: console - sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd + $ sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd This may be especially useful together with various nose2 plugins to store tests results (for example ``nose2.plugins.junitxml``), to ease presenting results. This is what we use on `OpenQA `__. @@ -140,15 +140,15 @@ Assuming you cloned the ``qubes-builder`` repository to your home directory insi .. code:: console - cd ~ - sudo dnf install python3-pip lvm2 python35 python3-virtualenv - virtualenv -p /usr/bin/python35 python35 - source python35/bin/activate - python3 -V - cd ~/qubes-builder/qubes-src/core-admin - pip3 install -r ci/requirements.txt - export PYTHONPATH=../core-qrexec:test-packages - ./run-tests + $ cd ~ + $ sudo dnf install python3-pip lvm2 python35 python3-virtualenv + $ virtualenv -p /usr/bin/python35 python35 + $ source python35/bin/activate + $ python3 -V + $ cd ~/qubes-builder/qubes-src/core-admin + $ pip3 install -r ci/requirements.txt + $ export PYTHONPATH=../core-qrexec:test-packages + $ ./run-tests To run only the tests related to e.g. ``lvm``, you may use: diff --git a/developer/debugging/safe-remote-ttys.rst b/developer/debugging/safe-remote-ttys.rst index 4ef4918f..cb53a527 100644 --- a/developer/debugging/safe-remote-ttys.rst +++ b/developer/debugging/safe-remote-ttys.rst @@ -70,7 +70,7 @@ If your machine has a serial console, you may with to use that, but note that a .. code:: console - script -f /dev/ttyS0 + $ script -f /dev/ttyS0 diff --git a/developer/debugging/test-bench.rst b/developer/debugging/test-bench.rst index 5324baac..47f69d00 100644 --- a/developer/debugging/test-bench.rst +++ b/developer/debugging/test-bench.rst @@ -96,11 +96,11 @@ Internet access is intentionally disabled by default in dom0. But to ease the de .. code:: console - sudo systemctl enable sshd - sudo systemctl start sshd + $ sudo systemctl enable sshd + $ sudo systemctl start sshd - sudo systemctl enable dom0-network-direct - sudo systemctl start dom0-network-direct + $ sudo systemctl enable dom0-network-direct + $ sudo systemctl start dom0-network-direct @@ -123,26 +123,26 @@ The following commands should work for you, but do keep in mind that the provisi # https://github.com/marmarek/openqa-tests-qubesos/blob/master/tests/update.pm # Install git - sudo qubes-dom0-update git || sudo dnf --setopt=reposdir=/etc/yum.repos.d install git + $ sudo qubes-dom0-update git || sudo dnf --setopt=reposdir=/etc/yum.repos.d install git # Download the openQA automated testing environment Salt configuration - git clone https://github.com/marmarek/openqa-tests-qubesos/ - cd openqa-tests-qubesos/extra-files - sudo cp -a system-tests/ /srv/salt/ - sudo qubesctl top.enable system-tests + $ git clone https://github.com/marmarek/openqa-tests-qubesos/ + $ cd openqa-tests-qubesos/extra-files + $ sudo cp -a system-tests/ /srv/salt/ + $ sudo qubesctl top.enable system-tests # Install the same configuration as the one in openQA - QUBES_VERSION=4.1 - PILLAR_DIR=/srv/pillar/base/update - sudo mkdir -p $PILLAR_DIR - printf 'update:\n qubes_ver: '$QUBES_VERSION'\n' | sudo tee $PILLAR_DIR/init.sls - printf "base:\n '*':\n - update\n" | sudo tee $PILLAR_DIR/init.top - sudo qubesctl top.enable update pillar=True + $ QUBES_VERSION=4.1 + $ PILLAR_DIR=/srv/pillar/base/update + $ sudo mkdir -p $PILLAR_DIR + $ printf 'update:\n qubes_ver: '$QUBES_VERSION'\n' | sudo tee $PILLAR_DIR/init.sls + $ printf "base:\n '*':\n - update\n" | sudo tee $PILLAR_DIR/init.top + $ sudo qubesctl top.enable update pillar=True # Apply states to dom0 and VMs # NOTE: These commands can take several minutes (if not more) without showing output - sudo qubesctl --show-output state.highstate - sudo qubesctl --max-concurrency=2 --skip-dom0 --templates --show-output state.highstate + $ sudo qubesctl --show-output state.highstate + $ sudo qubesctl --max-concurrency=2 --skip-dom0 --templates --show-output state.highstate Development VM diff --git a/developer/releases/1_0/release-notes.rst b/developer/releases/1_0/release-notes.rst index ec040aca..1fd7d45f 100644 --- a/developer/releases/1_0/release-notes.rst +++ b/developer/releases/1_0/release-notes.rst @@ -19,8 +19,8 @@ Known issues .. code:: console - qvm-prefs -s fedora-17-x64-dvm maxmem 3072 - qvm-create-default-dvm --default-template --default-script + $ qvm-prefs -s fedora-17-x64-dvm maxmem 3072 + $ qvm-create-default-dvm --default-template --default-script @@ -58,6 +58,6 @@ If you have Qubes Beta 3 currently installed on your system, you must reinstall .. code:: console - qvm-backup-restore --replace-template=fedora-15-x64:fedora-17-x64 + $ qvm-backup-restore --replace-template=fedora-15-x64:fedora-17-x64 diff --git a/developer/releases/4_0/release-notes.rst b/developer/releases/4_0/release-notes.rst index dbedb6d7..c98cc822 100644 --- a/developer/releases/4_0/release-notes.rst +++ b/developer/releases/4_0/release-notes.rst @@ -66,7 +66,7 @@ Security Notes .. code:: console - sudo nano /etc/yum.repos.d/qubes-dom0.repo + $ sudo nano /etc/yum.repos.d/qubes-dom0.repo diff --git a/developer/services/qrexec-internals.rst b/developer/services/qrexec-internals.rst index 4bc4bf46..11fa6845 100644 --- a/developer/services/qrexec-internals.rst +++ b/developer/services/qrexec-internals.rst @@ -144,7 +144,7 @@ dom0: request execution of ``cmd`` in domX .. code:: console - qrexec-client -d domX [-l local_program] user:cmd + $ qrexec-client -d domX [-l local_program] user:cmd @@ -191,7 +191,7 @@ domX: request execution of service ``admin.Service`` in dom0 .. code:: console - qrexec-client-vm dom0 admin.Service [local_program] [params] + $ qrexec-client-vm dom0 admin.Service [local_program] [params] @@ -217,7 +217,7 @@ domX: request execution of service ``admin.Service`` in dom0 .. code:: console - qrexec-client -d dom0 -c domX,X,SOCKET11 "QUBESRPC admin.Service domX name dom0" + $ qrexec-client -d dom0 -c domX,X,SOCKET11 "QUBESRPC admin.Service domX name dom0" @@ -260,7 +260,7 @@ domX: invoke execution of qubes service ``qubes.Service`` in domY .. code:: console - qrexec-client-vm domY qubes.Service [local_program] [params] + $ qrexec-client-vm domY qubes.Service [local_program] [params] @@ -278,7 +278,7 @@ domX: invoke execution of qubes service ``qubes.Service`` in domY .. code:: console - qrexec-client -d domY -c domX,X,SOCKET11 user:cmd "DEFAULT:QUBESRPC qubes.Service domX" + $ qrexec-client -d domY -c domX,X,SOCKET11 user:cmd "DEFAULT:QUBESRPC qubes.Service domX" diff --git a/developer/services/qrexec-socket-services.rst b/developer/services/qrexec-socket-services.rst index 772b03b8..5baf4c5d 100644 --- a/developer/services/qrexec-socket-services.rst +++ b/developer/services/qrexec-socket-services.rst @@ -122,8 +122,8 @@ Start the socket using ``systemctl --user start``. Enable it using ``systemctl - .. code:: console - systemctl --user start qubes-qrexec-policy-agent.socket - systemctl --user enable qubes-qrexec-policy-agent.socket + $ systemctl --user start qubes-qrexec-policy-agent.socket + $ systemctl --user enable qubes-qrexec-policy-agent.socket @@ -131,7 +131,7 @@ Alternatively, you can enable the service by creating a symlink: .. code:: console - sudo ln -s /lib/systemd/user/qubes-qrexec-policy-agent.socket /lib/systemd/user/sockets.target.wants/ + $ sudo ln -s /lib/systemd/user/qubes-qrexec-policy-agent.socket /lib/systemd/user/sockets.target.wants/ @@ -143,7 +143,7 @@ Link in qubes-rpc .. code:: console - sudo ln -s /var/run/qubes/policy-agent.sock /etc/qubes-rpc/policy.Ask + $ sudo ln -s /var/run/qubes/policy-agent.sock /etc/qubes-rpc/policy.Ask @@ -157,7 +157,7 @@ Install the Python systemd library: .. code:: console - sudo dnf install python3-systemd + $ sudo dnf install python3-systemd @@ -240,7 +240,7 @@ The service is invoked in the same way as a standard Qubes RPC service: .. code:: console - echo | qrexec-client -d domX 'DEFAULT:QUBESRPC policy.Ask' + $ echo | qrexec-client -d domX 'DEFAULT:QUBESRPC policy.Ask' @@ -248,7 +248,7 @@ You can also connect to it locally, but remember to include the service descript .. code:: console - echo -e 'policy.Ask dom0\0' | nc -U /etc/qubes-rpc/policy.Ask + $ echo -e 'policy.Ask dom0\0' | nc -U /etc/qubes-rpc/policy.Ask diff --git a/developer/services/qrexec.rst b/developer/services/qrexec.rst index c3f01084..1b94e378 100644 --- a/developer/services/qrexec.rst +++ b/developer/services/qrexec.rst @@ -245,7 +245,7 @@ We’ll need to create a service called ``test.Add`` with its own definition and .. code:: console - ln -s /usr/bin/our_test_add_server /etc/qubes-rpc/test.Add + $ ln -s /usr/bin/our_test_add_server /etc/qubes-rpc/test.Add diff --git a/developer/services/qrexec2.rst b/developer/services/qrexec2.rst index c6961b2c..029e2cee 100644 --- a/developer/services/qrexec2.rst +++ b/developer/services/qrexec2.rst @@ -114,7 +114,7 @@ In order to remove such authorization, issue this command from a Dom0 terminal ( .. code:: console - sudo nano /etc/qubes-rpc/policy/qubes.Filecopy + $ sudo nano /etc/qubes-rpc/policy/qubes.Filecopy and then remove any line(s) ending in “allow” (before the first ``##`` comment) which are the “Yes to All” results. diff --git a/developer/system/networking.rst b/developer/system/networking.rst index f8bee84b..76dd2920 100644 --- a/developer/system/networking.rst +++ b/developer/system/networking.rst @@ -121,7 +121,7 @@ Starting with Qubes 4.0, there is opt-in support for IPv6 forwarding. Similar to .. code:: console - qvm-features sys-net ipv6 1 + $ qvm-features sys-net ipv6 1 @@ -129,7 +129,7 @@ It is also possible to explicitly disable IPv6 support for some qubes, even if i .. code:: console - qvm-features ipv4-only-qube ipv6 '' + $ qvm-features ipv4-only-qube ipv6 '' diff --git a/introduction/faq.rst b/introduction/faq.rst index c304b1d4..cfb0d027 100644 --- a/introduction/faq.rst +++ b/introduction/faq.rst @@ -545,10 +545,10 @@ or .. code:: console - echo 0000: > /sys/bus/pci/drivers/pciback/unbind - MODALIAS=`cat /sys/bus/pci/devices/0000:/modalias` - MOD=`modprobe -R $MODALIAS | head -n 1` - echo 0000: > /sys/bus/pci/drivers/$MOD/bind + $ echo 0000: > /sys/bus/pci/drivers/pciback/unbind + $ MODALIAS=`cat /sys/bus/pci/devices/0000:/modalias` + $ MOD=`modprobe -R $MODALIAS | head -n 1` + $ echo 0000: > /sys/bus/pci/drivers/$MOD/bind @@ -674,7 +674,7 @@ From a ``dom0`` prompt, enter: .. code:: console - qvm-prefs kernel "" + $ qvm-prefs kernel "" diff --git a/project-security/security-pack.rst b/project-security/security-pack.rst index 915dad59..b187e90c 100644 --- a/project-security/security-pack.rst +++ b/project-security/security-pack.rst @@ -31,7 +31,7 @@ The following example demonstrates one method of obtaining the qubes-secpack and 1. Use Git to clone the qubes-secpack repo. - .. code:: + .. code:: console $ git clone https://github.com/QubesOS/qubes-secpack.git Cloning into 'qubes-secpack'... @@ -44,7 +44,7 @@ The following example demonstrates one method of obtaining the qubes-secpack and 2. Import the included PGP keys. See our `PGP key policies <#pgp-key-policies>`__ for important information about these keys. - .. code:: + .. code:: console $ gpg --import qubes-secpack/keys/*/* gpg: directory `/home/user/.gnupg' created diff --git a/project-security/verifying-signatures.rst b/project-security/verifying-signatures.rst index 9c548f13..b03ec0b5 100644 --- a/project-security/verifying-signatures.rst +++ b/project-security/verifying-signatures.rst @@ -178,11 +178,11 @@ Now that you’ve imported the authentic QMSK, set its trust level to “ultimat trust: unknown validity: unknown [ unknown] (1). Qubes Master Signing Key - gpg> fpr + $ gpg> fpr pub 4096R/36879494 2010-04-01 Qubes Master Signing Key Primary key fingerprint: 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 - gpg> trust + $ gpg> trust pub 4096R/36879494 created: 2010-04-01 expires: never usage: SC trust: unknown validity: unknown [ unknown] (1). Qubes Master Signing Key @@ -206,7 +206,7 @@ Now that you’ve imported the authentic QMSK, set its trust level to “ultimat Please note that the shown key validity is not necessarily correct unless you restart the program. - gpg> q + $ gpg> q Now, when you import any of the release signing keys and many Qubes team member keys, they will already be trusted in virtue of being signed by the QMSK. diff --git a/user/advanced-topics/bind-dirs.rst b/user/advanced-topics/bind-dirs.rst index c318fc18..5a97b624 100644 --- a/user/advanced-topics/bind-dirs.rst +++ b/user/advanced-topics/bind-dirs.rst @@ -30,7 +30,7 @@ In this example, we want to make ``/var/lib/tor`` persistent. Enter all of the f .. code:: console - sudo mkdir -p /rw/config/qubes-bind-dirs.d + $ sudo mkdir -p /rw/config/qubes-bind-dirs.d @@ -38,7 +38,7 @@ In this example, we want to make ``/var/lib/tor`` persistent. Enter all of the f .. code:: console - sudo touch /rw/config/qubes-bind-dirs.d/50_user.conf + $ sudo touch /rw/config/qubes-bind-dirs.d/50_user.conf @@ -56,7 +56,7 @@ In this example, we want to make ``/var/lib/tor`` persistent. Enter all of the f .. code:: console - sudo mkdir -p /rw/bind-dirs/var/lib/tor + $ sudo mkdir -p /rw/bind-dirs/var/lib/tor @@ -157,7 +157,7 @@ To use this feature, first, enable it: .. code:: console - qvm-service -e my-app-vm custom-persist + $ qvm-service -e my-app-vm custom-persist @@ -165,7 +165,7 @@ Then, configure a persistent directory with ``qvm-features``: .. code:: console - qvm-features my-app-vm custom-persist.my_persistent_dir /var/my_persistent_dir + $ qvm-features my-app-vm custom-persist.my_persistent_dir /var/my_persistent_dir @@ -173,8 +173,8 @@ To re-enable ``/home`` and ``/usr/local`` persistence, just add them to the list .. code:: console - qvm-features my-app-vm custom-persist.home /home - qvm-features my-app-vm custom-persist.usrlocal /usr/local + $ qvm-features my-app-vm custom-persist.home /home + $ qvm-features my-app-vm custom-persist.usrlocal /usr/local @@ -184,8 +184,8 @@ A user may want their bind-dirs to be automatically pre-created in ``/rw/bind-di .. code:: console - qvm-features my-app-vm custom-persist.downloads dir:user:user:0755:/home/user/Downloads - qvm-features my-app-vm custom-persist.my_ssh_known_hosts_file file:user:user:0600:/home/user/.ssh/known_hosts + $ qvm-features my-app-vm custom-persist.downloads dir:user:user:0755:/home/user/Downloads + $ qvm-features my-app-vm custom-persist.my_ssh_known_hosts_file file:user:user:0600:/home/user/.ssh/known_hosts diff --git a/user/advanced-topics/disposable-customization.rst b/user/advanced-topics/disposable-customization.rst index 41360de0..9cd8cd2d 100644 --- a/user/advanced-topics/disposable-customization.rst +++ b/user/advanced-topics/disposable-customization.rst @@ -95,11 +95,11 @@ To create one that has no PCI devices attached, such as for ``sys-firewall``: .. code:: console - qvm-create -C DispVM -l green - qvm-prefs autostart true - qvm-prefs netvm - qvm-prefs provides_network true - qvm-features appmenus-dispvm '' + $ qvm-create -C DispVM -l green + $ qvm-prefs autostart true + $ qvm-prefs netvm + $ qvm-prefs provides_network true + $ qvm-features appmenus-dispvm '' @@ -111,13 +111,13 @@ To create one with a PCI device attached such as for ``sys-net`` or ``sys-usb``, .. code:: console - qvm-create -C DispVM -l red - qvm-prefs virt_mode hvm - qvm-service meminfo-writer off - qvm-pci attach --persistent dom0: - qvm-prefs autostart true - qvm-prefs netvm '' - qvm-features appmenus-dispvm '' + $ qvm-create -C DispVM -l red + $ qvm-prefs virt_mode hvm + $ qvm-service meminfo-writer off + $ qvm-pci attach --persistent dom0: + $ qvm-prefs autostart true + $ qvm-prefs netvm '' + $ qvm-features appmenus-dispvm '' @@ -125,7 +125,7 @@ Optionally, if this disposable will also provide network access to other qubes: .. code:: console - qvm-prefs provides_network true + $ qvm-prefs provides_network true @@ -133,7 +133,7 @@ Next, set the old service qube’s autostart to false, and update any references .. code:: console - qvm-prefs sys-firewall netvm + $ qvm-prefs sys-firewall netvm @@ -143,17 +143,17 @@ Here is an example of a complete ``sys-net`` replacement: .. code:: console - qvm-create -C DispVM -l red sys-net2 - qvm-prefs sys-net2 virt_mode hvm - qvm-service sys-net2 meminfo-writer off - qvm-pci attach --persistent sys-net2 dom0:00_1a.0 - qvm-prefs sys-net2 autostart true - qvm-prefs sys-net2 netvm '' - qvm-features sys-net2 appmenus-dispvm '' - qvm-prefs sys-net2 provides_network true - qvm-prefs sys-net autostart false - qvm-prefs sys-firewall netvm sys-net2 - qubes-prefs clockvm sys-net2 + $ qvm-create -C DispVM -l red sys-net2 + $ qvm-prefs sys-net2 virt_mode hvm + $ qvm-service sys-net2 meminfo-writer off + $ qvm-pci attach --persistent sys-net2 dom0:00_1a.0 + $ qvm-prefs sys-net2 autostart true + $ qvm-prefs sys-net2 netvm '' + $ qvm-features sys-net2 appmenus-dispvm '' + $ qvm-prefs sys-net2 provides_network true + $ qvm-prefs sys-net autostart false + $ qvm-prefs sys-firewall netvm sys-net2 + $ qubes-prefs clockvm sys-net2 diff --git a/user/advanced-topics/gui-configuration.rst b/user/advanced-topics/gui-configuration.rst index efde467d..45a7473f 100644 --- a/user/advanced-topics/gui-configuration.rst +++ b/user/advanced-topics/gui-configuration.rst @@ -16,8 +16,8 @@ To increase the minimum size of the video RAM buffer: .. code:: console - qvm-features dom0 gui-videoram-min $(($WIDTH * $HEIGHT * 4 / 1024)) - qvm-features dom0 gui-videoram-overhead 0 + $ qvm-features dom0 gui-videoram-min $(($WIDTH * $HEIGHT * 4 / 1024)) + $ qvm-features dom0 gui-videoram-overhead 0 Where ``$WIDTH`` × ``$HEIGHT`` is the maximum desktop size that you anticipate needing. For example, if you expect to use a 1080p display and a 4k display side-by-side, that is ``(1920 + 3840) × 2160 × 4 / 1024 = 48600``, or slightly more than 48 MiB per qube. After making these adjustments, the qubes need to be restarted. @@ -26,7 +26,7 @@ In the case of multiple display with different orientations or if you plug/unplu .. code:: console - qvm-features dom0 gui-videoram-min $(xrandr --verbose | grep "Screen 0" | sed -e 's/.*current //' -e 's/\,.*//' | awk '{print $1*$3*4/1024}') + $ qvm-features dom0 gui-videoram-min $(xrandr --verbose | grep "Screen 0" | sed -e 's/.*current //' -e 's/\,.*//' | awk '{print $1*$3*4/1024}') The amount of memory allocated per qube is the maximum of: diff --git a/user/advanced-topics/gui-domain.rst b/user/advanced-topics/gui-domain.rst index 5b4fe8e5..6da2fea2 100644 --- a/user/advanced-topics/gui-domain.rst +++ b/user/advanced-topics/gui-domain.rst @@ -22,22 +22,22 @@ In ``dom0``, enable the formula for ``sys-gui`` with pillar data: .. code:: console - sudo qubesctl top.enable qvm.sys-gui - sudo qubesctl top.enable qvm.sys-gui pillar=True + $ sudo qubesctl top.enable qvm.sys-gui + $ sudo qubesctl top.enable qvm.sys-gui pillar=True then, execute it: .. code:: console - sudo qubesctl --all state.highstate + $ sudo qubesctl --all state.highstate You can now disable the ``sys-gui`` formula: .. code:: console - sudo qubesctl top.disable qvm.sys-gui + $ sudo qubesctl top.disable qvm.sys-gui At this point, you need to shutdown all your running qubes as the ``default_guivm`` qubes global property has been set to ``sys-gui``. In order to use ``sys-gui`` as GUI domain, you need to logout and, in the top right corner, select ``lightdm`` session type to **GUI domain (sys-gui)**. Once logged, you are running ``sys-gui`` as fullscreen window and you can perform any operation as if you would be in ``dom0`` desktop. @@ -58,29 +58,29 @@ In ``dom0``, enable the formula for ``sys-gui-gpu`` with pillar data: .. code:: console - sudo qubesctl top.enable qvm.sys-gui-gpu - sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True + $ sudo qubesctl top.enable qvm.sys-gui-gpu + $ sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True then, execute it: .. code:: console - sudo qubesctl --all state.highstate + $ sudo qubesctl --all state.highstate You can now disable the ``sys-gui-gpu`` formula: .. code:: console - sudo qubesctl top.disable qvm.sys-gui-gpu + $ sudo qubesctl top.disable qvm.sys-gui-gpu One more step is needed: attaching the actual GPU to ``sys-gui-gpu``. This can be done either manually via ``qvm-pci`` (remember to enable permissive option), or via: .. code:: console - sudo qubesctl state.sls qvm.sys-gui-gpu-attach-gpu + $ sudo qubesctl state.sls qvm.sys-gui-gpu-attach-gpu The latter option assumes Intel graphics card (it has hardcoded PCI address). If you don’t have Intel graphics card, please use the former method with ``qvm-pci`` (see :doc:`How to use PCI devices `). @@ -105,29 +105,29 @@ In ``dom0``, enable the formula for ``sys-gui-vnc`` with pillar data: .. code:: console - sudo qubesctl top.enable qvm.sys-gui-vnc - sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True + $ sudo qubesctl top.enable qvm.sys-gui-vnc + $ sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True then, execute it: .. code:: console - sudo qubesctl --all state.highstate + $ sudo qubesctl --all state.highstate You can now disable the ``sys-gui-vnc`` formula: .. code:: console - sudo qubesctl top.disable qvm.sys-gui-vnc + $ sudo qubesctl top.disable qvm.sys-gui-vnc At this point, you need to shutdown all your running qubes as the ``default_guivm`` qubes global property has been set to ``sys-gui-vnc``. Then, you can start ``sys-gui-vnc``: .. code:: console - qvm-start sys-gui-vnc + $ qvm-start sys-gui-vnc A VNC server session is running on ``localhost:5900`` in ``sys-gui-vnc``. In order to reach the ``VNC`` server, we encourage to not connect ``sys-gui-vnc`` to a ``NetVM`` but rather to use another qube for remote access, say ``sys-remote``. First, you need to bind port 5900 of ``sys-gui-vnc`` into a ``sys-remote`` local port (you may want to use another port than 5900 to reach ``sys-remote`` from the outside). For that, use ``qubes.ConnectTCP`` RPC service (see :doc:`Firewall `. Then, you can use any ``VNC`` client to connect to you ``sys-remote`` on the chosen local port (5900 if you kept the default one). For the first connection, you will reach ``lightdm`` for which you can log as ``user`` where ``user`` refers to the first ``dom0`` user in ``qubes`` group and with corresponding ``dom0`` password. @@ -195,14 +195,14 @@ and for every selected qubes not using default value for GUI domain property, fo .. code:: console - qvm-prefs personal guivm dom0 + $ qvm-prefs personal guivm dom0 You are now able to delete the GUI domain, for example ``sys-gui-gpu``: .. code:: console - qvm-remove -f sys-gui-gpu + $ qvm-remove -f sys-gui-gpu .. |sys-gui| image:: /attachment/posts/guivm-hybrid.png diff --git a/user/advanced-topics/how-to-install-software-in-dom0.rst b/user/advanced-topics/how-to-install-software-in-dom0.rst index e2c13d7f..0326dbe5 100644 --- a/user/advanced-topics/how-to-install-software-in-dom0.rst +++ b/user/advanced-topics/how-to-install-software-in-dom0.rst @@ -48,7 +48,7 @@ To downgrade a specific package in dom0: .. code:: console - sudo qubes-dom0-update --action=downgrade package-version + $ sudo qubes-dom0-update --action=downgrade package-version @@ -60,7 +60,7 @@ To re-install a package in dom0: .. code:: console - sudo qubes-dom0-update --action=reinstall package + $ sudo qubes-dom0-update --action=reinstall package @@ -72,7 +72,7 @@ If you’ve installed a package such as anti-evil-maid, you can remove it with t .. code:: console - sudo dnf remove anti-evil-maid + $ sudo dnf remove anti-evil-maid @@ -96,9 +96,9 @@ To temporarily enable any of these repos, use the ``--enablerepo=`` o .. code:: console - sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing - sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing - sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable + $ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing + $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing + $ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable @@ -154,7 +154,7 @@ Example .. code:: console - sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel kernel-qubes-vm + $ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel kernel-qubes-vm @@ -168,7 +168,7 @@ Replace the example version numbers with the one you are upgrading to. .. code:: console - sudo dracut -f /boot/efi/EFI/qubes/initramfs-4.14.35-1.pvops.qubes.x86_64.img 4.14.35-1.pvops.qubes.x86_64 + $ sudo dracut -f /boot/efi/EFI/qubes/initramfs-4.14.35-1.pvops.qubes.x86_64.img 4.14.35-1.pvops.qubes.x86_64 @@ -178,7 +178,7 @@ Grub2 .. code:: console - sudo grub2-mkconfig -o /boot/grub2/grub.cfg + $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg @@ -192,14 +192,25 @@ Changing default kernel This section describes changing the default kernel in dom0. It is sometimes needed if you have upgraded to a newer kernel and are having problems booting, for example. On the next kernel update, the default will revert to the newest. + .. code:: console - sudo nano /etc/default/grub - [update the following two lines, add if needed] + $ sudo nano /etc/default/grub + + +Update the following two lines, add if needed: + +.. code:: bash + GRUB_DISABLE_SUBMENU=false GRUB_SAVEDEFAULT=true - [save and exit nano] - sudo grub2-mkconfig -o /boot/grub2/grub.cfg + + +Save and exit nano. Regenerate the GRUB 2 configuration. + +.. code:: console + + $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg diff --git a/user/advanced-topics/installing-contributed-packages.rst b/user/advanced-topics/installing-contributed-packages.rst index 09b9f211..07f6cc41 100644 --- a/user/advanced-topics/installing-contributed-packages.rst +++ b/user/advanced-topics/installing-contributed-packages.rst @@ -22,7 +22,7 @@ In dom0, use ``qubes-dom0-update``: .. code:: console - sudo qubes-dom0-update qubes-repo-contrib + $ sudo qubes-dom0-update qubes-repo-contrib In a Fedora-based template, use ``dnf``: @@ -31,7 +31,7 @@ In a Fedora-based template, use ``dnf``: .. code:: console - sudo dnf install qubes-repo-contrib + $ sudo dnf install qubes-repo-contrib In a Debian-based template, use ``apt``: @@ -40,7 +40,7 @@ In a Debian-based template, use ``apt``: .. code:: console - sudo apt update && sudo apt install qubes-repo-contrib + $ sudo apt update && sudo apt install qubes-repo-contrib The new repository definition will be in the usual location for your distro, and it will follow the naming pattern ``qubes-contrib-*``, depending on your Qubes release and whether it is in dom0 or a template. For example, in a Fedora template on Qubes 4.0, the new repository definition would be: @@ -65,7 +65,7 @@ For example, to install ``qvm-screenshot-tool`` in dom0: .. code:: console - sudo qubes-dom0-update --clean qvm-screenshot-tool + $ sudo qubes-dom0-update --clean qvm-screenshot-tool Please see the package’s README for specific installation and setup instructions. diff --git a/user/advanced-topics/kde.rst b/user/advanced-topics/kde.rst index d2f13cbb..dc7e6fb8 100644 --- a/user/advanced-topics/kde.rst +++ b/user/advanced-topics/kde.rst @@ -117,6 +117,6 @@ The safest way to remove (most of) KDE is: .. code:: console - sudo dnf remove kdelibs plasma-workspace + $ sudo dnf remove kdelibs plasma-workspace diff --git a/user/advanced-topics/managing-vm-kernels.rst b/user/advanced-topics/managing-vm-kernels.rst index 55731ef9..a511ea00 100644 --- a/user/advanced-topics/managing-vm-kernels.rst +++ b/user/advanced-topics/managing-vm-kernels.rst @@ -246,8 +246,8 @@ Both debian-9 and fedora-26 templates already have grub and related tools preins .. code:: console - qvm-prefs virt_mode hvm - qvm-prefs kernel '' + $ qvm-prefs virt_mode hvm + $ qvm-prefs kernel '' @@ -263,7 +263,7 @@ If you are using a distribution kernel package (``kernel`` package), the initram .. code:: console - sudo dracut -f /boot/initramfs-4.15.14-200.fc26.x86_64.img 4.15.14-200.fc26.x86_64 + $ sudo dracut -f /boot/initramfs-4.15.14-200.fc26.x86_64.img 4.15.14-200.fc26.x86_64 @@ -271,7 +271,7 @@ Once the kernel is installed, you need to setup ``grub2`` by running: .. code:: console - sudo grub2-install /dev/xvda + $ sudo grub2-install /dev/xvda @@ -279,7 +279,7 @@ Finally, you need to create a GRUB configuration. You may want to adjust some se .. code:: console - sudo grub2-mkconfig -o /boot/grub2/grub.cfg + $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg @@ -321,7 +321,7 @@ Install distribution kernel image, kernel headers and the grub. .. code:: console - sudo apt install linux-image-amd64 linux-headers-amd64 grub2 qubes-kernel-vm-support + $ sudo apt install linux-image-amd64 linux-headers-amd64 grub2 qubes-kernel-vm-support @@ -329,7 +329,7 @@ If you are doing that on a qube based on “Debian Minimal” template, a grub g .. code:: console - sudo grub-install /dev/xvda + $ sudo grub-install /dev/xvda @@ -383,7 +383,7 @@ Run DKMS. Replace this with actual kernel version. .. code:: console - sudo dkms autoinstall -k + $ sudo dkms autoinstall -k For example. @@ -392,7 +392,7 @@ For example. .. code:: console - sudo dkms autoinstall -k 4.19.0-6-amd64 + $ sudo dkms autoinstall -k 4.19.0-6-amd64 Update initramfs. @@ -401,7 +401,7 @@ Update initramfs. .. code:: console - sudo update-initramfs -u + $ sudo update-initramfs -u The output should look like this: diff --git a/user/advanced-topics/resize-disk-image.rst b/user/advanced-topics/resize-disk-image.rst index 9d87b527..cd622e42 100644 --- a/user/advanced-topics/resize-disk-image.rst +++ b/user/advanced-topics/resize-disk-image.rst @@ -42,7 +42,7 @@ Use either GUI tool Qube Settings (``qubes-vm-settings``) or the CLI tool ``qvm- .. code:: console - qvm-volume extend :root + $ qvm-volume extend :root @@ -50,7 +50,7 @@ OR .. code:: console - qvm-volume extend :private + $ qvm-volume extend :private @@ -117,8 +117,8 @@ Or you can take the risk of reducing the size of the disk. For example, to reduc .. code:: console - qvm-shutdown qube1 - sudo lvresize --size 1024M /dev/qubes_dom0/vm-qube1-private + $ qvm-shutdown qube1 + $ sudo lvresize --size 1024M /dev/qubes_dom0/vm-qube1-private diff --git a/user/advanced-topics/secondary-storage.rst b/user/advanced-topics/secondary-storage.rst index 8c4c4382..df3e0664 100644 --- a/user/advanced-topics/secondary-storage.rst +++ b/user/advanced-topics/secondary-storage.rst @@ -22,7 +22,7 @@ You can query qvm-pool to list available storage drivers: .. code:: console - qvm-pool --help-drivers + $ qvm-pool --help-drivers qvm-pool driver explanation: @@ -50,18 +50,15 @@ First, collect some information in a dom0 terminal: .. code:: console - sudo pvs - sudo lvs + $ sudo pvs + $ sudo lvs -Take note of the VG and thin pool names for your second drive., then register it with Qubes: +Take note of the VG and thin pool names for your second drive, then register it with Qubes, where ```` is a freely chosen pool name, ```` is LVM volume group name and ```` is LVM thin pool name: .. code:: console - # is a freely chosen pool name - # is LVM volume group name - # is LVM thin pool name - qvm-pool --add lvm_thin -o volume_group=,thin_pool=,revisions_to_keep=2 + $ qvm-pool --add lvm_thin -o volume_group=,thin_pool=,revisions_to_keep=2 @@ -79,13 +76,11 @@ It is possible to use an existing Btrfs storage if it is configured. In dom0, av btrfs show filesystem -To register the storage to qubes: +To register the storage to qubes use the following command where ```` is a freely chosen pool name adn ```` is the mounted path to the second btrfs storage: .. code:: console - # is a freely chosen pool name - # is the mounted path to the second btrfs storage - qvm-pool --add file-reflink -o dir_path=,revisions_to_keep=2 + $ qvm-pool --add file-reflink -o dir_path=,revisions_to_keep=2 Using the new pool @@ -96,22 +91,22 @@ Now, you can create qubes in that pool: .. code:: console - qvm-create -P --label red + $ qvm-create -P --label red It isn’t possible to directly migrate an existing qube to the new pool, but you can clone it there, then remove the old one: .. code:: console - qvm-clone -P - qvm-remove + $ qvm-clone -P + $ qvm-remove If that was a template, or other qube referenced elsewhere (netVM or such), you will need to adjust those references manually after moving. For example: .. code:: console - qvm-prefs template + $ qvm-prefs template Example setup of second drive. @@ -122,8 +117,8 @@ Assuming the secondary hard disk is at /dev/sdb , you can encrypt the drive as f .. code:: console - sudo cryptsetup luksFormat --sector-size=512 /dev/sdb - sudo blkid /dev/sdb + $ sudo cryptsetup luksFormat --sector-size=512 /dev/sdb + $ sudo blkid /dev/sdb @@ -146,28 +141,28 @@ First create the physical volume: .. code:: console - sudo pvcreate /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde + $ sudo pvcreate /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde Then create the LVM volume group, we will use for example “qubes” as the : .. code:: console - sudo vgcreate qubes /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde + $ sudo vgcreate qubes /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde And then use “poolhd0” as the (LVM thin pool name): .. code:: console - sudo lvcreate -T -n poolhd0 -l +100%FREE qubes + $ sudo lvcreate -T -n poolhd0 -l +100%FREE qubes Finally we will tell Qubes to add a new pool on the just created thin pool: .. code:: console - qvm-pool --add poolhd0_qubes lvm_thin -o volume_group=qubes,thin_pool=poolhd0,revisions_to_keep=2 + $ qvm-pool --add poolhd0_qubes lvm_thin -o volume_group=qubes,thin_pool=poolhd0,revisions_to_keep=2 For Btrfs @@ -179,22 +174,22 @@ First create the physical volume: .. code:: console #