Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-05-02 06:46:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

replaced all github flavored code blocks with fenced kramdown code blocks

Browse source
This commit is contained in:
Jeepler 2015-09-27 01:00:33 +02:00
parent df467baf1c
commit 39ef7373fd
58 changed files with 609 additions and 609 deletions
Download patch file Download diff file Expand all files Collapse all files

32
common-tasks/BackupEmergencyRestoreV2.md
View file

@ -15,7 +15,7 @@ The Qubes backup system has been designed with emergency disaster recovery in mi
1. Untar the main backup file.
```
~~~
[user@restore ~]$ tar -i -xvf qubes-backup-2013-12-26-123456
backup-header
backup-header.hmac
@ -31,17 +31,17 @@ The Qubes backup system has been designed with emergency disaster recovery in mi
vm1/whitelisted-appmenus.list.000.hmac
dom0-home/dom0user.000
dom0-home/dom0user.000.hmac
```
~~~
1. Verify the integrity of the `private.img` file which houses your data.
```
~~~
[user@restore ~]$ cd vm1/
[user@restore vm1]$ openssl dgst -sha512 -hmac "your_passphrase" private.img.000
HMAC-SHA512(private.img.000)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
[user@restore vm1]$ cat private.img.000.hmac
(stdin)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
```
~~~
**Note:** The hash values should match. If they do not match, then the backup file may have been tampered with, or there may have been a storage error.
@ -49,59 +49,59 @@ The Qubes backup system has been designed with emergency disaster recovery in mi
1. Decrypt the `private.img` file.
```
~~~
[user@restore vm1]$ openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in private.img.000 -out private.img.dec.000
```
~~~
**Note:** For multi-part files, a loop can be used:
```
~~~
for f in private.img.*; do
openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in $f -out
${f/.img/.img.dec}
done
```
~~~
**Note:** If your backup was encrypted with a cipher algorithm other than `aes-256-cbc`, you must substitute the correct cipher command. A complete list of supported cipher algorithms can be found with `openssl list-cipher-algorithms`.
1. Decompress the decrypted `private.img` file.
```
~~~
[user@restore vm1]$ zforce private.img.dec.*
[user@restore vm1]$ gunzip private.img.dec.000.gz
```
~~~
**Note:** If your backup was compressed with a program other than `gzip`, you must substitute the correct compression program.
1. Untar the decrypted and decompressed `private.img` file.
```
~~~
[user@restore vm1]$ tar -M -xvf private.img.dec.000
vm1/private.img
```
~~~
**Note:** For multi-part files, a script is required:
1. Create a `new-volume-script`:
```
~~~
#!/bin/sh
name=`expr $TAR_ARCHIVE : '\(.*\)\..*'`
suffix=`printf %03d $[ $TAR_VOLUME - 1 ]`
echo $name.$suffix >&$TAR_FD
```
~~~
2. `chmod +x new-volume-script`.
3. `tar --new-volume-script=./new-volume-script -xvf private.img.dec.000`. (The `--new-volume-script` option enables multi-volume untaring.)
1. Mount the private.img file and access your data.
```
~~~
[user@restore vm1]$ sudo mkdir /mnt/img
[user@restore vm1]$ sudo mount -o loop vm1/private.img /mnt/img/
[user@restore vm1]$ cat /mnt/img/home/user/your_data.txt
This data has been successfully recovered!
```
~~~
**Note:** You may wish to store a plain text copy of these instructions with your Qubes backups in the event that you fail to recall the above procedure while this web page is inaccessible. You may obtain a plaintext version of this file in Git repository housing all the documentation at:

12
common-tasks/CopyPaste.md
View file

@ -52,22 +52,22 @@ Clipboard automatic policy enforcement
The Qubes clipboard policy is configurable in:
```
~~~
/etc/qubes-rpc/policy/qubes.ClipboardPaste
```
~~~
You may wish to configure this policy in order to prevent user error. For example, if you are certain that you never wish to paste *into* your "vault" AppVM (and it is highly recommended that you do not), then you should edit the policy as follows:
```
~~~
$anyvm vault deny
$anyvm $anyvm ask
```
~~~
Shortcut Configuration
----------------------
The copy/paste shortcuts are configurable in:
```
~~~
/etc/qubes/guid.conf
```
~~~

8
common-tasks/CopyToDomZero.md
View file

@ -12,15 +12,15 @@ First, there should normally be few reasons for the user to want to copy files f
For this reason we intentionally do not provide a convenient tool for copying files between VMs and Dom0 (while we provide a tool for copying files between VMs). However, if you're determined to copy some files to Dom0 anyway, you can use the following method (run this command from Dom0's console):
```
~~~
qvm-run --pass-io <src_domain> 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0
```
~~~
BTW, you can use the same method to copy files from Dom0 to VMs:
```
~~~
cat /path/to/file_in_dom0 | qvm-run --pass-io <dst_domain> 'cat > /path/to/file_name_in_appvm'
```
~~~
### Copying logs from dom0

12
common-tasks/DisposableVms.md
View file

@ -38,9 +38,9 @@ Opening a file in a Disposable VM via command line (from AppVM)
Use the `qvm-open-in-dvm` command line (from your AppVM), e.g.:
```
~~~
[user@work-pub ~]$ qvm-open-in-dvm Downloads/apple-sandbox.pdf
```
~~~
The qvm-open-in-dvm will not exit until you close the application in the Disposable VM.
@ -49,9 +49,9 @@ Starting an arbitrary application in a disposable VM via command line (from Dom0
**Note:** Normally there should be no need for doing this -- this is just for Qubes hackers ;)
```
~~~
[joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red
```
~~~
In fact the Disposable VM appmenu used for starting Firefox contains a very similar command to the above. Please note, however, that it generally makes little sense to start any other application other than a Web Browser this way...
@ -60,9 +60,9 @@ Starting an arbitrary program in a Disposable VM from an AppVM
Sometimes it might be useful to start an arbitrary program, such as e.g. terminal in an Disposable VM from an AppVM. This could be simply done this way:
```
~~~
[user@vault ~]$ qvm-run '$dispvm' xterm
```
~~~
Note the above command is issued in an AppVM, not in Dom0. The created Disposable VM can be normally accessed via other tools, such as e.g. `qvm-copy-to-vm`, using its 'dispX' name, as shown by the Qubes Manager or `qvm-ls` tools.

8
common-tasks/FullScreenMode.md
View file

@ -30,19 +30,19 @@ If you want to enable full screen mode for select VMs, you can do that by creati
**Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ))
```
~~~
VM: {
personal: {
allow_fullscreen = true;
};
};
```
~~~
The string 'personal' above is exemplary and should be replaced by the actual name of the VM for which you want to enable this functionality.
One can also enable this functionality for all the VMs globally in the same file, by modifying the 'global' section:
```
~~~
global: {
# default values
allow_fullscreen = true;
@ -51,6 +51,6 @@ global: {
#secure_paste_sequence = "Ctrl-Shift-v";
#windows_count_limit = 500;
};
```
~~~
Be sure to restart the VM(s) after modifying this file, for the changes to take effect.

24
common-tasks/SoftwareUpdateDom0.md
View file

@ -35,15 +35,15 @@ Of course, command line tools are still available for accomplishing various upda
1. To check and install updates for dom0 software:
```
~~~
$ sudo qubes-dom0-update
```
~~~
1. To install additional packages in dom0 (usually not recommended):
```
~~~
$ sudo qubes-dom0-update anti-evil-maid
```
~~~
You may also pass the `--enablerepo=` option in order to enable optional repositories (see yum configuration in dom0). However, this is only for advanced users who really understand what they are doing.
@ -51,30 +51,30 @@ Of course, command line tools are still available for accomplishing various upda
1. Download an older version of the package:
```
~~~
sudo qubes-dom0-update package-version
```
~~~
Yum will say that there is no update, but the package will nonetheless be downloaded to dom0.
1. Downgrade the packge:
```
~~~
sudo yum downgrade package-version
```
~~~
### Kernel Upgrade ###
Install newer kernel. The following example installs kernel 3.19 and was tested on Qubes R3 RC1.
```
~~~
sudo qubes-dom0-update kernel-3.19*
```
~~~
Rebuild grub config.
```
~~~
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
```
~~~
Reboot required.

16
common-tasks/SoftwareUpdateVM.md
View file

@ -72,9 +72,9 @@ Sometime it might be convenient to have a VM that has its own filesystem, where
In order to create a standalone VM you can use a command line like this (from console in Dom0):
```
~~~
qvm-create <vmname> --standalone --label <label>
```
~~~
... or click appropriate options in the Qubes Manager's Create VM window.
@ -85,9 +85,9 @@ It's also possible to have more than one template VM in the system. E.g. one cou
When you create a new domain you can choose which template this VM should be based on. If you use command line, you should use the `--template` switch:
```
~~~
qvm-create <vmname> --template <templatename> --label <label>
```
~~~
Temporarily allowing networking for software installation
---------------------------------------------------------
@ -111,15 +111,15 @@ The proxy is running in selected VMs (by default all the NetVMs (1)) and interce
1. Updates proxy: It is running as "qubes-yum-proxy" service. Startup script of this service setup firewall rule to intercept proxy traffic:
```
~~~
iptables -t nat -A PR-QBS-SERVICES -d 10.137.255.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT
```
~~~
1. VM using the proxy service Startup script (qubes-misc-post service) configure yum using /etc/yum.conf.d/qubes-proxy.conf file. It can either contain
```
~~~
proxy=http://10.137.255.254:8082/
```
~~~
line, or be empty. Note that this file is specifically included from main yum.conf, yum does not support real conf.d configuration style...