Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-10-12 18:40:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add prompts to all code blocks with bash session

Browse source
This commit is contained in:
qubedmaiska 2025-08-15 16:49:01 -04:00 committed by parulin
parent 6c987d00d4
commit 43493b38e6
No known key found for this signature in database
GPG key ID: 65099A5B0E31336C
72 changed files with 513 additions and 497 deletions
Download patch file Download diff file Expand all files Collapse all files

34
developer/building/development-workflow.rst
View file

@ -40,7 +40,7 @@ In ``qubes-builder/artifacts/sources/linux-kernel``:
.. code:: console
make prep
$ make prep
@ -48,7 +48,7 @@ The resulting tree will be in kernel-<VERSION>/linux-<VERSION>:
.. code:: console
ls -ltrd kernel*/linux*
$ ls -ltrd kernel*/linux*
drwxr-xr-x 23 user user 4096 Nov 5 09:50 kernel-3.4.18/linux-3.4.18
drwxr-xr-x 6 user user 4096 Nov 21 20:48 kernel-3.4.18/linux-obj
@ -62,7 +62,7 @@ In ``qubes-builder/artifacts/sources/linux-kernel``:
.. code:: console
cd kernel-3.4.18/linux-3.4.18
$ cd kernel-3.4.18/linux-3.4.18
@ -74,8 +74,8 @@ In ``kernel-3.4.18/linux-3.4.18``:
.. code:: console
cp ../../config .config
make oldconfig
$ cp ../../config .config
$ make oldconfig
@ -83,7 +83,7 @@ Now change the configuration. For example, in ``kernel-3.4.18/linux-3.4.18``:
.. code:: console
make menuconfig
$ make menuconfig
@ -91,7 +91,7 @@ Copy the modified config back into the kernel tree:
.. code:: console
cp .config ../../../config
$ cp .config ../../../config
@ -103,20 +103,20 @@ TODO: describe the workflow for patching the code, below are some random notes,
.. code:: console
ln -s ../../patches.xen
export QUILT_PATCHES=patches.xen
export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
export QUILT_SERIES=../../series-pvops.conf
$ ln -s ../../patches.xen
$ export QUILT_PATCHES=patches.xen
$ export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
$ export QUILT_SERIES=../../series-pvops.conf
quilt new patches.xen/pvops-3.4-0101-usb-xen-pvusb-driver-bugfix.patch
quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \
$ quilt new patches.xen/pvops-3.4-0101-usb-xen-pvusb-driver-bugfix.patch
$ quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \
drivers/usb/host/xen-usbback/* drivers/usb/host/xen-usbfront.c \
include/xen/interface/io/usbif.h
*edit something*
quilt refresh
cd ../..
$ quilt refresh
$ cd ../..
vi series.conf
@ -133,7 +133,7 @@ To actually build RPMs, in qubes-builder:
.. code:: console
./qb -c linux-kernel package fetch prep build
$ ./qb -c linux-kernel package fetch prep build
@ -398,7 +398,7 @@ Then use ``make update-repo-unstable`` to upload the packages. You can also spec
.. code:: console
make COMPONENTS="core-agent-linux gui-agent-linux linux-utils" qubes update-repo-unstable
$ make COMPONENTS="core-agent-linux gui-agent-linux linux-utils" qubes update-repo-unstable

4
developer/building/qubes-builder-v2.rst
View file

@ -38,8 +38,8 @@ This is a simple setup using a docker executor. This is a good default choice; i
.. code:: console
git clone https://github.com/QubesOS/qubes-builderv2
cd qubes-builderv2/
$ git clone https://github.com/QubesOS/qubes-builderv2
$ cd qubes-builderv2/
4. If you havent previously used docker in the current qube, you need to set up some permissions. In particular, the user has to be added to the ``docker`` group:

40
developer/building/qubes-builder.rst
View file

@ -55,17 +55,23 @@ Usually you can install those packages by just issuing:
.. code:: console
sudo dnf install gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog rpm-sign dpkg-dev debootstrap python3-pyyaml devscripts perl-Digest-MD5 perl-Digest-SHA
$ sudo dnf install gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog rpm-sign dpkg-dev debootstrap python3-pyyaml devscripts perl-Digest-MD5 perl-Digest-SHA
The build system creates build environments in chroots and so no other packages are needed on the host. All files created by the build system are contained within the qubes-builder directory. The full build requires some 25GB of free space, so keep that in mind when deciding where to place this directory.
The build system is configured via builder.conf file. You can use the setup.sh script to create and modify this file. Alternatively, you can copy the provided default builder.conf, and modify it as needed, e.g.:
.. code:: console
cp example-configs/qubes-os-master.conf builder.conf
# edit the builder.conf file and set the following variables:
$ cp example-configs/qubes-os-master.conf builder.conf
Edit the builder.conf file and set the following variables:
.. code:: bash
NO_SIGN=1
@ -87,36 +93,36 @@ So, to build Qubes you would do:
.. code:: console
# Import the Qubes master key
gpg --recv-keys 0xDDFA1A3E36879494
$ gpg --recv-keys 0xDDFA1A3E36879494
# Verify its fingerprint, set as 'trusted'.
# This is described here:
# https://www.qubes-os.org/doc/VerifyingSignatures
wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
gpg --import qubes-developers-keys.asc
$ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
$ gpg --import qubes-developers-keys.asc
git clone https://github.com/QubesOS/qubes-builder.git qubes-builder
cd qubes-builder
$ git clone https://github.com/QubesOS/qubes-builder.git qubes-builder
$ cd qubes-builder
# Verify its integrity:
git tag -v `git describe`
$ git tag -v `git describe`
cp example-configs/qubes-os-master.conf builder.conf
$ cp example-configs/qubes-os-master.conf builder.conf
# edit the builder.conf file and set the following variables:
# NO_SIGN="1"
# Download all components:
make get-sources
$ make get-sources
# And now to build all Qubes RPMs (this will take a few hours):
make qubes
$ make qubes
# ... and then to build the ISO
make iso
$ make iso
And this should produce a shiny new ISO.
@ -125,7 +131,7 @@ You can also build selected component separately. Eg. to compile only gui virtua
.. code:: console
make gui-daemon
$ make gui-daemon
You can get a full list from make help.
@ -154,7 +160,7 @@ You can also modify sources somehow if you wish. Here are some basic steps:
.. code:: console
make get-sources
$ make get-sources
4. **Make your modifications here**
@ -165,14 +171,14 @@ You can also modify sources somehow if you wish. Here are some basic steps:
.. code:: console
make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates
$ make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates
7. build iso installation image
.. code:: console
make iso
$ make iso

60
developer/building/qubes-iso-building.rst
View file

@ -17,14 +17,14 @@ Fedora 36 (and 37) has been successfully used to build Qubes R4.1 with the below
.. code:: console
sudo setenforce 0
$ sudo setenforce 0
In ``dom0``, install the Fedora 36 (or 37) template if you dont already have it.
.. code:: console
sudo qubes-dom0-update qubes-template-fedora-36
$ sudo qubes-dom0-update qubes-template-fedora-36
@ -66,9 +66,9 @@ Now lets bootstrap the builder. Unfortunately, the builder cannot verify itse
.. code:: console
git clone https://github.com/QubesOS/qubes-builder.git
cd qubes-builder
git tag -v `git describe`
$ git clone https://github.com/QubesOS/qubes-builder.git
$ cd qubes-builder
$ git tag -v `git describe`
@ -120,8 +120,8 @@ Continue the build process with:
.. code:: console
make install-deps
make get-sources
$ make install-deps
$ make get-sources
@ -133,8 +133,8 @@ Finally, if you are making a test build, use:
.. code:: console
make qubes
make iso
$ make qubes
$ make iso
@ -142,9 +142,9 @@ Or for a fully signed build (this requires setting ``SIGN_KEY`` in ``builder.con
.. code:: console
make qubes
make sign-all
make iso
$ make qubes
$ make sign-all
$ make iso
@ -160,9 +160,9 @@ If you will be building Whonix templates:
.. code:: console
cd ~
gpg --keyserver pgp.mit.edu --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
$ cd ~
$ gpg --keyserver pgp.mit.edu --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
$ gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
@ -185,11 +185,11 @@ Next, prepare the Git keyring directory and copy them in:
.. code:: console
export GNUPGHOME=~/qubes-builder/keyrings/git
mkdir --parents "$GNUPGHOME"
cp ~/.gnupg/pubring.gpg "$GNUPGHOME"
cp ~/.gnupg/trustdb.gpg "$GNUPGHOME"
chmod --recursive 700 "$GNUPGHOME"
$ export GNUPGHOME=~/qubes-builder/keyrings/git
$ mkdir --parents "$GNUPGHOME"
$ cp ~/.gnupg/pubring.gpg "$GNUPGHOME"
$ cp ~/.gnupg/trustdb.gpg "$GNUPGHOME"
$ chmod --recursive 700 "$GNUPGHOME"
@ -197,8 +197,8 @@ Copy one of the example configurations:
.. code:: console
cd ~/qubes-builder
cp example-configs/qubes-os-master.conf builder.conf
$ cd ~/qubes-builder
$ cp example-configs/qubes-os-master.conf builder.conf
@ -208,9 +208,9 @@ Continue the build process with:
.. code:: console
make install-deps
make get-sources
unset GNUPGHOME
$ make install-deps
$ make get-sources
$ unset GNUPGHOME
@ -220,8 +220,8 @@ Finally, if you are making a test build, use:
.. code:: console
make qubes
make iso
$ make qubes
$ make iso
@ -229,9 +229,9 @@ Or for a fully signed build (this requires setting ``SIGN_KEY`` in ``builder.con
.. code:: console
make qubes
make sign-all
make iso
$ make qubes
$ make sign-all
$ make iso

16
developer/code/code-signing.rst
View file

@ -91,7 +91,7 @@ If youre submitting a patch via GitHub (or a similar Git server), please sign
.. code:: console
git config --global user.signingkey <KEYID>
$ git config --global user.signingkey <KEYID>
@ -99,14 +99,14 @@ If youre submitting a patch via GitHub (or a similar Git server), please sign
.. code:: console
git config --global commit.gpgsign true
$ git config --global commit.gpgsign true
Alternatively, manually specify when a commit is to be signed:
.. code:: console
git commit -S
$ git commit -S
@ -116,7 +116,7 @@ If youre submitting a patch via GitHub (or a similar Git server), please sign
.. code:: console
git tag -s <tag_name> -m "<tag_message>"
$ git tag -s <tag_name> -m "<tag_message>"
You can also create an alias to make this easier. Edit your ``~/.gitconfig`` file. In the ``[alias]`` section, add ``stag`` to create signed tags and ``spush`` to create signed tags and push them.
@ -172,14 +172,14 @@ In this case, you have several options to sign the commit:
.. code:: console
git commit --amend -S
$ git commit --amend -S
This also rewrites the commit so you need to push it forcefully:
.. code:: console
git push -f
$ git push -f
@ -187,8 +187,8 @@ In this case, you have several options to sign the commit:
.. code:: console
git checkout <commit>
git spush
$ git checkout <commit>
$ git spush
Now, the signature checker needs to re-check the signature. Please comment on the pull request that you would like to have the signatures checked again.

8
developer/code/source-code.rst
View file

@ -21,7 +21,7 @@ To clone a repository:
.. code:: console
git clone https://github.com/QubesOS/qubes-<repo_name>.git <repo_name>
$ git clone https://github.com/QubesOS/qubes-<repo_name>.git <repo_name>
@ -29,7 +29,7 @@ e.g.:
.. code:: console
git clone https://github.com/QubesOS/qubes-core-admin.git core-admin
$ git clone https://github.com/QubesOS/qubes-core-admin.git core-admin
@ -39,8 +39,8 @@ If you really do want to clone **all** of the repositories, you can use these co
.. code:: console
curl "https://api.github.com/orgs/QubesOS/repos?page=1&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone
curl "https://api.github.com/orgs/QubesOS/repos?page=2&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone
$ curl "https://api.github.com/orgs/QubesOS/repos?page=1&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone
$ curl "https://api.github.com/orgs/QubesOS/repos?page=2&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone

20
developer/debugging/automated-tests.rst
View file

@ -119,7 +119,7 @@ Tests are also compatible with nose2 test runner, so you can use this instead:
.. code:: console
sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd
$ sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd
This may be especially useful together with various nose2 plugins to store tests results (for example ``nose2.plugins.junitxml``), to ease presenting results. This is what we use on `OpenQA <https://open.qa/>`__.
@ -140,15 +140,15 @@ Assuming you cloned the ``qubes-builder`` repository to your home directory insi
.. code:: console
cd ~
sudo dnf install python3-pip lvm2 python35 python3-virtualenv
virtualenv -p /usr/bin/python35 python35
source python35/bin/activate
python3 -V
cd ~/qubes-builder/qubes-src/core-admin
pip3 install -r ci/requirements.txt
export PYTHONPATH=../core-qrexec:test-packages
./run-tests
$ cd ~
$ sudo dnf install python3-pip lvm2 python35 python3-virtualenv
$ virtualenv -p /usr/bin/python35 python35
$ source python35/bin/activate
$ python3 -V
$ cd ~/qubes-builder/qubes-src/core-admin
$ pip3 install -r ci/requirements.txt
$ export PYTHONPATH=../core-qrexec:test-packages
$ ./run-tests
To run only the tests related to e.g. ``lvm``, you may use:

2
developer/debugging/safe-remote-ttys.rst
View file

@ -70,7 +70,7 @@ If your machine has a serial console, you may with to use that, but note that a
.. code:: console
script -f /dev/ttyS0
$ script -f /dev/ttyS0

34
developer/debugging/test-bench.rst
View file

@ -96,11 +96,11 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
.. code:: console
sudo systemctl enable sshd
sudo systemctl start sshd
$ sudo systemctl enable sshd
$ sudo systemctl start sshd
sudo systemctl enable dom0-network-direct
sudo systemctl start dom0-network-direct
$ sudo systemctl enable dom0-network-direct
$ sudo systemctl start dom0-network-direct
@ -123,26 +123,26 @@ The following commands should work for you, but do keep in mind that the provisi
# https://github.com/marmarek/openqa-tests-qubesos/blob/master/tests/update.pm
# Install git
sudo qubes-dom0-update git || sudo dnf --setopt=reposdir=/etc/yum.repos.d install git
$ sudo qubes-dom0-update git || sudo dnf --setopt=reposdir=/etc/yum.repos.d install git
# Download the openQA automated testing environment Salt configuration
git clone https://github.com/marmarek/openqa-tests-qubesos/
cd openqa-tests-qubesos/extra-files
sudo cp -a system-tests/ /srv/salt/
sudo qubesctl top.enable system-tests
$ git clone https://github.com/marmarek/openqa-tests-qubesos/
$ cd openqa-tests-qubesos/extra-files
$ sudo cp -a system-tests/ /srv/salt/
$ sudo qubesctl top.enable system-tests
# Install the same configuration as the one in openQA
QUBES_VERSION=4.1
PILLAR_DIR=/srv/pillar/base/update
sudo mkdir -p $PILLAR_DIR
printf 'update:\n qubes_ver: '$QUBES_VERSION'\n' | sudo tee $PILLAR_DIR/init.sls
printf "base:\n '*':\n - update\n" | sudo tee $PILLAR_DIR/init.top
sudo qubesctl top.enable update pillar=True
$ QUBES_VERSION=4.1
$ PILLAR_DIR=/srv/pillar/base/update
$ sudo mkdir -p $PILLAR_DIR
$ printf 'update:\n qubes_ver: '$QUBES_VERSION'\n' | sudo tee $PILLAR_DIR/init.sls
$ printf "base:\n '*':\n - update\n" | sudo tee $PILLAR_DIR/init.top
$ sudo qubesctl top.enable update pillar=True
# Apply states to dom0 and VMs
# NOTE: These commands can take several minutes (if not more) without showing output
sudo qubesctl --show-output state.highstate
sudo qubesctl --max-concurrency=2 --skip-dom0 --templates --show-output state.highstate
$ sudo qubesctl --show-output state.highstate
$ sudo qubesctl --max-concurrency=2 --skip-dom0 --templates --show-output state.highstate
Development VM

6
developer/releases/1_0/release-notes.rst
View file

@ -19,8 +19,8 @@ Known issues
.. code:: console
qvm-prefs -s fedora-17-x64-dvm maxmem 3072
qvm-create-default-dvm --default-template --default-script
$ qvm-prefs -s fedora-17-x64-dvm maxmem 3072
$ qvm-create-default-dvm --default-template --default-script
@ -58,6 +58,6 @@ If you have Qubes Beta 3 currently installed on your system, you must reinstall
.. code:: console
qvm-backup-restore <backup_dir> --replace-template=fedora-15-x64:fedora-17-x64
$ qvm-backup-restore <backup_dir> --replace-template=fedora-15-x64:fedora-17-x64

2
developer/releases/4_0/release-notes.rst
View file

@ -66,7 +66,7 @@ Security Notes
.. code:: console
sudo nano /etc/yum.repos.d/qubes-dom0.repo
$ sudo nano /etc/yum.repos.d/qubes-dom0.repo

10
developer/services/qrexec-internals.rst
View file

@ -144,7 +144,7 @@ dom0: request execution of ``cmd`` in domX
.. code:: console
qrexec-client -d domX [-l local_program] user:cmd
$ qrexec-client -d domX [-l local_program] user:cmd
@ -191,7 +191,7 @@ domX: request execution of service ``admin.Service`` in dom0
.. code:: console
qrexec-client-vm dom0 admin.Service [local_program] [params]
$ qrexec-client-vm dom0 admin.Service [local_program] [params]
@ -217,7 +217,7 @@ domX: request execution of service ``admin.Service`` in dom0
.. code:: console
qrexec-client -d dom0 -c domX,X,SOCKET11 "QUBESRPC admin.Service domX name dom0"
$ qrexec-client -d dom0 -c domX,X,SOCKET11 "QUBESRPC admin.Service domX name dom0"
@ -260,7 +260,7 @@ domX: invoke execution of qubes service ``qubes.Service`` in domY
.. code:: console
qrexec-client-vm domY qubes.Service [local_program] [params]
$ qrexec-client-vm domY qubes.Service [local_program] [params]
@ -278,7 +278,7 @@ domX: invoke execution of qubes service ``qubes.Service`` in domY
.. code:: console
qrexec-client -d domY -c domX,X,SOCKET11 user:cmd "DEFAULT:QUBESRPC qubes.Service domX"
$ qrexec-client -d domY -c domX,X,SOCKET11 user:cmd "DEFAULT:QUBESRPC qubes.Service domX"

14
developer/services/qrexec-socket-services.rst
View file

@ -122,8 +122,8 @@ Start the socket using ``systemctl --user start``. Enable it using ``systemctl -
.. code:: console
systemctl --user start qubes-qrexec-policy-agent.socket
systemctl --user enable qubes-qrexec-policy-agent.socket
$ systemctl --user start qubes-qrexec-policy-agent.socket
$ systemctl --user enable qubes-qrexec-policy-agent.socket
@ -131,7 +131,7 @@ Alternatively, you can enable the service by creating a symlink:
.. code:: console
sudo ln -s /lib/systemd/user/qubes-qrexec-policy-agent.socket /lib/systemd/user/sockets.target.wants/
$ sudo ln -s /lib/systemd/user/qubes-qrexec-policy-agent.socket /lib/systemd/user/sockets.target.wants/
@ -143,7 +143,7 @@ Link in qubes-rpc
.. code:: console
sudo ln -s /var/run/qubes/policy-agent.sock /etc/qubes-rpc/policy.Ask
$ sudo ln -s /var/run/qubes/policy-agent.sock /etc/qubes-rpc/policy.Ask
@ -157,7 +157,7 @@ Install the Python systemd library:
.. code:: console
sudo dnf install python3-systemd
$ sudo dnf install python3-systemd
@ -240,7 +240,7 @@ The service is invoked in the same way as a standard Qubes RPC service:
.. code:: console
echo <input_data> | qrexec-client -d domX 'DEFAULT:QUBESRPC policy.Ask'
$ echo <input_data> | qrexec-client -d domX 'DEFAULT:QUBESRPC policy.Ask'
@ -248,7 +248,7 @@ You can also connect to it locally, but remember to include the service descript
.. code:: console
echo -e 'policy.Ask dom0\0<input data>' | nc -U /etc/qubes-rpc/policy.Ask
$ echo -e 'policy.Ask dom0\0<input data>' | nc -U /etc/qubes-rpc/policy.Ask

2
developer/services/qrexec.rst
View file

@ -248,7 +248,7 @@ Well need to create a service called ``test.Add`` with its own definition and
.. code:: console
ln -s /usr/bin/our_test_add_server /etc/qubes-rpc/test.Add
$ ln -s /usr/bin/our_test_add_server /etc/qubes-rpc/test.Add

2
developer/services/qrexec2.rst
View file

@ -114,7 +114,7 @@ In order to remove such authorization, issue this command from a Dom0 terminal (
.. code:: console
sudo nano /etc/qubes-rpc/policy/qubes.Filecopy
$ sudo nano /etc/qubes-rpc/policy/qubes.Filecopy
and then remove any line(s) ending in “allow” (before the first ``##`` comment) which are the “Yes to All” results.

4
developer/system/networking.rst
View file

@ -121,7 +121,7 @@ Starting with Qubes 4.0, there is opt-in support for IPv6 forwarding. Similar to
.. code:: console
qvm-features sys-net ipv6 1
$ qvm-features sys-net ipv6 1
@ -129,7 +129,7 @@ It is also possible to explicitly disable IPv6 support for some qubes, even if i
.. code:: console
qvm-features ipv4-only-qube ipv6 ''
$ qvm-features ipv4-only-qube ipv6 ''