mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-05-02 14:56:13 -04:00
Merge branch 'master' into spelling-grammar-fixes
Resolved conflicts in:
basics_user/doc-guidelines.md
basics_user/reporting-bugs.md
common-tasks/backup-restore.md
common-tasks/software-update-dom0.md
common-tasks/software-update-vm.md
common-tasks/usb.md
configuration/disk-trim.md
configuration/external-audio.md
configuration/network-printer.md
configuration/resize-disk-image.md
configuration/resize-root-disk-image.md
customization/fedora-minimal-template-customization.md
managing-os/hvm.md
managing-os/templates/archlinux.md
privacy/whonix-install.md
security/yubi-key.md
troubleshooting/install-nvidia-driver.md
troubleshooting/macbook-troubleshooting.md
This commit is contained in:
Marek Marczykowski-Górecki
commit
919f2ed17e
123 changed files with 2914 additions and 1254 deletions
|
|
@ -71,7 +71,7 @@ If you want to circumvent this process, you can create the relevant filestructur
|
|||
|
||||
* Files that exist in the TemplateVM root image cannot be deleted in the TemplateBasedVMs root image using bind-dirs.sh.
|
||||
* Re-running `sudo /usr/lib/qubes/bind-dirs.sh` without a previous `sudo /usr/lib/qubes/bind-dirs.sh umount` does not work.
|
||||
* Running 'sudo /usr/lib/qubes/bind-dirs.sh umount' after boot (before shutdown) is probably not sane and nothing can be done about that.
|
||||
* Running `sudo /usr/lib/qubes/bind-dirs.sh umount` after boot (before shutdown) is probably not sane and nothing can be done about that.
|
||||
* Many editors create a temporary file and copy it over the original file. If you have bind mounted an individual file this will break the mount.
|
||||
Any changes you make will not survive a reboot. If you think it likely you will want to edit a file, then either include the parent directory in bind-dirs.rather than the file, or perform the file operation on the file in /rw/bind-dirs.
|
||||
* Some files are altered when a qube boots - e.g. /etc/hosts. If you try to use bind-dirs on such files you may break your qube in unpredictable ways.
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ Disposable VM Customization
|
|||
Changing the DVM Template
|
||||
-------------------------
|
||||
|
||||
You may want to use a non-default template the [DVM Template](/doc/glossary/#dvm-template). One example is to use a less-trusted template with some less trusted, 3rd party, often unsigned, applications installed, such as e.g. 3rd part printer drivers.
|
||||
You may want to use a non-default template the [DVM Template](/doc/glossary/#dvm-template). One example is to use a less-trusted template with some less trusted, third-party, often unsigned, applications installed, such as e.g. third-party printer drivers.
|
||||
|
||||
In order to regenerate the Disposable VM "snapshot" (called 'savefile' on Qubes) one can use the following command in Dom0:
|
||||
|
||||
|
|
|
|||
|
|
@ -13,11 +13,14 @@ FEDORA Packages Recommendations
|
|||
Template installation
|
||||
------------------------------
|
||||
|
||||
> [dom0]#qubes-dom0-update qubes-template-fedora-21-minimal
|
||||
> [dom0]#qubes-dom0-update qubes-template-fedora-26-minimal
|
||||
|
||||
*Note*: the template may not start in Qubes R3 when using kernel 3.19 (unstable). In this case, switch the AppVM or TemplateVM to the kernel 3.18.
|
||||
|
||||
*Note*: If you have doubts about a set of tools or package you want to install, start installing and testing it in an AppVM. You can then reproduce it later in your TemplateVM if you are satisfied. That is the (Qubes OS?) template philosophy.
|
||||
*Note*: If you have doubts about a set of tools or package you want to install, start installing and testing it in an AppVM.
|
||||
You can then reproduce it later in your TemplateVM if you are satisfied.
|
||||
That is the template philosophy in QubesOS.
|
||||
|
||||
For more information on the uses of a minimal template read [this page][Minimal].
|
||||
|
||||
Standard tools installation
|
||||
================
|
||||
|
|
@ -25,28 +28,32 @@ Standard tools installation
|
|||
Administration (documented)
|
||||
---------------------------------------------
|
||||
|
||||
sudo pciutils vim-minimal less tcpdump telnet psmisc nmap nmap-ncat usbutils
|
||||
> sudo pciutils vim-minimal less tcpdump telnet psmisc nmap nmap-ncat usbutils
|
||||
|
||||
*Notes*: nmap can be used to discover a network (nmap -sP [network]), especially if you are inside a Microsoft network, because your AppVM will be protected/NATted behind Qubes firewall (Microsoft / home network are heavily using autodiscovery technologies which require to be in the same local network (no firewall/no NAT), eg: your printer).
|
||||
*Notes*: nmap can be used to discover hosts on a network (nmap -sP [network]), especially if you are inside a Microsoft network, because your AppVM will be protected/NATted behind the Qubes firewall.
|
||||
(Microsoft / home networks make heavy use of autodiscovery technologies which require clients to be in the same local network (no firewall/no NAT), eg: your printer.)
|
||||
|
||||
Some recommendation here: check your current network using the Network manager applet (eg: 192.168.1.65). Then run nmap in your current AppVM/TemplateVM to search for the selected printer/equipment: nmap -sP 192.168.1.-. Don't forget to temporarily allow traffic via the Qubes Firewall if you are inside a TemplateVM.
|
||||
Some recommendations here: check your current network using the Network manager applet (eg: 192.168.1.65).
|
||||
Then run nmap in your current AppVM/TemplateVM to search for the selected printer/equipment:
|
||||
nmap -sP 192.168.1.-.
|
||||
Don't forget to temporarily allow traffic via the Qubes Firewall if you are doing this in a TemplateVM.
|
||||
|
||||
Administration (undocumented)
|
||||
-------------------------------------------------
|
||||
|
||||
openssh keepassx openssl gnome-keyring man
|
||||
> openssh keepassx openssl gnome-keyring man
|
||||
|
||||
Dependency note: keepassx rely on qt which takes ~30MB
|
||||
|
||||
Network VM (documented)
|
||||
----------------------------------------
|
||||
|
||||
NetworkManager NetworkManager-wifi network-manager-applet wireless-tools dbus-x11 tar tinyproxy
|
||||
> NetworkManager NetworkManager-wifi network-manager-applet wireless-tools dbus-x11 tar tinyproxy iptables
|
||||
|
||||
Network VM (undocumented)
|
||||
--------------------------------------------
|
||||
|
||||
which dconf dconf-editor
|
||||
> which dconf dconf-editor
|
||||
|
||||
*Notes*: which is required for autostart scripts
|
||||
|
||||
|
|
@ -55,36 +62,35 @@ which dconf dconf-editor
|
|||
Network VM (manual operations - documented)
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Search for a wireless firmware matching your wireless card (to be launched in network VM)
|
||||
Search for wireless firmware matching your wireless card (to be launched in network VM)
|
||||
|
||||
> lspci; yum search firmware
|
||||
> lspci; dnf search firmware
|
||||
|
||||
ProxyVM/NetworkVM for 3G Modems
|
||||
=====================
|
||||
--------------------------------------------
|
||||
|
||||
ModemManager NetworkManager-wwan usb_modeswitch modem-manager-gui
|
||||
> ModemManager NetworkManager-wwan usb_modeswitch modem-manager-gui
|
||||
|
||||
Dependency note: modem-manager-gui rely on webkit-gtk and is optional (NetworkManager can handle the modem alone)
|
||||
Dependency note: modem-manager-gui relies on webkit-gtk and is optional (NetworkManager can handle the modem alone)
|
||||
|
||||
Source: [3GMODEM]
|
||||
|
||||
ProxyVM for VPNs
|
||||
==========
|
||||
--------------------------------------------
|
||||
|
||||
Search for a VPN package for your particular vpn solution
|
||||
Search for a VPN package for your particular vpn solution then [configure][VPNNM] NetworkManager
|
||||
|
||||
> yum search NetworkManager [openconnect|openswat|...]
|
||||
> dnf search NetworkManager [openvpn\|openconnect\|openswat\|...]
|
||||
|
||||
OR
|
||||
|
||||
For manual handling of VPN (and because NetworkManager is not available in proxyVMs, check the Qubes-users mail threads on google group)
|
||||
Refer to [this guide][VPN] which includes instructions for failsafe anti-leak VPN configuration using CLI scripts. (An early discussion about OpenVPN configuration can be viewed [here][OPENVPNSETUP].) Required packages will be `iptables` in addition to VPN software such as `openvpn`.
|
||||
|
||||
(cprise started a good one on openvpn: [OPENVPNSETUP] "[qubes-users] OpenVPN Setup, Revisited Again!")
|
||||
|
||||
Printer Setup
|
||||
========
|
||||
--------------------------------------------
|
||||
|
||||
system-config-printer system-config-printer-applet cups
|
||||
> system-config-printer system-config-printer-applet cups
|
||||
|
||||
Dependency Note: depends on python3 + python3 additional libraries which takes more than 40 M once installed.
|
||||
|
||||
|
|
@ -99,29 +105,28 @@ Manual operations
|
|||
|
||||
- Once you identified your printer, run system-config-printer GUI to install your printer
|
||||
|
||||
- You may need to cancel the operation to install more adapted printer drivers (eg: if the driver cannot be found automatically). Use yum search printername to find potential drivers (eg yum search photosmart)
|
||||
- You may need to cancel the operation to install more adapted printer drivers (eg: if the driver cannot be found automatically). Use dnf search printername to find potential drivers (eg dnf search photosmart)
|
||||
|
||||
GUI recommendations
|
||||
=============
|
||||
======================
|
||||
|
||||
Lightweight packages recommendations
|
||||
---------------------------------------------------------------
|
||||
|
||||
lxterminal dejavu-sans-mono-fonts dejavu-sans-fonts gnome-settings-daemon
|
||||
> lxterminal dejavu-sans-mono-fonts dejavu-sans-fonts gnome-settings-daemon
|
||||
|
||||
*Note*: You need to install sans-mono fonts for the terminal or it will be unreadable (overlapping characters....), while the sans fonts are just to get nicer GUI menus.
|
||||
|
||||
*Scite* is a nice notepad that can also highlight scripts with very light dependencies
|
||||
> scite
|
||||
|
||||
scite
|
||||
*Meld* allows easy comparison of two text files/ two configuration files.
|
||||
|
||||
*Meld* allow comparing two text files/ two configuration files easily.
|
||||
|
||||
meld
|
||||
> meld
|
||||
|
||||
*Thunar* is a light file manager usually used by xfce
|
||||
|
||||
thunar thunar-volman ntfs-3g
|
||||
> thunar thunar-volman ntfs-3g
|
||||
|
||||
Dependency Note: xfce4 dependencies (but still quite light ~1.4M downloads)
|
||||
|
||||
|
|
@ -130,7 +135,9 @@ Miscellaneous packages
|
|||
|
||||
*pycairo* package is needed for file's contextual menu "Send to VM" to function (to actually popup dialog box and enter VM's name where the file will be sent to).
|
||||
|
||||
*pinentry-gtk* package is responsible for pop-up dialog window where you enter password for your password protected gpg key. Install this package in machine holding your password protected gpg keys. If you do not use password protected gpg keys, there is no need to install this package.
|
||||
*pinentry-gtk* package is responsible for pop-up dialog window where you enter password for your password protected gpg key.
|
||||
Install this package in the qube holding your password protected gpg keys.
|
||||
If you do not use password protected gpg keys, there is no need to install this package.
|
||||
|
||||
GUI themes
|
||||
-----------------
|
||||
|
|
@ -147,9 +154,9 @@ The appearance of Windows can only be changed in dom0, however, the appearance o
|
|||
|
||||
Choose theme packages for each framework. I recommend the following documentation [THEMEPACKAGES]
|
||||
|
||||
clearlooks-phenix-gtk2-theme clearlooks-phenix-gtk3-theme
|
||||
> clearlooks-phenix-gtk2-theme clearlooks-phenix-gtk3-theme
|
||||
|
||||
You can search for other themes using yum search theme gtk
|
||||
You can search for other themes using dnf search theme gtk
|
||||
|
||||
You can check your currently installed theme packages (to eventually remove them) using rpm -qa | grep theme
|
||||
|
||||
|
|
@ -279,3 +286,9 @@ Two case:
|
|||
[DCONF2]: https://wiki.gnome.org/Projects/dconf/SystemAdministrators
|
||||
|
||||
[UNIFORMTHEME]: https://wiki.archlinux.org/index.php/Uniform_look_for_Qt_and_GTK_applications
|
||||
|
||||
[Minimal]: ../templates/fedora-minimal/
|
||||
|
||||
[VPNNM]: ../vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager
|
||||
|
||||
[VPN]: ../vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ Installation
|
|||
------------
|
||||
|
||||
Prior to R3.2, KDE was the default desktop environment in Qubes. Beginning with
|
||||
R3.2, however, [XFCE is the new default desktop environment](https://www.qubes-os.org/doc/releases/3.2/release-notes/). Nonetheless, it is
|
||||
R3.2, however, [XFCE is the new default desktop environment](/doc/releases/3.2/release-notes/). Nonetheless, it is
|
||||
still possible to install KDE by issuing this command in dom0:
|
||||
|
||||
$ sudo qubes-dom0-update @kde-desktop-qubes
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ XFCE installation in dom0
|
|||
**Disclaimer: The article is obsolete for Qubes OS 3.2 and later.**
|
||||
|
||||
Prior to R3.2, KDE was the default desktop environment in Qubes. Beginning with
|
||||
R3.2 [XFCE is the new default desktop environment](https://www.qubes-os.org/doc/releases/3.2/release-notes/) and does not require manual installation.
|
||||
R3.2 [XFCE is the new default desktop environment](/doc/releases/3.2/release-notes/) and does not require manual installation.
|
||||
|
||||
|
||||
Installation:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue