Merge branch 'resolve-transifex-issues' of https://github.com/tokideveloper/qubes-doc into tokideveloper-resolve-transifex-issues

This commit is contained in:
Andrew David Wong 2021-04-19 16:00:14 -07:00
commit a660a92634
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
13 changed files with 26 additions and 26 deletions

View File

@ -19,7 +19,7 @@ assumes you're using qubes-builder to build Qubes.
# Repositories and committing Code # Repositories and committing Code
Qubes is split into a bunch of git repos. This are all contained in the Qubes is split into a bunch of git repos. These are all contained in the
`qubes-src` directory under qubes-builder. Subdirectories there are separate `qubes-src` directory under qubes-builder. Subdirectories there are separate
components, stored in separate git repositories. components, stored in separate git repositories.
@ -117,7 +117,7 @@ cd ../..
vi series.conf vi series.conf
~~~ ~~~
#### Building RPMS #### Building RPMs
TODO: Is this step generic for all subsystems? TODO: Is this step generic for all subsystems?
@ -130,13 +130,13 @@ distinguish between different versions of the same package.
You might want to take a moment here to review (git diff, git status), commit You might want to take a moment here to review (git diff, git status), commit
your changes locally. your changes locally.
To actually build RPMS, in qubes-builder: To actually build RPMs, in qubes-builder:
~~~ ~~~
make linux-kernel make linux-kernel
~~~ ~~~
RPMS will appear in qubes-src/linux-kernel/pkgs/fc20/x86\_64: RPMs will appear in qubes-src/linux-kernel/pkgs/fc20/x86\_64:
~~~ ~~~
-rw-rw-r-- 1 user user 42996126 Nov 17 04:08 kernel-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm -rw-rw-r-- 1 user user 42996126 Nov 17 04:08 kernel-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm
@ -153,7 +153,7 @@ RPMS will appear in qubes-src/linux-kernel/pkgs/fc20/x86\_64:
if all repository are tagged with signed tag. if all repository are tagged with signed tag.
2. `make show-vtags` - show version of each component (based on git tags) - 2. `make show-vtags` - show version of each component (based on git tags) -
mostly useful just before building ISO. **Note:** this will not show version mostly useful just before building ISO. **Note:** this will not show version
for components containing changes since last version tag for components containing changes since last version tag.
3. `make push` - push change from **all** repositories to git server. You must 3. `make push` - push change from **all** repositories to git server. You must
set proper remotes (see above) for all repositories first. set proper remotes (see above) for all repositories first.
4. `make prepare-merge` - fetch changes from remote repositories (can be 4. `make prepare-merge` - fetch changes from remote repositories (can be
@ -166,7 +166,7 @@ FETCH_HEAD` (in each repo directory). Or `make do-merge` to merge all of them.
When developing it is convenient to be able to rapidly test changes. Assuming When developing it is convenient to be able to rapidly test changes. Assuming
you're developing Qubes on Qubes, you should be working in a special VM for you're developing Qubes on Qubes, you should be working in a special VM for
Qubes and occasionally you will want to transfer code or rpms back to dom0 for Qubes and occasionally you will want to transfer code or RPMs back to dom0 for
testing. testing.
Here are some handy scripts Marek has shared to facilitate this. Here are some handy scripts Marek has shared to facilitate this.

View File

@ -99,7 +99,7 @@ cp example-configs/qubes-os-master.conf builder.conf
make get-sources make get-sources
# And now to build all Qubes rpms (this will take a few hours): # And now to build all Qubes RPMs (this will take a few hours):
make qubes make qubes

View File

@ -332,7 +332,7 @@ immune to altering past entries. See
in files there, no file manager, etc). in files there, no file manager, etc).
- Configure GNOME to not look into external devices plugged in (no auto - Configure GNOME to not look into external devices plugged in (no auto
mounting, device notifications etc). mounting, device notifications etc).
- Package above modifications as rpms, preferably as extra configuration files - Package above modifications as RPMs, preferably as extra configuration files
and/or plugins than overwriting existing files. Exceptions to this rule may and/or plugins than overwriting existing files. Exceptions to this rule may
apply if no other option. apply if no other option.
- Adjust comps.xml (in installer-qubes-os repo) to define package group with - Adjust comps.xml (in installer-qubes-os repo) to define package group with

View File

@ -94,7 +94,7 @@ Here are some successful projects which have been implemented in the past by Goo
**Project**: Consolidate troubleshooting guides **Project**: Consolidate troubleshooting guides
**Brief explanation**: Troubleshooting guides are scattered across many pages and sometimes incomplete, leading to repeatedly posting the same instruction over and over when helping users to diagnose problems. **Brief explanation**: Troubleshooting guides are scattered across many pages and sometimes incomplete, leading to repeatedly posting the same instruction over and over when helping users to diagnose problems.
This could be helped by writing consolidated guide with with a clear list of symptom-action layout. This could be helped by writing a consolidated guide with a clear list of symptom-action layout.
**Expected results**: **Expected results**:

View File

@ -44,7 +44,7 @@ The qubes-receive-updates script processes the untrusted input from Update VM: i
Once qubes-receive-updates finished unpacking and verifying the updates, the updates are placed in ``qubes-receive-updates`` directory in Dom0 filesystem. Those updates are now trusted. Dom0 is configured (see /etc/yum.conf in Dom0) to use this directory as a default (and only) [yum repository](https://github.com/QubesOS/qubes-core-admin-linux/blob/release2/dom0-updates/qubes-cached.repo). Once qubes-receive-updates finished unpacking and verifying the updates, the updates are placed in ``qubes-receive-updates`` directory in Dom0 filesystem. Those updates are now trusted. Dom0 is configured (see /etc/yum.conf in Dom0) to use this directory as a default (and only) [yum repository](https://github.com/QubesOS/qubes-core-admin-linux/blob/release2/dom0-updates/qubes-cached.repo).
Finally, qubes-dom0-update runs ``yum update`` that fetches the rpms from qubes-cached repo and installs them as usual. Finally, qubes-dom0-update runs ``yum update`` that fetches the RPMs from qubes-cached repo and installs them as usual.
Security benefit of our update mechanism Security benefit of our update mechanism
---------------------------------------- ----------------------------------------

View File

@ -114,7 +114,7 @@ These programs are popular because they're designed primarily to be easy to use
However, the fact that Type 2 hypervisors run under the host OS means that they're really only as secure as the host OS itself. However, the fact that Type 2 hypervisors run under the host OS means that they're really only as secure as the host OS itself.
If the host OS is ever compromised, then any VMs it hosts are also effectively compromised. If the host OS is ever compromised, then any VMs it hosts are also effectively compromised.
By contrast, Qubes uses a "Type 1" or "bare metal" hypervisor called [Xen](https://www.xenproject.org/). By contrast, Qubes uses a "Type 1" or "bare-metal" hypervisor called [Xen](https://www.xenproject.org/).
Instead of running inside an OS, Type 1 hypervisors run directly on the "bare metal" of the hardware. Instead of running inside an OS, Type 1 hypervisors run directly on the "bare metal" of the hardware.
This means that an attacker must be capable of subverting the hypervisor itself in order to compromise the entire system, which is vastly more difficult. This means that an attacker must be capable of subverting the hypervisor itself in order to compromise the entire system, which is vastly more difficult.
@ -459,10 +459,10 @@ In your TemplateVMs, open a terminal and run `sudo dnf upgrade`.
Enable "debug mode" in the qube's settings, either by checking the box labeled "Run in debug mode" in the Qubes VM Manager qube settings menu or by running the `qvm-prefs` command. Enable "debug mode" in the qube's settings, either by checking the box labeled "Run in debug mode" in the Qubes VM Manager qube settings menu or by running the `qvm-prefs` command.
### I created a usbVM and assigned usb controllers to it. Now the usbVM wont boot. ### I created a USB VM and assigned USB controllers to it. Now the USB VM won't boot.
This is probably because one of the controllers does not support reset. This is probably because one of the controllers does not support reset.
See the [USB Troubleshooting guide](/doc/usb-troubleshooting/#usbvm-does-not-boot-after-creating-and-assigning-usb-controllers-to-it). See the [USB Troubleshooting guide](/doc/usb-troubleshooting/#usb-vm-does-not-boot-after-creating-and-assigning-usb-controllers-to-it).
### I assigned a PCI device to a qube, then unassigned it/shut down the qube. Why isn't the device available in dom0? ### I assigned a PCI device to a qube, then unassigned it/shut down the qube. Why isn't the device available in dom0?
@ -554,7 +554,7 @@ A fully encrypted drive does not appear in Nautilus.
The workaround is to manually decrypt and mount the drive: The workaround is to manually decrypt and mount the drive:
1. Attach usb device to qube - it should be attached as `/dev/xvdi` or similar. 1. Attach USB device to qube - it should be attached as `/dev/xvdi` or similar.
2. `sudo cryptsetup open /dev/xvdi bk --type luks` 2. `sudo cryptsetup open /dev/xvdi bk --type luks`
3. `sudo cryptsetup status /dev/mapper/bk` (Shows useful status info.) 3. `sudo cryptsetup status /dev/mapper/bk` (Shows useful status info.)
4. `sudo mount /dev/mapper/bk /mnt` 4. `sudo mount /dev/mapper/bk /mnt`
@ -563,7 +563,7 @@ The decrypted device is now available at `/mnt` - when you have finished using i
1. `sudo umount /mnt` 1. `sudo umount /mnt`
2. `sudo cryptsetup close bk --type luks` 2. `sudo cryptsetup close bk --type luks`
3. Remove usb from qube. 3. Remove USB from qube.
### Windows Update is stuck. ### Windows Update is stuck.

View File

@ -431,16 +431,16 @@ System NetVM
#### `qvm.sys-usb` #### `qvm.sys-usb`
System UsbVM System USB VM
#### `qvm.sys-net-with-usb` #### `qvm.sys-net-with-usb`
System UsbVM bundled into NetVM. Do not enable together with `qvm.sys-usb`. System USB VM bundled into NetVM. Do not enable together with `qvm.sys-usb`.
#### `qvm.usb-keyboard` #### `qvm.usb-keyboard`
Enable USB keyboard together with USBVM, including for early system boot (for LUKS passhprase). Enable USB keyboard together with USB VM, including for early system boot (for LUKS passhprase).
This state implicitly creates a USBVM (`qvm.sys-usb` state), if not already done. This state implicitly creates a USB VM (`qvm.sys-usb` state), if not already done.
#### `qvm.sys-firewall` #### `qvm.sys-firewall`

View File

@ -54,7 +54,7 @@ Alternatively, you can create a USB qube manually as follows:
5. Recommended: Check the box on the "Basic" tab which says "Start VM automatically on boot". 5. Recommended: Check the box on the "Basic" tab which says "Start VM automatically on boot".
(This will help to mitigate attacks in which someone forces your system to reboot, then plugs in a malicious USB device.) (This will help to mitigate attacks in which someone forces your system to reboot, then plugs in a malicious USB device.)
If the USB qube will not start, please have a look at the [faq](/faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot). If the USB qube will not start, please have a look at the [faq](/faq/#i-created-a-usb-vm-and-assigned-usb-controllers-to-it-now-the-usb-vm-wont-boot).
## Enable a USB keyboard for login ## ## Enable a USB keyboard for login ##

View File

@ -114,7 +114,7 @@ This brings up the **Qubes Restore VMs** window.
4. If your backup is encrypted, you must check the **Encrypted backup** box. 4. If your backup is encrypted, you must check the **Encrypted backup** box.
If a passphrase was supplied during the creation of your backup (regardless of whether it is encrypted), then you must supply it here. If a passphrase was supplied during the creation of your backup (regardless of whether it is encrypted), then you must supply it here.
**Note:** The passphrase which was supplied when the backup was created was used for **both** encryption/decryption and integrity verification. **Note:** The passphrase which was supplied when the backup was created is used for **both** encryption/decryption and integrity verification.
If the backup was not encrypted, the supplied passphrase is used only for integrity verification. If the backup was not encrypted, the supplied passphrase is used only for integrity verification.
All backups made from a Qubes R4.0 system will be encrypted. All backups made from a Qubes R4.0 system will be encrypted.

View File

@ -114,7 +114,7 @@ Maid passphrase to the new configuration. Please consult the Anti Evil Maid
If you use USB VM, you may encounter problem with starting it on updated Xen If you use USB VM, you may encounter problem with starting it on updated Xen
version (because of strict default settings). Take a look at version (because of strict default settings). Take a look at
[User FAQ](/faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot) [User FAQ](/faq/#i-created-a-usb-vm-and-assigned-usb-controllers-to-it-now-the-usb-vm-wont-boot)
for details. for details.
Once you have upgraded dom0, you can install new templates from Qubes R3.1 Once you have upgraded dom0, you can install new templates from Qubes R3.1

View File

@ -63,7 +63,7 @@ title: System Requirements
In addition to the convenience of having a portable copy of Qubes, this allows users to test for hardware compatibility on multiple machines (e.g., at a brick-and-mortar computer In addition to the convenience of having a portable copy of Qubes, this allows users to test for hardware compatibility on multiple machines (e.g., at a brick-and-mortar computer
store) before deciding on which computer to purchase. store) before deciding on which computer to purchase.
(See [hcl-report](/doc/hcl/#generating-and-submitting-new-reports) for advice on hardware compatibility testing.) (See [hcl-report](/doc/hcl/#generating-and-submitting-new-reports) for advice on hardware compatibility testing.)
Remember to change the devices assigned to your NetVM and USBVM if you move between different machines. Remember to change the devices assigned to your NetVM and USB VM if you move between different machines.
- [Advice on finding a VT-d capable notebook](https://groups.google.com/d/msg/qubes-users/Sz0Nuhi4N0o/ZtpJdoc0OY8J). - [Advice on finding a VT-d capable notebook](https://groups.google.com/d/msg/qubes-users/Sz0Nuhi4N0o/ZtpJdoc0OY8J).
- You can check whether an Intel processor has VT-x and VT-d on [ark.intel.com](https://ark.intel.com/content/www/us/en/ark.html#@Processors). - You can check whether an Intel processor has VT-x and VT-d on [ark.intel.com](https://ark.intel.com/content/www/us/en/ark.html#@Processors).

View File

@ -53,7 +53,7 @@ Therefore, it is up to each individual Qubes user to evaluate the relative risk
For example, a user who frequently travels with a Qubes laptop holding sensitive data may be at a much higher risk of Evil Maid attacks than a home user with a stationary Qubes desktop. For example, a user who frequently travels with a Qubes laptop holding sensitive data may be at a much higher risk of Evil Maid attacks than a home user with a stationary Qubes desktop.
If the frequent traveler judges her risk of an Evil Maid attack to be higher than the risk of a malicious USB device, she might reasonably opt to install and use AEM. If the frequent traveler judges her risk of an Evil Maid attack to be higher than the risk of a malicious USB device, she might reasonably opt to install and use AEM.
On the other hand, the home user might deem the probability of an Evil Maid attack occurring in her own home to be so low that there is a higher probability that any USB drive she purchases is already compromised, in which case she might reasonably opt never to attach any USB devices directly to dom0. On the other hand, the home user might deem the probability of an Evil Maid attack occurring in her own home to be so low that there is a higher probability that any USB drive she purchases is already compromised, in which case she might reasonably opt never to attach any USB devices directly to dom0.
(In either case, users can--and should--secure dom0 against further USB-related attacks through the use of a [USBVM](https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md#creating-and-using-a-usbvm).) (In either case, users can--and should--secure dom0 against further USB-related attacks through the use of a [USB VM](https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md#creating-and-using-a-usbvm).)
For more information, please see [this discussion thread](https://groups.google.com/d/msg/qubes-devel/EBc4to5IBdg/n1hfsHSfbqsJ). For more information, please see [this discussion thread](https://groups.google.com/d/msg/qubes-devel/EBc4to5IBdg/n1hfsHSfbqsJ).

View File

@ -34,7 +34,7 @@ After attaching a device to a qube, upon attempting to use the device results in
As a first line of defense, increase the amount of memory given to the USB VM (sys-usb). High-bandwidth devices such as webcams have been [observed](https://github.com/QubesOS/qubes-issues/issues/6200) to need more memory in sys-usb. If increasing the amount of memory does not resolve the issue, check kernel logs within sys-usb as well as the attached qube for errors before filing a bug report. As a first line of defense, increase the amount of memory given to the USB VM (sys-usb). High-bandwidth devices such as webcams have been [observed](https://github.com/QubesOS/qubes-issues/issues/6200) to need more memory in sys-usb. If increasing the amount of memory does not resolve the issue, check kernel logs within sys-usb as well as the attached qube for errors before filing a bug report.
## usbVM does not boot after creating and assigning USB controllers to it ## USB VM does not boot after creating and assigning USB controllers to it
This is probably because one of the controllers does not support reset. This is probably because one of the controllers does not support reset.
In Qubes R2 any such errors were ignored. In Qubes R3.x they are not. In Qubes R2 any such errors were ignored. In Qubes R3.x they are not.
@ -43,7 +43,7 @@ In R4.x, devices that are automatically added to sys-net and sys-usb on install
A device that does not support reset is not ideal and generally should not be assigned to a VM. A device that does not support reset is not ideal and generally should not be assigned to a VM.
Most likely the offending controller is a USB 3.0 device. Most likely the offending controller is a USB 3.0 device.
You can remove this controller from the usbVM, and see if this allows the VM to boot. You can remove this controller from the USB VM, and see if this allows the VM to boot.
Alternatively you may be able to disable USB 3.0 in the BIOS. Alternatively you may be able to disable USB 3.0 in the BIOS.
If the BIOS does not have the option to disable USB 3.0, try running the following command in dom0 to force USB 2.0 modes for the USB ports: If the BIOS does not have the option to disable USB 3.0, try running the following command in dom0 to force USB 2.0 modes for the USB ports: