merged QubesBuilder.md

basics/UserFaq.md

@@ -63,7 +63,7 @@ The other two popular [approaches](http://theinvisiblethings.blogspot.com/2008/0
 
 ### What about safe languages and formally verified microkernels?
 
-In short: these are non-realistic solutions today. We discuss this in further depth in our [Architecture Specification document](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf).
+In short: these are non-realistic solutions today. We discuss this in further depth in our [Architecture Specification document](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf).
 
 ### Why does Qubes use virtualization?
 
@@ -75,7 +75,7 @@ No! This would not make much sense. Qubes uses lightweight VMs to create securit
 
 ### Why does Qubes use Xen instead of KVM or some other hypervisor?
 
-In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our [Architecture Specification document](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf).
+In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our [Architecture Specification document](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf).
 
 ### What about this other/new (micro)kernel/hypervisor?
 

configuration/TorVM.md

@@ -104,6 +104,11 @@ Installation
 
         [user@torvm] $ sudo service qubes-tor restart
 
+4. You may need to manually create the private data directory and set its permissions:
+
+        [user@torvm] $ sudo mkdir /rw/usrlocal/lib/qubes-tor
+        [user@torvm] $ sudo chown user:user /rw/usrlocal/lib/qubes-tor
+
 Usage
 =====
 

developers/SystemDoc.md

@@ -11,7 +11,7 @@ System Documentation for Developers
 Fundamentals
 ------------
  * [Qubes OS Architecture Overview](/doc/QubesArchitecture/)
- * [Qubes OS Architecture Spec v0.3 [PDF]](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf) (The original 2009 document that started this all...)
+ * [Qubes OS Architecture Spec v0.3 [PDF]](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf) (The original 2009 document that started this all...)
  * [Security-critical elements of Qubes OS](/doc/SecurityCriticalCode/)
  * Qubes RPC: [`qrexec` v2](/doc/Qrexec/) ([R2 implementation](/doc/Qrexec2Implementation/))
  * Qubes RPC: [`qrexec` v3](/doc/Qrexec3/) ([R3 implementation](/doc/Qrexec3Implementation/)) (Odyssey)

developers/building/QubesBuilder.md

@@ -26,71 +26,56 @@ In order to use it one should use an rpm-based distro, like Fedora :) and should
 
 Unusually one can install those packages by just issuing:
 
-~~~
-sudo yum install git createrepo rpm-build make wget rpmdevtools python-sh dialog rpm-sign
-~~~
+    sudo yum install git createrepo rpm-build make wget rpmdevtools python-sh dialog rpm-sign
 
 The build system creates build environments in chroots and so no other packages are needed on the host. All files created by the build system are contained within the qubes-builder directory. The full build requires some 25GB of free space, so keep that in mind when deciding where to place this directory.
 
 The build system is configured via builder.conf file -- one should copy the attached builder.conf.default, and modify it as needed, e.g.:
 
-~~~
-cp builder.conf.default builder.conf 
-# edit the builder.conf file and set the following variables: 
-# (make sure to leave no spaces around '=' sign!) 
-NO_SIGN=1
-
-# As time of writing this, the default for Qubes 2 Dom0 is fc20
-# and VMs is fc20 so if you want to build Qubes 2
-DIST_DOM0=fc20
-DISTS_VM=fc20
-~~~
+    cp example-configs/qubes-os-master.conf builder.conf 
+    # edit the builder.conf file and set the following variables: 
+    NO_SIGN=1
 
 One additional useful requirement is that 'sudo root' work without any prompt, which is default on most distros (e.g. 'sudo bash' brings you the root shell without asking for any password). This is important as the builder needs to switch to root and then back to user several times during the build process.
 
 Additionally, if building with signing enabled (so NO\_SIGN is not set), one must adjust \~/.rpmmacro file so that it point to the GPG key used for package signing, e.g.:
 
-~~~
-%_signature gpg
-%_gpg_path /home/user/.gnupg
-%_gpg_name AC1BF9B3  # <-- Key ID used for signing
-~~~
+    %_signature gpg
+    %_gpg_path /home/user/.gnupg
+    %_gpg_name AC1BF9B3  # <-- Key ID used for signing
 
 It is also recommended to use an empty passphrase for the private key used for signing. Contrary to a popular belief, this doesn't affect your key or sources security -- if somebody compromised your system, then the game is over, whether you use additional passphrase for the key or not.
 
 So, to build Qubes one would do:
 
-~~~
-# Import the Qubes master key 
-gpg --recv-keys 0x36879494 
-
-# Verify its fingerprint, set as 'trusted'. 
-# This is described here: 
-# https://www.qubes-os.org/doc/VerifyingSignatures
-
-wget http://keys.qubes-os.org/keys/qubes-developers-keys.asc 
-gpg --import qubes-developers-keys.asc 
-
-git clone git://github.com/QubesOS/qubes-builder.git qubes-builder 
-cd qubes-builder 
-
-cp example-configs/qubes-os-master.conf builder.conf 
-# edit the builder.conf file and set the following variables: 
-# (make sure to leave no spaces around '=' sign!) 
-# NO_SIGN="1"
-
-# Download all components:
-
-make get-sources
-
-# And now to build all Qubes rpms (this will take a few hours): 
-
-make qubes 
-
-# ... and then to build the ISO 
-
-make iso 
-~~~
+    # Import the Qubes master key 
+    gpg --recv-keys 0x36879494 
+    
+    # Verify its fingerprint, set as 'trusted'. 
+    # This is described here: 
+    # https://www.qubes-os.org/doc/VerifyingSignatures
+    
+    wget http://keys.qubes-os.org/keys/qubes-developers-keys.asc 
+    gpg --import qubes-developers-keys.asc 
+    
+    git clone git://github.com/QubesOS/qubes-builder.git qubes-builder 
+    cd qubes-builder 
+    
+    cp example-configs/qubes-os-master.conf builder.conf 
+    # edit the builder.conf file and set the following variables: 
+    # NO_SIGN="1"
+    
+    # Download all components:
+    
+    make get-sources
+    
+    # And now to build all Qubes rpms (this will take a few hours): 
+    
+    make qubes 
+    
+    # ... and then to build the ISO 
+    
+    make iso 
 
 And this should produce a shiny new ISO.
 
@@ -114,38 +99,34 @@ If you want to somehow modify sources, you can also do it, here are some basic s
 2.  Edit builder.conf (still the same as above), some useful additions:
     -   You can also set GIT\_PREFIX="marmarek/qubes-" to use my repo instead of "mainstream" - it contains newer (but less tested) versions
 
-1.  Download unmodified sources
+3.  Download unmodified sources
 
-    make get-sources
+        make get-sources
 
-1.  **Make your modifications here**
+4.  **Make your modifications here**
 
-1.  Build the Qubes
+5.  Build the Qubes
      `make qubes` actually is just meta target which build all required
      components in correct order. List of components is configured in
      builder.conf. You can also check the current value at the end of `make
      help`, or using `make build-info`. 
 
-> `get-sources` is already done, so continue with the next one. You can skip `sign-all` if you've disabled signing
->
-> ~~~
-> make xen core kernel gui addons docs template kde-dom0 installer qubes-manager dom0-updates
-> ~~~
+6. `get-sources` is already done, so continue with the next one. You can skip `sign-all` if you've disabled signing
+
+        make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates
 
 1.  build iso installation image
 
-    make iso
+        make iso
 
 Code verification keys management
 =================================
 
 [QubesBuilder](/doc/QubesBuilder/) by default verifies signed tags on every downloaded code. Public keys used for that are stored in `keyrings/git`. By default Qubes developers' keys are imported automatically, but if you need some additional keys (for example your own), you can add them using:
 
-~~~
-GNUPGHOME=$PWD/keyrings/git gpg --import /path/to/key.asc
-GNUPGHOME=$PWD/keyrings/git gpg --edit-key ID_OF_JUST_IMPORTED_KEY
-# here use "trust" command to set key fully or ultimately trusted - only those keys are accepted by QubesBuilder
-~~~
+    GNUPGHOME=$PWD/keyrings/git gpg --import /path/to/key.asc
+    GNUPGHOME=$PWD/keyrings/git gpg --edit-key ID_OF_JUST_IMPORTED_KEY
+    # here use "trust" command to set key fully or ultimately trusted - only those keys are accepted by QubesBuilder
 
 All Qubes developers' keys are signed by the Qubes Master Signing Key (which is set as ultimately trusted key), so are trusted automatically.
 

developers/fundamentals/QubesArchitecture.md

@@ -29,3 +29,4 @@ Key Architecture features
 -   Qubes GUI provides isolation between apps sharing the same desktop
 -   Secure system boot based (optional)
 
+[Architecture Spec v0.3 [PDF]](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf) (The original 2009 document that started this all...)