merge upstream and add rst version of the how to edit Markdown and Markdown and website style guide docs

.gitignore

@@ -1 +1,2 @@
 _build
+**/__pycache__/*

CONTRIBUTING.md

@@ -2,11 +2,11 @@
 
 Thank you for your interest in contributing to `qubes-doc`, the Qubes OS
 Project's dedicated documentation repository! Please see [how to edit the
-documentation](https://www.qubes-os.org/doc/how-to-edit-the-documentation/) for
+documentation](https://doc.qubes-os.org/developer/general/how-to-edit-the-documentation.html) for
 detailed contribution instructions.
 
 In addition, please take a moment to read our [documentation style
-guide](https://www.qubes-os.org/doc/documentation-style-guide/) before
+guide](https://doc.qubes-os.org/developer/general/documentation-style-guide.html) before
 contributing. These guidelines are important to maintaining high standards of
 quality, and following them will increase the likelihood that your contribution
 will be accepted.

README.md

@@ -8,4 +8,4 @@ regularly pulling from this repo, users can maintain their own up-to-date
 offline copy of all Qubes documentation rather than relying solely on the Web.
 
 To contribute, please see [how to edit the
-documentation](https://www.qubes-os.org/doc/how-to-edit-the-documentation/).
+documentation](https://doc.qubes-os.org/developer/general/how-to-edit-the-documentation.html).

_dev/index.rst

@@ -18,6 +18,9 @@ This is documentation for the source code. Please choose specific repostitory:
 
 
 
+   qubes-core-qrexec <>
+.. _qubes-core-qrexec: /projects/qubes-core-qrexec
+
 
 
 Or see the main Qubes OS documentation <https://www.qubes-os.org/doc/>

conf.py

@@ -32,6 +32,7 @@ extensions = [
   'sphinx.ext.autosectionlabel',
   'sphinxnotes.strike',
   'sphinx_reredirects',
+  'sphinxext.opengraph',
   'youtube_frame',
 ]
 
@@ -42,12 +43,8 @@ redirects = {
         "https://www.qubes-os.org/downloads/mirrors/",
     "developer/general/visual-style-guide":
         "https://www.qubes-os.org/doc/visual-style-guide/",
-    "developer/general/website-style-guide":
-        "https://www.qubes-os.org/doc/website-style-guide/",
     "user/downloading-installing-upgrading/downloads":
         "https://www.qubes-os.org/downloads/",
-    "developer/general/how-to-edit-the-documentation":
-        "https://www.qubes-os.org/doc/how-to-edit-the-documentation/",
 }
 
 
@@ -86,6 +83,9 @@ html_static_path = ['attachment/doc']
 
 html_use_opensearch = "https://doc.qubes-os.org"
 
+html_logo = "attachment/icons/128x128/apps/qubes-logo-icon.png"
+html_favicon = "attachment/icons/favicon-16x16.png"
+
 # -- -- Options for the linkcheck builder ------------------------------------
 
 linkcheck_anchors = False
@@ -95,6 +95,8 @@ linkcheck_ignore = [r'^https?://[^/\s]+\.onion']
 
 autosectionlabel_prefix_document = True
 
+ogp_image = "https://www.qubes-os.org/attachment/icons/qubes-logo-icon-name-slogan-fb.png"
+ogp_image_alt = False
 
 # -- HTML configuration ------------------------------------------------------
 
@@ -116,3 +118,10 @@ locale_dirs = ['_translated']
 gettext_compact = False
 
 gettext_uuid = True
+
+# -- -- Options for markup ---------------------------------------------------
+
+rst_epilog = """
+.. |debian-codename| replace:: bookworm
+.. |debian-version| replace:: 12
+"""

developer/building/development-workflow.rst

@@ -40,7 +40,7 @@ In ``qubes-builder/artifacts/sources/linux-kernel``:
 
 .. code:: console
 
-      make prep
+      $ make prep
 
 
 
@@ -48,7 +48,7 @@ The resulting tree will be in kernel-<VERSION>/linux-<VERSION>:
 
 .. code:: console
 
-      ls -ltrd kernel*/linux*
+      $ ls -ltrd kernel*/linux*
       drwxr-xr-x 23 user user 4096 Nov  5 09:50 kernel-3.4.18/linux-3.4.18
       drwxr-xr-x  6 user user 4096 Nov 21 20:48 kernel-3.4.18/linux-obj
 
@@ -62,7 +62,7 @@ In ``qubes-builder/artifacts/sources/linux-kernel``:
 
 .. code:: console
 
-      cd kernel-3.4.18/linux-3.4.18
+      $ cd kernel-3.4.18/linux-3.4.18
 
 
 
@@ -74,8 +74,8 @@ In ``kernel-3.4.18/linux-3.4.18``:
 
 .. code:: console
 
-      cp ../../config .config
-      make oldconfig
+      $ cp ../../config .config
+      $ make oldconfig
 
 
 
@@ -83,7 +83,7 @@ Now change the configuration. For example, in ``kernel-3.4.18/linux-3.4.18``:
 
 .. code:: console
 
-      make menuconfig
+      $ make menuconfig
 
 
 
@@ -91,7 +91,7 @@ Copy the modified config back into the kernel tree:
 
 .. code:: console
 
-      cp .config ../../../config
+      $ cp .config ../../../config
 
 
 
@@ -103,20 +103,20 @@ TODO: describe the workflow for patching the code, below are some random notes,
 
 .. code:: console
 
-      ln -s ../../patches.xen
-      export QUILT_PATCHES=patches.xen
-      export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
-      export QUILT_SERIES=../../series-pvops.conf
+      $ ln -s ../../patches.xen
+      $ export QUILT_PATCHES=patches.xen
+      $ export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
+      $ export QUILT_SERIES=../../series-pvops.conf
 
-      quilt new patches.xen/pvops-3.4-0101-usb-xen-pvusb-driver-bugfix.patch
-      quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \
+      $ quilt new patches.xen/pvops-3.4-0101-usb-xen-pvusb-driver-bugfix.patch
+      $ quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \
               drivers/usb/host/xen-usbback/* drivers/usb/host/xen-usbfront.c \
               include/xen/interface/io/usbif.h
 
       *edit something*
 
-      quilt refresh
-      cd ../..
+      $ quilt refresh
+      $ cd ../..
       vi series.conf
 
 
@@ -133,7 +133,7 @@ To actually build RPMs, in qubes-builder:
 
 .. code:: console
 
-      ./qb -c linux-kernel package fetch prep build
+      $ ./qb -c linux-kernel package fetch prep build
 
 
 
@@ -398,7 +398,7 @@ Then use ``make update-repo-unstable`` to upload the packages. You can also spec
 
 .. code:: console
 
-      make COMPONENTS="core-agent-linux gui-agent-linux linux-utils" qubes update-repo-unstable
+      $ make COMPONENTS="core-agent-linux gui-agent-linux linux-utils" qubes update-repo-unstable
 
 
 

developer/building/qubes-builder-v2.rst

@@ -2,7 +2,6 @@
 Qubes builder v2
 ================
 
-
 This is a brief introduction to using Qubes Builder v2 to work with Qubes OS sources. It will walk you through installing and configuring Builder v2, and using it to fetch and build Qubes OS packages.
 
 For details and customization, use `Qubes OS v2 builder documentation <https://github.com/QubesOS/qubes-builderv2/>`__.
@@ -10,40 +9,29 @@ For details and customization, use `Qubes OS v2 builder documentation <https://g
 Overview
 --------
 
-
 In the second generation of Qubes OS builder, container or disposable qube isolation is used to perform every stage of the build and release process. From fetching sources to building, everything is executed inside an isolated *cage* (either a disposable or a container) using an *executor*. For every command that needs to perform an action on sources, like cloning and verifying Git repos, rendering a SPEC file, generating SRPM or Debian source packages, a new cage is used. Only the signing, publishing, and uploading stages are executed locally outside a cage.
 
 Setup
 -----
 
-
 This is a simple setup using a docker executor. This is a good default choice; if you don’t know which executor to use, use docker.
 
 1. First, decide what qube you are going to use when working with Qubes Builder v2. It can be an AppVM or a Standalone qube, with some steps different between the two.
 
 2. Installing dependencies
 
-   - If you want to use an app qube for developing, install dependencies in the template. If you are using a standalone, install them in the qube itself. Dependencies are specified in ``dependencies-*. txt`` files in the main builder directory, and you can install them easily in the following ways:
+   If you want to use an app qube for developing, install dependencies in the template. If you are using a standalone, install them in the qube itself. Dependencies are specified in ``dependencies-*. txt`` files in the main builder directory, and you can install them easily in the following ways:
 
+   - for Fedora, use:
 
-
-   1. for Fedora, use:
-
-
-
-   .. code:: console
+      .. code:: console
 
          $ sudo dnf install $(cat dependencies-fedora.txt)
          $ test -f /usr/share/qubes/marker-vm && sudo dnf install qubes-gpg-split
 
+   - for Debian (note: some Debian packages require Debian version 13 or later), use:
 
-   2. for Debian (note: some Debian packages require Debian version 13 or later), use:
-
-
-
-
-
-   .. code:: console
+      .. code:: console
 
          $ sudo apt install $(cat dependencies-debian.txt)
          $ test -f /usr/share/qubes/marker-vm && sudo apt install qubes-gpg-split
@@ -54,9 +42,8 @@ This is a simple setup using a docker executor. This is a good default choice; i
 
    .. code:: console
 
-         git clone https://github.com/QubesOS/qubes-builderv2
-         cd qubes-builderv2/
-
+         $ git clone https://github.com/QubesOS/qubes-builderv2
+         $ cd qubes-builderv2/
 
 4. If you haven’t previously used docker in the current qube, you need to set up some permissions. In particular, the user has to be added to the ``docker`` group:
 
@@ -78,14 +65,9 @@ This is a simple setup using a docker executor. This is a good default choice; i
 
          binds+=( '/var/lib/docker' )
 
-
-
-
-
 Configuration
 -------------
 
-
 To use Qubes OS Builder v2, you need to have a ``builder.yml`` configuration file. You can use one of the sample files from the ``example-configs/`` directory; for a more readable ``builder.yml``, you can also include one of the files from that directory in your ``builder.yml``. An example ``builder.yml`` is:
 
 .. code:: yaml
@@ -116,19 +98,15 @@ To use Qubes OS Builder v2, you need to have a ``builder.yml`` configuration fil
         options:
           image: "qubes-builder-fedora:latest"
 
-
-
 Using Builder v2
 ----------------
 
-
 To fetch sources - in this example, for the ``core-admin-client`` package, you can use the following command:
 
 .. code:: console
 
       $ ./qb -c core-admin-client package fetch
 
-
 This will fetch the sources for the listed package and place them in ``artifacts/sources`` directory.
 
 To build a package (from sources in the ``artifacts/sources`` directory), use:
@@ -137,19 +115,16 @@ To build a package (from sources in the ``artifacts/sources`` directory), use:
 
       $ ./qb -c core-admin-client package fetch prep build
 
-
 or, if you want to build for a specific target (``host-fc37`` is a ``dom0`` using Fedora 37, ``vm-fc40`` would be a qube using Fedora 40 etc.), use:
 
 .. code:: console
 
       $ ./qb -c core-admin-client -d host-fc37 package fetch prep build
 
-
 If you want to fetch the entire Qubes OS source use the following:
 
 .. code:: console
 
       $ ./qb package fetch
 
-
 **caution**: some repositories might have additional requirements. You can disable repositories that are not needed in the ``example-configs/*.yml`` file you are using by commenting them out. In particular, ``python-fido2``, ``lvm`` and ``windows``-related repositories have special requirements.

developer/building/qubes-builder.rst

@@ -1,3 +1,5 @@
+:orphan:
+
 =============
 Qubes builder
 =============
@@ -55,17 +57,23 @@ Usually you can install those packages by just issuing:
 
 .. code:: console
 
-      sudo dnf install gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog rpm-sign dpkg-dev debootstrap python3-pyyaml devscripts perl-Digest-MD5 perl-Digest-SHA
+      $ sudo dnf install gnupg git createrepo rpm-build make wget rpmdevtools python3-sh dialog rpm-sign dpkg-dev debootstrap python3-pyyaml devscripts perl-Digest-MD5 perl-Digest-SHA
 
 
 The build system creates build environments in chroots and so no other packages are needed on the host. All files created by the build system are contained within the qubes-builder directory. The full build requires some 25GB of free space, so keep that in mind when deciding where to place this directory.
 
 The build system is configured via builder.conf file. You can use the setup.sh script to create and modify this file. Alternatively, you can copy the provided default builder.conf, and modify it as needed, e.g.:
 
+
 .. code:: console
 
-      cp example-configs/qubes-os-master.conf builder.conf
-      # edit the builder.conf file and set the following variables:
+      $ cp example-configs/qubes-os-master.conf builder.conf
+
+
+Edit the builder.conf file and set the following variables:
+
+.. code:: bash
+
       NO_SIGN=1
 
 
@@ -84,39 +92,64 @@ It is also recommended that you use an empty passphrase for the private key used
 
 So, to build Qubes you would do:
 
+Import the Qubes master key:
+
 .. code:: console
 
-      # Import the Qubes master key
-      gpg --recv-keys 0xDDFA1A3E36879494
+      $ gpg --recv-keys 0xDDFA1A3E36879494
 
-      # Verify its fingerprint, set as 'trusted'.
-      # This is described here:
-      # https://www.qubes-os.org/doc/VerifyingSignatures
 
-      wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
-      gpg --import qubes-developers-keys.asc
+Verify its fingerprint, set as 'trusted'. This is described :doc:`here </project-security/verifying-signatures>`.
 
-      git clone https://github.com/QubesOS/qubes-builder.git qubes-builder
-      cd qubes-builder
+.. code:: console
 
-      # Verify its integrity:
-      git tag -v `git describe`
+      $ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
+      $ gpg --import qubes-developers-keys.asc
+
+      $ git clone https://github.com/QubesOS/qubes-builder.git qubes-builder
+      $ cd qubes-builder
+
+
+Verify its integrity:
+
+.. code:: console
+
+      $ git tag -v `git describe`
+
+
+Copy the example ``builder.conf``:
+
+.. code:: console
+
+      $ cp example-configs/qubes-os-master.conf builder.conf
+
+
+Edit the builder.conf file and set the following variables:
+
+.. code:: bash
 
-      cp example-configs/qubes-os-master.conf builder.conf
-      # edit the builder.conf file and set the following variables:
       # NO_SIGN="1"
 
-      # Download all components:
 
-      make get-sources
+Download all components:
 
-      # And now to build all Qubes RPMs (this will take a few hours):
+.. code:: console
 
-      make qubes
+      $ make get-sources
 
-      # ... and then to build the ISO
 
-      make iso
+And now to build all Qubes RPMs (this will take a few hours):
+
+.. code:: console
+
+      $ make qubes
+
+
+... and then to build the ISO
+
+.. code:: console
+
+      $ make iso
 
 
 And this should produce a shiny new ISO.
@@ -125,7 +158,7 @@ You can also build selected component separately. Eg. to compile only gui virtua
 
 .. code:: console
 
-      make gui-daemon
+      $ make gui-daemon
 
 
 You can get a full list from make help.
@@ -146,7 +179,7 @@ You can also modify sources somehow if you wish. Here are some basic steps:
 
 
 
-- You can also set GIT_PREFIX=“marmarek/qubes-” to use marmarek’s repo instead of “mainstream” - it contains newer (but less tested) versions
+  - You can also set GIT_PREFIX=“marmarek/qubes-” to use marmarek’s repo instead of “mainstream” - it contains newer (but less tested) versions
 
 
 
@@ -154,7 +187,7 @@ You can also modify sources somehow if you wish. Here are some basic steps:
 
    .. code:: console
 
-         make get-sources
+         $ make get-sources
 
 
 4. **Make your modifications here**
@@ -165,14 +198,14 @@ You can also modify sources somehow if you wish. Here are some basic steps:
 
    .. code:: console
 
-         make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates
+         $ make vmm-xen core-admin linux-kernel gui-daemon template desktop-linux-kde installer-qubes-os manager linux-dom0-updates
 
 
 7. build iso installation image
 
    .. code:: console
 
-         make iso
+         $ make iso
 
 
 

developer/building/qubes-iso-building.rst

@@ -17,14 +17,14 @@ Fedora 36 (and 37) has been successfully used to build Qubes R4.1 with the below
 
 .. code:: console
 
-      sudo setenforce 0
+      $ sudo setenforce 0
 
 
 In ``dom0``, install the Fedora 36 (or 37) template if you don’t already have it.
 
 .. code:: console
 
-      sudo qubes-dom0-update qubes-template-fedora-36
+      $ sudo qubes-dom0-update qubes-template-fedora-36
 
 
 
@@ -66,9 +66,9 @@ Now let’s bootstrap the builder. Unfortunately, the builder cannot verify itse
 
 .. code:: console
 
-      git clone https://github.com/QubesOS/qubes-builder.git
-      cd qubes-builder
-      git tag -v `git describe`
+      $ git clone https://github.com/QubesOS/qubes-builder.git
+      $ cd qubes-builder
+      $ git tag -v `git describe`
 
 
 
@@ -120,8 +120,8 @@ Continue the build process with:
 
 .. code:: console
 
-      make install-deps
-      make get-sources
+      $ make install-deps
+      $ make get-sources
 
 
 
@@ -133,8 +133,8 @@ Finally, if you are making a test build, use:
 
 .. code:: console
 
-      make qubes
-      make iso
+      $ make qubes
+      $ make iso
 
 
 
@@ -142,9 +142,9 @@ Or for a fully signed build (this requires setting ``SIGN_KEY`` in ``builder.con
 
 .. code:: console
 
-      make qubes
-      make sign-all
-      make iso
+      $ make qubes
+      $ make sign-all
+      $ make iso
 
 
 
@@ -160,9 +160,9 @@ If you will be building Whonix templates:
 
 .. code:: console
 
-      cd ~
-      gpg --keyserver pgp.mit.edu --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
-      gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
+      $ cd ~
+      $ gpg --keyserver pgp.mit.edu --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
+      $ gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
 
 
 
@@ -185,11 +185,11 @@ Next, prepare the Git keyring directory and copy them in:
 
 .. code:: console
 
-      export GNUPGHOME=~/qubes-builder/keyrings/git
-      mkdir --parents "$GNUPGHOME"
-      cp ~/.gnupg/pubring.gpg "$GNUPGHOME"
-      cp ~/.gnupg/trustdb.gpg "$GNUPGHOME"
-      chmod --recursive 700 "$GNUPGHOME"
+      $ export GNUPGHOME=~/qubes-builder/keyrings/git
+      $ mkdir --parents "$GNUPGHOME"
+      $ cp ~/.gnupg/pubring.gpg "$GNUPGHOME"
+      $ cp ~/.gnupg/trustdb.gpg "$GNUPGHOME"
+      $ chmod --recursive 700 "$GNUPGHOME"
 
 
 
@@ -197,8 +197,8 @@ Copy one of the example configurations:
 
 .. code:: console
 
-      cd ~/qubes-builder
-      cp example-configs/qubes-os-master.conf builder.conf
+      $ cd ~/qubes-builder
+      $ cp example-configs/qubes-os-master.conf builder.conf
 
 
 
@@ -208,9 +208,9 @@ Continue the build process with:
 
 .. code:: console
 
-      make install-deps
-      make get-sources
-      unset GNUPGHOME
+      $ make install-deps
+      $ make get-sources
+      $ unset GNUPGHOME
 
 
 
@@ -220,8 +220,8 @@ Finally, if you are making a test build, use:
 
 .. code:: console
 
-      make qubes
-      make iso
+      $ make qubes
+      $ make iso
 
 
 
@@ -229,9 +229,9 @@ Or for a fully signed build (this requires setting ``SIGN_KEY`` in ``builder.con
 
 .. code:: console
 
-      make qubes
-      make sign-all
-      make iso
+      $ make qubes
+      $ make sign-all
+      $ make iso
 
 
 

developer/code/code-signing.rst

@@ -91,7 +91,7 @@ If you’re submitting a patch via GitHub (or a similar Git server), please sign
 
    .. code:: console
 
-         git config --global user.signingkey <KEYID>
+         $ git config --global user.signingkey <KEYID>
 
 
 
@@ -99,23 +99,24 @@ If you’re submitting a patch via GitHub (or a similar Git server), please sign
 
    .. code:: console
 
-         git config --global commit.gpgsign true
+         $ git config --global commit.gpgsign true
 
 
    Alternatively, manually specify when a commit is to be signed:
 
    .. code:: console
 
-         git commit -S
+         $ git commit -S
 
 
 
 3. (Optional) Create signed tags. Signed commits are totally sufficient to contribute to Qubes OS. However, if you have commits which are not signed and you do not want to change them, you can create a signed tag for the commit and push it before the check.
+
    This is useful for example, if you have a commit back in the git history which you like to sign now without rewriting the history.
 
    .. code:: console
 
-         git tag -s <tag_name> -m "<tag_message>"
+         $ git tag -s <tag_name> -m "<tag_message>"
 
 
    You can also create an alias to make this easier. Edit your ``~/.gitconfig`` file. In the ``[alias]`` section, add ``stag`` to create signed tags and ``spush`` to create signed tags and push them.
@@ -171,14 +172,14 @@ In this case, you have several options to sign the commit:
 
    .. code:: console
 
-         git commit --amend -S
+         $ git commit --amend -S
 
 
    This also rewrites the commit so you need to push it forcefully:
 
    .. code:: console
 
-         git push -f
+         $ git push -f
 
 
 
@@ -186,8 +187,8 @@ In this case, you have several options to sign the commit:
 
    .. code:: console
 
-         git checkout <commit>
-         git spush
+         $ git checkout <commit>
+         $ git spush
 
 
    Now, the signature checker needs to re-check the signature. Please comment on the pull request that you would like to have the signatures checked again.

developer/code/coding-style.rst

@@ -49,7 +49,7 @@ General typographic conventions
 
 - **Maintain a decent amount of horizontal spacing**, e.g. add a space after ``if`` or before ``{`` in C, and similar in other languages. Whether and where to also use spaces within expressions, such as (x*2+5) vs. (x * 2 + 5) is left to the developer’s judgment. Do not put spaces immediately after or before the brackets in expressions, so avoid constructs like this: ``if ( condition )`` and use ones like this: ``if (condition)`` instead.
 
-- **Use single new lines** (‘\n’ aka LF) in any non-Windows source code. On Windows, exceptionally, use the CRLF line endings (–). This will allow the source code to be easily viewable in various Windows-based programs.
+- **Use single new lines** (‘\\n’ aka LF) in any non-Windows source code. On Windows, exceptionally, use the CRLF line endings (–). This will allow the source code to be easily viewable in various Windows-based programs.
 
 - **Use descriptive names for variables and functions**! Really, at a time when most editors have auto-completion features, there is no excuse for using short variable names.
 

developer/code/source-code.rst

@@ -21,7 +21,7 @@ To clone a repository:
 
 .. code:: console
 
-      git clone https://github.com/QubesOS/qubes-<repo_name>.git <repo_name>
+      $ git clone https://github.com/QubesOS/qubes-<repo_name>.git <repo_name>
 
 
 
@@ -29,7 +29,7 @@ e.g.:
 
 .. code:: console
 
-      git clone https://github.com/QubesOS/qubes-core-admin.git core-admin
+      $ git clone https://github.com/QubesOS/qubes-core-admin.git core-admin
 
 
 
@@ -39,8 +39,8 @@ If you really do want to clone **all** of the repositories, you can use these co
 
 .. code:: console
 
-      curl "https://api.github.com/orgs/QubesOS/repos?page=1&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone
-      curl "https://api.github.com/orgs/QubesOS/repos?page=2&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone
+      $ curl "https://api.github.com/orgs/QubesOS/repos?page=1&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone
+      $ curl "https://api.github.com/orgs/QubesOS/repos?page=2&per_page=100" | grep -e 'clone_url*' | cut -d \" -f 4 | xargs -L1 git clone
 
 
 
@@ -48,7 +48,7 @@ To update (git fetch) **all** of these repositories :
 
 .. code:: console
 
-      find . -mindepth 1 -maxdepth 1 -type d -exec git -C {} fetch --tags --recurse-submodules=on-demand --all \;
+      $ find . -mindepth 1 -maxdepth 1 -type d -exec git -C {} fetch --tags --recurse-submodules=on-demand --all \;
 
 
 
@@ -61,6 +61,7 @@ How to Send Patches
 If you want to :ref:`contribute code <introduction/contributing:contributing code>` to the project, there are two ways. Whichever method you choose, you must :doc:`sign your code </developer/code/code-signing>` before it can be accepted.
 
 - **Preferred**: Use GitHub’s `fork & pull requests <https://guides.github.com/activities/forking/>`__.
+
   Opening a pull request on GitHub greatly eases the code review and tracking process. In addition, especially for bigger changes, it’s a good idea to send a message to the :ref:`qubes-devel mailing list <introduction/support:qubes-devel>` in order to notify people who do not receive GitHub notifications.
 
 - Send a patch to the :ref:`qubes-devel mailing list <introduction/support:qubes-devel>` (``git format-patch``).

developer/debugging/automated-tests.rst

@@ -119,7 +119,7 @@ Tests are also compatible with nose2 test runner, so you can use this instead:
 
 .. code:: console
 
-      sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd
+      $ sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd
 
 
 This may be especially useful together with various nose2 plugins to store tests results (for example ``nose2.plugins.junitxml``), to ease presenting results. This is what we use on `OpenQA <https://open.qa/>`__.
@@ -140,15 +140,15 @@ Assuming you cloned the ``qubes-builder`` repository to your home directory insi
 
 .. code:: console
 
-      cd ~
-      sudo dnf install python3-pip lvm2 python35 python3-virtualenv
-      virtualenv -p /usr/bin/python35 python35
-      source python35/bin/activate
-      python3 -V
-      cd ~/qubes-builder/qubes-src/core-admin
-      pip3 install -r ci/requirements.txt
-      export PYTHONPATH=../core-qrexec:test-packages
-      ./run-tests
+      $ cd ~
+      $ sudo dnf install python3-pip lvm2 python35 python3-virtualenv
+      $ virtualenv -p /usr/bin/python35 python35
+      $ source python35/bin/activate
+      $ python3 -V
+      $ cd ~/qubes-builder/qubes-src/core-admin
+      $ pip3 install -r ci/requirements.txt
+      $ export PYTHONPATH=../core-qrexec:test-packages
+      $ ./run-tests
 
 
 To run only the tests related to e.g. ``lvm``, you may use:

developer/debugging/safe-remote-ttys.rst

@@ -70,7 +70,7 @@ If your machine has a serial console, you may with to use that, but note that a
 
 .. code:: console
 
-      script -f /dev/ttyS0
+      $ script -f /dev/ttyS0
 
 
 

developer/debugging/test-bench.rst

@@ -96,11 +96,11 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
 
    .. code:: console
 
-         sudo systemctl enable sshd
-         sudo systemctl start sshd
+         $ sudo systemctl enable sshd
+         $ sudo systemctl start sshd
 
-         sudo systemctl enable dom0-network-direct
-         sudo systemctl start dom0-network-direct
+         $ sudo systemctl enable dom0-network-direct
+         $ sudo systemctl start dom0-network-direct
 
 
 
@@ -123,26 +123,26 @@ The following commands should work for you, but do keep in mind that the provisi
       # https://github.com/marmarek/openqa-tests-qubesos/blob/master/tests/update.pm
 
       # Install git
-      sudo qubes-dom0-update git || sudo dnf --setopt=reposdir=/etc/yum.repos.d install git
+      $ sudo qubes-dom0-update git || sudo dnf --setopt=reposdir=/etc/yum.repos.d install git
 
       # Download the openQA automated testing environment Salt configuration
-      git clone https://github.com/marmarek/openqa-tests-qubesos/
-      cd openqa-tests-qubesos/extra-files
-      sudo cp -a system-tests/ /srv/salt/
-      sudo qubesctl top.enable system-tests
+      $ git clone https://github.com/marmarek/openqa-tests-qubesos/
+      $ cd openqa-tests-qubesos/extra-files
+      $ sudo cp -a system-tests/ /srv/salt/
+      $ sudo qubesctl top.enable system-tests
 
       # Install the same configuration as the one in openQA
-      QUBES_VERSION=4.1
-      PILLAR_DIR=/srv/pillar/base/update
-      sudo mkdir -p $PILLAR_DIR
-      printf 'update:\n  qubes_ver: '$QUBES_VERSION'\n' | sudo tee $PILLAR_DIR/init.sls
-      printf "base:\n  '*':\n    - update\n" | sudo tee $PILLAR_DIR/init.top
-      sudo qubesctl top.enable update pillar=True
+      $ QUBES_VERSION=4.1
+      $ PILLAR_DIR=/srv/pillar/base/update
+      $ sudo mkdir -p $PILLAR_DIR
+      $ printf 'update:\n  qubes_ver: '$QUBES_VERSION'\n' | sudo tee $PILLAR_DIR/init.sls
+      $ printf "base:\n  '*':\n    - update\n" | sudo tee $PILLAR_DIR/init.top
+      $ sudo qubesctl top.enable update pillar=True
 
       # Apply states to dom0 and VMs
       # NOTE: These commands can take several minutes (if not more) without showing output
-      sudo qubesctl --show-output state.highstate
-      sudo qubesctl --max-concurrency=2 --skip-dom0 --templates --show-output state.highstate
+      $ sudo qubesctl --show-output state.highstate
+      $ sudo qubesctl --max-concurrency=2 --skip-dom0 --templates --show-output state.highstate
 
 
 Development VM
@@ -157,7 +157,7 @@ Arrange firewall so you can reach the testbench from your ``qubes-dev`` VM. Gene
 
 .. code:: console
 
-      ssh-keygen -t ecdsa -b 521
+      $ ssh-keygen -t ecdsa -b 521
 
 
 

developer/debugging/vm-interface.rst

@@ -199,11 +199,11 @@ Services called by dom0 to provide some VM configuration:
 
 
 
-  - ``xdgicon:NAME`` - search for NAME in standard icons theme
+    - ``xdgicon:NAME`` - search for NAME in standard icons theme
 
-  - ``-`` - get icon data from stdin (the caller), can be prefixed with format name, for example ``png:-``
+    - ``-`` - get icon data from stdin (the caller), can be prefixed with format name, for example ``png:-``
 
-  - file name
+    - file name
 
 
 

developer/general/gsod.rst

@@ -113,22 +113,17 @@ Instructional video series
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
-.. _the-projects-problem-1:
-
-
-The project's problem
-^^^^^^^^^^^^^^^^^^^^^
+Instructional video series: The project's problem
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
 
 
 There is user demand for high-quality, up-to-date video guides that take users from zero Linux knowledge to using Qubes as a daily driver and performing specific tasks inside of Qubes, but almost no such videos exist. Although most of the required knowledge is documented, many users report that they would prefer to watch videos rather than read text or that they would find videos easier to understand and follow along with.
 
-.. _the-projects-scope-1:
 
-
-The project's scope
-^^^^^^^^^^^^^^^^^^^
+Instructional video series: The project's scope
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
 
@@ -219,11 +214,10 @@ Below is an example of the content (which is already :doc:`documented </index>`)
 
 The project is estimated to need around six months to complete (see the timeline below). Qubes team members, including Michael Carbone, Andrew Wong, and Marek Marczykowski-Górecki, will supervise and support the creator.
 
-.. _measuring-the-projects-success-1:
 
 
-Measuring the project's success
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Instructional video series: Measuring the project's success
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
 

developer/general/markdown-style-guide.rst

@@ -1,6 +1,6 @@
-=========================
-Documentation style guide
-=========================
+====================
+Markdown style guide
+====================
 
 
 *Also see* :doc:`how to edit the documentation </developer/general/how-to-edit-the-documentation>` *.*

developer/general/usability-ux.rst

@@ -2,19 +2,15 @@
 Usability & UX
 ==============
 
-
 Software that is too complicated to use, is often unused. Because we want as many people as possible to benefit from its unique security properties, the usability and user experience of Qubes OS is an utmost priority!
 
 We ask anyone developing for Qubes OS to please read through this guide to better understand the user experience we strive to achieve. We also ask them to review `our visual style guide <https://www.qubes-os.org/doc/visual-style-guide/>`__ for other design related information.
 
-
 ----
 
-
 Easy To Use
 -----------
 
-
 An ideal user experience is friendly, and it beckons a new user to explore the interface. In this process, they can naturally discover how to use the software. Below are some guidelines that will help you design a user interface that accomplishes this goal.
 
 |redx| **Interfaces Should Not**
@@ -27,8 +23,6 @@ An ideal user experience is friendly, and it beckons a new user to explore the i
 
 - Overwhelm the user with too much information and cognitive load
 
-
-
 Perhaps the most common cause of mistakes is complexity. If there is a configuration setting that will significantly affect the user’s experience, choose a safe and smart default then tuck this setting in an ``Advanced Settings`` panel.
 
 |checkmark| **Interfaces Should**
@@ -41,18 +35,13 @@ Perhaps the most common cause of mistakes is complexity. If there is a configura
 
 - Choose intelligent defaults for settings
 
-
-
 In making software easy to use, it is crucial to be mindful of `cognitive load <https://en.wikipedia.org/wiki/Cognitive_load>`__ which dictates that *“humans are generally able to hold only seven +/- two units of information in short-term memory.”* Making sure your interfaces don’t pass this short-term memory limit is perhaps the most important factor in helping a user feel comfortable instead of overwhelmed.
 
-
 ----
 
-
 Easy to Understand
 ------------------
 
-
 There will always be the need to communicate things to users. In these cases, an interface should aim to make this information easy to understand. The following are simple guides to help achieve this - none of these are absolute maxims!
 
 |redx| **Avoid Acronyms**
@@ -67,8 +56,6 @@ Acronyms are compact and make good names for command line tools. They do not mak
 
 - ``NetVM`` - Networking Virtual Machine
 
-
-
 Despite this rule, some acronyms like ``USB`` are widely used and understood due to being in common use for over a decade. It is good to use these acronyms when the full words like ``Universal Serial Bus`` are more likely to confuse users.
 
 |checkmark| **Use Simple Words**
@@ -83,12 +70,8 @@ Use the minimum amount of words needed to be descriptive, but also informative.
 
 - Use ``Networking`` or ``Networking Qube`` instead of ``NetVM`` given context
 
-
-
-
 ----
 
-
 |redx| **Avoid Technical Words**
 
 Technical words are usually more accurate, but they often *only* make sense to technical users and are confusing and unhelpful to non-technical users. Examples of technical words that might show up in Qubes OS are:
@@ -99,8 +82,6 @@ Technical words are usually more accurate, but they often *only* make sense to t
 
 - ``qrexec-daemon``
 
-
-
 These are all terms that have at some point showed up in users’ notification messages. Each term is very specific, but requires the user to understand virtualization to interpret.
 
 |checkmark| **Use Common Concepts**
@@ -113,14 +94,10 @@ Large amounts of the global population have been using computers for one or two
 
 - Use ``Qubes`` instead of ``qrexec-daemon`` as it gives better context on what is happening
 
-
-
 These words are more abstract and user relevant- they help a user understand what is happening based on already known concepts (disk space) or start to form a mental model of something new (Qubes).
 
-
 ----
 
-
 |redx| **Avoid Inconsistencies**
 
 It is easy to start abbreviating (or making acronyms) of long terms like ``Disposable Virtual Machine`` depending on where the term shows up in an interface.
@@ -131,8 +108,6 @@ It is easy to start abbreviating (or making acronyms) of long terms like ``Dispo
 
 - ``DisposableVM``
 
-
-
 This variation in terms can cause new users to question or second guess what the three different variations mean, which can lead to inaction or mistakes.
 
 |checkmark| **Make Things Consistent**
@@ -141,14 +116,10 @@ Always strive to keep things consistent in the interfaces as well as documentati
 
 - Use ``Disposable Qube`` at all times as it meets other criteria as well.
 
-
-
 By using the same term throughout an interface, a user can create a mental model and relationship with that term allowing them to feel empowered.
 
-
 ----
 
-
 |redx| **Avoid Duplicate Words**
 
 It is easy to add words like ``Domain`` before items in a list or menu in an attempt to be descriptive, such as:
@@ -160,8 +131,6 @@ It is easy to add words like ``Domain`` before items in a list or menu in an att
       - Domain: banking
       - Domain: personal
 
-
-
 The repeated use of the word ``Domain`` requires a user to read it for each item in the list, which makes extra work for the eye in parsing out the relevant word like ``work, banking, or personal``. This also affects horizontal space on fixed width lines.
 
 |checkmark| **Create Groups & Categories**
@@ -175,16 +144,11 @@ It is more efficient to group things under headings instead as this allows the e
       - Banking
       - Personal
 
-
-
-
 ----
 
-
 Easy To Complete
 ----------------
 
-
 Lastly, expected (and unexpected) situations often require user actions or input. Make resolving these occurences as easy as possible to complete the action.
 
 |redx| **Don’t Leave Users Stranded**
@@ -195,8 +159,6 @@ Consider the following notifications:
 
 - ``There was an error saving Qube "Personal"``
 
-
-
 Instead of displaying solvable errors like these and neglecting to provide a fix:
 
 |checkmark| **Offer Actionable Solutions**
@@ -207,14 +169,10 @@ Error messages and limits such as those in the previous example can be greatly i
 
 - Add a link to a documentation page called ``Troubleshoot saving data``
 
-
-
 In adhering to these principles, you’ll make undesirable situations more manageable for users instead of feeling stranded.
 
-
 ----
 
-
 |checkmark| **Minimize Repetitive Steps**
 
 There are many cases where a user wants to perform an action on more than one file or folder. However in order to do the action, the user must repeat certain steps such as:
@@ -223,26 +181,18 @@ There are many cases where a user wants to perform an action on more than one fi
 
 2. Navigate through file system
 
+   - Click Folder One
 
+   - Click Folder Two
 
-- Click Folder One
-
-- Click Folder Two
-
-- Click Folder Three
-
-- Click Folder Four
-
+   - Click Folder Three
 
+   - Click Folder Four
 
 3. Select proper file
 
 4. Complete task on file
 
-
-
-
-
 That subtle act of clicking through a file system can prove to be significant if a user needs to open more than a couple files in the same directory. We can alleviate some of the work by changing the process:
 
 1. Click on ``Open File`` from a menu or button
@@ -253,18 +203,13 @@ That subtle act of clicking through a file system can prove to be significant if
 
 4. Complete task
 
-
-
 Clearly, cutting out something as simple as navigating through the file system can save a user quite a bit of time. Alternatively, adding a button or menu item like ``Open Multiple Files`` might be even better, because remembering and using relevant hotkeys is often something only power users know how to do!
 
-
 ----
 
-
 GNOME, KDE, and Xfce
 --------------------
 
-
 The desktop GUIs that QubesOS versions 1 - 4.1 offer are `KDE <https://kde.org>`__ and `Xfce <https://xfce.org>`__. We are currently migrating towards using `GNOME <https://www.gnome.org>`__. We know some people prefer KDE, but we believe Gnome is easier to use for average non-technical users. Xfce will always be supported, and technical users will always have the choice to use KDE or other desktop environments.
 
 This change means you should use `GTK <https://gtk.org/>`__ rather than Qt for new GUIs.
@@ -277,16 +222,11 @@ All three of these mentioned desktop environments have their own `human interfac
 
 - `Xfce UI Guidlines <https://wiki.xfce.org/dev/hig/general>`__
 
-
-
-
 ----
 
-
 Further Learning & Inspiration
 ------------------------------
 
-
 Learning to make well designing intuitive interfaces and software is specialized skillset that can take years to cultivate, but if you are interested in furthering your understanding, we suggest the following resources:
 
 - `Learn Design Principles <https://web.archive.org/web/20180101172357/http://learndesignprinciples.com/>`__ by Melissa Mandelbaum
@@ -301,7 +241,5 @@ Learning to make well designing intuitive interfaces and software is specialized
 
 - `Hack Design <https://hackdesign.org/>`__ - online learning program
 
-
-
 .. |checkmark| image:: /attachment/doc/checkmark.png
 .. |redx| image:: /attachment/doc/red_x.png

developer/general/website-style-guide.rst

@@ -0,0 +1,73 @@
+===================
+Website style guide
+===================
+
+
+This page explains the standards we follow for building and maintaining the website. Please follow these guidelines and conventions when modifying the website. For the standards governing the documentation in particular, please see the :doc:`documentation style guide </developer/general/documentation-style-guide>`.
+
+Coding conventions
+------------------
+
+
+The following conventions apply to the website as a whole, including everything written in HTML, CSS, YAML, and Liquid. These conventions are intended to keep the codebase consistent when multiple collaborators are working on it. They should be understood as a practical set of rules for maintaining order in this specific codebase rather than as a statement of what is objectively right or good.
+
+General practices
+^^^^^^^^^^^^^^^^^
+
+
+- Use comments to indicate the purposes of different blocks of code. This makes the file easier to understand and navigate.
+
+- Use descriptive variable names. Never use one or two letter variable names. Avoid obscure abbreviations and made-up words.
+
+- In general, make it easy for others to read your code. Your future self will thank you, and so will your collaborators!
+
+- `Don’t Repeat Yourself (DRY)! <https://en.wikipedia.org/wiki/Don%27t_repeat_yourself>`__ Instead of repeating the same block of code multiple times, abstract it out into a separate file and ``include`` that file where you need it.
+
+
+
+Whitespace
+^^^^^^^^^^
+
+
+- Always use spaces. Never use tabs.
+
+- Each indentation step should be exactly two (2) spaces.
+
+- Whenever you add an opening tag, indent the following line. (Exception: If you open and close the tag on the same line, do not indent the following line.)
+
+- Indent Liquid the same way as HTML.
+
+- In general, the starting columns of every adjacent pair of lines should be no more than two spaces apart (example below).
+
+- No blank or empty lines. (Hint: When you feel you need one, add a comment on that line instead.)
+
+
+
+Indentation example
+^^^^^^^^^^^^^^^^^^^
+
+
+Here’s an example that follows the indentation rules:
+
+
+
+.. code:: html
+
+      <table>
+        <tr>
+          <th title="Anchor Link"><span class="fa fa-link"></span></th>
+          {% for item in secs.htmlsections[0].columns %}
+            <th>{{ item.title }}</th>
+          {% endfor %}
+        </tr>
+        {% for canary in site.data.sec-canary reversed %}
+          <tr id="{{ canary.canary }}">
+            <td><a href="#{{ canary.canary }}" class="fa fa-link black-icon" title="Anchor link to Qubes Canary row: Qubes Canary #{{ canary.canary }}"></a></td>
+            <td>{{ canary.date }}</td>
+            <td><a href="https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-{{ canary.canary }}-{{ canary.date | date: '%Y' }}.txt">Qubes Canary #{{ canary.canary }}</a></td>
+          </tr>
+        {% endfor %}
+      </table>
+
+
+

developer/releases/1_0/release-notes.rst

@@ -19,8 +19,8 @@ Known issues
 
   .. code:: console
 
-        qvm-prefs -s fedora-17-x64-dvm maxmem 3072
-        qvm-create-default-dvm --default-template --default-script
+        $ qvm-prefs -s fedora-17-x64-dvm maxmem 3072
+        $ qvm-create-default-dvm --default-template --default-script
 
 
 
@@ -58,6 +58,6 @@ If you have Qubes Beta 3 currently installed on your system, you must reinstall
 
 .. code:: console
 
-      qvm-backup-restore <backup_dir> --replace-template=fedora-15-x64:fedora-17-x64
+      $ qvm-backup-restore <backup_dir> --replace-template=fedora-15-x64:fedora-17-x64
 
 

developer/releases/3_0/release-notes.rst

@@ -3,11 +3,6 @@ Qubes R3.0 release notes
 ========================
 
 
-Qubes R3.0 Release Notes
-------------------------
-
-
-
 
 This Qubes OS release is dedicated to the memory of Caspar Bowden.
 

developer/releases/4_0/release-notes.rst

@@ -56,6 +56,7 @@ Security Notes
 - PV VMs migrated from 3.2 to 4.0-rc4 or later are automatically set to PVH mode in order to protect against Meltdown (see `QSB #37 <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt>`__). However, PV VMs migrated from any earlier 4.0 release candidate (RC1, RC2, or RC3) are not automatically set to PVH mode. These must be set manually.
 
 - The following steps may need to be applied in dom0 and Fedora 26 TemplateVMs in order to receive updates (see `#3737 <https://github.com/QubesOS/qubes-issues/issues/3737>`__).
+
   Steps for dom0 updates:
 
   1. Open the Qubes Menu by clicking on the “Q” icon in the top-left corner of the screen.
@@ -66,7 +67,7 @@ Security Notes
 
      .. code:: console
 
-           sudo nano /etc/yum.repos.d/qubes-dom0.repo
+           $ sudo nano /etc/yum.repos.d/qubes-dom0.repo
 
 
 

developer/releases/4_3/release-notes.rst

@@ -0,0 +1,347 @@
+==========================
+Qubes OS 4.3 release notes
+==========================
+
+
+Major features and improvements since Qubes 4.2
+===============================================
+
+- Dom0 upgraded to Fedora 41
+  (`#9402 <https://github.com/QubesOS/qubes-issues/issues/9402>`__).
+
+- Xen upgraded to version 4.19
+  (`#9420 <https://github.com/QubesOS/qubes-issues/issues/9420>`__).
+
+- Default Fedora template upgraded to Fedora 42 (Fedora TemplateVMs and
+  StandaloneVMs with version lower than 41 are not supported).
+
+- Default Debian template upgraded to Debian 13 (Debian TemplateVMs and
+  StandaloneVMs with version lower than 12 are not supported).
+
+- Default Whonix templates upgraded to Whonix 17.4.3 (Whonix TemplateVMs
+  and StandaloneVMs with version lower than 17 are not supported).
+
+- Preloaded disposables
+  (`#1512 <https://github.com/QubesOS/qubes-issues/issues/1512>`__,
+  `#9907 <https://github.com/QubesOS/qubes-issues/issues/9907>`__,
+  `#9917 <https://github.com/QubesOS/qubes-issues/issues/9917>`__,
+  `#9918 <https://github.com/QubesOS/qubes-issues/issues/9918>`__ &
+  `#10026 <https://github.com/QubesOS/qubes-issues/issues/10026>`__).
+
+- Device “self-identity oriented” assignment (a.k.a New Devices API)
+  (`#9325 <https://github.com/QubesOS/qubes-issues/issues/9325>`__).
+
+- QWT (Qubes Windows Tools) reintroduction with improved features
+  (`#1861 <https://github.com/QubesOS/qubes-issues/issues/1861>`__).
+
+|Screenshot of QWT, Welcome page|
+
+|Screenshot of QWT, Windows 11|
+
+UI/UX
+-----
+
+- New Device UX workflow to allow users easy utilization of new Devices API.
+  A dedicated ``Device Assignments`` page is added to Global Config.
+  Qubes Devices widget is completely redesigned.
+  (`#8537 <https://github.com/QubesOS/qubes-issues/issues/8537>`__).
+
+|Screenshot of Device UX assignments|
+
+|Screenshot of Device UX deny attachment|
+
+|Screenshot of Device UX edit assignment|
+
+|Screenshot of Device UX required devices|
+
+|Screenshot of Device UX Qubes Devices widget|
+
+- New and improved flat icons for GUI tools
+  (`#5657 <https://github.com/QubesOS/qubes-issues/issues/5657>`__).
+
+|Screenshot of Qube Manager|
+
+- The far left icons from the Qube Manager are removed
+  (`#9776 <https://github.com/QubesOS/qubes-issues/issues/9776>`__).
+
+- Application icons are available in VM Settings
+  (`#9829 <https://github.com/QubesOS/qubes-issues/issues/9829>`__).
+
+|Screenshot of Qube Settings Applications|
+
+- Option to add Qubes video Companion to AppMenu
+  (`#9761 <https://github.com/QubesOS/qubes-issues/issues/9761>`__).
+
+- Improved AppMenu navigation with keyboard
+  (`#9006 <https://github.com/QubesOS/qubes-issues/issues/9006>`__).
+
+- Better wording to clarify updater settings and actions
+  (`#8096 <https://github.com/QubesOS/qubes-issues/issues/8096>`__).
+
+- Centralized Tray Notifications
+  (`#889 <https://github.com/QubesOS/qubes-issues/issues/889>`__).
+
+- Option to launch root terminal or console terminal from Qubes Domains widget
+  (`#9788 <https://github.com/QubesOS/qubes-issues/issues/9788>`__)
+
+- Option to open Global Config at a selected section for user
+  convenience
+  (`#9530 <https://github.com/QubesOS/qubes-issues/issues/9530>`__).
+
+- A ``Saving changes...`` dialog is added to Global Config
+  (`#9926 <https://github.com/QubesOS/qubes-issues/issues/9926>`__).
+
+GUI Daemon/Agent improvements
+-----------------------------
+
+- Allowing the GUI Daemon background color to be configurable, mostly
+  useful for people with dark themes
+  (`#9304 <https://github.com/QubesOS/qubes-issues/issues/9304>`__).
+
+- Audio daemon does not connect to recording stream unless recording is
+  explicitly enabled
+  (`#9999 <https://github.com/QubesOS/qubes-issues/issues/9999>`__).
+
+- Legacy X11 App icons (e.g. Xterm) are properly displayed
+  (`#9973 <https://github.com/QubesOS/qubes-issues/issues/9973>`__).
+
+- Labeling virtual pointing device as absolute and not relative
+  (`#228 <https://github.com/QubesOS/qubes-issues/issues/228>`__).
+
+- Improved global clipboard notifications & configurable global clipboard size
+  (`#9296 <https://github.com/QubesOS/qubes-issues/issues/9296>`__ &
+  `#9978 <https://github.com/QubesOS/qubes-issues/issues/9978>`__).
+
+- Supporting Windows qubes in systems with ``sys-gui*``
+  (`#7565 <https://github.com/QubesOS/qubes-issues/issues/7565>`__).
+
+Hardware support improvements
+-----------------------------
+
+- Support for `Advanced Format
+  (AF) <https://en.wikipedia.org/wiki/Advanced_Format>`__ drives better known
+  as 4K sector
+  (`#4974 <https://github.com/QubesOS/qubes-issues/issues/4974>`__).
+
+- Replacing bus/slot/function with full PCI paths for device assignments
+  (`#8681 <https://github.com/QubesOS/qubes-issues/issues/8681>`__
+  & `#8127 <https://github.com/QubesOS/qubes-issues/issues/8127>`__).
+
+- Ability to filter input devices with udev rules.
+  (`#3604 <https://github.com/QubesOS/qubes-issues/issues/3604>`__).
+
+- Fix for graceful rebooting on some (U)EFI systems with buggy firmware
+  (`#6258 <https://github.com/QubesOS/qubes-issues/issues/6258>`__).
+
+- Better support for Bluetooth and external hot-pluggable audio devices
+  with dynamic AudioVM switching
+  (`#7750 <https://github.com/QubesOS/qubes-issues/issues/7750>`__).
+
+Security features
+-----------------
+
+- Templates could request custom kernel command line parameters;
+  currently used for Kicksecure and Whonix templates ``user-sysmaint-split``
+  (`#9750 <https://github.com/QubesOS/qubes-issues/issues/9750>`__).
+
+  - Allow VMs to specify boot modes as being only intended for AppVMs or
+    templates
+    (`#9920 <https://github.com/QubesOS/qubes-issues/issues/9920>`__).
+
+- Shipping GRUB2 from Fedora with all security patches and Bootloader
+  Specification support
+  (`#9471 <https://github.com/QubesOS/qubes-issues/issues/9471>`__).
+
+- SSL client certificate and GPG key support for private template repositories
+  (`#9850 <https://github.com/QubesOS/qubes-issues/issues/9850>`__).
+
+- Preventing unsafe practice of 3rd party template installation with rpm/dnf
+  (`#9943 <https://github.com/QubesOS/qubes-issues/issues/9943>`__).
+
+- Ability to prohibit start of specific qubes
+  (`#9622 <https://github.com/QubesOS/qubes-issues/issues/9622>`__).
+
+- UUID support for qubes and support for addressing them by UUID in policies
+  (`#8862 <https://github.com/QubesOS/qubes-issues/issues/8862>`__ &
+  `#8510 <https://github.com/QubesOS/qubes-issues/issues/8510>`__).
+
+- Custom persist feature to avoid unwanted data to persist as much as possible
+  (`#1006 <https://github.com/QubesOS/qubes-issues/issues/1006>`__).
+
+Anonymity improvements
+----------------------
+
+- Disallowing files, URLs, or any application from Whonix-Workstation
+  qubes to be opened in non-Whonix disposable
+  (`#10051 <https://github.com/QubesOS/qubes-issues/issues/10051>`__).
+
+- Preventing users from changing their Whonix Workstation qubes’ netvm
+  to ``sys-firewall`` (or other clearnet netvms) to avoid IP leaks
+  (`#8551 <https://github.com/QubesOS/qubes-issues/issues/8551>`__).
+
+- kloak: Keystroke-level online anonymization kernel
+  (`#1850 <https://github.com/QubesOS/qubes-issues/issues/1850>`__).
+
+Performance optimizations
+-------------------------
+
+- Option to use volumes directly without snapshots
+  (`#8767 <https://github.com/QubesOS/qubes-issues/issues/8767>`__).
+
+- Retiring ``qubes-rpc-multiplexer`` and directly executing the command from c
+  (`#9062 <https://github.com/QubesOS/qubes-issues/issues/9062>`__).
+
+- Caching "system info" structure for qrexec policy evaluation
+  (`#9362 <https://github.com/QubesOS/qubes-issues/issues/9362>`__).
+
+- Minimal state qubes to make NetVM and USBVM to consume as little RAM as
+  possible.
+
+Updating & upgrading
+--------------------
+
+- Ability to always hide specific TemplateVMs and StandaloneVMs from
+  update tools
+  (`#9029 <https://github.com/QubesOS/qubes-issues/issues/9029>`__).
+
+- pacman hook to notify dom0 about successful manual Archlinux upgrades
+  (`#9233 <https://github.com/QubesOS/qubes-issues/issues/8307>`__),
+
+- Improved R4.2 -> R4.3 upgrade tool
+  (`#9317 <https://github.com/QubesOS/qubes-issues/issues/9317>`__),
+
+  - Using `lvmdevices` feature instead of device filter
+    (`#9421 <https://github.com/QubesOS/qubes-issues/issues/9421>`__).
+
+New/Improved experimental features
+----------------------------------
+
+- Support for Ansible
+  (`#10004 <https://github.com/QubesOS/qubes-issues/issues/10004>`__).
+
+- Support for `Qubes
+  Air <https://www.qubes-os.org/news/2018/01/22/qubes-air/>`__
+  (`#9015 <https://github.com/QubesOS/qubes-issues/issues/9015>`__).
+
+  - qrexec protocol extension to support sending source information to
+    destination
+    (`#9475 <https://github.com/QubesOS/qubes-issues/issues/9475>`__).
+
+- Better support for GUIVM.
+
+  - GUI/Admin domain splitting
+    (`#833 <https://github.com/QubesOS/qubes-issues/issues/833>`__).
+
+  - Automatically removing ‘nomodeset’ boot option when GPU is attached
+    (`#9792 <https://github.com/QubesOS/qubes-issues/issues/9792>`__).
+
+- Initial basic steps to support Wayland session only in GUIVM (but not GUI
+  daemon/agent intra-communication)
+  (`#8515 <https://github.com/QubesOS/qubes-issues/issues/8515>`__ &
+  `#8410 <https://github.com/QubesOS/qubes-issues/issues/8410>`__).
+
+Other
+-----
+
+- Allowing user to add free-form text to qubes (for descriptions, notes,
+  comments, remarks, reminders, etc.)
+  (`#899 <https://github.com/QubesOS/qubes-issues/issues/899>`__).
+
+|Screenshot of Qube Settings Notes|
+
+- Automatically clean up `QubesIncoming` directory if empty
+  (`#8307 <https://github.com/QubesOS/qubes-issues/issues/8307>`__).
+
+- ``vm-config.*`` features to pass external configuration to inside the qube
+  (`#9837 <https://github.com/QubesOS/qubes-issues/issues/9837>`__).
+
+- Admin API for reading/writing denied device-interface list
+  (`#9674 <https://github.com/QubesOS/qubes-issues/issues/9674>`__).
+
+- New Devices API for salt
+  (`#9753 <https://github.com/QubesOS/qubes-issues/issues/9753>`__).
+
+- IPv6 DNS support for full IPv4-less environments
+  (`#10038 <https://github.com/QubesOS/qubes-issues/issues/10038>`__).
+
+Dropped or replaced features
+----------------------------
+
+- Default screen locker is changed from ``XScreenSaver`` to
+  ``xfce4-screensaver``
+
+- ``Create Qubes VM`` is retired in favor of the improved ``Create New Qube``
+  (`#6561 <https://github.com/QubesOS/qubes-issues/issues/6561>`__).
+
+- Windows 7 support is dropped from QWT.
+
+For a full list, including more detailed descriptions, please see
+`here <https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue%20label%3Atargets-4.3>`__.
+
+Known issues
+============
+
+- Templates restored in 4.3 from a pre-4.3 backup continue to target
+  their original Qubes OS release repos. If you are using fresh
+  templates on a clean 4.3 installation, or if you performed an
+  :ref:`in-place upgrade from 4.2 to 4.3 <user/downloading-installing-upgrading/upgrade/4_3:in-place upgrade>`,
+  then this does not affect you. (For more information, see issue
+  `#8701 <https://github.com/QubesOS/qubes-issues/issues/8701>`__.)
+
+Also see the `full list of open bug reports affecting Qubes
+4.3 <https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+label%3Aaffects-4.3+label%3A%22T%3A+bug%22+is%3Aopen>`__.
+
+We strongly recommend :doc:`updating Qubes OS </user/how-to-guides/how-to-update>`
+immediately after installation in order to apply all available bug fixes.
+
+Notes
+=====
+
+- Additional notes for future release candidates will be added here
+
+Download
+========
+
+All Qubes ISOs and associated :doc:`verification files </project-security/verifying-signatures>`
+are available on the `downloads <https://www.qubes-os.org/downloads/>`__ page.
+
+Installation instructions
+=========================
+
+See the :doc:`installation guide </user/downloading-installing-upgrading/installation-guide>`.
+
+Upgrading
+=========
+
+Please see :doc:`how to upgrade to Qubes 4.3 </user/downloading-installing-upgrading/upgrade/4_3>`.
+
+.. |Screenshot of QWT, Welcome page| image:: /attachment/doc/4-3_qwt-hi.png
+   :alt: Windows 11 welcome page after installation in an HVM
+
+.. |Screenshot of QWT, Windows 11| image:: /attachment/doc/4-3_qwt-win11.png
+   :alt: Windows 11 within an HVM qube showing file explorer
+
+.. |Screenshot of Device UX assignments| image:: /attachment/doc/4-3_device-ux-assignments.png
+   :alt: Device Assignments page in Global Config
+
+.. |Screenshot of Device UX deny attachment| image:: /attachment/doc/4-3_device-ux-deny-attachment.png
+   :alt: Deny device attachment config in Global Config
+
+.. |Screenshot of Device UX edit assignment| image:: /attachment/doc/4-3_device-ux-edit-assignment.png
+   :alt: Editing device assignment for a network interface in Global Config
+
+.. |Screenshot of Device UX required devices| image:: /attachment/doc/4-3_device-ux-required-device.png
+   :alt: Editing a required device in Global Config
+
+.. |Screenshot of Device UX Qubes Devices widget| image:: /attachment/doc/4-3_qui-devices.png
+   :alt: Redesigned Qubes Devices widget
+
+.. |Screenshot of Qube Manager| image:: /attachment/doc/4-3_manager.png
+   :alt: Qube Manager with improved flat icons
+
+.. |Screenshot of Qube Settings Applications| image:: /attachment/doc/4-3_vmsettings-applications.png
+   :alt: Qube settings showing icons of Apps
+
+.. |Screenshot of Qube Settings Notes| image:: /attachment/doc/4-3_notes.png
+   :alt: Qube settings showing qube notes
+

developer/releases/4_3/schedule.rst

@@ -0,0 +1,20 @@
+===========================
+Qubes R4.3 release schedule
+===========================
+
+
+**Please note:** *This page is still an unfinished draft in progress. It is being updated as Qubes 4.3 development and testing continues.*
+
+The table below is based on our :ref:`release schedule policy <developer/releases/version-scheme:release schedule>`.
+
+.. list-table:: 
+   :widths: 10 10 
+   :align: center
+   :header-rows: 1
+
+   * - Date
+     - Stage
+   * - TBD
+     - 4.3.0-rc1 release
+   
+

developer/releases/notes.rst

@@ -22,4 +22,6 @@ Release notes
 
    Qubes R4.2 release notes </developer/releases/4_2/release-notes>
 
+   Qubes R4.3 release notes </developer/releases/4_3/release-notes>
+
 

developer/releases/schedules.rst

@@ -18,4 +18,6 @@ Release schedules
 
    Qubes R4.2 release schedule </developer/releases/4_2/schedule>
 
+   Qubes R4.3 release schedule </developer/releases/4_3/schedule>
+
 

developer/services/admin-api.rst

@@ -91,9 +91,11 @@ it easy to set the policy using current mechanism.
    * - ``admin.vm.CreateInPool.<class>``
      - ``dom0``
      - template
-     - ``name=<name> label=<label>``, ``pool=<pool> pool:<volume>=<pool>``
+     - | ``name=<name> label=<label>``
+       | ``pool=<pool> pool:<volume>=<pool>``
      - `-`
-     - either use ``pool=`` to put all volumes there, or ``pool:<volume>=`` for individual volumes - both forms are not allowed at the same time
+     - | either use ``pool=`` to put all volumes there,
+       | or ``pool:<volume>=`` for individual volumes - both forms are not allowed at the same time
    * - ``admin.vm.CreateDisposable``
      - template
      - `-`
@@ -146,17 +148,18 @@ it easy to set the policy using current mechanism.
      - ``dom0``
      - property
      - `-`
-     - ``default={True|False}`` ``type={str|int|bool|vm|label|list} <value>``
+     - | ``default={True|False}``
+       | ``type={str|int|bool|vm|label|list} <value>``
      - Type ``list`` is added in R4.1. Values are of type ``str`` and each entry is suffixed with newline character.
    * - ``admin.property.GetAll``
      - ``dom0``
      - `-`
      - `-`
-     - ``<property-name> <full-value-as-in-property.Get>``
+     - ``<property-name> <full-value-as-in-property.Get>\n``
      - Get all the properties in one call. Each property is returned on a separate line and use the same value encoding as property.Get method, with an exception that newlines are encoded as literal ``\n`` and literal ``\`` are encoded as ``\\``.
    * - ``admin.property.GetDefault``
      - ``dom0``
-     - propety
+     - property
      - `-`
      - ``type={str|int|bool|vm|label|list} <value>``
      - Type ``list`` is added in R4.1. Values are of type ``str`` and each entry is suffixed with newline character.
@@ -194,7 +197,8 @@ it easy to set the policy using current mechanism.
      - vm
      - property
      - `-`
-     - ``default={True|False}`` ``type={str|int|bool|vm|label|list} <value>``
+     - | ``default={True|False}``
+       | ``type={str|int|bool|vm|label|list} <value>``
      - Type ``list`` is added in R4.1. Each list entry is suffixed with a newline character.
    * - ``admin.vm.property.GetAll``
      - vm
@@ -321,7 +325,7 @@ it easy to set the policy using current mechanism.
      - `-` 
      - `-`
      - ``<rule>\n``
-     - rules syntax as in :doc:`firewall interface </developer/debugging/vm-interface>` (Firewall Rules in 4x) with addition of ``expire=`` and ``comment=`` options; ``comment=`` (if present) must be the last option
+     - rules syntax as in :ref:`firewall interface <developer/debugging/vm-interface:firewall rules in 4.x>` with addition of ``expire=`` and ``comment=`` options; ``comment=`` (if present) must be the last option
    * - ``admin.vm.firewall.Set``
      - vm
      - `-`
@@ -339,13 +343,9 @@ it easy to set the policy using current mechanism.
      - device
      - assignment-serialization
      - `-`
-     -  ``device`` is in form ``<backend-name>+<device-ident>`` optional options given in ``key=value`` format, separated with spaces; options can include ``persistent=True`` to "persistently" attach the device (default is temporary)
-   * - ``admin.vm.device.<class>.Detach``
-     - vm
-     - device
-     - `-`
-     - `-`
-     - ``device`` is in form ``<backend-name>+<device-ident>``
+     - | ``device`` is in form ``<backend-name>+<device-ident>``
+       | optional options given in ``key=value`` format, separated with spaces;
+       | options can include ``persistent=True`` to "persistently" attach the device (default is temporary)
    * - ``admin.vm.device.<class>.Detach``
      - vm
      - device
@@ -355,9 +355,10 @@ it easy to set the policy using current mechanism.
    * - ``admin.vm.device.<class>.Assign``
      - vm
      - device
-     - assignement-serialization
+     - assignment-serialization
      - `-`
-     - ``device`` is in form ``<backend-name>+<device-ident>`` ``assignment-serialization`` is specified in the section Device Serialization.
+     - | ``device`` is in form ``<backend-name>+<device-ident>``
+       | ``assignment-serialization`` is specified in the section Device Serialization.
    * - ``admin.vm.device.<class>.Unassign``
      - vm
      - device
@@ -371,7 +372,7 @@ it easy to set the policy using current mechanism.
      - `-`
      - ``device`` is in form ``<backend-name>+<device-ident>``
    * - ``admin.vm.deviceclass.List``
-     - `dom0`
+     - ``dom0``
      - `-`
      - `-`
      - ``<deviceclass>\n``
@@ -381,19 +382,22 @@ it easy to set the policy using current mechanism.
      - device-ident
      - `-`
      - ``<device-ident> <device-serialization>\n``
-     - optional service argument may be used to get info about a single device, ``device-serialization`` is specified in the section Device Serialization.
+     - | optional service argument may be used to get info about a single device,
+       | ``device-serialization`` is specified in the section Device Serialization.
    * - ``admin.vm.device.<class>.Assigned``
      - vm
      - device-ident
      - `-`
      - ``<device-ident> <assignment-serialization>\n``
-     - optional service argument may be used to get info about a single device, ``assignement-serialization`` is specified in the section Device Serialization.
+     - | optional service argument may be used to get info about a single device,
+       | ``assignment-serialization`` is specified in the section Device Serialization.
    * - ``admin.vm.device.<class>.Attached``
      - vm
      - device-ident
      - `-`
      - ``<device-ident> <assignment-serialization>\n``
-     - optional service argument may be used to get info about a single device, ``assignment-serialization`` is specified in the section Device Serialization.
+     - | optional service argument may be used to get info about a single device,
+       | ``assignment-serialization`` is specified in the section Device Serialization.
    * - ``admin.pool.List``
      - ``dom0``
      - `-`
@@ -410,7 +414,7 @@ it easy to set the policy using current mechanism.
      - ``dom0``
      - pool
      - `-`
-     - ``<property>=<value>``
+     - ``<property>=<value>\n``
      -
    * - ``admin.pool.Add``
      - ``dom0``
@@ -483,7 +487,8 @@ it easy to set the policy using current mechanism.
      - pool
      - vid
      - token, to be used in ``admin.pool.volume.CloneTo``
-     - obtain a token to copy volume ``vid`` in ``pool``; the token is one time use only, it's invalidated by ``admin.pool.volume.CloneTo``, even if the operation fails 
+     - | obtain a token to copy volume ``vid`` in ``pool``;
+       | the token is one time use only, it's invalidated by ``admin.pool.volume.CloneTo``, even if the operation fails 
    * - ``admin.pool.volume.CloneTo``
      - ``dom0``
      - pool
@@ -555,7 +560,8 @@ it easy to set the policy using current mechanism.
      - volume
      - `-`
      - token, to be used in ``admin.vm.volume.CloneTo``
-     - obtain a token to copy ``volume`` of ``vm``; the token is one time use only, it's invalidated by ``admin.vm.volume.CloneTo``, even if the operation fails
+     - | obtain a token to copy ``volume`` of ``vm``;
+       | the token is one time use only, it's invalidated by ``admin.vm.volume.CloneTo``, even if the operation fails
    * - ``admin.vm.volume.CloneTo``
      - vm
      - volume
@@ -566,7 +572,7 @@ it easy to set the policy using current mechanism.
      - vm
      - `-`
      - `-`
-     - ``<state-property>=<value>``
+     - ``<state-property>=<value>\n``
      - state properties: ``power_state``, ``mem``, ``mem_static_max``, ``cputime``
    * - ``admin.vm.Start``
      - vm

developer/services/qfileexchgd.rst

@@ -33,7 +33,7 @@ Copying files between AppVMs
 ----------------------------
 
 
-1. AppVM1 user runs *qvm-copy-to-vm* script (accessible from Dolphin file manager by right click on a “file(s)->Actions->Send to VM” menu). It calls */usr/lib/qubes/qubes_penctl new*, and it writes “new” request to its ``device/qpen`` xenstore key. *qfilexchgd* creates a new 1G file, makes vfat fs on it, and does block-attach so that this file is attached as ``/dev/xvdg`` in AppVM1.
+1. AppVM1 user runs *qvm-copy-to-vm* script (accessible from Dolphin file manager by right click on a file(s): :menuselection:`Actions->Send to VM`). It calls */usr/lib/qubes/qubes_penctl new*, and it writes “new” request to its ``device/qpen`` xenstore key. *qfilexchgd* creates a new 1G file, makes vfat fs on it, and does block-attach so that this file is attached as ``/dev/xvdg`` in AppVM1.
 
 2. AppVM1 mounts ``/dev/xvdg`` on ``/mnt/outgoing`` and copies requested files there, then unmounts it.
 
@@ -49,7 +49,7 @@ Copying a single file between AppVM and a DisposableVM
 
 In order to minimize attack surface presented by necessity to process virtual pendrive metadata sent by (potentially compromised and malicious) DisposableVM, AppVM<->DisposableVM file exchange protocol does not use any filesystem.
 
-1. User in AppVM1 runs *qvm-open-in-dvm* (accessible from Dolphin file manager by right click on a “file->Actions->Open in DisposableVM” menu). *qvm-open-in-dvm*
+1. User in AppVM1 runs *qvm-open-in-dvm* (accessible from Dolphin file manager by right click on a file: :menuselection:`Actions->Open in DisposableVM` menu). *qvm-open-in-dvm*
 
    1. gets a new ``/dev/xvdg`` (just as described in previous paragraph)
 

developer/services/qrexec-internals.rst

@@ -144,7 +144,7 @@ dom0: request execution of ``cmd`` in domX
 
   .. code:: console
 
-        qrexec-client -d domX [-l local_program] user:cmd
+        $ qrexec-client -d domX [-l local_program] user:cmd
 
 
 
@@ -191,7 +191,7 @@ domX: request execution of service ``admin.Service`` in dom0
 
   .. code:: console
 
-        qrexec-client-vm dom0 admin.Service [local_program] [params]
+        $ qrexec-client-vm dom0 admin.Service [local_program] [params]
 
 
 
@@ -217,7 +217,7 @@ domX: request execution of service ``admin.Service`` in dom0
 
   .. code:: console
 
-        qrexec-client -d dom0 -c domX,X,SOCKET11 "QUBESRPC admin.Service domX name dom0"
+        $ qrexec-client -d dom0 -c domX,X,SOCKET11 "QUBESRPC admin.Service domX name dom0"
 
 
 
@@ -260,7 +260,7 @@ domX: invoke execution of qubes service ``qubes.Service`` in domY
 
   .. code:: console
 
-        qrexec-client-vm domY qubes.Service [local_program] [params]
+        $ qrexec-client-vm domY qubes.Service [local_program] [params]
 
 
 
@@ -278,7 +278,7 @@ domX: invoke execution of qubes service ``qubes.Service`` in domY
 
   .. code:: console
 
-        qrexec-client -d domY -c domX,X,SOCKET11 user:cmd "DEFAULT:QUBESRPC qubes.Service domX"
+        $ qrexec-client -d domY -c domX,X,SOCKET11 user:cmd "DEFAULT:QUBESRPC qubes.Service domX"
 
 
 

developer/services/qrexec-socket-services.rst

@@ -122,8 +122,8 @@ Start the socket using ``systemctl --user start``. Enable it using ``systemctl -
 
 .. code:: console
 
-      systemctl --user start qubes-qrexec-policy-agent.socket
-      systemctl --user enable qubes-qrexec-policy-agent.socket
+      $ systemctl --user start qubes-qrexec-policy-agent.socket
+      $ systemctl --user enable qubes-qrexec-policy-agent.socket
 
 
 
@@ -131,7 +131,7 @@ Alternatively, you can enable the service by creating a symlink:
 
 .. code:: console
 
-      sudo ln -s /lib/systemd/user/qubes-qrexec-policy-agent.socket /lib/systemd/user/sockets.target.wants/
+      $ sudo ln -s /lib/systemd/user/qubes-qrexec-policy-agent.socket /lib/systemd/user/sockets.target.wants/
 
 
 
@@ -143,7 +143,7 @@ Link in qubes-rpc
 
 .. code:: console
 
-      sudo ln -s /var/run/qubes/policy-agent.sock /etc/qubes-rpc/policy.Ask
+      $ sudo ln -s /var/run/qubes/policy-agent.sock /etc/qubes-rpc/policy.Ask
 
 
 
@@ -157,7 +157,7 @@ Install the Python systemd library:
 
 .. code:: console
 
-      sudo dnf install python3-systemd
+      $ sudo dnf install python3-systemd
 
 
 
@@ -240,7 +240,7 @@ The service is invoked in the same way as a standard Qubes RPC service:
 
 .. code:: console
 
-      echo <input_data> | qrexec-client -d domX 'DEFAULT:QUBESRPC policy.Ask'
+      $ echo <input_data> | qrexec-client -d domX 'DEFAULT:QUBESRPC policy.Ask'
 
 
 
@@ -248,7 +248,7 @@ You can also connect to it locally, but remember to include the service descript
 
 .. code:: console
 
-      echo -e 'policy.Ask dom0\0<input data>' | nc -U /etc/qubes-rpc/policy.Ask
+      $ echo -e 'policy.Ask dom0\0<input data>' | nc -U /etc/qubes-rpc/policy.Ask
 
 
 

developer/services/qrexec.rst

@@ -111,7 +111,10 @@ Answering an RPC call
 ^^^^^^^^^^^^^^^^^^^^^
 
 
-In other for a RPC call to be answered in the target VM, a file in either of the following locations must exist, containing the file name of the program that will be invoked, or being that program itself – in which case it must have executable permission set (``chmod +x``): - ``/etc/qubes-rpc/RPC_ACTION_NAME`` when you make it in the template qube; - ``/usr/local/etc/qubes-rpc/RPC_ACTION_NAME`` for making it only in an app qube.
+In other for a RPC call to be answered in the target VM, a file in either of the following locations must exist, containing the file name of the program that will be invoked, or being that program itself – in which case it must have executable permission set (``chmod +x``):
+
+- ``/etc/qubes-rpc/RPC_ACTION_NAME`` when you make it in the template qube;
+- ``/usr/local/etc/qubes-rpc/RPC_ACTION_NAME`` for making it only in an app qube.
 
 The source VM name can then be accessed in the server process via ``QREXEC_REMOTE_DOMAIN`` environment variable. (Note the source VM has *no* control over the name provided in this variable–the name of the VM is provided by dom0, and so is trusted.)
 
@@ -245,7 +248,7 @@ We’ll need to create a service called ``test.Add`` with its own definition and
 
 .. code:: console
 
-      ln -s /usr/bin/our_test_add_server /etc/qubes-rpc/test.Add
+      $ ln -s /usr/bin/our_test_add_server /etc/qubes-rpc/test.Add
 
 
 

developer/services/qrexec2.rst

@@ -90,7 +90,7 @@ In a src VM, one should invoke the qrexec client via the following command:
 
 .. code:: console
 
-      /usr/lib/qubes/qrexec-client-vm <target vm name> <service name> <local program path> [local program arguments]
+      $ /usr/lib/qubes/qrexec-client-vm <target vm name> <service name> <local program path> [local program arguments]
 
 
 
@@ -114,7 +114,7 @@ In order to remove such authorization, issue this command from a Dom0 terminal (
 
 .. code:: console
 
-      sudo nano /etc/qubes-rpc/policy/qubes.Filecopy
+      $ sudo nano /etc/qubes-rpc/policy/qubes.Filecopy
 
 
 and then remove any line(s) ending in “allow” (before the first ``##`` comment) which are the “Yes to All” results.
@@ -164,7 +164,7 @@ We will show the necessary files to create a simple RPC call that adds two integ
 
   .. code:: console
 
-        /usr/lib/qubes/qrexec-client-vm <target VM> test.Add /usr/bin/our_test_add_client 1 2
+        $ /usr/lib/qubes/qrexec-client-vm <target VM> test.Add /usr/bin/our_test_add_client 1 2
 
 
 

developer/system/architecture.rst

@@ -7,7 +7,7 @@ Qubes implements a security-by-compartmentalization approach. To do this, Qubes
 
 |qubes-schema-v2.png|
 
-Qubes lets the user define many secure compartments known as :ref:`qubes <user/reference/glossary:qube>`, which are implemented as lightweight :ref:`virtual machines (VMs) <user/reference/glossary:vm>`. For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” app qubes and can use the applications within those qubes just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between qubes, of course.
+Qubes lets the user define many secure compartments known as :term:`qubes <qube>`, which are implemented as lightweight :term:`virtual machines (VMs)  <vm>`. For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” app qubes and can use the applications within those qubes just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between qubes, of course.
 
 Key architecture features
 -------------------------

developer/system/networking.rst

@@ -121,7 +121,7 @@ Starting with Qubes 4.0, there is opt-in support for IPv6 forwarding. Similar to
 
 .. code:: console
 
-      qvm-features sys-net ipv6 1
+      $ qvm-features sys-net ipv6 1
 
 
 
@@ -129,7 +129,7 @@ It is also possible to explicitly disable IPv6 support for some qubes, even if i
 
 .. code:: console
 
-      qvm-features ipv4-only-qube ipv6 ''
+      $ qvm-features ipv4-only-qube ipv6 ''
 
 
 

developer/system/vm-sudo.rst

@@ -1,3 +1,5 @@
+:orphan:
+
 =================================
 Passwordless root access in qubes
 =================================

index.rst

@@ -210,9 +210,9 @@ Core documentation for Qubes developers and advanced users.
    developer/general/gsod
    developer/general/how-to-edit-the-rst-documentation
    developer/general/rst-documentation-style-guide
-   How to edit the website <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>
-   Markdown style guide <https://www.qubes-os.org/doc/documentation-style-guide/>
-   Website style guide <https://www.qubes-os.org/doc/website-style-guide/>
+   developer/general/how-to-edit-the-website
+   developer/general/markdown-style-guide
+   developer/general/website-style-guide
    developer/general/continuous-integration
    developer/general/usability-ux
    developer/general/developing-gui-applications

introduction/contributing.rst

@@ -23,7 +23,7 @@ Thank you for your interest in contributing to Qubes! Here are some of the many
 
 - Create `artwork <https://github.com/QubesOS/qubes-artwork>`__ (plymouth themes, installer themes, wallpapers, etc.)
 
-- `Write and edit the documentation <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>`__
+- :doc:`Write and edit the documentation </developer/general/how-to-edit-the-documentation>`
 
 - `Donate <https://www.qubes-os.org/donate/>`__ to the project
 

introduction/faq.rst

@@ -320,7 +320,7 @@ Should I trust this website?
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
-This website is hosted on `GitHub Pages <https://pages.github.com/>`__ (`why? <#why-do-you-use-github>`__). Therefore, it is largely outside of our control. We don’t consider this a problem, however, since we explicitly `distrust the infrastructure <#what-does-it-mean-to-distrust-the-infrastructure>`__. For this reason, we don’t think that anyone should place undue trust in the live version of this site on the Web. Instead, if you want to obtain your own trustworthy copy of this website in a secure way, you should clone our `website repo <https://github.com/QubesOS/qubesos.github.io>`__, :ref:`verify the PGP signatures on the commits and/or tags <project-security/verifying-signatures:how to verify signatures on git repository tags and commits>` signed by the `doc-signing keys <https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing>`__ (which indicates that the content has undergone `review <https://www.qubes-os.org/doc/how-to-edit-the-documentation/#security>`__), then either `render the site on your local machine <https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions>`__ or simply read the source, the vast majority of which was `intentionally written in Markdown so as to be readable as plain text for this very reason <https://www.qubes-os.org/doc/documentation-style-guide/#markdown-conventions>`__. We’ve gone to special effort to set all of this up so that no one has to trust the infrastructure and so that the contents of this website are maximally available and accessible.
+This website is hosted on `GitHub Pages <https://pages.github.com/>`__ (`why? <#why-do-you-use-github>`__). Therefore, it is largely outside of our control. We don’t consider this a problem, however, since we explicitly `distrust the infrastructure <#what-does-it-mean-to-distrust-the-infrastructure>`__. For this reason, we don’t think that anyone should place undue trust in the live version of this site on the Web. Instead, if you want to obtain your own trustworthy copy of this website in a secure way, you should clone our `website repo <https://github.com/QubesOS/qubesos.github.io>`__, :ref:`verify the PGP signatures on the commits and/or tags <project-security/verifying-signatures:how to verify signatures on git repository tags and commits>` signed by the `doc-signing keys <https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing>`__ (which indicates that the content has undergone :ref:`review <developer/general/how-to-edit-the-documentation:security>`), then either `render the site on your local machine <https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions>`__ or simply read the source, the vast majority of which was :ref:`intentionally written in Markdown so as to be readable as plain text for this very reason <developer/general/documentation-style-guide:markdown conventions>`. We’ve gone to special effort to set all of this up so that no one has to trust the infrastructure and so that the contents of this website are maximally available and accessible.
 
 
 What does it mean to "distrust the infrastructure"?
@@ -563,10 +563,10 @@ or
 
   .. code:: bash
 
-        echo 0000:<BDF> > /sys/bus/pci/drivers/pciback/unbind
-        MODALIAS=`cat /sys/bus/pci/devices/0000:<BDF>/modalias`
-        MOD=`modprobe -R $MODALIAS | head -n 1`
-        echo 0000:<BDF> > /sys/bus/pci/drivers/$MOD/bind
+        $ echo 0000:<BDF> > /sys/bus/pci/drivers/pciback/unbind
+        $ MODALIAS=`cat /sys/bus/pci/devices/0000:<BDF>/modalias`
+        $ MOD=`modprobe -R $MODALIAS | head -n 1`
+        $ echo 0000:<BDF> > /sys/bus/pci/drivers/$MOD/bind
 
 
 
@@ -692,7 +692,7 @@ From a ``dom0`` prompt, enter:
 
 .. code:: bash
 
-      qvm-prefs <HVMname> kernel ""
+      $ qvm-prefs <HVMname> kernel ""
 
 
 

introduction/getting-started.rst

@@ -9,13 +9,13 @@ The Basics
 ----------
 
 
-Qubes OS is an operating system built out of securely-isolated compartments, or :ref:`qubes <user/reference/glossary:qube>`. You can have a work qube, a personal qube, a banking qube, a web browsing qube, a standalone Windows qube and so on. You can have as many qubes as you want! Most of the time, you’ll be using an :ref:`app qube <user/reference/glossary:app qube>`, a qube for running software programs like web browsers, email clients, and word processors. Each app qube is based on another type of qube called a :ref:`template <user/reference/glossary:template>`. The same template can be a base for various qubes. Importantly, a qube cannot modify its template in any way. This means that, if a qube is ever compromised, its template and any other qubes based on that template will remain safe. This is what makes Qubes OS so secure. Even if an attack is successful, the damage is limited to a single qube.
+Qubes OS is an operating system built out of securely-isolated compartments, or :term:`qubes <qube>`. You can have a work qube, a personal qube, a banking qube, a web browsing qube, a standalone Windows qube and so on. You can have as many qubes as you want! Most of the time, you’ll be using an :term:`app qube`, a qube for running software programs like web browsers, email clients, and word processors. Each app qube is based on another type of qube called a :term:`template`. The same template can be a base for various qubes. Importantly, a qube cannot modify its template in any way. This means that, if a qube is ever compromised, its template and any other qubes based on that template will remain safe. This is what makes Qubes OS so secure. Even if an attack is successful, the damage is limited to a single qube.
 
 Suppose you want to use your favorite web browser in several different qubes. You’d install the web browser in a template, then every qube based on that template would be able to run the web browser software (while still being forbidden from modifying the template and any other qubes). This way, you only have to install the web browser a single time, and updating the template updates all the qubes based on it. This elegant design saves time and space while enhancing security.
 
-There are also some “helper” qubes in your system. Each qube that connects to the Internet does so through a network-providing :ref:`service qube <user/reference/glossary:service qube>`. If you need to access USB devices, another service qube will do that. There’s also a :ref:`management qube <user/reference/glossary:management qube>` that automatically handles a lot of background housekeeping. For the most part, you won’t have to worry about it, but it’s nice to know that it’s there. As with app qubes, service qubes and management qubes are also based on templates. Templates are usually named after their operating system (often a `Linux distribution <https://en.wikipedia.org/wiki/Linux_distribution>`__) and corresponding version number. There are many ready-to-use :doc:`templates </user/templates/templates>` to choose from, and you can download and have as many as you like.
+There are also some “helper” qubes in your system. Each qube that connects to the Internet does so through a network-providing :term:`service qube`. If you need to access USB devices, another service qube will do that. There’s also a :term:`management qube` that automatically handles a lot of background housekeeping. For the most part, you won’t have to worry about it, but it’s nice to know that it’s there. As with app qubes, service qubes and management qubes are also based on templates. Templates are usually named after their operating system (often a `Linux distribution <https://en.wikipedia.org/wiki/Linux_distribution>`__) and corresponding version number. There are many ready-to-use :doc:`templates </user/templates/templates>` to choose from, and you can download and have as many as you like.
 
-Last but not least, there’s a very special :ref:`admin qube <user/reference/glossary:admin qube>` used to administer your entire system. There’s only one admin qube, and it’s called :ref:`dom0 <user/reference/glossary:dom0>`. You can think of it as the master qube, holding ultimate power over everything that happens in Qubes OS. Dom0 is the most trusted one of all qubes. If dom0 were ever to be compromised, it would be “game over”- an effective compromise of the entire system. That’s why everything in Qubes OS is specifically designed to protect dom0 and ensure that doesn’t happen. Due to its overarching importance, dom0 has no network connectivity and is used only for running the `desktop environment <https://en.wikipedia.org/wiki/Desktop_environment>`__ and `window manager <https://en.wikipedia.org/wiki/Window_manager>`__. Dom0 should never be used for anything else. In particular, you should never run user applications in dom0. (That’s what your app qubes are for!) In short, be very careful when interacting with dom0.
+Last but not least, there’s a very special :term:`admin qube` used to administer your entire system. There’s only one admin qube, and it’s called :term:`dom0`. You can think of it as the master qube, holding ultimate power over everything that happens in Qubes OS. Dom0 is the most trusted one of all qubes. If dom0 were ever to be compromised, it would be “game over”- an effective compromise of the entire system. That’s why everything in Qubes OS is specifically designed to protect dom0 and ensure that doesn’t happen. Due to its overarching importance, dom0 has no network connectivity and is used only for running the `desktop environment <https://en.wikipedia.org/wiki/Desktop_environment>`__ and `window manager <https://en.wikipedia.org/wiki/Window_manager>`__. Dom0 should never be used for anything else. In particular, you should never run user applications in dom0. (That’s what your app qubes are for!) In short, be very careful when interacting with dom0.
 
 Color & Security
 ^^^^^^^^^^^^^^^^
@@ -189,7 +189,7 @@ Documentation
 -------------
 
 
-Browse our extensive library of :doc:`documentation </index>` for users and developers of Qubes OS. You can even `help us improve it <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>`__!
+Browse our extensive library of :doc:`documentation </index>` for users and developers of Qubes OS. You can even :doc:`help us improve it </developer/general/how-to-edit-the-documentation>`!
 
 .. |snapshot_41.png| image:: /attachment/doc/r4.1-snapshot_40.png
    

introduction/intro.rst

@@ -1,3 +1,8 @@
+:og:image: https://doc.qubes-os.org/en/latest/_images/qubes-trust-level-architecture.png
+:og:image:alt: An overview of the security features of Qubes OS, including strong isolation, templating system,...
+:og:image:width: 778
+:og:image:height: 591
+
 ============
 Introduction
 ============
@@ -6,10 +11,10 @@ What is Qubes OS?
 -----------------
 
 Qubes OS is a free and open-source, security-oriented operating system for
-single-user desktop computing. Qubes OS leverages `Xen-based virtualization <https://wiki.xen.org/wiki/Xen_Project_Software_Overview>`__ to allow for the creation and management of isolated compartments called :ref:`qubes <user/reference/glossary:qube>`.
+single-user desktop computing. Qubes OS `leverages Xen-based virtualization <https://wiki.xen.org/wiki/Xen_Project_Software_Overview>`__ to allow for the creation and management of isolated compartments called :term:`qubes <qube>`.
 
 
-These qubes, which are implemented as :ref:`virtual machines (VMs)<user/reference/glossary:vm>`, have specific:
+These qubes, which are implemented as :term:`virtual machines (VMs) <vm>`, have specific:
                
 - **Purposes:** with a predefined set of one or many isolated
   applications, for personal or professional projects, to manage the
@@ -39,7 +44,7 @@ Features
 - **Strong isolation** Isolate different pieces of software as if they were installed on separate
   physical machines using advanced virtualization techniques.
 
-- **Template system** Use :ref:`app qubes <user/reference/glossary:app qube>` to
+- **Template system** Use :term:`app qubes  <app qube>` to
   share a root file system without sacrificing security using the innovative
   :doc:`Template system </user/templates/templates>`.
 
@@ -187,7 +192,7 @@ presentation.
 
 
 - If you’re a current or potential Qubes user, you may want to check out the :doc:`documentation </index>` and the :ref:`user FAQ <introduction/faq:users>`.
-- If you’re a developer, there’s dedicated :ref:`developer documentation <index:developer documentation>` and a :ref:`developer FAQ <introduction/faq:developers>` just for you.
-- Ready to give Qubes a try? Head on over to the `downloads page <https://www.qubes-os.org/downloads/>`__, and read the :doc:`installation guide </user/downloading-installing-upgrading/installation-guide>`.
+- If you’re a developer, there’s dedicated :ref:`index:Developer Documentation` and a :ref:`developer FAQ <introduction/faq:developers>` just for you.
+- Ready to give Qubes a try? Head on over to the `downloads page <https://www.qubes-os.org/downloads/>`__, and read the :ref:`Installation guide`.
 - Need help, or just want to join the conversation? Learn more about :doc:`help, support, the mailing lists, and the forum </introduction/support>`.
 

introduction/issue-tracking.rst

@@ -21,7 +21,7 @@ I see something that should be changed in the documentation.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
-We encourage you to submit the change yourself! Please see the `how to edit the documentation <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>`__ for instructions on how to do so. If it’s something you can’t do yourself, please proceed to open an issue.
+We encourage you to submit the change yourself! Please see the :doc:`how to edit the documentation </developer/general/how-to-edit-the-documentation>` for instructions on how to do so. If it’s something you can’t do yourself, please proceed to open an issue.
 
 I would like to report a security vulnerability.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -47,13 +47,15 @@ Great! Thank you for taking the time and effort to help improve Qubes! To ensure
 
 6. Do not delete the provided issue template. Fill out every applicable section.
 
-7. Make sure to mention any relevant documentation and other issues you’ve already seen. We don’t know what you’ve seen unless you tell us. If you don’t list it, we’ll assume you haven’t seen it.
+7. Please note that AIs often `hallucinate <https://en.wikipedia.org/wiki/Hallucination_(artificial_intelligence)>`__ about Qubes OS. If you're using an AI to assist you, please check its conclusions against the `official documentation <https://doc.qubes-os.org/>`__.
 
-8. If any sections of the issue template are *truly* not applicable, you may remove them.
+8. Make sure to mention any relevant documentation and other issues you’ve already seen. We don’t know what you’ve seen unless you tell us. If you don’t list it, we’ll assume you haven’t seen it.
 
-9. Submit your issue.
+9. If any sections of the issue template are *truly* not applicable, you may remove them.
 
-10. Respond to any questions the official team asks. For example, you may be asked to provide specific logs or other additional information.
+10. Submit your issue.
+
+11. Respond to any questions the official team asks. For example, you may be asked to provide specific logs or other additional information.
 
 
 
@@ -171,18 +173,23 @@ If your issue is not actionable, please see :doc:`Help, Support, Mailing Lists,
 
 This guideline is extremely important for making the issue tracker a useful tool for the developers. When an issue is too big and composite, it becomes intractable and drastically increases the likelihood that nothing will get done. Such issues also tend to encourage an excessive amount of general discussion that is simply not appropriate for a technical issue tracker (see `the issue tracker is not a discussion forum <#the-issue-tracker-is-not-a-discussion-forum>`__).
 
-New issues should not be duplicates of existing issues
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-
-Before you submit an issue, check to see whether it has already been reported. Search through the existing issues – both open and closed – by typing your key words in the **Filters** box. If you find an issue that seems to be similar to yours, read through it. If you find an issue that is the same as or subsumes yours, leave a comment on the existing issue rather than filing a new one, even if the existing issue is closed. If an issue affects more than one Qubes version, we usually keep only one issue for all versions. The Qubes team will see your comment and reopen the issue, if appropriate. For example, you can leave a comment with additional information to help the maintainer debug it. Adding a comment will subscribe you to email notifications, which can be helpful in getting important updates regarding the issue. If you don’t have anything to add but still want to receive email updates, you can click the “Subscribe” button at the side or bottom of the comments.
-
 Every issue must be of a single type
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
 Every issue must be exactly one of the following types: a bug report (``bug``), a feature or improvement request (``enhancement``), or a task (``task``). Do not file multi-typed issues. Instead, file multiple issues of distinct types. The Qubes team will classify your issue according to its type.
 
+New issues should not be duplicates of existing issues
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+Before you submit an issue, check to see whether it has already been reported. Search through the existing issues – both open and closed – by typing your key words in the **Filters** box. If you find an issue that seems to be similar to yours, read through it.
+
+For bug reports, if you find an issue that is the same as or subsumes yours, leave a comment on the existing bug report issue rather than opening a new one, even if the existing bug report is closed. If a bug report affects more than one Qubes version, we usually keep only one bug report for all versions. The Qubes team will see your comment and reopen the bug report, if appropriate. For example, you can leave a comment with additional information to help the maintainer debug it. Adding a comment will subscribe you to email notifications, which can be helpful in getting important updates regarding the issue. If you don’t have anything to add but still want to receive email updates, you can click the “Subscribe” button at the side or bottom of the comments.
+
+For feature requests, it depends on what you want to report. If the initial implementation was incomplete or unsuccessful, then please leave a comment on the existing feature request issue, and we will reopen it. However, if the initial implementation of the feature was successful, and you are reporting a problem with the feature that arose later, then please open a separate bug report (if one doesn't already exist for that bug) instead of commenting on the old feature request, as we generally prefer not to reopen old feature requests the initial implemntation of which was successfully completed.
+
+
 New issues should include all relevant information
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

introduction/support.rst

@@ -77,7 +77,7 @@ It’s always possible that a bad actor could try to impersonate any member of t
 
 Given that there may be impostors and others trying to lead you astray, how should you sort the good advice from the bad? This is up to each individual to decide, but it helps to know that many members of our community have proven themselves knowledgeable through their :doc:`contributions </introduction/contributing>` to the project. Often, these individuals sign their messages with the same key as (or another key authenticated by) the one they use to :doc:`sign their contributions </developer/code/code-signing>`.
 
-For example, you might find it easier to trust advice from someone who has a proven track record of :doc:`contributing software packages </developer/general/package-contributions>` or `contributing to the documentation <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>`__. It’s unlikely that individuals who have worked hard to build good reputations for themselves through their contributions over the years would risk giving malicious advice in signed messages to public mailing lists. Since every contribution to the Qubes OS Project is publicly visible and cryptographically signed, anyone would be in a position to :doc:`verify </project-security/verifying-signatures>` that these came from the same keyholder.
+For example, you might find it easier to trust advice from someone who has a proven track record of :doc:`contributing software packages </developer/general/package-contributions>` or :doc:`contributing to the documentation </developer/general/how-to-edit-the-documentation>`. It’s unlikely that individuals who have worked hard to build good reputations for themselves through their contributions over the years would risk giving malicious advice in signed messages to public mailing lists. Since every contribution to the Qubes OS Project is publicly visible and cryptographically signed, anyone would be in a position to :doc:`verify </project-security/verifying-signatures>` that these came from the same keyholder.
 
 Discussion guidelines
 ---------------------
@@ -121,7 +121,7 @@ Report issues and submit changes in the right places
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 
-The mailing lists and `forum <#forum>`__ are good places to ask questions and discuss things. However, if you’re submitting a more formal report, we’d prefer that you submit it to our :doc:`issue tracker </introduction/issue-tracking>` so that it doesn’t get overlooked. (However, please remember that :ref:`the issue tracker is not a discussion forum <introduction/issue-tracking:the issue tracker is not a discussion forum>`.) Likewise, if you see that something in the documentation should be changed, don’t simply point it out in a discussion venue. Instead, `submit the change <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>`__.
+The mailing lists and `forum <#forum>`__ are good places to ask questions and discuss things. However, if you’re submitting a more formal report, we’d prefer that you submit it to our :doc:`issue tracker </introduction/issue-tracking>` so that it doesn’t get overlooked. (However, please remember that :ref:`the issue tracker is not a discussion forum <introduction/issue-tracking:the issue tracker is not a discussion forum>`.) Likewise, if you see that something in the documentation should be changed, don’t simply point it out in a discussion venue. Instead, :doc:`submit the change </developer/general/how-to-edit-the-documentation>`.
 
 Moderation
 ^^^^^^^^^^

project-security/security-pack.rst

@@ -31,7 +31,7 @@ The following example demonstrates one method of obtaining the qubes-secpack and
 
 1. Use Git to clone the qubes-secpack repo.
 
-   .. code::
+   .. code:: console
 
          $ git clone https://github.com/QubesOS/qubes-secpack.git
          Cloning into 'qubes-secpack'...
@@ -44,7 +44,7 @@ The following example demonstrates one method of obtaining the qubes-secpack and
 
 2. Import the included PGP keys. See our `PGP key policies <#pgp-key-policies>`__ for important information about these keys.
 
-   .. code::
+   .. code:: console
 
          $ gpg --import qubes-secpack/keys/*/*
          gpg: directory `/home/user/.gnupg' created

project-security/security.rst

@@ -31,7 +31,7 @@ Reporting security issues in Qubes OS
 
 If you’ve discovered a security issue affecting Qubes OS, either directly or indirectly (e.g., the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you! We promise to take all reported issues seriously. If our investigation confirms that an issue affects Qubes, we will patch it within a reasonable time and release a public `Qubes security bulletin (QSB) <https://www.qubes-os.org/security/qsb/>`__ that describes the issue, discusses the potential impact of the vulnerability, references applicable patches or workarounds, and credits the discoverer. Please use the `Qubes security team PGP key <https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc>`__ to encrypt your email to this address:
 
-.. code:: console
+.. code:: text
 
       security at qubes-os dot org
 

project-security/verifying-signatures.rst

@@ -178,11 +178,11 @@ Now that you’ve imported the authentic QMSK, set its trust level to “ultimat
                            trust: unknown       validity: unknown
       [ unknown] (1). Qubes Master Signing Key
 
-      gpg> fpr
+      $ gpg> fpr
       pub   4096R/36879494 2010-04-01 Qubes Master Signing Key
       Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
 
-      gpg> trust
+      $ gpg> trust
       pub  4096R/36879494  created: 2010-04-01  expires: never       usage: SC
                            trust: unknown       validity: unknown
       [ unknown] (1). Qubes Master Signing Key
@@ -206,7 +206,7 @@ Now that you’ve imported the authentic QMSK, set its trust level to “ultimat
       Please note that the shown key validity is not necessarily correct
       unless you restart the program.
 
-      gpg> q
+      $ gpg> q
 
 
 Now, when you import any of the release signing keys and many Qubes team member keys, they will already be trusted in virtue of being signed by the QMSK.

requirements.txt

@@ -29,6 +29,7 @@ sphinxcontrib-jquery==4.1
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
+sphinxext-opengraph==0.12.0
 sphinxnotes-any==2.5
 sphinxnotes-comboroles==1.0
 sphinxnotes-strike==1.2.1

user/advanced-topics/bind-dirs.rst

@@ -30,7 +30,7 @@ In this example, we want to make ``/var/lib/tor`` persistent. Enter all of the f
 
    .. code:: console
 
-         sudo mkdir -p /rw/config/qubes-bind-dirs.d
+         $ sudo mkdir -p /rw/config/qubes-bind-dirs.d
 
 
 
@@ -38,7 +38,7 @@ In this example, we want to make ``/var/lib/tor`` persistent. Enter all of the f
 
    .. code:: console
 
-         sudo touch /rw/config/qubes-bind-dirs.d/50_user.conf
+         $ sudo touch /rw/config/qubes-bind-dirs.d/50_user.conf
 
 
 
@@ -56,7 +56,7 @@ In this example, we want to make ``/var/lib/tor`` persistent. Enter all of the f
 
    .. code:: console
 
-         sudo mkdir -p /rw/bind-dirs/var/lib/tor
+         $ sudo mkdir -p /rw/bind-dirs/var/lib/tor
 
 
 
@@ -157,7 +157,7 @@ To use this feature, first, enable it:
 
 .. code:: console
 
-      qvm-service -e my-app-vm custom-persist
+      $ qvm-service -e my-app-vm custom-persist
 
 
 
@@ -165,7 +165,7 @@ Then, configure a persistent directory with ``qvm-features``:
 
 .. code:: console
 
-      qvm-features my-app-vm custom-persist.my_persistent_dir /var/my_persistent_dir
+      $ qvm-features my-app-vm custom-persist.my_persistent_dir /var/my_persistent_dir
 
 
 
@@ -173,8 +173,8 @@ To re-enable ``/home`` and ``/usr/local`` persistence, just add them to the list
 
 .. code:: console
 
-      qvm-features my-app-vm custom-persist.home /home
-      qvm-features my-app-vm custom-persist.usrlocal /usr/local
+      $ qvm-features my-app-vm custom-persist.home /home
+      $ qvm-features my-app-vm custom-persist.usrlocal /usr/local
 
 
 
@@ -184,8 +184,8 @@ A user may want their bind-dirs to be automatically pre-created in ``/rw/bind-di
 
 .. code:: console
 
-      qvm-features my-app-vm custom-persist.downloads dir:user:user:0755:/home/user/Downloads
-      qvm-features my-app-vm custom-persist.my_ssh_known_hosts_file file:user:user:0600:/home/user/.ssh/known_hosts
+      $ qvm-features my-app-vm custom-persist.downloads dir:user:user:0755:/home/user/Downloads
+      $ qvm-features my-app-vm custom-persist.my_ssh_known_hosts_file file:user:user:0600:/home/user/.ssh/known_hosts
 
 
 

user/advanced-topics/disposable-customization.rst

@@ -10,7 +10,7 @@ Introduction
 ------------
 
 
-A :doc:`disposable </user/how-to-guides/how-to-use-disposables>` can be based on any :ref:`app qube <user/reference/glossary:app qube>`. You can also choose to use different :ref:`disposable templates <user/reference/glossary:disposable template>` for different disposables. To prepare an app qube to be a disposable template, you need to set the ``template_for_dispvms`` property:
+A :doc:`disposable </user/how-to-guides/how-to-use-disposables>` can be based on any :term:`app qube`. You can also choose to use different :term:`disposable templates <disposable template>` for different disposables. To prepare an app qube to be a disposable template, you need to set the ``template_for_dispvms`` property:
 
 .. code:: console
 
@@ -89,17 +89,17 @@ Using named disposables for service qubes
 -----------------------------------------
 
 
-You can use a :ref:`named disposable <user/reference/glossary:named disposable>` for service qubes (such as those with the ``sys-*`` naming scheme) as long as they are stateless. For example, a ``sys-net`` using DHCP or ``sys-usb`` will work. In most cases ``sys-firewall`` will also work, even if you have configured app qube firewall rules. The only exception is if you require something like VM to VM communication and have manually edited ``iptables`` or other items directly inside the firewall app qube.
+You can use a :term:`named disposable` for service qubes (such as those with the ``sys-*`` naming scheme) as long as they are stateless. For example, a ``sys-net`` using DHCP or ``sys-usb`` will work. In most cases ``sys-firewall`` will also work, even if you have configured app qube firewall rules. The only exception is if you require something like VM to VM communication and have manually edited ``iptables`` or other items directly inside the firewall app qube.
 
 To create one that has no PCI devices attached, such as for ``sys-firewall``:
 
 .. code:: console
 
-      qvm-create -C DispVM -l green <SERVICE_QUBE>
-      qvm-prefs <SERVICE_QUBE> autostart true
-      qvm-prefs <SERVICE_QUBE> netvm <NET_QUBE>
-      qvm-prefs <SERVICE_QUBE> provides_network true
-      qvm-features <SERVICE_QUBE> appmenus-dispvm ''
+      $ qvm-create -C DispVM -l green <SERVICE_QUBE>
+      $ qvm-prefs <SERVICE_QUBE> autostart true
+      $ qvm-prefs <SERVICE_QUBE> netvm <NET_QUBE>
+      $ qvm-prefs <SERVICE_QUBE> provides_network true
+      $ qvm-features <SERVICE_QUBE> appmenus-dispvm ''
 
 
 
@@ -111,13 +111,13 @@ To create one with a PCI device attached such as for ``sys-net`` or ``sys-usb``,
 
 .. code:: console
 
-      qvm-create -C DispVM -l red <SERVICE_QUBE>
-      qvm-prefs <SERVICE_QUBE> virt_mode hvm
-      qvm-service <SERVICE_QUBE> meminfo-writer off
-      qvm-pci attach --persistent <SERVICE_QUBE> dom0:<BDF>
-      qvm-prefs <SERVICE_QUBE> autostart true
-      qvm-prefs <SERVICE_QUBE> netvm ''
-      qvm-features <SERVICE_QUBE> appmenus-dispvm ''
+      $ qvm-create -C DispVM -l red <SERVICE_QUBE>
+      $ qvm-prefs <SERVICE_QUBE> virt_mode hvm
+      $ qvm-service <SERVICE_QUBE> meminfo-writer off
+      $ qvm-pci attach --persistent <SERVICE_QUBE> dom0:<BDF>
+      $ qvm-prefs <SERVICE_QUBE> autostart true
+      $ qvm-prefs <SERVICE_QUBE> netvm ''
+      $ qvm-features <SERVICE_QUBE> appmenus-dispvm ''
 
 
 
@@ -125,7 +125,7 @@ Optionally, if this disposable will also provide network access to other qubes:
 
 .. code:: console
 
-      qvm-prefs <SERVICE_QUBE> provides_network true
+      $ qvm-prefs <SERVICE_QUBE> provides_network true
 
 
 
@@ -133,7 +133,7 @@ Next, set the old service qube’s autostart to false, and update any references
 
 .. code:: console
 
-      qvm-prefs sys-firewall netvm <SERVICE_QUBE>
+      $ qvm-prefs sys-firewall netvm <SERVICE_QUBE>
 
 
 
@@ -143,17 +143,17 @@ Here is an example of a complete ``sys-net`` replacement:
 
 .. code:: console
 
-      qvm-create -C DispVM -l red sys-net2
-      qvm-prefs sys-net2 virt_mode hvm
-      qvm-service sys-net2 meminfo-writer off
-      qvm-pci attach --persistent sys-net2 dom0:00_1a.0
-      qvm-prefs sys-net2 autostart true
-      qvm-prefs sys-net2 netvm ''
-      qvm-features sys-net2 appmenus-dispvm ''
-      qvm-prefs sys-net2 provides_network true
-      qvm-prefs sys-net autostart false
-      qvm-prefs sys-firewall netvm sys-net2
-      qubes-prefs clockvm sys-net2
+      $ qvm-create -C DispVM -l red sys-net2
+      $ qvm-prefs sys-net2 virt_mode hvm
+      $ qvm-service sys-net2 meminfo-writer off
+      $ qvm-pci attach --persistent sys-net2 dom0:00_1a.0
+      $ qvm-prefs sys-net2 autostart true
+      $ qvm-prefs sys-net2 netvm ''
+      $ qvm-features sys-net2 appmenus-dispvm ''
+      $ qvm-prefs sys-net2 provides_network true
+      $ qvm-prefs sys-net autostart false
+      $ qvm-prefs sys-firewall netvm sys-net2
+      $ qubes-prefs clockvm sys-net2
 
 
 

user/advanced-topics/gui-configuration.rst

@@ -16,8 +16,8 @@ To increase the minimum size of the video RAM buffer:
 
 .. code:: console
 
-      qvm-features dom0 gui-videoram-min $(($WIDTH * $HEIGHT * 4 / 1024))
-      qvm-features dom0 gui-videoram-overhead 0
+      $ qvm-features dom0 gui-videoram-min $(($WIDTH * $HEIGHT * 4 / 1024))
+      $ qvm-features dom0 gui-videoram-overhead 0
 
 
 Where ``$WIDTH`` × ``$HEIGHT`` is the maximum desktop size that you anticipate needing. For example, if you expect to use a 1080p display and a 4k display side-by-side, that is ``(1920 + 3840) × 2160 × 4 / 1024 = 48600``, or slightly more than 48 MiB per qube. After making these adjustments, the qubes need to be restarted.
@@ -26,7 +26,7 @@ In the case of multiple display with different orientations or if you plug/unplu
 
 .. code:: console
 
-      qvm-features dom0 gui-videoram-min $(xrandr --verbose | grep "Screen 0" | sed -e 's/.*current //' -e 's/\,.*//' | awk '{print $1*$3*4/1024}')
+      $ qvm-features dom0 gui-videoram-min $(xrandr --verbose | grep "Screen 0" | sed -e 's/.*current //' -e 's/\,.*//' | awk '{print $1*$3*4/1024}')
 
 
 The amount of memory allocated per qube is the maximum of:

user/advanced-topics/gui-domain.rst

@@ -22,22 +22,22 @@ In ``dom0``, enable the formula for ``sys-gui`` with pillar data:
 
 .. code:: console
 
-      sudo qubesctl top.enable qvm.sys-gui
-      sudo qubesctl top.enable qvm.sys-gui pillar=True
+      $ sudo qubesctl top.enable qvm.sys-gui
+      $ sudo qubesctl top.enable qvm.sys-gui pillar=True
 
 
 then, execute it:
 
 .. code:: console
 
-      sudo qubesctl --all state.highstate
+      $ sudo qubesctl --all state.highstate
 
 
 You can now disable the ``sys-gui`` formula:
 
 .. code:: console
 
-      sudo qubesctl top.disable qvm.sys-gui
+      $ sudo qubesctl top.disable qvm.sys-gui
 
 
 At this point, you need to shutdown all your running qubes as the ``default_guivm`` qubes global property has been set to ``sys-gui``. In order to use ``sys-gui`` as GUI domain, you need to logout and, in the top right corner, select ``lightdm`` session type to **GUI domain (sys-gui)**. Once logged, you are running ``sys-gui`` as fullscreen window and you can perform any operation as if you would be in ``dom0`` desktop.
@@ -58,29 +58,29 @@ In ``dom0``, enable the formula for ``sys-gui-gpu`` with pillar data:
 
 .. code:: console
 
-      sudo qubesctl top.enable qvm.sys-gui-gpu
-      sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True
+      $ sudo qubesctl top.enable qvm.sys-gui-gpu
+      $ sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True
 
 
 then, execute it:
 
 .. code:: console
 
-      sudo qubesctl --all state.highstate
+      $ sudo qubesctl --all state.highstate
 
 
 You can now disable the ``sys-gui-gpu`` formula:
 
 .. code:: console
 
-      sudo qubesctl top.disable qvm.sys-gui-gpu
+      $ sudo qubesctl top.disable qvm.sys-gui-gpu
 
 
 One more step is needed: attaching the actual GPU to ``sys-gui-gpu``. This can be done either manually via ``qvm-pci`` (remember to enable permissive option), or via:
 
 .. code:: console
 
-      sudo qubesctl state.sls qvm.sys-gui-gpu-attach-gpu
+      $ sudo qubesctl state.sls qvm.sys-gui-gpu-attach-gpu
 
 
 The latter option assumes Intel graphics card (it has hardcoded PCI address). If you don’t have Intel graphics card, please use the former method with ``qvm-pci`` (see :doc:`How to use PCI devices </user/how-to-guides/how-to-use-pci-devices>`).
@@ -105,29 +105,29 @@ In ``dom0``, enable the formula for ``sys-gui-vnc`` with pillar data:
 
 .. code:: console
 
-      sudo qubesctl top.enable qvm.sys-gui-vnc
-      sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True
+      $ sudo qubesctl top.enable qvm.sys-gui-vnc
+      $ sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True
 
 
 then, execute it:
 
 .. code:: console
 
-      sudo qubesctl --all state.highstate
+      $ sudo qubesctl --all state.highstate
 
 
 You can now disable the ``sys-gui-vnc`` formula:
 
 .. code:: console
 
-      sudo qubesctl top.disable qvm.sys-gui-vnc
+      $ sudo qubesctl top.disable qvm.sys-gui-vnc
 
 
 At this point, you need to shutdown all your running qubes as the ``default_guivm`` qubes global property has been set to ``sys-gui-vnc``. Then, you can start ``sys-gui-vnc``:
 
 .. code:: console
 
-      qvm-start sys-gui-vnc
+      $ qvm-start sys-gui-vnc
 
 
 A VNC server session is running on ``localhost:5900`` in ``sys-gui-vnc``. In order to reach the ``VNC`` server, we encourage to not connect ``sys-gui-vnc`` to a ``NetVM`` but rather to use another qube for remote access, say ``sys-remote``. First, you need to bind port 5900 of ``sys-gui-vnc`` into a ``sys-remote`` local port (you may want to use another port than 5900 to reach ``sys-remote`` from the outside). For that, use ``qubes.ConnectTCP`` RPC service (see :doc:`Firewall </user/security-in-qubes/firewall>`. Then, you can use any ``VNC`` client to connect to you ``sys-remote`` on the chosen local port (5900 if you kept the default one). For the first connection, you will reach ``lightdm`` for which you can log as ``user`` where ``user`` refers to the first ``dom0`` user in ``qubes`` group and with corresponding ``dom0`` password.
@@ -188,21 +188,21 @@ Set ``default_guivm`` as ``dom0``:
 
 .. code:: console
 
-      qubes-prefs default_guivm dom0
+      $ qubes-prefs default_guivm dom0
 
 
 and for every selected qubes not using default value for GUI domain property, for example with a qube ``personal``:
 
 .. code:: console
 
-      qvm-prefs personal guivm dom0
+      $ qvm-prefs personal guivm dom0
 
 
 You are now able to delete the GUI domain, for example ``sys-gui-gpu``:
 
 .. code:: console
 
-      qvm-remove -f sys-gui-gpu
+      $ qvm-remove -f sys-gui-gpu
 
 
 .. |sys-gui| image:: /attachment/posts/guivm-hybrid.png

user/advanced-topics/how-to-install-software-in-dom0.rst

@@ -48,7 +48,7 @@ To downgrade a specific package in dom0:
 
 .. code:: console
 
-      sudo qubes-dom0-update --action=downgrade package-version
+      $ sudo qubes-dom0-update --action=downgrade package-version
 
 
 
@@ -60,7 +60,7 @@ To re-install a package in dom0:
 
 .. code:: console
 
-      sudo qubes-dom0-update --action=reinstall package
+      $ sudo qubes-dom0-update --action=reinstall package
 
 
 
@@ -72,7 +72,7 @@ If you’ve installed a package such as anti-evil-maid, you can remove it with t
 
 .. code:: console
 
-      sudo dnf remove anti-evil-maid
+      $ sudo dnf remove anti-evil-maid
 
 
 
@@ -96,9 +96,9 @@ To temporarily enable any of these repos, use the ``--enablerepo=<repo-name>`` o
 
 .. code:: console
 
-      sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
-      sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
-      sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable
+      $ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
+      $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
+      $ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable
 
 
 
@@ -154,7 +154,7 @@ Example
 
 .. code:: console
 
-      sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel kernel-qubes-vm
+      $ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel kernel-qubes-vm
 
 
 
@@ -168,7 +168,7 @@ Replace the example version numbers with the one you are upgrading to.
 
 .. code:: console
 
-      sudo dracut -f /boot/efi/EFI/qubes/initramfs-4.14.35-1.pvops.qubes.x86_64.img 4.14.35-1.pvops.qubes.x86_64
+      $ sudo dracut -f /boot/efi/EFI/qubes/initramfs-4.14.35-1.pvops.qubes.x86_64.img 4.14.35-1.pvops.qubes.x86_64
 
 
 
@@ -178,7 +178,7 @@ Grub2
 
 .. code:: console
 
-      sudo grub2-mkconfig -o /boot/grub2/grub.cfg
+      $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
 
 
 
@@ -192,14 +192,25 @@ Changing default kernel
 
 This section describes changing the default kernel in dom0. It is sometimes needed if you have upgraded to a newer kernel and are having problems booting, for example. On the next kernel update, the default will revert to the newest.
 
+
 .. code:: console
 
-      sudo nano /etc/default/grub
-      [update the following two lines, add if needed]
+      $ sudo nano /etc/default/grub
+
+
+Update the following two lines, add if needed:
+
+.. code:: bash
+
       GRUB_DISABLE_SUBMENU=false
       GRUB_SAVEDEFAULT=true
-      [save and exit nano]
-      sudo grub2-mkconfig -o /boot/grub2/grub.cfg
+
+
+Save and exit nano. Regenerate the GRUB 2 configuration. 
+
+.. code:: console
+
+      $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
 
 
 
@@ -211,7 +222,7 @@ Updating over Tor
 
 Requires installed `Whonix <https://forum.qubes-os.org/t/19014>`__.
 
-Go to Qubes VM Manager -> System -> Global Settings. See the UpdateVM setting. Choose your desired Whonix-Gateway ProxyVM from the list. For example: sys-whonix.
+Go to :menuselection:`Qubes VM Manager --> System --> Global Settings`. See the UpdateVM setting. Choose your desired Whonix-Gateway ProxyVM from the list. For example: sys-whonix.
 
 :menuselection:`Qubes VM Manager --> System --> Global Settings --> UpdateVM --> sys-whonix`
 

user/advanced-topics/installing-contributed-packages.rst

@@ -22,7 +22,7 @@ In dom0, use ``qubes-dom0-update``:
 
 .. code:: console
 
-      sudo qubes-dom0-update qubes-repo-contrib
+      $ sudo qubes-dom0-update qubes-repo-contrib
 
 
 In a Fedora-based template, use ``dnf``:
@@ -31,7 +31,7 @@ In a Fedora-based template, use ``dnf``:
 
 .. code:: console
 
-      sudo dnf install qubes-repo-contrib
+      $ sudo dnf install qubes-repo-contrib
 
 
 In a Debian-based template, use ``apt``:
@@ -40,7 +40,7 @@ In a Debian-based template, use ``apt``:
 
 .. code:: console
 
-      sudo apt update && sudo apt install qubes-repo-contrib
+      $ sudo apt update && sudo apt install qubes-repo-contrib
 
 
 The new repository definition will be in the usual location for your distro, and it will follow the naming pattern ``qubes-contrib-*``, depending on your Qubes release and whether it is in dom0 or a template. For example, in a Fedora template on Qubes 4.0, the new repository definition would be:
@@ -65,7 +65,7 @@ For example, to install ``qvm-screenshot-tool`` in dom0:
 
 .. code:: console
 
-      sudo qubes-dom0-update --clean qvm-screenshot-tool
+      $ sudo qubes-dom0-update --clean qvm-screenshot-tool
 
 
 Please see the package’s README for specific installation and setup instructions.

user/advanced-topics/kde.rst

@@ -37,7 +37,7 @@ KDE is very customisable, and there is a range of widgets to use. If you want to
 
 
 
-This allows you to edit the menu as you will. When editing the Menu *DO NOT use the option under “Edit->Restore to System Menu”*
+This allows you to edit the menu as you will. When editing the Menu *DO NOT use the option under* :menuselection:`Edit --> Restore to System Menu`
 
 Login manager
 ^^^^^^^^^^^^^
@@ -99,7 +99,7 @@ You can also use ``kstart`` to control virtual desktop placement like this:
 
 .. code:: console
 
-      kstart --desktop 3 --windowclass <vm_name> -q --tray -a <vm_name> '<run_program_command>'
+      $ kstart --desktop 3 --windowclass <vm_name> -q --tray -a <vm_name> '<run_program_command>'
 
 
 
@@ -117,6 +117,6 @@ The safest way to remove (most of) KDE is:
 
 .. code:: console
 
-      sudo dnf remove kdelibs plasma-workspace
+      $ sudo dnf remove kdelibs plasma-workspace
 
 

user/advanced-topics/managing-vm-kernels.rst

@@ -246,8 +246,8 @@ Both debian-9 and fedora-26 templates already have grub and related tools preins
 
 .. code:: console
 
-      qvm-prefs <clonetemplatename> virt_mode hvm
-      qvm-prefs <clonetemplatename> kernel ''
+      $ qvm-prefs <clonetemplatename> virt_mode hvm
+      $ qvm-prefs <clonetemplatename> kernel ''
 
 
 
@@ -263,7 +263,7 @@ If you are using a distribution kernel package (``kernel`` package), the initram
 
 .. code:: console
 
-      sudo dracut -f /boot/initramfs-4.15.14-200.fc26.x86_64.img 4.15.14-200.fc26.x86_64
+      $ sudo dracut -f /boot/initramfs-4.15.14-200.fc26.x86_64.img 4.15.14-200.fc26.x86_64
 
 
 
@@ -271,7 +271,7 @@ Once the kernel is installed, you need to setup ``grub2`` by running:
 
 .. code:: console
 
-      sudo grub2-install /dev/xvda
+      $ sudo grub2-install /dev/xvda
 
 
 
@@ -279,13 +279,13 @@ Finally, you need to create a GRUB configuration. You may want to adjust some se
 
 .. code:: console
 
-      sudo grub2-mkconfig -o /boot/grub2/grub.cfg
+      $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
 
 
 
 You can safely ignore this error message:
 
-.. code:: console
+.. code:: output
 
       grub2-probe: error: cannot find a GRUB drive for /dev/mapper/dmroot. Check your device.map
 
@@ -321,7 +321,7 @@ Install distribution kernel image, kernel headers and the grub.
 
 .. code:: console
 
-      sudo apt install linux-image-amd64 linux-headers-amd64 grub2 qubes-kernel-vm-support
+      $ sudo apt install linux-image-amd64 linux-headers-amd64 grub2 qubes-kernel-vm-support
 
 
 
@@ -329,7 +329,7 @@ If you are doing that on a qube based on “Debian Minimal” template, a grub g
 
 .. code:: console
 
-      sudo grub-install /dev/xvda
+      $ sudo grub-install /dev/xvda
 
 
 
@@ -339,7 +339,7 @@ You may want to adjust some settings in ``/etc/default/grub`` (or better ``/etc/
 
 Then shutdown the VM.
 
-Go to dom0 -> Qubes VM Manger -> right click on the VM -> Qube settings -> Advanced
+Go to dom0: :menuselection:`Qubes VM Manager --> right click on the VM --> Qube settings --> Advanced`
 
 Depends on ``Virtualization`` mode setting:
 
@@ -383,7 +383,7 @@ Run DKMS. Replace this with actual kernel version.
 
 .. code:: console
 
-      sudo dkms autoinstall -k <kernel-version>
+      $ sudo dkms autoinstall -k <kernel-version>
 
 
 For example.
@@ -392,7 +392,7 @@ For example.
 
 .. code:: console
 
-      sudo dkms autoinstall -k 4.19.0-6-amd64
+      $ sudo dkms autoinstall -k 4.19.0-6-amd64
 
 
 Update initramfs.
@@ -401,7 +401,7 @@ Update initramfs.
 
 .. code:: console
 
-      sudo update-initramfs -u
+      $ sudo update-initramfs -u
 
 
 The output should look like this:

user/advanced-topics/resize-disk-image.rst

@@ -6,10 +6,6 @@ Resize disk image
 
       This page is intended for advanced users.
 
-Resizing Disk Images
---------------------
-
-
 By default Qubes uses thin volumes for the disk images. This means that space is not actually allocated for the volume until it is used. So a 2GB private volume with 100M of files will only use 100M. This explains how you can have *many* qubes with large private volumes on quite a small disk. This is called over provisioning. You should keep an eye on the disk-space widget to see how much free space you actually have.
 
 It is easy to increase the size of disk images. There are risks attached to reducing the size of an image, and in general you should not need to do this.
@@ -42,7 +38,7 @@ Use either GUI tool Qube Settings (``qubes-vm-settings``) or the CLI tool ``qvm-
 
 .. code:: console
 
-      qvm-volume extend <vm_name>:root <size>
+      $ qvm-volume extend <vm_name>:root <size>
 
 
 
@@ -50,7 +46,7 @@ OR
 
 .. code:: console
 
-      qvm-volume extend <vm_name>:private <size>
+      $ qvm-volume extend <vm_name>:private <size>
 
 
 
@@ -92,10 +88,10 @@ FreeBSD
 
 .. code:: console
 
-      gpart recover ada0
-      sysctl kern.geom.debugflags=0x10
-      gpart resize -i index ada0
-      zpool online -e poolname ada0
+      $ gpart recover ada0
+      $ sysctl kern.geom.debugflags=0x10
+      $ gpart resize -i index ada0
+      $ zpool online -e poolname ada0
 
 
 
@@ -117,8 +113,8 @@ Or you can take the risk of reducing the size of the disk. For example, to reduc
 
 .. code:: console
 
-      qvm-shutdown qube1
-      sudo lvresize --size 1024M /dev/qubes_dom0/vm-qube1-private
+      $ qvm-shutdown qube1
+      $ sudo lvresize --size 1024M /dev/qubes_dom0/vm-qube1-private
 
 
 

user/advanced-topics/secondary-storage.rst

@@ -22,7 +22,7 @@ You can query qvm-pool to list available storage drivers:
 
 .. code:: console
 
-      qvm-pool --help-drivers
+      $ qvm-pool --help-drivers
 
 
 qvm-pool driver explanation:
@@ -50,18 +50,15 @@ First, collect some information in a dom0 terminal:
 
 .. code:: console
 
-      sudo pvs
-      sudo lvs
+      $ sudo pvs
+      $ sudo lvs
 
 
-Take note of the VG and thin pool names for your second drive., then register it with Qubes:
+Take note of the VG and thin pool names for your second drive, then register it with Qubes, where ``<pool_name>`` is a freely chosen pool name, ``<vg_name>`` is LVM volume group name and ``<thin_pool_name>`` is LVM thin pool name:
 
 .. code:: console
 
-      # <pool_name> is a freely chosen pool name
-      # <vg_name> is LVM volume group name
-      # <thin_pool_name> is LVM thin pool name
-      qvm-pool --add <pool_name> lvm_thin -o volume_group=<vg_name>,thin_pool=<thin_pool_name>,revisions_to_keep=2
+      $ qvm-pool --add <pool_name> lvm_thin -o volume_group=<vg_name>,thin_pool=<thin_pool_name>,revisions_to_keep=2
 
 
 
@@ -75,17 +72,15 @@ It is possible to use an existing Btrfs storage if it is configured. In dom0, av
 
 .. code:: console
 
-      mount -t btrfs
-      btrfs show filesystem
+      $ mount -t btrfs
+      $ btrfs show filesystem
 
 
-To register the storage to qubes:
+To register the storage to qubes use the following command where ``<pool_name>`` is a freely chosen pool name adn ``<dir_path>`` is the mounted path to the second btrfs storage:
 
 .. code:: console
 
-      # <pool_name> is a freely chosen pool name
-      # <dir_path> is the mounted path to the second btrfs storage
-      qvm-pool --add <pool_name> file-reflink -o dir_path=<dir_path>,revisions_to_keep=2
+      $ qvm-pool --add <pool_name> file-reflink -o dir_path=<dir_path>,revisions_to_keep=2
 
 
 Using the new pool
@@ -96,22 +91,22 @@ Now, you can create qubes in that pool:
 
 .. code:: console
 
-      qvm-create -P <pool_name> --label red <vmname>
+      $ qvm-create -P <pool_name> --label red <vmname>
 
 
 It isn’t possible to directly migrate an existing qube to the new pool, but you can clone it there, then remove the old one:
 
 .. code:: console
 
-      qvm-clone -P <pool_name> <sourceVMname> <cloneVMname>
-      qvm-remove <sourceVMname>
+      $ qvm-clone -P <pool_name> <sourceVMname> <cloneVMname>
+      $ qvm-remove <sourceVMname>
 
 
 If that was a template, or other qube referenced elsewhere (netVM or such), you will need to adjust those references manually after moving. For example:
 
 .. code:: console
 
-      qvm-prefs <appvmname_based_on_old_template> template <new_template_name>
+      $ qvm-prefs <appvmname_based_on_old_template> template <new_template_name>
 
 
 Example setup of second drive.
@@ -122,8 +117,8 @@ Assuming the secondary hard disk is at /dev/sdb , you can encrypt the drive as f
 
 .. code:: console
 
-      sudo cryptsetup luksFormat --sector-size=512 /dev/sdb
-      sudo blkid /dev/sdb
+      $ sudo cryptsetup luksFormat --sector-size=512 /dev/sdb
+      $ sudo blkid /dev/sdb
 
 
 
@@ -146,28 +141,28 @@ First create the physical volume:
 
 .. code:: console
 
-      sudo pvcreate /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
+      $ sudo pvcreate /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
 
 
 Then create the LVM volume group, we will use for example “qubes” as the :
 
 .. code:: console
 
-      sudo vgcreate qubes /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
+      $ sudo vgcreate qubes /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
 
 
 And then use “poolhd0” as the (LVM thin pool name):
 
 .. code:: console
 
-      sudo lvcreate -T -n poolhd0 -l +100%FREE qubes
+      $ sudo lvcreate -T -n poolhd0 -l +100%FREE qubes
 
 
 Finally we will tell Qubes to add a new pool on the just created thin pool:
 
 .. code:: console
 
-      qvm-pool --add poolhd0_qubes lvm_thin -o volume_group=qubes,thin_pool=poolhd0,revisions_to_keep=2
+      $ qvm-pool --add poolhd0_qubes lvm_thin -o volume_group=qubes,thin_pool=poolhd0,revisions_to_keep=2
 
 
 For Btrfs
@@ -179,22 +174,22 @@ First create the physical volume:
 .. code:: console
 
       # <label> Btrfs Label
-      sudo mkfs.btrfs -L <label> /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
+      $ sudo mkfs.btrfs -L <label> /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
 
 
 Then mount the new Btrfs to a temporary path:
 
 .. code:: console
 
-      sudo mkdir -p /mnt/new_qube_storage
-      sudo mount /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde /mnt/new_qube_storage
+      $ sudo mkdir -p /mnt/new_qube_storage
+      $ sudo mount /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde /mnt/new_qube_storage
 
 
 Create a subvolume to hold the data:
 
 .. code:: console
 
-      sudo btrfs subvolume create /mnt/new_qube_storage/qubes
+      $ sudo btrfs subvolume create /mnt/new_qube_storage/qubes
 
 
 
@@ -202,31 +197,29 @@ Unmount the temporary Btrfs filesystem:
 
 .. code:: console
 
-      sudo umount /mnt/new_qube_storage
-      rmdir /mnt/new_qube_storage
+      $ sudo umount /mnt/new_qube_storage
+      $ rmdir /mnt/new_qube_storage
 
 
-Mount the subvolume with compression enabled if desired:
+Mount the subvolume with compression enabled if desired, where ``<compression>`` can take the values ``zlib|lzo|zstd``. ``<subvol>`` is a btrfs subvolume "qubes" in this example.
 
 .. code:: console
 
-      # <compression> zlib|lzo|zstd
-      # <subvol> btrfs subvolume "qubes" in this example
-      sudo mount /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde /var/lib/qubes_newpool -o compress=<compression>,subvol=qubes
+      $ sudo mount /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde /var/lib/qubes_newpool -o compress=<compression>,subvol=qubes
 
 
 Finally we will tell Qubes to add a new pool on the just created Btrfs subvolume:
 
 .. code:: console
 
-      qvm-pool --add poolhd0_qubes file-reflink -o dir_path=/var/lib/qubes_newpool,revisions_to_keep=2
+      $ qvm-pool --add poolhd0_qubes file-reflink -o dir_path=/var/lib/qubes_newpool,revisions_to_keep=2
 
 
 By default VMs will be created on the main Qubes disk (i.e. a small SSD), to create them on this secondary drive do the following on a dom0 terminal:
 
 .. code:: console
 
-      qvm-create -P poolhd0_qubes --label red unstrusted-hdd
+      $ qvm-create -P poolhd0_qubes --label red unstrusted-hdd
 
 
 Verify that corresponding lines were added to /etc/fstab and /etc/cryptab to enable auto mounting of the new pool.

user/advanced-topics/standalones-and-hvms.rst

@@ -6,7 +6,7 @@ Standalones and HVMs
 
       This page is intended for advanced users.
 
-A :ref:`standalone <user/reference/glossary:standalone>` is a type of qube that is created by cloning a :ref:`template <user/reference/glossary:template>`. Unlike templates, however, standalones do not supply their root filesystems to other qubes. Examples of situations in which standalones can be useful include:
+A :term:`standalone` is a type of qube that is created by cloning a :term:`template`. Unlike templates, however, standalones do not supply their root filesystems to other qubes. Examples of situations in which standalones can be useful include:
 
 - Qubes used for development (dev environments often require a lot of specific packages and tools)
 
@@ -14,7 +14,7 @@ A :ref:`standalone <user/reference/glossary:standalone>` is a type of qube that
 
 
 
-Meanwhile, a :ref:`Hardware-assisted Virtual Machine (HVM) <user/reference/glossary:hvm>`, also known as a “Fully-Virtualized Virtual Machine,” utilizes the virtualization extensions of the host CPU. These are typically contrasted with Paravirtualized (PV) VMs.
+Meanwhile, a :term:`Hardware-assisted Virtual Machine (HVM)  <hvm>`, also known as a “Fully-Virtualized Virtual Machine,” utilizes the virtualization extensions of the host CPU. These are typically contrasted with Paravirtualized (PV) VMs.
 
 HVMs allow you to create qubes based on any OS for which you have an installation ISO, so you can easily have qubes running Windows, ``*BSD``, or any Linux distribution. You can also use HVMs to run “live” distros.
 
@@ -46,7 +46,7 @@ Alternatively, to create an empty standalone from the dom0 command line:
 
 .. code:: console
 
-      qvm-create --class StandaloneVM --label <YOUR_COLOR> --property virt_mode=hvm <NEW_STANDALONE_NAME>
+      $ qvm-create --class StandaloneVM --label <YOUR_COLOR> --property virt_mode=hvm <NEW_STANDALONE_NAME>
 
 
 
@@ -54,7 +54,7 @@ Or to create a standalone copied from a template:
 
 .. code:: console
 
-      qvm-create --class StandaloneVM --label <YOUR_COLOR> --property virt_mode=hvm --template <TEMPLATE_QUBE_NAME> <NEW_STANDALONE_NAME>
+      $ qvm-create --class StandaloneVM --label <YOUR_COLOR> --property virt_mode=hvm --template <TEMPLATE_QUBE_NAME> <NEW_STANDALONE_NAME>
 
 
 
@@ -86,11 +86,11 @@ Command line
 ^^^^^^^^^^^^
 
 
-Qubes are template-based (i.e., :ref:`app qubes <user/reference/glossary:app qube>` by default, so you must set the ``--class StandaloneVM`` option to create a standalone. The name and label color used below are for illustration purposes.
+Qubes are template-based (i.e., :term:`app qubes  <app qube>` by default, so you must set the ``--class StandaloneVM`` option to create a standalone. The name and label color used below are for illustration purposes.
 
 .. code:: console
 
-      qvm-create my-new-vm --class StandaloneVM --property virt_mode=hvm --property kernel='' --label=green
+      $ qvm-create my-new-vm --class StandaloneVM --property virt_mode=hvm --property kernel='' --label=green
 
 
 
@@ -114,7 +114,7 @@ You will have to boot the qube with the installation media “attached” to it.
 
    .. code:: console
 
-         qvm-start <YOUR_HVM> --cdrom=/dev/cdrom
+         $ qvm-start <YOUR_HVM> --cdrom=/dev/cdrom
 
 
 
@@ -122,7 +122,7 @@ You will have to boot the qube with the installation media “attached” to it.
 
    .. code:: console
 
-         qvm-start <YOUR_HVM> --cdrom=dom0:/usr/local/iso/<YOUR_INSTALLER.ISO>
+         $ qvm-start <YOUR_HVM> --cdrom=dom0:/usr/local/iso/<YOUR_INSTALLER.ISO>
 
 
 
@@ -130,7 +130,7 @@ You will have to boot the qube with the installation media “attached” to it.
 
    .. code:: console
 
-         qvm-start <YOUR_HVM> --cdrom=<YOUR_OTHER_QUBE>:/home/user/<YOUR_INSTALLER.ISO>
+         $ qvm-start <YOUR_HVM> --cdrom=<YOUR_OTHER_QUBE>:/home/user/<YOUR_INSTALLER.ISO>
 
 
 
@@ -148,7 +148,7 @@ Just like standard app qubes, an HVM gets a fixed IP addresses centrally assigne
 
 A generic HVM such as a standard Windows or Ubuntu installation, however, has no Qubes agent scripts running inside it initially and thus requires manual configuration of networking so that it matches the values assigned by Qubes.
 
-Even though we do have a small DHCP server that runs inside the HVM’s untrusted stub domain to make the manual network configuration unnecessary for many qubes, this won’t work for most modern Linux distributions, which contain Xen networking PV drivers (but not Qubes tools), which bypass the stub-domain networking. (Their net frontends connect directly to the net backend in the :ref:`net qube <user/reference/glossary:net qube>`.) In this instance, our DHCP server is not useful.
+Even though we do have a small DHCP server that runs inside the HVM’s untrusted stub domain to make the manual network configuration unnecessary for many qubes, this won’t work for most modern Linux distributions, which contain Xen networking PV drivers (but not Qubes tools), which bypass the stub-domain networking. (Their net frontends connect directly to the net backend in the :term:`net qube  <net qube>`.) In this instance, our DHCP server is not useful.
 
 In order to manually configure networking in a qube, one should first find out the IP/netmask/gateway assigned to the particular qube by Qubes. This can be seen, e.g., in the Qube Manager in the qube’s properties:
 
@@ -201,7 +201,7 @@ In order to create an HVM template, you use the following command, suitably adap
 
 .. code:: console
 
-      qvm-create --class TemplateVM <YOUR_HVM_TEMPLATE_NAME> --property virt_mode=HVM --property kernel=''  -l <YOUR_COLOR>
+      $ qvm-create --class TemplateVM <YOUR_HVM_TEMPLATE_NAME> --property virt_mode=HVM --property kernel=''  -l <YOUR_COLOR>
 
 
 
@@ -377,7 +377,7 @@ In a Debian app qube, install ``qemu-utils`` and ``unzip``:
 
 .. code:: console
 
-      sudo apt install qemu-utils unzip
+      $ sudo apt install qemu-utils unzip
 
 
 
@@ -385,7 +385,7 @@ In a Fedora app qube:
 
 .. code:: console
 
-      sudo dnf install qemu-img
+      $ sudo dnf install qemu-img
 
 
 
@@ -393,7 +393,7 @@ Unzip VirtualBox zip file:
 
 .. code:: console
 
-      unzip *.zip
+      $ unzip *.zip
 
 
 
@@ -401,7 +401,7 @@ Extract OVA tar archive:
 
 .. code:: console
 
-      tar -xvf *.ova
+      $ tar -xvf *.ova
 
 
 
@@ -409,7 +409,7 @@ Convert vmdk to raw:
 
 .. code:: console
 
-      qemu-img convert -O raw *.vmdk win10.raw
+      $ qemu-img convert -O raw *.vmdk win10.raw
 
 
 
@@ -417,7 +417,7 @@ Copy the root image file from the originating qube (here called ``untrusted``) t
 
 .. code:: console
 
-      qvm-run --pass-io untrusted 'cat "/media/user/externalhd/win10.raw"' > /home/user/win10-root.img
+      $ qvm-run --pass-io untrusted 'cat "/media/user/externalhd/win10.raw"' > /home/user/win10-root.img
 
 
 
@@ -425,7 +425,7 @@ From within dom0, create a new HVM (here called ``win10``) with the root image w
 
 .. code:: console
 
-      qvm-create --property=virt_mode=hvm --property=memory=4096 --property=kernel='' --label red --standalone --root-move-from /home/user/win10-root.img win10
+      $ qvm-create --property=virt_mode=hvm --property=memory=4096 --property=kernel='' --label red --standalone --root-move-from /home/user/win10-root.img win10
 
 
 
@@ -433,7 +433,7 @@ Start ``win10``:
 
 .. code:: console
 
-      qvm-start win10
+      $ qvm-start win10
 
 
 
@@ -445,7 +445,7 @@ Filetype of OVA file:
 
 .. code:: console
 
-      file *.ova
+      $ file *.ova
 
 
 
@@ -453,7 +453,7 @@ List files of OVA tar archive:
 
 .. code:: console
 
-      tar -tf *.ova
+      $ tar -tf *.ova
 
 
 
@@ -461,7 +461,7 @@ List filetypes supported by qemu-img:
 
 .. code:: console
 
-      qemu-img -h | tail -n1
+      $ qemu-img -h | tail -n1
 
 
 

user/advanced-topics/usb-qubes.rst

@@ -30,7 +30,7 @@ First, make sure you have the latest ``qubes-mgmt-salt-dom0-virtual-machines`` p
 
 .. code:: console
 
-      sudo qubesctl state.sls qvm.usb-keyboard
+      $ sudo qubesctl state.sls qvm.usb-keyboard
 
 
 
@@ -148,7 +148,7 @@ You can create a USB qube using the management stack by executing the following
 
 .. code:: console
 
-      sudo qubesctl state.sls qvm.sys-usb
+      $ sudo qubesctl state.sls qvm.sys-usb
 
 
 

user/advanced-topics/volume-backup-revert.rst

@@ -14,7 +14,7 @@ For the private volume associated with a VM named *vmname*, you may inspect the
 
 .. code:: console
 
-      qvm-volume info vmname:private
+      $ qvm-volume info vmname:private
 
 
 
@@ -22,7 +22,7 @@ The output of the above command will also display the “Available revisions (fo
 
 .. code:: console
 
-      qvm-volume config vmname:private revisions_to_keep 2
+      $ qvm-volume config vmname:private revisions_to_keep 2
 
 
 
@@ -30,6 +30,6 @@ With the VM stopped, you may revert to an older snapshot of the private volume f
 
 .. code:: console
 
-      qvm-volume revert vmname:private <revision>
+      $ qvm-volume revert vmname:private <revision>
 
 

user/downloading-installing-upgrading/download-mirrors.rst

@@ -1,3 +1,5 @@
+:orphan:
+
 ================
 Download mirrors
 ================

user/downloading-installing-upgrading/installation-guide-4.1.rst

@@ -1,3 +1,5 @@
+:orphan:
+
 ============================
 Qubes 4.1 Installation guide
 ============================
@@ -343,7 +345,7 @@ Getting help
 ------------
 
 
-- We work very hard to make the :doc:`documentation </index>` accurate, comprehensive useful and user friendly. We urge you to read it! It may very well contain the answers to your questions. (Since the documentation is a community effort, we’d also greatly appreciate your help in `improving <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>`__ it!)
+- We work very hard to make the :doc:`documentation </index>` accurate, comprehensive useful and user friendly. We urge you to read it! It may very well contain the answers to your questions. (Since the documentation is a community effort, we’d also greatly appreciate your help in :doc:`improving </developer/general/how-to-edit-the-documentation>` it!)
 
 - If issues arise during installation, see the :doc:`Installation Troubleshooting </user/troubleshooting/installation-troubleshooting>` guide.
 

user/downloading-installing-upgrading/installation-guide.rst

@@ -219,11 +219,10 @@ The new user you create has full administrator privileges and is protected by a
 
 |Account name and password creation window.|
 
-.. _installation-1:
 
 
-Installation
-^^^^^^^^^^^^
+Begin Installation
+^^^^^^^^^^^^^^^^^^
 
 
 
@@ -262,7 +261,7 @@ Let’s briefly go over the options:
 
 - **Templates Configuration:** Here you can decide which :doc:`templates </user/templates/templates>` you want to have installed, and which will be the default template.
 
-- **Create default system qubes:** These are the core components of the system, required for things like internet access. You can opt to have some created as :ref:`disposables <user/reference/glossary:disposable>`.
+- **Create default system qubes:** These are the core components of the system, required for things like internet access. You can opt to have some created as :term:`disposables <disposable>`.
 
 - **Create default application qubes:** These are how you compartmentalize your digital life. There’s nothing special about the ones the installer creates. They’re just suggestions that apply to most people. If you decide you don’t want them, you can always delete them later, and you can always create your own.
 
@@ -334,7 +333,7 @@ Getting help
 ------------
 
 
-- We work very hard to make the :doc:`documentation </index>` accurate, comprehensive useful and user friendly. We urge you to read it! It may very well contain the answers to your questions. (Since the documentation is a community effort, we’d also greatly appreciate your help in `improving <https://www.qubes-os.org/doc/how-to-edit-the-documentation/>`__ it!)
+- We work very hard to make the :doc:`documentation </index>` accurate, comprehensive useful and user friendly. We urge you to read it! It may very well contain the answers to your questions. (Since the documentation is a community effort, we’d also greatly appreciate your help in :doc:`improving </developer/general/how-to-edit-the-documentation>` it!)
 
 - If issues arise during installation, see the :doc:`Installation Troubleshooting </user/troubleshooting/installation-troubleshooting>` guide.
 

user/downloading-installing-upgrading/supported-releases.rst

@@ -55,7 +55,7 @@ Qubes OS releases are supported for **six months** after each subsequent major o
    * - Release 4.3
      - TBD
      - TBD
-     - In development
+     - In testing
    
 
 
@@ -94,6 +94,8 @@ The table below shows the OS used for dom0 in each Qubes OS release.
      - Fedora 32
    * - Release 4.2
      - Fedora 37
+   * - Release 4.3
+     - Fedora 41
    
 
 
@@ -120,8 +122,11 @@ It is the responsibility of each distribution to clearly notify its users in adv
      - Fedora
      - Debian
    * - Release 4.2
-     - 41
+     - 41, 42
      - 12
+   * - Release 4.3
+     - 41, 42
+     - 12, 13
    
 
 

user/downloading-installing-upgrading/testing.rst

@@ -64,8 +64,8 @@ To temporarily enable any of these repos, use the ``--enablerepo=<repo-name>`` o
 
 .. code:: console
 
-      qvm-template --enablerepo=qubes-templates-itl-testing list --available
-      qvm-template --enablerepo=qubes-templates-itl-testing install <template_name>
+      $ qvm-template --enablerepo=qubes-templates-itl-testing list --available
+      $ qvm-template --enablerepo=qubes-templates-itl-testing install <template_name>
 
 
 

user/downloading-installing-upgrading/upgrade/2.rst

@@ -33,7 +33,7 @@ Note that dom0 in R2 is based on Fedora 20, in contrast to Fedora 18 in previous
 
    .. code:: console
 
-         sudo qubes-dom0-update
+         $ sudo qubes-dom0-update
 
 
 
@@ -51,8 +51,8 @@ After this step you should have ``qubes-release-2-5`` in your Dom0. Important: i
 
 .. code:: console
 
-      sudo qubes-dom0-update qubes-dom0-dist-upgrade
-      sudo qubes-dom0-update
+      $ sudo qubes-dom0-update qubes-dom0-dist-upgrade
+      $ sudo qubes-dom0-update
 
 
 
@@ -66,7 +66,7 @@ After this step you should have ``qubes-release-2-5`` in your Dom0. Important: i
 
 .. code:: console
 
-      sudo qubes-dom0-update qubes-template-fedora-20-x64
+      $ sudo qubes-dom0-update qubes-template-fedora-20-x64
 
 
 

user/downloading-installing-upgrading/upgrade/2b1.rst

@@ -21,7 +21,7 @@ By default, in Qubes R1, there is only one template, however users are free to c
 
    .. code:: console
 
-         sudo yum install qubes-upgrade-vm
+         $ sudo yum install qubes-upgrade-vm
 
 
 
@@ -29,7 +29,7 @@ By default, in Qubes R1, there is only one template, however users are free to c
 
    .. code:: console
 
-         sudo yum update
+         $ sudo yum update
 
 
    The installer (yum) will prompt to accept the new Qubes R2 signing key:
@@ -72,7 +72,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update qubes-release
+         $ sudo qubes-dom0-update qubes-release
 
 
    This should install ``qubes-release-1-6`` in your Dom0.
@@ -81,7 +81,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update --releasever=2
+         $ sudo qubes-dom0-update --releasever=2
 
 
 

user/downloading-installing-upgrading/upgrade/2b2.rst

@@ -19,7 +19,7 @@ By default, in Qubes R1, there is only one template, however users are free to c
 
    .. code:: console
 
-         sudo yum install qubes-upgrade-vm
+         $ sudo yum install qubes-upgrade-vm
 
 
 
@@ -27,7 +27,7 @@ By default, in Qubes R1, there is only one template, however users are free to c
 
    .. code:: console
 
-         sudo yum update
+         $ sudo yum update
 
 
    The installer (yum) will prompt to accept the new Qubes R2 signing key:
@@ -88,7 +88,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update qubes-release
+         $ sudo qubes-dom0-update qubes-release
 
 
    This should install ``qubes-release-1-6`` in your Dom0.
@@ -97,7 +97,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update --releasever=1 qubes-dist-upgrade
+         $ sudo qubes-dom0-update --releasever=1 qubes-dist-upgrade
 
 
 
@@ -105,7 +105,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dist-upgrade
+         $ sudo qubes-dist-upgrade
 
 
 
@@ -117,7 +117,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dist-upgrade
+         $ sudo qubes-dist-upgrade
 
 
    again. This will start second stage of upgrade, here most packages will be upgraded, so this will take a while.

user/downloading-installing-upgrading/upgrade/2b3.rst

@@ -23,7 +23,7 @@ It is critical to complete this step **before** proceeding to dom0 upgrade. Othe
 
    .. code:: console
 
-         sudo yum update
+         $ sudo yum update
 
 
 
@@ -31,7 +31,7 @@ It is critical to complete this step **before** proceeding to dom0 upgrade. Othe
 
    .. code:: console
 
-         rpm -q qubes-core-vm
+         $ rpm -q qubes-core-vm
 
 
 
@@ -39,7 +39,7 @@ It is critical to complete this step **before** proceeding to dom0 upgrade. Othe
 
    .. code:: console
 
-         sudo yum --enablerepo=qubes-vm-r2b3-current update
+         $ sudo yum --enablerepo=qubes-vm-r2b3-current update
 
 
 
@@ -59,7 +59,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update qubes-release
+         $ sudo qubes-dom0-update qubes-release
 
 
    This should install ``qubes-release-2-3.1`` in your Dom0.
@@ -68,7 +68,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update --enablerepo=qubes-dom0-r2b3-current
+         $ sudo qubes-dom0-update --enablerepo=qubes-dom0-r2b3-current
 
 
 
@@ -78,7 +78,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         qvm-shutdown --all --wait
+         $ qvm-shutdown --all --wait
 
 
 

user/downloading-installing-upgrading/upgrade/3_0.rst

@@ -29,7 +29,7 @@ Upgrade Fedora template:
 
    .. code:: console
 
-         sudo yum install qubes-upgrade-vm
+         $ sudo yum install qubes-upgrade-vm
 
 
 
@@ -37,7 +37,7 @@ Upgrade Fedora template:
 
    .. code:: console
 
-         sudo yum update
+         $ sudo yum update
 
 
    You’ll need to accept “Qubes Release 3 Signing Key” - it is delivered by signed qubes-upgrade-vm package (verify that the message is about local file), so you don’t need to manually verify it.
@@ -56,9 +56,8 @@ Upgrade Debian template:
 
    .. code:: console
 
-         sudo cp /etc/apt/sources.list.d/qubes-r2.list
-         /etc/apt/sources.list.d/qubes-r3-upgrade.list
-         sudo sed -i 's/r2/r3.0/' /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo cp /etc/apt/sources.list.d/qubes-r2.list /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo sed -i 's/r2/r3.0/' /etc/apt/sources.list.d/qubes-r3-upgrade.list
 
 
 
@@ -66,8 +65,8 @@ Upgrade Debian template:
 
    .. code:: console
 
-         sudo apt-get update
-         sudo apt-get dist-upgrade
+         $ sudo apt-get update
+         $ sudo apt-get dist-upgrade
 
 
    There will be some error messages during the process, but our tests does not revealed any negative consequences. Update of ``qubesdb-vm`` package will restart the service, which will fail (after 3min timeout), but you can ignore this problem for now. After completing the whole upgrade the service will be properly restarted.
@@ -88,7 +87,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update qubes-release
+         $ sudo qubes-dom0-update qubes-release
 
 
    This should install ``qubes-release-2-12`` in your Dom0.
@@ -97,7 +96,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo qubes-dom0-update --releasever=3.0
+         $ sudo qubes-dom0-update --releasever=3.0
 
 
    After this step, until you reboot the system, most of the qvm-* tools will not work.
@@ -108,7 +107,7 @@ Be sure to do steps described in this section after *all* your template and stan
 
    .. code:: console
 
-         sudo systemctl enable xenconsoled.service xenstored.service
+         $ sudo systemctl enable xenconsoled.service xenstored.service
 
 
 
@@ -126,7 +125,7 @@ Now, when you have dom0 upgraded, you can install new templates from Qubes R3.0
 
 .. code:: console
 
-      sudo qubes-dom0-update qubes-template-fedora-21
+      $ sudo qubes-dom0-update qubes-template-fedora-21
 
 
 
@@ -186,10 +185,10 @@ Because of above limitations, you will need to configure some of those manually.
 
    .. code:: console
 
-         ip addr add 10.137.1.53/32 dev eth0
-         ip route add 10.137.1.1/32 dev eth0
-         ip route add via 10.137.1.1
-         echo nameserver 10.137.1.1 > /etc/resolv.conf
+         $ ip addr add 10.137.1.53/32 dev eth0
+         $ ip route add 10.137.1.1/32 dev eth0
+         $ ip route add via 10.137.1.1
+         $ echo nameserver 10.137.1.1 > /etc/resolv.conf
 
 
 

user/downloading-installing-upgrading/upgrade/3_1.rst

@@ -23,7 +23,7 @@ Upgrade Fedora templates:
 
    .. code:: console
 
-         sudo yum install qubes-upgrade-vm
+         $ sudo yum install qubes-upgrade-vm
 
 
 
@@ -31,7 +31,7 @@ Upgrade Fedora templates:
 
    .. code:: console
 
-         sudo yum upgrade
+         $ sudo yum upgrade
 
 
 
@@ -49,8 +49,8 @@ Upgrade Debian (and Whonix) templates:
 
    .. code:: console
 
-         sudo cp /etc/apt/sources.list.d/qubes-r3.list /etc/apt/sources.list.d/qubes-r3-upgrade.list
-         sudo sed -i 's/r3.0/r3.1/' /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo cp /etc/apt/sources.list.d/qubes-r3.list /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo sed -i 's/r3.0/r3.1/' /etc/apt/sources.list.d/qubes-r3-upgrade.list
 
 
 
@@ -58,8 +58,8 @@ Upgrade Debian (and Whonix) templates:
 
    .. code:: console
 
-         sudo apt-get update
-         sudo apt-get dist-upgrade
+         $ sudo apt-get update
+         $ sudo apt-get dist-upgrade
 
 
 
@@ -67,7 +67,7 @@ Upgrade Debian (and Whonix) templates:
 
    .. code:: console
 
-         sudo rm -f /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo rm -f /etc/apt/sources.list.d/qubes-r3-upgrade.list
 
 
 
@@ -87,7 +87,7 @@ Upgrading dom0
 
    .. code:: console
 
-         sudo qubes-dom0-update --releasever=3.1
+         $ sudo qubes-dom0-update --releasever=3.1
 
 
    At this point, most of the ``qvm-*`` tools will stop working until after you reboot the system.
@@ -110,6 +110,6 @@ Once you have upgraded dom0, you can install new templates from Qubes R3.1 repos
 
 .. code:: console
 
-      sudo qubes-dom0-update qubes-template-fedora-23
+      $ sudo qubes-dom0-update qubes-template-fedora-23
 
 

user/downloading-installing-upgrading/upgrade/3_2.rst

@@ -19,7 +19,7 @@ Upgrading dom0
 
    .. code:: console
 
-         sudo qubes-dom0-update --releasever=3.2 qubes-release
+         $ sudo qubes-dom0-update --releasever=3.2 qubes-release
 
 
 
@@ -31,7 +31,7 @@ Upgrading dom0
 
    .. code:: console
 
-         sudo qubes-dom0-update systemd-compat-libs perl-libwww-perl perl-Term-ANSIColor perl-Term-Cap gdk-pixbuf2-xlib speexdsp qubes-mgmt-salt-admin-tools lvm2
+         $ sudo qubes-dom0-update systemd-compat-libs perl-libwww-perl perl-Term-ANSIColor perl-Term-Cap gdk-pixbuf2-xlib speexdsp qubes-mgmt-salt-admin-tools lvm2
          (...)
          Transaction Summary
          ===============================================================
@@ -50,7 +50,7 @@ Upgrading dom0
 
    .. code:: console
 
-         sudo qubes-dom0-update
+         $ sudo qubes-dom0-update
 
 
 
@@ -78,13 +78,13 @@ Upgrading dom0
 
    .. code:: console
 
-         rm -f /etc/group.rpmnew
-         rm -f /etc/shadow.rpmnew
-         rm -f /etc/qubes/guid.conf.rpmnew
-         mv -f /etc/nsswitch.conf{.rpmnew,}
-         mv -f /etc/pam.d/postlogin{.rpmnew,}
-         mv -f /etc/salt/minion.d/f_defaults.conf{.rpmnew,}
-         mv -f /etc/dracut.conf{.rpmnew,}
+         $ rm -f /etc/group.rpmnew
+         $ rm -f /etc/shadow.rpmnew
+         $ rm -f /etc/qubes/guid.conf.rpmnew
+         $ mv -f /etc/nsswitch.conf{.rpmnew,}
+         $ mv -f /etc/pam.d/postlogin{.rpmnew,}
+         $ mv -f /etc/salt/minion.d/f_defaults.conf{.rpmnew,}
+         $ mv -f /etc/dracut.conf{.rpmnew,}
 
 
 
@@ -118,7 +118,7 @@ Upgrade Fedora templates:
 
    .. code:: console
 
-         sudo dnf install --refresh qubes-upgrade-vm
+         $ sudo dnf install --refresh qubes-upgrade-vm
 
 
 
@@ -126,7 +126,7 @@ Upgrade Fedora templates:
 
    .. code:: console
 
-         sudo dnf upgrade --refresh
+         $ sudo dnf upgrade --refresh
 
 
 
@@ -134,7 +134,7 @@ Upgrade Fedora templates:
 
    .. code:: console
 
-         sudo dnf install qubes-mgmt-salt-vm-connector
+         $ sudo dnf install qubes-mgmt-salt-vm-connector
 
 
 
@@ -152,8 +152,8 @@ Upgrade Debian (and Whonix) templates:
 
    .. code:: console
 
-         sudo cp /etc/apt/sources.list.d/qubes-r3.list /etc/apt/sources.list.d/qubes-r3-upgrade.list
-         sudo sed -i 's/r3.1/r3.2/' /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo cp /etc/apt/sources.list.d/qubes-r3.list /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo sed -i 's/r3.1/r3.2/' /etc/apt/sources.list.d/qubes-r3-upgrade.list
 
 
 
@@ -161,8 +161,8 @@ Upgrade Debian (and Whonix) templates:
 
    .. code:: console
 
-         sudo apt-get update
-         sudo apt-get dist-upgrade
+         $ sudo apt-get update
+         $ sudo apt-get dist-upgrade
 
 
 
@@ -170,7 +170,7 @@ Upgrade Debian (and Whonix) templates:
 
    .. code:: console
 
-         sudo apt-get install qubes-mgmt-salt-vm-connector
+         $ sudo apt-get install qubes-mgmt-salt-vm-connector
 
 
 
@@ -178,7 +178,7 @@ Upgrade Debian (and Whonix) templates:
 
    .. code:: console
 
-         sudo rm -f /etc/apt/sources.list.d/qubes-r3-upgrade.list
+         $ sudo rm -f /etc/apt/sources.list.d/qubes-r3-upgrade.list
 
 
 

user/downloading-installing-upgrading/upgrade/4_0.rst

@@ -65,7 +65,7 @@ Restore from your backup
 
    .. code:: console
 
-         sudo qubes-dom0-update
+         $ sudo qubes-dom0-update
 
 
 
@@ -73,7 +73,7 @@ Restore from your backup
 
 4. Go to **Qubes menu -> System Tools -> Qubes Manager** to start it.
 
-5. Follow the **Restoring from a Backup** section in the :doc:`Backup, Restoration, and Migration </user/how-to-guides/how-to-back-up-restore-and-migrate>` guide. We recommend that you restore only your :ref:`app qubes <user/reference/glossary:app qube>` and :ref:`standalones <user/reference/glossary:standalone>` from R3.2. Using :doc:`templates </user/templates/templates>` and :ref:`service qubes <user/reference/glossary:service qube>` from R3.2 is not fully supported (see `#3514 <https://github.com/QubesOS/qubes-issues/issues/3514>`__). Instead, we recommend using the templates that were created specifically for R4.0, which you can :doc:`customize </user/how-to-guides/how-to-install-software>` according to your needs. For the template OS versions supported in R4.0, see :ref:`supported releases <user/downloading-installing-upgrading/supported-releases:templates>`. If the restore tool complains about missing templates, you can select the option to restore the app qubes anyway, then change them afterward to use one of the default R4.0 templates.
+5. Follow the **Restoring from a Backup** section in the :doc:`Backup, Restoration, and Migration </user/how-to-guides/how-to-back-up-restore-and-migrate>` guide. We recommend that you restore only your :term:`app qubes <app qube>` and :term:`standalones <standalone>` from R3.2. Using :doc:`templates </user/templates/templates>` and :term:`service qubes <service qube>` from R3.2 is not fully supported (see `#3514 <https://github.com/QubesOS/qubes-issues/issues/3514>`__). Instead, we recommend using the templates that were created specifically for R4.0, which you can :doc:`customize </user/how-to-guides/how-to-install-software>` according to your needs. For the template OS versions supported in R4.0, see :ref:`supported releases <user/downloading-installing-upgrading/supported-releases:templates>`. If the restore tool complains about missing templates, you can select the option to restore the app qubes anyway, then change them afterward to use one of the default R4.0 templates.
 
 
 

user/downloading-installing-upgrading/upgrade/4_1.rst

@@ -39,7 +39,7 @@ In place upgrade is a complex operation. For this reason, we provide a ``qubes-d
 
 .. code:: console
 
-      sudo qubes-dom0-update -y qubes-dist-upgrade
+      $ sudo qubes-dom0-update -y qubes-dist-upgrade
 
 
 
@@ -84,7 +84,7 @@ After installing the tool, upgrade can be performed all at once with:
 
 .. code:: console
 
-      sudo qubes-dist-upgrade --all
+      $ sudo qubes-dist-upgrade --all
 
 
 
@@ -96,7 +96,7 @@ After completing “STAGE 0” through “STAGE 5”, restart the system. Then p
 
 .. code:: console
 
-      sudo qubes-dist-upgrade --resync-appmenus-features
+      $ sudo qubes-dist-upgrade --resync-appmenus-features
 
 
 

user/downloading-installing-upgrading/upgrade/4_2.rst

@@ -23,7 +23,7 @@ If you would prefer to perform a clean installation rather than upgrading in-pla
 
    .. code:: console
 
-         sudo qubes-dom0-update -y qubes-dist-upgrade
+         $ sudo qubes-dom0-update -y qubes-dist-upgrade
 
 
 
@@ -58,7 +58,7 @@ In place upgrade is a complex operation. For this reason, we provide a ``qubes-d
 
 .. code:: console
 
-      sudo qubes-dom0-update -y qubes-dist-upgrade
+      $ sudo qubes-dom0-update -y qubes-dist-upgrade
 
 
 
@@ -104,7 +104,7 @@ After installing the tool, before-reboot stages can be performed at once with:
 
 .. code:: console
 
-      sudo qubes-dist-upgrade --all-pre-reboot
+      $ sudo qubes-dist-upgrade --all-pre-reboot
 
 
 
@@ -116,7 +116,7 @@ After completing “STAGE 1” through “STAGE 3”, restart the system. Then p
 
 .. code:: console
 
-      sudo qubes-dist-upgrade --all-post-reboot
+      $ sudo qubes-dist-upgrade --all-post-reboot
 
 
 

user/downloading-installing-upgrading/upgrade/4_3.rst

@@ -0,0 +1,143 @@
+===========================
+How to upgrade to Qubes 4.3
+===========================
+
+
+This page explains how to upgrade from Qubes 4.2 to Qubes 4.3. There are two ways to upgrade: a clean installation or an in-place upgrade. In general, a clean installation is simpler and less error-prone, but an in-place upgrade allows you to preserve your customizations.
+
+Back up
+-------
+
+
+Before attempting either an in-place upgrade or a clean installation, we strongly recommend that you first :doc:`back up your system </user/how-to-guides/how-to-back-up-restore-and-migrate>` so that you don’t lose any data.
+
+Clean installation
+------------------
+
+
+If you would prefer to perform a clean installation rather than upgrading in-place:
+
+1. (optional) Run the updater to ensure all of your qubes are in their latest version.
+
+2. Create a :ref:`backup <user/how-to-guides/how-to-back-up-restore-and-migrate:creating a backup>` of your current installation.
+
+3. `Download <https://www.qubes-os.org/downloads/>`__ the latest 4.3 release.
+
+4. Follow the :doc:`installation guide </user/downloading-installing-upgrading/installation-guide>` to install Qubes 4.3.
+
+5. :ref:`Restore from your backup <user/how-to-guides/how-to-back-up-restore-and-migrate:restoring from a backup>` on your new 4.3 installation.
+
+6. Install the ``qubes-dist-upgrade`` tool. This is the inplace upgrade tool, which is not what we’re doing. However it will be needed in order to upgrade the templates to the 4.3 version. You install it with the following command in the dom0 terminal:
+
+   .. code:: console
+
+         $ sudo qubes-dom0-update -y qubes-dist-upgrade
+
+
+7. Change your templates to use the 4.3 repositories instead of the 4.2 ones. You do this with the following command in the dom0 terminal:
+
+   .. code:: console
+
+         $ sudo qubes-dist-upgrade --releasever=4.3 --template-standalone-upgrade
+
+
+   **Note**: This step is critical to ensure the templates will receive updates once Qubes 4.2 reaches end-of-life (EOL).
+
+
+In-place upgrade
+----------------
+
+
+**Warning:** It is not possible to upgrade directly from releases earlier than 4.2. If you’re still on an earlier release, please either perform a `clean installation of 4.3 <#clean-installation>`__ or :doc:`upgrade to 4.2 </user/downloading-installing-upgrading/upgrade/4_2>` first.
+
+The upgrade may take several hours, and will download several gigabytes of data.
+
+In place upgrade is a complex operation. For this reason, we provide a ``qubes-dist-upgrade`` tool to handle all the necessary steps automatically. You can install it with the following command in the dom0 terminal:
+
+.. code:: console
+
+      $ sudo qubes-dom0-update -y qubes-dist-upgrade
+
+
+
+The upgrade consists of six stages — three before restarting the system — labeled “STAGE 1” through “STAGE 3” in the options list below, and three after restarting the system — labeled as “STAGE 4” through “STAGE 6” below.
+
+Full list of options can be obtained with ``qubes-dist-upgrade --releasever=4.3 --help``:
+
+.. code:: bash
+
+      Usage: qubes-dist-upgrade --releasever=VERSION [OPTIONS]...
+      
+      This script is used for updating QubesOS to the next release.
+      
+      Options:
+          --releasever=VERSION               Specify target release, for example 4.3 or 4.2.
+      
+      Usage: /usr/lib/qubes/qubes-dist-upgrade-r4.3.sh [OPTIONS]...
+      
+      This script is used for updating current QubesOS R4.2 to R4.3.
+      
+      Options:
+          --update, -t                       (STAGE 1) Update of dom0, TemplatesVM and StandaloneVM.
+          --release-upgrade, -r              (STAGE 2) Update 'qubes-release' for Qubes R4.3.
+          --dist-upgrade, -s                 (STAGE 3) Upgrade to Qubes R4.3 and Fedora 41 repositories.
+          --template-standalone-upgrade, -l  (STAGE 4) Upgrade templates and standalone VMs to R4.3 repository.
+          --finalize, -x                     (STAGE 5) Finalize upgrade. It does:
+                                               - resync applications and features
+                                               - create LVM devices cache
+                                               - update PCI device IDs
+                                               - enable minimal-netvm / minimal-usbvm services
+                                               - cleanup salt states
+                                               - enable preloaded disposables if system has more than 16GB memory
+          --check-supported-templates        (STAGE 6) Check if all templates are supported
+          --all-pre-reboot                   Execute stages 1 to 3
+          --all-post-reboot                  Execute stages 4 to 6
+      
+          --assumeyes, -y                    Automatically answer yes for all questions.
+          --usbvm, -u                        Current UsbVM defined (default 'sys-usb').
+          --netvm, -n                        Current NetVM defined (default 'sys-net').
+          --updatevm, -f                     Current UpdateVM defined (default 'sys-firewall').
+          --skip-template-upgrade, -j        Don't upgrade TemplateVM to R4.3 repositories.
+          --skip-standalone-upgrade, -k      Don't upgrade StandaloneVM to R4.3 repositories.
+          --only-update                      Apply STAGE 4 and resync appmenus only to
+                                             selected qubes (comma separated list).
+          --keep-running                     List of extra VMs to keep running during update (comma separated list).
+                                             Can be useful if multiple updates proxy VMs are configured.
+          --max-concurrency                  How many TemplateVM/StandaloneVM to update in parallel in STAGE 1
+                                             (default 4).
+          --enable-current-testing, -e       Enable current-testing repositories for the update time.
+                                             The enabling with this option do not persist after
+                                             successful update. If you want to keep it enabled,
+                                             use the normal method instead.
+      
+
+
+After installing the tool, before-reboot stages can be performed at once with:
+
+.. code:: console
+
+      $ sudo qubes-dist-upgrade --all-pre-reboot
+
+
+
+Optionally, an ``--assumeyes`` (or ``-y``) option can be used to automatically accept all the actions without confirmation.
+
+Alternatively, each upgrade stage can be started separately (see the list of options above).
+
+After completing “STAGE 1” through “STAGE 3”, restart the system. Then perform the final steps:
+
+.. code:: console
+
+      $ sudo qubes-dist-upgrade --all-post-reboot
+
+
+
+After performing those steps, it’s recommended to restart the system one last time.
+
+When this completes, you can start using Qubes OS 4.3.
+
+Update
+------
+
+
+After upgrading or performing a clean installation, we strongly recommend :doc:`updating your system </user/how-to-guides/how-to-update>`.

user/downloading-installing-upgrading/upgrade/upgrade.rst

@@ -28,4 +28,6 @@ These guides are for upgrading from one version of Qubes to another. If you’re
 
    Upgrade from 4.1 to 4.2 </user/downloading-installing-upgrading/upgrade/4_2>
 
+   Upgrade from 4.2 to 4.3 </user/downloading-installing-upgrading/upgrade/4_3>
+
 

user/hardware/certified-hardware/certified-hardware.rst

@@ -35,7 +35,7 @@ The current Qubes-certified models are listed below in reverse chronological ord
      - :doc:`Certification details </user/hardware/certified-hardware/nitropad-v56/>`
    * - `NovaCustom <https://novacustom.com/>`__
      - `V56 Series <https://novacustom.com/product/v56-series/>`__ 
-     - :doc:`Certification details </user/hardware/certified-hardware/novacustom-v54-series/>`
+     - :doc:`Certification details </user/hardware/certified-hardware/novacustom-v56-series/>`
    * - `Nitrokey <https://www.nitrokey.com/>`__
      - `NitroPC Pro 2 <https://shop.nitrokey.com/shop/nitropc-pro-2-523>`__ 
      - :doc:`Certification details </user/hardware/certified-hardware/nitropc-pro-2/>`
@@ -55,7 +55,7 @@ The current Qubes-certified models are listed below in reverse chronological ord
      - `NitroPad T430 <https://shop.nitrokey.com/shop/nitropad-t430-119>`__ 
      - :doc:`Certification details </user/hardware/certified-hardware/nitropad-t430/>`
    * - `Nitrokey <https://www.nitrokey.com/>`__
-     - `NitroPad X230 <https://shop.nitrokey.com/shop/product/nitropad-t430-119>`__ 
+     - `NitroPad X230 <https://shop.nitrokey.com/shop/product/nitropad-x230-67>`__ 
      - :doc:`Certification details </user/hardware/certified-hardware/nitropad-x230/>`
    * - `Insurgo <https://insurgo.ca/>`__
      - `PrivacyBeast X230 <https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/>`__ 

user/hardware/certified-hardware/dasharo-fidelisguard-z690.rst

@@ -1,3 +1,5 @@
+:orphan:
+
 =========================
 Dasharo FidelisGuard Z690
 =========================

user/hardware/certified-hardware/insurgo-privacybeast-x230.rst

@@ -1,3 +1,5 @@
+:orphan:
+
 =========================
 Insurgo PrivacyBeast X230
 =========================