Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-11-29 07:56:50 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'rst' into toki_fix_findings

Browse source
This commit is contained in:
Tobias Killer 2025-08-16 20:05:30 +02:00 committed by GitHub
commit cad541c3af
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
115 changed files with 1960 additions and 1862 deletions
Download patch file Download diff file Expand all files Collapse all files

22
user/templates/debian/debian-upgrade.rst
View file

@ -18,7 +18,7 @@ Summary instructions for Debian templates
**Important:** The prompt on each line indicates where each command should be entered: ``dom0``, ``debian-<old>``, or ``debian-<new>``, where ``<old>`` is the Debian version number *from* which you are upgrading, and ``<new>`` is the Debian version number *to* which you are upgrading. The instructions may differ for certain releases. See `release-specific notes <#release-specific-notes>`__ for any instructions specific to your particular release.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-clone debian-<old> debian-<new>
[user@dom0 ~]$ qvm-run -a debian-<new> gnome-terminal
@ -42,14 +42,14 @@ These instructions will show you how to upgrade Debian templates. The same gener
1. Ensure the existing template is not running.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-shutdown debian-<old>
2. Clone the existing template and start a terminal in the new template.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-clone debian-<old> debian-<new>
[user@dom0 ~]$ qvm-run -a debian-<new> gnome-terminal
@ -57,7 +57,7 @@ These instructions will show you how to upgrade Debian templates. The same gener
3. Update your ``apt`` repositories to use the new releases code name instead of the old releases code name. (This can be done manually with a text editor, but ``sed`` can be used to automatically update the files.)
.. code:: bash
.. code:: console
[user@debian-<new> ~]$ sudo sed -i 's/<old-name>/<new-name>/g' /etc/apt/sources.list
[user@debian-<new> ~]$ sudo sed -i 's/<old-name>/<new-name>/g' /etc/apt/sources.list.d/qubes-r4.list
@ -66,7 +66,7 @@ These instructions will show you how to upgrade Debian templates. The same gener
4. Update the package lists and upgrade. During the process, it may prompt you to overwrite the file ``qubes-r4.list``. You should overwrite this file.
.. code:: bash
.. code:: console
[user@debian-<new> ~]$ sudo apt update
[user@debian-<new> ~]$ sudo apt upgrade
@ -76,7 +76,7 @@ These instructions will show you how to upgrade Debian templates. The same gener
5. (Optional) Remove unnecessary packages that were previously installed.
.. code:: bash
.. code:: console
[user@debian-<new> ~]$ sudo apt-get autoremove
@ -84,7 +84,7 @@ These instructions will show you how to upgrade Debian templates. The same gener
6. (Optional) Clean cached packages from ``/var/cache/apt``.
.. code:: bash
.. code:: console
[user@debian-<new> ~]$ sudo apt-get clean
@ -92,7 +92,7 @@ These instructions will show you how to upgrade Debian templates. The same gener
7. (Optional) Trim the new template. (This should :ref:`no longer be necessary <user/templates/templates:important notes>`, but it does not hurt. Some users have `reported <https://github.com/QubesOS/qubes-issues/issues/5055>`__ that it makes a difference.)
.. code:: bash
.. code:: console
[user@debian-<new> ~]$ sudo fstrim -av
[user@dom0 ~]$ qvm-shutdown debian-<new>
@ -102,7 +102,7 @@ These instructions will show you how to upgrade Debian templates. The same gener
8. Shut down the new template.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-shutdown debian-<new>
@ -111,7 +111,7 @@ These instructions will show you how to upgrade Debian templates. The same gener
10. (Optional) Make the new template the global default.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qubes-prefs --set default_template debian-<new>
@ -140,7 +140,7 @@ Please see `Debians Bullseye upgrade instructions <https://www.debian.org/rel
This means that, when upgrading from Buster to Bullseye, an additional ``sed`` command is required:
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-clone debian-10 debian-11
[user@dom0 ~]$ qvm-run -a debian-11 gnome-terminal

10
user/templates/debian/debian.rst
View file

@ -11,7 +11,7 @@ Installing
To :ref:`install <user/templates/templates:installing>` a specific Debian template that is not currently installed in your system, use the Qubes Template Manager, or use the following command in a dom0 terminal:
.. code:: bash
.. code:: console
$ qvm-template install XX
@ -73,11 +73,11 @@ The Debian-12 templates that ship with release 4.2.4 cannot be used for salting
If you have a Debian template from an earlier release that you want to use for salting Qubes, you **must** stop the salt-common and salt-ssh packages from being upgraded. Do this by marking these packages on hold *before* updating the template.
.. code:: bash
.. code:: console
sudo apt-mark hold salt-common salt-ssh
sudo apt update
sudo apt upgrade
$ sudo apt-mark hold salt-common salt-ssh
$ sudo apt update
$ sudo apt upgrade

32
user/templates/fedora/fedora-upgrade.rst
View file

@ -7,7 +7,7 @@ How to upgrade a Fedora template in-place
This page is intended for advanced users.
.. DANGER::
**Warning:** This page is intended for advanced users only. Most users seeking to upgrade should instead :ref:`install a new Fedora template <user/templates/fedora/fedora:installing>` . Learn more about the two options :ref:`here <user/templates/fedora/fedora:upgrading>` .
This page provides instructions for performing an in-place upgrade of an installed :doc:`Fedora Template </user/templates/fedora/fedora>`. If you wish to install a new, unmodified Fedora template instead of upgrading a template that is already installed in your system, please see the :doc:`Fedora Template </user/templates/fedora/fedora>` page instead. (:ref:`Learn more about the two options. <user/templates/fedora/fedora:upgrading>`)
@ -18,7 +18,7 @@ Summary instructions for standard Fedora templates
**Note:** The prompt on each line indicates where each command should be entered: ``dom0``, ``fedora-<old>``, or ``fedora-<new>``, where ``<old>`` is the Fedora version number *from* which you are upgrading, and ``<new>`` is the Fedora version number *to* which you are upgrading.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-clone fedora-<old> fedora-<new>
[user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img
@ -47,14 +47,14 @@ These instructions will show you how to upgrade the standard Fedora template. Th
1. Ensure the existing template is not running.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-shutdown fedora-<old>
2. Clone the existing template and start a terminal in the new template.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-clone fedora-<old> fedora-<new>
[user@dom0 ~]$ qvm-run -a fedora-<new> gnome-terminal
@ -62,7 +62,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
3. Attempt the upgrade process in the new template.
.. code:: bash
.. code:: console
[user@fedora-<new> ~]$ sudo dnf clean all
[user@fedora-<new> ~]$ sudo dnf --releasever=<new> distro-sync --best --allowerasing
@ -70,7 +70,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
**Note:** ``dnf`` might ask you to approve importing a new package signing key. For example, you might see a prompt like this one:
.. code:: bash
.. code:: output
warning: /mnt/removable/updates-0b4cc238d1aa4ffe/packages/example-package.fc<new>.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID XXXXXXXX: NOKEY
Importing GPG key 0xXXXXXXXX:
@ -86,7 +86,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
- If ``dnf`` reports that you do not have enough free disk space to proceed with the upgrade process, create an empty file in dom0 to use as a cache and attach it to the template as a virtual disk.
.. code:: bash
.. code:: console
[user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img
[user@dom0 ~]$ dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img)
@ -94,7 +94,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
Then reattempt the upgrade process, but this time use the virtual disk as a cache.
.. code:: bash
.. code:: console
[user@fedora-<new> ~]$ sudo mkfs.ext4 /dev/xvdi
[user@fedora-<new> ~]$ sudo mount /dev/xvdi /mnt/removable
@ -111,7 +111,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
4. Check that you are on the correct (new) Fedora release. Do this check only after completing the upgrade process. This is *not* a troubleshooting procedure for fixing download issues from the repository. This check simply verifies that your clone has successfully been upgraded.
.. code:: bash
.. code:: console
[user@fedora-<new> ~]$ cat /etc/fedora-release
@ -119,7 +119,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
5. (Optional) Trim the new template. (This should :ref:`no longer be necessary <user/templates/templates:important notes>`, but it does not hurt. Some users have `reported <https://github.com/QubesOS/qubes-issues/issues/5055>`__ that it makes a difference.)
.. code:: bash
.. code:: console
[user@fedora-<new> ~]$ sudo fstrim -av
[user@dom0 ~]$ qvm-shutdown fedora-<new>
@ -129,14 +129,14 @@ These instructions will show you how to upgrade the standard Fedora template. Th
6. Shut down the new template.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-shutdown fedora-<new>
7. Remove the cache file, if you created one.
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo losetup -d $dev
[user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img
@ -144,7 +144,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
8. Set the template-name, which is used by the Qubes updater.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-features fedora-<new> template-name fedora-<new>
@ -153,7 +153,7 @@ These instructions will show you how to upgrade the standard Fedora template. Th
10. (Optional) Make the new template the global default.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qubes-prefs --set default_template fedora-<new>
@ -168,7 +168,7 @@ Summary instructions for Fedora Minimal templates
**Note:** The prompt on each line indicates where each command should be entered: ``dom0``, ``fedora-<old>``, or ``fedora-<new>``, where ``<old>`` is the Fedora version number *from* which you are upgrading, and ``<new>`` is the Fedora version number *to* which you are upgrading.
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-clone fedora-<old>-minimal fedora-<new>-minimal
[user@dom0 ~]$ qvm-run -u root -a fedora-<new>-minimal xterm
@ -206,7 +206,7 @@ Additional information
As mentioned above, you may encounter the following ``dnf`` error:
.. code:: bash
.. code:: output
At least X MB more space needed on the / filesystem.

2
user/templates/fedora/fedora.rst
View file

@ -11,7 +11,7 @@ Installing
To :ref:`install <user/templates/templates:installing>` a specific Fedora template that is not currently installed in your system, use the Qubes Template Manager, or use the following command in a dom0 terminal:
.. code:: bash
.. code:: console
$ qvm-template install XX

12
user/templates/minimal-templates.rst
View file

@ -44,21 +44,21 @@ Installation
The minimal templates can be installed with the following type of command:
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal
If your desired version is not found, it may still be in :doc:`testing </user/downloading-installing-upgrading/testing>`. You may wish to try again with the testing repository enabled:
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal
If you would like to install a community distribution, try the install command by enabling the community repository:
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal
@ -71,7 +71,7 @@ Passwordless root
It is an intentional design choice for :doc:`Passwordless Root Access in VMs </user/security-in-qubes/vm-sudo>` to be optional in minimal templates. Since the minimal templates are *minimal*, they are not configured for passwordless root by default. To update or install packages, execute the following command in dom0:
.. code:: bash
.. code:: console
[user@dom0 ~]$ qvm-run -u root <DISTRO_NAME>-<RELEASE_NUMBER>-minimal xterm
@ -102,7 +102,7 @@ Fedora
The following list provides an overview of which packages are needed for which purpose. As usual, the required packages are to be installed in the running template with the following command (replace ``packages`` with a space-delimited list of packages to be installed):
.. code:: bash
.. code:: console
[user@your-new-clone ~]$ sudo dnf install packages
@ -188,7 +188,7 @@ Debian
The following list provides an overview of which packages are needed for which purpose. As usual, the required packages are to be installed in the running template with the following command (replace ``packages`` with a space-delimited list of packages to be installed):
.. code:: bash
.. code:: console
[user@your-new-clone ~]$ sudo apt install packages

22
user/templates/templates.rst
View file

@ -103,7 +103,7 @@ You can manage your templates using the ``Qubes Template Manager``, a GUI tool a
At the command line in dom0, ``qvm-template list --available`` will show available templates. To install a template, use:
.. code:: bash
.. code:: console
$ qvm-template install <template_name>
@ -113,7 +113,7 @@ You can also use ``qvm-template`` to upgrade or reinstall templates.
Repository (repo) definitions are stored in dom0 in ``/etc/qubes/repo-templates`` and associated keys in ``/etc/qubes/repo-templates/keys``. There are additional repos for testing releases and community templates. To temporarily enable any of these repos, use the ``--enablerepo=<repo-name>`` option. E.g. :
.. code:: bash
.. code:: console
$ qvm-template --enablerepo qubes-templates-community install <template_name>
@ -164,7 +164,7 @@ To remove a template, the graphical ``Qube Manager`` (Qubes Menu > Qubes Tools >
Alternatively, to remove a template via the command line in dom0:
.. code:: bash
.. code:: console
$ qvm-template remove <TEMPLATE_NAME>
@ -172,7 +172,7 @@ Alternatively, to remove a template via the command line in dom0:
<TEMPLATE_NAME> is the first column from the output of:
.. code:: bash
.. code:: console
$ qvm-template list --installed
@ -204,16 +204,16 @@ When you install a new template or :ref:`upgrade <user/how-to-guides/how-to-upda
In the App Menu, click on Terminal Emulator. Type the command below, substituting ``<SYS_USB_DISPOSABLE_TEMPLATE>`` with the name of the disposable template on which ``sys-usb`` is based, ``<NEW_TEMPLATE>`` with the name of the new template, and ``<USB_QUBE>`` with the name of your USB qube. Other than these substitutions, make sure to enter the command exactly as written.
.. code:: bash
.. code:: console
qvm-shutdown --wait --all; qvm-prefs <SYS_USB_DISPOSABLE_TEMPLATE> template <NEW_TEMPLATE>; qvm-start <USB_QUBE>
$ qvm-shutdown --wait --all; qvm-prefs <SYS_USB_DISPOSABLE_TEMPLATE> template <NEW_TEMPLATE>; qvm-start <USB_QUBE>
With substitutions, your command should look similar to this example. (**Warning:** This is just an example. Do not attempt to use it.)
.. code:: bash
.. code:: console
qvm-shutdown --wait --all; qvm-prefs fedora-01-dvm template fedora-02; qvm-start sys-usb
$ qvm-shutdown --wait --all; qvm-prefs fedora-01-dvm template fedora-02; qvm-start sys-usb
@ -239,8 +239,8 @@ Whenever an app qube is created, the contents of the ``/home`` directory of its
Once an app qube has been created, any changes in its ``/home``, ``/usr/local``, or ``/rw/config`` directories will be persistent across reboots, which means that any files stored there will still be available after restarting the app qube. No changes in any other directories in app qubes persist in this manner. If you would like to make changes in other directories which *do* persist in this manner, you must make those changes in the parent template.
.. list-table::
:widths: 44 44 44
.. list-table::
:widths: 44 44 44
:align: center
:header-rows: 1
@ -256,7 +256,7 @@ Once an app qube has been created, any changes in its ``/home``, ``/usr/local``,
* - :ref:`disposable <user/reference/glossary:disposable>`
- ``/rw`` (includes ``/home``, ``/usr/local``, and ``bind-dirs``)
- nothing
| :superscript:`1` Upon creation
| :superscript:`2` Following shutdown

88
user/templates/windows/qubes-windows-tools-4-0.rst
View file

@ -21,8 +21,8 @@ Qubes Windows Tools are a set of programs and drivers that provide integration o
Below is a breakdown of the feature availability depending on the windows version:
.. list-table::
:widths: 39 39 39
.. list-table::
:widths: 39 39 39
:align: center
:header-rows: 1
@ -59,7 +59,7 @@ Below is a breakdown of the feature availability depending on the windows versio
* - Audio
- n
- n
Qubes Windows Tools are open source and are distributed under a GPL license.
@ -102,7 +102,7 @@ This will allow you to install the Qubes Windows Tools on Windows 10 both as a S
6. Check the integrity of the file ``qubes-tools-4.0.1.3.exe``by comparing its hash checksum. This can be done using the Windows command ``certutil`` on the windows command prompt (``cmd.exe``) and specifying an appropriate hash algorithm like:
.. code:: bash
.. code:: doscon
certutil -hashfile C:\qubes-tools-4.0.1.3.exe SHA256
@ -120,10 +120,10 @@ This will allow you to install the Qubes Windows Tools on Windows 10 both as a S
9. On a ``dom0`` terminal write: *(where* ``<VMname>`` *is the name of your Windows 10 VM)*
.. code:: bash
.. code:: console
qvm-features <VMname> gui 1
qvm-prefs <VMname> qrexec_timeout 300
$ qvm-features <VMname> gui 1
$ qvm-prefs <VMname> qrexec_timeout 300
@ -133,9 +133,9 @@ This will allow you to install the Qubes Windows Tools on Windows 10 both as a S
12. Lastly to enable file copy operations to a Windows 10 VM the ``default_user`` property should be set the ``<username>`` that you use to login to the Windows VM. This can be done via the following command on a ``dom0`` terminal: *(where* ``<VMname>`` *is the name of your Windows 10 VM)*
.. code:: bash
.. code:: console
qvm-prefs <VMname> default_user <username>
$ qvm-prefs <VMname> default_user <username>
@ -157,9 +157,9 @@ Installing Qubes guest tools in Windows 7 VMs
First, make sure that ``qubes-windows-tools`` is installed in your system:
.. code:: bash
.. code:: console
sudo qubes-dom0-update qubes-windows-tools
$ sudo qubes-dom0-update qubes-windows-tools
@ -167,9 +167,9 @@ First, make sure that ``qubes-windows-tools`` is installed in your system:
You can also install the package from testing repositories, where we usually publish new versions first:
.. code:: bash
.. code:: console
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools
$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools
@ -189,9 +189,9 @@ In the future this step will not be necessary anymore, because we will sign our
To install the Qubes Windows Tools in a Windows VM one should start the VM passing the additional option ``--install-windows-tools``:
.. code:: bash
.. code:: console
qvm-start lab-win7 --install-windows-tools
$ qvm-start lab-win7 --install-windows-tools
@ -201,17 +201,17 @@ After successful installation, the Windows VM must be shut down and started agai
Qubes will automatically detect the tools has been installed in the VM and will set appropriate properties for the VM, such as ``qrexec_installed``, ``guiagent_installed``, and ``default_user``. This can be verified (but is not required) using qvm-prefs command:
.. code:: bash
.. code:: console
qvm-prefs <your-appvm-name>
$ qvm-prefs <your-appvm-name>
**Note:** it is recommended to increase the default value of Windows VMs ``qrexec_timeout`` property from 60 (seconds) to, for example, 300. During one of the first reboots after Windows Tools installation Windows user profiles are moved onto the private VMs virtual disk (private.img) and this operation can take some time. Moving profiles is performed in an early boot phase when qrexec is not yet running, so timeout may occur with the default value. To change the property use this command in dom0:
.. code:: bash
.. code:: console
qvm-prefs <vm-name> qrexec_timeout 300
$ qvm-prefs <vm-name> qrexec_timeout 300
@ -245,9 +245,9 @@ Notes about using Xens VBD (storage) PV driver:
With Qubes Windows Tools installed the early graphical console provided in debugging mode isnt needed anymore since Qubes display driver will be used instead of the default VGA driver:
.. code:: bash
.. code:: console
qvm-prefs -s win7new debug false
$ qvm-prefs -s win7new debug false
@ -259,9 +259,9 @@ Using Windows AppVMs in seamless mode
Once you start a Windows-based AppVM with Qubes Tools installed, you can easily start individual applications from the VM (note the ``-a`` switch used here, which will auto-start the VM if it is not running):
.. code:: bash
.. code:: console
qvm-run -a my-win7-appvm explorer.exe
$ qvm-run -a my-win7-appvm explorer.exe
@ -269,13 +269,13 @@ Once you start a Windows-based AppVM with Qubes Tools installed, you can easily
Also, the inter-VM services work as usual e.g. to request opening a document or URL in the Windows AppVM from another VM:
.. code:: bash
.. code:: console
[user@work ~]$ qvm-open-in-vm work-win7 roadmap.pptx
.. code:: bash
.. code:: console
[user@work ~]$ qvm-open-in-vm work-win7 https://invisiblethingslab.com
@ -303,9 +303,9 @@ Qubes allows HVM VMs to share a common root filesystem from a select Template VM
In order to create a HVM TemplateVM one can use the following command, suitably adapted:
.. code:: bash
.. code:: console
qvm-create --class TemplateVM win-template --property virt_mode=HVM --property kernel='' -l green
$ qvm-create --class TemplateVM win-template --property virt_mode=HVM --property kernel='' -l green
@ -333,9 +333,9 @@ It also makes sense to disable Automatic Updates for all the template-based AppV
Once the template has been created and installed it is easy to create AppVMs based on it:
.. code:: bash
.. code:: console
qvm-create --property virt_mode=hvm <new windows appvm name> --template <name of template vm> --label <label color>
$ qvm-create --property virt_mode=hvm <new windows appvm name> --template <name of template vm> --label <label color>
@ -389,8 +389,8 @@ Configuration
Starting from version 2.2.* various aspects of Qubes Windows Tools can be configured through registry. Main configuration key is located in ``HKEY_LOCAL_MACHINE\SOFTWARE\Invisible Things Lab\Qubes Tools``. Configuration values set on this level are global to all QWT components. Its possible to override global values with component-specific keys, this is useful mainly for setting log verbosity for troubleshooting. Possible configuration values are:
.. list-table::
:widths: 14 14 14 14
.. list-table::
:widths: 14 14 14 14
:align: center
:header-rows: 1
@ -410,13 +410,13 @@ Starting from version 2.2.* various aspects of Qubes Windows Tools can be config
- DWORD
- Maximum age of log files (in seconds), older logs are automatically deleted
- 604800 (7 days)
Possible log levels:
.. list-table::
:widths: 11 11 11
.. list-table::
:widths: 11 11 11
:align: center
:header-rows: 1
@ -438,7 +438,7 @@ Possible log levels:
* - 5
- Verbose
- Trace most function calls
Debug and Verbose levels can generate large volume of logs and are intended for development/troubleshooting only.
@ -449,8 +449,8 @@ To override global settings for a specific component, create a new key under the
Component-specific settings currently available:
.. list-table::
:widths: 11 11 11 11 11
.. list-table::
:widths: 11 11 11 11 11
:align: center
:header-rows: 1
@ -464,7 +464,7 @@ Component-specific settings currently available:
- DWORD
- Disable cursor in the VM. Useful for integration with Qubes desktop so you dont see two cursors. Can be disabled if you plan to use the VM through a remote desktop connection of some sort. Needs gui agent restart to apply change (locking OS/logoff should be enough since qga is restarted on desktop change).
- 1
Troubleshooting
@ -485,8 +485,8 @@ Safe Mode should at least give you access to logs (see above).
If a specific component is malfunctioning, you can increase its log verbosity as explained above to get more troubleshooting information. Below is a list of components:
.. list-table::
:widths: 18 18
.. list-table::
:widths: 18 18
:align: center
:header-rows: 1
@ -524,13 +524,13 @@ When we publish new QWT version, its usually pushed to the ``current-testing`
That command will download a new QWT .iso from the testing repository. It goes without saying that you should **backup your VMs** before installing anything from testing repos.
.. |windows-seamless-4.png| image:: /attachment/doc/windows-seamless-4.png
.. |windows-seamless-1.png| image:: /attachment/doc/windows-seamless-1.png
.. |windows-seamless-7.png| image:: /attachment/doc/windows-seamless-7.png
.. |qtw-log-level.png| image:: /attachment/doc/qtw-log-level.png

84
user/templates/windows/qubes-windows-tools-4-1.rst
View file

@ -37,17 +37,17 @@ Qubes Windows Tools (QWT) are a set of programs and drivers that provide integra
**Note:** Due to the security problems described in `QSB-091 <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-091-2023.txt>`__, installation of Qubes Windows Tools is currently blocked. Instead, a text file containing a warning is displayed. Currently, it is difficult to estimate the severity of the risks posed by the sources of the Xen drivers used in QWT possibly being compromised, so it was decided not to offer direct QWT installation until this problem could be treated properly. While Windows qubes are, in Qubes, generally not regarded as being very trustworthy, a possible compromise of the Xen drivers used in Qubes Windows Tools might create a risk for Xen or ``dom0`` and thus be dangerous for Qubes itself. This risk may be small or even non-existent, as stated in QSB-091. If you **understand** this risk and are **willing to take it**, you can still install the previous versions of Qubes Windows Tools, using the command
.. code:: bash
.. code:: console
sudo qubes-dom0-update qubes-windows-tools-4.1.68
$ sudo qubes-dom0-update qubes-windows-tools-4.1.68
for Qubes R4.1.2, or
.. code:: bash
.. code:: console
sudo qubes-dom0-update qubes-windows-tools-4.1.69
$ sudo qubes-dom0-update qubes-windows-tools-4.1.69
@ -63,8 +63,8 @@ If you prefer to download the corresponding .rpm files for manual QWT installati
Below is a breakdown of the feature availability depending on the windows version:
.. list-table::
:widths: 38 38 38
.. list-table::
:widths: 38 38 38
:align: center
:header-rows: 1
@ -101,7 +101,7 @@ Below is a breakdown of the feature availability depending on the windows versio
* - Audio
- y
- y
Qubes Windows Tools are open source and are distributed under a GPL license.
@ -136,7 +136,7 @@ The Xen PV Drivers bundled with QWT are signed by a Linux Foundation certificate
**Warning:** it is recommended to increase the default value of Windows VMs ``qrexec_timeout`` property from 60 (seconds) to, for example, 300. During one of the first reboots after Windows Tools installation Windows user profiles are moved onto the private VMs virtual disk (private.img) and this operation can take some time. Moving profiles and, later on, updating a Windows installation, is performed in an early boot phase when ``qrexec`` is not yet running, so timeout may occur with the default value. To change the property use this command in ``dom0``: *(where* ``<VMname>`` *is the name of your Windows VM)*
.. code:: bash
.. code:: console
[user@dom0 ~] $ qvm-prefs <VMname> qrexec_timeout 7200
@ -160,31 +160,31 @@ Installing the Qubes Windows Tools on Windows 7, 8.1, 10 and 11 both as a Standa
1. First, make sure that ``qubes-windows-tools`` is installed in your system:
.. code:: bash
.. code:: console
sudo qubes-dom0-update qubes-windows-tools
$ sudo qubes-dom0-update qubes-windows-tools
(If the above command does not work, it could be that the Qubes Tools are not in the stable repo yet. Try installing from the testing repo instead.)
You can also install the package from testing repositories, where we usually publish new versions first:
.. code:: bash
.. code:: console
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools
$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools
If an earlier version of Qubes Windows Tools is already installed, with enabled current-testing repo you need to specify as action to ``upgrade`` the existing package, because the default action is ``install``, which will fail if it detects that QWT is already present in Dom0:
.. code:: bash
.. code:: console
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --action=upgrade qubes-windows-tools
$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --action=upgrade qubes-windows-tools
This package brings the ISO with Qubes Windows Tools that is passed to the VM when ``--install-windows-tools`` is specified for the ``qvm-start`` command. Please note that none of this software ever runs in Dom0 or any other part of the system except for the Windows AppVM in which it is to be installed.
2. **For Windows 8.1, 10 and 11:** From the Windows command line, disable hibernation in order to avoid incomplete Windows shutdown, which may lead to corruption of the VMs disk.
.. code:: bash
.. code:: doscon
powercfg -H off
@ -193,9 +193,9 @@ Installing the Qubes Windows Tools on Windows 7, 8.1, 10 and 11 both as a Standa
3. To install the Qubes Windows Tools in a Windows VM one should start the VM passing the additional option ``--install-windows-tools``:
.. code:: bash
.. code:: console
qvm-start <VMname> --install-windows-tools
$ qvm-start <VMname> --install-windows-tools
Once the Windows VM boots, a CDROM should appear in the My Computer menu (typically as ``D:`` or ``E:``) with the setup program ``qubes-tools-x64.msi`` in its main directory.
@ -215,14 +215,14 @@ Installing the Qubes Windows Tools on Windows 7, 8.1, 10 and 11 both as a Standa
6. Qubes will automatically detect that the tools have been installed in the VM and will set appropriate properties for the VM, such as ``qrexec_installed``, ``guiagent_installed``, and ``default_user``. This can be verified (but is not required) using the ``qvm-prefs`` command *(where* ``<VMname>`` *is the name of your Windows VM)*:
.. code:: bash
.. code:: console
[user@dom0 ~] $ qvm-prefs <VMname>
It is advisable to set some other parameters in order to enable audio and USB block device access, synchronize the Windows clock with the Qubes clock, and so on:
.. code:: bash
.. code:: console
[user@dom0 ~] $ qvm-features <VMname> audio-model ich9
[user@dom0 ~] $ qvm-features <VMname> stubdom-qrexec 1
@ -231,7 +231,7 @@ Installing the Qubes Windows Tools on Windows 7, 8.1, 10 and 11 both as a Standa
For audio, the parameter ``audio-model`` can be selected as ``ich6`` or ``ich9``; select the value that gives the best audio quality. Audio quality may also be improved by setting the following parameters, but this can depend on the Windows version and on your hardware:
.. code:: bash
.. code:: console
[user@dom0 ~] $ qvm-features <VMname> timer-period 1000
[user@dom0 ~] $ qvm-features <VMname> out.latency 10000
@ -295,7 +295,7 @@ Using Windows AppVMs in seamless mode
Once you start a Windows-based AppVM with Qubes Tools installed, you can easily start individual applications from the VM (note the ``-a`` switch used here, which will auto-start the VM if it is not running):
.. code:: bash
.. code:: console
[user@dom0 ~] $ qvm-run -a my-win-appvm explorer.exe
@ -305,10 +305,10 @@ Once you start a Windows-based AppVM with Qubes Tools installed, you can easily
Also, the inter-VM services work as usual e.g. to request opening a document or URL in the Windows AppVM from another VM:
.. code:: bash
.. code:: console
[user@dom0 ~] $ qvm-open-in-vm my-win-appvm roadmap.pptx
[user@dom0 ~]$ qvm-open-in-vm my-win-appvm https://invisiblethingslab.com
@ -418,8 +418,8 @@ Configuration
Various aspects of Qubes Windows Tools (QWT) can be configured through the registry. The main configuration key is located in ``HKEY_LOCAL_MACHINE\SOFTWARE\Invisible Things Lab\Qubes Tools``. Configuration values set on this level are global to all QWT components. Its possible to override global values with component-specific keys, this is useful mainly for setting log verbosity for troubleshooting. Possible configuration values are:
.. list-table::
:widths: 14 14 14 14
.. list-table::
:widths: 14 14 14 14
:align: center
:header-rows: 1
@ -439,13 +439,13 @@ Various aspects of Qubes Windows Tools (QWT) can be configured through the regis
- DWORD
- Maximum age of log files (in seconds), older logs are automatically deleted
- 604800 (7 days)
Possible log levels:
.. list-table::
:widths: 11 11 11
.. list-table::
:widths: 11 11 11
:align: center
:header-rows: 1
@ -467,7 +467,7 @@ Possible log levels:
* - 5
- Verbose
- Trace most function calls
Debug and Verbose levels can generate large volume of logs and are intended for development/troubleshooting only.
@ -476,8 +476,8 @@ To override global settings for a specific component, create a new key under the
Component-specific settings currently available:
.. list-table::
:widths: 11 11 11 11 11
.. list-table::
:widths: 11 11 11 11 11
:align: center
:header-rows: 1
@ -491,7 +491,7 @@ Component-specific settings currently available:
- DWORD
- Disable cursor in the VM. Useful for integration with Qubes desktop so you dont see two cursors. Can be disabled if you plan to use the VM through a remote desktop connection of some sort. Needs gui agent restart to apply change (locking OS/logoff should be enough since qga is restarted on desktop change).
- 1
Troubleshooting
@ -514,8 +514,8 @@ Xen logs in dom0 (``/var/log/xen/console/guest-*``) are also useful as they cont
If a specific component is malfunctioning, you can increase its log verbosity as explained above to get more troubleshooting information. Below is a list of components:
.. list-table::
:widths: 32 32
.. list-table::
:widths: 32 32
:align: center
:header-rows: 1
@ -554,7 +554,7 @@ Updates
When we publish a new QWT version, its usually pushed to the ``current-testing`` or ``unstable`` repository first. To use versions from current-testing, run this in dom0:
.. code:: bash
.. code:: console
[user@dom0 ~] $ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools
@ -563,22 +563,22 @@ When we publish a new QWT version, its usually pushed to the ``current-testin
That command will download a new QWT ``iso`` file from the testing repository. It goes without saying that you should **backup your VMs** before installing anything from testing repos.
.. |QWT_install_select| image:: /attachment/doc/QWT_install_select.png
.. |QWT_install_driver| image:: /attachment/doc/QWT_install_driver.png
.. |QWT_install_no_restart| image:: /attachment/doc/QWT_install_no_restart.png
.. |windows-seamless-4.png| image:: /attachment/doc/windows-seamless-4.png
.. |windows-seamless-1.png| image:: /attachment/doc/windows-seamless-1.png
.. |windows-seamless-7.png| image:: /attachment/doc/windows-seamless-7.png
.. |QWT_no_PV_network| image:: /attachment/doc/QWT_no_PV_network.png

114
user/templates/windows/windows-qubes-4-0.rst
View file

@ -125,10 +125,10 @@ Qubes 4.0 - importing a Windows VM from R3.2
Importing should work, simply make sure that you are not using Xens newer linux stubdomain and that the VM is in HVM mode (these steps should be done automatically when importing the VM):
.. code:: bash
.. code:: console
qvm-features VMNAME linux-stubdom ''
qvm-prefs VMNAME virt_mode hvm
$ qvm-features VMNAME linux-stubdom ''
$ qvm-prefs VMNAME virt_mode hvm
@ -147,26 +147,40 @@ An unofficial, third-party tool for automating this process is available `here <
Summary
^^^^^^^
.. code:: console
.. code:: bash
$ qvm-create --class StandaloneVM --label red --property virt_mode=hvm win7new
$ qvm-prefs win7new memory 4096
$ qvm-prefs win7new maxmem 4096
$ qvm-prefs win7new kernel ''
$ qvm-volume extend win7new:root 25g
$ qvm-prefs win7new debug true
$ qvm-features win7new video-model cirrus
$ qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new
qvm-create --class StandaloneVM --label red --property virt_mode=hvm win7new
qvm-prefs win7new memory 4096
qvm-prefs win7new maxmem 4096
qvm-prefs win7new kernel ''
qvm-volume extend win7new:root 25g
qvm-prefs win7new debug true
qvm-features win7new video-model cirrus
qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new
# restart after the first part of the windows installation process ends
qvm-start win7new
# once Windows is installed and working
qvm-prefs win7new memory 2048
qvm-prefs win7new maxmem 2048
qvm-features --unset win7new video-model
qvm-prefs win7new qrexec_timeout 300
# with Qubes Windows Tools installed:
qvm-prefs win7new debug false
Restart after the first part of the windows installation process ends:
.. code:: console
$ qvm-start win7new
Once Windows is installed and working:
.. code:: console
$ qvm-prefs win7new memory 2048
$ qvm-prefs win7new maxmem 2048
$ qvm-features --unset win7new video-model
$ qvm-prefs win7new qrexec_timeout 300
With Qubes Windows Tools installed:
.. code:: console
$ qvm-prefs win7new debug false
@ -188,9 +202,9 @@ MS Windows versions considerations:
Create a VM named win7new in :doc:`HVM </user/advanced-topics/standalones-and-hvms>` mode (Xens current PVH limitations precludes from using PVH):
.. code:: bash
.. code:: console
qvm-create --class StandaloneVM --label red --property virt_mode=hvm win7new
$ qvm-create --class StandaloneVM --label red --property virt_mode=hvm win7new
@ -198,7 +212,7 @@ Windows installer requires a significant amount of memory or else the VM will
``/var/log/xen/console/hypervisor.log``:
.. code:: bash
.. code:: text
p2m_pod_demand_populate: Dom120 out of PoD memory! (tot=102411 ents=921600 dom120)
(XEN) domain_crash called from p2m-pod.c:1218
@ -208,40 +222,40 @@ Windows installer requires a significant amount of memory or else the VM will
So, increase the VMs memory to 4096MB (memory = maxmem because we dont use memory balancing).
.. code:: bash
.. code:: console
qvm-prefs win7new memory 4096
qvm-prefs win7new maxmem 4096
$ qvm-prefs win7new memory 4096
$ qvm-prefs win7new maxmem 4096
Disable direct boot so that the VM will go through the standard cdrom/HDD boot sequence:
.. code:: bash
.. code:: console
qvm-prefs win7new kernel ''
$ qvm-prefs win7new kernel ''
A typical Windows 7 installation requires between 15GB up to 19GB of disk space depending on the version (Home/Professional/…). Windows updates also end up using significant space. So, extend the root volume from the default 10GB to 25GB (note: it is straightforward to increase the root volume size after Windows is installed: simply extend the volume again in dom0 and then extend the system partition with Windowss disk manager).
.. code:: bash
.. code:: console
qvm-volume extend win7new:root 25g
$ qvm-volume extend win7new:root 25g
Set the debug flag in order to have a graphical console:
.. code:: bash
.. code:: console
qvm-prefs win7new debug true
$ qvm-prefs win7new debug true
The second part of the installation process will crash with the standard VGA video adapter and the VM will stay in “transient” mode with the following error in ``guest-win7new-dm.log``:
.. code::
.. code:: text
qemu: /home/user/qubes-src/vmm-xen-stubdom-linux/build/qemu/exec.c:1187: cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <= snap->end' failed.
@ -249,17 +263,17 @@ The second part of the installation process will crash with the standard VGA vid
To avoid that error we temporarily have to switch the video adapter to cirrus:
.. code:: bash
.. code:: console
qvm-features win7new video-model cirrus
$ qvm-features win7new video-model cirrus
The VM is now ready to be started; the best practice is to use an installation ISO :ref:`located in a VM <user/advanced-topics/standalones-and-hvms:installing an os in an hvm>`:
.. code:: bash
.. code:: console
qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new
$ qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new
@ -267,7 +281,7 @@ Given the higher than usual memory requirements of Windows, you may get a ``Not
At this point you may open a tab in dom0 for debugging, in case something goes amiss:
.. code:: bash
.. code:: console
tailf /var/log/qubes/vm-win7new.log \
/var/log/xen/console/hypervisor.log \
@ -281,26 +295,26 @@ The second part of Windows installer should then be able to complete successf
Decrease the VMs memory to a more reasonable value (memory balancing on Windows is unstable so keep ``memory`` equal to ``maxmen``).
.. code:: bash
.. code:: console
qvm-prefs win7new memory 2048
qvm-prefs win7new maxmem 2048
$ qvm-prefs win7new memory 2048
$ qvm-prefs win7new maxmem 2048
Revert to the standard VGA adapter: the cirrus adapter will limit the maximum screen resolution to 1024x768 pixels, while the default VGA adapter allows for much higher resolutions (up to 2560x1600 pixels).
.. code:: bash
.. code:: console
qvm-features --unset win7new video-model
$ qvm-features --unset win7new video-model
Finally, increase the VMs ``qrexec_timeout``: in case you happen to get a BSOD or a similar crash in the VM, utilities like chkdsk wont complete on restart before qrexec_timeout automatically halts the VM. That can really put the VM in a totally unrecoverable state, whereas with higher qrexec_timeout, chkdsk or the appropriate utility has plenty of time to fix the VM. Note that Qubes Windows Tools also require a larger timeout to move the user profiles to the private volume the first time the VM reboots after the tools installation.
.. code:: bash
.. code:: console
qvm-prefs win7new qrexec_timeout 300
$ qvm-prefs win7new qrexec_timeout 300
@ -312,9 +326,9 @@ Windows as a template
Windows 7 and 10 can be installed as TemplateVM by selecting
.. code:: bash
.. code:: console
qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black Windows-template
$ qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black Windows-template
@ -330,9 +344,9 @@ For Windows 10, configuration data like those stored in directories like ``AppDa
AppVMs based on these templates can be created the normal way by using the Qube Manager or by specifying
.. code:: bash
.. code:: console
qvm-create --class=AppVM --template=<VMname>
$ qvm-create --class=AppVM --template=<VMname>

46
user/templates/windows/windows-qubes-4-1.rst
View file

@ -130,16 +130,16 @@ Create a VM named WindowsNew in :doc:`HVM </user/advanced-topics/standalones-and
.. code:: bash
.. code:: console
qvm-create --class StandaloneVM --label orange --property virt_mode=hvm WindowsNew
$ qvm-create --class StandaloneVM --label orange --property virt_mode=hvm WindowsNew
and for a template:
.. code:: bash
.. code:: console
qvm-create --class TemplateVM --label black --property virt_mode=hvm WindowsNew
$ qvm-create --class TemplateVM --label black --property virt_mode=hvm WindowsNew
@ -147,13 +147,13 @@ Create a VM named WindowsNew in :doc:`HVM </user/advanced-topics/standalones-and
.. code:: bash
.. code:: console
qvm-volume extend WindowsNew:root 60g
qvm-prefs WindowsNew memory 4096
qvm-prefs WindowsNew maxmem 4096
qvm-prefs WindowsNew kernel ''
qvm-prefs WindowsNew qrexec_timeout 7200
$ qvm-volume extend WindowsNew:root 60g
$ qvm-prefs WindowsNew memory 4096
$ qvm-prefs WindowsNew maxmem 4096
$ qvm-prefs WindowsNew kernel ''
$ qvm-prefs WindowsNew qrexec_timeout 7200
@ -167,10 +167,10 @@ These parameters are set for the following reasons:
- The Windows installer requires a significant amount of memory or else the VM will crash with such errors:
.. code:: bash
.. code:: output
/var/log/xen/console/hypervisor.log:
p2m_pod_demand_populate: Dom120 out of PoD memory! (tot=102411 ents=921600 dom120)
(XEN) domain_crash called from p2m-pod.c:1218
(XEN) Domain 120 (vcpu#0) crashed on cpu#3:
@ -182,9 +182,9 @@ These parameters are set for the following reasons:
- After creating the new qube, increase the VMs ``qrexec_timeout``: in case you happen to get a BSOD or a similar crash in the VM, utilities like ``chkdsk`` wont complete on restart before ``qrexec_timeout`` automatically halts the VM. That can really put the VM in a totally unrecoverable state, whereas with higher ``qrexec_timeout``, ``chkdsk`` or the appropriate utility has plenty of time to fix the VM. Note that Qubes Windows Tools also require a larger timeout to move the user profiles to the private volume the first time the VM reboots after the tools installation. So set the parameter via the following CLI command from a dom0 terminal, because the Qube manager does not support this setting:
.. code:: bash
.. code:: console
qvm-prefs WindowsNew qrexec_timeout 7200
$ qvm-prefs WindowsNew qrexec_timeout 7200
@ -213,9 +213,9 @@ These parameters are set for the following reasons:
This can also be done via the following CLI command in dom0 (assuming that the Windows installer ISO is stored in the directory ``/home/user/`` in the AppVM ``untrusted``):
.. code:: bash
.. code:: console
qvm-start --cdrom=untrusted:/home/user/windows_install.iso WindowsNew
$ qvm-start --cdrom=untrusted:/home/user/windows_install.iso WindowsNew
@ -244,7 +244,7 @@ These parameters are set for the following reasons:
- You will then return to the setup, which will continue normally and install Windows 11 without TPM 2.0.
.. warning::
Caution: This temporary patch may cease to work if it so pleases Microsoft sometime. With version 24H2 it is still working.
- The installation of Windows 11 may require an internet connection to grab a Microsoft ID. Previously, this was true only for the home edition, but since version 24H2, it extends to the Pro edition, too. A workaround to bypass the internet connection requirements of the Windows 11 setup has been published that works for version 21H2 but may be blocked for newer versions:
@ -310,7 +310,7 @@ These parameters are set for the following reasons:
- From the Windows command line, disable hibernation in order to avoid incomplete Windows shutdown, which could lead to corruption of the VMs disk.
.. code:: bash
.. code:: doscon
powercfg -H off
@ -340,7 +340,7 @@ These parameters are set for the following reasons:
- Given the higher than usual memory requirements of Windows, you may get a ``Not enough memory to start domain 'WindowsNew'`` error. In that case try to shutdown unneeded VMs to free memory before starting the Windows VM.
At this point you may open a tab in dom0 for debugging, in case something goes amiss:
.. code:: bash
.. code:: console
tailf /var/log/qubes/vm-WindowsNew.log \
/var/log/xen/console/hypervisor.log \
@ -394,9 +394,9 @@ If the user data have been moved to ``Q:``, be sure not to user the option ``Mov
AppVMs based on these templates can be created the normal way by using the Qube Manager or by specifying
.. code:: bash
.. code:: console
qvm-create --class=AppVM --template=<VMname>
$ qvm-create --class=AppVM --template=<VMname>
@ -406,9 +406,9 @@ On starting the AppVM, sometimes a message is displayed that the Xen PV Network
Furthermore, if manual IP setup was used for the template, the IP address selected for the template will also be used for the AppVM, as it inherits this address from the template. Qubes, however, will have assigned a different address to the AppVM, which will have to be changed to that of the template (e.g. 10.137.0.x) so that the AppVM can access the network, via the CLI command in a dom0 terminal:
.. code:: bash
.. code:: console
qvm-prefs WindowsNew ip 10.137.0.x
$ qvm-prefs WindowsNew ip 10.137.0.x

8
user/templates/xfce-templates.rst
View file

@ -13,28 +13,28 @@ Installation
The Fedora Xfce templates can be installed with the following command (where ``X`` is your desired distro and version number):
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-X-xfce
If your desired version is not found, it may still be in :doc:`testing </user/downloading-installing-upgrading/testing>`. You may wish to try again with the testing repository enabled:
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-X-xfce
If you would like to install a community distribution such as Gentoo, try the install command by enabling the community repository:
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-X-xfce
If your desired version is not found, it may still be in :doc:`testing </user/downloading-installing-upgrading/testing>`. You may wish to try again with the testing repository enabled:
.. code:: bash
.. code:: console
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-X-xfce