diff --git a/developer/building/development-workflow.md b/developer/building/development-workflow.md index 0146fe3a..dd72699a 100644 --- a/developer/building/development-workflow.md +++ b/developer/building/development-workflow.md @@ -15,7 +15,7 @@ A workflow for developing Qubes OS+ First things first, setup [QubesBuilder](/doc/qubes-builder/). This guide assumes you're using qubes-builder to build Qubes. -# Repositories and committing Code +## Repositories and committing Code Qubes is split into a bunch of git repos. These are all contained in the `qubes-src` directory under qubes-builder. Subdirectories there are separate diff --git a/developer/building/qubes-builder.md b/developer/building/qubes-builder.md index 572b9866..035a36d3 100644 --- a/developer/building/qubes-builder.md +++ b/developer/building/qubes-builder.md @@ -24,6 +24,7 @@ In order to use it, you should use an rpm-based distro, like Fedora :), and shou - git - createrepo - rpm-build +- dnf-plugins-core - make - wget - rpmdevtools diff --git a/developer/building/qubes-iso-building.md b/developer/building/qubes-iso-building.md index 1aad3a2a..fe9fb452 100644 --- a/developer/building/qubes-iso-building.md +++ b/developer/building/qubes-iso-building.md @@ -15,17 +15,27 @@ title: Qubes ISO building Build Environment ----------------- -Fedora 32 has been successfully used to build Qubes R4.0 with the below steps. +Fedora 36 (and 37) has been successfully used to build Qubes R4.1 with the below steps. Other rpm-based operating systems may also work. Travis-CI uses Ubuntu 18.04 to perform test builds, except it can not test the `./setup` script. -In `dom0`, install the Fedora 32 template if you don't already have it. +**Notes:** On modern Fedora system (like Fedora 37) SeLinux is enforced by +default and is blocking the build system. You would get error like +"can't create transaction lock on /.../rpm/.rpm.lock (Permission denied)". +You can set SeLinux to permissive mode with -~~~ -sudo qubes-dom0-update qubes-template-fedora-32 +~~~bash +sudo setenforce 0 ~~~ -Create a standalone AppVM from the Fedora 32 template. + +In `dom0`, install the Fedora 36 (or 37) template if you don't already have it. + +~~~ +sudo qubes-dom0-update qubes-template-fedora-36 +~~~ + +Create a standalone AppVM from the Fedora template. Set private storage to at least 60 GB if you will be building only the default templates; 100 GB or more if you plan on additional. It's not required, but if you allocate additional CPU cores, the build process can utilize them at some steps such as the kernel build. Likewise, more memory (up to 16 GB) can help. @@ -46,7 +56,7 @@ gpg --edit-key 36879494 fpr # Verify fingerprint! See Note below! # Once verified, set trust to *ultimate* -# (Typical sequence is trust, 5, q) +# (Typical sequence is trust, 5, Y, q) wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc gpg --import qubes-developers-keys.asc ~~~ @@ -77,12 +87,12 @@ cd ~/qubes-builder ./setup # Select Yes to add Qubes Master Signing Key # Select Yes to add Qubes OS Signing Key -# Select 4.0 for version +# Select 4.1 for version # Stable # Select Yes for fast Git cloning # Select Current (if you want the option to use pre-built packages) # Select No (we want a full build) -# Select fc30 and buster (for the currently shipping templates) +# Select fc36 and bullseye (for the currently shipping templates) # Select builder-rpm, builder-debian, template-whonix, mgmt-salt # Select Yes to add adrelanos's third party key # Select Yes (to download) @@ -93,7 +103,7 @@ Once it completes downloading, re-run `setup` to add the Whonix templates: ~~~ ./setup # Choose the same options as above, except at templates select: -# fc30, buster, whonix-gateway-15, whonix-workstation-15 +# fc36, bullseye, whonix-gateway-16, whonix-workstation-16 ~~~ Continue the build process with: @@ -144,12 +154,15 @@ gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA It should look something like this: ~~~ -pub 4096R/2EEACCDA 2014-01-16 [expires: 2021-04-17] +pub rsa4096 2014-01-16 [SC] [expires: 2026-01-23] Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA -uid Patrick Schleizer -sub 4096R/CE998547 2014-01-16 [expires: 2021-04-17] -sub 4096R/119B3FD6 2014-01-16 [expires: 2021-04-17] -sub 4096R/77BB3C48 2014-01-16 [expires: 2021-04-17] +uid [ unknown] Patrick Schleizer +uid [ unknown] Patrick Schleizer +uid [ unknown] Patrick Schleizer +sub rsa4096 2014-01-16 [E] [expires: 2026-01-23] +sub rsa4096 2014-01-16 [A] [expires: 2026-01-23] +sub rsa4096 2014-01-16 [S] [expires: 2026-01-23] + ~~~ Next, prepare the Git keyring directory and copy them in: diff --git a/developer/code/coding-style.md b/developer/code/coding-style.md index 5bc1dec5..beb616a2 100644 --- a/developer/code/coding-style.md +++ b/developer/code/coding-style.md @@ -123,7 +123,7 @@ Source Code management (Git) guidelines - Use git to maintain all code for Qubes project. -- Before you start using git, make sure you understand that git is a decentralized Source Code Management system, and that it doesn't behave like traditional, centralized source code management systems, such as SVN. Here's a good [introductory book on git](http://git-scm.com/book). Read it. +- Before you start using git, make sure you understand that git is a decentralized Source Code Management system, and that it doesn't behave like traditional, centralized source code management systems, such as SVN. Here's a good [introductory book on git](https://git-scm.com/book). Read it. - Qubes code is divided into many git repositories. There are several reasons for that: - This creates natural boundaries between different code blocks, enforcing proper interfaces, and easing independent development to be conducted on various code parts at the same time, without the fear of running into conflicts. @@ -169,7 +169,7 @@ Security coding guidelines Python-specific guidelines -------------------------- -- Please follow the guidelines [here](http://www.python.org/dev/peps/pep-0008/), unless they were in conflict with what is written on this page. +- Please follow the guidelines [here](https://peps.python.org/pep-0008/), unless they were in conflict with what is written on this page. C and C++ specific guidelines ----------------------------- diff --git a/developer/code/license.md b/developer/code/license.md index f7fe3682..564fbd0b 100644 --- a/developer/code/license.md +++ b/developer/code/license.md @@ -12,7 +12,8 @@ title: Software license Qubes OS is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2 -(GPLv2). +(GPLv2). However, the license for this compilation does not supersede the +license of any package included in the compilation. The source code of Qubes OS is contained in repositories under the [@QubesOS](https://github.com/QubesOS) account on GitHub. This source code is diff --git a/developer/debugging/automated-tests.md b/developer/debugging/automated-tests.md index 3fd4ed24..38e4aca2 100644 --- a/developer/debugging/automated-tests.md +++ b/developer/debugging/automated-tests.md @@ -121,7 +121,7 @@ Tests are also compatible with nose2 test runner, so you can use this instead: sudo systemctl stop qubesd; sudo -E nose2 -v --plugin nose2.plugins.loader.loadtests qubes.tests; sudo systemctl start qubesd ``` -This may be especially useful together with various nose2 plugins to store tests results (for example `nose2.plugins.junitxml`), to ease presenting results. This is what we use on [OpenQA](http://open.qa/). +This may be especially useful together with various nose2 plugins to store tests results (for example `nose2.plugins.junitxml`), to ease presenting results. This is what we use on [OpenQA](https://open.qa/). ### Unit testing inside a VM @@ -248,7 +248,7 @@ class SomeTestCase(unittest.TestCase): **Tests:** Manually testing Qubes OS and its installation is a time-consuming process. -We use [OpenQA](http://open.qa/) to automate this process. +We use [OpenQA](https://open.qa/) to automate this process. It works by installing Qubes in KVM and interacting with it as a user would, including simulating mouse clicks and keyboard presses. Then, it checks the output to see whether various tests were passed, e.g. by comparing the virtual screen output to screenshots of a successful installation. diff --git a/developer/debugging/profiling.md b/developer/debugging/profiling.md deleted file mode 100644 index 2932b4cb..00000000 --- a/developer/debugging/profiling.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -lang: en -layout: doc -permalink: /doc/profiling/ -redirect_from: -- /en/doc/profiling/ -- /doc/Profiling/ -- /wiki/Profiling/ -ref: 48 -title: Python profiling ---- - -This is a python profiling primer. - -For the purpose of this document, `qubes-dev` is name of the domain used for postprocessing profiling stats. - -## Requirements - -~~~ -yum install gprof2dot graphviz -git clone http://git.woju.eu/qubes/profiling.git -~~~ - -If you profile something in dom0, move `Upload.sh` from the repository to dom0: - -~~~ -mkdir -p ~/profiling -qvm-run -p qubes-dev 'cat ~/profiling/Upload.sh' > ~/profiling/Upload.sh -~~~ - -- WARNING: this will obviously be running third-party code which is not signed by ITL nor Fedora. You have been warned. - -## Workflow - -### Identify function responsible for some slow action - -You have to select the area in which you suspect less than optimal performance. If you do not narrow the area, graphs may be unreadable. - -### Replace suspect function with probe - -Replace - -```python -def foo(self, bar): - # function content -``` - -with - -```python -def foo(self, *args, **kwargs): - profile.runctx('self.real_foo(*args, **kwargs)', globals(), locals(), - time.strftime('/home/user/profiling/foo-%Y%m%d-%H%M%S.pstats')) - -def real_foo(self, bar): - # function content -``` - -### Run application - -Beware that some functions may be called often. For example `qubesmanager/main.py:update_table` gets run once per second. This will produce one pstat file per second. - -Remember to revert your changes to the application afterwards. - -### Upload statistics - -If you are in dom0: - -~~~ -cd ~/profiling -./Upload.sh -~~~ - -### Analyse - -~~~ -make -~~~ - -For every `${basename}.pstats` this will produce `${basename}.txt` and `${basename}.svg`. SVG files contain call graphs. Text files contain lists of all functions, sorted by cumulative execution time. You may also try `make all-png`. - -~~~ -make index.html -~~~ - -This creates `index.html` with all SVG graphics linked to TXT files, ready for upload. - -~~~ -make REMOTE=example.com:public_html/qubes/profiling/ upload -~~~ - -## Example - -This example is from `qubes-manager` (`qubesmanager/main.py`). - -!["update\_table-20140424-170010.svg"](//attachment/doc/update_table-20140424-170010.svg) - -It is apparent that the problem is around `get_disk_usage`, which calls something via `subprocess.call`. It does this 15 times, probably once per VM. diff --git a/developer/debugging/vm-interface.md b/developer/debugging/vm-interface.md index d6fc2dff..9c54619d 100644 --- a/developer/debugging/vm-interface.md +++ b/developer/debugging/vm-interface.md @@ -34,7 +34,7 @@ Qubes VM have some settings set by dom0 based on VM settings. There are multiple - `/qubes-debug-mode` - flag whether VM has debug mode enabled (qvm-prefs setting). One of `1`, `0` - `/qubes-service/SERVICE_NAME` - subtree for VM services controlled from dom0 (using the `qvm-service` command or Qubes Manager). One of `1`, `0`. Note that not every service will be listed here, if entry is missing, it means "use VM default". A list of currently supported services is in the `qvm-service` man page. - `/qubes-netmask` - network mask (only when VM has netvm set); currently hardcoded "255.255.255.0" -- `/qubes-ip - IP address for this VM (only when VM has netvm set) +- `/qubes-ip` - IP address for this VM (only when VM has netvm set) - `/qubes-gateway` - default gateway IP (only when VM has netvm set); VM should add host route to this address directly via eth0 (or whatever default interface name is) - `/qubes-primary-dns` - primary DNS address (only when VM has netvm set) - `/qubes-secondary-dns` - secondary DNS address (only when VM has netvm set) diff --git a/developer/general/continuous-integration.md b/developer/general/continuous-integration.md index 611519e5..9c00390c 100644 --- a/developer/general/continuous-integration.md +++ b/developer/general/continuous-integration.md @@ -23,6 +23,8 @@ containing only the command. can be useful if CI incorrectly uses a stale branch instead of testing the PR as if it were merged into `master`. +- `PipelineRetryFailed`: Retry just failed CI jobs. Do not update the branch. + - `PipelineRefresh`: Like `PipelineRetry`, except it only fetches the job status from GitLab. It doesn't schedule a new build. diff --git a/developer/general/developing-gui-applications.md b/developer/general/developing-gui-applications.md new file mode 100644 index 00000000..1ff0387c --- /dev/null +++ b/developer/general/developing-gui-applications.md @@ -0,0 +1,102 @@ +--- +lang: en +layout: doc +permalink: /doc/developing-gui-applications/ +ref: 333 +title: Developing Qubes OS GUI tools +--- + +In order to avoid installing Qubes OS frontend tools you are working on in your own `dom0` or just to test them with less problems, you can use the mock Qubes object from the `qubesadmin` package. + +## Running programs using mock Qubes object + +Where you would normally provide the Qubes object, use the `qubesadmin.tests.mock_app` package and one of the mock Qubes objects from it. + +For example, the following code can be used to run the `qui-domains` tool using the mock Qubes object (this code would replace the initial part of the main function): + +```python +def main(): + ''' main function ''' + # qapp = qubesadmin.Qubes() + # dispatcher = qubesadmin.events.EventsDispatcher(qapp) + # stats_dispatcher = qubesadmin.events.EventsDispatcher(qapp, api_method='admin.vm.Stats') + + import qubesadmin.tests.mock_app as mock_app + qapp = mock_app.MockQubesComplete() + dispatcher = mock_app.MockDispatcher(qapp) + stats_dispatcher = mock_app.MockDispatcher( + qapp, api_method='admin.vm.Stats') + + # continue as normal +``` + +To run a mocked program without installing it in a qube, remember to extend PYTHONPATH appropriately, for example: + +```bash +~/qubes-sources/manager $ PYTHONPATH=../core-admin-client:. python3 qui/tray/domains.py +``` + +The mock object does not provide events (yet). + +Note: in order to see all qubes-relevant icons (like VM icons), install the `qubes-artwork` package. + +## How does it actually work + +The mock Qubes object has a collection of expected Qubes RPC calls and the responses that a real system would provide. Writing these calls manually is a bit tedious, given that most frontend tools query a lot of qube properties. For example, on a medium-sized system, initializing Qube Manager involves about 300 separate RPC calls. + +If you need more calls, you can add them to the mock object using the following syntax (the following example adds listing available vm kernels): + +```python + mock_app.expected_calls[('dom0', 'admin.pool.volume.List', 'linux-kernel', None)] = \ + b'0\x006.1.57-1.fc37\n6.1.43-1.fc37\ncustom_kernel\n' + +``` + +If error should be thrown, you need to provide the error code and name, for example: + +```python + mock_app.expected_calls[("vmname", "admin.vm.property.Get", "property_name", None)] = \ + b'2\x00QubesNoSuchPropertyError\x00\x00No such property\x00' +``` + +For details of particular calls, you can use [Extending the mock Qubes object]. + + +## Available mocks + +Three mocks are available in the `mock_app` file: + +* MockQubes, an extremely bare-bones Qubes testing instance, with just dom0, sys-net, and one template (fedora-36). +* MockQubesComplete, a more complex setup [![Qubes Manager running MockQubesComplete](/attachment/doc/doc-mock-app-ex1.png)](/attachment/doc/doc-mock-app-ex1.png) +* MockQubesWhonix, the setup above extended with several Whonix-related qubes + + +## Extending the mock Qubes object + +To collect information to modify this script, you can use the wrapper function to wrap and output all qubesd calls used by a program running on a live qubes instance. + +```python + qapp = qubesadmin.Qubes() + import qubesadmin.tests.mock_app as mock_app + qapp.qubesd_call = mock_app.wrapper(qapp.qubesd_call) + qapp._parse_qubesd_response = mock_app.wrapper(qapp._parse_qubesd_response) +``` + +## Writing tests + +The same mock Qubes can also be used to write tests. You can use the wrappers above to check which calls are made when certain actions are performed, and add them to the mock objects in the following way: + +```python +# this is an excerpt from tests for Qubes Global Config tool + clockvm_combo.set_active_id('test-blue') + + mock_qapp.expected_calls[('dom0', 'admin.property.Set', + 'clockvm', b'test-blue')] = b'0\x00' + basics_handler.save() + +``` + +If the call is made correctly, the test will continue successfully; if an unexpected call is made, the test will fail. + +Caution: the mock Qubes object does not react to changes like a normal Qubes object does. Further queries to the test object will continue to return initial values. + diff --git a/developer/general/documentation-style-guide.md b/developer/general/documentation-style-guide.md index 565587e9..84881663 100644 --- a/developer/general/documentation-style-guide.md +++ b/developer/general/documentation-style-guide.md @@ -13,88 +13,52 @@ title: Documentation style guide _Also see [how to edit the documentation](/doc/how-to-edit-the-documentation/)._ -Qubes OS documentation pages are stored as plain text Markdown files in the -[qubes-doc](https://github.com/QubesOS/qubes-doc) repository. By cloning and -regularly pulling from this repo, users can maintain their own up-to-date -offline copy of all Qubes documentation rather than relying solely on the web. +Qubes OS documentation pages are stored as plain text Markdown files in the [qubes-doc](https://github.com/QubesOS/qubes-doc) repository. By cloning and regularly pulling from this repo, users can maintain their own up-to-date offline copy of all Qubes documentation rather than relying solely on the web. -The documentation is a volunteer community effort. People like you are -constantly working to make it better. If you notice something that can be fixed -or improved, please [edit the -documentation](/doc/how-to-edit-the-documentation/)! +The documentation is a volunteer community effort. People like you are constantly working to make it better. If you notice something that can be fixed or improved, please [edit the documentation](/doc/how-to-edit-the-documentation/)! -This page explains the standards we follow for writing, formatting, and -organizing the documentation. Please follow these guidelines and conventions -when editing the documentation. For the standards governing the website as a -whole, please see the [website style guide](/doc/website-style-guide). +This page explains the standards we follow for writing, formatting, and organizing the documentation. Please follow these guidelines and conventions when editing the documentation. For the standards governing the website as a whole, please see the [website style guide](/doc/website-style-guide). ## Markdown conventions -All the documentation is written in Markdown for maximum accessibility. When -making contributions, please observe the following style conventions. If you're -not familiar with Markdown syntax, -[this](https://daringfireball.net/projects/markdown/) is a great resource. +All the documentation is written in Markdown for maximum accessibility. When making contributions, please observe the following style conventions. If you're not familiar with Markdown syntax, [this](https://daringfireball.net/projects/markdown/) is a great resource. ### Hyperlink syntax -Use non-reference-style links like `[website](https://example.com/)`. Do *not* -use reference-style links like `[website][example]`, `[website][]` or -`[website]`. This facilitates the localization process. +Use non-reference-style links like `[website](https://example.com/)`. Do *not* use reference-style links like `[website][example]`, `[website][]` or `[website]`. This facilitates the localization process. ### Relative vs. absolute links -Always use relative rather than absolute paths for internal website links. For -example, use `/doc/documentation-style-guide/` instead of -`https://www.qubes-os.org/doc/documentation-style-guide/`. +Always use relative rather than absolute paths for internal website links. For example, use `/doc/documentation-style-guide/` instead of `https://www.qubes-os.org/doc/documentation-style-guide/`. You may use absolute URLs in the following cases: - External links -- URLs that appear inside code blocks (e.g., in comments and document - templates, and the plain text reproductions of [QSBs](/security/qsb/) and - [Canaries](/security/canary/)), since they're not hyperlinks -- Git repo files like `README.md` and `CONTRIBUTING.md`, since they're not part - of the website itself but rather of the auxiliary infrastructure supporting - the website +- URLs that appear inside code blocks (e.g., in comments and document templates, and the plain text reproductions of [QSBs](/security/qsb/) and [Canaries](/security/canary/)), since they're not hyperlinks +- Git repo files like `README.md` and `CONTRIBUTING.md`, since they're not part of the website itself but rather of the auxiliary infrastructure supporting the website -This rule is important because using absolute URLs for internal website links -breaks: +This rule is important because using absolute URLs for internal website links breaks: - Serving the website offline - Website localization - Generating offline documentation -- Automatically redirecting Tor Browser visitors to the correct page on the - onion service mirror +- Automatically redirecting Tor Browser visitors to the correct page on the onion service mirror ### Image linking -See [how to add images](/doc/how-to-edit-the-documentation/#how-to-add-images) -for the required syntax. This will make the image a hyperlink to the image -file, allowing the reader to click on the image in order to view the full image -by itself. This is important. Following best practices, our website has a -responsive design, which allows the website to render appropriately across all -screen sizes. When viewing this page on a smaller screen, such as on a mobile -device, the image will automatically shrink down to fit the screen. If visitors -cannot click on the image to view it in full size, then, depending on their -device, they may have no way see the details in the image clearly. +See [how to add images](/doc/how-to-edit-the-documentation/#how-to-add-images) for the required syntax. This will make the image a hyperlink to the image file, allowing the reader to click on the image in order to view the full image by itself. This is important. Following best practices, our website has a responsive design, which allows the website to render appropriately across all screen sizes. When viewing this page on a smaller screen, such as on a mobile device, the image will automatically shrink down to fit the screen. If visitors cannot click on the image to view it in full size, then, depending on their device, they may have no way see the details in the image clearly. -In addition, make sure to link only to images in the -[qubes-attachment](https://github.com/QubesOS/qubes-attachment) repository. Do -not attempt to link to images hosted on other websites. +In addition, make sure to link only to images in the [qubes-attachment](https://github.com/QubesOS/qubes-attachment) repository. Do not attempt to link to images hosted on other websites. ### HTML and CSS -Do not write HTML inside Markdown documents (except in rare, unavoidable cases, -such as alerts). In particular, never include HTML or CSS for styling, -formatting, or white space control. That belongs in the (S)CSS files instead. +Do not write HTML inside Markdown documents (except in rare, unavoidable cases, such as [alerts](#alerts)). In particular, never include HTML or CSS for styling, formatting, or white space control. That belongs in the (S)CSS files instead. ### Headings -Do not use `h1` headings (single `#` or `======` underline). These are -automatically generated from the `title:` line in the YAML front matter. +Do not use `h1` headings (single `#` or `======` underline). These are automatically generated from the `title:` line in the YAML front matter. -Use Atx-style syntax for headings: `##h2`, `### h3`, etc. Do not use -underlining syntax (`-----`). +Use Atx-style syntax for headings: `##h2`, `### h3`, etc. Do not use underlining syntax (`-----`). ### Indentation @@ -102,49 +66,131 @@ Use spaces instead of tabs. Use hanging indentations where appropriate. ### Lists -If appropriate, make numerals in numbered lists match between Markdown source -and HTML output. Some users read the Markdown source directly, and this makes -numbered lists easier to follow. +If appropriate, make numerals in numbered lists match between Markdown source and HTML output. Some users read the Markdown source directly, and this makes numbered lists easier to follow. ### Code blocks -When writing code blocks, use [syntax -highlighting](https://github.github.com/gfm/#info-string) where possible (see -[here](https://github.com/jneen/rouge/wiki/List-of-supported-languages-and-lexers) -for a list of supported languages). Use `[...]` for anything omitted. +When writing code blocks, use [syntax highlighting](https://github.github.com/gfm/#info-string) where possible (see [here](https://github.com/jneen/rouge/wiki/List-of-supported-languages-and-lexers) for a list of supported languages). Use `[...]` for anything omitted. ### Line wrapping -Hard wrap Markdown lines at 80 characters, unless the line can't be broken -(e.g., code or a URL). +Do not hard wrap text, except where necessary (e.g., inside code blocks). + +### Do not use Markdown syntax for styling + +For example, there is a common temptation to use block quotations (created by beginning lines with the `>` character) in order to stylistically distinguish some portion of text from the rest of the document, e.g.: + +``` +> Note: This is an important note! +``` + +This renders as: + +> Note: This is an important note! + +There are two problems with this: + +1. It is a violation of the [separation of content and presentation](https://en.wikipedia.org/wiki/Separation_of_content_and_presentation), since it abuses markup syntax in order to achieve unintended stylistic results. The Markdown (and HTML, if any) should embody the *content* of the documentation, while the *presentation* is handled by (S)CSS. + +2. It is an abuse of quotation syntax for text that is not actually a quotation. (You are not quoting anyone here. You're just telling the reader to note something and trying to draw their attention to your note visually.) + +Instead, an example of an appropriate way to stylistically distinguish a portion of text is by using [alerts](#alerts). Consider also that extra styling and visual distinction may not even be necessary. In most cases, traditional writing methods are perfectly sufficient, e.g.,: + +``` +**Note:** This is an important note. +``` + +This renders as: + +**Note:** This is an important note. + +### Alerts + +Alerts are sections of HTML used to draw the reader's attention to important information, such as warnings, and for stylistic purposes. They are typically styled as colored text boxes, usually accompanied by icons. Alerts should generally be used somewhat sparingly, so as not to cause [alert fatigue](https://en.wikipedia.org/wiki/Alarm_fatigue) and since they must be written in HTML instead of Markdown, which makes the source less readable and more difficult to work with for localization and automation purposes. Here are examples of several types of alerts and their recommended icons: + +``` + + + + + + + +``` + +These render as: + + + + + + + + ## Writing guidelines ### Correct use of terminology -Familiarize yourself with the terms defined in the [glossary](/doc/glossary/). -Use these terms consistently and accurately throughout your writing. +Familiarize yourself with the terms defined in the [glossary](/doc/glossary/). Use these terms consistently and accurately throughout your writing. ### Sentence case in headings -Use sentence case (rather than title case) in headings for the reasons -explained -[here](https://www.sallybagshaw.com.au/articles/sentence-case-v-title-case/). -In particular, since the authorship of the Qubes documentation is decentralized -and widely distributed among users from around the world, many contributors -come from regions with different conventions for implementing title case, not -to mention that there are often differing style guide recommendations even -within a single region. It is much easier for all of us to implement sentence -case consistently across our growing body of pages, which is very important for -managing the ongoing maintenance burden and sustainability of the -documentation. +Use sentence case (rather than title case) in headings for the reasons explained [here](https://www.sallybagshaw.com.au/articles/sentence-case-v-title-case/). In particular, since the authorship of the Qubes documentation is decentralized and widely distributed among users from around the world, many contributors come from regions with different conventions for implementing title case, not to mention that there are often differing style guide recommendations even within a single region. It is much easier for all of us to implement sentence case consistently across our growing body of pages, which is very important for managing the ongoing maintenance burden and sustainability of the documentation. ### Writing command-line examples When providing command-line examples: -- Tell the reader where to open a terminal (dom0 or a specific domU), and show - the command along with its output (if any) in a code block, e.g.: +- Tell the reader where to open a terminal (dom0 or a specific domU), and show the command along with its output (if any) in a code block, e.g.: ~~~markdown Open a terminal in dom0 and run: @@ -155,12 +201,9 @@ When providing command-line examples: ``` ~~~ -- Precede each command with the appropriate command prompt: At a minimum, the - prompt should contain a trailing `#` (for the user `root`) or `$` (for other - users) on Linux systems and `>` on Windows systems, respectively. +- Precede each command with the appropriate command prompt: At a minimum, the prompt should contain a trailing `#` (for the user `root`) or `$` (for other users) on Linux systems and `>` on Windows systems, respectively. -- Don't try to add comments inside the code block. For example, *don't* do - this: +- Don't try to add comments inside the code block. For example, *don't* do this: ~~~markdown Open a terminal in dom0 and run: @@ -173,14 +216,11 @@ When providing command-line examples: ``` ~~~ - The `#` symbol preceding each comment is ambiguous with a root command - prompt. Instead, put your comments *outside* of the code block in normal - prose. + The `#` symbol preceding each comment is ambiguous with a root command prompt. Instead, put your comments *outside* of the code block in normal prose. ### Variable names in commands -Syntactically distinguish variables in commands. For example, this is -ambiguous: +Syntactically distinguish variables in commands. For example, this is ambiguous: $ qvm-run --dispvm=disposable-template --service qubes.StartApp+xterm @@ -194,135 +234,53 @@ Note that we syntactically distinguish variables in three ways: 2. Using underscores (`_`) instead of spaces between words 3. Using all capital letters -We have observed that many novices make the mistake of typing the surrounding -angled brackets (`< >`) on the command line, even after substituting the -desired real value between them. Therefore, in documentation aimed at novices, -we also recommend clarifying that the angled brackets should not be typed. This -can be accomplished in one of several ways: +We have observed that many novices make the mistake of typing the surrounding angled brackets (`< >`) on the command line, even after substituting the desired real value between them. Therefore, in documentation aimed at novices, we also recommend clarifying that the angled brackets should not be typed. This can be accomplished in one of several ways: - Explicitly say something like "without the angled brackets." -- Provide an example command using real values that excludes the angled - brackets. -- If you know that almost all users will want to use (or should use) a specific - command containing all real values and no variables, you might consider - providing exactly that command and forgoing the version with variables. - Novices may not realize which parts of the command they can substitute with - different values, but if you've correctly judged that they should use the - command you've provided as is, then this shouldn't matter. +- Provide an example command using real values that excludes the angled brackets. +- If you know that almost all users will want to use (or should use) a specific command containing all real values and no variables, you might consider providing exactly that command and forgoing the version with variables. Novices may not realize which parts of the command they can substitute with different values, but if you've correctly judged that they should use the command you've provided as is, then this shouldn't matter. + +### Capitalization of "qube" + +We introduced the term ["qube"](/doc/glossary/#qube) as a user-friendly alternative to the term ["virtual machine" ("VM")](/doc/glossary/#vm) in the context of Qubes OS. Nonetheless, "qube" is a common noun like the words "compartment" and "container." Therefore, in English, "qube" follows the standard capitalization rules for common nouns. For example, "I have three qubes" is correct, while "I have three Qubes" is incorrect. Like other common nouns, "qube" should still be capitalized at the beginnings of sentences, the beginnings of sentence-case headings, and in title-case headings. Note, however, that starting a sentence with the plural of "qube" (e.g., "Qubes can be shut down...") can be ambiguous, since it may not be clear whether the referent is a plurality of qubes, [Qubes OS](/doc/glossary/#qubes-os), or even the Qubes OS Project itself. Hence, it is generally a good idea to rephrase such sentences in order to avoid this ambiguity. + +Many people feel a strong temptation to capitalize the word "qube" all the time, like a proper noun, perhaps because it's a new and unfamiliar term that's closely associated with a particular piece of software (namely, Qubes OS). However, these factors are not relevant to the capitalization rules of English. In fact, it's not unusual for new common nouns to be introduced into English, especially in the context of technology. For example, "blockchain" is a relatively recent technical term that's a common noun. Why is it a common noun rather than a proper noun? Because proper nouns refer to *particular* people, places, things, and ideas. There are many different blockchains. However, even when there was just one, the word still denoted a collection of things rather than a particular thing. It happened to be the case that there was only one member in that collection at the time. For example, if there happened to be only one tree in the world, that wouldn't change the way we capitalize sentences like, "John sat under a tree." Intuitively, it makes sense that the addition and removal of objects from the world shouldn't cause published books to become orthographicallly incorrect while sitting on their shelves. + +Accordingly, the reason "qube" is a common noun rather than a proper noun is because it doesn't refer to any one specific thing (in this case, any one specific virtual machine). Rather, it's the term for any virtual machine in a Qubes OS installation. (Technically, while qubes are currently implemented as virtual machines, Qubes OS is independent of its underlying compartmentalization technology. Virtual machines could be replaced with a different technology, and qubes would still be called "qubes.") + +I have several qubes in my Qubes OS installation, and you have several in yours. Every Qubes OS user has their own set of qubes, just as each of us lives in some neighborhood on some street. Yet we aren't tempted to treat words like "neighborhood" or "street" as proper nouns (unless, of course, they're part of a name, like "Acorn Street"). Again, while this might seem odd because "qube" is a new word that we invented, that doesn't change how English works. After all, *every* word was a new word that someone invented at some point (otherwise we wouldn't have any words at all). We treat "telephone," "computer," "network," "program," and so on as common nouns, even though those were all new technological inventions in the not-too-distant past (on a historical scale, at least). So, we shouldn't allow ourselves to be confused by irrelevant factors, like the fact that the inventors happened to be *us* or that the invention was *recent* or is not in widespread use among humanity. + +### English language conventions + +For the sake of consistency and uniformity, the Qubes documentation aims to follow the conventions of American English, where applicable. (Please note that this is an arbitrary convention for the sake consistency and not a value judgment about the relative merits of British versus American English.) ## Organizational guidelines ### Do not duplicate documentation -Duplicating documentation is almost always a bad idea. There are many reasons -for this. The main one is that almost all documentation has to be updated as -some point. When similar documentation appears in more than one place, it is -very easy for it to get updated in one place but not the others (perhaps -because the person updating it doesn't realize it's in more than once place). -When this happens, the documentation as a whole is now inconsistent, and the -outdated documentation becomes a trap, especially for novice users. Such traps -are often more harmful than if the documentation never existed in the first -place. The solution is to **link** to existing documentation rather than -duplicating it. There are some exceptions to this policy (e.g., information -that is certain not to change for a very long time), but they are rare. +Duplicating documentation is almost always a bad idea. There are many reasons for this. The main one is that almost all documentation has to be updated as some point. When similar documentation appears in more than one place, it is very easy for it to get updated in one place but not the others (perhaps because the person updating it doesn't realize it's in more than once place). When this happens, the documentation as a whole is now inconsistent, and the outdated documentation becomes a trap, especially for novice users. Such traps are often more harmful than if the documentation never existed in the first place. The solution is to **link** to existing documentation rather than duplicating it. There are some exceptions to this policy (e.g., information that is certain not to change for a very long time), but they are rare. ### Core vs. external documentation -Core documentation resides in the [Qubes OS Project's official -repositories](https://github.com/QubesOS/), mainly in -[qubes-doc](https://github.com/QubesOS/qubes-doc). External documentation can -be anywhere else (such as forums, community websites, and blogs), but there is -an especially large collection in the [Qubes -Community](https://github.com/Qubes-Community) project. External documentation -should not be submitted to [qubes-doc](https://github.com/QubesOS/qubes-doc). -If you've written a piece of documentation that is not appropriate for -[qubes-doc](https://github.com/QubesOS/qubes-doc), we encourage you to submit -it to the [Qubes Community](https://github.com/Qubes-Community) project -instead. However, *linking* to external documentation from -[qubes-doc](https://github.com/QubesOS/qubes-doc) is perfectly fine. Indeed, -the maintainers of the [Qubes Community](https://github.com/Qubes-Community) -project should regularly submit PRs against the documentation index (see [How -to edit the documentation -index](/doc/how-to-edit-the-documentation/#how-to-edit-the-documentation-index)) -to add and update Qubes Community links in the ["External -documentation"](/doc/#external-documentation) section of the documentation -table of contents. +Core documentation resides in the [Qubes OS Project's official repositories](https://github.com/QubesOS/), mainly in [qubes-doc](https://github.com/QubesOS/qubes-doc). External documentation can be anywhere else (such as forums, community websites, and blogs), but there is an especially large collection in the [Qubes Community](https://github.com/Qubes-Community) project. External documentation should not be submitted to [qubes-doc](https://github.com/QubesOS/qubes-doc). If you've written a piece of documentation that is not appropriate for [qubes-doc](https://github.com/QubesOS/qubes-doc), we encourage you to submit it to the [Qubes Community](https://github.com/Qubes-Community) project instead. However, *linking* to external documentation from [qubes-doc](https://github.com/QubesOS/qubes-doc) is perfectly fine. Indeed, the maintainers of the [Qubes Community](https://github.com/Qubes-Community) project should regularly submit PRs against the documentation index (see [How to edit the documentation index](/doc/how-to-edit-the-documentation/#how-to-edit-the-documentation-index)) to add and update Qubes Community links in the ["External documentation"](/doc/#external-documentation) section of the documentation table of contents. -The main difference between **core** (or **official**) and **external** (or -**community** or **unofficial**) documentation is whether it documents software -that is officially written and maintained by the Qubes OS Project. The purpose -of this distinction is to keep the core docs maintainable and high-quality by -limiting them to the software output by the Qubes OS Project. In other words, -we take responsibility for documenting all of the software we put out into the -world, but it doesn't make sense for us to take on the responsibility of -documenting or maintaining documentation for anything else. For example, Qubes -OS may use a popular Linux distribution for an official -[TemplateVM](/doc/templates/). However, it would not make sense for a -comparatively small project like ours, with modest funding and a lean -workforce, to attempt to document software belonging to a large, richly-funded -project with an army of paid and volunteer contributors, especially when they -probably already have documentation of their own. This is particularly true -when it comes to Linux in general. Although many users who are new to Qubes are -also new to Linux, it makes absolutely no sense for our comparatively tiny -project to try to document Linux in general when there is already a plethora of -documentation out there. +The main difference between **core** (or **official**) and **external** (or **community** or **unofficial**) documentation is whether it documents software that is officially written and maintained by the Qubes OS Project. The purpose of this distinction is to keep the core docs maintainable and high-quality by limiting them to the software output by the Qubes OS Project. In other words, we take responsibility for documenting all of the software we put out into the world, but it doesn't make sense for us to take on the responsibility of documenting or maintaining documentation for anything else. For example, Qubes OS may use a popular Linux distribution for an official [TemplateVM](/doc/templates/). However, it would not make sense for a comparatively small project like ours, with modest funding and a lean workforce, to attempt to document software belonging to a large, richly-funded project with an army of paid and volunteer contributors, especially when they probably already have documentation of their own. This is particularly true when it comes to Linux in general. Although many users who are new to Qubes are also new to Linux, it makes absolutely no sense for our comparatively tiny project to try to document Linux in general when there is already a plethora of documentation out there. -Many contributors do not realize that there is a significant amount of work -involved in *maintaining* documentation after it has been written. They may -wish to write documentation and submit it to the core docs, but they see only -their own writing process and fail to consider that it will have to be kept -up-to-date and consistent with the rest of the docs for years afterward. -Submissions to the core docs also have to [undergo a review -process](/doc/how-to-edit-the-documentation#security) to ensure accuracy before -being merged, which takes up valuable time from the team. We aim to maintain -high quality standards for the core docs (style and mechanics, formatting), -which also takes up a lot of time. If the documentation involves anything -external to the Qubes OS Project (such as a website, platform, program, -protocol, framework, practice, or even a reference to a version number), the -documentation is likely to become outdated when that external thing changes. -It's also important to periodically review and update this documentation, -especially when a new Qubes release comes out. Periodically, there may be -technical or policy changes that affect all the core documentation. The more -documentation there is relative to maintainers, the harder all of this will be. -Since there are many more people who are willing to write documentation than to -maintain it, these individually small incremental additions amount to a -significant maintenance burden for the project. +Many contributors do not realize that there is a significant amount of work involved in *maintaining* documentation after it has been written. They may wish to write documentation and submit it to the core docs, but they see only their own writing process and fail to consider that it will have to be kept up-to-date and consistent with the rest of the docs for years afterward. Submissions to the core docs also have to [undergo a review process](/doc/how-to-edit-the-documentation/#security) to ensure accuracy before being merged, which takes up valuable time from the team. We aim to maintain high quality standards for the core docs (style and mechanics, formatting), which also takes up a lot of time. If the documentation involves anything external to the Qubes OS Project (such as a website, platform, program, protocol, framework, practice, or even a reference to a version number), the documentation is likely to become outdated when that external thing changes. It's also important to periodically review and update this documentation, especially when a new Qubes release comes out. Periodically, there may be technical or policy changes that affect all the core documentation. The more documentation there is relative to maintainers, the harder all of this will be. Since there are many more people who are willing to write documentation than to maintain it, these individually small incremental additions amount to a significant maintenance burden for the project. -On the positive side, we consider the existence of community documentation to -be a sign of a healthy ecosystem, and this is quite common in the software -world. The community is better positioned to write and maintain documentation -that applies, combines, and simplifies the official documentation, e.g., -tutorials that explain how to install and use various programs in Qubes, how to -create custom VM setups, and introductory tutorials that teach basic Linux -concepts and commands in the context of Qubes. In addition, just because the -Qubes OS Project has officially written and maintains some flexible framework, -such as `qrexec`, it does not make sense to include every tutorial that says -"here's how to do something cool with `qrexec`" in the core docs. Such -tutorials generally also belong in the community documentation. +On the positive side, we consider the existence of community documentation to be a sign of a healthy ecosystem, and this is quite common in the software world. The community is better positioned to write and maintain documentation that applies, combines, and simplifies the official documentation, e.g., tutorials that explain how to install and use various programs in Qubes, how to create custom VM setups, and introductory tutorials that teach basic Linux concepts and commands in the context of Qubes. In addition, just because the Qubes OS Project has officially written and maintains some flexible framework, such as `qrexec`, it does not make sense to include every tutorial that says "here's how to do something cool with `qrexec`" in the core docs. Such tutorials generally also belong in the community documentation. -See [#4693](https://github.com/QubesOS/qubes-issues/issues/4693) for more -background information. +See [#4693](https://github.com/QubesOS/qubes-issues/issues/4693) for more background information. ### Release-specific documentation -*See [#5308](https://github.com/QubesOS/qubes-issues/issues/5308) for pending -changes to this policy.* +*See [#5308](https://github.com/QubesOS/qubes-issues/issues/5308) for pending changes to this policy.* -We maintain only one set of documentation for Qubes OS. We do not maintain a -different set of documentation for each release of Qubes. Our single set of -Qubes OS documentation is updated on a continual, rolling basis. Our first -priority is to document all **current, stable releases** of Qubes. Our second -priority is to document the next, upcoming release (if any) that is currently -in the beta or release candidate stage. +We maintain only one set of documentation for Qubes OS. We do not maintain a different set of documentation for each release of Qubes. Our single set of Qubes OS documentation is updated on a continual, rolling basis. Our first priority is to document all **current, stable releases** of Qubes. Our second priority is to document the next, upcoming release (if any) that is currently in the beta or release candidate stage. -In cases where a documentation page covers functionality that differs -considerably between Qubes OS releases, the page should be subdivided into -clearly-labeled sections that cover the different functionality in different -releases (examples below). +In cases where a documentation page covers functionality that differs considerably between Qubes OS releases, the page should be subdivided into clearly-labeled sections that cover the different functionality in different releases (examples below). -In general, avoid mentioning specific Qubes versions in the body text of -documentation, as these references rapidly go out of date and become misleading -to readers. +In general, avoid mentioning specific Qubes versions in the body text of documentation, as these references rapidly go out of date and become misleading to readers. #### Incorrect Example @@ -381,65 +339,17 @@ general `qubes-baz` command: Once you foo, make sure to close the baz before fooing the next bar. ``` -Subdividing the page into clearly-labeled sections for each release has several -benefits: +Subdividing the page into clearly-labeled sections for each release has several benefits: -- It preserves good content for older (but still supported) releases. Many - documentation contributors are also people who prefer to use the latest - release. Many of them are tempted to *replace* existing content that applies - to an older, supported release with content that applies only to the latest - release. This is somewhat understandable. Since they only use the latest - release, they may be focused on their own experience, and they may even - regard the older release as deprecated, even when it's actually still - supported. However, allowing this replacement of content would do a great - disservice to those who still rely on the older, supported release. In many - cases, these users value the stability and reliability of the older, - supported release. With the older, supported release, there has been more - time to fix bugs and make improvements in both the software and the - documentation. Consequently, much of the documentation content for this - release may have gone through several rounds of editing, review, and - revision. It would be a tragedy for this content to vanish while the very set - of users who most prize stability and reliability are depending on it. -- It's easy for readers to quickly find the information they're looking for, - since they can go directly to the section that applies to their release. -- It's hard for readers to miss information they need, since it's all in one - place. In the incorrect example, information that the reader needs could be - in any paragraph in the entire document, and there's no way to tell without - reading the entire page. In the correct example, the reader can simply skim - the headings in order to know which parts of the page need to be read and - which can be safely ignored. The fact that some content is repeated in the - two release-specific sections is not a problem, since no reader has to read - the same thing twice. Moreover, as one release gets updated, it's likely that - the documentation for that release will also be updated. Therefore, content - that is initially duplicated between release-specific sections will not - necessarily stay that way, and this is a good thing: We want the - documentation for a release that *doesn't* change to stay the same, and we - want the documentation for a release that *does* change to change along with - the software. -- It's easy for documentation contributors and maintainers to know which file - to edit and update, since there's only one page for all Qubes OS releases. - Initially creating the new headings and duplicating content that applies to - both is only a one-time cost for each page, and many pages don't even require - this treatment, since they apply to all currently-supported Qubes OS - releases. +- It preserves good content for older (but still supported) releases. Many documentation contributors are also people who prefer to use the latest release. Many of them are tempted to *replace* existing content that applies to an older, supported release with content that applies only to the latest release. This is somewhat understandable. Since they only use the latest release, they may be focused on their own experience, and they may even regard the older release as deprecated, even when it's actually still supported. However, allowing this replacement of content would do a great disservice to those who still rely on the older, supported release. In many cases, these users value the stability and reliability of the older, supported release. With the older, supported release, there has been more time to fix bugs and make improvements in both the software and the documentation. Consequently, much of the documentation content for this release may have gone through several rounds of editing, review, and revision. It would be a tragedy for this content to vanish while the very set of users who most prize stability and reliability are depending on it. +- It's easy for readers to quickly find the information they're looking for, since they can go directly to the section that applies to their release. +- It's hard for readers to miss information they need, since it's all in one place. In the incorrect example, information that the reader needs could be in any paragraph in the entire document, and there's no way to tell without reading the entire page. In the correct example, the reader can simply skim the headings in order to know which parts of the page need to be read and which can be safely ignored. The fact that some content is repeated in the two release-specific sections is not a problem, since no reader has to read the same thing twice. Moreover, as one release gets updated, it's likely that the documentation for that release will also be updated. Therefore, content that is initially duplicated between release-specific sections will not necessarily stay that way, and this is a good thing: We want the documentation for a release that *doesn't* change to stay the same, and we want the documentation for a release that *does* change to change along with the software. +- It's easy for documentation contributors and maintainers to know which file to edit and update, since there's only one page for all Qubes OS releases. Initially creating the new headings and duplicating content that applies to both is only a one-time cost for each page, and many pages don't even require this treatment, since they apply to all currently-supported Qubes OS releases. -By contrast, an alternative approach, such as segregating the documentation -into two different branches, would mean that contributions that apply to both -Qubes releases would only end up in one branch, unless someone remembered to -manually submit the same thing to the other branch and actually made the effort -to do so. Most of the time, this wouldn't happen. When it did, it would mean a -second pull request that would have to be reviewed. Over time, the different -branches would diverge in non-release-specific content. Good general content -that was submitted only to one branch would effectively disappear once that -release was deprecated. (Even if it were still on the website, no one would -look at it, since it would explicitly be in the subdirectory of a deprecated -release, and there would be a motivation to remove it from the website so that -search results wouldn't be populated with out-of-date information.) +By contrast, an alternative approach, such as segregating the documentation into two different branches, would mean that contributions that apply to both Qubes releases would only end up in one branch, unless someone remembered to manually submit the same thing to the other branch and actually made the effort to do so. Most of the time, this wouldn't happen. When it did, it would mean a second pull request that would have to be reviewed. Over time, the different branches would diverge in non-release-specific content. Good general content that was submitted only to one branch would effectively disappear once that release was deprecated. (Even if it were still on the website, no one would look at it, since it would explicitly be in the subdirectory of a deprecated release, and there would be a motivation to remove it from the website so that search results wouldn't be populated with out-of-date information.) -For further discussion about release-specific documentation in Qubes, see -[here](https://groups.google.com/d/topic/qubes-users/H9BZX4K9Ptk/discussion). +For further discussion about release-specific documentation in Qubes, see [here](https://groups.google.com/d/topic/qubes-users/H9BZX4K9Ptk/discussion). ## Git conventions -Please follow our [Git commit message -guidelines](/doc/coding-style/#commit-message-guidelines). +Please follow our [Git commit message guidelines](/doc/coding-style/#commit-message-guidelines). diff --git a/developer/general/gsod.md b/developer/general/gsod.md index fbb13eb5..d02b5163 100644 --- a/developer/general/gsod.md +++ b/developer/general/gsod.md @@ -6,78 +6,95 @@ ref: 242 title: Google Season of Docs (GSoD) --- -Thank you for your interest in participating in the [2021 Google Season of Docs](https://developers.google.com/season-of-docs/) program with the [Qubes OS team](/team/). You can read more about the Google Season of Docs in the official [guides](https://developers.google.com/season-of-docs/docs/) and [FAQ](https://developers.google.com/season-of-docs/docs/faq). +Thank you for your interest in participating in the [2023 Google Season of Docs](https://developers.google.com/season-of-docs/) program with the [Qubes OS team](/team/). This page details our 2023 project idea as well as completed past projects. You can read more about the Google Season of Docs in the official [guides](https://developers.google.com/season-of-docs/docs/) and [FAQ](https://developers.google.com/season-of-docs/docs/faq). -## 2021 Project Idea +## Instructional video series -- Qubes OS -### Qubes OS on Virtual Machines and Disposable VMs documentation - Qubes OS +### About the Qubes OS Project -#### About your organization +Qubes OS is a security-focused operating system that allows you to organize your digital life into compartments called "qubes." If one qube is compromised, the others remain safe, so a single cyberattack can no longer take down your entire digital life in one fell swoop. You can think of using Qubes OS as having many different computers on your desk for different activities but with the convenience of a single physical machine, a single unified desktop environment, and a set of tools for using qubes together securely as parts of a unified system. -Qubes OS is a free and open source operating system uniquely designed to protect the security and privacy of the user. Its architecture is built to enable a user to define different security environments ("qubes") on their computer and visually manage their interaction with each other and the world. +Qubes OS was launched in 2011 and has [received praise from security experts and organizations](/endorsements/) like Edward Snowden, the Freedom of the Press Foundation, Micah Lee, and Let's Encrypt. Qubes has [over 40,000 active users](/statistics/). From network-level to software-level protections, as well as protections against firmware and hardware attacks, Qubes OS is trying to protect the user from the most significant attacks they encounter so that they can get their work done safely. -Qubes OS was launched in 2011 and has [received praise from security experts](https://www.qubes-os.org/endorsements/) like Edward Snowden, Bill Buddington (EFF), Isis Lovecruft (Tor Project), and Kenn White (Open Crypto Audit), and has over [30,000 active users](https://www.qubes-os.org/statistics/). +### The project's problem -From network-level to software-level protections, as well as protections against firmware and hardware attacks, Qubes OS is trying to protect the user from the most significant attacks they encounter so that they can get their work done, safely. +There is user demand for high-quality, up-to-date video guides that take users from zero Linux knowledge to using Qubes as a daily driver and performing specific tasks inside of Qubes, but almost no such videos exist. Although most of the required knowledge is documented, many users report that they would prefer to watch videos rather than read text or that they would find videos easier to understand and follow along with. -#### The Project +### The project's scope -The goal of the project is to improve the documentation related to Disposable VMs and installing Qubes OS on Virtual Machines. +This project consists of creating a series of instructional videos that satisfy the following criteria: -The current Disposable VMs documentation is scarce, inconsistent in places and is scattered across multiple pages, sometimes hard to find. This project involves consolidating it into one or few easy to find pages, covering all related subjects. It should be written in way easy to follow and understand, clearly separating basic use cases, advanced ones and internal details. The terminology should also be used consistently. +- Prospective users who are not yet familiar with Linux or Qubes OS can easily understand and follow the videos. +- The videos make a good effort to catch and keep the attention of their target audience. +- Users can follow the videos step-by-step to install Qubes OS and accomplish various tasks. +- The videos show the actual software being used (i.e., Qubes OS and any relevant software running inside of it). +- The videos are technically accurate, include security warnings where appropriate, and use terminology in a way that is consistent with the rest of the documentation (also see the [glossary](/doc/glossary/)). +- The video series is comprehensive enough that users do not need to consult the documentation or ask questions (e.g., on the forum) in order to accomplish the most popular tasks and activities. +- The videos include voice narration. (Showing the speaker is optional.) +- The quality of the videos is consistent with current standards regarding things like editing, transitions, animations, lighting, and audio quality. +- The videos are in high definition (minimum 1080p, preferably 4k). +- The videos are separated into a series, where each video is an appropriate length and is appropriately connected to the other videos in the series. +- The videos are suitable for upload and sharing on popular video-sharing and social-media platforms, such as YouTube and Twitter. (The account or channel under which the videos are uploaded is open to discussion on platforms where the Qubes OS Project does not already have a significant established presence, such as YouTube.) +- The videos are suitable for embedding in appropriate places in the Qubes documentation. (E.g., a video on how to update Qubes OS should be appropriate for appearing on the [how to update](/doc/how-to-update/) page.) +- Where possible, the videos should strive to be version-independent. (For example, a video explaining the template system should still be relevant many releases from now if the template system has not changed.) -Additionally, Qubes OS is missing an installation guide for virtual machines. Users are installing an outdated and unsupported version of Qubes OS (3.2) instead of the supported version. There is unofficial existing installation guide for Qubes OS on a virtual box but it is misleading and lacks documentation. Usually, users face some errors and bugs while installing Qubes OS on a virtual machine. This project also involves writing an installation guide that details how to install Qubes on virtual machines, and how to troubleshoot any issues that may arise. +Below is an example of the content (which is already [documented](/doc/)) that the video series is likely to cover. The precise scope of content is to be determined in consultation with the video creator. -#### Project’s scope +- Introduction to Qubes +- Selecting appropriate hardware +- How to install Qubes OS +- First steps after installing +- How to organize your qubes +- How to update +- How to back up, restore, and migrate +- How to copy and paste text (including dom0) +- How to copy and move files (including dom0) +- How to install software +- How to use and customize disposables +- How to enter fullscreen mode +- How to use devices (including block storage, USB, PCI, and optical) +- Templates: understanding, installing, uninstalling, reinstalling, etc. +- Common troubleshooting (preferably included in previous videos at appropriate points) +- The Qubes firewall +- Passwordless root +- Anti Evil Maid +- Split GPG +- U2F proxy +- YubiKey +- Whonix +- How to install and use a VPN in Qubes +- How to install and use Windows in Qubes +- Other popular topics, as time permits -The technical writer will: +The project is estimated to need around six months to complete (see the timeline below). Qubes team members, including Michael Carbone, Andrew Wong, and Marek Marczykowski-Górecki, will supervise and support the creator. -* Review existing Disposable VM documentation +### Measuring the project's success -* Propose new documentation layout, including split between pages +We will consider the project successful if, after publication of the video series: -* Propose updated and clarified content +- Actual prospective users with no prior familiarity with Linux or Qubes OS are able to successfully install and use Qubes OS as intended by following along with the videos. +- The reception to the videos is generally positive and complaints about quality and accuracy are minimal. +- Appropriate analytics (e.g., YouTube metrics) are average or better for videos of this type (to be determined in consultation with the creator). -* Provide a new option of installation guide for users working on virtual machines. +### Timeline -* Review existing problems and provide solutions to them. +| Dates | Action items | +| -------------- | --------------------------------------- | +| March | Orientation | +| April--October | Create Qubes OS video series | +| November | Final project evaluation and case study | -* Giving a warning for using outdated versions of Qubes. -Knowledge prerequisites: +### Project budget -* Basic Qubes OS knowledge - intro, getting started. +| Expense | Amount | +| --------------------------------------- | ------- | +| Video creator (20 hours/week, 6 months) | $12,000 | +| TOTAL | $12,000 | -* Markdown. +### Additional information -* Experience in virtual boxes and machines. - -* Basic knowledge about Fedora Linux architecture. - -The project is estimated to need around 6 months, with a part-time (20hr/week) workload. Qubes OS team members focused on documentation (Michael Carbone, Andrew David Wong, Marek Marczykowski-Górecki) have committed to supporting the project. - -#### Measuring the project’s success - -We will consider the project successful if, after publication of the new documentation: - -* The Disposable VM documentation is consilidated into a few pages and easier to find. - -* Disposable VM terminology is consistent across all pages - -* There is a new installation guide detailing how to install Qubes on virtual machines (VirtualBox), complete with screenshots and troubleshooting steps where necessary. - -* There is a decrease (by ~20%) in the number of issues and questions raised for topics covered in the documentation, whether in the official Github issues tracker, the Qubes mailing list, or the Qubes community forum. - -#### Budget - -| Budget item | Amount | Running total | Note / Justification | -|-|-|-|-| -| Technical writer audit, update, and write new documentation | $12000 | $12000 | based on a 20hr/week for 6 months at 25$/hr | -| TOTAL | | $12000 | | - -#### Additional information -Qubes OS regularly participates in the Google Summer of Code and Google Season of Docs. This is our third time in a row participating in Google Season of Docs. Our mentorships for GSoD 2019 and 2020 were successes and both projects were completed -within the times allotted. The past Google Season of Docs projects have given us experience in working with technical writers, and has helped us to understand the benefits of technical writers can to our project +Qubes OS regularly participates in Google Summer of Code and Google Season of Docs. This is our third time participating in Google Season of Docs. Our mentorships for GSoD 2019 and 2020 were successes, and both projects were completed within the times allotted. The past Google Season of Docs projects have given us experience in working with technical writers and have helped us to understand the benefits that technical writers can bring to our project. While our experience in working with video creators is more limited, we are keenly aware of the benefits of high-quality video content, as well as the significant time, resources, and talent required to create it. ## Past Projects @@ -110,7 +127,7 @@ This could be helped by writing a consolidated guide with a clear list of sympto **Project**: Improve Getting Started page -**Brief explanation**: The [Getting Started page](https://www.qubes-os.org/doc/getting-started/) is the place a new user would go to understand better how to use Qubes. It is currently has old screenshots not using the default desktop environment and could have much better flow. In addition, this improved page content may end up being served more directly to the user via the [offline documentation](https://github.com/QubesOS/qubes-issues/issues/1019) or the firstboot guide. +**Brief explanation**: The [Getting Started page](/doc/getting-started/) is the place a new user would go to understand better how to use Qubes. It is currently has old screenshots not using the default desktop environment and could have much better flow. In addition, this improved page content may end up being served more directly to the user via the [offline documentation](https://github.com/QubesOS/qubes-issues/issues/1019) or the firstboot guide. **Expected results**: @@ -128,14 +145,14 @@ This could be helped by writing a consolidated guide with a clear list of sympto **Project**: Rewrite qrexec documentation -**Brief explanation**: Current qrexec (qubes remote exec) documentation is hard to follow, important informations are hidden within a wall of text. +**Brief explanation**: Current qrexec (qubes remote exec) documentation is hard to follow, important information is hidden within a wall of text. Some parts are split into multiple sections, for example version specific to avoid duplication, but it doesn't help reading it. Additionally, protocol documentation describes only few specific use cases, instead of being clear and precise protocol specification. Fixing this last point may require very close cooperation with developers, as the current documentation doesn't multiple corner cases (that's one of the issue with its current shape). **Expected results**: -- Review existing [qrexec documentation](https://www.qubes-os.org/doc/qrexec3/) and an [issue about it](https://github.com/QubesOS/qubes-issues/issues/1392) +- Review existing [qrexec documentation](/doc/qrexec3/) and an [issue about it](https://github.com/QubesOS/qubes-issues/issues/1392) - Propose updated, consolidated admin documentation (policy writing, adding services) - Propose consolidated protocol specification, based on the current documentation, and cooperation with developers diff --git a/developer/general/join.md b/developer/general/join.md deleted file mode 100644 index 3e5e036a..00000000 --- a/developer/general/join.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -lang: en -layout: doc -permalink: /join/ -ref: 26 -title: Join ---- - -The Qubes OS Project does not currently have any open positions. -This page will be updated when open positions become available. -In the meantime, there are many different ways you can [contribute to the Qubes OS project](/doc/contributing/). diff --git a/developer/general/usability-ux.md b/developer/general/usability-ux.md index 5e0c5359..b2c1f961 100644 --- a/developer/general/usability-ux.md +++ b/developer/general/usability-ux.md @@ -206,14 +206,14 @@ Clearly, cutting out something as simple as navigating through the file system c ## GNOME, KDE, and Xfce -The desktop GUIs that QubesOS versions 1 - 3.1 offer are [KDE](https://www.kde.org) and [Xfce](https://xfce.org). We are currently migrating towards using [GNOME](https://www.gnome.org). We know some people prefer KDE, but we believe Gnome is easier to use for average non-technical users. Xfce will always be supported, and technical users will always have the choice to use KDE or other desktop environments. +The desktop GUIs that QubesOS versions 1 - 4.1 offer are [KDE](https://kde.org) and [Xfce](https://xfce.org). We are currently migrating towards using [GNOME](https://www.gnome.org). We know some people prefer KDE, but we believe Gnome is easier to use for average non-technical users. Xfce will always be supported, and technical users will always have the choice to use KDE or other desktop environments. -This change means you should use [GTK](https://www.gtk.org/) rather than Qt for new GUIs. +This change means you should use [GTK](https://gtk.org/) rather than Qt for new GUIs. All three of these mentioned desktop environments have their own [human interface guidelines](https://en.wikipedia.org/wiki/Human_interface_guidelines), and we suggest you familiarize yourself with the platform you developing for. -- [GNOME Human Interface Guidelines](https://developer.gnome.org/hig/3.18/) -- [KDE HIG](https://techbase.kde.org/Projects/Usability/HIG) +- [GNOME Human Interface Guidelines](https://developer.gnome.org/hig/) +- [KDE HIG](https://hig.kde.org/) - [Xfce UI Guidlines](https://wiki.xfce.org/dev/hig/general) --- @@ -222,9 +222,9 @@ All three of these mentioned desktop environments have their own [human interfac Learning to make well designing intuitive interfaces and software is specialized skillset that can take years to cultivate, but if you are interested in furthering your understanding, we suggest the following resources: -- [Learn Design Principles](http://learndesignprinciples.com) by Melissa Mandelbaum -- [Usability in Free Software](http://jancborchardt.net/usability-in-free-software) by Jan C. Borchardt +- [Learn Design Principles](https://web.archive.org/web/20180101172357/http://learndesignprinciples.com/) by Melissa Mandelbaum +- [Usability in Free Software](https://jancborchardt.net/usability-in-free-software) by Jan C. Borchardt - [Superheroes & Villains in Design](https://vimeo.com/70030549) by Aral Balkan -- [First Rule of Usability? Don’t Listen to Users](http://www.nngroup.com/articles/first-rule-of-usability-dont-listen-to-users/) by Jakob Nielsen +- [First Rule of Usability? Don’t Listen to Users](https://www.nngroup.com/articles/first-rule-of-usability-dont-listen-to-users/) by Jakob Nielsen - [10 Usability Heuristics for User Interface Design](https://www.nngroup.com/articles/ten-usability-heuristics/) by Jakob Nielsen - [Hack Design](https://hackdesign.org/) - online learning program diff --git a/developer/releases/4_1/release-notes.md b/developer/releases/4_1/release-notes.md index e88bc8af..e2a4f9f9 100644 --- a/developer/releases/4_1/release-notes.md +++ b/developer/releases/4_1/release-notes.md @@ -68,6 +68,7 @@ permalink: /doc/releases/4.1/release-notes/ `/etc/qubes/guid.conf` file is no longer used - `qvm-run` tool got `--no-shell` option to run a single command without using a shell inside the qube +- MAC Randomization for iwlwifi (see [#938](https://github.com/QubesOS/qubes-issues/issues/938)) For a full list, including more detailed descriptions, please see [here](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+milestone%3A%22Release+4.1%22+label%3A%22release+notes%22+is%3Aclosed). diff --git a/developer/releases/4_2/release-notes.md b/developer/releases/4_2/release-notes.md new file mode 100644 index 00000000..7b4dbc58 --- /dev/null +++ b/developer/releases/4_2/release-notes.md @@ -0,0 +1,59 @@ +--- +layout: doc +title: Qubes OS 4.2.0 release notes +permalink: /doc/releases/4.2/release-notes/ +--- + +## New features and improvements since Qubes 4.1 + +- Dom0 upgraded to Fedora 37 ([#6982](https://github.com/QubesOS/qubes-issues/issues/6982)) +- Xen upgraded to version 4.17 +- Default Debian template upgraded to Debian 12 +- Default Fedora and Debian templates use Xfce instead of GNOME ([#7784](https://github.com/QubesOS/qubes-issues/issues/7784)) +- SELinux support in Fedora templates ([#4239](https://github.com/QubesOS/qubes-issues/issues/4239)) +- Several GUI applications rewritten (screenshots below), including: + - Applications Menu (also available as preview in R4.1) ([#6665](https://github.com/QubesOS/qubes-issues/issues/6665)), ([#5677](https://github.com/QubesOS/qubes-issues/issues/5677)) + - Qubes Global Settings ([#6898](https://github.com/QubesOS/qubes-issues/issues/6898)) + - Create New Qube + - Qubes Update ([#7443](https://github.com/QubesOS/qubes-issues/issues/7443)) +- Unified `grub.cfg` location for both UEFI and legacy boot ([#7985](https://github.com/QubesOS/qubes-issues/issues/7985)) +- PipeWire support ([#6358](https://github.com/QubesOS/qubes-issues/issues/6358)) +- fwupd integration for firmware updates ([#4855](https://github.com/QubesOS/qubes-issues/issues/4855)) +- Optional automatic clipboard clearing ([#3415](https://github.com/QubesOS/qubes-issues/issues/3415)) +- Official packages built using Qubes Builder v2 ([#6486](https://github.com/QubesOS/qubes-issues/issues/6486)) +- Split GPG management in Qubes Global Settings +- Qrexec services use new qrexec policy format by default (but old format is still supported) ([#8000](https://github.com/QubesOS/qubes-issues/issues/8000)) +- Improved keyboard layout switching + +For a full list, including more detailed descriptions, please see [here](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+milestone%3A%22Release+4.2%22+label%3A%22release+notes%22+is%3Aclosed). Below are some screenshots of the new and improved Qubes GUI tools. + +The new Qubes OS Update tool: + +[![Screenshot of the Qubes OS Update tool](/attachment/site/4-2_update.png)](/attachment/site/4-2_update.png) + +The new Qubes OS Global Config tool: + +[![Screenshot of the Qubes OS Global Config tool](/attachment/site/4-2_global-config_1.png)](/attachment/site/4-2_global-config_1.png) +[![Screenshot of the Qubes OS Global Config tool](/attachment/site/4-2_global-config_2.png)](/attachment/site/4-2_global-config_2.png) + +The new Qubes OS Policy Editor tool: + +[![Screenshot of the Qubes OS Policy Editor tool](/attachment/site/4-2_policy-editor.png)](/attachment/site/4-2_policy-editor.png) + +## Known issues + +- DomU firewalls have completely switched to nftables. Users should add their custom rules to the `custom-input` and `custom-forward` chains. ([#5031](https://github.com/QubesOS/qubes-issues/issues/5031), [#6062](https://github.com/QubesOS/qubes-issues/issues/6062)) + +For a full list of open bug reports affecting 4.2, please see [here](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+label%3Aaffects-4.2+label%3A%22T%3A+bug%22+is%3Aopen). We strongly recommend [updating Qubes OS](/doc/how-to-update/) immediately after installation in order to apply any and all available bug fixes. + +## Download + +All Qubes ISOs and associated [verification files](/security/verifying-signatures/) are available on the [downloads](/downloads/) page. + +## Installation instructions + +See the [installation guide](/doc/installation-guide/). + +## Upgrading + +Please see [how to upgrade to Qubes 4.2](/doc/upgrade/4.2/). diff --git a/developer/releases/4_2/schedule.md b/developer/releases/4_2/schedule.md new file mode 100644 index 00000000..bf06452a --- /dev/null +++ b/developer/releases/4_2/schedule.md @@ -0,0 +1,20 @@ +--- +lang: en +layout: doc +permalink: /doc/releases/4.2/schedule/ +redirect_from: +- /en/doc/releases/4.2/schedule/ +title: Qubes R4.2 release schedule +--- + +_**Please note:** This page is still an unfinished draft in progress. It is being updated as Qubes 4.2 development and testing continues._ + +The table below is based on our [release schedule +policy](/doc/version-scheme/#release-schedule). + +| Date | Stage | +| ----------:| ----------------------------------------- | +| 2023-06-02 | 4.2.0-rc1 release | +| 2023-08-28 | 4.2.0-rc2 release | +| 2023-09-03 | 4.2.0-rc3 release | +| 2023-10-13 | 4.2.0-rc4 release | diff --git a/developer/releases/notes.md b/developer/releases/notes.md index 1be2115d..4c84571c 100644 --- a/developer/releases/notes.md +++ b/developer/releases/notes.md @@ -6,10 +6,11 @@ ref: 13 title: Release notes --- -* [Qubes R1.0 release notes](/doc/releases/1.0/release-notes/) -* [Qubes R2.0 release notes](/doc/releases/2.0/release-notes/) -* [Qubes R3.0 release notes](/doc/releases/3.0/release-notes/) -* [Qubes R3.1 release notes](/doc/releases/3.1/release-notes/) -* [Qubes R3.2 release notes](/doc/releases/3.2/release-notes/) -* [Qubes R4.0 release notes](/doc/releases/4.0/release-notes/) -* [Qubes R4.1 release notes](/doc/releases/4.1/release-notes/) +- [Qubes R1.0 release notes](/doc/releases/1.0/release-notes/) +- [Qubes R2.0 release notes](/doc/releases/2.0/release-notes/) +- [Qubes R3.0 release notes](/doc/releases/3.0/release-notes/) +- [Qubes R3.1 release notes](/doc/releases/3.1/release-notes/) +- [Qubes R3.2 release notes](/doc/releases/3.2/release-notes/) +- [Qubes R4.0 release notes](/doc/releases/4.0/release-notes/) +- [Qubes R4.1 release notes](/doc/releases/4.1/release-notes/) +- [Qubes R4.2 release notes](/doc/releases/4.2/release-notes/) diff --git a/developer/releases/schedules.md b/developer/releases/schedules.md index 6f656cf1..385ab1bf 100644 --- a/developer/releases/schedules.md +++ b/developer/releases/schedules.md @@ -6,8 +6,9 @@ ref: 15 title: Release schedules --- -* [Qubes R3.0 release schedule](/doc/releases/3.0/schedule/) -* [Qubes R3.1 release schedule](/doc/releases/3.1/schedule/) -* [Qubes R3.2 release schedule](/doc/releases/3.2/schedule/) -* [Qubes R4.0 release schedule](/doc/releases/4.0/schedule/) -* [Qubes R4.1 release schedule](/doc/releases/4.1/schedule/) +- [Qubes R3.0 release schedule](/doc/releases/3.0/schedule/) +- [Qubes R3.1 release schedule](/doc/releases/3.1/schedule/) +- [Qubes R3.2 release schedule](/doc/releases/3.2/schedule/) +- [Qubes R4.0 release schedule](/doc/releases/4.0/schedule/) +- [Qubes R4.1 release schedule](/doc/releases/4.1/schedule/) +- [Qubes R4.2 release schedule](/doc/releases/4.2/schedule/) diff --git a/developer/releases/version-scheme.md b/developer/releases/version-scheme.md index de261651..a96f9ca6 100644 --- a/developer/releases/version-scheme.md +++ b/developer/releases/version-scheme.md @@ -12,8 +12,11 @@ title: Version scheme The Qubes OS Project uses the [semantic versioning](https://semver.org/) standard. Version numbers are written as `..`. When -`` is zero, it is often omitted as a matter of convention, e.g., `4.1` is -short for `4.1.0`. +`` is omitted (e.g., `4.1`), it is usually either because `` is +zero (as in `4.1.0`) or because we are referring to a specific minor release +irrespective of any particular patch release within it. Similarly, the major +release number alone (e.g., `R4`) is sometimes used to refer to an entire +release series inclusive of all minor and patch releases within it. In general, patch releases are for backward-compatible bug fixes, minor releases are for backward-compatible enhancements and new features, and major @@ -24,6 +27,13 @@ notable exception, as upstream OSes almost always have their own release schedules.) Bug fixes are allowed in all releases, and backward-compatible changes are allowed in all major and minor releases. +Qubes OS minor releases generally include new features, new templates, and +occasionally new defaults, but they are still backward-compatible in the sense +that qubes and features that worked in the previous release still function, +though the UI may be different in some cases. In general, deprecated features +are removed only in major releases, and in-place upgrades between major versions +are not guaranteed. + Following standard practice, **version** refers to any build that has been assigned a version name or number, e.g., `3.2-rc2`, `4.0.4`, `4.1-beta1`. By contrast, **release** refers to any version that is intended for consumption by @@ -49,47 +59,48 @@ Qubes OS. Another remix may have its own version series. ## Release versioning -Qubes OS as a whole is released from time to time. When preparing a new -release, we decide on the `.` numbers (e.g., `3.0`). We then -publish the first release candidate, `3.0-rc1`. When we feel that enough -progress has been made, we'll release `3.0-rc2` and so on. All these versions -(not yet releases) are considered unstable and not for production use. You are -welcome to [help us test](/doc/testing/) these versions. +Qubes OS as a whole is released from time to time. When preparing a new release, +we decide on the `.` numbers (e.g., `3.0`, which is short for +`3.0.0`). We then publish the first release candidate, e.g., `3.0.0-rc1`. When +we feel that enough progress has been made, we'll release `3.0.0-rc2` and so on. +All these versions (which are not yet releases) are considered unstable and are +not intended for production use. You are welcome to [help us +test](/doc/testing/) these versions. When enough progress has been made, we announce the first stable release, e.g. -`3.0.0`. This not only a version but an actual release. It is considered stable -and we commit to supporting it according to our [support +`3.0.0`. This is not only a version but an actual release. It is considered +stable, and we commit to supporting it according to our [support schedule](/doc/supported-releases/). Core components are branched at this -moment and bug fixes are backported from the master branch. Please see [help, +moment, and bug fixes are backported from the master branch. Please see [help, support, mailing lists, and forum](/support/) for places to ask questions about -stable releases. No major features and interface incompatibilities are to be +stable releases. No major features or interface incompatibilities are to be included in this release. We release bug fixes as patch releases (`3.0.1`, `3.0.2`, and so on), while backward-compatible enhancements and new features are introduced in the next minor release (e.g., `3.1`). Any backward-incompatible changes are introduced in the next major release (e.g., `4.0`). -Issues in our [issue tracker](/doc/issue-tracking/) are sorted by release -[milestones](/doc/issue-tracking/#milestones). +Please see [issue tracking](/doc/issue-tracking/) for information about how +releases are handled in the issue tracker. ## Release schedule -There is no specific schedule for releases other that more general roadmap. -When time comes, Supreme Committee declares feature freeze and tags `-rc1` and -releases ISO image. From this time on, no new features are accepted. Also a -strict time schedule kicks in. +There is no specific schedule for releases other than a general roadmap. +When the time comes, we declare a feature freeze, tag `-rc1`, and +release an ISO. From this point on, no new features are accepted, and our +schedule begins. -Each release candidate period is as follows. For the first two weeks we accept -and assign bug reports to be fixed before next release candidate. For the next -two weeks we generally focus on fixing assigned bug reports, so issues -discovered during this time may be postponed until later RC. Finally after that -there is one week of current-testing freeze, during which time no new packages -are released, in hope that they will be installed by wider user base and -tested. +Each release candidate period is as follows: For the first two weeks, we accept +and assign bug reports to be fixed before the next release candidate. For the +next two weeks, we generally focus on fixing assigned bug reports, so issues +discovered during this period may be postponed until a later RC. Finally, +there is a one week current-testing freeze, during which time no new packages +are released, in the hope that they will be installed and tested by wider user +base. -The next RC is released five weeks after the former. All packets are published -in `current` repository and the cycle starts over. There should be no less than -1 and no more than 3 release candidates before final release. +The next RC is released five weeks after the former. All packages are published +in the `current` repository, and the cycle starts over. There should always be +at least one release candidate before the final release. | Stage | Duration | | ------------------------ | --------- | @@ -97,11 +108,11 @@ in `current` repository and the cycle starts over. There should be no less than | bug fixing | two weeks | | `current-testing` freeze | one week | -Starting with second cycle (that is, after `-rc1`) two weeks into the cycle -(after primary bug-reporting period) the Supreme Committee decides whether -there should be another RC. If, based on remaining issues, the Committee -decides to release final, then the Committee agrees upon the release date, -which should be no later than a week after. +Starting with the second cycle (that is, after `-rc1`), two weeks into the cycle +(after the primary bug-reporting period), we decide whether there should be +another RC. If, based on the bugs that have been reported, we decide that the +latest RC will be designated as the stable release, then we decide on its +release date, which should be no more than one week later. [![Release cycle](/attachment/doc/release-cycle.svg)](/attachment/doc/release-cycle.svg) diff --git a/developer/services/admin-api-table.md b/developer/services/admin-api-table.md deleted file mode 100644 index ad60fef9..00000000 --- a/developer/services/admin-api-table.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -lang: en -layout: fullscreen -permalink: /doc/admin-api/table/ -ref: 249 -title: Admin API table ---- - -This page displays the fullscreen table from [Admin API](/doc/admin-api/). - -{% include admin-api-table.md %} diff --git a/developer/services/admin-api.md b/developer/services/admin-api.md index 03678282..8fa12417 100644 --- a/developer/services/admin-api.md +++ b/developer/services/admin-api.md @@ -8,6 +8,7 @@ redirect_from: - /doc/mgmt1/ - /doc/mgmt-architecture/ - /doc/admin-api-architecture/ +- /doc/admin-api/table/ ref: 36 title: Admin API --- @@ -61,11 +62,94 @@ yet documented. The API should be implemented as a set of qrexec calls. This is to make it easy to set the policy using current mechanism. -[View this table on a fullscreen page.](/doc/admin-api/table/) - -{% include admin-api-table.md %} - -[View this table on a fullscreen page.](/doc/admin-api/table/) +| call | dest | argument | inside | return | note | +| ------------------------------------- | --------- | --------- | ----------------------------------------- | --------------------------------------------------------- | ---- | +| `admin.vmclass.List` | `dom0` | - | - | `\n` | +| `admin.vm.List` | `dom0|` | - | - | ` class= state=\n` | +| `admin.vm.Create.` | `dom0` | template | `name= label=