From a16b25690e199b495c3c2374373c5194a01743a1 Mon Sep 17 00:00:00 2001 From: parulin <161326115+parulin@users.noreply.github.com> Date: Tue, 25 Nov 2025 03:19:49 -0500 Subject: [PATCH 01/10] Set fail_on_warning to true in RTD config Since nitpicky mode is enabled and all warnings are fixed, using this default may spot minor mistakes in pull requests. --- .readthedocs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 526e0844..7a48016a 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -12,7 +12,7 @@ submodules: sphinx: builder: html configuration: conf.py - fail_on_warning: false + fail_on_warning: true python: install: From 507dd7d0c77273d16fcfa5b822b850aaccb5440d Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Wed, 3 Dec 2025 13:02:42 +0100 Subject: [PATCH 02/10] Late GUID and early GUI agent on preloaded disp For: https://github.com/QubesOS/qubes-core-admin/pull/757 For: https://github.com/QubesOS/qubes-gui-agent-linux/pull/251 For: https://github.com/QubesOS/qubes-issues/issues/9940 For: https://github.com/QubesOS/qubes-issues/issues/1512 --- developer/services/disposablevm-implementation.rst | 11 +++-------- user/how-to-guides/how-to-use-disposables.rst | 2 +- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/developer/services/disposablevm-implementation.rst b/developer/services/disposablevm-implementation.rst index d5d9bd71..d41c06f5 100644 --- a/developer/services/disposablevm-implementation.rst +++ b/developer/services/disposablevm-implementation.rst @@ -113,13 +113,6 @@ Preloaded disposables are paused for various reasons: But this comes at a cost: -- Can only connect to the GUI after the qube is requested (longer run time), else, if `early GUI connection was made before the qube is paused `__: - - - Events such as screen resize by plugging or removing external monitors can't work; - - No easy way to hide autostarted applications, depends on qube collaboration; - - Can only preload after GUI login to be able to establish a connection; - - Can't survive GUI login and logout as the connection might change; - - Memory management before pause may take some seconds, that is not prejudicial to the time to use the qube but it is prejudicial to the system as :doc:`qmemman ` can not balloon/balance other qubes in the mean time due to its design. Preloaded disposable's security @@ -131,12 +124,14 @@ As preloaded disposables are started before being used, methods to prevent accid - The qube has the ``internal`` feature enabled, Qubes GUI applications were patched to hide and show :term:`internal qubes` by handling events for ``domain-feature-((pre-)?set|delete):internal``; - When requesting an unnamed disposable, the qube object is only returned to the user once it has finished preloading; - The qube is paused as the last stage of preloading, this permits receiving :py:meth:`domain-unpaused ` event and be notified that the qube was used, marked as such and removed from the preload list to avoid reuse, even without the qube being requested with :py:meth:`core-admin:qubes.vm.dispvm.DispVM.from_appvm`; -- The GUID only connects to the GUI agent on the qube after the preloaded disposable is marked as used, this prevents that an autostarted application such as a terminal appears on the screen before preloading has finished. Enabling a GUI is is controlled by the :py:attr:`is_preload ` property, that when disabled, allows the GUI connection to initiate. This method delays GUI calls considerably as establishing the connection can take ~2 seconds, research is being done to prevent this delay. +- The GUID and Audio daemon only connects to the GUI agent and audio agent on the qube after the preloaded disposable is marked as used, this prevents that an autostarted applications appearing on the screen before it is ready or before pause, which could be confusing. Enabling a GUI is controlled by the :py:attr:`is_preload ` property, that when disabled, allows the GUI and audio connection to initiate. Another point of security is reliability: - The ``preload-dispvm-threshold`` feature controls how much free memory must be present on the system before attempting to create a new preloaded disposable. Used to ensure preloaded disposables do not consume all available memory, which would prevent starting other qubes. +To have late GUI daemon but an early GUI agent, changes have been made that limit the usability on ``sys-gui``. `Events such as plugging or removing external monitors can't work, it will be ignored by Xephyr `__. + Alternatives considered ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/user/how-to-guides/how-to-use-disposables.rst b/user/how-to-guides/how-to-use-disposables.rst index 12f6634a..dada81dc 100644 --- a/user/how-to-guides/how-to-use-disposables.rst +++ b/user/how-to-guides/how-to-use-disposables.rst @@ -156,7 +156,7 @@ The same can be done from the command line, although more difficult: ")" user@dom0:~$ qvm-device attach -- "$disp" user@dom0:~$ # Do your tasks. - user@dom0:~$ qvm-device dettach -- "$disp" + user@dom0:~$ qvm-device detach -- "$disp" user@dom0:~$ qvm-kill -- "$disp" Retrieve unnamed disposables faster (preloaded disposables) From e119bc16434905494baab4ca3957d279262d27d1 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Wed, 3 Dec 2025 13:09:03 +0100 Subject: [PATCH 03/10] Note preload autostart refills instead of refresh For: https://github.com/QubesOS/qubes-core-admin/pull/758 For: https://github.com/QubesOS/qubes-issues/issues/1512 --- .../services/disposablevm-implementation.rst | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/developer/services/disposablevm-implementation.rst b/developer/services/disposablevm-implementation.rst index d5d9bd71..2451f633 100644 --- a/developer/services/disposablevm-implementation.rst +++ b/developer/services/disposablevm-implementation.rst @@ -66,13 +66,16 @@ Preloaded disposable's management These are common events that trigger changes in preloaded disposables quantity: -- Setting or deleting the ``preload-dispvm-max`` feature will refill or remove; -- (Re)starting :file:`qubes-preload-dispvm.service` will refresh; -- Using a preloaded disposable will refill; -- Requesting a disposable will refill; -- Updating the volumes of a template or disposable template will refresh; -- Changing system's :py:attr:`default_dispvm ` while system's feature is set to a different value than the disposable template setting will refill or remove; and -- Qubesd was interrupted mid preload creation, on the next service restart, :py:meth:`domain-load ` of the disposable template will refresh the incomplete disposables. +- Refill or remove: + - Changing the ``preload-dispvm-max`` feature; + - Changing system's :py:attr:`default_dispvm ` while system's feature is set to a different value than the disposable template setting; +- Refill: + - (Re)starting :file:`qubes-preload-dispvm.service`; + - Using a preloaded disposable; + - Requesting a disposable; +- Refresh: + - Updating the volumes of a template or disposable template; + - Qubesd was interrupted mid preload creation, on the next service restart, :py:meth:`domain-load ` of the disposable template. Preloaded disposable's temporary gaps """"""""""""""""""""""""""""""""""""" From 519c382331a20e4895ec33ec9825a8a86f3cfd32 Mon Sep 17 00:00:00 2001 From: John Skiles Skinner Date: Fri, 5 Dec 2025 11:57:35 -0800 Subject: [PATCH 04/10] Introductory text This page would benefit from a brief explanation of what contributed packages are --- user/advanced-topics/installing-contributed-packages.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/advanced-topics/installing-contributed-packages.rst b/user/advanced-topics/installing-contributed-packages.rst index 07f6cc41..3897dbba 100644 --- a/user/advanced-topics/installing-contributed-packages.rst +++ b/user/advanced-topics/installing-contributed-packages.rst @@ -8,7 +8,7 @@ Installing contributed packages *This page is for users who wish to install contributed packages. If you want to contribute a package, please see* :doc:`package contributions ` *.* -Qubes OS contributed packages are available under the `QubesOS-contrib `__ GitHub Project. This is a place where our community can :doc:`contribute Qubes OS related packages, additions and various customizations `. +Contributed packages are software created by the community of Qubes OS users. They are managed, reviewed, and signed by the Qubes OS maintainer team to ensure they are safe to install on Qubes OS. Qubes OS contributed packages are available under the `QubesOS-contrib `__ GitHub Project. This is a place where our community can :doc:`contribute Qubes OS related packages, additions and various customizations `. Installing the repositories --------------------------- From 54abed18bd2baba2a6ccb01687724fff1b47c3f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 6 Dec 2025 04:05:12 +0100 Subject: [PATCH 05/10] R4.3 release notes: IPv6 DNS didn't make it --- developer/releases/4_3/release-notes.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/developer/releases/4_3/release-notes.rst b/developer/releases/4_3/release-notes.rst index 315a74df..ad544653 100644 --- a/developer/releases/4_3/release-notes.rst +++ b/developer/releases/4_3/release-notes.rst @@ -261,9 +261,6 @@ Other - New Devices API for salt (`#9753 `__). -- IPv6 DNS support for full IPv4-less environments - (`#10038 `__). - Dropped or replaced features ---------------------------- From bfd5153eb41ee33c0418b4087cb147d6fd53a02e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Dec 2025 05:21:17 +0000 Subject: [PATCH 06/10] Bump urllib3 from 2.5.0 to 2.6.0 Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e405d6f0..e4297c4e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -33,5 +33,5 @@ sphinxext-opengraph==0.12.0 sphinxnotes-any==2.5 sphinxnotes-comboroles==1.0 sphinxnotes-strike==1.2.1 -urllib3==2.5.0 +urllib3==2.6.0 Wand==0.6.13 From c98a9dd886384ad3a693592033fc20ebbd4d7737 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sol=C3=A8ne=20Rapenne?= Date: Thu, 11 Dec 2025 00:09:14 +0100 Subject: [PATCH 07/10] fix a typo --- user/advanced-topics/standalones-and-hvms.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/advanced-topics/standalones-and-hvms.rst b/user/advanced-topics/standalones-and-hvms.rst index 45854900..76490a6f 100644 --- a/user/advanced-topics/standalones-and-hvms.rst +++ b/user/advanced-topics/standalones-and-hvms.rst @@ -32,7 +32,7 @@ PVH has less attack surface than PV, as it relies on Second Level Address Transl PVH also has less attack surface than HVM, as it does not require QEMU to provide device emulation services. While QEMU is confined in a stubdomain, and again in a seccomp based sandbox, the stubdomain has significant attack surface against the hypervisor. Not only does it have the full attack surface of a PV domain, it also has access to additional hypercalls that allow it to control the guest it is providing emulation services for. XSA-109 was a vulnerability in one of these hypercalls. -PVH has better performance than HVM, as the stubdomain iin HVM consumes resources (both memory and a small amount of CPU). There is little difference in the I/O path at runtime, as both PVH and HVM guests usually use paravirtualized I/O protocols. +PVH has better performance than HVM, as the stubdomain in HVM consumes resources (both memory and a small amount of CPU). There is little difference in the I/O path at runtime, as both PVH and HVM guests usually use paravirtualized I/O protocols. Surprisingly, PVH often has better performance than PV. This is because PVH does not require hypercalls for page table updates, which are expensive. SLAT does raise the cost of TLB misses, but this is somewhat mitigated by a second-level TLB in recent hardware. From e8ff3b456e283c5d0b3d7d8333fd7201d4f8eeab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sol=C3=A8ne=20Rapenne?= Date: Thu, 11 Dec 2025 00:11:28 +0100 Subject: [PATCH 08/10] update standalone/hvm new qubes after GUI changes original changes from PR 1481 --- user/advanced-topics/standalones-and-hvms.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/advanced-topics/standalones-and-hvms.rst b/user/advanced-topics/standalones-and-hvms.rst index 76490a6f..515d02a5 100644 --- a/user/advanced-topics/standalones-and-hvms.rst +++ b/user/advanced-topics/standalones-and-hvms.rst @@ -80,7 +80,7 @@ Using the GUI ^^^^^^^^^^^^^ -In Qube Manager, select “Create new qube” from the Qube menu, or select the “Create a new qube” button. In the “create new qube” dialog box set Type to “Empty standalone qube (install your own OS)”. If “install system from device” is selected (which it is by default), then ``virt_mode`` will be set to ``hvm`` automatically. Otherwise, open the newly-created qube’s Settings GUI and, in the “Advanced” tab, select ``HVM`` in the virtualization mode drop-down list. Also, make sure “Kernel” is set to ``(none)`` on the same tab. +In Qube Manager, use either the "New qube" button, or the "New qube" entry in the "Qube" menu. In the "Create new qube" dialog box click on tab "Standalone". If "install system from device" is selected (which it is by default), then ``virt_mode`` will be set to ``hvm`` automatically. Otherwise, open the newly-created qube’s Settings GUI and, in the "Advanced" tab, select ``HVM`` in the virtualization mode drop-down list. Also, make sure “Kernel” is set to ``(none)`` on the same tab. Command line ^^^^^^^^^^^^ From fae4d224e87743737e0b69bc77c7d5e3fbce5f49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sol=C3=A8ne=20Rapenne?= Date: Thu, 11 Dec 2025 01:43:20 +0100 Subject: [PATCH 09/10] Revert "Set fail_on_warning to true in RTD config" This reverts commit a16b25690e199b495c3c2374373c5194a01743a1. Build stopped working on readthedocs due to this change, we need further investigations to better test changes locally and also figure why there is a warning --- .readthedocs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 7a48016a..526e0844 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -12,7 +12,7 @@ submodules: sphinx: builder: html configuration: conf.py - fail_on_warning: true + fail_on_warning: false python: install: From 128bfac936526ccad8cc7e5062b2032aa64671d7 Mon Sep 17 00:00:00 2001 From: parulin <161326115+parulin@users.noreply.github.com> Date: Sat, 13 Dec 2025 13:11:08 -0500 Subject: [PATCH 10/10] Add 4.3.0-rc4 to the schedule --- developer/releases/4_3/schedule.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/developer/releases/4_3/schedule.rst b/developer/releases/4_3/schedule.rst index 0e34a9f9..535bedd0 100644 --- a/developer/releases/4_3/schedule.rst +++ b/developer/releases/4_3/schedule.rst @@ -24,4 +24,6 @@ The table below is based on our :ref:`release-schedule-policy`. - `4.3.0-rc2 release `_ * - 2025-10-27 - `4.3.0-rc3 release `_ + * - 2025-12-06 + - `4.3.0-rc4 release `_