From 1fc7bc98beca642e75942c603beefa48c8698e31 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Mon, 24 Apr 2017 14:06:01 +0000 Subject: [PATCH 01/20] Create w3m.md How to reduce the fingerprint of the text-based web browser w3m. --- configuration/w3m.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 configuration/w3m.md diff --git a/configuration/w3m.md b/configuration/w3m.md new file mode 100644 index 00000000..29198ad2 --- /dev/null +++ b/configuration/w3m.md @@ -0,0 +1,35 @@ +--- +layout: doc +title: Reducing the fingerprint of the text-based web browser w3m +permalink: /doc/w3m/ +redirect_from: +- /en/doc/mutt/ +- /doc/W3m/ +- /wiki/W3m/ +--- + +Reducing the fingerprint of the text-based web browser w3m +==== + +[w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' + +You can reduce the [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. + +**BEWARE: As very few people use w3m for browsing chances are high that you will still be the only person with this fingerprint on your adversary's radar. Also, I am nothing but a wannabe security expert, so do not rely on my advise for anything critical.** + +Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TempVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). + +* Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. +* Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: + + accept_language en-US,en;q=0.5 + accept_encoding gzip, deflate + accept_media text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + +Testing the settings on ( does not work) returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.* Thus by using these settings (and browsing through a torified connection) you will be distinguishable from TBB users, but, if my assumptions are correct, not from me. That is, whoever uses these settings will have the same fingerprint as anyone else using w3m with the same configuration, but for the time being I am probably the only one. (According to Browserprint.info only I have this fingerprint.) + +PS: You still need to delete cookies manually (`~/.w3m/cookie`) if you are not running w3m in a DispVM anyway. If you set w3m to not accept cookies, its fingerprint will change. (You can configure w3m to not use store cookies or accept new ones (or both), but the setting `use_cookie` seems to really mean `accept_cookie` and vice-versa, so maybe it is best to delete them manually for now.) + +* * * + +\* Does someone know how to fix this? From 016f87759908360dca0c367570c83ac5e3dfe6d8 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Mon, 24 Apr 2017 14:09:14 +0000 Subject: [PATCH 02/20] Add link to yet-to-be-accepted w3m.md --- doc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc.md b/doc.md index 3ac75eb4..fcb07669 100644 --- a/doc.md +++ b/doc.md @@ -151,6 +151,7 @@ Configuration Guides * [Managing VM kernel](/doc/managing-vm-kernel/) * [Salt management stack](/doc/salt/) * [Adding SSD storage cache](https://groups.google.com/d/msgid/qubes-users/a08359c9-9eb0-4d1a-ad92-a8a9bc676ea6%40googlegroups.com) + * [Reducing the fingerprint of the text-based web browser w3m](/doc/w3m/) Customization Guides From 4d0252cfd510c71e910795a722ff0da943b1df3c Mon Sep 17 00:00:00 2001 From: ubestemt Date: Fri, 28 Apr 2017 12:02:40 +0000 Subject: [PATCH 03/20] Rewrite to make clearer what is does and does not --- configuration/w3m.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/configuration/w3m.md b/configuration/w3m.md index 29198ad2..4eeb3908 100644 --- a/configuration/w3m.md +++ b/configuration/w3m.md @@ -5,28 +5,35 @@ permalink: /doc/w3m/ redirect_from: - /en/doc/mutt/ - /doc/W3m/ -- /wiki/W3m/ +- /wiki/W3m/t --- Reducing the fingerprint of the text-based web browser w3m ==== +TL;DR: You can reduce the amount w3m tells about itself and the environment it is running in (and, by extension, you). **It will not make you anonymous; your fingerprint will still be unique.** But it may improve your privacy. + [w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' -You can reduce the [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. +You can reduce the browser [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. -**BEWARE: As very few people use w3m for browsing chances are high that you will still be the only person with this fingerprint on your adversary's radar. Also, I am nothing but a wannabe security expert, so do not rely on my advise for anything critical.** - -Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TempVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). +Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). * Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. + + (By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick have this value.) + * Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: accept_language en-US,en;q=0.5 accept_encoding gzip, deflate accept_media text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + + (These changes will hide your computer's locale and some other information that may or may not be unique to the VM in which it is running. With the modifications above the w3m will have the same headers as about one in fifteen browsers fingerprinted by Panopticlick.) + +Testing these settings on returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.\* ( does not work with w3m.) Due to the low number of w3m users it is highly likely that you will have an unique browser fingerprint among the visitors of a website using somewhat sofisticated browser fingerprinting technology. But at least your browser fingerprint will not reveal your computer's language settings or other specifics about it that could be contained in the HTTP_ACCEPT headers. And even if the browser you use may well be *inferred* from your fingerprint, it will not be explicitly stated in the User-Agent header. -Testing the settings on ( does not work) returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.* Thus by using these settings (and browsing through a torified connection) you will be distinguishable from TBB users, but, if my assumptions are correct, not from me. That is, whoever uses these settings will have the same fingerprint as anyone else using w3m with the same configuration, but for the time being I am probably the only one. (According to Browserprint.info only I have this fingerprint.) +**Reminder: Do not rely on these settings for anonymity. Using w3m is all but guaranteed to make you stand out in the crowd.** PS: You still need to delete cookies manually (`~/.w3m/cookie`) if you are not running w3m in a DispVM anyway. If you set w3m to not accept cookies, its fingerprint will change. (You can configure w3m to not use store cookies or accept new ones (or both), but the setting `use_cookie` seems to really mean `accept_cookie` and vice-versa, so maybe it is best to delete them manually for now.) From bac57503a3bb0e5f15de2073c9d7c5a494615bfc Mon Sep 17 00:00:00 2001 From: ubestemt Date: Fri, 28 Apr 2017 12:59:50 +0000 Subject: [PATCH 04/20] Minor edit. --- configuration/w3m.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configuration/w3m.md b/configuration/w3m.md index 4eeb3908..76c7e6d4 100644 --- a/configuration/w3m.md +++ b/configuration/w3m.md @@ -11,17 +11,17 @@ redirect_from: Reducing the fingerprint of the text-based web browser w3m ==== -TL;DR: You can reduce the amount w3m tells about itself and the environment it is running in (and, by extension, you). **It will not make you anonymous; your fingerprint will still be unique.** But it may improve your privacy. +TL;DR: You can reduce the amount of information w3m gives about itself and the environment it is running in (and, by extension, you). **It will not make you anonymous; your fingerprint will still be unique.** But it may improve your privacy. [w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' -You can reduce the browser [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. +You can reduce the [browser fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by making it (the fingerprint) more like that of the Tor Browser Bunde (TBB) with JavaScript disabled. Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). * Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. - (By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick have this value.) + By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick has this value. * Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: @@ -29,9 +29,9 @@ Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m accept_encoding gzip, deflate accept_media text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - (These changes will hide your computer's locale and some other information that may or may not be unique to the VM in which it is running. With the modifications above the w3m will have the same headers as about one in fifteen browsers fingerprinted by Panopticlick.) + These changes will hide your computer's locale and some other information that may or may not be unique to the VM in which it is running. With the modifications above w3m will have the same headers as about one in fifteen browsers fingerprinted by Panopticlick. -Testing these settings on returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.\* ( does not work with w3m.) Due to the low number of w3m users it is highly likely that you will have an unique browser fingerprint among the visitors of a website using somewhat sofisticated browser fingerprinting technology. But at least your browser fingerprint will not reveal your computer's language settings or other specifics about it that could be contained in the HTTP_ACCEPT headers. And even if the browser you use may well be *inferred* from your fingerprint, it will not be explicitly stated in the User-Agent header. +Testing these settings on returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.\* ( does not work with w3m.) Due to the low number of w3m users it is highly likely that you will have an unique browser fingerprint among the visitors of a website using somewhat sofisticated browser fingerprinting technology. But at least your browser fingerprint will not reveal your computer's locale settings or other specifics about it in the HTTP_ACCEPT headers. And while it may be inferred from your fingerprint that you use w3m, it is not be explicitly stated in the User-Agent header. **Reminder: Do not rely on these settings for anonymity. Using w3m is all but guaranteed to make you stand out in the crowd.** From 0eab70bd636983a43aa490fa1d5422de4c81c02d Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 2 May 2017 21:13:41 +0000 Subject: [PATCH 05/20] Supplemented missing step; some rephrasing. --- building/building-archlinux-template.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/building/building-archlinux-template.md b/building/building-archlinux-template.md index a6b9948c..0f463ccb 100644 --- a/building/building-archlinux-template.md +++ b/building/building-archlinux-template.md @@ -77,7 +77,7 @@ redirect_from:

-## 4: Downloading and verifying the "Qubes Automated Build System" +## 4: Downloading and verifying the integrity the "Qubes Automated Build System" * Import the Qubes master key @@ -98,9 +98,10 @@ redirect_from: * Copy your gpg keyrings to your local copy of the repository. (Otherwise you will be asked to download the keys again.) - # Assuming qubes-builder is in your home directory - cp .gnupg/pubring.gpg qubes-builder/keyrings/git/ - cp .gnupg/trustdb.gpg qubes-builder/keyrings/git/ + # Execute the following commands in your home directory. + # It is assumed that the path to the repository is '~/qubes-builder'. + mkdir -p qubes-builder/keyrings/git + cp -t qubes-builder/keyrings/git/ .gnupg/pubring.gpg .gnupg/trustdb.gpg * Verify the integrity of the downloaded repository. The last line should read `gpg: Good signature from`... From 6d5a7e426e76c1e9327160b31a8122e1a3ac0e57 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 9 May 2017 13:39:49 +0000 Subject: [PATCH 06/20] Minor edits. --- configuration/w3m.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/configuration/w3m.md b/configuration/w3m.md index 76c7e6d4..9586ef40 100644 --- a/configuration/w3m.md +++ b/configuration/w3m.md @@ -5,7 +5,7 @@ permalink: /doc/w3m/ redirect_from: - /en/doc/mutt/ - /doc/W3m/ -- /wiki/W3m/t +- /wiki/W3m/ --- Reducing the fingerprint of the text-based web browser w3m @@ -15,13 +15,11 @@ TL;DR: You can reduce the amount of information w3m gives about itself and the e [w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' -You can reduce the [browser fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by making it (the fingerprint) more like that of the Tor Browser Bunde (TBB) with JavaScript disabled. - -Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). +You can reduce the [browser fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) by applying the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. (If you have not run w3m yet, you might need to copy the config file from elsewhere.) You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). * Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. - By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick has this value. + By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the Tor Browser Bundle (TBB). One in fourteen browsers finderprinted by Panopticlick has this value. * Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: From d13f2a150b61080c0defdb64c56c697da69e6a70 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 9 May 2017 13:41:04 +0000 Subject: [PATCH 07/20] Moved how-to to a more fitting section. --- doc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.md b/doc.md index fcb07669..807a1177 100644 --- a/doc.md +++ b/doc.md @@ -124,6 +124,7 @@ Privacy Guides * [TorVM](/doc/torvm/) * [Martus](/doc/martus/) * [Signal](/doc/signal/) + * [Reducing the fingerprint of the text-based web browser w3m](/doc/w3m/) Configuration Guides @@ -151,7 +152,6 @@ Configuration Guides * [Managing VM kernel](/doc/managing-vm-kernel/) * [Salt management stack](/doc/salt/) * [Adding SSD storage cache](https://groups.google.com/d/msgid/qubes-users/a08359c9-9eb0-4d1a-ad92-a8a9bc676ea6%40googlegroups.com) - * [Reducing the fingerprint of the text-based web browser w3m](/doc/w3m/) Customization Guides From 22340ee8d9c969a22919de665f454d909bda8bbf Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 16 May 2017 11:39:29 +0000 Subject: [PATCH 08/20] Missing word. --- building/building-archlinux-template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/building/building-archlinux-template.md b/building/building-archlinux-template.md index 0f463ccb..0601548b 100644 --- a/building/building-archlinux-template.md +++ b/building/building-archlinux-template.md @@ -77,7 +77,7 @@ redirect_from:

-## 4: Downloading and verifying the integrity the "Qubes Automated Build System" +## 4: Downloading and verifying the integrity of the "Qubes Automated Build System" * Import the Qubes master key From 47eb48bc868be4e4014071dca2fdab16a19bb6e8 Mon Sep 17 00:00:00 2001 From: NoobyNiceDev <33202028+NoobyNiceDev@users.noreply.github.com> Date: Sun, 29 Oct 2017 17:38:37 +0100 Subject: [PATCH 09/20] Warning Win10 Created usb On windows 10 machines created install USB drives can't accomplish media test. According to Issue 2051. --- installing/installation-guide.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/installing/installation-guide.md b/installing/installation-guide.md index e0b97bbd..10a111ce 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -76,6 +76,9 @@ partition (e.g., `/dev/sda1`). On Windows, you can use the [Rufus] tool. Be sure to select "DD image" mode (you need to do that **after** selecting the Qubes ISO): +**Warning:** If you do that on Windows 10, you can only install Qubes without +MediaTest, which isn't recommended. + Before proceeding with the installation, you are encouraged to first read all From 0d7b1875e8aa385c41df6e09cbf30d6f720cd782 Mon Sep 17 00:00:00 2001 From: ptitdoc Date: Sun, 19 Nov 2017 09:31:57 +0100 Subject: [PATCH 10/20] Archlinux documentation update for Qubes-4.0 Update Archlinux documentation as discussed in the following pull requests: https://github.com/QubesOS/qubes-core-agent-linux/pull/67 https://github.com/QubesOS/qubes-core-agent-linux/pull/66 --- managing-os/templates/archlinux.md | 44 ++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index 3bb15f2f..5bd465aa 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -32,22 +32,23 @@ A prebuilt template is available only for Qubes 3.2. Before Qubes 3.2, it should ## Binary packages activation -The update repository is disabled when you install (signed) template package. You can however choose to trust it by registering it into pacman. +The Qubes update repository is disabled by default in the Archlinux template. You can however choose to trust it by registering it into pacman. -Enable the repository by running the following command: +Since November 2017, an activation package is present in the template. The update repository can thus be activated by running the following command inside the template: - # mv /etc/pacman.d/99-qubes-repository-3.2.disabled /etc/pacman.d/99-qubes-repository-3.2.conf + # pacman -sU /etc/pacman.d/qubes-vm-keyring*.pkg.tar.xz + +It should be noted to this command will create a trust for packages provided by [Olivier Médoc](mailto:o_medoc@yahoo.fr) and signed by the PGP key above. -Then you need to install and sign the public GPG key of the package maintainer (note that accessing to GPG servers requires to temporarily disable the firewall in your template): +If the qubes-vm-keyring package is not present in `/etc/pacman.d/`, please refer to the section #Activating binary packages manually. - # pacman-key --recv-key 2043E7ACC1833B9C - # pacman-key --finger 2043E7ACC1833B9C - -If the fingerprint is correct, you can then sign the key: +## Optional Qubes packages - # pacman-key --lsign-key 2043E7ACC1833B9C +Several Qubes packages are not necessarilly installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: +* `qubes-vm-networking`: Contains Qubes tools and dependencies required to use the template as a NetVM/ProxyVM +* `qubes-vm-pulseaudio`: Contains Pulseaudio agent enabling sound support in the template -## Default packages +## Default template packages In order to keep the template as small and simple as possible, default installed package have been arbitrarily selected based on multiple subjective criterias that however essentially include libraries dependencies. This packages are: * Some font packages to keep good user experience @@ -60,6 +61,28 @@ In order to keep the template as small and simple as possible, default installed Note that Archlinux does not install GUI packages by default as this decision is left to users. This packages have only been selected to have a usable template. +## Activating binary packages manually + +Enable the repository by running the following command: + + # rm /etc/pacman.d/99-qubes-repository-3.2.conf + # ln -s /etc/pacman.d/99-qubes-repository-3.2.disabled /etc/pacman.d/99-qubes-repository-3.2.conf + +Then you need to install and sign the public GPG key of the package maintainer (note that accessing to GPG servers requires to temporarily disable the firewall in your template): + + # pacman-key --recv-key 2043E7ACC1833B9C + # pacman-key --finger 2043E7ACC1833B9C + +If the fingerprint is correct, you can then sign the key: + + # pacman-key --lsign-key 2043E7ACC1833B9C + +## Updating a Qubes-3.2 Archlinux Template + +Because of changes in the Qubes-4.0 partition layout, and usage of XEN HVMs instead of pv-guests. It is not straightforward to update a Qubes-3.2 template to Qubes-4.0. + +For this reason, it is recommended to start from a new template in Qubes-4.0. + ## Updating a Qubes-3.1 Archlinux Template If you decide to use binary packages but that you where using a Qubes-3.1 Template, your can follow these instructions to enable Qubes 3.2 agents. @@ -111,7 +134,6 @@ Finally, errors related to the GUI agent can be found inside the VM in `/home/us ## Packages manager wrapper - Powerpill is a full Pacman wrapper that not only give easy proxy configuration but further offers numerous other advantages. Please check out: From c2a9f16967c5e51b6ea609b19aae5bf8a7932188 Mon Sep 17 00:00:00 2001 From: ptitdoc Date: Sun, 19 Nov 2017 14:35:59 +0100 Subject: [PATCH 11/20] Fix failed travis check (typo) --- managing-os/templates/archlinux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index 5bd465aa..c3b40e8f 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -44,7 +44,7 @@ If the qubes-vm-keyring package is not present in `/etc/pacman.d/`, please refer ## Optional Qubes packages -Several Qubes packages are not necessarilly installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: +Several Qubes packages are not necessarily installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: * `qubes-vm-networking`: Contains Qubes tools and dependencies required to use the template as a NetVM/ProxyVM * `qubes-vm-pulseaudio`: Contains Pulseaudio agent enabling sound support in the template From 227f3ba87779378667ce55f4cb78199b74d7a82e Mon Sep 17 00:00:00 2001 From: ptitdoc Date: Sun, 19 Nov 2017 15:53:18 +0100 Subject: [PATCH 12/20] Properly use markdown for package names. --- managing-os/templates/archlinux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index c3b40e8f..87beb977 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -46,7 +46,7 @@ If the qubes-vm-keyring package is not present in `/etc/pacman.d/`, please refer Several Qubes packages are not necessarily installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: * `qubes-vm-networking`: Contains Qubes tools and dependencies required to use the template as a NetVM/ProxyVM -* `qubes-vm-pulseaudio`: Contains Pulseaudio agent enabling sound support in the template +* `qubes-vm-pulseaudio`: Contains `Pulseaudio` agent enabling sound support in the template ## Default template packages From 0a7a794a8998d21e31b4b284e6c8094c2c166591 Mon Sep 17 00:00:00 2001 From: mossy-nw <34462023+mossy-nw@users.noreply.github.com> Date: Mon, 22 Jan 2018 18:02:52 +0000 Subject: [PATCH 13/20] Update fedora-minimal.md --- managing-os/templates/fedora-minimal.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/managing-os/templates/fedora-minimal.md b/managing-os/templates/fedora-minimal.md index 8e725237..9febea4a 100644 --- a/managing-os/templates/fedora-minimal.md +++ b/managing-os/templates/fedora-minimal.md @@ -72,12 +72,6 @@ In Qubes R4.0, sudo is not installed by default in the minimal template. To upd [user@dom0 ~]$ qvm-run -u root fedora-26-minimal xterm ~~~ -If you would like to skip this step in future, please install the `sudo` package: - -~~~ -[user@your-new-clone ~]$ dnf install sudo -~~~ - In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly. These packages are: - `qubes-core-agent-qrexec`: Qubes qrexec agent. Installed by default. @@ -87,7 +81,8 @@ In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be neede - `qubes-core-agent-sysvinit`: Qubes unit files for SysV init style or upstart. - `qubes-core-agent-networking`: Networking support. Useful if the template has to be used for a `sys-net` VM. - `qubes-core-agent-network-manager`: Integration for NetworkManager. Useful if the template has to be used for a `sys-net` VM. -- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template which the VM respondible for 'dom0' updates is based on must contain this package. +- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template which the VM responsible for 'dom0' updates (e.g. `sys-firewall`) is based on must contain this package. +- `qubes-usb-proxy`: Required in minimal template for a USB qube (`sys-usb`) as well as in minimal template for any destination domains to which USB devices are to be attached (e.g `sys-net` if using USB network adapter). - `pulseaudio-qubes`: Needed to have audio on the template VM. From bcc9020c41248aefba1291f5b559e1772dc32f18 Mon Sep 17 00:00:00 2001 From: mossy-nw <34462023+mossy-nw@users.noreply.github.com> Date: Mon, 22 Jan 2018 19:24:00 +0000 Subject: [PATCH 14/20] Update fedora-minimal.md some grammar fixes and clarify that `qubes-core-agent-networking` also required for `sys-firewall` VM --- managing-os/templates/fedora-minimal.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/managing-os/templates/fedora-minimal.md b/managing-os/templates/fedora-minimal.md index 9febea4a..39a7c92a 100644 --- a/managing-os/templates/fedora-minimal.md +++ b/managing-os/templates/fedora-minimal.md @@ -79,10 +79,10 @@ In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be neede - `qubes-core-agent-passwordless-root`, `polkit`: By default the 'fedora-26-minimal' template doesn't have passwordless root. These two packages fix the situation. - `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it things like "copy to VM/open in disposable VM" will not be shown in Nautilus). - `qubes-core-agent-sysvinit`: Qubes unit files for SysV init style or upstart. -- `qubes-core-agent-networking`: Networking support. Useful if the template has to be used for a `sys-net` VM. -- `qubes-core-agent-network-manager`: Integration for NetworkManager. Useful if the template has to be used for a `sys-net` VM. +- `qubes-core-agent-networking`: Networking support. Required if the template is to be used for a `sys-net` or `sys-firewall` VM. +- `qubes-core-agent-network-manager`: Integration for NetworkManager. Useful if the template is to be used for a `sys-net` VM. - `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template which the VM responsible for 'dom0' updates (e.g. `sys-firewall`) is based on must contain this package. -- `qubes-usb-proxy`: Required in minimal template for a USB qube (`sys-usb`) as well as in minimal template for any destination domains to which USB devices are to be attached (e.g `sys-net` if using USB network adapter). +- `qubes-usb-proxy`: Required if the template is to be used for a USB qube (`sys-usb`) or for any destination qube to which USB devices are to be attached (e.g `sys-net` if using USB network adapter). - `pulseaudio-qubes`: Needed to have audio on the template VM. From 6fd6402c73cc292a11e6d881aad1f76505a27734 Mon Sep 17 00:00:00 2001 From: mossy-nw <34462023+mossy-nw@users.noreply.github.com> Date: Mon, 22 Jan 2018 19:38:09 +0000 Subject: [PATCH 15/20] Update fedora-minimal.md added network-manager-applet for system tray icon for minimal sys-net --- managing-os/templates/fedora-minimal.md | 1 + 1 file changed, 1 insertion(+) diff --git a/managing-os/templates/fedora-minimal.md b/managing-os/templates/fedora-minimal.md index 39a7c92a..48528a34 100644 --- a/managing-os/templates/fedora-minimal.md +++ b/managing-os/templates/fedora-minimal.md @@ -81,6 +81,7 @@ In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be neede - `qubes-core-agent-sysvinit`: Qubes unit files for SysV init style or upstart. - `qubes-core-agent-networking`: Networking support. Required if the template is to be used for a `sys-net` or `sys-firewall` VM. - `qubes-core-agent-network-manager`: Integration for NetworkManager. Useful if the template is to be used for a `sys-net` VM. +- `network-manager-applet`: Useful (together with `dejavu-sans-fonts` and `notification-daemon`) to have a system tray icon if the template is to be used for a `sys-net` VM. - `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template which the VM responsible for 'dom0' updates (e.g. `sys-firewall`) is based on must contain this package. - `qubes-usb-proxy`: Required if the template is to be used for a USB qube (`sys-usb`) or for any destination qube to which USB devices are to be attached (e.g `sys-net` if using USB network adapter). - `pulseaudio-qubes`: Needed to have audio on the template VM. From b2c159ebbe3f476de8a740c4e671873852f9be12 Mon Sep 17 00:00:00 2001 From: awokd <34515595+awokd@users.noreply.github.com> Date: Fri, 26 Jan 2018 11:24:11 +0000 Subject: [PATCH 16/20] Update live-usb.md Add version note and redirect --- installing/live-usb.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/installing/live-usb.md b/installing/live-usb.md index 6e629962..a4d3e9a4 100644 --- a/installing/live-usb.md +++ b/installing/live-usb.md @@ -7,6 +7,11 @@ permalink: /doc/live-usb/ Qubes Live USB (alpha) ====================== +NOTE: This content applies to Qubes versions earlier than R3.2. See the +[Installation Guide](/doc/installation-guide/) for instructions and warnings +on creating a USB boot drive for testing purposes with Qubes R3.2, R4.0, and +higher. + Qubes Live USB allows you to run and try Qubes OS without having to install it anywhere. Qubes Live USB is currently in alpha. If you use it, please consider running the [HCL reporting tool](/hcl/) and sending us the results so that we @@ -16,7 +21,6 @@ please consider applying for a [Google Summer of Code][gsoc-page] scholarship (if you are eligible) and choosing the QubesOS Project as a mentor organization. You can find our list of project ideas [here][project-page]. - Introduction ------------ From 7d51c0d9205d52aad8b2ab3d8f3a0b544f0f0ff1 Mon Sep 17 00:00:00 2001 From: awokd <34515595+awokd@users.noreply.github.com> Date: Fri, 26 Jan 2018 13:05:21 +0000 Subject: [PATCH 17/20] Misc R4.0 updates --- common-tasks/software-update-vm.md | 33 +++++++++++++++++++----------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/common-tasks/software-update-vm.md b/common-tasks/software-update-vm.md index 1e06b2c4..2feab516 100644 --- a/common-tasks/software-update-vm.md +++ b/common-tasks/software-update-vm.md @@ -18,20 +18,24 @@ Most of the AppVMs (domains) are based on a *TemplateVM*, which means that their In addition to saving on the disk space, and reducing domain creation time, another advantage of such scheme is the possibility for centralized software update. It's just enough to do the update in the template VM, and then all the AppVMs based on this template get updates automatically after they are restarted. -The default template is called **fedora-14-x64** in Qubes R1 and **fedora-20-x64** in Qubes R2. +The default template is called **fedora-23** in Qubes R3.2 and **fedora-26** in Qubes R4.0. -The side effect of this mechanism is, of course, that if you install any software in your AppVM, more specifically in any directory other than `/home` or `/usr/local` then it will disappear after the AppVM reboot (as the root filesystem for this AppVM will again be "taken" from the TemplateVM). **This means one normally install software in the TemplateVM, not in AppVMs.** +The side effect of this mechanism is, of course, that if you install any software in your AppVM, more specifically in any directory other than `/home`, `/usr/local`, or `/rw` then it will disappear after the AppVM reboots (as the root filesystem for this AppVM will again be "taken" from the TemplateVM). **This means one normally installs software in the TemplateVM, not in AppVMs.** -Unlike VM private filesystems, the template VM root filesystem does not support discard, so deleting files does not free the space in dom0. See [these instructions](/doc/template/fedora/upgrade-23-to-24/#compacting-the-upgraded-template) to recover space in dom0. +Unlike VM private filesystems, under R3.x the template VM root filesystem does not support discard by default, so deleting files does not free the space in dom0. See [these instructions](/doc/template/fedora/upgrade-23-to-24/#compacting-the-upgraded-template) to recover space in dom0. + +In R4.0 and higher, the template root filesystem is created in a thin pool so manual trims are no longer needed. + +See [here](/doc/disk-trim) for further discussion on enabling discards/trim support under all versions. Installing (or updating) software in the TemplateVM ---------------------------------------------------- In order to permanently install new software, you should: -- Start the template VM and then start either console (e.g. `gnome-terminal`) or dedicated software management application, such as `gpk-application` (*Start-\>Applications-\>Template: fedora-XX-x64-\>Add/Remove software*), +- Start the template VM and then start either console (e.g. `gnome-terminal`) or dedicated software management application, such as `gpk-application` (*Start-\>Applications-\>Template: fedora-XX-\>Add/Remove software*), -- Install/update software as usual (e.g. using yum, or the dedicated GUI application). Then, shutdown the template VM, +- Install/update software as usual (e.g. using dnf, or the dedicated GUI application). Then, shutdown the template VM, - You will see now that all the AppVMs based on this template (by default all your VMs) will be marked as "outdated" in the manager. This is because their filesystems have not been yet updated -- in order to do that, you must restart each VM. You don't need to restart all of them at the same time -- e.g. if you just need the newly installed software to be available in your 'personal' domain, then restart only this VM. You will restart others whenever this will be convenient to you. @@ -73,9 +77,14 @@ Debian also has three Qubes VM testing repositories (where `*` denotes the Relea repository; mostly experimental debugging packages To enable or disable any of these repos permanently, uncomment the corresponding `deb` line in -`/etc/apt/sources.list.d/qubes-r3.list` +`/etc/apt/sources.list.d/qubes-r*.list` -Reverting changes to a TemplateVM +Reverting changes to a TemplateVM (R4.0) +--------------------------------- + +TBD- Qubes 4.0 uses a CoW system that permits snapshotting. To revert changes, one would... + +Reverting changes to a TemplateVM (R3.2) --------------------------------- Perhaps you've just updated your TemplateVM, and the update broke your template. @@ -127,7 +136,7 @@ Some popular questions: As long as template's compromise is considered, it doesn't really matter whether /usr/bin/firefox is buggy and can be exploited, or not. What matters is whether its *installation* scripts (such as %post in the rpm.spec) are benign or not. Template VM should be used only for installation of packages, and nothing more, so it should never get a chance to actually run the /usr/bin/firefox and got infected from it, in case it was compromised. Also, some of your more trusted AppVMs, would have networking restrictions enforced by the [firewall VM](/doc/firewall/), and again they should not fear this proverbial /usr/bin/firefox being potentially buggy and easy to compromise. -- But why trusting Fedora? +- But why trust Fedora? Because we chose to use Fedora as a vendor for the Qubes OS foundation (e.g. for Dom0 packages and for AppVM packages). We also chose to trust several other vendors, such as Xen.org, kernel.org, and a few others whose software we use in Dom0. We had to trust *somebody* as we are unable to write all the software from scratch ourselves. But there is a big difference in trusting all Fedora packages to be non-malicious (in terms of installation scripts) vs. trusting all those packages are non-buggy and non-exploitable. We certainly do not assume the latter. @@ -170,12 +179,12 @@ Temporarily allowing networking for software installation Some third-party applications cannot be installed using the standard yum repositories, and need to be manually downloaded and installed. When the installation requires internet connection to access third-party repositories, it will naturally fail when run in a Template VM because the default firewall rules for templates only allow connections to standard yum repositories. So it is necessary to modify firewall rules to allow less restrictive internet access for the time of the installation, if one really wants to install those applications into a template. As soon as software installation is completed, firewall rules should be returned back to the default state. The user should decided by themselves whether such third-party applications should be equally trusted as the ones that come from the standard Fedora signed repositories and whether their installation will not compromise the default Template VM, and potentially consider installing them into a separate template or a standalone VM (in which case the problem of limited networking access doesn't apply by default), as described above. -Updates proxy +Updates proxy (some content applies only to versions earlier than R3.2) ------------- Updates proxy is a service which filter http access to allow access to only something that looks like yum or apt repository. This is meant to mitigate user errors (like using browser in the template VM), rather than some real isolation. It is done with http proxy instead of simple firewall rules because it is hard to list all the repository mirrors (and keep that list up to date). The proxy is used only to filter the traffic, not to cache anything. -The proxy is running in selected VMs (by default all the NetVMs (1)) and intercept traffic directed to 10.137.255.254:8082. Thanks to such configuration all the VMs can use the same proxy address, and if there is a proxy on network path, it will handle the traffic (of course when firewall rules allows that). If the VM is configured to have access to the updates proxy (2), the startup scripts will automatically configure yum to really use the proxy (3). Also access to updates proxy is independent of any other firewall settings (VM will have access to updates proxy, even if policy is set to block all the traffic). +The proxy is running in selected VMs (by default all the NetVMs (1)) and intercept traffic directed to 10.137.255.254:8082. Thanks to such configuration all the VMs can use the same proxy address, and if there is a proxy on network path, it will handle the traffic (of course when firewall rules allows that). If the VM is configured to have access to the updates proxy (2), the startup scripts will automatically configure dnf to really use the proxy (3). Also access to updates proxy is independent of any other firewall settings (VM will have access to updates proxy, even if policy is set to block all the traffic). (1) Services tab -\> "qubes-yum-proxy" entry; check qvm-service manual for details @@ -199,12 +208,12 @@ The proxy is running in selected VMs (by default all the NetVMs (1)) and interce line, or be empty. Note that this file is specifically included from main yum.conf, yum does not support real conf.d configuration style... -Note on treating AppVM's root filesystem non-persistency as a security feature +Note on treating AppVM's root filesystem non-persistence as a security feature ------------------------------------------------------------------------------ As explained above, any AppVM that is based on a Template VM (i.e. which is not a Standalone VM) has its root filesystem non-persistent across the VM reboots. In other words whatever changes the VM makes (or the malware running in this AppVM makes) to its root filesystem, are automatically discarded whenever one restarts the AppVM. This might seem like an excellent anti-malware mechanism to be used inside the AppVM... -However, one should be careful with treating this property as a reliable way to keep the AppVM malware-free. This is because the non-persistency, in case of normal AppVMs, applies only to the root filesystem and not to the user filesystem (on which the `/home`, `/rw`, and `/usr/local` are stored) for obvious reasons. It is possible that malware, especially malware that could be specifically written to target a Qubes-based AppVMs, could install its hooks inside the user home directory files only. Examples of obvious places for such hooks could be: `.bashrc`, the Firefox profile directory which contains the extensions, or some PDF or DOC documents that are expected to be opened by the user frequently (assuming the malware found an exploitable bug in the PDF or DOC reader), and surely many others places, all in the user's home directory. +However, one should be careful with treating this property as a reliable way to keep the AppVM malware-free. This is because the non-persistence, in case of normal AppVMs, applies only to the root filesystem and not to the user filesystem (on which the `/home`, `/rw`, and `/usr/local` are stored) for obvious reasons. It is possible that malware, especially malware that could be specifically written to target a Qubes-based AppVMs, could install its hooks inside the user home directory files only. Examples of obvious places for such hooks could be: `.bashrc`, the Firefox profile directory which contains the extensions, or some PDF or DOC documents that are expected to be opened by the user frequently (assuming the malware found an exploitable bug in the PDF or DOC reader), and surely many others places, all in the user's home directory. One advantage of the non-persistent rootfs though, is that the malware is still inactive before the user's filesystem gets mounted and "processed" by system/applications, which might theoretically allow for some scanning programs (or a skilled user) to reliably scan for signs of infections of the AppVM. But, of course, the problem of finding malware hooks in general is hard, so this would work likely only for some special cases (e.g. an AppVM which doesn't use Firefox, as otherwise it would be hard to scan the Firefox profile directory reliably to find malware hooks there). Also note that the user filesystem's metadata might got maliciously modified by malware in order to exploit a hypothetical bug in the AppVM kernel whenever it mounts the malformed filesystem. However, these exploits will automatically stop working (and so the infection might be cleared automatically) after the hypothetical bug got patched and the update applied (via template update), which is an exceptional feature of Qubes OS. From fb07f0adb900c506dd1d389a138dd41e32235b0c Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 27 Jan 2018 11:27:06 -0600 Subject: [PATCH 18/20] Remove "VM secure update mechanism (forthcoming)" QubesOS/qubes-issues#3495 --- doc.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc.md b/doc.md index 6ce1320f..ae932399 100644 --- a/doc.md +++ b/doc.md @@ -245,7 +245,6 @@ Services * [Implementation of DisposableVMs](/doc/dvm-impl/) * [Article about disposable VMs](http://theinvisiblethings.blogspot.com/2010/06/disposable-vms.html) * [Dom0 secure update mechanism](/doc/dom0-secure-updates/) - * VM secure update mechanism (forthcoming) Debugging --------- From 073f55da60c4afd7fa5744f89159e0ded324051b Mon Sep 17 00:00:00 2001 From: Michael Carbone Date: Sun, 28 Jan 2018 09:01:28 -0500 Subject: [PATCH 19/20] various fixes fixed formatting, pushed all mentor="inquire qubes-devel" to the bottom. --- basics_dev/gsoc.md | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index f285fcf8..19d4deff 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -480,6 +480,18 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618). **Mentor**: [Marek Marczykowski-Górecki](/team/) +### Generalize the Qubes PDF Converter to other types of files + +**Project**: Qubes Converters + +**Brief explanation**: One of the pioneering ideas of Qubes is to use disposable virtual machines to convert untrustworthy files (such as documents given to journalists by unknown and potentially malicious whistleblowers) into trusthworhty files. See [Joanna's blog on the Qubes PDF Convert](http://theinvisiblethings.blogspot.co.uk/2013/02/converting-untrusted-pdfs-into-trusted.html) for details of the idea. Joanna has implemented a prototype for PDF documents. The goal of this project would be to generalize beyond the simple prototype to accommodate a wide variety of file formats, including Word documents, audio files, video files, spreadsheets, and so on. The converters should prioritise safety over faithful conversion. For example the Qubes PDF converter typically leads to lower quality PDFs (e.g. cut and paste is no longer possible), because this makes the conversion process safer. + +**Expected results**: We expect that in the timeframe, it will be possible to implement many converters for many file formats. However, if any unexpected difficulties arise, we would prioritise a small number of safe and high quality converters over a large number of unsafe or unuseful converters. + +**Knowledge prerequisite**: Most of the coding will probably be implemented as shell scripts to interface with pre-existing converts (such as ImageMagick in the Qubes PDF converter). However, shell scripts are not safe for processing untrusted data, so any extra processing will need to be implemented in another language -- probably Python. + +**Mentors**: Andrew Clausen and Jean-Philippe Ouellet + ### Mitigate focus-stealing attacks **Project**: Mitigate focus-stealing attacks @@ -489,7 +501,7 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618). **Knoledge prerequisite**: X APIs, Qubes GUI protocol, familiarity with the targeted window manager. -**Mentor**: +**Mentor**: Inquire on [qubes-devel][ml-devel]. ### Progress towards reproducible builds **Project**: Progress towards reproducible builds @@ -506,7 +518,7 @@ for more information and qubes-specific background. **Knoledge prerequisite**: qubes-builder [[1]](https://www.qubes-os.org/doc/qubes-builder/) [[2]](https://www.qubes-os.org/doc/qubes-builder-details/) [[3]](https://github.com/QubesOS/qubes-builder/tree/master/doc), and efficient at introspecting complex systems: comfortable with tracing and debugging tools, ability to quickly identify and locate issues within a large codebase (upstream build tools), etc. -**Mentor**: +**Mentor**: Inquire on [qubes-devel][ml-devel]. ### Android development in Qubes @@ -521,19 +533,8 @@ Details, reference: [#2233](https://github.com/QubesOS/qubes-issues/issues/2233) **Knowledge prerequisite**: -**Mentor**: +**Mentor**: Inquire on [qubes-devel][ml-devel]. -### Generalize the Qubes PDF Converter to other types of files - -**Project**: Qubes Converters - -**Brief explanation**: One of the pioneering ideas of Qubes is to use disposable virtual machines to convert untrustworthy files (such as documents given to journalists by unknown and potentially malicious whistleblowers) into trusthworhty files. See [Joanna's blog on the Qubes PDF Convert](http://theinvisiblethings.blogspot.co.uk/2013/02/converting-untrusted-pdfs-into-trusted.html) for details of the idea. Joanna has implemented a prototype for PDF documents. The goal of this project would be to generalize beyond the simple prototype to accommodate a wide variety of file formats, including Word documents, audio files, video files, spreadsheets, and so on. The converters should prioritise safety over faithful conversion. For example the Qubes PDF converter typically leads to lower quality PDFs (e.g. cut and paste is no longer possible), because this makes the conversion process safer. - -**Expected results**: We expect that in the timeframe, it will be possible to implement many converters for many file formats. However, if any unexpected difficulties arise, we would prioritise a small number of safe and high quality converters over a large number of unsafe or unuseful converters. - -**Knowledge prerequisite**: Most of the coding will probably be implemented as shell scripts to interface with pre-existing converts (such as ImageMagick in the Qubes PDF converter). However, shell scripts are not safe for processing untrusted data, so any extra processing will need to be implemented in another language -- probably Python. - -**Mentors**: Andrew Clausen and Jean-Philippe Ouellet ---- We adapted some of the language here about GSoC from the [KDE GSoC page](https://community.kde.org/GSoC). From db966b207bbd038b312ee2eabffb31f33edbe2a4 Mon Sep 17 00:00:00 2001 From: Michael Carbone Date: Sun, 28 Jan 2018 09:02:49 -0500 Subject: [PATCH 20/20] standardize formatting of "GUI" --- basics_dev/gsoc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basics_dev/gsoc.md b/basics_dev/gsoc.md index f285fcf8..7a502e8d 100644 --- a/basics_dev/gsoc.md +++ b/basics_dev/gsoc.md @@ -413,8 +413,8 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618). **Mentor**: [Rafał Wojdyła](/team/) -### Gui agent for Windows 8/10 -**Project**: Gui agent for Windows 8/10 +### GUI agent for Windows 8/10 +**Project**: GUI agent for Windows 8/10 **Brief explanation**: Add support for Windows 8+ to the Qubes GUI agent and video driver. Starting from Windows 8, Microsoft requires all video drivers to conform to the WDDM display driver model which is incompatible with the current Qubes video driver. Unfortunately the WDDM model is much more complex than the old XPDM one and officially *requires* a physical GPU device (which may be emulated). Some progress has been made to create a full WDDM driver that *doesn't* require a GPU device, but the driver isn't working correctly yet. Alternatively, WDDM model supports display-only drivers which are much simpler but don't have access to system video memory and rendering surfaces (a key feature that would simplify seamless GUI mode). [#1861](https://github.com/QubesOS/qubes-issues/issues/1861)