qrexec based updates proxy - TemplateVMs with NetVM set to 'none'
29 views
Skip to first unread message
Patrick Schleizer
Mar 18, 2016, 8:42:16 PM3/18/16
to qubes...@googlegroups.com
Hi!
> implement qrexec based updates proxy [0]
> have updates proxy running over qrexec instead of TCP/IP, so template
will not have its own netvm at all
Does that ticket include 'set NetVM of TemplateVMs to none' by default?
Depending on that, I should edit the ticket or create another one for
that purpose, I think.
I would tend to suggesting making this a two step process. (implement
qrexec based updates proxy and later set NetVM of TemplateVMs to none)
And if so, tb-updater that will automatically run in
Qubes-Whonix-Workstation 13 TemplateVMs by default that requires
networking [1], would also need a solution. Mostly teaching tb-updater
to use the qrexec based updates proxy?
Cheers,
Patrick
[0] https://github.com/QubesOS/qubes-issues/issues/1854
[1] https://www.whonix.org/wiki/Tor_Browser#tb-updater_postinst
> implement qrexec based updates proxy [0]
> have updates proxy running over qrexec instead of TCP/IP, so template
will not have its own netvm at all
Does that ticket include 'set NetVM of TemplateVMs to none' by default?
Depending on that, I should edit the ticket or create another one for
that purpose, I think.
I would tend to suggesting making this a two step process. (implement
qrexec based updates proxy and later set NetVM of TemplateVMs to none)
And if so, tb-updater that will automatically run in
Qubes-Whonix-Workstation 13 TemplateVMs by default that requires
networking [1], would also need a solution. Mostly teaching tb-updater
to use the qrexec based updates proxy?
Cheers,
Patrick
[0] https://github.com/QubesOS/qubes-issues/issues/1854
[1] https://www.whonix.org/wiki/Tor_Browser#tb-updater_postinst
Marek Marczykowski-Górecki
Mar 19, 2016, 6:03:19 AM3/19/16
to Patrick Schleizer, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, Mar 19, 2016 at 12:42:07AM +0000, Patrick Schleizer wrote:
> Hi!
>
> > implement qrexec based updates proxy [0]
>
> > have updates proxy running over qrexec instead of TCP/IP, so template
> will not have its own netvm at all
>
> Does that ticket include 'set NetVM of TemplateVMs to none' by default?
Not sure about that.
But probably worth a separate ticket.
> Depending on that, I should edit the ticket or create another one for
> that purpose, I think.
>
> I would tend to suggesting making this a two step process. (implement
> qrexec based updates proxy and later set NetVM of TemplateVMs to none)
>
> And if so, tb-updater that will automatically run in
> Qubes-Whonix-Workstation 13 TemplateVMs by default that requires
> networking [1], would also need a solution. Mostly teaching tb-updater
> to use the qrexec based updates proxy?
I think, tb-updater will need to use updates proxy anyway,
regardless of qrexec or TCP based proxy. Because by default template
don't have full network access (unless it is connected to Whonix gateway
in current implementation...).
> Cheers,
> Patrick
>
> [0] https://github.com/QubesOS/qubes-issues/issues/1854
> [1] https://www.whonix.org/wiki/Tor_Browser#tb-updater_postinst
>
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW7SPcAAoJENuP0xzK19csIywH/1JoViFuAG5hBf6lGDUW/mvh
iPe2Vs5u0uliqiJ2IYgx/Xea0OAUITYC0QhYzaIee4phTb1J/ufXnLONVg4Vc/Dt
Qzck3IQGEKa+NGe/iKr4lADPtUQxuxQnzxEr32LNPhhmsLHpMKO3/8Til1cWm6mS
UfgoqHtI97WwgehFTfT9yE+NdNrYXPpnpaC0wnINdgUxSBHhilGZG99uyfukNjDT
DQeqJ7NBtj/L4VXd7uIKQig1d1uFwWTL5VMyb79XjPFWMlpT6z91PTAW7bFyEDXZ
gfssub828lmhBBDsGT1/M+QwEDQ7Ha1uh+FhlCw1F6JvOGIFjwgMUG5EvmmG6cw=
=VZDt
-----END PGP SIGNATURE-----
Hash: SHA256
On Sat, Mar 19, 2016 at 12:42:07AM +0000, Patrick Schleizer wrote:
> Hi!
>
> > implement qrexec based updates proxy [0]
>
> > have updates proxy running over qrexec instead of TCP/IP, so template
> will not have its own netvm at all
>
> Does that ticket include 'set NetVM of TemplateVMs to none' by default?
But probably worth a separate ticket.
> Depending on that, I should edit the ticket or create another one for
> that purpose, I think.
>
> I would tend to suggesting making this a two step process. (implement
> qrexec based updates proxy and later set NetVM of TemplateVMs to none)
>
> And if so, tb-updater that will automatically run in
> Qubes-Whonix-Workstation 13 TemplateVMs by default that requires
> networking [1], would also need a solution. Mostly teaching tb-updater
> to use the qrexec based updates proxy?
regardless of qrexec or TCP based proxy. Because by default template
don't have full network access (unless it is connected to Whonix gateway
in current implementation...).
> Cheers,
> Patrick
>
> [0] https://github.com/QubesOS/qubes-issues/issues/1854
> [1] https://www.whonix.org/wiki/Tor_Browser#tb-updater_postinst
>
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW7SPcAAoJENuP0xzK19csIywH/1JoViFuAG5hBf6lGDUW/mvh
iPe2Vs5u0uliqiJ2IYgx/Xea0OAUITYC0QhYzaIee4phTb1J/ufXnLONVg4Vc/Dt
Qzck3IQGEKa+NGe/iKr4lADPtUQxuxQnzxEr32LNPhhmsLHpMKO3/8Til1cWm6mS
UfgoqHtI97WwgehFTfT9yE+NdNrYXPpnpaC0wnINdgUxSBHhilGZG99uyfukNjDT
DQeqJ7NBtj/L4VXd7uIKQig1d1uFwWTL5VMyb79XjPFWMlpT6z91PTAW7bFyEDXZ
gfssub828lmhBBDsGT1/M+QwEDQ7Ha1uh+FhlCw1F6JvOGIFjwgMUG5EvmmG6cw=
=VZDt
-----END PGP SIGNATURE-----
Patrick Schleizer
Mar 19, 2016, 2:20:38 PM3/19/16
to qubes...@googlegroups.com
Marek Marczykowski-Górecki:
>> Depending on that, I should edit the ticket or create another one for
>> that purpose, I think.
>
>> I would tend to suggesting making this a two step process. (implement
>> qrexec based updates proxy and later set NetVM of TemplateVMs to none)
>
>> And if so, tb-updater that will automatically run in
>> Qubes-Whonix-Workstation 13 TemplateVMs by default that requires
>> networking [1], would also need a solution. Mostly teaching tb-updater
>> to use the qrexec based updates proxy?
>
> I think, tb-updater will need to use updates proxy anyway,
> regardless of qrexec or TCP based proxy. Because by default template
> don't have full network access (unless it is connected to Whonix gateway
> in current implementation...).
Created https://phabricator.whonix.org/T477 for it.
Cheers,
Patrick
> On Sat, Mar 19, 2016 at 12:42:07AM +0000, Patrick Schleizer wrote:
>> Hi!
>
>>> implement qrexec based updates proxy [0]
>
>>> have updates proxy running over qrexec instead of TCP/IP, so template
>> will not have its own netvm at all
>
>> Does that ticket include 'set NetVM of TemplateVMs to none' by default?
>
> Not sure about that.
>
> But probably worth a separate ticket.
Created https://github.com/QubesOS/qubes-issues/issues/1858 for it.
>> Hi!
>
>>> implement qrexec based updates proxy [0]
>
>>> have updates proxy running over qrexec instead of TCP/IP, so template
>> will not have its own netvm at all
>
>> Does that ticket include 'set NetVM of TemplateVMs to none' by default?
>
> Not sure about that.
>
> But probably worth a separate ticket.
>> Depending on that, I should edit the ticket or create another one for
>> that purpose, I think.
>
>> I would tend to suggesting making this a two step process. (implement
>> qrexec based updates proxy and later set NetVM of TemplateVMs to none)
>
>> And if so, tb-updater that will automatically run in
>> Qubes-Whonix-Workstation 13 TemplateVMs by default that requires
>> networking [1], would also need a solution. Mostly teaching tb-updater
>> to use the qrexec based updates proxy?
>
> I think, tb-updater will need to use updates proxy anyway,
> regardless of qrexec or TCP based proxy. Because by default template
> don't have full network access (unless it is connected to Whonix gateway
> in current implementation...).
Cheers,
Patrick
Reply all
Reply to author
Forward
0 new messages