Qubes R4.0 technology preview
1,454 views
Skip to first unread message
Wojtek Porczyk
Dec 23, 2015, 8:51:32 PM12/23/15
to qubes...@googlegroups.com
Hi all,
As a Christmas present, I uploaded Qubes R4.0-alpha1 ISO. It features
brand-new core-admin branch called core3-devel ("3" because it was meant
for 3.0, but I didn't finish it on time). The "qubes" Python package was
rewritten from scratch, as the basic qvm-* and qubes-* tools will be.
More info (and blog post) are coming after the holidays, but if you are
on CCC and like to know more, please come to our assembly! [1]
The image is not usable, at present you cannot do anything resonable
with it. It is just a technology preview. At most you can start
terminal.
And please, do not let it destroy the Christmas. Try it after, and spend
Christmas with your family. So no "happy hacking" today. ;)
[1] https://events.ccc.de/congress/2015/wiki/Assembly:Qubes
Outstanding issues
------------------
At present those commands are in working order:
qubes-create
qubes-prefs
qvm-create
qvm-kill
qvm-ls
qvm-prefs
qvm-start
The rest *does not work*. (Yet).
Other features which do not work:
qubes-manager
salt
HVM
DispVM
TemplateVM cannot be started (but AppVMs which use it, can be)
Debian template is not included in the ISO and currently untested, but
it is likely working.
HOWTO
-----
1. Download and verify ISO. It is signed by my personal key.
Burn it onto USB stick and install normally.
2. In firstboot, when asked about creating VM, select last "advanced"
option (which disables preconfiguration, as it is broken).
3. Log in, launch terminal in dom0. Issue commands:
sudo mv /usr/lib{64,}/python2.7/site-packages/qubes/qdb.so
qubes-create
qvm-create --no-root --class TemplateVM --label black fedora-23
qvm-create --template fedora-23 --label red untrusted
# qvm-run does not work yet!
qvm-start fedora-23
/usr/lib/qubes/qrexec/client -n untrusted user:gnome-terminal
There is a bug in handling libvirt UUIDs. If you see a traceback which
ends with:
libvirt.libvirtError: operation failed: domain 'untrusted' already exists with uuid 01234567-1234-1234-1234-0123456789ab
you have to manually update /var/lib/qubes/qubes.xml. Open it with an
editor and add the following node under <properties> in the respective
domain (copy actual value from the error message):
<property name="uuid">01234567-1234-1234-1234-0123456789ab</property>
Then issue the failed command again. If you end up with domain partially
started, just qvm-kill it and start over.
Download links
--------------
http://ftp.qubes-os.org/~woju/iso/Qubes-R4.0-alpha1-x86_64-DVD.iso (2.9G)
http://ftp.qubes-os.org/~woju/iso/Qubes-R4.0-alpha1-x86_64-DVD.iso.asc
ETA 24.12.2015 09:00 UTC
Build it yourself
-----------------
git clone https://github.com/woju/qubes-builder builder-core3
cd builder-core3
git tag -v $(git tag --points-at HEAD | head -n 1)
cp example-configs/qubes-os-core3.conf builder.conf
make I_PROMISE_TO_SUPPLY_BUGS_WITH_PATCHES=1 qubes iso
--
Merry Christmas :) _.-._
Wojtek Porczyk .-^' '^-.
Invisible Things Lab |'-.-^-.-'|
| | | |
I do not fear computers, | '-.-' |
I fear lack of them. '-._ : ,-'
-- Isaac Asimov `^-^-_>
As a Christmas present, I uploaded Qubes R4.0-alpha1 ISO. It features
brand-new core-admin branch called core3-devel ("3" because it was meant
for 3.0, but I didn't finish it on time). The "qubes" Python package was
rewritten from scratch, as the basic qvm-* and qubes-* tools will be.
More info (and blog post) are coming after the holidays, but if you are
on CCC and like to know more, please come to our assembly! [1]
The image is not usable, at present you cannot do anything resonable
with it. It is just a technology preview. At most you can start
terminal.
And please, do not let it destroy the Christmas. Try it after, and spend
Christmas with your family. So no "happy hacking" today. ;)
[1] https://events.ccc.de/congress/2015/wiki/Assembly:Qubes
Outstanding issues
------------------
At present those commands are in working order:
qubes-create
qubes-prefs
qvm-create
qvm-kill
qvm-ls
qvm-prefs
qvm-start
The rest *does not work*. (Yet).
Other features which do not work:
qubes-manager
salt
HVM
DispVM
TemplateVM cannot be started (but AppVMs which use it, can be)
Debian template is not included in the ISO and currently untested, but
it is likely working.
HOWTO
-----
1. Download and verify ISO. It is signed by my personal key.
Burn it onto USB stick and install normally.
2. In firstboot, when asked about creating VM, select last "advanced"
option (which disables preconfiguration, as it is broken).
3. Log in, launch terminal in dom0. Issue commands:
sudo mv /usr/lib{64,}/python2.7/site-packages/qubes/qdb.so
qubes-create
qvm-create --no-root --class TemplateVM --label black fedora-23
qvm-create --template fedora-23 --label red untrusted
# qvm-run does not work yet!
qvm-start fedora-23
/usr/lib/qubes/qrexec/client -n untrusted user:gnome-terminal
There is a bug in handling libvirt UUIDs. If you see a traceback which
ends with:
libvirt.libvirtError: operation failed: domain 'untrusted' already exists with uuid 01234567-1234-1234-1234-0123456789ab
you have to manually update /var/lib/qubes/qubes.xml. Open it with an
editor and add the following node under <properties> in the respective
domain (copy actual value from the error message):
<property name="uuid">01234567-1234-1234-1234-0123456789ab</property>
Then issue the failed command again. If you end up with domain partially
started, just qvm-kill it and start over.
Download links
--------------
http://ftp.qubes-os.org/~woju/iso/Qubes-R4.0-alpha1-x86_64-DVD.iso (2.9G)
http://ftp.qubes-os.org/~woju/iso/Qubes-R4.0-alpha1-x86_64-DVD.iso.asc
ETA 24.12.2015 09:00 UTC
Build it yourself
-----------------
git clone https://github.com/woju/qubes-builder builder-core3
cd builder-core3
git tag -v $(git tag --points-at HEAD | head -n 1)
cp example-configs/qubes-os-core3.conf builder.conf
make I_PROMISE_TO_SUPPLY_BUGS_WITH_PATCHES=1 qubes iso
--
Merry Christmas :) _.-._
Wojtek Porczyk .-^' '^-.
Invisible Things Lab |'-.-^-.-'|
| | | |
I do not fear computers, | '-.-' |
I fear lack of them. '-._ : ,-'
-- Isaac Asimov `^-^-_>
Eric Shelton
Dec 24, 2015, 9:44:13 AM12/24/15
to qubes-devel, wo...@invisiblethingslab.com
On Wednesday, December 23, 2015 at 8:51:32 PM UTC-5, Wojtek Porczyk wrote:
Hi all,
As a Christmas present, I uploaded Qubes R4.0-alpha1 ISO. It features
brand-new core-admin branch called core3-devel ("3" because it was meant
for 3.0, but I didn't finish it on time). The "qubes" Python package was
rewritten from scratch, as the basic qvm-* and qubes-* tools will be.
More info (and blog post) are coming after the holidays, but if you are
on CCC and like to know more, please come to our assembly!
I know you said more info will be forthcoming, but is there already something out there that explains what is different about core3 over the current generation?
Thanks,
Eric
Outback Dingo
Dec 25, 2015, 4:22:30 AM12/25/15
to Eric Shelton, qubes-devel, wo...@invisiblethingslab.com
well... thanks for the work, but rediculous download times 122 KB/s - 30.2 MB of 2.8 GB, 7 hours left
--
You received this message because you are subscribed to the Google Groups "qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/d432be00-9441-4471-b5a3-e1e4fe258d06%40googlegroups.com.
Wojtek Porczyk
Dec 27, 2015, 6:39:50 AM12/27/15
to Eric Shelton, qubes-devel
core hacking easier, because the "current generation" is barely
maintainable and scared off many people. There is API documentation
available at http://ftp.qubes-os.org/~woju/core3doc/, although it is yet
unofficial and a few commits old.
The main technical difference is the representation of a VM. There is
new subsystem for events (replaces _hooks, which creeped through the
source). Several modules were (or will be) renamed (there will be no
more putting external files into /usr/lib*/python*/site-packages/qubes/,
like qdb.so). Storage subsystem is being rewritten. Also, the VM classes
will be slightly different; the most affected class will be DispVM,
which will change definition from "domain started from xen savefile" to
"domain without private.img". HVMs will be merged into plain VMs.
--
regards, _.-._
Iestyn Best
Apr 12, 2016, 8:50:22 PM4/12/16
to qubes-devel
Hi,
Just out of curiosity, is there anything new working with Release 4.0? Is there a new Alpha? If we were to use the Qubes-build script, would we get a different system to what is in the pre-built ISO above.
Just interested to know what the latest developments are.
Regards,
Iestyn Best
Wojtek Porczyk
Apr 13, 2016, 6:34:15 AM4/13/16
to Iestyn Best, qubes-devel
core3 api. Some new qvm-tools became available. There are many new
tests, many of them still fail. The API documentation was slightly updated:
https://ftp.qubes-os.org/~woju/core3doc/.
--
pozdrawiam / best regards _.-._
Reply all
Reply to author
Forward
0 new messages