Problem buildung a fedora-29-minimal-based sys-usb AppVM

[799]

Hello,

since the first days using Qubes I made notes how I setup my templates and AppVMs to able to rebuild my system from scratch if parts of it get compromised or if I migrate the system to other hardware.

I have been able to rebuild all my Sys-VMs (sys-net / sys-firewall / sys-usb) from a fedora-26-minimal and fedora-28-minimal template but I am struggling to do the same from a fedora-29-minimal template:

I am unable to get a working sys-usb AppVM.

Steps to reproduce:

#base template

template=fedora-29-minimal

#name of the new custom build template

systemplate=t-fedora-29-sys

#clone template

qvm-clone $template $systemplate

# update template

qvm-run --auto --user root --pass-io --no-gui $systemplate 'dnf update -y'

# install a missing package for fedora-29-minimal without it, gui-apps will not start

qvm-run --auto --user root --pass-io --no-gui $systemplate 'dnf install -y e2fsprogs'

# Install required packages for Sys-VMs

qvm-run --auto --user root --pass-io --no-gui $systemplate \

    'dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd \

     qubes-core-agent-networking polkit qubes-core-agent-network-manager \

     notification-daemon qubes-core-agent-dom0-updates qubes-usb-proxy \

     iwl6000g2a-firmware qubes-input-proxy-sender iproute iputils \

     NetworkManager-openvpn NetworkManager-openvpn-gnome \

     NetworkManager-wwan NetworkManager-wifi network-manager-applet'

I use this new template as base for my sys-net and sys-firewall AppVms everything works, but sys-usb will not work as USB devices can't be mounted, even within the sys-usb VM.

QUESTION:

Any idea what I am missing, to get a sys-usb AppVM which is based on a custom build fedora-29-minimal based template?

If I use the default (fat) fedora-29 AppVM from the Qubes Repository as Template for sys-usb, it is working fine.

So it is possible to use fedora-29 for sys-usb, but it seems that I am missing some part to get it work when building a template from the ground up Uusing fedora-29-minimal as base template)

- O

[awokd]

799 wrote on 2/26/19 10:15 PM:

This worked first try for me using your package list. I was able to use
both qvm-block to attach and browse a USB drive's partition, as well as
qvm-usb to pass the entire device. Could you be missing firmware for
your USB controller?

[799]

Hello Awokd,

On Sat, 30 Mar 2019 at 16:32, awokd <aw...@danwin1210.me> wrote:

> [...]

> QUESTION:
> Any idea what I am missing, to get a sys-usb AppVM which is based on a
> custom build fedora-29-minimal based template?

This worked first try for me using your package list. I was able to use
both qvm-block to attach and browse a USB drive's partition, as well as
qvm-usb to pass the entire device. Could you be missing firmware for
your USB controller?

I did some more tests and it is possible to mount my USB harddrive in the sys-usb VM which is based on my custom build fedora-29-minimal template.

Therefor I don't think that I am missing any drivers, additionaly I can use my mouse when it is attached to the USB port, which would likely also not work, if I am missing drivers.

The problem is that I am unable to connect a partition or the whole usb device to another AppVM.

From dom0 it looks like it is connected, but the device will not be visible in the other AppVM.

Another thing I have discovered is, that with the fedora-28 (fat template) nautilus will show the partitions of an attached USB drive and clicking on it will mount those partitions. If I use sys-usb with my custom built template nautilus doesn't show the partitions (neither in sys-usb / nor in the AppVM).

As mentioned I am able to mount the harddrive manually in my sys-usb, but not via the GUI.

Can you tell me if this is working for you?

- O

 

[awokd]

799 wrote on 3/31/19 10:45 AM:

Yes, I was able to mount and browse a partition from a different AppVM
with both qvm-block and qvm-usb using a fedora-29-minimal sys-usb with
your package list. You did set it to HVM and turn off memory balancing,
right? I was using a debian-9 AppVM, but don't think that would make any
difference.

[awokd]

'awokd' via qubes-users wrote on 3/31/19 2:08 PM:

You might also try reinstalling the fedora-29-minimal template again.
Maybe there was a recent bug fix.