Preliminary test image of Qubes 4.0
525 views
Skip to first unread message
Marek Marczykowski-Górecki
Jul 6, 2017, 5:44:36 PM7/6/17
to qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi all,
Here is long awaited test image of upcoming Qubes 4.0-rc1. This isn't "release
candidate" yet, because there are still some missing parts. Don't try to use it
for anything serious yet.
Known issues/limitations:
- in-place upgrade is not supported (this will be the case for the final
release too)
- backup / restore do not work yet - no way to move the data from Qubes 3.2
- on some machines (Librem 13v1, 15v2) sys-usb crashes at startup
- on some machines (Thinkpad t460p) installation crashes when started from USB
3.0 stick; works fine from USB 2.0
- this ISO contains only Fedora 25 and Debian 8 templates, no Whonix templates
- there is no GUI tool to create VMs and change theirs settings yet; same for
adding applications to the menu
- new devices widget do not start automatically - you need to launch it
with "qui-devices" command
- time synchronization do not work (qvm-sync-clock)
- VM windows do not have appropriate icons retrieved
- application entries in the menu lack icons
- `qvm-run --pass-io` wait for local EOF (ctrl-d), even if remote process
already have exited
- the above applies also to qubes-dom0-update tool (which use qvm-run
internally) - you need to press ctrl-d after package download to continue
with update
- `qvm-run -u root` doesn't work on debian-8 template
- `qvm-shutdown --all` do not work, and consequently system shutdown hangs
- gnome terminal and other applications using dbus activation do not work;
xterm do work
- initial configuration fails with "name 'default_dispvm' not defined'
- Disposable VMs do not work
A lot of things under the hood are different from Qubes 3.2, but most command
line tools are the same - possibly with slightly different options.
After installing it, we recommend to enable testing repositories (both in
dom0 and templates) and install updates. We are working hard on fixing those
remaining issues, so new packages may be already available with some
fixes.
As announced earlier, by default all VMs are HVM. This means it requires IOMMU
(aka VT-d on Intel CPU) for working sys-net and sys-usb. In this test image,
we've left enabled window of VM's local display, during its startup - so you'll
easily see if anything goes wrong. Additionally there are three ways of booting
VM:
- as HVM, using kernel provided by dom0 - this is default, it's controlled by
non-empty "kernel" VM property and "hvm" set to True
- as HVM, using bootloader and kernel installed inside template - to enable
this mode, set "kernel" property to empty string:
qvm-prefs VMNAME kernel ""
- as PV, using kernel provided by dom0 - we've left this option available
mostly for now, later it will be converted to PVH (when it will finally
works...); to enable this mode, keep kernel set to appropriate version, then
set "hvm" property to False
Troubleshooting hints:
- if you get "Got empty response from qubesd" error, look into journalctl in dom0
- if you get "internal error: libxenlight failed ...", look into
/var/log/libvirt/libxl/libxl-driver.log in dom0
- to access VM console either enable debug mode (qvm-prefs VMNAME debug True)
and use its graphics output, or use `sudo xl console -t pv VMNAME`
If you want to send a bug report, please check if it isn't reported already -
both in qubes-issues and on a mailing list. Also, if you want to report
something on the above "known issues" list - we know it already...
Download links:
https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170706.iso
https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170706.iso.asc
(signed with my code signing key)
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZXq8/AAoJENuP0xzK19csHr0H/R4LW1QpcX1VkLvr6OmUo7Uk
3Ly1/o8NIVRyjJQDc6S6sC0qSdUjKeHgq5qZaDO6aEPzztWTy52sjpbOBRqW426Y
ynDYBBXJ5MhkfSPMQj6vKmNu2LgoUT5l4c3TS6pCsOk+w4nRM4v3r/FGFO472K5V
XNPdCVc1EwIlbceqnmuU4+76KBmkil7om6digbmbwV7KPe7zryBp/pitCGuSIjeL
ACbj42G2Lo30jyUykL1QjlyWYmowr/MZPgRXnYQfVGeDYPhDzmiP5latRNqrB0pP
Ky1DG43cZpy51gYZOoMHOgfsVcO1uur/wR3yaIukKtyyTB0njfeD+L+tRx1BJgE=
=bvkI
-----END PGP SIGNATURE-----
Hash: SHA256
Hi all,
Here is long awaited test image of upcoming Qubes 4.0-rc1. This isn't "release
candidate" yet, because there are still some missing parts. Don't try to use it
for anything serious yet.
Known issues/limitations:
- in-place upgrade is not supported (this will be the case for the final
release too)
- backup / restore do not work yet - no way to move the data from Qubes 3.2
- on some machines (Librem 13v1, 15v2) sys-usb crashes at startup
- on some machines (Thinkpad t460p) installation crashes when started from USB
3.0 stick; works fine from USB 2.0
- this ISO contains only Fedora 25 and Debian 8 templates, no Whonix templates
- there is no GUI tool to create VMs and change theirs settings yet; same for
adding applications to the menu
- new devices widget do not start automatically - you need to launch it
with "qui-devices" command
- time synchronization do not work (qvm-sync-clock)
- VM windows do not have appropriate icons retrieved
- application entries in the menu lack icons
- `qvm-run --pass-io` wait for local EOF (ctrl-d), even if remote process
already have exited
- the above applies also to qubes-dom0-update tool (which use qvm-run
internally) - you need to press ctrl-d after package download to continue
with update
- `qvm-run -u root` doesn't work on debian-8 template
- `qvm-shutdown --all` do not work, and consequently system shutdown hangs
- gnome terminal and other applications using dbus activation do not work;
xterm do work
- initial configuration fails with "name 'default_dispvm' not defined'
- Disposable VMs do not work
A lot of things under the hood are different from Qubes 3.2, but most command
line tools are the same - possibly with slightly different options.
After installing it, we recommend to enable testing repositories (both in
dom0 and templates) and install updates. We are working hard on fixing those
remaining issues, so new packages may be already available with some
fixes.
As announced earlier, by default all VMs are HVM. This means it requires IOMMU
(aka VT-d on Intel CPU) for working sys-net and sys-usb. In this test image,
we've left enabled window of VM's local display, during its startup - so you'll
easily see if anything goes wrong. Additionally there are three ways of booting
VM:
- as HVM, using kernel provided by dom0 - this is default, it's controlled by
non-empty "kernel" VM property and "hvm" set to True
- as HVM, using bootloader and kernel installed inside template - to enable
this mode, set "kernel" property to empty string:
qvm-prefs VMNAME kernel ""
- as PV, using kernel provided by dom0 - we've left this option available
mostly for now, later it will be converted to PVH (when it will finally
works...); to enable this mode, keep kernel set to appropriate version, then
set "hvm" property to False
Troubleshooting hints:
- if you get "Got empty response from qubesd" error, look into journalctl in dom0
- if you get "internal error: libxenlight failed ...", look into
/var/log/libvirt/libxl/libxl-driver.log in dom0
- to access VM console either enable debug mode (qvm-prefs VMNAME debug True)
and use its graphics output, or use `sudo xl console -t pv VMNAME`
If you want to send a bug report, please check if it isn't reported already -
both in qubes-issues and on a mailing list. Also, if you want to report
something on the above "known issues" list - we know it already...
Download links:
https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170706.iso
https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170706.iso.asc
(signed with my code signing key)
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZXq8/AAoJENuP0xzK19csHr0H/R4LW1QpcX1VkLvr6OmUo7Uk
3Ly1/o8NIVRyjJQDc6S6sC0qSdUjKeHgq5qZaDO6aEPzztWTy52sjpbOBRqW426Y
ynDYBBXJ5MhkfSPMQj6vKmNu2LgoUT5l4c3TS6pCsOk+w4nRM4v3r/FGFO472K5V
XNPdCVc1EwIlbceqnmuU4+76KBmkil7om6digbmbwV7KPe7zryBp/pitCGuSIjeL
ACbj42G2Lo30jyUykL1QjlyWYmowr/MZPgRXnYQfVGeDYPhDzmiP5latRNqrB0pP
Ky1DG43cZpy51gYZOoMHOgfsVcO1uur/wR3yaIukKtyyTB0njfeD+L+tRx1BJgE=
=bvkI
-----END PGP SIGNATURE-----
pixel fairy
Jul 6, 2017, 11:51:24 PM7/6/17
to qubes-devel
On Thursday, July 6, 2017 at 2:44:36 PM UTC-7, Marek Marczykowski-Górecki wrote:
Download links:
https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170706.iso
https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170706.iso.asc
(signed with my code signing key)
wheres your code signing key?
Jean-Philippe Ouellet
Jul 7, 2017, 12:39:46 AM7/7/17
to pixel fairy, qubes-devel
Also here: https://keys.qubes-os.org/keys/qubes-developers-keys.asc
Those keys are signed by the master signing key (hopefully
427F11FD0FAA4B080123F01CDDFA1A3E36879494?) which you hopefully already
have a trusted copy of.
Grzesiek Chodzicki
Jul 8, 2017, 4:38:04 AM7/8/17
to qubes-devel
Will it be possible to upgrade from this version to full 4.0?
p.rasc...@googlemail.com
Jul 8, 2017, 12:41:01 PM7/8/17
to qubes-devel
Hello Marek,
Thank you for the link to the 'pre-release candidate'.
Would it be possible to have a page to collect feedback and to get informed if something from the known issue list get fixed?
Maybe a dedicated page in the docu on GitHub?
I'm also interested if it will be possible to upgrade from the pre-release candidate version to RC1 or the production release.
BTW:
Thank you and all other developers for your efforts.
Qubes OS got lots of attention in the last days/weeks in German IT media news.
Regards
- PhR
Thank you for the link to the 'pre-release candidate'.
Would it be possible to have a page to collect feedback and to get informed if something from the known issue list get fixed?
Maybe a dedicated page in the docu on GitHub?
I'm also interested if it will be possible to upgrade from the pre-release candidate version to RC1 or the production release.
BTW:
Thank you and all other developers for your efforts.
Qubes OS got lots of attention in the last days/weeks in German IT media news.
Regards
- PhR
Marek Marczykowski-Górecki
Jul 9, 2017, 8:16:34 PM7/9/17
to p.rasc...@googlemail.com, Grzesiek Chodzicki, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Sat, Jul 08, 2017 at 09:31:41AM -0700, p.raschdorff via qubes-devel wrote:
> Hello Marek,
>
> Thank you for the link to the 'pre-release candidate'.
> Would it be possible to have a page to collect feedback and to get informed if something from the known issue list get fixed?
>
> Maybe a dedicated page in the docu on GitHub?
I was thinking about it already - to create dedicated ticket with links
> Hello Marek,
>
> Thank you for the link to the 'pre-release candidate'.
> Would it be possible to have a page to collect feedback and to get informed if something from the known issue list get fixed?
>
> Maybe a dedicated page in the docu on GitHub?
to issues found here. Then you can subscribe to notification about
changes. But we have already something very similar - tickets filtering,
like this:
https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.0%22+label%3Abug
Not all things mentioned in my mail have appropriate tickets created,
but I'll fix that tomorrow or such.
> I'm also interested if it will be possible to upgrade from the pre-release candidate version to RC1 or the production release.
apply using upgrade procedure, but those things should be minor. For
example default timezone.
> BTW:
> Thank you and all other developers for your efforts.
> Qubes OS got lots of attention in the last days/weeks in German IT media news.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
XNr5tyUoAxEB9h9ioA2ry3ifyP6+UBaRvTIg/Mdp2U2+bZ/XIy0xPr4LStegY7gP
kddDbF9plByk3Z8ujxGKix3ktcEKmTI6BIGEdgUF0S2Ot8W44rjNjR9wT0XIi0v8
BXwtWlRoDjQtT5N2nXTMV9oNAVR8NzU4i81czGnxEkbQD1snJj43DP5p4i4U+MMN
KL2roUHzrc+kx8AeCsYvop12DgAFq5tGSXgXGEKq3iK5XBxioEsO5gqBAiDnS2JY
7+hfkLSbYGNN32rqCiwtc6rV0hZ16QCeK8oXpQ7o+cQKR/yhcdkVI5coxxEyhIU=
=8Wah
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages