Are there currently anyone assigned to update Qubes-Windows-Tools?

3,007 views
Skip to first unread message

Yuraeitha

unread,
Feb 2, 2018, 6:19:32 PM2/2/18
to qubes-devel

It seems omeg who has been maintaining Qubes-Windows-Tools the last few years, has gone inactive https://github.com/QubesOS/qubes-installer-qubes-os-windows-tools and thus far, it looks like no one else has picked up the project.

If it is not planned to be done any time soon, then that's alright, I can live with that. I'm already immensely grateful for everything the Qubes team has done. But it's not so easy for everyone though, some people are more heavily reliant on Windows than others for certain applications.

This post is NOT a complaint or anything of the sorts, but instead a question to settle expectations on the correct path, instead of looking every day for a new update, which can be a lot of uncertainty or for some people even anxiety and frustrations, when on Qubes 4 without a means to get Windows 7 installed. Essentially people who need Windows and would love to get Qubes 4, are caught in-between without any idea when or even if Windows 7 will be supported anytime in the near-term future.

In other words, just knowing it won't be anytime soon is in a way also very good news, because it puts expectations in the right place instead of uncertainty. Any such news-update on what is going on with it and what to expect, would be appreciated.

Also, I'm not entirely sure regarding the code itself, but it should be somewhat close to Qubes 4 in the current Qubes-Windows-Tools? For example the Qubes 3.2. Win7 restored from backup in Qubes 4, seems to more or less work, somewhat smoothly, but not perfect. If so, maybe someone else can help with bringing Qubes-Windos-Tools to Qubes 4? Unfortunately I have no coding skills of this sort though, otherwise I'd give it a shot.

Andrew David Wong

unread,
Feb 2, 2018, 11:06:20 PM2/2/18
to Yuraeitha, qubes-devel, Marek Marczykowski-Górecki
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2018-02-02 17:19, Yuraeitha wrote:
>
> It seems omeg who has been maintaining Qubes-Windows-Tools the last
> few years, has gone inactive

He is instead working on other projects for ITL's corporate clients,
so "inactive" is not quite accurate.

> https://github.com/QubesOS/qubes-installer-qubes-os-windows-tools
> and thus far, it looks like no one else has picked up the project.
>

Correct.

> If it is not planned to be done any time soon, then that's alright,
> I can live with that. I'm already immensely grateful for everything
> the Qubes team has done. But it's not so easy for everyone though,
> some people are more heavily reliant on Windows than others for
> certain applications.
>
> This post is NOT a complaint or anything of the sorts, but instead
> a question to settle expectations on the correct path, instead of
> looking every day for a new update, which can be a lot of
> uncertainty or for some people even anxiety and frustrations, when
> on Qubes 4 without a means to get Windows 7 installed. Essentially
> people who need Windows and would love to get Qubes 4, are caught
> in-between without any idea when or even if Windows 7 will be
> supported anytime in the near-term future.
>
> In other words, just knowing it won't be anytime soon is in a way
> also very good news, because it puts expectations in the right
> place instead of uncertainty. Any such news-update on what is going
> on with it and what to expect, would be appreciated.
>

As far as I know, Qubes Windows Tools continues to remain on
indefinite hold. We welcome anyone from the community with the
requisite skills to take over development (or just pitch in here and
there).

> Also, I'm not entirely sure regarding the code itself, but it
> should be somewhat close to Qubes 4 in the current
> Qubes-Windows-Tools? For example the Qubes 3.2. Win7 restored from
> backup in Qubes 4, seems to more or less work, somewhat smoothly,
> but not perfect. If so, maybe someone else can help with bringing
> Qubes-Windos-Tools to Qubes 4? Unfortunately I have no coding
> skills of this sort though, otherwise I'd give it a shot.
>

Sorry, I don't know.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlp1NS0ACgkQ203TvDlQ
MDCZYw//X/AlrUieQTF4ebMSab60xahi5erwpQc87Yzvb7WLLYBEnmY19d60M8IT
oOr6p3zroDc+VvwBW4vIcp4S7RUNIDbIyppulW+6eiFunQK8kZGpks+RKfntxwEq
Z8MCFeVNCedn43AGc6DCOLFrSsQVUR0LKVGIcI/Lhoe60zdvoMofnlF2hHRzWqvb
9UYuu/Kiqyy8RVyNq1LSNJ4/5jIIFDoxk12Wngc3s22OU5/u6I2vlnUHHwDC/X6n
kbWSa8ltdKIOpglWxf34G7G60kdQVLfqw88mFzGUMk02EOeGkErMuG39wzCCGWyA
0Yp+KWeUaTH7mzUVTHR4G0uuWlFx7IaXUWOSJVmuSjItCQ4s7qbZ8A78ajN1aLYd
JhhVnM8jzDF8zkrAd6Ez+zRVa9im/m1puck3uNb8Ou6VD0FnRWowl6iz0ijRhXsF
A6qgr4jiGqqp3OSvxActu32KbW2ogxrDQThztcJgY1DuhDF/Y6YBHRI9I92udQ6r
+A5OKoIKe3cskntkF5lrSawqVtyD+lxuT00gwwJrolj1ixdHt8ufyezvJxDYZJac
UIu4y95w4H28YoxCY5bmoMIB5ncl4kskKs7qFpNbVHs4d8GsW1NcT2fxNzslGtsV
D7muRf9n/gX3Ui5wNwwjP0gVMD6RrsY4wRdt4Jzk87VVdJIEiXM=
=LLLN
-----END PGP SIGNATURE-----

Elias Mårtenson

unread,
Feb 3, 2018, 8:16:15 AM2/3/18
to qubes-devel
On Saturday, 3 February 2018 12:06:20 UTC+8, Andrew David Wong wrote:

> As far as I know, Qubes Windows Tools continues to remain on
> indefinite hold. We welcome anyone from the community with the
> requisite skills to take over development (or just pitch in here and
> there).

I wanted to be that person, and I did take an initial look. However, being an experienced Unix developer was not much help in figuring out the issues with the Windows tools.

Is there some source of information that helps explain what the problem could be, and where to start looking for it?

Regards,
Elias

Andrew David Wong

unread,
Feb 3, 2018, 1:21:31 PM2/3/18
to Elias Mårtenson, qubes-devel, om...@invisiblethingslab.com, Marek Marczykowski-Górecki
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here's all the relevant documentation I'm aware of:

https://www.qubes-os.org/doc/windows-tools-3/
https://www.qubes-os.org/doc/windows-debugging/

Omeg and Marek (CCed) may be able to provide better direction.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlp1/ZkACgkQ203TvDlQ
MDDnow/9HqNYHCfzwXfRh54thay67YuY6Hf6pMUmomY5i5/ctrHEqsnxrFOA8v5s
h6celuDds/IYhs9/E6j9aDi6Xrfa4hTn/YpmcZc8Cijw1hUrmrTHsOeMNqfG2mcW
3TmUhrJ55Ds7GN47MK1haYf630EfzoolCowGs5FHN+YWWnHkdxQlH7szpqb33KiY
VGBKJcPM7FI7av6g8Y8Qn7GehIei9CoHDm7N3YLq98pFcfKrQLASrpU4O5S+eLkB
MXIMG6FYRqnxwiGPuJ02uLdtM9X421tWX2ViPt+3S+aKfd05mubkh2oPYZBRhB+W
ZiQPlK9l2VEL8TtW7YrYrJYZmcJt5Gy/QoZa10IBICwu37NcphixQ2PiO8U0bPz6
0GxuGbQT6hUZnZuquG9kwXHDK4oD2AltFoFj6/W8aslS5B0RjgcQQBcgHWoHVsv4
fgoRVasgFCMgm7lCgrChBszqS223sbbshCMCu6tyUJCfxcfRpak77uVGvQyJ3xQv
1auT7deeSkxyEEdDHNiEl8pD7MhC+0rc2H+2nOgaq3ZGL3OlOx13omaaC9Vhi2hx
7Dr62HPxz64X8nLbuaacAGDLAam4AWK0WtmDFSll7cDz6Sm78HCoNwIHgXh9x3Sj
9aF2XCB7Yr00sDj+wEreb5YB8meNl3R4aBlVNBpZ2ar64OKst30=
=uBDG
-----END PGP SIGNATURE-----


Yuraeitha

unread,
Feb 3, 2018, 1:58:14 PM2/3/18
to qubes-devel

Thanks Andrew, this was exactly what I was looking for, much appreciated.

I'm gonna settle in for a plan B as listed below, although it looks really interesting if Elias will be looking into it. Maybe Marek or someone else with insight into the code can help a little bit to get started?

But for the time being, I might try install Qubes 3.2. as a plan B to create some temporary unlicensed clean Win7 Qubes backup's, and see if I can transfer them to various of other Qubes 4 systems. This is mostly needed for my friends though, and I still need to figure out if this is allowed within the use-cases of the Windows 7 license or not, they will use their own licenses.

This method is a bit cumberstone if the code inside the Win7 installed on Qubes 3.2. is buggy and creates unreliable issues, like unreliable transfer of data integrity. Hopefully nothing bad will happen.

Also need different types of Windows 7 copies for different types of licenses, which is a bit problematic, but not impossible.

For now this temporary plan B, this might be a work around to get a new clean Win7 on multiple of different Qubes 4 systems, although a bit cumberstone, and uncertain possibility of data integrity risk.

Yuraeitha

unread,
Feb 3, 2018, 2:09:41 PM2/3/18
to qubes-devel
@Elias
It would be amazing if you can get the needed information and have a second look at it.
I'm only speculating here, but could it be possible that the code is more or less the way it's supposed to be, but has just not been tested, verified, and then distributed on Qubes 4?

If the precedent for release requirements is the expectation of quality before release, then perhaps the hindrance is just testing and verifying if it works?

Also it seems like some functions "might (maybe)" work as intended, for example I can copy files between VM's and Win7, on a Win7 that was installed on Qubes 3.2., but backup restored on Qubes 4. Others seem like they can do this too. Also it seems it's a common problem not to be internet in the restored Q3.2-Win7, perhaps the code is different in regards to how it ties networking with Qubes 4? I have no idea about the rest of the mechanics from a users perspective though, and most certainly not as a developer as I unfortunately don't have such skills, I wish I could help more.

Elias Mårtenson

unread,
Feb 4, 2018, 7:57:26 AM2/4/18
to qubes-devel
On Sunday, 4 February 2018 03:09:41 UTC+8, Yuraeitha wrote:

> Also it seems like some functions "might (maybe)" work as intended, for example
> I can copy files between VM's and Win7, on a Win7 that was installed on Qubes
> 3.2., but backup restored on Qubes 4. Others seem like they can do this too.
> Also it seems it's a common problem not to be internet in the restored Q3.2-
> Win7, perhaps the code is different in regards to how it ties networking with
> Qubes 4? I have no idea about the rest of the mechanics from a users
> perspective though, and most certainly not as a developer as I unfortunately
> don't have such skills, I wish I could help more.

I have tried this, and in my case, the win7 VM crashed hard (with the VM
immediately disappearing with not error message to be seen) after a few seconds
of use.

While it was running, things worked fine (i.e. fast graphics updates etc) which
leads me to believe that the graphics drivers are fine. It does seem to die as
soon as I open the Explorer window, which somewhat narrows down the set of
potential causes.

Ivan Mitev

unread,
Feb 4, 2018, 12:00:15 PM2/4/18
to qubes...@googlegroups.com

> Also it seems like some functions "might (maybe)" work as intended, for example I can copy files between VM's and Win7, on a Win7 that was installed on Qubes 3.2., but backup restored on Qubes 4. Others seem like they can do this too. Also it seems it's a common problem not to be internet in the restored Q3.2-Win7, perhaps the code is different in regards to how it ties networking with Qubes 4? I have no idea about the rest of the mechanics from a users perspective though, and most certainly not as a developer as I unfortunately don't have such skills, I wish I could help more.

I just spent a bit of time restoring my windows VM from 3.2, here are a
few notes that might be helpful to work around some bugs that you're
probably hitting too (I haven't filed any issues yet):

- PVH/HVM: in the VM's settings gui, PVH is always displayed whatever
the real pref value. -> use qvm-prefs vmname virt_mode to make sure
you're really in HVM mode.

- Networking: the PV network adapter was stuck at "Identifying" ;
pinging an *ip* works but ping a host fails. tcpdump on sys-firewall
shows that the requests were sent to the gateway's ip and were rejected.
The reason seems to be that in R4.0 VMs are now using the exposed
"/qubes-{primary,secondary}-dns" values, while in R3.2 the DNS server
was the same as "/qubes-gateway" (see [1]). In my setup,
"/qubes-{primary,secondary}-dns" are 10.139.1.{1,2} and /qubes-gateway
is 10.137.0.6. DNS requests are rejected because they're sent to
10.137.0.6 instead of 10.139.1.{1,2}

workaround 1-> manually set the DNS servers to
/qubes-{primary,secondary}-dns ips. Ping and Internet Explorer worked,
but the PV adapter was still suck at "identifying" and my Amazon Kindle
for PC app complained about finding no network (it seems there's a
windows "connectivity" API/flag that some apps use). However you will
have to do this each time after boot since Qubes tools will reset the
network settings.

workaround 2-> in Program Files/Invisible.../Qubes.../bin/..., rename
network-setup.exe to network-setup.exe.bkp to prevent Qubes tools from
messing with your network settings, and manually set the VM's IP and DNS
servers in the PV adapter network setting. Everything should then work
OK, the only problem being that you'll have to make sure you keep your
network settings synced (esp. the IP when you clone the VM).

- Copying to/from the Win VM: works perfectly - you just have to type
twice the destination VM (once in Windows, once in Qubes/dom0), since
Qubes Tools aren't updated to reflect R4.0 new "way".


note: before finding what was causing the connectivity problem I tried
to update xen's windows PV drivers [2] but it broke the VM (ie. it
wasn't starting anymore) so I had to restore it again. Anyway IIRC R3.2
Qubes Tool's drivers were at the same version as Xen's (8.2), so no need
to fiddle with this.

I was thinking about posting those steps on qubes-users@ but I don't
feel I had done enough testing on my VM yet. I see you're quite active
on qubes-users so feel free to redact/post some of my remarks if you
think they'll help.

[ an unofficial wiki would be a helpful bridge between the MLs and
Qubes' official documentation: it's difficult to skim through all the
related ML posts and IMO Qubes' official documentation shouldn't include
crappy workaround hacks like the ones I've described above ].


[1] https://www.qubes-os.org/doc/vm-interface/
[2] https://www.xenproject.org/developers/teams/windows-pv-drivers.html

Yuraeitha

unread,
Feb 4, 2018, 12:23:18 PM2/4/18
to qubes-devel
@Elias
I think I encountered this issue too, without error logs it's hard to be sure though, but by the description it sounds a lot like it.

Another user in another Qubes 4 Win7 thread somewhere in Qubes-users mail-list, suggested to reduce the page-file for Windows SWAP inside the Windows VM. It worked for him, and when I tried it out, it worked for me too. It's possible this is what you encounter, try reduce the Windows page-file and see if it works?

Also if not reducing the page-file, more giving the VM more RAM works too, but it's a lot of wasting resources, especially on low RAM hardware. For example I have to give Win7 4GB RAM when I did not change the page-file in Windows. When it has 3GB or 3.5GB, then it crashes like your description.

Once the page file has been reduced, counter-intuitively the RAM can now be 2.5GB without any crash so far. It seems a bit odd since the page-file SWAP should only be related to the drive space, but the relation between host VM allocated RAM, and guest drive SWAP page-file, somehow, indeed seems to be related to each others... I lack the understanding ,but it seems very counter-intuitive to me, yet it still worked.
Hopefully this can fix your crash issues.

Yuraeitha

unread,
Feb 4, 2018, 12:26:52 PM2/4/18
to qubes-devel

@Evan
Thanks Evan! This really looks promising, I will go and try it out tomorrow if I can scrap some free-time to try it out. I'll post here the moment I've tried it, hopefully I can get the internet working.

It's also very ensuring to hear that it's safe to copy files between Win7 and other VM's. I was a bit stressed out over this one due to worry of bit-rot.

I'll get back to you when I've tried this out, thanks!

awokd

unread,
Feb 4, 2018, 2:44:31 PM2/4/18
to Yuraeitha, qubes-devel
On Sun, February 4, 2018 5:23 pm, Yuraeitha wrote:

> Another user in another Qubes 4 Win7 thread somewhere in Qubes-users
> mail-list, suggested to reduce the page-file for Windows SWAP inside the
> Windows VM. It worked for him, and when I tried it out, it worked for me
> too. It's possible this is what you encounter, try reduce the Windows
> page-file and see if it works?

That was yours truly. I think it's more the act of setting the swap file
to a fixed size (of 1GB) that helped stabilize mine, but maybe you're
right and it's actually the size reduction.

Ivan Mitev

unread,
Feb 5, 2018, 1:50:30 AM2/5/18
to qubes...@googlegroups.com
Ivan :)

> Thanks Evan! This really looks promising, I will go and try it out tomorrow if I can scrap some free-time to try it out. I'll post here the moment I've tried it, hopefully I can get the internet working.

BTW I assumed there was a single "Qubes Tools" service responsible for
setting the network, launching qubesdb daemon, ..., but I noticed a bit
after my post that each task was handled by a different service. So you
can simply disable the "Qubes Network Setup" service instead of renaming
the .exe

Also,

https://github.com/QubesOS/qubes-core-agent-windows/blob/master/src/network-setup/qubes-network-setup.c

indeed shows that qubesGateway (/qubes-gateway) is used for DNS (line
287). The code is easy to understand and adding the new DNS variables, +
setting the servers accordingly (if the variables aren't empty) should
be straightforward. I don't have a Windows build environment to test any
changes though.

>
> It's also very ensuring to hear that it's safe to copy files between Win7 and other VM's. I was a bit stressed out over this one due to worry of bit-rot.

Well, it is working but I can't say how safe it is. But I imagine that
R4.0 would disable such copy operations if they were deemed unsafe.

>
> I'll get back to you when I've tried this out, thanks!
>

OK :)

Yuraeitha

unread,
Feb 7, 2018, 5:18:59 PM2/7/18
to qubes-devel
@Ivan
Sorry for the delay, I had planned to test and report back here sooner.

I followed your guide and I managed to restore networking/internet to Windows 7 in Qubes 4 by doing what you recommended. Thanks for sharing this! :-)


- I'll try some more user-testing and report back here, including how I tested it, but I might not get it done until after a few days after the 15th February, as I have an upcoming long-time upcoming large exam on that date which is feeling to me like ripping teeth out + regular work at same time, so I will be a bit disconnected to say the least. The kind of Win7 user-testing I was thinking about is straight forward but a bit time consuming though, restoring a couple of Windows 7 backup VM's, and try the different approaches and see if it goes the same way. I'm in particular unsure about the windows job services disabling feature, but on the other hand the re-name of the service .exe file seems like it'll stick.


- I think it's great if you post your guide for others to see :) You can always leave a disclaimer, such as no code has not been audited in this particular case, however that it worked for a few of users who tried it (it worked for me on my first try, more to come though). If people have all available information, including the disclaimer, then they can make calls for themselves, so that responsibility is not put on you if something should go wrong.


- Regarding the copy to and from Win7, I think you're right, it's probably safe, at least mostly. I have to shake off that paranoia feeling I have about bit-rot though, it keeps dragging back my doubt. It's probably after years of taking measures against possible but remote risk of bit-rot disasters, that this thought keeps nagging at me like a haunting ghost from the shadows. I don't trust many file-transfer mechanisms to begin with, so I think it may affect my judgment here, I tend to question even the best file-transfer programs and mechanisms. Which is a bit problematic if I can't read much code, and few people dare to stick their neck out and say file-systems or file-transfer mechanisms are safe, which is also understandable. It's fair enough not wanting to give reassurances on these issues, it's a hard place to make anything that is really reliable given the best technology currently available, and some people can get really aggressive if something goes wrong, unfortunately. But for that reason too makes it really hard to find an objective truth on these kind of systems. It does leave one with food for thought, or dare I say food for worries. Maybe the best to do here is to run a hash check on before/after transfer on the Win7 files deemed too important, but outside important files not to worry too much? A bit of both?

Yuraeitha

unread,
Feb 7, 2018, 5:38:01 PM2/7/18
to qubes-devel
@awokd

ohh, I apologize for forgetting your name at that time, back then most people were still strangers to me, and it takes a while for me to remember names. But I know I won't forget your name again now as I already remember it since a few topic discussions between back then and now ^.^

About the page-file size, I'm not sure either. I tried to restore a new Windows 7 backup again, and I tried giving the page-file 1.1GB as well as 2GB, to see if it would become unstable. It seems it was unstable on the first restart for the lower one (the one I started with), but after the second restart it became stable. This may also be due to the change of AppVM RAM which was 4GB before changing, and was given 2GB after changing the page-file. Which further complicates it. But after these two restarts, it was pretty smooth again, like the other Win7 I have tried it on before that. However, it once again became unstable during Windows updates + using the Search-files feature in Windows 7 start menu.

Perhaps this instability is related to the drive's file-system (NTFS) of different and various sorts? It seems the page-file can remove the most frequent crashes by far, but a few others can cause it too, like searching the file-system while the system is busy with something else perhaps?

I have a weak CPU on this laptop though, it's an Intel Core M-5Y10c @ 800Mhz. 8GB RAM. So I haven't used a strong system to test Win7 on. Although Windows 7 aside, everything in Qubes which is within normal-use runs more or less smoothly, and Windows 7 can run almost smoothly on this poor laptop. Although I'm not yet sure if running it on a stronger machine may make Win7 more smooth, or cause less crashes.

Have you ever experienced crashes while running search files on disk from the Windows menu? If so, maybe we can turn off the search function to avoid any issues?

awokd

unread,
Feb 7, 2018, 6:10:18 PM2/7/18
to qubes-devel
On Wed, February 7, 2018 10:38 pm, Yuraeitha wrote:


>
> Have you ever experienced crashes while running search files on disk from
> the Windows menu? If so, maybe we can turn off the search function to
> avoid any issues?

Disk activity seems to trigger it for me too. I still get the occasional
crash when anti-virus scan runs for example, but it's been rare enough I
haven't looked into it any further. I already have search disabled so yes,
try it out too!


Marek Marczykowski-Górecki

unread,
Feb 7, 2018, 8:13:42 PM2/7/18
to Yuraeitha, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, Feb 07, 2018 at 02:18:59PM -0800, Yuraeitha wrote:
> @Ivan
>
> On Monday, February 5, 2018 at 7:50:30 AM UTC+1, Ivan Mitev wrote:
> > On 02/04/18 19:26, Yuraeitha wrote:
> > > On Sunday, February 4, 2018 at 6:00:15 PM UTC+1, Ivan Mitev wrote:
> > >>> Also it seems like some functions "might (maybe)" work as intended, for example I can copy files between VM's and Win7, on a Win7 that was installed on Qubes 3.2., but backup restored on Qubes 4. Others seem like they can do this too. Also it seems it's a common problem not to be internet in the restored Q3.2-Win7, perhaps the code is different in regards to how it ties networking with Qubes 4? I have no idea about the rest of the mechanics from a users perspective though, and most certainly not as a developer as I unfortunately don't have such skills, I wish I could help more.
> > >>
> > >> I just spent a bit of time restoring my windows VM from 3.2, here are a
> > >> few notes that might be helpful to work around some bugs that you're
> > >> probably hitting too (I haven't filed any issues yet):
> > >>
> > >> - PVH/HVM: in the VM's settings gui, PVH is always displayed whatever
> > >> the real pref value. -> use qvm-prefs vmname virt_mode to make sure
> > >> you're really in HVM mode.
> > >>
> > >> - Networking: the PV network adapter was stuck at "Identifying" ;
> > >> pinging an *ip* works but ping a host fails. tcpdump on sys-firewall
> > >> shows that the requests were sent to the gateway's ip and were rejected.
> > >> The reason seems to be that in R4.0 VMs are now using the exposed
> > >> "/qubes-{primary,secondary}-dns" values, while in R3.2 the DNS server
> > >> was the same as "/qubes-gateway" (see [1]). In my setup,
> > >> "/qubes-{primary,secondary}-dns" are 10.139.1.{1,2} and /qubes-gateway
> > >> is 10.137.0.6. DNS requests are rejected because they're sent to
> > >> 10.137.0.6 instead of 10.139.1.{1,2}

Yes, exactly. Actually /qubes-primary-dns entry is present on R3.2 too,
but is the same as /qubes-gateway.

> > >> workaround 1-> manually set the DNS servers to
> > >> /qubes-{primary,secondary}-dns ips. Ping and Internet Explorer worked,
> > >> but the PV adapter was still suck at "identifying" and my Amazon Kindle
> > >> for PC app complained about finding no network (it seems there's a
> > >> windows "connectivity" API/flag that some apps use). However you will
> > >> have to do this each time after boot since Qubes tools will reset the
> > >> network settings.
> > >>
> > >> workaround 2-> in Program Files/Invisible.../Qubes.../bin/..., rename
> > >> network-setup.exe to network-setup.exe.bkp to prevent Qubes tools from
> > >> messing with your network settings, and manually set the VM's IP and DNS
> > >> servers in the PV adapter network setting. Everything should then work
> > >> OK, the only problem being that you'll have to make sure you keep your
> > >> network settings synced (esp. the IP when you clone the VM).
> > >>
> > >> - Copying to/from the Win VM: works perfectly - you just have to type
> > >> twice the destination VM (once in Windows, once in Qubes/dom0), since
> > >> Qubes Tools aren't updated to reflect R4.0 new "way".

I guess this should be easy to fix, just need to skip the first prompt
and provide "$default" as destination name in qrexec call.
Looks this file is relevant:
https://github.com/QubesOS/qubes-core-agent-windows/blob/master/core-agent-windows.wxs

Compare "Copy to other VM" and "Edit in DispVM" entries.

> > >> note: before finding what was causing the connectivity problem I tried
> > >> to update xen's windows PV drivers [2] but it broke the VM (ie. it
> > >> wasn't starting anymore) so I had to restore it again. Anyway IIRC R3.2
> > >> Qubes Tool's drivers were at the same version as Xen's (8.2), so no need
> > >> to fiddle with this.

There is also difference in emulated hardware - in R3.2 we use MiniOS
based stubdomain, with "qemu-traditional" (veeeery old, mostly
unmaintained qemu fork), while in R4.0 we use Linux based stubdomain,
with recent version of upstream qemu (2.10.1 at the moment).
This may cause problems when migrating HVMs between R3.2 and R4.0. There
is a way to switch some VMs on R4.0 to the old qemu, and it is
automatically done when restoring HVMs from R3.2 backup:

qvm-features VMNAME linux-stubdom ''

('' means to _disable_ linux stubdomain...)

When testing new installations, I recommend using new qemu (default
settings when you create VM). You can copy windows tools installation
iso from R3.2, it's in /usr/lib/qubes/qubes-windows-tools.iso.

(...)

> > BTW I assumed there was a single "Qubes Tools" service responsible for
> > setting the network, launching qubesdb daemon, ..., but I noticed a bit
> > after my post that each task was handled by a different service. So you
> > can simply disable the "Qubes Network Setup" service instead of renaming
> > the .exe
> >
> > Also,
> >
> > https://github.com/QubesOS/qubes-core-agent-windows/blob/master/src/network-setup/qubes-network-setup.c
> >
> > indeed shows that qubesGateway (/qubes-gateway) is used for DNS (line
> > 287). The code is easy to understand and adding the new DNS variables, +
> > setting the servers accordingly (if the variables aren't empty) should
> > be straightforward. I don't have a Windows build environment to test any
> > changes though.

For anyone interested, here is instruction how to setup build
environment:
https://github.com/QubesOS/qubes-builder-windows/

I know Rafał "Omeg" used Visual Studio for development, but I have no
idea if anything special was needed there. I see vs2012, vs2013, vs2015
etc directories in relevant repositories.

> > > It's also very ensuring to hear that it's safe to copy files between Win7 and other VM's. I was a bit stressed out over this one due to worry of bit-rot.
> >
> > Well, it is working but I can't say how safe it is. But I imagine that
> > R4.0 would disable such copy operations if they were deemed unsafe.

File copy service itself is safe. But if you copy malicious file, it
will still be malicious.

(...)

A general note about Qubes Windows Tools. This project currently have no
maintainer, which is the main reason why it isn't uploaded to R4.0
repositories. But if anyone want to step in and take care of this
project, even in very basic scope, it would be enough to upload it for
R4.0. The most basic level needed for that, is testing it on R4.0 and
fixing the most basic functionality. I think all problems are already
named in this thread:
- DNS setup
- target VM name prompt on file copy

Both looks like 1-line change, but the most time consuming work here is
testing if that's really enough.

That's all what is needed for including it in R4.0.

Something that would be nice to have, is trying to build it for newer
Windows versions. I'm by no means Windows developer, but here is what
I'd try, in order:

1. Use newer Windows Driver SDK (WDK?) and try building the current code.

2. Update Xen drivers[1] to newer upstream version (connected there as
git submodules). Note that some parts of it[2] will need rebasing
Qubes-specific patches. And try again.

3. If both fails, I guess that's the point where some actual development
is needed, possibly including some Windows API knowledge.

Note that GUI agent will surely not work on newer Windows version,
because Windows Vista is the last version supporting the API we used for
graphics driver (AFAIR that API is called XDDM, and the new one is
WDDM). Rafał has spent about half an year trying to develop a new
driver using WDDM, but apparently there are no longer shortcuts for
simple drivers without real hardware, you need to emulate a lot of stuff
that real GPU is doing...

But even getting the thing working without GUI agent would be something
- - you'll get basic services (file copy etc), network setup and probably
some more.

[1] https://github.com/QubesOS/qubes-vmm-xen-windows-pvdrivers
[2] https://github.com/QubesOS/qubes-vmm-xen-win-pvdrivers-xeniface

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlp7pDYACgkQ24/THMrX
1ywXawgAh+mYZFQbE+k9HtqB/KPDZQC1dOBWOc0pq0HyRKOUFJnT7D4u4mKq5+f8
TmCbiIAagkyqq2ddZCkdM0zcN7RV+E58Nt0qbLE67pWogJpil/Q/Su1hnt5VBN5y
5tP3AtB7Q554IHXacIWG6RUgrkWIjQPKo3bA65EE1eo2xoeVbHgQS0v1UNt3wxLE
tdzHiKsq3saV+/4ApdIoStzSXGgdHrqsP6VSZplfQm9K8sQtSdsRU+g3IwqT7N1K
gfzXVi6pndRsg7R7tINYbj1iV1B4elz2l2FjnaMl5W7wauxQdvQg0CqwE/rs5DhI
oMv4cbLn/1dim+V4Sf2Tsvqbk2FH+g==
=aIqj
-----END PGP SIGNATURE-----

Yuraeitha

unread,
Feb 7, 2018, 10:25:11 PM2/7/18
to qubes-devel
This is really nice, thanks a lot Marek!


Are there anyone here up for looking into the needed code changes for a basic release like Marek described? As for testing, I'll be happy to help out if anyone is going to update the code, if it is possible to help testing it without having knowledge of coding. Feel free to ask me if needed. Maybe others are interested in help testing too.

Yuraeitha

unread,
Feb 7, 2018, 10:43:06 PM2/7/18
to qubes-devel
@awokd

Will do, hopefully it'll make a difference. It's frustrating that anti-virus does it too though. Maybe we can disable it on the AppVM, but only keep it enabled on the template of Windows? I never got around to get Windows template to work though, but I imagine it might be a way to bypass the anti-virus issue on daily use-cases.

I'm pondering about the Superfetch service too, I recall from earlier days that Windows Superfetch could give issues, but as far as I remember it was never truly verified, at least not as an official note. Situations seem to be when having too little RAM on a hardware Windows install, perhaps it causes issues too with too little RAM on a VM install? I'll try disable mine, but I'm not sure if it will change anything related to the stability, other than its intended function of a bit faster application-start of course.

Another issue I found, which I'm not yet sure is a problem or not, seems to be when closing Windows via the Qubes 4 widget, that it happens a lot, lot faster, compared to if you close Windows with the Windows own shutdown button, which is slow, but will eventually shutdown entirely in Qubes as well. I haven't verified it yet, but it does look like the Qubes 4 doesn't give room for updates to tick. Perhaps the intention here is that Qubes 4 widget is meant for AppVM versions of Windows, while the template should be shutdown with Windows's own shutdown command? It's fortunate that seamless mode doesn't have to be enabled on the Windows template to make use of the AppVM seamless mode.

Ivan Mitev

unread,
Feb 8, 2018, 1:17:31 AM2/8/18
to qubes...@googlegroups.com
Hi Marek,
good to know !

>
> (...)
>
>>> BTW I assumed there was a single "Qubes Tools" service responsible for
>>> setting the network, launching qubesdb daemon, ..., but I noticed a bit
>>> after my post that each task was handled by a different service. So you
>>> can simply disable the "Qubes Network Setup" service instead of renaming
>>> the .exe
>>>
>>> Also,
>>>
>>> https://github.com/QubesOS/qubes-core-agent-windows/blob/master/src/network-setup/qubes-network-setup.c
>>>
>>> indeed shows that qubesGateway (/qubes-gateway) is used for DNS (line
>>> 287). The code is easy to understand and adding the new DNS variables, +
>>> setting the servers accordingly (if the variables aren't empty) should
>>> be straightforward. I don't have a Windows build environment to test any
>>> changes though.
>
> For anyone interested, here is instruction how to setup build
> environment:
> https://github.com/QubesOS/qubes-builder-windows/
>
> I know Rafał "Omeg" used Visual Studio for development, but I have no
> idea if anything special was needed there. I see vs2012, vs2013, vs2015
> etc directories in relevant repositories.
>
>>>> It's also very ensuring to hear that it's safe to copy files between Win7 and other VM's. I was a bit stressed out over this one due to worry of bit-rot.
>>>
>>> Well, it is working but I can't say how safe it is. But I imagine that
>>> R4.0 would disable such copy operations if they were deemed unsafe.
>
> File copy service itself is safe. But if you copy malicious file, it
> will still be malicious.

sure !
Thanks - there's a lot of helpful information in your post. What about
linking it or copy/pasting the relevant parts to Qubes' official
documentation (maybe as a work in progress) ?

Fixing DNS/network and removing the first arg in copy/move/...
operations seem quite trivial. However I have *0* experience with
building stuff on windows and I'll have to get a hand on an official
Visual Studio (don't want to dl random stuff from internet). I'll see
what I can do as soon as I have a bit more free time (or if anyone has a
dev environment on windows I'll be happy to help coding/testing).

Once (if) enough test is done, is it reasonable to expect one of the
devs or well-known contributors to provide an official build ? The more
paranoid users will undoubtedly think twice before downloading a
"third-party" .exe...

Best,
Ivan


Ivan Mitev

unread,
Feb 8, 2018, 1:42:51 AM2/8/18
to qubes...@googlegroups.com
you're welcome

>
>
> - I'll try some more user-testing and report back here, including how I tested it, but I might not get it done until after a few days after the 15th February, as I have an upcoming long-time upcoming large exam on that date which is feeling to me like ripping teeth out + regular work at same time, so I will be a bit disconnected to say the least. The kind of Win7 user-testing I was thinking about is straight forward but a bit time consuming though, restoring a couple of Windows 7 backup VM's, and try the different approaches and see if it goes the same way. I'm in particular unsure about the windows job services disabling feature, but on the other hand the re-name of the service .exe file seems like it'll stick.
>
>
> - I think it's great if you post your guide for others to see :) You can always leave a disclaimer, such as no code has not been audited in this particular case, however that it worked for a few of users who tried it (it worked for me on my first try, more to come though). If people have all available information, including the disclaimer, then they can make calls for themselves, so that responsibility is not put on you if something should go wrong.

Well, strictly speaking there's no "guide" yet :) - only bits and parts
in notes, ML posts or from the official qubes documentation. Marek's
last post also provided a lot of informative stuff.

Ideally there should be a wiki page with those tests and pieces of info,
with more relaxed "commit" rights than the official Qubes docs so that
users can freely change/fix the instructions until things settle down -
at which point they could maybe be included in the official documentation.

I see there's a handful of free wiki sites on the web, I'll try to setup
a page on one of those. But as usual, not ETA - I have very little free
time ; if you'd like you can go ahead and publish what you already
have/found out and I'll definitely help with the content and tests.


>
>
> - Regarding the copy to and from Win7, I think you're right, it's probably safe, at least mostly. I have to shake off that paranoia feeling I have about bit-rot though, it keeps dragging back my doubt. It's probably after years of taking measures against possible but remote risk of bit-rot disasters, that this thought keeps nagging at me like a haunting ghost from the shadows. I don't trust many file-transfer mechanisms to begin with, so I think it may affect my judgment here, I tend to question even the best file-transfer programs and mechanisms. Which is a bit problematic if I can't read much code, and few people dare to stick their neck out and say file-systems or file-transfer mechanisms are safe, which is also understandable. It's fair enough not wanting to give reassurances on these issues, it's a hard place to make anything that is really reliable given the best technology currently available, and some people can get really aggressive if something goes wrong, unfortunately. But for that reason too makes it really hard to find an objective truth on these kind of systems. It does leave one with food for thought, or dare I say food for worries. Maybe the best to do here is to run a hash check on before/after transfer on the Win7 files deemed too important, but outside important files not to worry too much? A bit of both?

IIUC the protocol hasn't changed so the copy/move action is safe (which
of course doesn't provide any guarantee that the data you're copying is
safe - ie. you could copy a virus/malware).

Cheers,
Ivan

Ivan Mitev

unread,
Feb 8, 2018, 7:22:06 AM2/8/18
to qubes...@googlegroups.com


>> - I think it's great if you post your guide for others to see :) You
>> can always leave a disclaimer, such as no code has not been audited in
>> this particular case, however that it worked for a few of users who
>> tried it (it worked for me on my first try, more to come though). If
>> people have all available information, including the disclaimer, then
>> they can make calls for themselves, so that responsibility is not put
>> on you if something should go wrong.
>
> Well, strictly speaking there's no "guide" yet :) - only bits and parts
> in notes, ML posts or from the official qubes documentation. Marek's
> last post also provided a lot of informative stuff.
>
> Ideally there should be a wiki page with those tests and pieces of info,
> with more relaxed "commit" rights than the official Qubes docs so that
> users can freely change/fix the instructions until things settle down -
> at which point they could maybe be included in the official documentation.
>
> I see there's a handful of free wiki sites on the web, I'll try to setup
> a page on one of those. But as usual, not ETA - I have very little free
> time ; if you'd like you can go ahead and publish what you already
> have/found out and I'll definitely help with the content and tests.

so, I found some time and created this:

https://github.com/taradiddles/qubes-notes/wiki/Windows-VM

It's a bit of a hodgepodge from various ML posts and my own notes. The
edit policy is open to everyone, so anyone - feel free to add your own
stuff.

(I hope it's not a problem to create such an unofficial wiki; If it is
I'll delete it and I'll try to make the doc a bit more pretty and send a
PR for inclusion in the official doc; alternatively, such a wiki could
be created in the qubes-doc repository).

Ivan

Yuraeitha

unread,
Feb 8, 2018, 10:31:02 AM2/8/18
to qubes-devel
@Ivan

It's looking really good, it looks like you got every currently confirmed Windows issues on there in a well-written and easy to read page. This will definitely be helpful to point to for those switching from Q3.2. to Q4.0. and are asking about Windows support.

I like your idea about an official Wiki page too for Qubes, in the fashion you described it. I imagine an easy to find link to such a Qubes wiki on the www.qubes-os.org website might be really good, so that more people may discover it and use it. And considering it's available on github, which seems like a big plus as well. It'd be interesting to know what the Qubes developers/staff feel about your wiki suggestion. Also the current doc section on the official website is becoming a bit over-cluttered as its growing over time. A wiki indeed seems like it might make good sense at this point, especially if more doc's are to appear on-wards.

Ivan Mitev

unread,
Feb 8, 2018, 11:50:23 AM2/8/18
to qubes...@googlegroups.com
FYI I've just added a "Fresh install on R4" section. It's still a work
in progress though: I get a cryptic msg in guest-win7-dm.log file a bit
after the first part of the setup reboots the VM.

qemu: /home/user/qubes-src/vmm-xen-stubdom-linux/build/qemu/exec.c:1187:
cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <=
snap->end' failed.

Seems to be qubes related... I'll try to continue this over the week-end
and I'll open an issue if Marek doesn't have a quick workaround until
then :)

> I like your idea about an official Wiki page too for Qubes, in the fashion you described it. I imagine an easy to find link to such a Qubes wiki on the www.qubes-os.org website might be really good, so that more people may discover it and use it. And considering it's available on github, which seems like a big plus as well. It'd be interesting to know what the Qubes developers/staff feel about your wiki suggestion. Also the current doc section on the official website is becoming a bit over-cluttered as its growing over time. A wiki indeed seems like it might make good sense at this point, especially if more doc's are to appear on-wards.

IMHO a public wiki - official or not - should not replace the current
documentation: someone may add unsecure instructions (willingly or not)
and there will always be users who blindingly copy/paste instructions.

My idea behind a public wiki was to have a "staging" area that would
lower the bar for writing official documentation (eg. understanding pull
requests isn't needed), as well as easing "community" testing/debugging
(like providing workarounds or step-by-step instructions like now with
Windows HVMs). If after some time the instructions are deemed good
enough, then they could be pulled into the official docs and removed
from the wiki.

brenda...@gmail.com

unread,
Feb 8, 2018, 1:17:11 PM2/8/18
to qubes-devel
On Thursday, February 8, 2018 at 11:50:23 AM UTC-5, Ivan Mitev wrote:
> FYI I've just added a "Fresh install on R4" section. It's still a work
> in progress though: I get a cryptic msg in guest-win7-dm.log file a bit
> after the first part of the setup reboots the VM.
>
> qemu: /home/user/qubes-src/vmm-xen-stubdom-linux/build/qemu/exec.c:1187:
> cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <=
> snap->end' failed.

For your win7 HVMs did you, in this order:
- On the last tab, Services, add "meminfo-writer" and then uncheck the checkmark?
- On the second tab, Advanced, uncheck the "Include in memory balancing" checkbox after you set the min/max RAM to 4096MB?

Brendan

Ivan Mitev

unread,
Feb 8, 2018, 2:19:19 PM2/8/18
to qubes...@googlegroups.com


On 02/08/18 20:00, brenda...@gmail.com wrote:
> On Thursday, February 8, 2018 at 11:50:23 AM UTC-5, Ivan Mitev wrote:
>> FYI I've just added a "Fresh install on R4" section. It's still a work
>> in progress though: I get a cryptic msg in guest-win7-dm.log file a bit
>> after the first part of the setup reboots the VM.
>>
>> qemu: /home/user/qubes-src/vmm-xen-stubdom-linux/build/qemu/exec.c:1187:
>> cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <=
>> snap->end' failed.
>
> For your win7 HVMs did you, in this order:
> - On the last tab, Services, add "meminfo-writer" and then uncheck the checkmark?

meminfo-writer isn't enabled on this VM (the list of services is empty).

> - On the second tab, Advanced, uncheck the "Include in memory balancing" checkbox after you set the min/max RAM to 4096MB?

Unchecking the checkbox greyed out the maxmem field (which should amount
to set maxmem = memory, right ?) but unfortunately I still get the same
error.

Thanks for the ideas though !

brenda...@gmail.com

unread,
Feb 8, 2018, 3:11:31 PM2/8/18
to qubes-devel
On Thursday, February 8, 2018 at 2:19:19 PM UTC-5, Ivan Mitev wrote:
> On 02/08/18 20:00, Brendan Hoar wrote:
> > For your win7 HVMs did you, in this order:
> > - On the last tab, Services, add "meminfo-writer" and then uncheck the checkmark?
>
> meminfo-writer isn't enabled on this VM (the list of services is empty).

My reading indicates that services *not displayed* get a default setting, which, for meminfo-writer, is enabled *I think*. Please advise me if I am wrong!

With this assumption, you must add it to the list of displayed services and then uncheck to actually disable it for a VM.

[If this is true, it might be worth someone updating the python UI code to do this automatically.]

Brendan

Ivan Mitev

unread,
Feb 8, 2018, 11:32:22 PM2/8/18
to qubes...@googlegroups.com
I rebooted my laptop yesterday and the meminfo-writer is now displayed
in the VM's list of services - but it is unchecked...


brenda...@gmail.com

unread,
Feb 8, 2018, 11:40:51 PM2/8/18
to qubes-devel
On Thursday, February 8, 2018 at 11:50:23 AM UTC-5, Ivan Mitev wrote:
> On 02/08/18 17:31, Yuraeitha wrote:
> >> so, I found some time and created this:
> >>
> >> https://github.com/taradiddles/qubes-notes/wiki/Windows-VM
> >>
> FYI I've just added a "Fresh install on R4" section. It's still a work
> in progress though: I get a cryptic msg in guest-win7-dm.log file a bit
> after the first part of the setup reboots the VM.
>
> qemu: /home/user/qubes-src/vmm-xen-stubdom-linux/build/qemu/exec.c:1187:
> cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <=
> snap->end' failed.

For your win7 HVM VMs:
- Did you add the meminfo-writer service to the services tab and then disable its checkbox?
- Did you make sure the Include in memory balancing checkbox is disabled on the Advanced tab?

Brendan

Ivan Mitev

unread,
Feb 9, 2018, 12:58:24 AM2/9/18
to qubes...@googlegroups.com

> FYI I've just added a "Fresh install on R4" section. It's still a work
> in progress though: I get a cryptic msg in guest-win7-dm.log file a bit
> after the first part of the setup reboots the VM.
>
> qemu: /home/user/qubes-src/vmm-xen-stubdom-linux/build/qemu/exec.c:1187:
> cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <=
> snap->end' failed.


For anybody following the thread - searching the web for a similar error
shows that it could be related to a problem with qemu's VGA [1] (if
that's indeed the problem here, there's a patch from Aug. 2017 [2],
maybe it's not yet in the xen stubdomain source used by qubes).

Thinking it could be related to issue #2488 [3] I tried to use cirrus
instead of (std)vga but the instructions in the issue are specific to
R3.2 and it wasn't immediately clear where to change the configuration
(nothing in `virsh dumpxml vmname` either). Maybe there's simply no way
to use cirrus with the more modern stubdomain used by R4.

Veering way off-topic from the OP - I'll open an issue once I manage to
do more tests.


[1] https://nvd.nist.gov/vuln/detail/CVE-2017-13673
[2] https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
[3] https://github.com/QubesOS/qubes-issues/issues/2488

Yuraeitha

unread,
Feb 9, 2018, 1:27:48 AM2/9/18
to qubes-devel

Speaking of graphic errors, there is another one I noticed that was around in Qubes 3.2. but I noticed it's now also be present in Qubes 4. I did not realize earlier since until last few days, I had not used Windows my self at all on Qubes 4.

The behavior is the interface locking and becoming immune to mouse clicks only (left and right mouse buttons), but keyboard and moving the cursor around still works fine, it's essentially only left+right mouse-buttons that stops working by the looks of it. The odd thing is it's relatively easy to quick-fix, since every time it's happened, clicking the middle mouse-button (or scroll-wheel mouse-button for those few mouses that have this ability), seems to fix this issue, 100%, always.

The problem here is not so much the annoying thing that it happens, especially when it's this easy to fix. But more so if people using Windows are not aware of this quick-fix, and moreover, perhaps not everyone have a mouse with a middle-button or other mouse-button that resets the bug. Worse yet, may be laptop mouse-pads.

Perhaps there are sufficient clues to track another quick-fix for people without a mouse with a middle-button to reset this bug?

It'd also be interesting to see how common this issue is. I've seen it on three vastly different hardware setups running Qubes+Windows. So far if including past Qubes 3.2. installations where the bug also was present, this bug seems common? Does it happen to you as well?

I've seen this issue at least once every Windows start over longer extended use (10+ minutes, and only happens if you click on the Windows interface menu's like folder and menu navigation buttons).

awokd

unread,
Feb 9, 2018, 11:05:58 AM2/9/18
to Ivan Mitev, qubes...@googlegroups.com
On Thu, February 8, 2018 4:50 pm, Ivan Mitev wrote:

>
> IMHO a public wiki - official or not - should not replace the current
> documentation: someone may add unsecure instructions (willingly or not)
> and there will always be users who blindingly copy/paste instructions.

That and divergence between the two sets of documentation, possibly by
neglecting one or the other.

> My idea behind a public wiki was to have a "staging" area that would
> lower the bar for writing official documentation (eg. understanding pull
> requests isn't needed), as well as easing "community" testing/debugging
> (like providing workarounds or step-by-step instructions like now with
> Windows HVMs).

This sounds good; should avoid divergence.

> If after some time the instructions are deemed good
> enough, then they could be pulled into the official docs and removed from
> the wiki.

Will you be handling that step by submitting PRs against the official
docs? How frequently?


bow...@gmail.com

unread,
Feb 9, 2018, 12:27:38 PM2/9/18
to qubes-devel
On Saturday, 3 February 2018 18:58:14 UTC, Yuraeitha wrote:
> On Saturday, February 3, 2018 at 5:06:20 AM UTC+1, Andrew David Wong wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > On 2018-02-02 17:19, Yuraeitha wrote:
> > >
> > > It seems omeg who has been maintaining Qubes-Windows-Tools the last
> > > few years, has gone inactive
> >
> > He is instead working on other projects for ITL's corporate clients,
> > so "inactive" is not quite accurate.
> >
> > > https://github.com/QubesOS/qubes-installer-qubes-os-windows-tools
> > > and thus far, it looks like no one else has picked up the project.
> > >
> >
> > Correct.
> >
> > > If it is not planned to be done any time soon, then that's alright,
> > > I can live with that. I'm already immensely grateful for everything
> > > the Qubes team has done. But it's not so easy for everyone though,
> > > some people are more heavily reliant on Windows than others for
> > > certain applications.
> > >
> > > This post is NOT a complaint or anything of the sorts, but instead
> > > a question to settle expectations on the correct path, instead of
> > > looking every day for a new update, which can be a lot of
> > > uncertainty or for some people even anxiety and frustrations, when
> > > on Qubes 4 without a means to get Windows 7 installed. Essentially
> > > people who need Windows and would love to get Qubes 4, are caught
> > > in-between without any idea when or even if Windows 7 will be
> > > supported anytime in the near-term future.
> > >
> > > In other words, just knowing it won't be anytime soon is in a way
> > > also very good news, because it puts expectations in the right
> > > place instead of uncertainty. Any such news-update on what is going
> > > on with it and what to expect, would be appreciated.
> > >
> >
> > As far as I know, Qubes Windows Tools continues to remain on
> > indefinite hold. We welcome anyone from the community with the
> > requisite skills to take over development (or just pitch in here and
> > there).
> >
> > > Also, I'm not entirely sure regarding the code itself, but it
> > > should be somewhat close to Qubes 4 in the current
> > > Qubes-Windows-Tools? For example the Qubes 3.2. Win7 restored from
> > > backup in Qubes 4, seems to more or less work, somewhat smoothly,
> > > but not perfect. If so, maybe someone else can help with bringing
> > > Qubes-Windos-Tools to Qubes 4? Unfortunately I have no coding
> > > skills of this sort though, otherwise I'd give it a shot.
> > >
> >
> > Sorry, I don't know.
> >
> > - --
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> >
> > -----BEGIN PGP SIGNATURE-----
> >
> > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlp1NS0ACgkQ203TvDlQ
> > MDCZYw//X/AlrUieQTF4ebMSab60xahi5erwpQc87Yzvb7WLLYBEnmY19d60M8IT
> > oOr6p3zroDc+VvwBW4vIcp4S7RUNIDbIyppulW+6eiFunQK8kZGpks+RKfntxwEq
> > Z8MCFeVNCedn43AGc6DCOLFrSsQVUR0LKVGIcI/Lhoe60zdvoMofnlF2hHRzWqvb
> > 9UYuu/Kiqyy8RVyNq1LSNJ4/5jIIFDoxk12Wngc3s22OU5/u6I2vlnUHHwDC/X6n
> > kbWSa8ltdKIOpglWxf34G7G60kdQVLfqw88mFzGUMk02EOeGkErMuG39wzCCGWyA
> > 0Yp+KWeUaTH7mzUVTHR4G0uuWlFx7IaXUWOSJVmuSjItCQ4s7qbZ8A78ajN1aLYd
> > JhhVnM8jzDF8zkrAd6Ez+zRVa9im/m1puck3uNb8Ou6VD0FnRWowl6iz0ijRhXsF
> > A6qgr4jiGqqp3OSvxActu32KbW2ogxrDQThztcJgY1DuhDF/Y6YBHRI9I92udQ6r
> > +A5OKoIKe3cskntkF5lrSawqVtyD+lxuT00gwwJrolj1ixdHt8ufyezvJxDYZJac
> > UIu4y95w4H28YoxCY5bmoMIB5ncl4kskKs7qFpNbVHs4d8GsW1NcT2fxNzslGtsV
> > D7muRf9n/gX3Ui5wNwwjP0gVMD6RrsY4wRdt4Jzk87VVdJIEiXM=
> > =LLLN
> > -----END PGP SIGNATURE-----
>
> Thanks Andrew, this was exactly what I was looking for, much appreciated.
>
> I'm gonna settle in for a plan B as listed below, although it looks really interesting if Elias will be looking into it. Maybe Marek or someone else with insight into the code can help a little bit to get started?
>
> But for the time being, I might try install Qubes 3.2. as a plan B to create some temporary unlicensed clean Win7 Qubes backup's, and see if I can transfer them to various of other Qubes 4 systems. This is mostly needed for my friends though, and I still need to figure out if this is allowed within the use-cases of the Windows 7 license or not, they will use their own licenses.
>
> This method is a bit cumberstone if the code inside the Win7 installed on Qubes 3.2. is buggy and creates unreliable issues, like unreliable transfer of data integrity. Hopefully nothing bad will happen.
>
> Also need different types of Windows 7 copies for different types of licenses, which is a bit problematic, but not impossible.
>
> For now this temporary plan B, this might be a work around to get a new clean Win7 on multiple of different Qubes 4 systems, although a bit cumberstone, and uncertain possibility of data integrity risk.

Hi All,

Thanks for your help in the thread.
On R4, in order to get Win7SP1 64Bit Pro installed I did

qvm-create win7 --class StandaloneVM --property virt_mode=hvm --property kernel="" --property memory=4096 --property maxmem=4096 --property debug=True --label blue
qvm-volume extend win7:root 20g
qvm-features win7 video-model cirrus
qvm-start win7 --cdrom=dom0=loop1

I need now to go through the steps to make sure it fully boots unattended and adapt it so Qubes-Windows-Tools provides as much as it can without changing it...

After that, I'll give a go at the source code but I am not a windows dev... so... I may dream a bit here.

I was not sure if others were at this stage, so hope it is not a duplicate.

Ivan Mitev

unread,
Feb 9, 2018, 12:56:49 PM2/9/18
to qubes...@googlegroups.com


On 02/09/18 18:05, 'awokd' via qubes-devel wrote:
> On Thu, February 8, 2018 4:50 pm, Ivan Mitev wrote:
>
>>
>> IMHO a public wiki - official or not - should not replace the current
>> documentation: someone may add unsecure instructions (willingly or not)
>> and there will always be users who blindingly copy/paste instructions.
>
> That and divergence between the two sets of documentation, possibly by
> neglecting one or the other.
>
>> My idea behind a public wiki was to have a "staging" area that would
>> lower the bar for writing official documentation (eg. understanding pull
>> requests isn't needed), as well as easing "community" testing/debugging
>> (like providing workarounds or step-by-step instructions like now with
>> Windows HVMs).
>
> This sounds good; should avoid divergence.

I fully agree about the divergence issue, that's why I plan to delete
the content on the public page(s) after it's pulled in the official docs.

>> If after some time the instructions are deemed good
>> enough, then they could be pulled into the official docs and removed from
>> the wiki.
>
> Will you be handling that step by submitting PRs against the official
> docs? How frequently?

I've set up the windows HVM wiki page to help other people struggling
with the issues I've been through. It's a bit of an experiment and it
would be interesting to see if other users contribute content to this
specific page, or even add other pages (the latter would be an
indication that something is either missing or difficult to find in the
official docs).

tl;dr; I don't really know how it'll work out, how frequently PRs would
have to submitted - and whether I'll submit them myself or other users
step in, etc.

I saw on qubes-users that you're updating the official documentation,
that's great. I *really* don't want to sound like I'm duplicating some
of your work, or making your work harder. The wiki page is 100% public
so feel free to delete stuff and/or import it in the official document
at your convenience.

BTW I've eventually managed to successfully install Windows 7 in R4 and
I've updated the wiki page accordingly. I see that user
bow...@gmail.com also managed to install a win7 VM with exactly the
same commands, so maybe we've reached a working set of install
instructions and I could submit a PR (or you could copy/paste the
instructions in the official docs).
IMHO, given that people are now trying R4 and Windows HVMs (there's for
instance a post on qubes-users@ by Alex a sec ago) it would be helpful
to post the link of the updated official doc or the temporary wiki page
to the qubes-users@ ML.

Let me know what you think...

Best,
Ivan

awokd

unread,
Feb 9, 2018, 1:10:24 PM2/9/18
to Ivan Mitev, qubes...@googlegroups.com
On Fri, February 9, 2018 5:56 pm, Ivan Mitev wrote:



> I saw on qubes-users that you're updating the official documentation,
> that's great.

Not only me! Some of the documents have already been updated, and others
are being addressed by people with more knowledge in those areas.

> I *really* don't want to sound like I'm duplicating some of
> your work, or making your work harder.

You're definitely not doing either. See
https://github.com/QubesOS/qubes-issues/issues/3495 . I'm listing items
(Windows 7 docs for a relevant example) that I'm skipping because I
haven't used it enough to provide good documentation.

My main concern was that *somebody* was going to push stuff from the wiki
to the docs, and it not just sit out there confusing users with two
knowledge sets. :)



bow...@gmail.com

unread,
Feb 9, 2018, 1:10:51 PM2/9/18
to qubes-devel
Hi, I just saw this post. Apologies, I had already submitted a PR https://groups.google.com/forum/#!topic/qubes-devel/tBqwJmOAJ94
with the minimal change to get the install working.

awokd

unread,
Feb 9, 2018, 1:17:37 PM2/9/18