Proprietary application needs activation in each VM. But DVM?

[Franz]

A proprietary application (Softmaker Office) even if installed in template then needs activation in each VM. After activation it puts some files in home folder and works as expected and it is all OK.

But Disposable VM? Any activation is lost at next start. Is there a way to have the activation files persistent in the home folder?

Best

Fran

[Unman]

Start the DispVM template and activate the application there.
touch ~/.qubes-dispvm-customized
regenerate the DispVM template

It's covered here:
www.qubes-os.org/doc/dispvm-customization

unman

[Franz]

 

Thanks unman, but nothing seems to change after that.  I activated the application inside DispVM, Also changed some "open with" nautilus defaults. Than created the empty file in DispVM, closed the DispVM and regenerated the DispVM in dom0.  Correct?
 

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170831142649.3h5vic7mnpgarjmo%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[Unman]

On Thu, Aug 31, 2017 at 02:49:22PM -0300, Franz wrote:
> On Thu, Aug 31, 2017 at 11:26 AM, Unman <un...@thirdeyesecurity.org> wrote:
>
> > On Thu, Aug 31, 2017 at 07:20:29AM -0300, Franz wrote:
> > > A proprietary application (Softmaker Office) even if installed in
> > template
> > > then needs activation in each VM. After activation it puts some files in
> > > home folder and works as expected and it is all OK.
> > >
> > > But Disposable VM? Any activation is lost at next start. Is there a way
> > to
> > > have the activation files persistent in the home folder?
> > >
> > > Best
> > > Fran
> > >
> >
> > Start the DispVM template and activate the application there.
> > touch ~/.qubes-dispvm-customized
> > regenerate the DispVM template
> >
> > It's covered here:
> > www.qubes-os.org/doc/dispvm-customization
> >
> >
>
> Thanks unman, but nothing seems to change after that. I activated the
> application inside DispVM, Also changed some "open with" nautilus
> defaults. Than
> created the empty file in DispVM, closed the DispVM and regenerated the
> DispVM in dom0. Correct?
>

If by DispVM, you mean the DispVM template, then that's exactly right.

When you open a terminal in a disposableVM, can you see the .qubes-dispvm-customized
file that you created in the dispVm template? (When I customise a dispVM
Template I always create a file that isn't hidden, listing the changes.
That way I can be sure that subsequent changes are being captured.)

If this is the case, then it's possible that your application is
checking some feature that ISN'T common between the disposableVMs - disk
signatures, MAC address perhaps?

[7v5w7go9ub0o]

In the old days, one could run a script which would start a generic
dispvm; copy in (from, say, vault) the necessary executable and user
files necessary to run a program; and start the dispvm.

When all done, the script would be signaled to copy any updated user
files (typically text) back to the vault.

[Franz]

On Thu, Aug 31, 2017 at 5:57 PM, Unman <un...@thirdeyesecurity.org> wrote:

On Thu, Aug 31, 2017 at 02:49:22PM -0300, Franz wrote:
> On Thu, Aug 31, 2017 at 11:26 AM, Unman <un...@thirdeyesecurity.org> wrote:
>
> > On Thu, Aug 31, 2017 at 07:20:29AM -0300, Franz wrote:
> > > A proprietary application (Softmaker Office) even if installed in
> > template
> > > then needs activation in each VM. After activation it puts some files in
> > > home folder and works as expected and it is all OK.
> > >
> > > But Disposable VM? Any activation is lost at next start. Is there a way
> > to
> > > have the activation files persistent in the home folder?
> > >
> > > Best
> > > Fran
> > >
> >
> > Start the DispVM template and activate the application there.
> > touch  ~/.qubes-dispvm-customized
> > regenerate the DispVM template
> >
> > It's covered here:
> > www.qubes-os.org/doc/dispvm-customization
> >
> >
>
> Thanks unman, but nothing seems to change after that.  I activated the
> application inside DispVM, Also changed some "open with" nautilus
> defaults. Than
> created the empty file in DispVM, closed the DispVM and regenerated the
> DispVM in dom0.  Correct?
>

If by DispVM, you mean the DispVM template, then that's exactly right.

Template? Now I'm getting confused. The tutorial you showed me tells to do:

[user@dom0 ~]$ qvm-run -a fedora-23-dvm gnome-terminal

Since my DispVM is based on template debian-8-multimedia, I did:

qvm-run -a debian-8-multimedia-dvm gnome-terminal

Is this a template?

Anyway did the changes, created the .qubes-dispvm-customized file,  poweroff. Regenerated the DispVM
qvm-create-default-dvm debian-8-multimedia

or am I wrong and should instead use debian-8-multimedia-dvm

such as

qvm-create-defaul-dvm debian-8-multimedia-dvm

I have not tried it fearing to break everything, but this second option seems to make more sense.

 

When you open a terminal in a disposableVM, can you see the .qubes-dispvm-customized
file that you created in the dispVm template?

not sure I am able to do that with a terminal, but with nautilus and ctrl+h hidden files appear, but .qubes-dispvm-customized is NOT present

 

(When I customise a dispVM
Template I always create a file that isn't hidden, listing the changes.
That way I can be sure that subsequent changes are being captured.)

Yes the difference is that you understand what you are doing  and I cannot even imagine what this non hidden file may be.

 

If this is the case, then it's possible that your application is
checking some feature that ISN'T common between the disposableVMs - disk
signatures, MAC address perhaps?

And setting viewnior  as defult "open with" option for opening .png and .jpg also checks MAC address? It is just that I am doing something stupid.

Anyway I tried to start again debian-8-multimedia-dvm  and the empty file is there, still empty. Also there is a folder and an hidden file from Softmaker that do not appear on normal DispVMs


[Unman]

On Thu, Aug 31, 2017 at 09:55:46PM -0300, Franz wrote:
> >
> Template? Now I'm getting confused. The tutorial you showed me tells to do:
>
> [user@dom0 ~]$ qvm-run -a fedora-23-dvm gnome-terminal
>
> Since my DispVM is based on template debian-8-multimedia, I did:
>
> qvm-run -a debian-8-multimedia-dvm gnome-terminal
>
> Is this a template?

DisposableVms in 3.2 are based on a DVMTemplate, which is generated from
an ordinary template.

>
> Anyway did the changes, created the .qubes-dispvm-customized file,
> poweroff. Regenerated the DispVM
> qvm-create-default-dvm debian-8-multimedia
>
> or am I wrong and should instead use debian-8-multimedia-dvm

No, you are right.

>
> such as
>
> qvm-create-defaul-dvm debian-8-multimedia-dvm
>
> I have not tried it fearing to break everything, but this second option
> seems to make more sense.

No it doesnt, if you think about the Template - DVMTemplate - disposableVM pattern.

>
>
> > When you open a terminal in a disposableVM, can you see the
> > .qubes-dispvm-customized
> > file that you created in the dispVm template?
>
>
> not sure I am able to do that with a terminal, but with nautilus and ctrl+h
> hidden files appear, but .qubes-dispvm-customized is NOT present
>

In that case you need to regenerate the DVMTemplate.

>
>
> > (When I customise a dispVM
> > Template I always create a file that isn't hidden, listing the changes.
> > That way I can be sure that subsequent changes are being captured.)
> >
> >
> Yes the difference is that you understand what you are doing and I cannot
> even imagine what this non hidden file may be.
>

It's ANY file that you like - When you customise the DVMTemplate,
create a file README, and write in it what you have done.
If you make more changes add description to that file.
Then any disposableVM will contain a README in /home/user showing what
custom changes you have made.

> > If this is the case, then it's possible that your application is
> > checking some feature that ISN'T common between the disposableVMs - disk
> > signatures, MAC address perhaps?
> >
>
> And setting viewnior as defult "open with" option for opening .png and
> .jpg also checks MAC address? It is just that I am doing something stupid.
>
> Anyway I tried to start again debian-8-multimedia-dvm and the empty file
> is there, still empty. Also there is a folder and an hidden file from
> Softmaker that do not appear on normal DispVMs
>

This shows that your disposableVMs are not using the updated
DVMTemplate.
Whenever this issue has come up in the past, it's invariably been solved
by a slow and methodical approach.
Make sure that the DVMTemplate has customisations and the
.qubes-dispvm-customized file in /home/user (It does, you say.)
Close down the DVMTemplate.
Wait.
Regenerate the DVMTemplate (as you have).

If this doesnt work, then try closing all disposableVMs, qvm-remove the
debian-8-multimedia-dvm, and start again.

[Franz]

I rebooted the whole computer, did what you suggested, but what is strange is that when I start the normal DispVM it starts immediately and the usual screen (telling that the first time it is slow, but later will be faster) does not appears. Is that expected?

Any way the DispVM does not contain the files that are in the DispVM-template, particularly the softmaker folders and the hidden .qubes-dispvm-customized

[Unman]

You havent said what you did - ie which of the methods I suggested you
acted upon.

If the disposableVM does not contain the files that are in the
DispVM Template then there's something seriously wrong - either in what
you are doing or in the code. I suspect it's the former.

Did you delete all the files and start again from scratch?
What happens when you run qvm-create-default-dvm?

[Franz]

On Mon, Sep 4, 2017 at 9:30 PM, Unman <un...@thirdeyesecurity.org> wrote:

On Mon, Sep 04, 2017 at 07:37:10PM -0300, Franz wrote:

> Sorry Unman you are right
> I did
> qvm-remove debian-8-multimedia-dvm
> then rebooted the computer
> then
> qvm-create-default-dvm debian-8-multimedia
>
> then
> qvm-run -a debian-8-multimedia-dvm gnome-terminal
>
> then checked which files were present. The softmaker folder was there, but
> the .qubes-dispvm-customized was not, so created it with touch
>
> then in terminal wrote shutdown and it closed.
>
> then started the standard dispvm which contains neither the softmaker
> folder nor the .qubes.... file
>
>

After you have created the .qubes-dispvm-customized file, and shutdown
the DVMTemplate,  you have to regenerate the dispVMTemplate by running
qvm-create-default-dvm debian-8-multimedia again. You dont mention this step.

 
No I did not understood you have to repeat it after the changes to incorporate them.

This last step does not work. I am getting an error here:

connecting to VM's GUI agent....................time out

Error: cannot start qubes-guid

Best

Fran

>
> If the disposableVM does not contain the files that are in the
> > DispVM Template then there's something seriously wrong - either in what
> > you are doing or in the code. I suspect it's the former.
> >
> > Did you delete all the files and start again from scratch?
> >
>

> All the files? Which files? I deleted only the DispVM template

>
>
> > What happens when you run qvm-create-default-dvm?
> >
>

> It finishes with DVM savefile created successfully
> ----
> To be sure today I repeated all that again,
> aldo tired another way to shutdown the dispVM template using
> qvm-shutdown debian-8-multimedia-dvm
>
> I am very sorry to bother you Unman, but the result is always the same: the
> standard dispVM does not contain the files that are in the home folder of
> the dispVM template.
>
> Well Unman, it is not so strange after all: all applVM do NOT contain the
> files that are in the home folder of the template from which they depend.
> So it is standard behavior. Why the dispVM should perform otherwise?
>
> Best
> Fran

The dispVM is designed to work differently if the
.qubes-dispvm-customized file is present in the home folder, just so
that you CAN customize the disposableVM, and have files appearing in all
the disposableVMs.
What would be strange would be if this didnt work for you.

[Unman]

OK, that's the principal issue resolved. You need to run
qvm-create-default-dvm again AFTER making your customizations.

As to the failure to starts qubes-guid I suspect that some of the
changes you have made to the template are causing this. You may find
some help in the logs, or you may be able to connect using xl console,
and see what has happened.

Alternatively, you could break down the customization in to discrete steps
(or groups of steps), and see if you can isolate the issue like that.

unman

[Franz]

Thanks Unman, but all that seems very difficult to do.  I did nothing strange to the template, just installed applications.  It seems new Qubes release 4 uses different way to manage dispvms, so possibly it will work there once the final release is ready. Is this reasonable?

unman

[Unman]

Yes, 4 has a different approach to disposableVMs, but whatever you have
done breaks qubes-guid, and it seems likely to me that it will break
things in 4 as well.
Your call.