You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running make template inside this repository generates an RPM, which installs cleanly in dom0, but cannot be used as part of the SDW VM setup.
Symptoms
After installing, and on every start of the VM, Qubes throws a very scary warning about potential compromise:
Current hypothesis is that the GUI event referenced in the warning message is related to the GUID logs. Compare the results from the old, circa 2018-10 RPM of the securedrop-workstation TemplateVM, with those from a newer version.
Additionally, apps cannot run on the TemplateVM. For instance, qvm-run securedrop-workstation gnome-terminal does not start a terminal window. For comparison, qvm-run -p securedrop-workstation 'echo hello' does render output, confirming that the VM is indeed running, and can be connected to.
Steps to reproduce
Run make template inside this repo
Copy the RPM to dom0 (qvm-run -p sd-dev 'cat path/to/rpm' > qubes-template.rpm)
Install RPM in dom0: sudo rpm -i qubes-template.rpm
Try to run a terminal, observe no terminal rendered: qvm-run securedrop-workstation gnome-terminal
Initial analysis
There's likely been divergence in the upstream Qubes template building logic that we must adapt to. It's worth noting that installing the old 20181004 template, then upgrading all packages to the latest and rebooting, does not show any of the above errors—further favoring the build logic as the likely culprit.
It would also be worth tracking down precisely which codepath generates the GUI warning shown above. It seems reasonable it's monitoring the GUID logs, embedded above, but haven't confirmed that yet.
Even when skipping the custom kernel steps in the test plan above, meaning the VM runs the Qubes-provided kernels, the problems persist.
The text was updated successfully, but these errors were encountered:
Running
make template
inside this repository generates an RPM, which installs cleanly in dom0, but cannot be used as part of the SDW VM setup.Symptoms
After installing, and on every start of the VM, Qubes throws a very scary warning about potential compromise:
Current hypothesis is that the GUI event referenced in the warning message is related to the GUID logs. Compare the results from the old, circa 2018-10 RPM of the
securedrop-workstation
TemplateVM, with those from a newer version.Qubes guest logs from 20181005
Qubes guest logs from 20190412
Additionally, apps cannot run on the TemplateVM. For instance,
qvm-run securedrop-workstation gnome-terminal
does not start a terminal window. For comparison,qvm-run -p securedrop-workstation 'echo hello'
does render output, confirming that the VM is indeed running, and can be connected to.Steps to reproduce
make template
inside this repoqvm-run -p sd-dev 'cat path/to/rpm' > qubes-template.rpm
)sudo rpm -i qubes-template.rpm
qvm-prefs -s securedrop-workstation virt_mode hvm && qvm-prefs -s securedrop-workstation kernel ''
qvm-run securedrop-workstation gnome-terminal
Initial analysis
There's likely been divergence in the upstream Qubes template building logic that we must adapt to. It's worth noting that installing the old 20181004 template, then upgrading all packages to the latest and rebooting, does not show any of the above errors—further favoring the build logic as the likely culprit.
It would also be worth tracking down precisely which codepath generates the GUI warning shown above. It seems reasonable it's monitoring the GUID logs, embedded above, but haven't confirmed that yet.
Even when skipping the custom kernel steps in the test plan above, meaning the VM runs the Qubes-provided kernels, the problems persist.
The text was updated successfully, but these errors were encountered: