You'll only receive email when 6672 publishes a new post

Turning off Gnome Keyring Password Prompt in QubesOS

"The login keyring did not get unlocked when you logged into your computer"

I use Evolution to access remote calendars in a QubesOS AppVM, and Evolution stores passwords in the gnome keyring. I had that damned keyring password prompt turned off, and it came back somehow, all by itself. I find it hard to like Gnome and it's spawn.

The way I turned it off THIS time is with seahorse:

https://askubuntu.com/questions/867/how-can-i-stop-being-prompted-to-unlock-the-default-keyring-on-boot

Just find the "Login" somewhere in the seahorse UI, then "change password". You will need to enter your Qubes login password, which somehow made it into the AppVM. Then at the new password prompt just leave the two fields blank.

Solved for another year?

Wireguard VPN

Wireguard VPN so far penetrates the Great FireWall for me quite reliably. (I am currently using the Digital Ocean data center in Singapore.)

Easily provision / reprovision a temporary Wireguard service on a cloud server using Algo:

https://github.com/trailofbits/algo/

If you are using Digital Ocean, very easily turn your VPN server on (less than one cent per hour, max five dollars per month) and off (costs almost nothing to hold in a standby "off" state) using the "DO Swimmer" app off of Fdroid:

https://f-droid.org/en/packages/com.yassirh.digitalocean/

To use WireGuard on Android, install the WireGuard app

https://f-droid.org/en/packages/com.wireguard.android/

and simply scan the server-specific QR code provided by Algo. To use WireGuard on Debian unstable,

apt-get install wireguard wireguard-dkms wireguard-tools

Then grab the debian.conf (or whatever you called it) config file from Algo and copy it to (for instance)

/etc/wireguard/wg0.conf

Turn on your Debian wireguard VPN (as root) with

wg-quick up wg0

and observe the wg0 interface in ifconfig output. wg-quick automatically sets up a default route to the wg0 connection.

WireGuard is coming soon to the Qubes kernel, test for kernel readiness in Qubes with:

ip link add dev wg0 type wireguard

QubesOS Storage Pool Management

There are some areas of QubesOS[1] that are a little bit obscure, and the storage pools (particularly if you have more than one, which is quite normal if you have more than one disk) are one of those areas.

List your existing pools with:

qvm-pool

and find out the name of the actual thin pools that Qubes 4 uses with

qvm-pool -i

which, if you are curious, can then be correlated (one each) with a particular LVM logical volume listed thusly:

sudo lvs

At this point in time, the Qubes 4 installer is creating a default thin_pool named "pool00" which contains dom0 and any appvms that were created in the normal way without explicitly specifying a different pool.

To specify the pool which holds a new appvm, use the -P switch:

qvm-create -P platter_qubes --label blue

where "platter_qubes" is my secondary / storage big spinning disk, not my little SSD holding dom0.

[1] https://www.qubes-os.org/