Archive for the ‘Qubes OS’ Category

#!/bin/bash
# This bash shell script is compatible with Debian 10 Buster running in Qubes OS 4
# Required free disk space: at least 3.5 GB free disk space in / (root) directory
sudo apt update
sudo apt install gnome-software-plugin-flatpak flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak install flathub org.libreoffice.LibreOffice
flatpak install flathub org.onlyoffice
flatpak install flathub com.wps.Office
flatpak update

Imagine you have an AppVM called appvm1 which is based on a TemplateVM called templatevm1 in Qubes OS 4.0

Imagine you get the error “Firewall has been modified manually – please use qvm-firewall for any further configuration.” when trying to use the Firewall rule editor GUI via Qube Manager for the AppVM called appvm1.

Solution procedure so that you can use the firewall rule GUI again for that AppVM:

Inspect the existing list of active firewall rules for your TemplateVM using following command (replacing templatevm1 with the actual name of your TemplateVM):

sudo qvm-firewall templatevm1 list

Run following command several times in Dom0 until there are no rules left for the TemplateVM (replacing templatevm1 with the actual name of your TemplateVM):

sudo qvm-firewall templatevm1 del --rule-no 0

Then run following command to set a single default rule in that virtual machine (replacing templatevm1 with the actual name of your TemplateVM):

sudo qvm-firewall templatevm1 add action=accept

Then run this exact same qvm-firewall procedure for the problematic AppVM appvm1

Then reboot your PC and the firewall GUI should be working fine again.

 

Whonix 13 is approaching end-of-life:

https://www.qubes-os.org/news/2018/08/24/whonix-13-approaching-eol/

So I decided to install Whonix 14 from scratch in Qubes OS 4.0.

I personally had more success installing the new Whonix 14 templates using following procedure (instead of attempting to upgrade from Whonix 13 to Whonix 14) : 

https://www.whonix.org/wiki/Qubes/Install

After installing the new whonix-gw-14 and whonix-ws-14 TemplateVMs, I had to create a new AppVM called sys-whonix-14 and connect sys-whonix-14 to TemplateVM whonix-gw-14. During creation of sys-whonix-14, make sure to enable Networking.

In sys-whonix-14, run
sudo anon-connection-wizard
to set up Tor networking.

Run following commands in Dom0:

qubes-prefs default_dispvm whonix-ws-14-dvm

qubes-prefs updatevm sys-whonix-14

Last step is to set sys-whonix-14 as updatevm in configuration file /etc/qubes-rpc/policy/qubes.UpdatesProxy   in Dom0

Check the new settings in Dom0 by running the command   qubes-prefs (not qvm-prefs)

That should do it.

Hope this helps someone out there 🙂

 

 

 

#!/bin/bash
# Procedure to copy mp3 files from Youtube or Soundcloud playlist to a smartphone
# Prerequisites: Ubuntu 20.04, Debian 10 or newer, bash shell, detox, 
# Prerequisites: aacgain, mp3gain, pip3, python, snap, parallel (to use multi-core processors)
# Prerequisites: Google Chrome Web browser in Debian 10, 
# Prerequisites: AirDroid on Android smartphone, 
# Prerequisites: Cloud Music Player - Listener on Apple iPhone
# Prerequisites: Only ports to keep open for this are the
# DNS or DNS-over-HTTPS port, port 80 and port 443
# Author: Mark Rijckenberg
# Last modification date: 2021/3/26

echo -n "Enter Youtube/Soundcloud playlist URL to convert to mp3 files: " 
read URL

echo -n "Enter full path where mp3 files should be stored: " 
read INSTALLDIR

# update contents of software repositories:
sudo dnf update
sudo DEBIAN_FRONTEND=noninteractive apt update

# select right tool for the job 
DETECTSOUNDCLOUD=`echo $URL | grep soundcloud | wc -l`
echo $DETECTSOUNDCLOUD

if [ $DETECTSOUNDCLOUD -gt 0 ] ; then
    TOOL=scdl
    echo $TOOL
  else
     TOOL=youtube-dl
     echo $TOOL
fi

# install snap (if not installed)
if ! type "snap" > /dev/null; then
sudo DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes  snapd || sudo dnf install snapd
  else
  echo "snap installed"
fi

# install pip3 (if not installed)
if ! type "pip3" > /dev/null; then
sudo DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes  python3-pip || sudo dnf install python3-pip
  else
  echo "pip3 installed"
fi

# install python (if not installed)
if ! type "python" > /dev/null; then
sudo DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes  python-is-python3 || sudo dnf install python-is-python3
  else
  echo "python installed"
fi

# install detox (if not installed)
if ! type "detox" > /dev/null; then
sudo DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes  detox || sudo dnf install detox
  else
  echo "detox installed"
fi

# install ffmpeg (if not installed)
if ! type "ffmpeg" > /dev/null; then
sudo DEBIAN_FRONTEND=noninteractive add-apt-repository --yes ppa:flexiondotorg/audio
sudo DEBIAN_FRONTEND=noninteractive apt update
sudo DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes   ffmpeg || sudo dnf install ffmpeg
  else
  echo "ffmpeg installed"
fi

# install lame (if not installed)
if ! type "lame" > /dev/null; then
sudo DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes  lame || sudo dnf install lame
  else
  echo "lame installed"
fi

# install mp3gain (if not installed)
if ! type "mp3gain" > /dev/null; then
sudo snap install mp3gain || sudo apt install mp3gain || sudo dnf install mp3gain
  else
  echo "mp3gain installed"
fi

# install aacgain (if not installed)
if ! type "aacgain" > /dev/null; then
sudo snap install aacgain || sudo apt install aacgain || sudo dnf install aacgain
  else
  echo "aacgain installed"
fi

# install parallel (if not installed)
if ! type "parallel" > /dev/null; then
sudo DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes   parallel || sudo dnf install parallel
  else
  echo "parallel installed"
fi

if [ $DETECTSOUNDCLOUD -gt 0 ] ; then

# Soundcloud specific:
echo $TOOL
mkdir $INSTALLDIR
cd $INSTALLDIR
pip uninstall scdl 
pip3 uninstall scdl 
sudo rm /usr/local/bin/scdl
pip3 install git+https://github.com/flyingrub/scdl
sudo cp $HOME/.local/bin/scdl  /usr/local/bin/scdl
sudo cp $HOME/.local/bin/scdl  /usr/bin/scdl
$TOOL --addtofile -c -l $URL

  else
  
# Youtube specific:
echo $TOOL
mkdir $INSTALLDIR
rm $INSTALLDIR/$TOOL

# install/upgrade youtube-dl to newest version
# use pip instead of wget if wget command fails:
sudo -H pip install --upgrade youtube-dl || sudo wget https://yt-dl.org/downloads/latest/youtube-dl -O /usr/bin/youtube-dl
sudo chmod a+rx /usr/bin/youtube-dl
sudo chmod a+rx /usr/local/bin/youtube-dl
youtube-dl --version

cd $INSTALLDIR
PLAYLISTNAME=`$TOOL --flat-playlist --no-check-certificate  $URL | egrep -v "just" | egrep "Downloading playlist" | head -n1 | cut -d":" -f2`
PLAYLISTDIR=$(echo $PLAYLISTNAME | tr -d ' '| tr -d '&')
mkdir $INSTALLDIR/$PLAYLISTDIR
cd $INSTALLDIR/$PLAYLISTDIR
$TOOL --postprocessor-args "-threads 6" --restrict-filenames -o '%(title)s.%(ext)s' --no-check-certificate -v  --extract-audio --audio-format mp3 -i  $URL

fi

# rename problematic filenames using detox utility
detox -r $INSTALLDIR

# normalize volume (run 3 times in case mp3gain skips treatment of files during first 2 attempts)
cd $INSTALLDIR
find . -type f | parallel -X "xargs /snap/bin/mp3gain -r -T"
find . -type f | parallel -X "xargs /snap/bin/mp3gain -r -T"
find . -type f | parallel -X "xargs /snap/bin/mp3gain -r -T"

find . -type f | parallel -X "xargs mp3gain -r -T"
find . -type f | parallel -X "xargs mp3gain -r -T"
find . -type f | parallel -X "xargs mp3gain -r -T"

# normalize volume (run 3 times in case aacgain skips treatment of files during first 2 attempts)
find . -type f | parallel -X "xargs /snap/bin/aacgain -r "
find . -type f | parallel -X "xargs /snap/bin/aacgain -r "
find . -type f | parallel -X "xargs /snap/bin/aacgain -r "

find . -type f | parallel -X "xargs aacgain -r "
find . -type f | parallel -X "xargs aacgain -r "
find . -type f | parallel -X "xargs aacgain -r "


echo "Temporarily disable all extensions in Google Chrome webbrowser and reboot your Android smartphone before attempting the .mp3 file transfer from Ubuntu to Android via AirDroid"
echo "The Mozilla Firefox web browser is not (yet) compatible with AirDroid. You have to use Google Chrome."

#############################################################################################################################
# Procedure for installing ReactOS in stand-alone HVM in Qubes OS 3.2
#############################################################################################################################
# Prerequisites: Qubes OS 3.2, PC with at least 4 GB of RAM
#############################################################################################################################
# In dom0, first create a stand-alone HVM called reactos using this command:
qvm-create -H -m 1024 --label=blue reactos
#############################################################################################################################
# Inside AppVM <name_of_AppVM> in Qubes OS 3.2, download following compressed ReactOS installation iso file to /tmp directory:
cd /tmp; wget https://iso.reactos.org/bootcd/reactos-bootcd-0.4.8-dev-99-g23bc0b5-x86-gcc-lin-dbg.7z
# decompress .7z file using unp or another tool that can decompress 7zip files:
unp /tmp/reactos-bootcd-0.4.8-dev-99-g23bc0b5-x86-gcc-lin-dbg.7z
mv /tmp/reactos-bootcd-0.4.8-dev-99-g23bc0b5-x86-gcc-lin-dbg.iso /tmp/reactos.iso
#############################################################################################################################
# in dom0, run this command, replacing <name_of_AppVM> with actual name of AppVM where ReactOS .iso image was downloaded:
qvm-start reactOS --cdrom <name_of_AppVM>:/tmp/reactos.iso
# Keep VESA display resolution at 800x600x32 during install to avoid boot issues later on
# Make sure to select the optimal keyboard layout settings for your country and keyboard
#############################################################################################################################
# To increase the security of the ReactOS HVM, apply following firewall settings to the reactos HVM:
# Deny all network access,except for DNS queries, https via tcp and http via tcp
#############################################################################################################################
# !!! Do NOT manually install any Windows PV drivers from xenproject.org, as it will cause boot errors in the ReactOS HVM !!!
#############################################################################################################################
# Issues:
############################################################################################################################# 
# Sound output not working
# Mouse tracking issue where mouse pointer position is not synchronized with Dom0 mouse pointer
# Excessive CPU usage when using newest Opera web browser, but Youtube works using Opera and 4 virtual CPU cores
# Mozilla Firefox crashes when trying to access Youtube website (severe bug)
# Install of Windows PV drivers from xenproject.org within reactos HVM -> causes boot errors in ReactOS HVM -> so don't do it
# Choosing a lower RAM setting than 1024 MB for the ReactOS HVM or choosing a screen resolution higher than 800x600x32 
# during install may cause ReactOS to fail to boot or show any icons on the desktop
# Only attempt to increase screen resolution via ReactOS control panel (not any other way) after install is finished
# Etc...
#############################################################################################################################