Failure to attach first device to networked AppVM

Hello and Happy Wednesday. I’m having a nice day, and there’s a little bit of free time to sort out some things which I’ve been putting off sorting out for a while now because there are ways around some problems, even if it can be just a little bit annoying working with some sort of mysterious imperfection that takes unnecessary time in the process. That is not why we have computers. Computers are meant to save time in the process.

The one I came to write about today is about attaching block devices to AppVMs. Specifically AppVMs which are networked, because this problem does not present itself when I attach hard disk partitions to the couple of AppVMs which are not networked. Only the AppVMs which are, and that is something worth expanding on to begin with, because the first guess that comes to mind is that there might be some weird configuration error in the template. So let me begin there, and list the several templates concerned:

  1. debian-10b — is for the Base AppVM which is not networked and OK.
  2. debian-10f — is for firewalled Web-Bank & Web-Mail AppVms - ERROR.
  3. debian-10i — is for all other eight(8) networked AppVMs - ERROR.
  4. debian-10p — is for the Play AppVM which is not networked and OK.

That there are two(2) separate templates for both online and offline AppVMs and that all the online AppVMs produce this error regardless of which template is used and that both offline AppVMs do not produce this error and each has a different template leads me to believe that it is unlikely to be an error based on the template configuration.

Except for one obvious possibility. That the debian-10b (Base) and debian-10i (Internet) templates were both cloned from the standard debian-10 template, and then the debian-10p (Play) and debian-10f (Firewall) were then cloned from 10b and 10i respectively. So, if I made an error configuring debian-10i template, then that error would likely have been inherited by debian-10f, to infect all networked (online) AppVMs.

That possibility seems unlikely though, because I cannot find any section of the Qubes Settings that allows for NOT attaching the first device selected. Nope, it’s quite strange indeed.

Now you know which AppVMs produce the error, (all online / networked), and which AppVMs do not, (both offline), it is probably about time I explained what this error actually is, and that might include the need to list the devices concerned, but first I shall try to concisely describe this mysterious and annoying but not terminal error.

It’s only with the online/networked AppVMs. The offline AppVMs work as perfectly as they all did back when I was running Qubes OS 3.2.

When I attach a device, (HDD partition) to an AppVM, and Caja is open displaying the Computer directory listing, which defaults to ‘File System’, if it is the Base or Play AppVMs, that new HDD device quickly appears in Caja’s RHS listing above the ‘File System’ item. This is wonderful because it is exactly what a computer operating system is supposed to do.

However, to try and do the same thing in one of the networked AppVMs, to attach a HDD partition, be it a partition on the laptop HDD, or a partition on the external USB HDD, be it encrypted or not, nothing shows up in the Caja Computer directory listing. ;-(

Strangely enough, if that invisible partition is left attached to the AppVM and then another partition, either on the same physical device or another, is also attached, then that second partition WILL display in the Caja Computer list all willing and able to mount … but the first partition remains invisible, and is not listed in anything like /media/user/… (my localhost user name is ‘user’), or anywhere else I can find in the filesystem.

The trick to overcome this is to always attach some partition or other that is NOT required before attaching the partition/s that is/are. It is no major problem if one is willing to tolerate a malfuctioning system, but it gets on my fracking nerves, to put it nicely.

On the Base and Play offline AppVMs, all the devices do what they’re told first time every time, just like all the AppVMs did in Qubes OS 3.2.

What could it possibly be that is making my online networked AppVMs so recalcitrant about attaching a blimmen hard disk partition then?