Qubes OS 4.2 Signed Weekly Builds

Hello @fepitre

I see last weekly iso is from 8 of august and we are the 23rd.
I was hoping to see core-agent-linux v4.2.19 (r4.2) · Issue #3940 · QubesOS/updates-status · GitHub fixed but commented at core-agent-linux v4.2.19 (r4.2) · Issue #3940 · QubesOS/updates-status · GitHub fixing Newly populated private volumes don’t get proper SELinux labels · Issue #8242 · QubesOS/qubes-issues · GitHub.

I then opened Qubes-4.2.202308081030-x86_64 doesn't boot from ISO (Heads) · Issue #8443 · QubesOS/qubes-issues · GitHub

Can’t wait to test 4k templates and test for BRTFS/TLVM speed comparisons, fwupd support and wyng-backups (TLVM<->BRTFS) restoration over BRTFS with bees deployed to see deduplication of restored VMs and templates.

Where are Q4.2 testing reports and discussions? I am part of the testing team but I see no activity there. Maybe there is issues with my account? @deeplow ? No 4.2 testing category, just this post About the 4.2 Testing category ?

Unfortunately there hasn’t been too much activity there .

To this point, I do find a few more 4.2 discussions in 4.2 Testing category. But the last activity is from July.

I opened a threat for the members of the testing team to ask about their thoughts on how to make it work for them:

@deeplow how do you interpret that fact?

I am trying to test 4.2 on a librem 14 laptop, but have no access to post in the testing group, so while I want to contribute, I am not really able to. I’m been using qubes for a little over a year and I am a habitual alpha/beta tester so I’d be happy to help.

My first run at 4.2 didn’t last long though, because after install the laptop just gets stuck in an infinite loop immediately following the blue qubes boot screen, so I’m back to 4.1 for now until I figure out what is going on.

Thank you for contributing! Please have a look at the instructions for joining the testing team here:

I’m not sure, but I proposed an idea here.

Note: next weekly builds will boot from ISO on next builds.

Last openqa build booted from Heads today, with user having to detach sign manually with his own key and having to validate integrity first manually.

This is why we love detached signatures after all: They do both in one step: validating integrity and authenticity at once.

Trace: Installer fails to boot from USB stick with with ISO file on it · Issue #8422 · QubesOS/qubes-issues · GitHub

Created an issue specific to installer related problem that cannot be resooved but by reinstalling Track installer related bugs and needed packages (templates versions including needed packages) · Issue #8449 · QubesOS/qubes-issues · GitHub

The latest weekly build, Qubes-4.2.202308260643-x86_64.iso, doesn’t recognize my AX201 WiFi card. And I don’t have access to a LAN to check a wired connection. fyi

Happy testing!

switching sys-net to debian template fixed that for me.

Point is that this mitigation should not be needed anymore from Qubes-4.2.202308270121-x86_64.iso on, including the latest rc3

https://qubes.notset.fr/iso-testing/

Torrents NOT working AGAIN. Stalled!

Please open a Tribler Channel or post on i2p. If you don’t check your torrents, I will try calling you names AGAIN… remember. You deserve it!

This is a personal repo, no obligation that anything works on it, that’s the whole point of “testing”.
If you want Qubes 4.2, download the torrent file from the official website.

That would be a CoC violation with intent and announcement: instaban.

Ask nicely or do something to improve the situation yourself. Entitled foul mouths are not welcome and won’t be tolerated. This is an official warning.

Would it be possible @deeplow @marmarek for the Weekly Builds Signing Key to be signed by the (Ultimately trusted) Qubes Master Signing Key? Or any other key connected to the Qubes project?

Now that Testing new releases and updates | Qubes OS is recommended on the Qubes website, this would encourage good security practices around distrusting the infrastructure. Esp. since qubes.notset.fr distributes both the .iso files and the signing .key, and doesn’t even use HTTPS

Thank you!

It has https support.

@qc0 I can confirm this. The redirection is not automatic on the first visit, but if you ask for HTTPS, you get it: https://qubes.notset.fr/

And HSTS is enabled, so your browser should upgrade to HTTPS automatically on subsequent visits. (source)

Note that I don’t think any of this makes your point moot! (Even if I suspect that the solution you propose may not be practical, but I’ll let folks who know, rather than suppose answer that.)

By the QMSK? No. They are images built outwith the build infrastructure
AFAIK. fepitre has been clear about the build infrastructure and risks.
They are , however, signed by fepitre-bot.

It does use HTTPS