Introduction
Weekly review of new packages uploaded to Qubes OS repositories. Notes on how it is prepared and what resources are used to write this newsletter is available in previous versions
Alphabetically sorted list of new packages uploaded to Qubes OS repositories
kernel-latest-6.9.10-1.qubes.fc32.x86_64.rpm
kernel-latest-6.9.10-1.qubes.fc37.x86_64.rpm
kernel-latest-devel-6.9.10-1.qubes.fc32.x86_64.rpm
kernel-latest-devel-6.9.10-1.qubes.fc37.x86_64.rpm
kernel-latest-modules-6.9.10-1.qubes.fc32.x86_64.rpm
kernel-latest-modules-6.9.10-1.qubes.fc37.x86_64.rpm
kernel-latest-qubes-vm-6.9.10-1.qubes.fc32.x86_64.rpm
kernel-latest-qubes-vm-6.9.10-1.qubes.fc37.x86_64.rpm
qubes-core-dom0-linux-4.2.27-1.fc37.x86_64.rpm
qubes-core-dom0-linux-kernel-install-4.2.27-1.fc37.x86_64.rpm
qubes-core-dom0-vaio-fixes-4.2.27-1.fc37.x86_64.rpm
qubes-gpg-sign-1.0.0-1.fc40.x86_64.rpm
qubes-gpg-sign_1.0.0-1+jammy1_amd64.deb
qubes-gpg-sign-1.0.0-1-x86_64.pkg.tar.zst
qubes-gpg-sign-debug-1.0.0-1-x86_64.pkg.tar.zst
Highlights
- Selecting software rending (Cairo) by default.
- The new qubes-gpg-sgin
Details
-
core-agent-linux v4.2.36 (r4.2)
. 1st part of setting Software Rendering as the default. This is necessary as OpenGL and Vulkan renderers expect presence of GPU HW to function properly these days (see a related Github Issue). Their software rendering could be broken and they even might crash. The workaround is to revert to the old deprecated (but proven) Cairo renderer. Even though Cairo has been unmaintained for over a decade (see related discussion on unfamous orange site), it is still a highly viable solution. Without this patch, the Fedora (GNOME) template is almost useless.
If you have a qube with dedicated GPU pass-through, you will need to disablesoftware-renderingservice for it.
. Some fixes from last weeks which were tested in r4.3 before being ported to r4.2
. DNS leakage when only one DNS is set in a NetVM
. RemovingQubesOS Edit in DisposableVMfrom list of available packages
. Missing distro-info-data to set EOL date for Debian minimal template
. Limit initramfs size to fix booting with limited memory size
. Manual for qvm-move(1) -
gui-agent-linux v4.2.16 (r4.2)
Adding a dependency for Archlinux template.
2nd and major part of setting Software Rendering as default. -
app-linux-gpg-sign v1.0.0 (r4.2)
We have major work here. qubes-gpg-sign is different from'qubes-gpg-split'.
qubes-gpg-sign description:
The Qubes service for delegating GnuPG signing. You can keep keys in
secure (even network isolated) VM and only pass data to it for
signing/decryption. Compared to qubes-gpg-split, this service focuses
on simplicity and minimal attack surface. The client is required to
specify the exact fingerprint of the key they wish to use for signing
as the service argument, allowing qrexec policy to limit which qubes can
use which keys.
-
linux-kernel-latest v6.9.10-1-latest (r4.1, r4.2 & r4.3)
As usual, the details of Linux kernel weekly updates are available via Greg Kroah-Hartman announcements on LWN.net.
One of the fixes and the related patch is essential for the owners of Novacustom v5xx laptops and some other laptops with Intel I219 Ethernet controllers. -
core-admin-linux v4.2.27 (r4.2)
See last week report (on r4.3 release).
Epilogue
I have received a lot of heartwarming messages last week. Thank you very much for your messages.
