Can you post the output - just the “menu” lines.
1 Like
Qvm-Features template-openvpn
default-menu-items menu-items
debian-xterm.desktop
netvm-menu-items
debian-xterm.desktop debian-xterm.desktop
grexec
1
supported-service.qubes-update-check
1
supported-service.crond
1
supported-service.meminfo-writer
1
supported-service.updates-proxy-setup
1
supported-service.clocksync
1
OS
Linux
gui
1
qubes-firewall vmexec
1
template-name
debian-11-minimal
template-epoch template-version template-release template-reponame template-buildtime template-installtime template-license template-url template-summary template-description
4.0.6
202108191622
qubes-templates-itl
2021-08-19 19:38:15
2022-08-29 19:42:55
GPL
Qubes template for debian-11-minimal Qubes template for debian-11-minimal
qvm-features sys-vpn
menu-items
qubes-open-f1le-manager. desktop qubes-run-terminal. desktop qubes-start.desktop debian-uxterm.desktop vim.desktop debian-xterm.desktop
servicevm
service.cups
service.cups-browsed
service.tinyproxy
default-menu-items
vpn_setup.desktop debian-xterm.desktop
I cant reproduce this.
I set the template applications as you seem to have done.
Install the package - refresh the application list in sys-vpn and I
end up with a menu with VPN-setup and xterm.
I don’t get the long menu list you report - that seems to show that the
menu hasn’t been processed at all. I don’t know why this should be.
In the meantime, open a terminal in sys-vpn and run the set up script by
hand. ./install.sh
1 Like
Yeah, I get again the same password request:sweat_smile: even when I reinstall the manager and the vpn qube I came to the same error 
maybe I try to install the vpn by my own.
I even get the error message when I try to refresh the application list:
Command‘['qvm-sync-appmenus‘,‘sys-vpn‘] returned non-zero exit status 1.
As I’ve said, this suggests that the packages aren’t being installed in
to the template.
It would be incredibly helpful if you could send me your log files
- you can get them from dom0:
qvm-copy-to-vm TARGET /var/log/qubes/mgmt-template-openvpn.log
qvm-copy-to-vm TARGET /var/log/qubes/mgmt-sys-vpn.log
Where TARGET is a qube you can send me from.
Happy to have a PM from you.
'state.apply openvpn.client_install'
2022-08-29 21:44:04,905 calling 'state.apply openvpn.client_install' ...
2022-08-29 21:44:37,096 output: sys-vpn:
2022-08-29 21:44:37,097 output: ----------
2022-08-29 21:44:37,097 output: ID: /rw/config/rc.local
2022-08-29 21:44:37,097 output: Function: file.managed
2022-08-29 21:44:37,097 output: Result: True
2022-08-29 21:44:37,097 output: Comment: File /rw/config/rc.local updated
2022-08-29 21:44:37,097 output: Started: 21:44:36.252431
2022-08-29 21:44:37,097 output: Duration: 37.12 ms
2022-08-29 21:44:37,097 output: Changes:
2022-08-29 21:44:37,097 output: ----------
2022-08-29 21:44:37,097 output: diff:
2022-08-29 21:44:37,097 output: ---
2022-08-29 21:44:37,097 output: +++
2022-08-29 21:44:37,097 output: @@ -1,10 +1,8 @@
2022-08-29 21:44:37,097 output: -#!/bin/sh
2022-08-29 21:44:37,097 output: +#!/bin/bash
2022-08-29 21:44:37,097 output: +systemctl unmask openvpn
2022-08-29 21:44:37,097 output: +VPN_CLIENT='openvpn'
2022-08-29 21:44:37,097 output: +VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon'
2022-08-29 21:44:37,097 output:
2022-08-29 21:44:37,097 output: -# This script will be executed at every VM startup, you can place your own
2022-08-29 21:44:37,098 output: -# custom commands here. This includes overriding some configuration in /etc,
2022-08-29 21:44:37,098 output: -# starting services etc.
2022-08-29 21:44:37,098 output: -
2022-08-29 21:44:37,098 output: -# Example for overriding the whole CUPS configuration:
2022-08-29 21:44:37,098 output: -# rm -rf /etc/cups
2022-08-29 21:44:37,098 output: -# ln -s /rw/config/cups /etc/cups
2022-08-29 21:44:37,098 output: -# systemctl --no-block restart cups
2022-08-29 21:44:37,098 output: +su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
2022-08-29 21:44:37,098 output: +groupadd -rf qvpn ; sleep 2s
2022-08-29 21:44:37,098 output: +sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"
2022-08-29 21:44:37,098 output: ----------
2022-08-29 21:44:37,098 output: ID: /rw/config/qubes-firewall-user-script
2022-08-29 21:44:37,098 output: Function: file.managed
2022-08-29 21:44:37,098 output: Result: True
2022-08-29 21:44:37,098 output: Comment: File /rw/config/qubes-firewall-user-script updated
2022-08-29 21:44:37,098 output: Started: 21:44:36.289650
2022-08-29 21:44:37,098 output: Duration: 3.989 ms
2022-08-29 21:44:37,098 output: Changes:
2022-08-29 21:44:37,098 output: ----------
2022-08-29 21:44:37,098 output: diff:
2022-08-29 21:44:37,098 output: ---
2022-08-29 21:44:37,098 output: +++
2022-08-29 21:44:37,098 output: @@ -1,11 +1,26 @@
2022-08-29 21:44:37,098 output: -#!/bin/sh
2022-08-29 21:44:37,099 output: +#!/bin/bash
2022-08-29 21:44:37,099 output: +# Block forwarding of connections through upstream network device
2022-08-29 21:44:37,099 output: +# (in case the vpn tunnel breaks):
2022-08-29 21:44:37,099 output: +iptables -I FORWARD -o eth0 -j DROP
2022-08-29 21:44:37,099 output: +iptables -I FORWARD -i eth0 -j DROP
2022-08-29 21:44:37,099 output: +ip6tables -I FORWARD -o eth0 -j DROP
2022-08-29 21:44:37,099 output: +ip6tables -I FORWARD -i eth0 -j DROP
2022-08-29 21:44:37,099 output:
2022-08-29 21:44:37,099 output: -# This script is called at AppVM boot if this AppVM has the qubes-firewall
2022-08-29 21:44:37,099 output: -# service enabled. It is executed after the empty chains for the Qubes firewall
2022-08-29 21:44:37,099 output: -# are created, but before rules for attached qubes are processed and inserted.
2022-08-29 21:44:37,099 output: -#
2022-08-29 21:44:37,099 output: -# It is a good place for custom rules and actions that should occur when the
2022-08-29 21:44:37,099 output: -# firewall service is started.
2022-08-29 21:44:37,099 output: -#
2022-08-29 21:44:37,099 output: -# Executable scripts located in /rw/config/qubes-firewall.d are executed
2022-08-29 21:44:37,099 output: -# immediately before this qubes-firewall-user-script.
2022-08-29 21:44:37,099 output: +# Accept traffic to VPN
2022-08-29 21:44:37,099 output: +iptables -P OUTPUT DROP
2022-08-29 21:44:37,099 output: +iptables -F OUTPUT
2022-08-29 21:44:37,099 output: +iptables -I OUTPUT -o lo -j ACCEPT
2022-08-29 21:44:37,099 output: +
2022-08-29 21:44:37,099 output: +# Add the `qvpn` group to system, if it doesn't already exist
2022-08-29 21:44:37,099 output: +if ! grep -q "^qvpn:" /etc/group ; then
2022-08-29 21:44:37,100 output: + groupadd -rf qvpn
2022-08-29 21:44:37,100 output: + sync
2022-08-29 21:44:37,100 output: +fi
2022-08-29 21:44:37,100 output: +sleep 2s
2022-08-29 21:44:37,100 output: +
2022-08-29 21:44:37,100 output: +# Block non-VPN traffic to clearnet
2022-08-29 21:44:37,100 output: +iptables -I OUTPUT -o eth0 -j DROP
2022-08-29 21:44:37,100 output: +# Allow traffic from the `qvpn` group to the uplink interface (eth0);
2022-08-29 21:44:37,100 output: +# Our VPN client will run with group `qvpn`.
2022-08-29 21:44:37,100 output: +iptables -I OUTPUT -p all -o eth0 -m owner --gid-owner qvpn -j ACCEPT
2022-08-29 21:44:37,100 output: +iptables -I OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
2022-08-29 21:44:37,100 output: ----------
2022-08-29 21:44:37,100 output: ID: /rw/config/vpn
2022-08-29 21:44:37,100 output: Function: file.directory
2022-08-29 21:44:37,100 output: Result: True
2022-08-29 21:44:37,100 output: Comment:
2022-08-29 21:44:37,100 output: Started: 21:44:36.293744
2022-08-29 21:44:37,100 output: Duration: 0.89 ms
2022-08-29 21:44:37,100 output: Changes:
2022-08-29 21:44:37,100 output: ----------
2022-08-29 21:44:37,100 output: /rw/config/vpn:
2022-08-29 21:44:37,100 output: ----------
2022-08-29 21:44:37,100 output: directory:
2022-08-29 21:44:37,101 output: new
2022-08-29 21:44:37,101 output: ----------
2022-08-29 21:44:37,101 output: ID: /rw/config/vpn/qubes-vpn-handler.sh
2022-08-29 21:44:37,101 output: Function: file.managed
2022-08-29 21:44:37,101 output: Result: True
2022-08-29 21:44:37,101 output: Comment: File /rw/config/vpn/qubes-vpn-handler.sh updated
2022-08-29 21:44:37,101 output: Started: 21:44:36.294719
2022-08-29 21:44:37,101 output: Duration: 3.471 ms
2022-08-29 21:44:37,101 output: Changes:
2022-08-29 21:44:37,101 output: ----------
2022-08-29 21:44:37,101 output: diff:
2022-08-29 21:44:37,101 output: New file
2022-08-29 21:44:37,101 output: mode:
2022-08-29 21:44:37,101 output: 0755
2022-08-29 21:44:37,101 output: ----------
2022-08-29 21:44:37,101 output: ID: /home/user/install.sh
2022-08-29 21:44:37,101 output: Function: file.managed
2022-08-29 21:44:37,101 output: Result: True
2022-08-29 21:44:37,101 output: Comment: File /home/user/install.sh updated
2022-08-29 21:44:37,101 output: Started: 21:44:36.298276
2022-08-29 21:44:37,101 output: Duration: 3.355 ms
2022-08-29 21:44:37,101 output: Changes:
2022-08-29 21:44:37,101 output: ----------
2022-08-29 21:44:37,101 output: group:
2022-08-29 21:44:37,102 output: root
2022-08-29 21:44:37,102 output: user:
2022-08-29 21:44:37,102 output: root
2022-08-29 21:44:37,102 output:
2022-08-29 21:44:37,102 output: Summary for sys-vpn
2022-08-29 21:44:37,102 output: ------------
2022-08-29 21:44:37,102 output: Succeeded: 5 (changed=5)
2022-08-29 21:44:37,102 output: Failed: 0
2022-08-29 21:44:37,102 output: ------------
2022-08-29 21:44:37,102 output: Total states run: 5
2022-08-29 21:44:37,102 output: Total run time: 48.825 ms
2022-08-29 21:44:37,102 exit code: 0
2022-09-07 21:21:09,987 calling 'state.apply openvpn.client_install'...
2022-09-07 21:21:44,749 output: sys-vpn:
2022-09-07 21:21:44,750 output: ----------
2022-09-07 21:21:44,750 output: ID: /rw/config/rc.local
2022-09-07 21:21:44,750 output: Function: file.managed
2022-09-07 21:21:44,750 output: Result: True
2022-09-07 21:21:44,750 output: Comment: File /rw/config/rc.local updated
2022-09-07 21:21:44,750 output: Started: 21:21:43.841045
2022-09-07 21:21:44,750 output: Duration: 95.324 ms
2022-09-07 21:21:44,750 output: Changes:
2022-09-07 21:21:44,750 output: ----------
2022-09-07 21:21:44,750 output: diff:
2022-09-07 21:21:44,750 output: ---
2022-09-07 21:21:44,750 output: +++
2022-09-07 21:21:44,750 output: @@ -1,10 +1,8 @@
2022-09-07 21:21:44,750 output: -#!/bin/sh
2022-09-07 21:21:44,750 output: +#!/bin/bash
2022-09-07 21:21:44,750 output: +systemctl unmask openvpn
2022-09-07 21:21:44,750 output: +VPN_CLIENT='openvpn'
2022-09-07 21:21:44,750 output: +VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon'
2022-09-07 21:21:44,751 output:
2022-09-07 21:21:44,751 output: -# This script will be executed at every VM startup, you can place your own
2022-09-07 21:21:44,751 output: -# custom commands here. This includes overriding some configuration in /etc,
2022-09-07 21:21:44,751 output: -# starting services etc.
2022-09-07 21:21:44,751 output: -
2022-09-07 21:21:44,751 output: -# Example for overriding the whole CUPS configuration:
2022-09-07 21:21:44,751 output: -# rm -rf /etc/cups
2022-09-07 21:21:44,751 output: -# ln -s /rw/config/cups /etc/cups
2022-09-07 21:21:44,751 output: -# systemctl --no-block restart cups
2022-09-07 21:21:44,751 output: +su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
2022-09-07 21:21:44,751 output: +groupadd -rf qvpn ; sleep 2s
2022-09-07 21:21:44,751 output: +sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"
2022-09-07 21:21:44,751 output: ----------
2022-09-07 21:21:44,751 output: ID: /rw/config/qubes-firewall-user-script
2022-09-07 21:21:44,751 output: Function: file.managed
2022-09-07 21:21:44,751 output: Result: True
2022-09-07 21:21:44,751 output: Comment: File /rw/config/qubes-firewall-user-script updated
2022-09-07 21:21:44,752 output: Started: 21:21:43.936552
2022-09-07 21:21:44,752 output: Duration: 5.987 ms
2022-09-07 21:21:44,752 output: Changes:
2022-09-07 21:21:44,752 output: ----------
2022-09-07 21:21:44,752 output: diff:
2022-09-07 21:21:44,752 output: ---
2022-09-07 21:21:44,752 output: +++
2022-09-07 21:21:44,752 output: @@ -1,11 +1,26 @@
2022-09-07 21:21:44,752 output: -#!/bin/sh
2022-09-07 21:21:44,752 output: +#!/bin/bash
2022-09-07 21:21:44,752 output: +# Block forwarding of connections through upstream network device
2022-09-07 21:21:44,752 output: +# (in case the vpn tunnel breaks):
2022-09-07 21:21:44,752 output: +iptables -I FORWARD -o eth0 -j DROP
2022-09-07 21:21:44,752 output: +iptables -I FORWARD -i eth0 -j DROP
2022-09-07 21:21:44,752 output: +ip6tables -I FORWARD -o eth0 -j DROP
2022-09-07 21:21:44,752 output: +ip6tables -I FORWARD -i eth0 -j DROP
2022-09-07 21:21:44,752 output:
2022-09-07 21:21:44,752 output: -# This script is called at AppVM boot if this AppVM has the qubes-firewall
2022-09-07 21:21:44,753 output: -# service enabled. It is executed after the empty chains for the Qubes firewall
2022-09-07 21:21:44,753 output: -# are created, but before rules for attached qubes are processed and inserted.
2022-09-07 21:21:44,753 output: -#
2022-09-07 21:21:44,753 output: -# It is a good place for custom rules and actions that should occur when the
2022-09-07 21:21:44,753 output: -# firewall service is started.
2022-09-07 21:21:44,753 output: -#
2022-09-07 21:21:44,753 output: -# Executable scripts located in /rw/config/qubes-firewall.d are executed
2022-09-07 21:21:44,753 output: -# immediately before this qubes-firewall-user-script.
2022-09-07 21:21:44,753 output: +# Accept traffic to VPN
2022-09-07 21:21:44,753 output: +iptables -P OUTPUT DROP
2022-09-07 21:21:44,753 output: +iptables -F OUTPUT
2022-09-07 21:21:44,753 output: +iptables -I OUTPUT -o lo -j ACCEPT
2022-09-07 21:21:44,753 output: +
2022-09-07 21:21:44,753 output: +# Add the `qvpn` group to system, if it doesn't already exist
2022-09-07 21:21:44,753 output: +if ! grep -q "^qvpn:" /etc/group ; then
2022-09-07 21:21:44,753 output: + groupadd -rf qvpn
2022-09-07 21:21:44,753 output: + sync
2022-09-07 21:21:44,753 output: +fi
2022-09-07 21:21:44,754 output: +sleep 2s
2022-09-07 21:21:44,754 output: +
2022-09-07 21:21:44,754 output: +# Block non-VPN traffic to clearnet
2022-09-07 21:21:44,754 output: +iptables -I OUTPUT -o eth0 -j DROP
2022-09-07 21:21:44,754 output: +# Allow traffic from the `qvpn` group to the uplink interface (eth0);
2022-09-07 21:21:44,754 output: +# Our VPN client will run with group `qvpn`.
2022-09-07 21:21:44,754 output: +iptables -I OUTPUT -p all -o eth0 -m owner --gid-owner qvpn -j ACCEPT
2022-09-07 21:21:44,754 output: +iptables -I OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
2022-09-07 21:21:44,754 output: ----------
2022-09-07 21:21:44,754 output: ID: /rw/config/vpn
2022-09-07 21:21:44,754 output: Function: file.directory
2022-09-07 21:21:44,754 output: Result: True
2022-09-07 21:21:44,754 output: Comment:
2022-09-07 21:21:44,754 output: Started: 21:21:43.942670
2022-09-07 21:21:44,754 output: Duration: 1.154 ms
2022-09-07 21:21:44,754 output: Changes:
2022-09-07 21:21:44,754 output: ----------
2022-09-07 21:21:44,754 output: /rw/config/vpn:
2022-09-07 21:21:44,755 output: ----------
2022-09-07 21:21:44,755 output: directory:
2022-09-07 21:21:44,755 output: new
2022-09-07 21:21:44,755 output: ----------
2022-09-07 21:21:44,755 output: ID: /rw/config/vpn/qubes-vpn-handler.sh
2022-09-07 21:21:44,755 output: Function: file.managed
2022-09-07 21:21:44,755 output: Result: True
2022-09-07 21:21:44,755 output: Comment: File /rw/config/vpn/qubes-vpn-handler.sh updated
2022-09-07 21:21:44,755 output: Started: 21:21:43.943950
2022-09-07 21:21:44,755 output: Duration: 4.857 ms
2022-09-07 21:21:44,755 output: Changes:
2022-09-07 21:21:44,755 output: ----------
2022-09-07 21:21:44,755 output: diff:
2022-09-07 21:21:44,755 output: New file
2022-09-07 21:21:44,755 output: mode:
2022-09-07 21:21:44,755 output: 0755
2022-09-07 21:21:44,755 output: ----------
2022-09-07 21:21:44,755 output: ID: /home/user/install.sh
2022-09-07 21:21:44,756 output: Function: file.managed
2022-09-07 21:21:44,756 output: Result: True
2022-09-07 21:21:44,756 output: Comment: File /home/user/install.sh updated
2022-09-07 21:21:44,756 output: Started: 21:21:43.948918
2022-09-07 21:21:44,756 output: Duration: 4.386 ms
2022-09-07 21:21:44,756 output: Changes:
2022-09-07 21:21:44,756 output: ----------
2022-09-07 21:21:44,756 output: diff:
2022-09-07 21:21:44,756 output: New file
2022-09-07 21:21:44,756 output: mode:
2022-09-07 21:21:44,756 output: 0755
2022-09-07 21:21:44,756 output:
2022-09-07 21:21:44,756 output: Summary for sys-vpn
2022-09-07 21:21:44,756 output: ------------
2022-09-07 21:21:44,756 output: Succeeded: 5 (changed=5)
2022-09-07 21:21:44,756 output: Failed: 0
2022-09-07 21:21:44,756 output: ------------
2022-09-07 21:21:44,756 output: Total states run: 5
2022-09-07 21:21:44,757 output: Total run time: 111.708 ms
2022-09-07 21:21:44,757 exit code: 0
2022-09-08 21:00:49,972 calling 'state.apply openvpn.client_install'...
2022-09-08 21:01:21,610 output: sys-vpn:
2022-09-08 21:01:21,610 output: ----------
2022-09-08 21:01:21,611 output: ID: /rw/config/rc.local
2022-09-08 21:01:21,611 output: Function: file.managed
2022-09-08 21:01:21,611 output: Result: True
2022-09-08 21:01:21,611 output: Comment: File /rw/config/rc.local updated
2022-09-08 21:01:21,611 output: Started: 21:01:20.755517
2022-09-08 21:01:21,611 output: Duration: 85.757 ms
2022-09-08 21:01:21,611 output: Changes:
2022-09-08 21:01:21,611 output: ----------
2022-09-08 21:01:21,611 output: diff:
2022-09-08 21:01:21,611 output: ---
2022-09-08 21:01:21,611 output: +++
2022-09-08 21:01:21,611 output: @@ -1,10 +1,8 @@
2022-09-08 21:01:21,611 output: -#!/bin/sh
2022-09-08 21:01:21,611 output: +#!/bin/bash
2022-09-08 21:01:21,611 output: +systemctl unmask openvpn
2022-09-08 21:01:21,611 output: +VPN_CLIENT='openvpn'
2022-09-08 21:01:21,611 output: +VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon'
2022-09-08 21:01:21,611 output:
2022-09-08 21:01:21,611 output: -# This script will be executed at every VM startup, you can place your own
2022-09-08 21:01:21,611 output: -# custom commands here. This includes overriding some configuration in /etc,
2022-09-08 21:01:21,611 output: -# starting services etc.
2022-09-08 21:01:21,611 output: -
2022-09-08 21:01:21,611 output: -# Example for overriding the whole CUPS configuration:
2022-09-08 21:01:21,611 output: -# rm -rf /etc/cups
2022-09-08 21:01:21,612 output: -# ln -s /rw/config/cups /etc/cups
2022-09-08 21:01:21,612 output: -# systemctl --no-block restart cups
2022-09-08 21:01:21,612 output: +su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
2022-09-08 21:01:21,612 output: +groupadd -rf qvpn ; sleep 2s
2022-09-08 21:01:21,612 output: +sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"
2022-09-08 21:01:21,612 output: ----------
2022-09-08 21:01:21,612 output: ID: /rw/config/qubes-firewall-user-script
2022-09-08 21:01:21,612 output: Function: file.managed
2022-09-08 21:01:21,612 output: Result: True
2022-09-08 21:01:21,612 output: Comment: File /rw/config/qubes-firewall-user-script updated
2022-09-08 21:01:21,612 output: Started: 21:01:20.841434
2022-09-08 21:01:21,612 output: Duration: 4.52 ms
2022-09-08 21:01:21,612 output: Changes:
Changes
2022-09-08 21:01:21,612 output: Changes:
2022-09-08 21:01:21,612 output: ----------
2022-09-08 21:01:21,612 output: diff:
2022-09-08 21:01:21,612 output: —
2022-09-08 21:01:21,612 output: +++
2022-09-08 21:01:21,612 output: @@ -1,11 +1,26 @@
2022-09-08 21:01:21,612 output: -#!/bin/sh
2022-09-08 21:01:21,612 output: +#!/bin/bash
2022-09-08 21:01:21,612 output: +# Block forwarding of connections through upstream network device
2022-09-08 21:01:21,612 output: +# (in case the vpn tunnel breaks):
2022-09-08 21:01:21,612 output: +iptables -I FORWARD -o eth0 -j DROP
2022-09-08 21:01:21,612 output: +iptables -I FORWARD -i eth0 -j DROP
2022-09-08 21:01:21,612 output: +ip6tables -I FORWARD -o eth0 -j DROP
2022-09-08 21:01:21,613 output: +ip6tables -I FORWARD -i eth0 -j DROP
2022-09-08 21:01:21,613 output:
2022-09-08 21:01:21,613 output: -# This script is called at AppVM boot if this AppVM has the qubes-firewall
2022-09-08 21:01:21,613 output: -# service enabled. It is executed after the empty chains for the Qubes firewall
2022-09-08 21:01:21,613 output: -# are created, but before rules for attached qubes are processed and inserted.
2022-09-08 21:01:21,613 output: -#
2022-09-08 21:01:21,613 output: -# It is a good place for custom rules and actions that should occur when the
2022-09-08 21:01:21,613 output: -# firewall service is started.
2022-09-08 21:01:21,613 output: -#
2022-09-08 21:01:21,613 output: -# Executable scripts located in /rw/config/qubes-firewall.d are executed
2022-09-08 21:01:21,613 output: -# immediately before this qubes-firewall-user-script.
2022-09-08 21:01:21,613 output: +# Accept traffic to VPN
2022-09-08 21:01:21,613 output: +iptables -P OUTPUT DROP
2022-09-08 21:01:21,613 output: +iptables -F OUTPUT
2022-09-08 21:01:21,613 output: +iptables -I OUTPUT -o lo -j ACCEPT
2022-09-08 21:01:21,613 output: +
2022-09-08 21:01:21,613 output: +# Add the qvpn group to system, if it doesn’t already exist
2022-09-08 21:01:21,613 output: +if ! grep -q “^qvpn:” /etc/group ; then
2022-09-08 21:01:21,613 output: + groupadd -rf qvpn
2022-09-08 21:01:21,613 output: + sync
2022-09-08 21:01:21,613 output: +fi
2022-09-08 21:01:21,613 output: +sleep 2s
2022-09-08 21:01:21,613 output: +
2022-09-08 21:01:21,613 output: +# Block non-VPN traffic to clearnet
2022-09-08 21:01:21,613 output: +iptables -I OUTPUT -o eth0 -j DROP
2022-09-08 21:01:21,614 output: +# Allow traffic from the qvpn group to the uplink interface (eth0);
2022-09-08 21:01:21,614 output: +# Our VPN client will run with group qvpn.
2022-09-08 21:01:21,614 output: +iptables -I OUTPUT -p all -o eth0 -m owner --gid-owner qvpn -j ACCEPT
2022-09-08 21:01:21,614 output: +iptables -I OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
2022-09-08 21:01:21,614 output: ----------
2022-09-08 21:01:21,614 output: ID: /rw/config/vpn
2022-09-08 21:01:21,614 output: Function: file.directory
2022-09-08 21:01:21,614 output: Result: True
2022-09-08 21:01:21,614 output: Comment:
2022-09-08 21:01:21,614 output: Started: 21:01:20.846046
2022-09-08 21:01:21,614 output: Duration: 0.845 ms
2022-09-08 21:01:21,614 output: Changes:
2022-09-08 21:01:21,614 output: ----------
2022-09-08 21:01:21,614 output: /rw/config/vpn:
2022-09-08 21:01:21,614 output: ----------
2022-09-08 21:01:21,614 output: directory:
2022-09-08 21:01:21,614 output: new
2022-09-08 21:01:21,614 output: ----------
2022-09-08 21:01:21,614 output: ID: /rw/config/vpn/qubes-vpn-handler.sh
2022-09-08 21:01:21,614 output: Function: file.managed
2022-09-08 21:01:21,614 output: Result: True
2022-09-08 21:01:21,614 output: Comment: File /rw/config/vpn/qubes-vpn-handler.sh updated
2022-09-08 21:01:21,614 output: Started: 21:01:20.846971
2022-09-08 21:01:21,614 output: Duration: 3.28 ms
2022-09-08 21:01:21,615 output: Changes:
2022-09-08 21:01:21,615 output: ----------
2022-09-08 21:01:21,615 output: diff:
2022-09-08 21:01:21,615 output: New file
2022-09-08 21:01:21,615 output: mode:
2022-09-08 21:01:21,615 output: 0755
2022-09-08 21:01:21,615 output: ----------
2022-09-08 21:01:21,615 output: ID: /home/user/install.sh
2022-09-08 21:01:21,615 output: Function: file.managed
2022-09-08 21:01:21,615 output: Result: True
2022-09-08 21:01:21,615 output: Comment: File /home/user/install.sh updated
2022-09-08 21:01:21,615 output: Started: 21:01:20.850340
2022-09-08 21:01:21,615 output: Duration: 3.307 ms
2022-09-08 21:01:21,615 output: Changes:
2022-09-08 21:01:21,615 output: ----------
2022-09-08 21:01:21,615 output: diff:
2022-09-08 21:01:21,615 output: New file
2022-09-08 21:01:21,615 output: mode:
2022-09-08 21:01:21,615 output: 0755
2022-09-08 21:01:21,615 output:
2022-09-08 21:01:21,615 output: Summary for sys-vpn
2022-09-08 21:01:21,615 output: ------------
2022-09-08 21:01:21,615 output: Succeeded: 5 (changed=5)
2022-09-08 21:01:21,615 output: Failed: 0
2022-09-08 21:01:21,615 output: ------------
2022-09-08 21:01:21,616 output: Total states run: 5
2022-09-08 21:01:21,616 output: Total run time: 97.709 ms
2022-09-08 21:01:21,616 exit code: 0
2022-09-11 18:36:34,706 calling ‘state.apply openvpn.client_install’…
2022-09-11 18:37:06,129 output: sys-vpn:
2022-09-11 18:37:06,129 output: ----------
2022-09-11 18:37:06,129 output: ID: /rw/config/rc.local
2022-09-11 18:37:06,129 output: Function: file.managed
2022-09-11 18:37:06,129 output: Result: True
2022-09-11 18:37:06,130 output: Comment: File /rw/config/rc.local updated
2022-09-11 18:37:06,130 output: Started: 18:37:05.294216
2022-09-11 18:37:06,130 output: Duration: 90.252 ms
2022-09-11 18:37:06,130 output: Changes:
2022-09-11 18:37:06,130 output: ----------
2022-09-11 18:37:06,130 output: diff:
2022-09-11 18:37:06,130 output: —
2022-09-11 18:37:06,130 output: +++
2022-09-11 18:37:06,130 output: @@ -1,10 +1,8 @@
2022-09-11 18:37:06,130 output: -#!/bin/sh
2022-09-11 18:37:06,130 output: +#!/bin/bash
2022-09-11 18:37:06,130 output: +systemctl unmask openvpn
2022-09-11 18:37:06,130 output: +VPN_CLIENT=‘openvpn’
2022-09-11 18:37:06,130 output: +VPN_OPTIONS=’–cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon’
2022-09-11 18:37:06,130 output:
2022-09-11 18:37:06,130 output: -# This script will be executed at every VM startup, you can place your own
2022-09-11 18:37:06,130 output: -# custom commands here. This includes overriding some configuration in /etc,
2022-09-11 18:37:06,130 output: -# starting services etc.
2022-09-11 18:37:06,130 output: -
2022-09-11 18:37:06,131 output: -# Example for overriding the whole CUPS configuration:
2022-09-11 18:37:06,131 output: -# rm -rf /etc/cups
2022-09-11 18:37:06,131 output: -# ln -s /rw/config/cups /etc/cups
2022-09-11 18:37:06,131 output: -# systemctl --no-block restart cups
2022-09-11 18:37:06,131 output: +su - -c ‘notify-send “$(hostname): Starting $VPN_CLIENT…” --icon=network-idle’ user
2022-09-11 18:37:06,131 output: +groupadd -rf qvpn ; sleep 2s
2022-09-11 18:37:06,131 output: +sg qvpn -c “$VPN_CLIENT $VPN_OPTIONS”
2022-09-11 18:37:06,131 output: ----------
2022-09-11 18:37:06,131 output: ID: /rw/config/qubes-firewall-user-script
2022-09-11 18:37:06,131 output: Function: file.managed
2022-09-11 18:37:06,131 output: Result: True
2022-09-11 18:37:06,131 output: Comment: File /rw/config/qubes-firewall-user-script updated
2022-09-11 18:37:06,131 output: Started: 18:37:05.384592
2022-09-11 18:37:06,131 output: Duration: 4.47 ms
2022-09-11 18:37:06,131 output: Changes:
2022-09-11 18:37:06,131 output: ----------
2022-09-11 18:37:06,131 output: diff:
2022-09-11 18:37:06,132 output: —
2022-09-11 18:37:06,132 output: +++
2022-09-11 18:37:06,132 output: @@ -1,11 +1,26 @@
2022-09-11 18:37:06,132 output: -#!/bin/sh
2022-09-11 18:37:06,132 output: +#!/bin/bash
2022-09-11 18:37:06,132 output: +# Block forwarding of connections through upstream network device
2022-09-11 18:37:06,132 output: +# (in case the vpn tunnel breaks):
2022-09-11 18:37:06,132 output: +iptables -I FORWARD -o eth0 -j DROP
2022-09-11 18:37:06,132 output: +iptables -I FORWARD -i eth0 -j DROP
2022-09-11 18:37:06,132 output: +ip6tables -I FORWARD -o eth0 -j DROP
2022-09-11 18:37:06,132 output: +ip6tables -I FORWARD -i eth0 -j DROP
2022-09-11 18:37:06,132 output:
2022-09-11 18:37:06,132 output: -# This script is called at AppVM boot if this AppVM has the qubes-firewall
2022-09-11 18:37:06,132 output: -# service enabled. It is executed after the empty chains for the Qubes firewall
2022-09-11 18:37:06,132 output: -# are created, but before rules for attached qubes are processed and inserted.
2022-09-11 18:37:06,132 output: -#
2022-09-11 18:37:06,132 output: -# It is a good place for custom rules and actions that should occur when the
2022-09-11 18:37:06,132 output: -# firewall service is started.
2022-09-11 18:37:06,132 output: -#
2022-09-11 18:37:06,133 output: -# Executable scripts located in /rw/config/qubes-firewall.d are executed
2022-09-11 18:37:06,133 output: -# immediately before this qubes-firewall-user-script.
2022-09-11 18:37:06,133 output: +# Accept traffic to VPN
2022-09-11 18:37:06,133 output: +iptables -P OUTPUT DROP
2022-09-11 18:37:06,133 output: +iptables -F OUTPUT
2022-09-11 18:37:06,133 output: +iptables -I OUTPUT -o lo -j ACCEPT
2022-09-11 18:37:06,133 output: +
2022-09-11 18:37:06,133 output: +# Add the qvpn group to system, if it doesn’t already exist
2022-09-11 18:37:06,133 output: +if ! grep -q “^qvpn:” /etc/group ; then
2022-09-11 18:37:06,133 output: + groupadd -rf qvpn
2022-09-11 18:37:06,133 output: + sync
2022-09-11 18:37:06,133 output: +fi
2022-09-11 18:37:06,133 output: +sleep 2s
2022-09-11 18:37:06,133 output: +
2022-09-11 18:37:06,133 output: +# Block non-VPN traffic to clearnet
2022-09-11 18:37:06,133 output: +iptables -I OUTPUT -o eth0 -j DROP
2022-09-11 18:37:06,133 output: +# Allow traffic from the qvpn group to the uplink interface (eth0);
2022-09-11 18:37:06,133 output: +# Our VPN client will run with group qvpn.
2022-09-11 18:37:06,133 output: +iptables -I OUTPUT -p all -o eth0 -m owner --gid-owner qvpn -j ACCEPT
2022-09-11 18:37:06,133 output: +iptables -I OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
2022-09-11 18:37:06,133 output: ----------
2022-09-11 18:37:06,134 output: ID: /rw/config/vpn
2022-09-11 18:37:06,134 output: Function: file.directory
2022-09-11 18:37:06,134 output: Result: True
2022-09-11 18:37:06,134 output: Comment:
2022-09-11 18:37:06,134 output: Started: 18:37:05.389159
2022-09-11 18:37:06,134 output: Duration: 0.889 ms
2022-09-11 18:37:06,134 output: Changes:
2022-09-11 18:37:06,134 output: ----------
2022-09-11 18:37:06,134 output: /rw/config/vpn:
2022-09-11 18:37:06,134 output: ----------
2022-09-11 18:37:06,134 output: directory:
2022-09-11 18:37:06,134 output: new
2022-09-11 18:37:06,134 output: ----------
2022-09-11 18:37:06,134 output: ID: /rw/config/vpn/qubes-vpn-handler.sh
2022-09-11 18:37:06,134 output: Function: file.managed
2022-09-11 18:37:06,134 output: Result: True
2022-09-11 18:37:06,134 output: Comment: File /rw/config/vpn/qubes-vpn-handler.sh updated
2022-09-11 18:37:06,134 output: Started: 18:37:05.390141
2022-09-11 18:37:06,134 output: Duration: 5.464 ms
2022-09-11 18:37:06,134 output: Changes:
2022-09-11 18:37:06,134 output: ----------
2022-09-11 18:37:06,134 output: diff:
2022-09-11 18:37:06,135 output: New file
2022-09-11 18:37:06,135 output: mode:
2022-09-11 18:37:06,135 output: 0755
2022-09-11 18:37:06,135 output: ----------
2022-09-11 18:37:06,135 output: ID: /home/user/install.sh
2022-09-11 18:37:06,135 output: Function: file.managed
2022-09-11 18:37:06,135 output: Result: True
2022-09-11 18:37:06,135 output: Comment: File /home/user/install.sh updated
2022-09-11 18:37:06,135 output: Started: 18:37:05.395745
2022-09-11 18:37:06,135 output: Duration: 4.172 ms
2022-09-11 18:37:06,135 output: Changes:
2022-09-11 18:37:06,135 output: ----------
2022-09-11 18:37:06,135 output: diff:
2022-09-11 18:37:06,135 output: New file
2022-09-11 18:37:06,135 output: mode:
2022-09-11 18:37:06,135 output: 0755
2022-09-11 18:37:06,135 output:
2022-09-11 18:37:06,135 output: Summary for sys-vpn
2022-09-11 18:37:06,135 output: ------------
2022-09-11 18:37:06,135 output: Succeeded: 5 (changed=5)
2022-09-11 18:37:06,135 output: Failed: 0
2022-09-11 18:37:06,135 output: ------------
2022-09-11 18:37:06,135 output: Total states run: 5
2022-09-11 18:37:06,136 output: Total run time: 105.247 ms
2022-09-11 18:37:06,136 exit code: 0
2022-09-17 10:49:01,227 calling ‘state.apply openvpn.client_install’…
2022-09-17 10:50:04,213 output: sys-vpn:
2022-09-17 10:50:04,214 output: ----------
2022-09-17 10:50:04,214 output: ID: /rw/config/rc.local
2022-09-17 10:50:04,215 output: Function: file.managed
2022-09-17 10:50:04,215 output: Result: True
2022-09-17 10:50:04,215 output: Comment: File /rw/config/rc.local updated
2022-09-17 10:50:04,215 output: Started: 10:50:02.791617
2022-09-17 10:50:04,215 output: Duration: 85.887 ms
2022-09-17 10:50:04,215 output: Changes:
2022-09-17 10:50:04,216 output: ----------
2022-09-17 10:50:04,216 output: diff:
2022-09-17 10:50:04,216 output: —
2022-09-17 10:50:04,216 output: +++
2022-09-17 10:50:04,216 output: @@ -1,10 +1,8 @@
2022-09-17 10:50:04,216 output: -#!/bin/sh
2022-09-17 10:50:04,217 output: +#!/bin/bash
2022-09-17 10:50:04,217 output: +systemctl unmask openvpn
2022-09-17 10:50:04,217 output: +VPN_CLIENT=‘openvpn’
2022-09-17 10:50:04,217 output: +VPN_OPTIONS=’–cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon’
2022-09-17 10:50:04,217 output:
2022-09-17 10:50:04,217 output: -# This script will be executed at every VM startup, you can place your own
2022-09-17 10:50:04,218 output: -# custom commands here. This includes overriding some configuration in /etc,
2022-09-17 10:50:04,218 output: -# starting services etc.
2022-09-17 10:50:04,218 output: -
2022-09-17 10:50:04,218 output: -# Example for overriding the whole CUPS configuration:
2022-09-17 10:50:04,218 output: -# rm -rf /etc/cups
2022-09-17 10:50:04,218 output: -# ln -s /rw/config/cups /etc/cups
2022-09-17 10:50:04,218 output: -# systemctl --no-block restart cups
2022-09-17 10:50:04,218 output: +su - -c ‘notify-send “$(hostname): Starting $VPN_CLIENT…” --icon=network-idle’ user
2022-09-17 10:50:04,218 output: +groupadd -rf qvpn ; sleep 2s
2022-09-17 10:50:04,218 output: +sg qvpn -c “$VPN_CLIENT $VPN_OPTIONS”
2022-09-17 10:50:04,219 output: ----------
2022-09-17 10:50:04,219 output: ID: /rw/config/qubes-firewall-user-script
2022-09-17 10:50:04,219 output: Function: file.managed
2022-09-17 10:50:04,219 output: Result: True
2022-09-17 10:50:04,219 output: Comment: File /rw/config/qubes-firewall-user-script updated
2022-09-17 10:50:04,219 output: Started: 10:50:02.877612
2022-09-17 10:50:04,219 output: Duration: 4.443 ms
2022-09-17 10:50:04,220 output: Changes:
2022-09-17 10:50:04,220 output: ----------
2022-09-17 10:50:04,220 output: diff:
2022-09-17 10:50:04,220 output: —
2022-09-17 10:50:04,220 output: +++
2022-09-17 10:50:04,220 output: @@ -1,11 +1,26 @@
2022-09-17 10:50:04,220 output: -#!/bin/sh
2022-09-17 10:50:04,220 output: +#!/bin/bash
2022-09-17 10:50:04,221 output: +# Block forwarding of connections through upstream network device
2022-09-17 10:50:04,221 output: +# (in case the vpn tunnel breaks):
2022-09-17 10:50:04,221 output: +iptables -I FORWARD -o eth0 -j DROP
2022-09-17 10:50:04,221 output: +iptables -I FORWARD -i eth0 -j DROP
2022-09-17 10:50:04,221 output: +ip6tables -I FORWARD -o eth0 -j DROP
2022-09-17 10:50:04,221 output: +ip6tables -I FORWARD -i eth0 -j DROP
2022-09-17 10:50:04,221 output:
2022-09-17 10:50:04,221 output: -# This script is called at AppVM boot if this AppVM has the qubes-firewall
2022-09-17 10:50:04,221 output: -# service enabled. It is executed after the empty chains for the Qubes firewall
2022-09-17 10:50:04,221 output: -# are created, but before rules for attached qubes are processed and inserted.
2022-09-17 10:50:04,222 output: -#
2022-09-17 10:50:04,222 output: -# It is a good place for custom rules and actions that should occur when the
2022-09-17 10:50:04,222 output: -# firewall service is started.
2022-09-17 10:50:04,222 output: -#
2022-09-17 10:50:04,222 output: -# Executable scripts located in /rw/config/qubes-firewall.d are executed
2022-09-17 10:50:04,222 output: -# immediately before this qubes-firewall-user-script.
2022-09-17 10:50:04,222 output: +# Accept traffic to VPN
2022-09-17 10:50:04,222 output: +iptables -P OUTPUT DROP
2022-09-17 10:50:04,222 output: +iptables -F OUTPUT
2022-09-17 10:50:04,222 output: +iptables -I OUTPUT -o lo -j ACCEPT
2022-09-17 10:50:04,223 output: +
2022-09-17 10:50:04,223 output: +# Add the qvpn group to system, if it doesn’t already exist
2022-09-17 10:50:04,223 output: +if ! grep -q “^qvpn:” /etc/group ; then
2022-09-17 10:50:04,223 output: + groupadd -rf qvpn
2022-09-17 10:50:04,223 output: + sync
2022-09-17 10:50:04,223 output: +fi
2022-09-17 10:50:04,223 output: +sleep 2s
2022-09-17 10:50:04,223 output: +
2022-09-17 10:50:04,223 output: +# Block non-VPN traffic to clearnet
2022-09-17 10:50:04,223 output: +iptables -I OUTPUT -o eth0 -j DROP
2022-09-17 10:50:04,223 output: +# Allow traffic from the qvpn group to the uplink interface (eth0);
2022-09-17 10:50:04,223 output: +# Our VPN client will run with group qvpn.
2022-09-17 10:50:04,223 output: +iptables -I OUTPUT -p all -o eth0 -m owner --gid-owner qvpn -j ACCEPT
2022-09-17 10:50:04,224 output: +iptables -I OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
2022-09-17 10:50:04,224 output: ----------
2022-09-17 10:50:04,224 output: ID: /rw/config/vpn
2022-09-17 10:50:04,224 output: Function: file.directory
2022-09-17 10:50:04,224 output: Result: True
2022-09-17 10:50:04,224 output: Comment:
2022-09-17 10:50:04,224 output: Started: 10:50:02.882140
2022-09-17 10:50:04,224 output: Duration: 0.771 ms
2022-09-17 10:50:04,224 output: Changes:
2022-09-17 10:50:04,224 output: ----------
2022-09-17 10:50:04,224 output: /rw/config/vpn:
2022-09-17 10:50:04,224 output: ----------
2022-09-17 10:50:04,225 output: directory:
2022-09-17 10:50:04,225 output: new
2022-09-17 10:50:04,225 output: ----------
2022-09-17 10:50:04,225 output: ID: /rw/config/vpn/qubes-vpn-handler.sh
2022-09-17 10:50:04,225 output: Function: file.managed
2022-09-17 10:50:04,225 output: Result: True
2022-09-17 10:50:04,225 output: Comment: File /rw/config/vpn/qubes-vpn-handler.sh updated
2022-09-17 10:50:04,225 output: Started: 10:50:02.882994
2022-09-17 10:50:04,225 output: Duration: 3.296 ms
2022-09-17 10:50:04,225 output: Changes:
2022-09-17 10:50:04,225 output: ----------
2022-09-17 10:50:04,225 output: diff:
2022-09-17 10:50:04,225 output: New file
2022-09-17 10:50:04,226 output: mode:
2022-09-17 10:50:04,226 output: 0755
2022-09-17 10:50:04,226 output: ----------
2022-09-17 10:50:04,226 output: ID: /home/user/install.sh
2022-09-17 10:50:04,226 output: Function: file.managed
2022-09-17 10:50:04,226 output: Result: True
2022-09-17 10:50:04,226 output: Comment: File /home/user/install.sh updated
2022-09-17 10:50:04,226 output: Started: 10:50:02.886372
2022-09-17 10:50:04,226 output: Duration: 3.393 ms
2022-09-17 10:50:04,226 output: Changes:
2022-09-17 10:50:04,226 output: ----------
2022-09-17 10:50:04,226 output: diff:
2022-09-17 10:50:04,226 output: New file
2022-09-17 10:50:04,227 output: mode:
2022-09-17 10:50:04,227 output: 0755
2022-09-17 10:50:04,227 output:
2022-09-17 10:50:04,227 output: Summary for sys-vpn
2022-09-17 10:50:04,227 output: ------------
2022-09-17 10:50:04,227 output: Succeeded: 5 (changed=5)
2022-09-17 10:50:04,227 output: Failed: 0
2022-09-17 10:50:04,227 output: ------------
2022-09-17 10:50:04,227 output: Total states run: 5
2022-09-17 10:50:04,227 output: Total run time: 97.790 ms
2022-09-17 10:50:04,227 exit code: 0
'state.apply openvpn.install'...
2022-08-29 21:43:50,630 output: template-openvpn:
2022-08-29 21:43:50,632 output: ----------
2022-08-29 21:43:50,632 output: ID: /etc/apt/sources.list
2022-08-29 21:43:50,632 output: Function: file.replace
2022-08-29 21:43:50,632 output: Result: True
2022-08-29 21:43:50,632 output: Comment: Changes were made
2022-08-29 21:43:50,633 output: Started: 21:43:46.035587
2022-08-29 21:43:50,633 output: Duration: 6.86 ms
2022-08-29 21:43:50,633 output: Changes:
2022-08-29 21:43:50,633 output: ----------
2022-08-29 21:43:50,633 output: diff:
2022-08-29 21:43:50,633 output: ---
2022-08-29 21:43:50,634 output: +++
2022-08-29 21:43:50,634 output: @@ -1,6 +1,6 @@
2022-08-29 21:43:50,634 output: -deb https://deb.debian.org/debian bullseye main contrib non-free
2022-08-29 21:43:50,634 output: -#deb-src https://deb.debian.org/debian bullseye main contrib non-free
2022-08-29 21:43:50,634 output: +deb http://HTTPS///deb.debian.org/debian bullseye main contrib non-free
2022-08-29 21:43:50,634 output: +#deb-src http://HTTPS///deb.debian.org/debian bullseye main contrib non-free
2022-08-29 21:43:50,635 output:
2022-08-29 21:43:50,635 output: -deb https://deb.debian.org/debian-security bullseye-security main contrib non-free
2022-08-29 21:43:50,635 output: -#deb-src https://deb.debian.org/debian-security bullseye-security main contrib non-free
2022-08-29 21:43:50,635 output: +deb http://HTTPS///deb.debian.org/debian-security bullseye-security main contrib non-free
2022-08-29 21:43:50,635 output: +#deb-src http://HTTPS///deb.debian.org/debian-security bullseye-security main contrib non-free
2022-08-29 21:43:50,636 output: ----------
2022-08-29 21:43:50,636 output: ID: /etc/apt/sources.list
2022-08-29 21:43:50,636 output: Function: file.replace
2022-08-29 21:43:50,636 output: Name: /etc/apt/sources.list.d/qubes-r4.list
2022-08-29 21:43:50,636 output: Result: True
2022-08-29 21:43:50,636 output: Comment: Changes were made
2022-08-29 21:43:50,637 output: Started: 21:43:46.042543
2022-08-29 21:43:50,637 output: Duration: 2.472 ms
2022-08-29 21:43:50,637 output: Changes:
2022-08-29 21:43:50,637 output: ----------
2022-08-29 21:43:50,637 output: diff:
2022-08-29 21:43:50,637 output: ---
2022-08-29 21:43:50,638 output: +++
2022-08-29 21:43:50,638 output: @@ -1,18 +1,18 @@
2022-08-29 21:43:50,638 output: # Main qubes updates repository
2022-08-29 21:43:50,638 output: -deb [arch=amd64] https://deb.qubes-os.org/r4.1/vm bullseye main
2022-08-29 21:43:50,638 output: -#deb-src https://deb.qubes-os.org/r4.1/vm bullseye main
2022-08-29 21:43:50,638 output: +deb [arch=amd64] http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye main
2022-08-29 21:43:50,639 output: +#deb-src http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye main
2022-08-29 21:43:50,639 output:
2022-08-29 21:43:50,639 output: # Qubes updates candidates repository
2022-08-29 21:43:50,639 output: -#deb [arch=amd64] https://deb.qubes-os.org/r4.1/vm bullseye-testing main
2022-08-29 21:43:50,639 output: -#deb-src https://deb.qubes-os.org/r4.1/vm bullseye-testing main
2022-08-29 21:43:50,640 output: +#deb [arch=amd64] http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye-testing main
2022-08-29 21:43:50,640 output: +#deb-src http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye-testing main
2022-08-29 21:43:50,640 output:
2022-08-29 21:43:50,640 output: # Qubes security updates testing repository
2022-08-29 21:43:50,640 output: -#deb [arch=amd64] https://deb.qubes-os.org/r4.1/vm bullseye-securitytesting main
2022-08-29 21:43:50,640 output: -#deb-src https://deb.qubes-os.org/r4.1/vm bullseye-securitytesting main
2022-08-29 21:43:50,641 output: +#deb [arch=amd64] http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye-securitytesting main
2022-08-29 21:43:50,641 output: +#deb-src http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye-securitytesting main
2022-08-29 21:43:50,641 output:
2022-08-29 21:43:50,641 output: # Qubes experimental/unstable repository
2022-08-29 21:43:50,641 output: -#deb [arch=amd64] https://deb.qubes-os.org/r4.1/vm bullseye-unstable main
2022-08-29 21:43:50,641 output: -#deb-src https://deb.qubes-os.org/r4.1/vm bullseye-unstable main
2022-08-29 21:43:50,642 output: +#deb [arch=amd64] http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye-unstable main
2022-08-29 21:43:50,642 output: +#deb-src http://HTTPS///deb.qubes-os.org/r4.1/vm bullseye-unstable main
2022-08-29 21:43:50,642 output:
2022-08-29 21:43:50,642 output:
2022-08-29 21:43:50,642 output: # Qubes Tor updates repositories
2022-08-29 21:43:50,642 output: ----------
2022-08-29 21:43:50,643 output: ID: vpn_update
2022-08-29 21:43:50,643 output: Function: pkg.uptodate
2022-08-29 21:43:50,643 output: Result: True
2022-08-29 21:43:50,643 output: Comment: System is already up-to-date
2022-08-29 21:43:50,643 output: Started: 21:43:46.687054
2022-08-29 21:43:50,643 output: Duration: 1405.968 ms
2022-08-29 21:43:50,644 output: Changes:
2022-08-29 21:43:50,644 output: ----------
2022-08-29 21:43:50,644 output: ID: installed
2022-08-29 21:43:50,644 output: Function: pkg.installed
2022-08-29 21:43:50,644 output: Result: False
2022-08-29 21:43:50,644 output: Comment: Problem encountered installing package(s). Additional info follows:
2022-08-29 21:43:50,645 output:
2022-08-29 21:43:50,645 output: errors:
2022-08-29 21:43:50,645 output: - Running scope as unit: run-rbf59be2387cf477baa1c116244f4b75b.scope
2022-08-29 21:43:50,645 output: E: Package 'qubes-core-agent-networking' has no installation candidate
2022-08-29 21:43:50,645 output: E: Unable to locate package qubes-core-agent-passwordless-root
2022-08-29 21:43:50,645 output: E: Package 'libnotify-bin' has no installation candidate
2022-08-29 21:43:50,646 output: E: Package 'mate-notification-daemon' has no installation candidate
2022-08-29 21:43:50,646 output: E: Unable to locate package openvpn
2022-08-29 21:43:50,646 output: E: Unable to locate package unzip
2022-08-29 21:43:50,646 output: E: Unable to locate package zenity
2022-08-29 21:43:50,646 output: Started: 21:43:48.099972
2022-08-29 21:43:50,646 output: Duration: 1458.509 ms
2022-08-29 21:43:50,647 output: Changes:
2022-08-29 21:43:50,647 output: ----------
2022-08-29 21:43:50,647 output: ID: systemd-disable
2022-08-29 21:43:50,647 output: Function: cmd.run
2022-08-29 21:43:50,647 output: Name: systemctl disable openvpn-client@.service
2022-08-29 21:43:50,647 output: Result: False
2022-08-29 21:43:50,648 output: Comment: Command "systemctl disable openvpn-client@.service" run
2022-08-29 21:43:50,648 output: Started: 21:43:49.564495
2022-08-29 21:43:50,648 output: Duration: 13.138 ms
2022-08-29 21:43:50,648 output: Changes:
2022-08-29 21:43:50,648 output: ----------
2022-08-29 21:43:50,648 output: pid:
2022-08-29 21:43:50,649 output: 889
2022-08-29 21:43:50,649 output: retcode:
2022-08-29 21:43:50,649 output: 1
2022-08-29 21:43:50,649 output: stderr:
2022-08-29 21:43:50,649 output: Failed to disable unit: Unit file openvpn-client@.service does not exist.
2022-08-29 21:43:50,649 output: stdout:
2022-08-29 21:43:50,650 output: ----------
2022-08-29 21:43:50,650 output: ID: systemd-mask
2022-08-29 21:43:50,650 output: Function: cmd.run
2022-08-29 21:43:50,650 output: Name: systemctl mask openvpn-client@.service
2022-08-29 21:43:50,650 output: Result: True
2022-08-29 21:43:50,650 output: Comment: Command "systemctl mask openvpn-client@.service" run
2022-08-29 21:43:50,650 output: Started: 21:43:49.577858
2022-08-29 21:43:50,650 output: Duration: 175.53 ms
2022-08-29 21:43:50,650 output: Changes:
2022-08-29 21:43:50,651 output: ----------
2022-08-29 21:43:50,651 output: pid:
2022-08-29 21:43:50,651 output: 890
2022-08-29 21:43:50,651 output: retcode:
2022-08-29 21:43:50,651 output: 0
2022-08-29 21:43:50,651 output: stderr:
2022-08-29 21:43:50,651 output: Unit openvpn-client@.service does not exist, proceeding anyway.
2022-08-29 21:43:50,651 output: Created symlink /etc/systemd/system/openvpn-client@.service -> /dev/null.
2022-08-29 21:43:50,651 output: stdout:
2022-08-29 21:43:50,651 output: ----------
2022-08-29 21:43:50,652 output: ID: /rw/config/rc.local
2022-08-29 21:43:50,652 output: Function: file.managed
2022-08-29 21:43:50,652 output: Result: True
2022-08-29 21:43:50,652 output: Comment: File /rw/config/rc.local updated
2022-08-29 21:43:50,652 output: Started: 21:43:49.753624
2022-08-29 21:43:50,652 output: Duration: 42.395 ms
2022-08-29 21:43:50,652 output: Changes:
2022-08-29 21:43:50,652 output: ----------
2022-08-29 21:43:50,652 output: diff:
2022-08-29 21:43:50,653 output: ---
2022-08-29 21:43:50,653 output: +++
2022-08-29 21:43:50,653 output: @@ -1,10 +1,8 @@
2022-08-29 21:43:50,653 output: -#!/bin/sh
2022-08-29 21:43:50,653 output: +#!/bin/bash
2022-08-29 21:43:50,653 output: +systemctl unmask openvpn
2022-08-29 21:43:50,653 output: +VPN_CLIENT='openvpn'
2022-08-29 21:43:50,653 output: +VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon'
2022-08-29 21:43:50,653 output:
2022-08-29 21:43:50,654 output: -# This script will be executed at every VM startup, you can place your own
2022-08-29 21:43:50,654 output: -# custom commands here. This includes overriding some configuration in /etc,
2022-08-29 21:43:50,654 output: -# starting services etc.
2022-08-29 21:43:50,654 output: -
2022-08-29 21:43:50,654 output: -# Example for overriding the whole CUPS configuration:
2022-08-29 21:43:50,654 output: -# rm -rf /etc/cups
2022-08-29 21:43:50,654 output: -# ln -s /rw/config/cups /etc/cups
2022-08-29 21:43:50,654 output: -# systemctl --no-block restart cups
2022-08-29 21:43:50,654 output: +su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
2022-08-29 21:43:50,654 output: +groupadd -rf qvpn ; sleep 2s
2022-08-29 21:43:50,654 output: +sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"
2022-08-29 21:43:50,655 output: ----------
2022-08-29 21:43:50,655 output: ID: /rw/config/qubes-firewall-user-script
2022-08-29 21:43:50,655 output: Function: file.managed
2022-08-29 21:43:50,655 output: Result: True
2022-08-29 21:43:50,655 output: Comment: File /rw/config/qubes-firewall-user-script updated
2022-08-29 21:43:50,655 output: Started: 21:43:49.796118
2022-08-29 21:43:50,655 output: Duration: 4.087 ms
2022-08-29 21:43:50,655 output: Changes:
2022-08-29 21:43:50,655 output: ----------
2022-08-29 21:43:50,655 output: diff:
2022-08-29 21:43:50,655 output: ---
2022-08-29 21:43:50,655 output: +++
2022-08-29 21:43:50,656 output: @@ -1,11 +1,26 @@
2022-08-29 21:43:50,656 output: -#!/bin/sh
2022-08-29 21:43:50,656 output: +#!/bin/bash
2022-08-29 21:43:50,656 output: +# Block forwarding of connections through upstream network device
2022-08-29 21:43:50,656 output: +# (in case the vpn tunnel breaks):
2022-08-29 21:43:50,656 output: +iptables -I FORWARD -o eth0 -j DROP
2022-08-29 21:43:50,656 output: +iptables -I FORWARD -i eth0 -j DROP
2022-08-29 21:43:50,656 output: +ip6tables -I FORWARD -o eth0 -j DROP
2022-08-29 21:43:50,656 output: +ip6tables -I FORWARD -i eth0 -j DROP
2022-08-29 21:43:50,656 output:
2022-08-29 21:43:50,656 output: -# This script is called at AppVM boot if this AppVM has the qubes-firewall
2022-08-29 21:43:50,656 output: -# service enabled. It is executed after the empty chains for the Qubes firewall
2022-08-29 21:43:50,657 output: -# are created, but before rules for attached qubes are processed and inserted.
2022-08-29 21:43:50,657 output: -#
2022-08-29 21:43:50,657 output: -# It is a good place for custom rules and actions that should occur when the
2022-08-29 21:43:50,657 output: -# firewall service is started.
2022-08-29 21:43:50,657 output: -#
2022-08-29 21:43:50,657 output: -# Executable scripts located in /rw/config/qubes-firewall.d are executed
2022-08-29 21:43:50,657 output: -# immediately before this qubes-firewall-user-script.
2022-08-29 21:43:50,657 output: +# Accept traffic to VPN
2022-08-29 21:43:50,657 output: +iptables -P OUTPUT DROP
2022-08-29 21:43:50,657 output: +iptables -F OUTPUT
2022-08-29 21:43:50,657 output: +iptables -I OUTPUT -o lo -j ACCEPT
2022-08-29 21:43:50,657 output: +
2022-08-29 21:43:50,658 output: +# Add the `qvpn` group to system, if it doesn't already exist
2022-08-29 21:43:50,658 output: +if ! grep -q "^qvpn:" /etc/group ; then
2022-08-29 21:43:50,658 output: + groupadd -rf qvpn
2022-08-29 21:43:50,658 output: + sync
2022-08-29 21:43:50,658 output: +fi
2022-08-29 21:43:50,658 output: +sleep 2s
2022-08-29 21:43:50,658 output: +
2022-08-29 21:43:50,658 output: +# Block non-VPN traffic to clearnet
2022-08-29 21:43:50,658 output: +iptables -I OUTPUT -o eth0 -j DROP
2022-08-29 21:43:50,658 output: +# Allow traffic from the `qvpn` group to the uplink interface (eth0);
2022-08-29 21:43:50,658 output: +# Our VPN client will run with group `qvpn`.
2022-08-29 21:43:50,658 output: +iptables -I OUTPUT -p all -o eth0 -m owner --gid-owner qvpn -j ACCEPT
2022-08-29 21:43:50,658 output: +iptables -I OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
2022-08-29 21:43:50,659 output: ----------
2022-08-29 21:43:50,659 output: ID: /rw/config/vpn
2022-08-29 21:43:50,659 output: Function: file.directory
2022-08-29 21:43:50,659 output: Result: True
2022-08-29 21:43:50,659 output: Comment:
2022-08-29 21:43:50,659 output: Started: 21:43:49.800291
2022-08-29 21:43:50,659 output: Duration: 0.778 ms
2022-08-29 21:43:50,659 output: Changes:
2022-08-29 21:43:50,659 output: ----------
2022-08-29 21:43:50,659 output: /rw/config/vpn:
2022-08-29 21:43:50,659 output: ----------
2022-08-29 21:43:50,659 output: directory:
2022-08-29 21:43:50,659 output: new
2022-08-29 21:43:50,660 output: ----------
2022-08-29 21:43:50,660 output: ID: /rw/config/vpn/qubes-vpn-handler.sh
2022-08-29 21:43:50,660 output: Function: file.managed
2022-08-29 21:43:50,660 output: Result: True
2022-08-29 21:43:50,660 output: Comment: File /rw/config/vpn/qubes-vpn-handler.sh updated
2022-08-29 21:43:50,660 output: Started: 21:43:49.801147
2022-08-29 21:43:50,660 output: Duration: 3.265 ms
2022-08-29 21:43:50,660 output: Changes:
2022-08-29 21:43:50,660 output: ----------
2022-08-29 21:43:50,660 output: diff:
2022-08-29 21:43:50,660 output: New file
2022-08-29 21:43:50,660 output: mode:
2022-08-29 21:43:50,660 output: 0755
2022-08-29 21:43:50,660 output: ----------
2022-08-29 21:43:50,660 output: ID: /etc/skel/install.sh
2022-08-29 21:43:50,661 output: Function: file.managed
2022-08-29 21:43:50,661 output: Result: True
2022-08-29 21:43:50,661 output: Comment: File /etc/skel/install.sh updated
2022-08-29 21:43:50,661 output: Started: 21:43:49.804492
2022-08-29 21:43:50,661 output: Duration: 3.577 ms
2022-08-29 21:43:50,661 output: Changes:
2022-08-29 21:43:50,661 output: ----------
2022-08-29 21:43:50,661 output: diff:
2022-08-29 21:43:50,661 output: New file
2022-08-29 21:43:50,661 output: mode:
2022-08-29 21:43:50,661 output: 0755
2022-08-29 21:43:50,661 output: ----------
2022-08-29 21:43:50,661 output: ID: /home/user/install.sh
2022-08-29 21:43:50,661 output: Function: file.managed
2022-08-29 21:43:50,661 output: Result: True
2022-08-29 21:43:50,661 output: Comment: File /home/user/install.sh updated
2022-08-29 21:43:50,662 output: Started: 21:43:49.808149
2022-08-29 21:43:50,662 output: Duration: 2.625 ms
2022-08-29 21:43:50,662 output: Changes:
2022-08-29 21:43:50,662 output: ----------
2022-08-29 21:43:50,662 output: diff:
2022-08-29 21:43:50,662 output: New file
2022-08-29 21:43:50,662 output: mode:
2022-08-29 21:43:50,662 output: 0755
2022-08-29 21:43:50,662 output: ----------
2022-08-29 21:43:50,662 output: ID: helper_script_menu
2022-08-29 21:43:50,662 output: Function: file.managed
2022-08-29 21:43:50,662 output: Name: /usr/share/applications/vpn_setup.desktop
2022-08-29 21:43:50,662 output: Result: True
2022-08-29 21:43:50,662 output: Comment: File /usr/share/applications/vpn_setup.desktop updated
2022-08-29 21:43:50,662 output: Started: 21:43:49.810854
2022-08-29 21:43:50,663 output: Duration: 3.177 ms
2022-08-29 21:43:50,663 output: Changes:
2022-08-29 21:43:50,663 output: ----------
2022-08-29 21:43:50,663 output: diff:
2022-08-29 21:43:50,663 output: New file
2022-08-29 21:43:50,663 output: group:
2022-08-29 21:43:50,663 output: user
2022-08-29 21:43:50,663 output: mode:
2022-08-29 21:43:50,663 output: 0755
2022-08-29 21:43:50,663 output: user:
2022-08-29 21:43:50,663 output: user
2022-08-29 21:43:50,663 output:
2022-08-29 21:43:50,663 output: Summary for template-openvpn
2022-08-29 21:43:50,663 output: -------------
2022-08-29 21:43:50,663 output: Succeeded: 11 (changed=11)
2022-08-29 21:43:50,663 output: Failed: 2
2022-08-29 21:43:50,664 output: -------------
2022-08-29 21:43:50,664 output: Total states run: 13
2022-08-29 21:43:50,664 output: Total run time: 3.122 s
2022-08-29 21:43:50,664 exit code: 20
2022-09-07 21:20:19,501 calling 'state.apply openvpn.install'...
2022-09-07 21:20:55,470 output: template-openvpn:
2022-09-07 21:20:55,471 output: - Rendering SLS 'base:openvpn.install' failed: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'qvm.exists'; line 4
2022-09-07 21:20:55,471 output:
2022-09-07 21:20:55,471 output: ---
2022-09-07 21:20:55,471 output: # vim: set syntax=yaml ts=2 sw=2 sts=2 et :
2022-09-07 21:20:55,471 output: #
2022-09-07 21:20:55,471 output:
2022-09-07 21:20:55,471 output: {% if salt['qvm.exists']('cacher') %} <======================
2022-09-07 21:20:55,471 output:
2022-09-07 21:20:55,471 output: /etc/apt/sources.list:
2022-09-07 21:20:55,471 output: file.replace:
2022-09-07 21:20:55,471 output: - names:
2022-09-07 21:20:55,471 output: - /etc/apt/sources.list
2022-09-07 21:20:55,471 output: [...]
2022-09-07 21:20:55,471 output: ---
2022-09-07 21:20:55,471 output: [ERROR ] Rendering exception occurred
2022-09-07 21:20:55,471 output: Traceback (most recent call last):
2022-09-07 21:20:55,471 output: File "/usr/lib/python3.10/site-packages/salt/utils/templates.py", line 469, in render_jinja_tmpl
2022-09-07 21:20:55,471 output: output = template.render(**decoded_context)
2022-09-07 21:20:55,471 output: File "/usr/lib/python3.10/site-packages/jinja2/environment.py", line 1304, in render
2022-09-07 21:20:55,471 output: self.environment.handle_exception()
2022-09-07 21:20:55,471 output: File "/usr/lib/python3.10/site-packages/jinja2/environment.py", line 925, in handle_exception
2022-09-07 21:20:55,471 output: raise rewrite_traceback_stack(source=source)
2022-09-07 21:20:55,472 output: File "<template>", line 4, in <module>
2022-09-07 21:20:55,472 output: File "/usr/lib/python3.10/site-packages/jinja2/sandbox.py", line 391, in call
2022-09-07 21:20:55,472 output: if not __self.is_safe_callable(__obj):
2022-09-07 21:20:55,472 output: File "/usr/lib/python3.10/site-packages/jinja2/sandbox.py", line 275, in is_safe_callable
2022-09-07 21:20:55,472 output: getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
2022-09-07 21:20:55,472 output: jinja2.exceptions.UndefinedError: 'salt.utils.templates.AliasedLoader object' has no attribute 'qvm.exists'
2022-09-07 21:20:55,472 output:
2022-09-07 21:20:55,472 output: During handling of the above exception, another exception occurred:
2022-09-07 21:20:55,472 output:
2022-09-07 21:20:55,472 output: Traceback (most recent call last):
2022-09-07 21:20:55,472 output: File "/usr/lib/python3.10/site-packages/salt/utils/templates.py", line 216, in render_tmpl
2022-09-07 21:20:55,472 output: output = render_str(tmplstr, context, tmplpath)
2022-09-07 21:20:55,472 output: File "/usr/lib/python3.10/site-packages/salt/utils/templates.py", line 475, in render_jinja_tmpl
2022-09-07 21:20:55,472 output: raise SaltRenderError("Jinja variable {}{}".format(exc, out), line, tmplstr)
2022-09-07 21:20:55,472 output: salt.exceptions.SaltRenderError: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'qvm.exists'; line 4
2022-09-07 21:20:55,472 output:
2022-09-07 21:20:55,472 output: ---
2022-09-07 21:20:55,472 output: # vim: set syntax=yaml ts=2 sw=2 sts=2 et :
2022-09-07 21:20:55,472 output: #
2022-09-07 21:20:55,472 output:
2022-09-07 21:20:55,472 output: {% if salt['qvm.exists']('cacher') %} <======================
2022-09-07 21:20:55,472 output:
2022-09-07 21:20:55,472 output: /etc/apt/sources.list:
2022-09-07 21:20:55,472 output: file.replace:
2022-09-07 21:20:55,472 output: - names:
2022-09-07 21:20:55,472 output: - /etc/apt/sources.list
2022-09-07 21:20:55,473 output: [...]
2022-09-07 21:20:55,473 output: ---
2022-09-07 21:20:55,473 output: [CRITICAL] Rendering SLS 'base:openvpn.install' failed: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'qvm.exists'; line 4
2022-09-07 21:20:55,473 output:
2022-09-07 21:20:55,473 output: ---
2022-09-07 21:20:55,473 output: # vim: set syntax=yaml ts=2 sw=2 sts=2 et :
2022-09-07 21:20:55,473 output: #
2022-09-07 21:20:55,473 output:
2022-09-07 21:20:55,473 output: {% if salt['qvm.exists']('cacher') %} <======================
2022-09-07 21:20:55,473 output:
2022-09-07 21:20:55,473 output: /etc/apt/sources.list:
2022-09-07 21:20:55,473 output: file.replace:
2022-09-07 21:20:55,473 output: - names:
2022-09-07 21:20:55,473 output: - /etc/apt/sources.list
2022-09-07 21:20:55,473 output: [...]
2022-09-07 21:20:55,473 output: ---
2022-09-07 21:20:55,473 exit code: 0
2022-09-08 21:00:02,935 calling 'state.apply openvpn.install'...
2022-09-08 21:00:37,756 output: template-openvpn:
2022-09-08 21:00:37,756 output: - Rendering SLS 'base:openvpn.install' failed: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'qvm.exists'; line 4
2022-09-08 21:00:37,757 output:
2022-09-08 21:00:37,757 output: ---
2022-09-08 21:00:37,757 output: # vim: set syntax=yaml ts=2 sw=2 sts=2 et :
2022-09-08 21:00:37,757 output: #
2022-09-08 21:00:37,757 output:
2022-09-08 21:00:37,757 output: {% if salt['qvm.exists']('cacher') %} <======================
2022-09-08 21:00:37,757 output:
2022-09-08 21:00:37,757 output: /etc/apt/sources.list:
2022-09-08 21:00:37,757 output: file.replace:
2022-09-08 21:00:37,757 output: - names:
2022-09-08 21:00:37,757 output: - /etc/apt/sources.list
2022-09-08 21:00:37,757 output: [...]
2022-09-08 21:00:37,757 output: ---
2022-09-08 21:00:37,757 output: [ERROR ] Rendering exception occurred
2022-09-08 21:00:37,757 output: Traceback (most recent call last):
2022-09-08 21:00:37,757 output: File "/usr/lib/python3.10/site-packages/salt/utils/templates.py", line 469, in render_jinja_tmpl
2022-09-08 21:00:37,757 output: output = template.render(**decoded_context)
2022-09-08 21:00:37,757 output: File "/usr/lib/python3.10/site-packages/jinja2/environment.py", line 1304, in render
2022-09-08 21:00:37,757 output: self.environment.handle_exception()
2022-09-08 21:00:37,757 output: File "/usr/lib/python3.10/site-packages/jinja2/environment.py", line 925, in handle_exception
2022-09-08 21:00:37,757 output: raise rewrite_traceback_stack(source=source)
2022-09-08 21:00:37,757 output: File "<template>", line 4, in <module>
2022-09-08 21:00:37,757 output: File "/usr/lib/python3.10/site-packages/jinja2/sandbox.py", line 391, in call
2022-09-08 21:00:37,757 output: if not __self.is_safe_callable(__obj):
2022-09-08 21:00:37,758 output: File "/usr/lib/python3.10/site-packages/jinja2/sandbox.py", line 275, in is_safe_callable
2022-09-08 21:00:37,758 output: getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
2022-09-08 21:00:37,758 output: jinja2.exceptions.UndefinedError: 'salt.utils.templates.AliasedLoader object' has no attribute 'qvm.exists'
2022-09-08 21:00:37,758 output:
2022-09-08 21:00:37,758 output: During handling of the above exception, another exception occurred:
2022-09-08 21:00:37,758 output:
2022-09-08 21:00:37,758 output: Traceback (most recent call last):
2022-09-08 21:00:37,758 output: File "/usr/lib/python3.10/site-packages/salt/utils/templates.py", line 216, in render_tmpl
2022-09-08 21:00:37,758 output: output = render_str(tmplstr, context, tmplpath)
2022-09-08 21:00:37,758 output: File "/usr/lib/python3.10/site-packages/salt/utils/templates.py", line 475, in render_jinja_tmpl
2022-09-08 21:00:37,758 output: raise SaltRenderError("Jinja variable {}{}".format(exc, out), line, tmplstr)
2022-09-08 21:00:37,758 output: salt.exceptions.SaltRenderError: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'qvm.exists'; line 4
2022-09-08 21:00:37,758 output:
2022-09-08 21:00:37,758 output: ---
Yeah so, because I get everytime an error when I try to upload the file I spammed this thread. I hope I doesn’t get banned. 
This is amazingly helpful.
Thank you so much for taking the time to do this.as I thought, the
package installation is failing, for reasons I don’t yet understand.
I’ll sleep on it.
1 Like
Long sleep.
I had an unexpected time offline.
So what I see here:
- cacher is installed.
- The new template requires changes in the source list
- The package list is not updated after 2.
- Installation fails.
This is puzzling -
A. Assuming cacher is the name of the caching proxy, then this will have
brought in debian-11-minimal.
A post install step of that package rewrites the sources lists.
Possibilities:
cacher is not the name of a caching proxy
cacher was not installed using the 3isec-qubes-cacher package
The post-install sources rewriting failed.
The debian-11-minimal template was removed or restored to its original
state before installation of the openvpn package.
B. After sources rewriting was successful, the sources were not updated.
This is why the packages were not located.
pkg.uptodate was run, and that state explicitly calls for a refresh. The
result is “True”.
This could be a bug in salt - I’ve already raised similar bugs.
possible workround would be to explicitly call apt-get refresh prior to
pkg.uptodate
The only significant issue in A is the naming of cacher - this is too
embedded atm for me to consider changing.
Any failure in the rewriting script would result in templates failing
to update. No reports of this.
For B implementing that workround should be sufficient, (assuming there
os a caching proxy)
It’s worth noting that this is the only report I have so far of this package
failing to install.
1 Like
Still puzzling -
I reset the minimal template prior to installing the openvpn package.
The sources in the cloned template were rewritten on package installation.
pkg.uptodate did refresh the packages list.
The necessary packages were installed.
?
1 Like
I recently went ahead and did a little experiment and opened an issue on extrepo-data project, asking for element-desktop to be added into extrepo-offline-data (debian only project):
A merge request was created and merged within the following 12 hours: add element.io (!193) · Merge requests · External repositories team / extrepo-data · GitLab
It is niw spooled to be included into extrepo-offline-data in the next following days, meaning automatic updates of debian-12 templates will include element.io repository in the next update of installed extrepo-offline-data, and make element easily installable through
- extrepo --offlinedata search element
- extrepo --offlinedata enable element.io
- apt update && apt install element-desktop
In the next few days.
I think this is where our energies should be invested. So that one day, extrepo and extrepo-offline-data can be installed from debian repositories, and users(qubes salt, qubes preinstalled packages in templates) can permit easy additional repositories additition without worrying about GPG key download and repository definition errors that would lead into templates updates failing.
I would advise users here to redo my process, steal that issue as a template to help extrepo-data project into finding directly the upstream installation instructions so they can include your desired repository in their project.
@unman: I also updated my issue for inotifywait addition script (debian related) under cacher, showing instant benefit/gratification (just works tm) into enabling signal that way, and have the repository made apt-cacher-ng compliant instantly, which hides the nitty gritty details for cacher users under Deploy inotifywait script to modify repo definitions when they change · Issue #17 · unman/shaker · GitHub
love this project.
i had an issue with the cacher installation, now resolved. on first try, the template-cacher did not install the necessary packages, so the cacher was left unconfigured, and the install failed. i uninstalled it, changed my default net-vm to my update-vm, ran the installation again, and this time it was successful. it still reported an error, but it works great. i believe the error reported is that certain vm’s did not receive the necessary mod to their sources to work over cacher. easily fixed by manually editing sources
@unman if you let me know where to find the logs for the installation, i can report back where it failed, if this would be helpful.
edit: it would also appear that my one fedora qube is now unable to fetch metadata. verified that sources have been edited by the script to target cacher. maybe the grouping wasn’t applied properly in cacher? here is output of sudo dnf update:
Fedora 36 openh264 (From Cisco) - x86_64 0.0 B/s | 0 B 00:01
Errors during downloading metadata for repository ‘fedora-cisco-openh264’:
- Curl error (56): Failure when receiving data from the peer for https://codecs.fedoraproject.org/openh264/36/x86_64/os/repodata/repomd.xml [Received HTTP code 403 from proxy after CONNECT]
Error: Failed to download metadata for repo ‘fedora-cisco-openh264’: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Fedora 36 - x86_64 - Updates 61 kB/s | 479 kB 00:07
Errors during downloading metadata for repository ‘updates’:- At least one of the zchunk checksums doesn’t match in http://mirror.init7.net/fedora/fedora/linux/updates/36/Everything/x86_64/repodata/73c60d6746840b97edeca71d4a9b313aaf88e648ead74abbf7d23fe3747a002c-primary.xml.zck
- At least one of the zchunk checksums doesn’t match in http://mirror.init7.net/fedora/fedora/linux/updates/36/Everything/x86_64/repodata/afdb89258121bb4cd97ead414e06ed3b561e270aab025cfccc0d5166960d2bd5-filelists.xml.zck
Error: Failed to download metadata for repo ‘updates’: Checksum error /var/cache/dnf/updates-6d7d668fa263e383/repodata/73c60d6746840b97edeca71d4a9b313aaf88e648ead74abbf7d23fe3747a002c-primary.xml.zck: Unable to validate zchunk checksums
1 Like
@unman I have the same
- fedora-cisco-openh264 error
- same Unable to validate zchunk checksums error
First error is warning, but will obviously never reach repo nor update packages.
Second error I have annoying workaround of removing unreferenced files from apt-cacher-ng webgui. But is there a tweak to have files in sync? Reading documentation of apt-cacher-ng, I do not get how fetching Package list doesn’t update pointed files as of now.
2 Likes
MullvadVPN qube is also excellent @unman. outperforming my qubes-tunnel vm’s by quite a bit. one thing though: the menu item asks for my “wireshark” config files… i think you meant wireguard xD
edit: edit: in a second attempt at running “Setup Mullvad VPN”, it seems that the firewall rules didn’t automatically update from a private wireguard config. not sure why. Is this only meant for Mullvad configs specifically?
edit3: AHA! It was a syntax error in the config file. But note: it added the new firewall rule and did not replace the previous one.
i’m not getting any network throughput on sys-pihole. i can ping websites from the vm, but not from behind it. also, the pihole command is not recognized, so clearly something is wrong. but i do see a folder labeled pihole in /root. no errors reported on install. is there a missing step undocumented in the qubes-task info?
edit: the network i first tried to run the pihole installer on was blocking the pi-hole server, which is needed to run the basic-install.sh script. in this case it might be nice to return an error on the qubes-task for future users
Now you know how I spend my days.
Thanks for the report.
I’ll fix it.
1 Like
Suggests the install failed.
Can you look at /var/log/qubes/mgmt-sys-pihole.log?