Merge remote-tracking branch 'origin/pr/422'

marmarek · marmarek · commit 00beb5ef9880 · 2025-04-28T11:53:12.000+02:00
* origin/pr/422: anon gateway warning box on main qubesmanager page Pull request description: Solves: > Please re-open. > > [A user reported](https://forums.whonix.org/t/re-stop-users-from-changing-their-anon-whonix-net-qube-to-sys-firewall-to-avoid-ip-leaks/17255/7): > > I remember looking at this and patching my Qubes Manager temporarily and it failed to account for switching NetVM in the basic view. The pop up only shows in the settings tab, meaning this is only half solved > > This should be verified and reported before 4.3 is out, I have not checked the code again _Originally posted by @adrelanos in [#8551](QubesOS/qubes-issues#8551 (comment)
diff --git a/qubesmanager/qube_manager.py b/qubesmanager/qube_manager.py
@@ -33,6 +33,9 @@
 from qubesadmin import utils
 from qubesadmin.tools import qvm_start
 
+# pylint: disable=import-error
+from PyQt6 import QtWidgets
+
 # pylint: disable=import-error
 from PyQt6.QtCore import (Qt, QAbstractTableModel, QObject, pyqtSlot, QEvent,
                           QSettings, QRegularExpression, QSortFilterProxyModel,
@@ -959,6 +962,34 @@ def change_template(self, template):
 
     def change_network(self, netvm_name):
         selected_vms = self.get_selected_vms()
+        netvm = None
+        check_power = None
+
+        if netvm_name:
+            check_power = any(info.state['power'] == 'Running' for info
+                    in self.get_selected_vms())
+            if netvm_name == 'default':
+                netvm = self._get_default_netvm()
+            else:
+                netvm = self.qubes_cache.get_vm(name=netvm_name)
+                netvm = netvm.vm
+
+            if netvm:
+                vms_tags = {tag
+                            for selected_vm in selected_vms
+                            for tag in selected_vm.vm.tags}
+                if 'anon-vm' in vms_tags and not 'anon-gateway' in netvm.tags:
+                    QtWidgets.QMessageBox.warning(
+                        self,
+                        self.tr("Warning!"),
+                        self.tr(
+                            "Anonymous qubes must be connected to an anonymous "
+                            "gateway to ensure privacy and anonymity. By "
+                            "changing the net qube to a gateway that does not "
+                            "provide anonymity, your IP address will be leaked "
+                            "on the Internet. Continue at your own risk.")
+                    )
+
         reply = QMessageBox.question(
             self, self.tr("Network Change Confirmation"),
             self.tr("Do you want to change '{0}'<br>"
@@ -969,27 +1000,19 @@ def change_network(self, netvm_name):
         if reply != QMessageBox.StandardButton.Yes:
             return
 
-        if netvm_name:
-            check_power = any(info.state['power'] == 'Running' for info
-                    in self.get_selected_vms())
-            if netvm_name == 'default':
-                netvm = self._get_default_netvm()
-            else:
-                netvm = self.qubes_cache.get_vm(name=netvm_name)
-                netvm = netvm.vm
-            if check_power and netvm and not netvm.is_running():
-                reply = QMessageBox.question(
-                    self, self.tr("Qube Start Confirmation"),
-                    self.tr("<br>Can not change netvm to a halted Qube.<br>"
-                        "Do you want to start the Qube <b>'{0}'</b>?").format(
-                        netvm_name),
-                    QMessageBox.StandardButton.Yes |
-                    QMessageBox.StandardButton.Cancel)
+        if check_power and netvm and not netvm.is_running():
+            reply = QMessageBox.question(
+                self, self.tr("Qube Start Confirmation"),
+                self.tr("<br>Can not change netvm to a halted Qube.<br>"
+                    "Do you want to start the Qube <b>'{0}'</b>?").format(
+                    netvm_name),
+                QMessageBox.StandardButton.Yes |
+                QMessageBox.StandardButton.Cancel)
 
-                if reply == QMessageBox.StandardButton.Yes:
-                    self.start_vm(netvm, True)
-                else:
-                    return
+            if reply == QMessageBox.StandardButton.Yes:
+                self.start_vm(netvm, True)
+            else:
+                return
 
         errors = []
         for info in self.get_selected_vms():
