2019-07-08 22:23:30 -04:00
|
|
|
|
---
|
2021-03-13 13:06:18 -05:00
|
|
|
|
lang: en
|
2019-07-08 22:23:30 -04:00
|
|
|
|
layout: doc
|
2021-06-17 07:23:57 -04:00
|
|
|
|
permalink: /doc/how-to-update/
|
|
|
|
|
|
redirect_from:
|
2021-06-24 10:10:26 -04:00
|
|
|
|
- /doc/updating-qubes-os/
|
2021-03-13 13:06:18 -05:00
|
|
|
|
ref: 200
|
2021-07-08 21:06:41 -04:00
|
|
|
|
title: How to update
|
2019-07-08 22:23:30 -04:00
|
|
|
|
---
|
|
|
|
|
|
|
2021-06-18 09:25:06 -04:00
|
|
|
|
*This page is about updating your system while staying on the same [supported
|
2021-07-10 17:25:29 -04:00
|
|
|
|
version of Qubes OS](/doc/supported-releases/#qubes-os). If you're instead
|
2021-06-18 09:25:06 -04:00
|
|
|
|
looking to upgrade from your current version of Qubes OS to a newer version,
|
|
|
|
|
|
see the [Upgrade Guides](/doc/upgrade/).*
|
2019-07-08 22:23:30 -04:00
|
|
|
|
|
2021-06-18 09:25:06 -04:00
|
|
|
|
It is important to keep your Qubes OS system up-to-date to ensure you have the
|
2023-08-10 18:25:25 -04:00
|
|
|
|
latest security updates, as well as the latest non-security enhancements and bug
|
|
|
|
|
|
fixes.
|
2021-03-08 08:27:53 -05:00
|
|
|
|
|
2019-07-08 22:23:30 -04:00
|
|
|
|
Fully updating your Qubes OS system means updating:
|
|
|
|
|
|
|
2021-06-18 09:47:40 -04:00
|
|
|
|
- [dom0](/doc/glossary/#dom0)
|
|
|
|
|
|
- [templates](/doc/glossary/#template)
|
|
|
|
|
|
- [standalones](/doc/glossary/#standalone) (if you have any)
|
2019-07-08 22:23:30 -04:00
|
|
|
|
|
2023-08-10 18:08:39 -04:00
|
|
|
|
## Security updates
|
2021-03-14 23:42:32 -04:00
|
|
|
|
|
2023-08-10 18:08:39 -04:00
|
|
|
|
Security updates are an extremely important part of keeping your Qubes
|
2023-08-10 18:25:25 -04:00
|
|
|
|
installation secure. When there is an important security incident, we will issue
|
|
|
|
|
|
a [Qubes Security Bulletin (QSB)](/security/qsb/) via the [Qubes Security
|
2023-08-10 18:08:39 -04:00
|
|
|
|
Pack (`qubes-secpack`)](/security/pack/). It is very important to read each new
|
|
|
|
|
|
QSB and follow any user instructions it contains. Most of the time, simply
|
|
|
|
|
|
updating your system normally, as described below, will be sufficient to obtain
|
|
|
|
|
|
security updates. However, in some cases, special action may be required on
|
|
|
|
|
|
your part, which will be explained in the QSB.
|
|
|
|
|
|
|
|
|
|
|
|
## Checking for updates
|
2021-03-14 23:42:32 -04:00
|
|
|
|
|
2023-08-10 18:25:25 -04:00
|
|
|
|
By default, the **Qubes Update** tool will appear as an icon in the Notification
|
2021-06-18 09:25:06 -04:00
|
|
|
|
Area when updates are available.
|
2021-03-15 18:10:05 -04:00
|
|
|
|
|
2021-06-18 08:46:02 -04:00
|
|
|
|
[](/attachment/doc/r4.0-qube-updates-available.png)
|
2021-03-15 18:10:05 -04:00
|
|
|
|
|
2021-06-18 09:25:06 -04:00
|
|
|
|
However, you can also start the tool manually by selecting it in the
|
2022-09-13 03:30:39 -04:00
|
|
|
|
Applications Menu under "Qubes Tools." Even if no updates have been detected,
|
2021-06-18 09:25:06 -04:00
|
|
|
|
you can use this tool to check for updates manually at any time by selecting
|
|
|
|
|
|
"Enable updates for qubes without known available updates," then selecting all
|
|
|
|
|
|
desired items from the list and clicking "Next."
|
2021-03-11 09:28:22 -05:00
|
|
|
|
|
2022-10-14 02:19:15 -04:00
|
|
|
|
<div class="alert alert-info" role="alert">
|
|
|
|
|
|
<i class="fa fa-question-circle"></i>
|
|
|
|
|
|
For information about how templates download updates, please see <a
|
|
|
|
|
|
href="/doc/how-to-install-software/#why-dont-templates-have-network-access">Why
|
|
|
|
|
|
don’t templates have network access?</a> and the <a
|
|
|
|
|
|
href="/doc/how-to-install-software/#updates-proxy">Updates proxy</a>.
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
2022-10-11 09:01:58 -04:00
|
|
|
|
By default, most qubes that are connected to the internet will periodically
|
|
|
|
|
|
check for updates for their parent templates. If updates are available, you
|
|
|
|
|
|
will receive a notification as described above. However, if you have any
|
|
|
|
|
|
templates that do *not* have any online child qubes, you will *not* receive
|
|
|
|
|
|
update notifications for them. Therefore, you should regularly update such
|
|
|
|
|
|
templates manually instead.
|
|
|
|
|
|
|
2023-08-10 18:08:39 -04:00
|
|
|
|
## Installing updates
|
|
|
|
|
|
|
|
|
|
|
|
The standard way to install updates is with the **Qubes Update** tool. (However,
|
|
|
|
|
|
you can also perform the same action via the [command-line
|
|
|
|
|
|
interface](#command-line-interface).)
|
|
|
|
|
|
|
|
|
|
|
|
[](/attachment/doc/r4.0-software-update.png)
|
|
|
|
|
|
|
|
|
|
|
|
Simply follow the on-screen instructions, and the tool will download and install
|
|
|
|
|
|
all available updates for you. Note that if you are downloading updates over Tor
|
|
|
|
|
|
(`sys-whonix`), this can take a very long time, especially if there are a lot of
|
|
|
|
|
|
updates available.
|
|
|
|
|
|
|
|
|
|
|
|
## Restarting after updating
|
|
|
|
|
|
|
|
|
|
|
|
Certain updates require certain components to be restarted in order for the
|
|
|
|
|
|
updates to take effect:
|
|
|
|
|
|
|
|
|
|
|
|
- QSBs may instruct you to restart certain components after installing updates.
|
|
|
|
|
|
- Dom0 should be restarted after any **Xen** or **kernel** updates.
|
|
|
|
|
|
- After updating a template, first shut down the template, then restart all
|
|
|
|
|
|
running qubes based on that template.
|
|
|
|
|
|
|
2021-06-21 01:27:43 -04:00
|
|
|
|
## Command-line interface
|
|
|
|
|
|
|
|
|
|
|
|
<div class="alert alert-danger" role="alert">
|
|
|
|
|
|
<i class="fa fa-exclamation-triangle"></i>
|
2022-08-13 22:17:03 -04:00
|
|
|
|
<b>Warning:</b> Updating with direct commands such as
|
2021-06-21 01:27:43 -04:00
|
|
|
|
<code>qubes-dom0-update</code>, <code>dnf update</code>, and <code>apt
|
|
|
|
|
|
update</code> is <b>not</b> recommended, since these bypass built-in Qubes OS
|
2022-08-13 22:17:03 -04:00
|
|
|
|
update security measures. Instead, we strongly recommend using the <b>Qubes
|
|
|
|
|
|
Update</b> tool or its command-line equivalents, as described below. (By
|
2021-06-21 01:27:43 -04:00
|
|
|
|
contrast, <a href="/doc/how-to-install-software/">installing</a> packages
|
|
|
|
|
|
using direct package manager commands is fine.)
|
2021-05-06 09:34:50 -04:00
|
|
|
|
</div>
|
2019-07-08 22:23:30 -04:00
|
|
|
|
|
2022-02-07 04:52:35 -05:00
|
|
|
|
Advanced users may wish to perform updates via the command-line interface. The
|
2022-09-13 03:01:36 -04:00
|
|
|
|
recommended way to do this is by applying the following two Salt states.
|
|
|
|
|
|
**Applying these two Salt states is the same as updating via the Qubes Update
|
|
|
|
|
|
tool.**
|
2021-06-21 01:27:43 -04:00
|
|
|
|
|
2022-09-13 03:01:36 -04:00
|
|
|
|
- [update.qubes-dom0](/doc/salt/#updatequbes-dom0)
|
|
|
|
|
|
- [update.qubes-vm](/doc/salt/#updatequbes-vm)
|
2021-06-21 01:27:43 -04:00
|
|
|
|
|
2022-08-23 20:17:29 -04:00
|
|
|
|
In your update qube, a terminal window opens that displays the progress of
|
|
|
|
|
|
operations and output as it is logged. At the end of the process, logs are sent
|
|
|
|
|
|
back to dom0. You answer any yes/no prompts in your dom0 terminal window.
|
|
|
|
|
|
|
2021-09-07 15:28:29 -04:00
|
|
|
|
Advanced users may also be interested in learning [how to enable the
|
2021-06-21 01:27:43 -04:00
|
|
|
|
testing repos](/doc/testing/).
|
|
|
|
|
|
|
|
|
|
|
|
## Upgrading to avoid EOL
|
|
|
|
|
|
|
|
|
|
|
|
The above covers updating *within* a given operating system (OS) release.
|
|
|
|
|
|
Eventually, however, most OS releases will reach **end-of-life (EOL)**, after
|
|
|
|
|
|
which point they will no longer be supported. This applies to Qubes OS itself
|
|
|
|
|
|
as well as OSes used in [templates](/doc/templates/) (and
|
|
|
|
|
|
[standalones](/doc/standalones-and-hvms/), if you have any).
|
|
|
|
|
|
|
|
|
|
|
|
**It's very important that you use only supported releases so that you continue
|
|
|
|
|
|
to receive security updates.** This means that you *must* periodically upgrade
|
|
|
|
|
|
Qubes OS and your templates before they reach EOL. You can always see which
|
2023-08-10 18:25:25 -04:00
|
|
|
|
versions of Qubes OS and select templates are supported on the [supported
|
|
|
|
|
|
releases](/doc/supported-releases/) page.
|
2021-06-21 01:27:43 -04:00
|
|
|
|
|
|
|
|
|
|
In the case of Qubes OS itself, we will make an
|
|
|
|
|
|
[announcement](/news/categories/#releases) when a supported Qubes OS release is
|
|
|
|
|
|
approaching EOL and another when it has actually reached EOL, and we will
|
|
|
|
|
|
provide [instructions for upgrading to the next stable supported Qubes OS
|
|
|
|
|
|
release](/doc/upgrade/).
|
|
|
|
|
|
|
|
|
|
|
|
Periodic upgrades are also important for templates. For example, you might be
|
|
|
|
|
|
using a [Fedora template](/doc/templates/fedora/). The [Fedora
|
|
|
|
|
|
Project](https://getfedora.org/) is independent of the Qubes OS Project. They
|
|
|
|
|
|
set their own
|
2021-06-18 09:25:06 -04:00
|
|
|
|
[schedule](https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule)
|
2021-06-21 01:27:43 -04:00
|
|
|
|
for when each Fedora release reaches EOL. You can always find out when an OS
|
|
|
|
|
|
reaches EOL from the upstream project that maintains it. We also pass along any
|
|
|
|
|
|
EOL notices we receive for official template OSes as a convenience to Qubes
|
2023-08-10 18:25:25 -04:00
|
|
|
|
users (see [supported template releases](/doc/supported-releases/#templates)).
|
2021-06-18 09:25:06 -04:00
|
|
|
|
|
|
|
|
|
|
The one exception to all this is the specific release used for dom0 (not to be
|
|
|
|
|
|
confused with Qubes OS as a whole), which [doesn't have to be
|
2021-07-10 17:25:29 -04:00
|
|
|
|
upgraded](/doc/supported-releases/#note-on-dom0-and-eol).
|
