From 58901695283739dec6b2bce3ba937db7cd28fbf8 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 15 Feb 2019 23:09:33 -0600 Subject: [PATCH 1/2] Recommend simpler template upgrade method --- installing/installation-guide.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/installing/installation-guide.md b/installing/installation-guide.md index a097583c..da52d683 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -31,8 +31,16 @@ Furthermore, if you are installing Qubes on a potentially compromised system, we Qubes 4.0.1 Warning ------------------- -After installing Qubes 4.0.1, please install fresh APT-based (e.g., Debian and Whonix) TemplateVMs in order to be protected from the APT update mechanism vulnerability that was patched after the release of 4.0.1. -For instructions and further details, please see [QSB #46]. +Immediately after installing Qubes 4.0.1, please upgrade all of your APT-based (e.g., Debian and Whonix) TemplateVMs by executing the following command in a dom0 terminal for each such TemplateVM: + + $ sudo qubes-dom0-update --action=upgrade + +For example, the command for the `debian-9` TemplateVM would be: + + $ sudo qubes-dom0-update --action=upgrade qubes-template-debian-9 + +These upgrades are required in order to be protected from the APT update mechanism vulnerability that was announced and patched in [QSB #46], which was after the release of Qubes 4.0.1. +This method is simpler than the method recommended in [QSB #46], but it is just as safe and effective so long as it is performed immediately after installing Qubes OS. Hardware Requirements From b86488af6441b907cc150d38f6c0a83406c53d8f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 16 Feb 2019 15:24:32 -0600 Subject: [PATCH 2/2] Provide exact commands to upgrade ISO-installed templates --- installing/installation-guide.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/installing/installation-guide.md b/installing/installation-guide.md index da52d683..b2f5b3c6 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -31,13 +31,11 @@ Furthermore, if you are installing Qubes on a potentially compromised system, we Qubes 4.0.1 Warning ------------------- -Immediately after installing Qubes 4.0.1, please upgrade all of your APT-based (e.g., Debian and Whonix) TemplateVMs by executing the following command in a dom0 terminal for each such TemplateVM: - - $ sudo qubes-dom0-update --action=upgrade - -For example, the command for the `debian-9` TemplateVM would be: +Immediately after installing Qubes 4.0.1, please upgrade all of your Debian and Whonix TemplateVMs by executing the following commands in a dom0 terminal, as applicable for the templates you chose to install: $ sudo qubes-dom0-update --action=upgrade qubes-template-debian-9 + $ sudo qubes-dom0-update --enablerepo=qubes-templates-community --action=upgrade qubes-template-whonix-gw-14 + $ sudo qubes-dom0-update --enablerepo=qubes-templates-community --action=upgrade qubes-template-whonix-ws-14 These upgrades are required in order to be protected from the APT update mechanism vulnerability that was announced and patched in [QSB #46], which was after the release of Qubes 4.0.1. This method is simpler than the method recommended in [QSB #46], but it is just as safe and effective so long as it is performed immediately after installing Qubes OS.