Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add warnings and mitigation for QubesOS/qubes-issues#6585

Browse Source 
See the discussion on QubesOS/qubes-posts#79.
This commit is contained in:
Andrew David Wong 2022-02-19 15:17:13 -08:00
parent 31007f3c4c
commit a4aea3e981
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
user/how-to-guides/how-to-update.md
View File

@ -36,7 +36,10 @@ Fully updating your Qubes OS system means updating:
- [templates](/doc/glossary/#template) - [templates](/doc/glossary/#template)
- [standalones](/doc/glossary/#standalone) (if you have any) - [standalones](/doc/glossary/#standalone) (if you have any)
You can accomplish this using the **Qubes Update** tool. You can accomplish this using the **Qubes Update** tool. (**Warning:** This
tool is currently affected by bug
[#6585](https://github.com/QubesOS/qubes-issues/issues/6585). See below for a
mitigation.)
[![Qubes Update](/attachment/doc/r4.0-software-update.png)](/attachment/doc/r4.0-software-update.png) [![Qubes Update](/attachment/doc/r4.0-software-update.png)](/attachment/doc/r4.0-software-update.png)
@ -55,15 +58,41 @@ desired items from the list and clicking "Next."
<div class="alert alert-danger" role="alert"> <div class="alert alert-danger" role="alert">
<i class="fa fa-exclamation-triangle"></i> <i class="fa fa-exclamation-triangle"></i>
<b>Warning:</b> Updating with direct commands such as <b>Warning:</b> Updating <em>exclusively</em> with direct commands such as
<code>qubes-dom0-update</code>, <code>dnf update</code>, and <code>apt <code>qubes-dom0-update</code>, <code>dnf update</code>, and <code>apt
update</code> is <b>not</b> recommended, since these bypass built-in Qubes OS update</code> is <b>not</b> recommended, since these bypass built-in Qubes OS
update security measures. Instead, we strongly recommend using the <b>Qubes update security measures. Instead, we strongly recommend <em>first</em> using
Update</b> tool or its command-line equivalents, as described below. (By the <b>Qubes Update</b> tool or its command-line equivalents, as described
below, <em>then</em> using the direct commands for confirmation (see <a
href="https://github.com/QubesOS/qubes-issues/issues/6585">#6585</a> and <a
href="https://github.com/QubesOS/qubes-posts/pull/79">PR #79</a>). (By
contrast, <a href="/doc/how-to-install-software/">installing</a> packages contrast, <a href="/doc/how-to-install-software/">installing</a> packages
using direct package manager commands is fine.) using direct package manager commands is fine.)
</div> </div>
As a temporary mitigation until
[#6585](https://github.com/QubesOS/qubes-issues/issues/6585) is fixed, the
following update sequence is recommended (see
[PR #79](https://github.com/QubesOS/qubes-posts/pull/79)
for explanation and discussion):
1. Update dom0 with Salt.
2. Update dom0 by direct command.
3. Update templates and standalones with Salt.
4. Update templates and standalones by direct commands.
Example using only the command line (all commands with `sudo` or as root):
1. In dom0: `qubesctl --show-output state.sls update.qubes-dom0`
2. In dom0: `qubes-dom0-update --clean -y`
3. In dom0: `qubesctl --show-output --skip-dom0 --templates state.sls
update.qubes-vm`
4. In dom0: `qubesctl --show-output --skip-dom0 --standalones state.sls
update.qubes-vm`
5. In every Fedora template and standalone: `dnf -y --refresh upgrade`
6. In every Debian template and standalone: `apt-get clean && apt-get -y update
&& apt-get -y dist-upgrade && apt-get clean`
### Qubes 4.0 ### Qubes 4.0
Advanced users may wish to perform updates via the command-line interface. The Advanced users may wish to perform updates via the command-line interface. The