Any way to auto-update qubes

anonymous · August 21, 2020, 7:02am

Is there a way to auto update all the things, so that you just need to restart the computer or cubes every now and then instead of the constant clicking in the update manager?

Maybe a cron-job in dom0, is there a cli way to update?

fiftyfourthparallel · August 21, 2020, 7:54am

See qubes4-multi-update. The -atu option should give you what you want

anonymous · August 21, 2020, 8:16am

Thanks for the suggestion.

There is no official cli tools to accomplish the task?

I rather not run other stuff in my dom0. I’m not so good at reading code either so i have no way of auditing the script and if it does any other stuff than it says.

fiftyfourthparallel · August 21, 2020, 4:44pm

I see where you’re coming from, since dom0 is sacred to a Qubes installation and you don’t want to insert God-knows-what into that holy land.

The script is short and not particularly challenging to evaluate even for a programming newbie like myself, so this might be a good place to start learning how to read code, since it makes updating all your templates a breeze (especially if you have a ton of templates).

Another way of evaluating the script is to see if anyone in the community has said anything about it. Since the script is short and tasket’s Qubes tools are somewhat well-known in a technically proficient and security conscious crowd (Qubes OS users), chances are, a lot of knowledgeable people have looked over it over the last two years since it was last edited and didn’t find anything objectionable. Based on that, the likelihood of it containing anything malicious or harmful is very low.

It’s a bit like the reasoning behind why you trust major distributions like Debian (and to a lesser extent, Qubes).

qubesnewb · August 29, 2020, 10:05pm

sudo qubesctl --templates state.sls update.qubes-vm

QubicRoot · August 31, 2020, 5:15pm

On 4.0.3, this gives an almost immediate error that upgrades-status-notify doesn’t exist. Any idea what package I’m missing?

qubesnewb · September 1, 2020, 1:44am

sorry, missed a param,

sudo qubesctl --skip-dom0 --show-output --templates state.sls update.qubes-vm

the error before, without --skip-dom0 is cause /usr/lib/qubes/upgrades-status-notify only exists in qubes and not dom0. it’s part of qubes-core-agent.

one warning with this method - it will try to do 4 upgrades in parallel. sometimes stuff seems to take a long time or times out.

it is probaly better to supply --targets [qube] instead of --templates and do one after another like

for templatevm in `qvm-ls|grep -w TemplateVM|awk '{print $1}'`
do
    echo upgrading "$templatevm"
    sudo qubesctl --show-output --targets "$templatevm" state.sls update.qubes-vm
done

QubicRoot · September 1, 2020, 4:05am

Thanks.

I didn’t think dom0 was a “template”…

So, this method can never work to update dom0?

Re. parallel, can’t just set --max-concurrency <4?

QubicRoot · September 6, 2020, 5:00pm

Using “–targets” still required using “–skip-dom0”.

In my environment, I found it more useful to select by name:

for templatevm in $(qvm-ls --raw-list | grep "^debian\|^whonix.*[1234567890]$" | grep -v "\-dvm$"); do
    echo "Updating $templatevm..."
    sudo qubesctl --show-output --skip-dom0 --targets $templatevm state.sls update.qubes-vm && echo "Updating $templatevm Done" || echo "Updating $templatevm Error"
done

At this time the error check doesn’t work - it doesn’t seem qubesctl sets a return code…

makuoly · February 29, 2024, 8:08am

Thank you! Do you or anyone else know how run the script only when the Qubes OS Updater identifies available updates?