Hi,
In Qubes 4.1 I used to update templates using these commands.
In 4.2 they still work, however the way the GUI updater, Qubes OS Update, works seems different - unlike the commands from above, it no longer starts an additional disp-mgmt-* qube but updates the templates directly.
My questions are:
Why is it different in 4.2?
How can I update from command line in the 4.2 way, i.e. without starting disp-mgmt-* disposables?
The new update tool is named qubes-vm-update:
usage: qubes-vm-update [-h] [--max-concurrency MAX_CONCURRENCY] [--restart] [--no-cleanup] [--targets TARGETS | --all | --update-if-stale UPDATE_IF_STALE] [--skip SKIP] [--templates] [--standalones] [--app]
[--dry-run] [--log LOG] [--no-refresh] [--force-upgrade] [--leave-obsolete] [--show-output | --quiet] [--no-progress]
options:
-h, --help show this help message and exit
--max-concurrency MAX_CONCURRENCY
Maximum number of VMs configured simultaneously (default: number of cpus)
--restart Restart AppVMs whose template has been updated.
--no-cleanup Do not remove updater files from target qube
--targets TARGETS Comma separated list of VMs to target
--all Target all non-disposable VMs (TemplateVMs and AppVMs)
--update-if-stale UPDATE_IF_STALE
DEFAULT. Target all TemplateVMs with known updates or for which last update check was more than N days ago. (default: 7)
--skip SKIP Comma separated list of VMs to be skipped, works with all other options.
--templates Target all TemplatesVMs
--standalones Target all StandaloneVMs
--app Target all AppVMs
--dry-run Just print what happens.
--log LOG Provide logging level. Values: DEBUG, INFO (default) WARNING, ERROR, CRITICAL
--no-refresh Do not refresh available packages before upgrading
--force-upgrade Try upgrade even if errors are encountered (like a refresh error)
--leave-obsolete Do not remove obsolete packages during upgrading
--show-output Show output of management commands
--quiet Do not print anything to stdout
--no-progress Do not show upgrading progress.
It’s similar to qubesctl. You can target specific qubes and set the max concurrency for example.
As for why it was changed, I can’t answer for the developers, but I suspect it was done to remove the salt dependency and all the problems associated with it (deprecated dependencies related to salt and distro patches breaking things, for example).
Thanks!
How did you learn about this new tool? (trying to figure why I have missed it)
I check the Qubes OS github quite often, and I spotted a few pull requests related to it a while back, so I started using it in 4.2 instead of the GUI. It’s used by the Qubes updater in the background, you can check for example with ps aux while it’s doing updates.
I don’t think it’s officially announced anywhere, so it’s a bit hidden for now. Might be a good idea to add it to the “How to update” documentation.
Thanks.
Might be a good idea to add it to the “How to update” documentation.
Indeed. Have you suggested that on GitHub?
I don’t have an account there unfortunately, and the signup process isn’t really TOR friendly the last time I checked.
It works with Tor but requires JS for the captcha. After most things work with JS disabled. In the worst case, you will be pseudonymous (just like on Qubes forum).
Maybe something has changed, btu Github wasn’t Tor-friendly.
It caused issues on the registration or afterwards.
Maybe something has changed, btu Github wasn’t Tor-friendly.
Can we probably have this thread split?