Disable Qube updates for a specific qube

Hello guys,

I need to disable the update for one qube. How can I make that qube not to appear in Qubes Update?

Best,

Ivan

qvm-features <vm> updates-available ''

https://dev.qubes-os.org/projects/core-admin-client/en/latest/manpages/qvm-features.html#updates-available

or

qvm-features <vm> service.qubes-update-check ''

or

qvm-features <vm> supported-service.qubes-update-check ''

you can check first by typing qvm-features <vm> then make sure the 3 features i mention there is empty value.

1 Like

To do this from the Qubes Manager, is slightly unintuitive, but the process is:

  1. Go to Qube Settings for a qube
  2. Go to the Services tab
  3. Click the dropdown and select qubes-update-check
  4. Click the “+” to add the service
  5. Uncheck the checkbox of qubes-update-check

(update check will be disabled on next boot/reboot of the qube)

You can also do this for all qubes at once by going to:

  1. Qubes Global Settings
  2. Click on Disable checking for updates for all qubes
  3. Uncheck Check for qube updates by default
1 Like

Note that there is a difference between disabling updates and disabling update checking. There is also a difference between disabling updates for a TemplateBasedVM and disabling updates for the TemplateVM on which the TemplateBasedVM is based. There is also a difference between disabling updates for a VM and making that VM not appear in the Qubes Update tool.

Generally speaking, no one should be trying to disable updates for a specific TemplateBasedVM, since that doesn’t make sense. The TemplateBasedVM simply inherits its updates from its TemplateVM. So, you’d want to disable updates for the TemplateVM instead, which would affect all TemplateBasedVM based on it.

Finally, it is not recommended to disable updates for anything, since keeping up with security updates is one of the most important ways to keep your system secure.

True, but OP specifically asked about stopping Qubes appearing in the
Update Tool, and disabling update checking helps. It would not stop
templates from appearing in the list but they would be greyed out and
not included in updates by default.

There are a few cases where disabling updates in this way is useful.
First, where you have a copy of the original template and wish to
preserve that in case of disaster.
Second, where some package configuration requires you to use older
packages. This can happen in Debian(e.g) where updating some libraries
will block functionality in a program.

This is another case in which Qubes comes out on top - you can clone
the template you are using and use the cloned template, not updated,
for a particular qube, while all your other qubes benefit from the
security updates.

Probably other cases too.

1 Like