I am on a limited traffic plan, so for me it is important to know in advance how much traffic will an update use (like ‘zypper up’ in openSUSE shows). Unfortunately, the default Qubes Update tool does not seem to show that info even when clicking “Details”.
In section “Command-line interface” of the docs How to update there is a warning which strongly recommends using the Qubes Update tool for security reasons. While still learning about Qubes OS, I am careful not to risk the security of the system, although those tools may probably give more info about what is to be downloaded.
So, what is the correct and secure way to update and still be able to see what and how much will be downloaded in advance?
Run sudo qubes-dom0-update from the command line.
A window will open in your UpdateVM, and will show you the results of dnf update for dom0.
You will see what packages are to be updated, and how much will be
downloaded.
You can say “No” here, and then switch to the GUI tool knowing how much
will be downloaded.
You can do the same in templates.
If you have a number of templates cloned from the same base, then install
a caching proxy. I package apt-cacher-ng for Qubes, which works well.
This reduces the amount to be downloaded.
The GUI Update tool is sometimes used to make configuration changes in dom0
and in templates. If you don’t use it then you will miss these.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
The warning says “Warning: Updating exclusively with direct commands such as qubes-dom0-update…”. I understand that your suggestion is run the command and terminate its further action (the actual update) before it happens. However, as a newcomer to Qubes OS who is careful not to mess up anything, I would like to ask explicitly: Isn’t running the command this way unsafe as well? I hope you could elaborate in relation to the issues mentioned in that warning.
Do you think it is appropriate to suggest to the developers to include the functionality “show what will be done before it is done” in Qubes Updater itself? Currently that “Details” menu does not provide any detail whatsoever until the process is complete, so one neither knows what will happen, how it is progressing or anything else. What is the proper way to suggest such feature?
Run sudo qubes-dom0-update from the command line.
A window will open in your UpdateVM, and will show you the results of dnf update for dom0.
You will see what packages are to be updated, and how much will be
downloaded.
That window shows for such a short time that I can only see “Fedora…” with some progress indicators and then it closes. The in the dom0 console I read “No updates available”. I also tried the cli option --check-only but it didn’t provide the info I need.
You can do the same in templates.
How exactly?
I hope you don’t mind questions 2 and 3 from my previous reply as well.
I notice that the documentation has changed - the previous alarming security warnings are no longer there (assuming the related issues have been fixed) and now 2 Salt formulae are suggested as command line analogs of the Qubes Updater.
Unfortunately, running any of them does not show how much will be downloaded. In fact, they don’t even show how much has been downloaded after completion. So, no info about the traffic whatsoever.
I hope someone can explain how to achieve what I am looking for.
I can’t find, in the Qubes documentation, how to set this up and use it properly?
Forgive me to point out but this thread has a different topic. I would be interested to know what you are asking too but perhaps in a separate thread. In this way someone looking for info about it in the future will also be able to find the answer easily.
I’ve already explained this.
In dom0 - manually run qubes-dom0-update
In a template - manually run the package tool - perhaps sudo dnf update
or sudo apt update as appropriate.
In both cases you will see the amount to be downloaded. You say “No” at
the prompt, and then can decide whether to update using the GUI updater.
Currently it says “No dom0 updates available”. I will keep checking in next days. One thing is sure: this command dos not give info about how much will be downloaded during the process of checking for updates (refreshing the repository info). It is not insignificant, as I have seen (using vnstat) it downloads about 90 MiB only during this phase. This obviously raises the secondary question: is there a way to block automatic check for updates and do that only manually? (at least until a proper solution for displaying actual update details is found)
In a template - manually run the package tool - perhaps sudo dnf update
or sudo apt update as appropriate.
After reading the docs I see that the correct commands are: sudo dnf check-update (fedora) and sudo apt list --upgradable (debian). None of them shows total or individual package sizes to be downloaded. They only list the upgradable package names and their versions.
I would swear that when there are updates available you are informed how much it takes to download and how much it would occupy space on disk, prompting you with Y/n.
It’s good that you did some research for yourself.
But in this case you should follow what I said instead of what you read.
If you run the command in dom0,(when updates are available), you will see both the package names and how much will be downloaded.
If you run the command I gave, e.g in a Debian template apt update, you will see both the package names and how much will ve
downloaded.
In both cases, as @enmus says, you will be prompted whether to continue.
Say “N” if you want to use the GUI tool.
Although there is a proper solution, if somewhat unwieldy, you can
easily turn off automatic checking. Open Qubes Global Settings. Look at
the “Updater checks” section.
Now that I ran sudo dnf update in the fedora template it shows individual and total download size. So, indeed, this part of the question was answered. Thanks. Thank you for answering the secondary question too.
If you run the command in dom0,(when updates are available), you will see both the package names and how much will be downloaded.
OK. As I wrote, I will keep checking.
If you run the command I gave, e.g in a Debian template apt update, you will see both the package names and how much will ve
downloaded.
For Debian here is what I get:
root@debian-11:~# apt update
Hit:1 https://deb.qubes-os.org/r4.1/vm bullseye InRelease
Hit:2 https://deb.debian.org/debian bullseye InRelease
Get:3 https://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Fetched: 48.4 kB in 4s (11.0 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
7 packages can be upgraded. Run 'apt list --upgradable' to see them.
So, the only size shown is that 48.4 kB. Unless I am misreading this output, this is not the size of the packages that will be downloaded but rather just the size of the “refresh” of the repo info.
At least for Debian you can install Synaptic (you can download package once, transfer it, but do not install in a template, and from a template transfer it each time to a dispVM) in order to get arguably better visual preview according to your needs…
Although, I’m not sure if we are talking about gigs per month here, and each monthly plan should cover much more than that…
Setting a cacher qube would help you to spare bandwidth and it’s simple as
$ sudo apt full-upgrade
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
Calculating upgrade… Done
The following packages were automatically installed and are no longer required:
xxxxxx
Use ‘sudo apt autoremove’ to remove them.
The following packages will be upgraded:
xxxxx xxxx xxxxx
xxxxxxxxx xxxx
6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 20.9 MB of archives.
After this operation, 12.3 kB of additional disk space will be used. Do you want to continue? [Y/n]
Are you suggesting that the correct command for Debian is apt full-upgrade and not apt update as suggested by @unman?
And this indeed isn’t Qubes specific…
I believe you. My question is not intentionally a non-Qubes one. I am just struggling with things as I am new to Qubes and through that new to its components too (Debian included).
BTW my earlier question #3 from 2022-08-01 is still valid. I would be glad to know what you and others think about it. Thanks.
You just need to read what is written. If there’s no updates or upgrades, you won’t see anything. If there are updates but no upgrades, you use apt update. If there aren’t updates, but only upgrades you run correspondent command apt full-upgrade. if there are both updates and upgrades you run both commands? Do not forget `dist-upgrade.
Running the command isn’t the same as updating. You have to read what is written. It’s not the command that is “dangerous” but what it does and what you are letting it to do.
It’s not about if it’s appropriate. Anyone is free to suggest whatever feature she would like to. Proper way to do that is on Github,
