When I first installed QubesOS, one of the questions asked by the installation wizard was “Do you want to download updates via Tor” (or something to that effect). I selected “No,” as I don’t want to download updates at all. But instead, I got updates that were apparently downloaded without the benefit of Tor.
I now want to remove those updates that were downloaded but not installed, as I don’t trust them. How can I get rid of them?
BTW the installation wizard question “Do you want to download updates via Tor” should really be split into two questions: (1) Do you want to download updates? (2) If yes, do you want to download these updates via Tor?
why don’t you trust them? They are signed so if they got tampered with, the system could detect it.
Worst case scenario, you could download the files over clearnet on a compromised server over http, this wouldn’t matter, the signature would allow to tell if the file is legit or not.
why don’t you trust them? They are signed so if they got tampered with, the system could detect it.
Worst case scenario, you could download the files over clearnet on a compromised server over http, this wouldn’t matter, the signature would allow to tell if the file is legit or not.
I don’t trust these updates because, in the past, I’ve gotten malware as a result of automated updates.
I tried apt-get clean, apt-get autoremove, and apt-get autoclean, but none of them did the trick. Thanks, though, for pointing me in the right direction.
Maybe I misunderstood what you meant by “updates” in “I now want to remove those updates that were downloaded but not installed”.
Can you clarify? How do you identify that there are updates downloaded but not installed?
I think you’re more likely to get into trouble by not installing an update than by installing them!
If you still don’t want to install the updates, you can disable it in “qubes global config”. You could disable updates for all qubes or just the ones you want.
This is a great question and goes to the heart of the matter.
Equally relevant is the obvious question - what command did you issue to
download but not install these packages?
I cant see that any one has yet asked @bkgrrl00 these questions, and the
answers are essential to giving an answer to his original question.
I did disable updates in Global Config, but the downloaded updates are still there. Or, at least, the icon for downloaded updates is still displayed in the State column of the Qube Manager.
In my view, when I disabled updates in Global Config, the updates that were previously downloaded but not installed should have vanished.
I did not issue any command to download these packages.
As I mentioned earlier, when I first installed QubesOS, one of the questions asked by the installation wizard was “Do you want to download updates via Tor” (or something to that effect). I selected “No,” as I don’t want to download updates at all. But instead, I got updates that were apparently downloaded without the benefit of Tor.
Shortly after installing QubesOS, I changed my Global Config settings to prevent updates. However, despite this setting, in the State column of my Qube Manager, there is a down arrow ( ) next to each of the template qubes. It’s my understanding that the down arrow indicates that updates have been downloaded but not installed.
That’s not a good reason. If you don’t trust cryptographically-signed updates (which you should, at least those signed by the Qubes developers, who made the OS you already installed from an ISO that they also cryptographically signed), then you shouldn’t use Qubes OS (or any OS, for that matter) at all, as it’s impossible for Qubes OS (or any OS) to continue to provide security without ongoing updates to fix new security vulnerabilities as they arise.
icon for downloaded updates is still displayed in the State column of the Qube Manager.