How to manually install individual packages in dom0?

So I am experiencing intermittent crashes after updating to 4.1.1. I am not alone in this:

Everything was fine on 4.1 before updating and I have never crashed using Qubes before this.

I am able to reinstall Qubes 4.1 and simply not update dom0 in order to operate without crashing, however in order to use Whonix I require the package qubes-core-admin-addon-whonix.noarch to be up to date in dom0 as otherwise it is not possible to shut down Whonix workstations (

What’s the standard way to update a single package in dom0? Do I manually do a dnf update followed by dnf upgrade or do I need to use qubes-dom0-update with the --action parameter perhaps? If anyone can provide me help with as much detail as possible that would be so helpful. Perhaps there is an easier way to achieve what I need? I’ve wasted a ridiculous amount of time configuring this system, issue after issue after issue…

Just to state the obvious, an un-updated R4.1 dom0 would be completely vulnerable today! You kind of have to update at least the packages affected by QSB-076 and higher, which will be a painful process if it’s one of those Xen or kernel updates that’s causing your crashes.


sudo qubes-dom0-update --action=upgrade qubes-core-admin-addon-whonix

If you’re updating to a specific package version, --action=upgrade can be omitted:

sudo qubes-dom0-update qubes-core-admin-addon-whonix-4.1.1-1.fc32
1 Like

Thank you that is very helpful.

Do you have any suggestions as to how I can get the latest 4.1 updates without upgrading to 4.1.1? I guess I’d have to manually update to the versions described in the latest 4.1 update, but how would I find a list of these packages and versions?

Or, is there an equivalent of this command sudo dnf update --security in the with the qubes-dom0-update tool and would this do what I want?

Obviously I’d much rather my system be fully up to date at all times but I can’t be on a system that crashes as that poses its own security risks. Every crash is an opportunity for file corruption to occur. Are you aware if there is anything being done based on the thread that I linked, if not what can I do to push it up on the priority list? Make an issue on GitHub? Contact somebody?