How to stop Qubes from updating kernel?


I want to know how to keep qubes from updating the kernel?

Now I have kernel-5.15.x and every time qubes updates it to 6.1.x I get a black screen that doesn’t go away as soon as I log in. I had the same problem once with kernel-5.16.x so I guess I should stay at 5.15.x

Is there maybe a command or a setting that forbids qubes from updating the kernel while still updating everything else?

I guess that locking a package version (it’s called pinning) should work:

You should also report the issue to qubes-issues so a fix could be found and you could continue to update regularly.

Sadly it doesn’t work. The command

sudo dnf install ‘dnf-command(versionlock)’

gives me the output “No match for argument: dnf-command(versionlock)”

In dom0 you need sudo qubes-dom0-update 'dnf-command(versionlock)'

Thanks yes that solved it!
Now I can update dom0 without issues

There’s a series of linux kernel 5.15.x in qubes repo: linux-kernel-515 v5.15.130-1 (r4.1) · Issue #4007 · QubesOS/updates-status · GitHub . I think it’s best to keep updating linux kernel to get the potential security fixes.

You may be able to install that series by command: sudo qubes-dom0-update linux-kernel-515. Then you can boot into linux-kernel v5.15.124-1 and remove the linux-kernel package.

I’m not sure what you mean, because I already have a kernel with version 5.15.x
The problem is when I update to a kernel with version 5.16.x or higher that this breaks my system

I mean, 5.15 is a LTS kernel version, and ‘linux-kernel-515’ is the package that ships the latest 5.15.x kernel to you. The version of ‘linux-kernel’ package has bumped to 6.1.x, but you can still have latest 5.15.x kernel ( instead of sticking to a single version like 5.15.89 ) by installing ‘linux-kernel-515’.

1 Like

Okay thanks.

What I still don’t understand is, when I remove versionlock from my kernel and then install linux-kernel-515, how do I stop qubes from updating my kernel to a higher version as 5.15.x as soon as qubes wants to update dom0? Is that what you mean with remove linux-kernel package? If yes, how do I do that?

I don’t know specifically about those two packages, but the reasoning is correct.

The linux-kernel and the linux-kernel-515 in this case are two different packages, that would get updated on different schedules.

The first would provide updates for multiple kernel series, whereas the second would only provide updates for the 5.15 series of the kernel.

By removing linux-kernel, you stop tracking those more frequent updates. This works in the same way that you don’t get updates for any other package that is not installed on your system. There isn’t any special magic here beyond the (clever) idea of publishing some packages that will only by updated when a given kernel series is updated, like linux-kernel-515.

Again, I’m assuming those are the names of the packages in question as I am not familiar with them. But that’s the general idea of how this kind of selective updates can be enabled by offering more than one package to install a given piece of software (in this case, the piece of software is the kernel.)

1 Like