How to update

Has anyone the time and effort to explain to me and maybe other people what the downside is with updating templateVMs via terminal inside the vm (dnf update; apt update etc)?

From here:

I did understand that it bypasses the default-management disposable vm via terminal but i would like to know how this could lead to a malicious templateVM and possible dom0 infection? To be honest i used the terminal a lot of times (i guess i’m not the only one ^^) for example when setting up a new minimal template and before installing new packages i updatet it of course.


Would be great if somebody could bring some simple light into this

The Qubes Updater uses salt to run the updates and deliver some
additional configuration/provisioning, often as result of some Security
If you update in the terminal you will not get these extras.

I am curious to see any recent examples of such extras, to understand better what you mean; when you have time.

Depending on how you define “recent,” this PR includes some examples:


So what happens when the updater keeps crashing the system?

Some updates make problems. My last two were okay but before that I could not get the system to survive. The only way I could update the templates was by using “Update” in the Qube Manager. That is in the terminal as well, no?

If we do update this way can we catch up on the Salt extras later?