I just run an in place update from 4.1 to 4.2 and noticed a couple of minor things that perhaps would belong into a readme first. One of them is related to having mirage firewall instead of the standard system firewall qube. The update script fails every time with being unable to shutdown the firewall because sys-whonix is running. But even if sys-whonix is reconfigured to not require that firewall, it still fails due to some error 20 on the output log of mirage firewall. Of course, easy to solve by creating a standard sys-firewall and replacing mirage for the update, but that’s one more step.
The other one could be related to some applet loaded by me but the xfce panel refused to start by default. Just starting it by hand (with xfce-panel) once solved the problem moving forward.
Hi @flavio , would you mind to share (here or via DM) the log with error 20? I went to 4.2 with a fresh install, and therefore haven’t anything related, but it would be worth fixing that issue
I’m not sure if this documentation is really necessary.
Since mirage-firewall is not coming out-of-the-box with Qubes, people have to do some manual work to integrate it into Qubes. And people who manage to install mirage-firewall probably have no big issues to use the upgrade script/switch their update-vms/shutdown mirage manually.
Unfortunately, I didn’t save the log. It was easy enough to replace the VM’s and move on. Initially, the mirage firewall qube would not shutdown (understandably so) because sys-whonix was attached. Once I moved sys-whonix to attach to sys-net instead, mirage firewall shutdown, but there was that error message that prevented the process from moving forward. At this point, the only way to reproduce the error would be to create a completely new 4.1 install, replace sys-firewall by mirage firewall and try the in place upgrade, and I don’t know if there are enough people using mirage firewall to justify the effort.
Instead, perhaps a message saying: if you are using mirage firewall and would like an in place update, remove mirage firewall and go back to a standard sys-firewall would be easier and more effective.
Understood and I have the same feeling, but letting people know (perhaps by having this post in the forum) beforehand would be more user friendly than letting them experience the error without warning
That is interesting because none of these people seem to use mirage firewall qubes. There seem to be two issues at play here: one is the dependenciy of sys-whonix on sys-firewall, which can be overcome, as I did, by moving sys-whonix to sys-net temporarily. The other is the exit error condition 20 from the mirage qube.
