Not everything in my Debian template is installed with apt, so I created this short script to update also flatpak and uv tool applications. I hope this is useful for others.
(The warning below was added by the mods)
Warning: Updating with direct commands such as apt update is not recommended, since these bypass built-in Qubes OS update security measures. Instead, we strongly recommend using the Qubes Update tool or its command-line equivalents, as described in the docs: How to update.
#!/bin/bash
# Run all updates.
# Run this script with sudo.
# Clean up from time to time.
#rm -rf /var/lib/apt/lists/*
# I use Debian Onion repos and they're sometimes down, YMMV.
apt update
# bash strict mode from here; we'll update with whatever we got.
set -euo pipefail
# APT
apt upgrade -y
apt autoremove
apt clean
# flatpak
all_proxy=http://127.0.0.1:8082/ flatpak update -y
# Node packages (`npm`)
# Config in /etc/npmrc; packages installed in /opt/ out of PATH
HTTPS_PROXY="http://127.0.0.1:8082" npm update -g --loglevel verbose
# `uv tool`
HTTPS_PROXY=127.0.0.1:8082 UV_TOOL_BIN_DIR=/opt/sw/systemowned/uv/bin \
UV_TOOL_DIR=/opt/sw/systemowned/uv/tools uv tool upgrade --all
#TODO:
# - docker containers
# - Neovim/LazyVim plugins
# - someday/maybe: workaround for Brave Browser extensions and blocklists
You can put flatpak, uv and npm update scripts in /etc/qubes/post-install.d in your templates. In this way, your alternative package managers will perform upgrades when updating through the Qubes Update GUI. Example script for Flatpak that I use (found somewhere on the forums):
#!/bin/sh
# abort if not in a template
if [ "$(qubesdb-read /type)" = "TemplateVM" ]
then
echo "Upgrading flatpak apps..."
export all_proxy=http://127.0.0.1:8082/
flatpak upgrade -y --noninteractive
echo "Done upgrading flatpak apps"
fi