Qubes OS 4.1.2-rc1 has been released!

We’re pleased to announce the first release candidate for Qubes 4.1.2! This patch release aims to consolidate all the security patches, bug fixes, and upstream template OS upgrades that have occurred since prior Qubes 4.1 releases. Our goal is to provide a secure and convenient way for users to install (or reinstall) the latest stable Qubes release with an up-to-date ISO.

Qubes 4.1.2-rc1 is available on the downloads page.

What’s new in Qubes 4.1.2?

Qubes 4.1.2-rc1 includes numerous updates over the initial 4.1.0 release, in particular:

  • All 4.1 dom0 updates to date
  • Fedora 37 template
  • USB keyboard support in the installer (#7674)
  • kernel-latest available as a boot option when starting the installer (#5900)

Testing Qubes 4.1.2-rc1

If you’re willing to test this release candidate, you can help to improve the eventual stable release by reporting any bugs you encounter. We strongly encourage experienced users to join the testing team!

Existing Qubes 4.1 users

If you’re not interested in testing this release candidate, and you’re already using Qubes 4.1, then you should simply update normally (which includes upgrading any EOL templates you might have) in order to make your system essentially equivalent to this patch release. No special action is required on your part.

Release candidate planning

If no significant bugs are discovered in 4.1.2-rc1, we expect to announce the stable release of 4.1.2 in two to three weeks.

What is a release candidate?

A release candidate (RC) is a software build that has the potential to become a stable release, unless significant bugs are discovered in testing. Release candidates are intended for more advanced (or adventurous!) users who are comfortable testing early versions of software that are potentially buggier than stable releases. You can read more about Qubes OS supported releases and the version scheme in our documentation.

What is a patch release?

The Qubes OS Project uses the semantic versioning standard. Version numbers are written as ... Hence, we refer to releases that increment the third number as “patch releases.” A patch release does not designate a separate, new major or minor release of Qubes OS. Rather, it designates its respective major or minor release (in this case, 4.1) inclusive of all updates up to a certain point. (See supported releases for a comprehensive list of major and minor releases.) Installing any prior Qubes 4.1 release and fully updating it results in essentially the same system as installing Qubes 4.1.2. You can learn more about how Qubes release versioning works in the version scheme documentation.

This is a companion discussion topic for the original entry at https://www.qubes-os.org/news/2023/02/09/qubes-4-1-2-rc1/

I assume the Xen version is the same as 4.1?

I’m really happy to see this updated ISO being published. We all know getting started in Qubes is hard (even for technical users) and it’s a real risk that newcomers don’t realize until too late that the ISO they installed already had outdated templates.

no matter if 4.1.1. r 4.1.2rc1 the checksumes und pgp signings dont go through.
no matter if i choose ftp.qubes or any other mirror.
using firefox, wget and still no luck,

what am i doing wrong? :frowning:

[user@disp2440 Downloads]$ wget -c -v https://mirrors.dotsrc.org/qubes/iso/Qubes-R4.1.2-rc1-x86_64.iso
--2023-02-10 19:06:13--  https://mirrors.dotsrc.org/qubes/iso/Qubes-R4.1.2-rc1-x86_64.iso
Resolving mirrors.dotsrc.org (mirrors.dotsrc.org)..., 2001:878:346::116
Connecting to mirrors.dotsrc.org (mirrors.dotsrc.org)||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6156189696 (5.7G) [application/octet-stream]
Saving to: ‘Qubes-R4.1.2-rc1-x86_64.iso’

Qubes-R4.1.2-rc1-x86_64.iso     100%[=====================================================>]   5.73G  22.8MB/s    in 4m 47s  

2023-02-10 19:11:00 (20.4 MB/s) - ‘Qubes-R4.1.2-rc1-x86_64.iso’ saved [6156189696/6156189696]

[user@disp2440 Downloads]$ gpg --verify Qubes-R4.1.2-rc1-x86_64.iso.asc Qubes-R4.1.2-rc1-x86_64.iso
gpg: Signature made Wed Feb  8 04:24:21 2023 CET
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: BAD signature from "Qubes OS Release 4 Signing Key" [unknown]
[user@disp2440 Downloads]$ sha512sum -c Qubes-R4.1.2-rc1-x86_64.iso.DIGESTS 
Qubes-R4.1.2-rc1-x86_64.iso: FAILED
sha512sum: WARNING: 20 lines are improperly formatted
sha512sum: WARNING: 1 computed checksum did NOT match
[user@disp2440 Downloads]$ gpg --verify Qubes-R4.1.2-rc1-x86_64.iso.DIGESTS 
gpg: Signature made Wed Feb  8 04:25:30 2023 CET
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: Good signature from "Qubes OS Release 4 Signing Key" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5817 A43B 283D E5A9 181A  522E 1848 792F 9E27 95E9

so the only thing that works is checking if the hashsums are probery signed :frowning:

Apart from the fact that you haven’t imported the Qubes Master signing
key, and then checked that the “Qubes OS Release 4 Signing Key” is
properly signed, it looks as if you’ve done everything right.
That is, you have confirmed that the file(s) you have downloaded are not
those that were prepared and signed by the Qubes team. This is a Good
Thing™ - that’s why you do the PGP and checksum verification.

How do you get a genuine copy of the iso? Change the mirror you are
using and change (if possible) the networking. It’s not impossible that
your ISP is doing some upstream caching and has cached a broken copy of
the file.
you could try using wget --no-cache , which should send directives to
skip any cache on a proxy.


the --no-cache option did the trick. thank you! :slight_smile: