So yesterday I installed Qubes on my PC, but after attempting to update I am getting some unusual results. Yesterday it was saying there was only updates available for dom0, so I updated them, after a restart it is saying there are now updates for fedra-30, unfortunately, after a restart, qubes is still showing ‘fedora-30’, only this time I can no longer select it for update, but there are updates for the whonix ws and gw, and yet after updating the cycle continues. What is going on here?
When I attempted to update using ‘sudo qubes-dom0-update’ I got the following errors :
I try again, this time through sys-firewall (both had internet connections) and it says it is downloading updates for ‘Feodra 25 -x86_64’ even though apparently Fedora 30 is already installed on the system, aswell as ‘Qubes Dom0 Repository (updates)’
Then just says:
‘Nothing to do.’
'No packages downloaded
Regardless the Qubes updating is showing updates for whonix/fedora/dom0.
This is a fresh install of Qubes R4.0.3, although a similar thing happened on my laptop after updating through the updater from version 3.2, but this is now happening on a completely fresh install.
Previously on Qubes I would have no problem finding and installing the required updates through either the updates prompt or through right clicking a qube and selecting update qube. Is there something I’m missing about the updates process on R4.0? I have just tried updating Fedora through the terminal and has just now successfully started ‘fedora-32’, although I am still concerned as to why the updater is missing the fact that fedora hasn’t been updated, surely this should be managed through there? How do I make sure I’m not missing any important security updates if the updater appears broken?
Ok, so now the qubes updater is saying there are updates for fedora-32 and the whonix ws and gw, although it gets stuck updating fedora with no progress no matter how long I leave it…
It seems strange since the two update processes should be totally different and yet you’re having 3 problems at the same time…
Updating dom0 Issue
That problem seems related to this yet to be solved issue:
Please check it to see if that’s indeed your problem
AppVMs Not Reporting Updates
Just to see if I got this right: your issue is that AppVMs are not reporting updates in qubes-updater. Right?
I think the way TemplateVM know they are lacking updates is through a little program that runs in each AppVM every so often so check if there are, in which case it will report the TemplateVM as in need of updating. See a related discussion on that here: Qubes-OS automatic update check interval
AppVMs Getting Stuck Updating
For this have you tried updating manually the VM in a command line to see what it reports?
It is possible that they hand if there is some unresolved update issue
Thanks for the information on this, yes it does seem to be the open issue you linked to, although since then some other weird things have happened that could potentially be a cyber attack.
I have previously been a victim of cyber attacks against me, as for the specific reasons why I can only speculate, but I suspect its a sophisticated (likely state actor) organization. My PC was one day saying IOMMU is not available, and then the next it says it is and all updates were available - this obviously left me feeling very confused - but I now personally have reason to suspect someone has access to my flat also, so an evil maid attack is a real possibility now. It could be a mixture of things, but I now need to rule this out by reinstalling everything unfortunately. It sounds very paranoid, and the extent they have gone through is crazy, I really don’t understand it there is no good (or legal) reason to target me in this way. The only reason I’m mentioning it is that this is the QubesOS forum, and the ‘Evil Maid’ attack is recognized as a real possibility, and it certainly is now.
Obviously it is very strange that it would be showing all of the updates on my PC with no change other than shutting the PC down and trying again the next day, and then after a reinstall from a Qubes USB, the same problems emerge. Now, all of a sudden, I can only use the internet through whonix - I had previously used the clear-net with firewall settings blocking literally all ips other than the bare minimum necessary for my work - so I suspect this could be to get around that. These firewalls have been completely reset to allow all outgoing connections - no internet - but whonix connects just fine. I have been unable to find a way of limiting the outgoing connections to specific IP addresses with the whonix firewall. Hopefully I can report back after a successful reinstall.
Also it seems that the ‘could not delete old database’ error is inconsistent - sometimes it gives me updates, only these never persist after restarting. This time I got this error: ‘Error while verifying qubes-input-proxy-receiver-1.0.19-1.fc25.x86_64.rpm’ but it may well be a completely different error the next.