I have 2 questions about the way the qubes update tool works :
When launching the update tool, I can select all my templates and standalone VM when selecting the top checkbox, before the VM list. All the updatable VM will be selected, at the exception of the ones marked as obsolete.
However, in my templates, some are Windows based, and I don’t want to update them at the same time. I don’t use Windows VM often, and I update my Windows templates on a different schedule.
Is there a way to never select specified VM when checking the top checkbox, in the same way than the obsolete VM aren’t selected ?
I have few template marked as obsolete. This means the update tool will always be displaying the available update icon (but it’s for indicating that I have “obsolete” templates) and they will never be selected when checking the top checkbox in the update tool. The issue is that my “obsolete” templates are debian 11 based, which is still maintained and still have updates until August 2026. Is there a way to manually remove this obsolete status ?
I’m very well aware that debian 11 is the old stable and not the current debian version provided by the QubesOS team, however I can’t update this templates to debian 12. They are for specific softwares which don’t work on debian 12 and that I’ll not need after 2026 (for the general cases I have other up-to-date debian templates). I don’t really need a reminder that this templates aren’t the current ones, however I would appreciate to have an useful available update icon in the trayer and to update this templates at the same time than others, without the need to select them by hand.
The idea is to get a fluid upgrade process : there is the icon indicating there are updates, I click on it for opening the update UI, select all the usual templates to update (which means all the linux ones which still have updates) with a single click, launch the update in the background and check it few hours later. The cli isn’t as fluid for me.
Thanks for this. That’s a little hacky (I would haveprefered a dedicated option for this) but it kind of works for well for my debian 11 templates. However, the update tool still displays an available update icon in the trayer for informing me that I’ve obsolete templates if I mark the Windows ones as obsolete in order to exclude them with the top checkbox on the update tool. How can I disable this in order to have this icon only when updates are available ?
I have considered this recently. It is relatively easy to implement. But the design has be decided. Which one would you consider to be more user-friendly:
A new feature named “os-exclude-update-check”, “os-update-skip” or similar?
Setting os-eolto “n/a”, “skip” or something similar?
It’s better to use a separate feature instead of changing os-eol because user may want to exclude the clone of a standard template from updates temporary and reenable it later.
Some of the templates in question will have updates in my case (like the Windows 10 one), I need to see them in the update UI. I just would like to not select them when selecting the top checkbox, and without having an obsolete notification.
Updating Windows qubes using Qubes Update tool is not supported (at least currently).
But I guess it could be an option in the Qubes Update GUI tool settings to just not select the excluded qubes instead of hiding them.
Keeping everyone happy is very hard (if not impossible). The patch I will suggest gives the ability to hide selected qubes from update UI (+systray notifications, Qubes Manager and CLI updater). This is the feature that is requested by more than one user.
I think it’ll be easy to add an option in the Qubes Update GUI tool → Settings (gear icon) to change the default behavior of hiding the excluded qubes to not select then when selecting all qubes in the Qubes Update tool.
But I guess it’s better to create a separate issue for this.
Indeed, if a Windows template is selected, it will be started and then the user would have to launch the update process by hand.
You are both right, maybe it would be more appropriate to remove Windows templates from the update tool by default ? A parameter for removing selected templates from the update tool seems indeed be a good compromise.
(You may already be aware of all of this, in which case, that’s fine. It’s your decision. I’m just mentioning it in case you aren’t already aware and for others reading this who may not be aware.)
The patch for CLI tool is already done. Qubes with skip-update feature will be excluded by qubes-vm-update utility. But user could still target them with --targets option.
Qubes Update systray widget patch is also ready. It will not alert about outdated or obsolete qubes with skip-update feature.
For the 3rd part, I am doing it a little bit differently (with more options). The two new options at the bottom of Qubes Update GUI settings (picture below). Users could still override them with --targets command line option.
I am not 100% comfortable with mentioning skip-update capability in the GUI Settings. This is a really advanced & potentially dangerous feature which might be better to remain hidden from GUI tools to avoid confusing beginner & novice user. What is your suggestion?
On second thought, I agree with you on this, this could confuse the users and they could mess things up.
I think it’d be better to just do everything using CLI and add the features to dom0 so the advanced users could set these features using qvm-features e.g.:
