During Dom0 update
$ sudo qubes-dom0-update
I received following messages:
Setting up and reading Presto delta metadata
Processing delta metadata
Packages(s) data still to download: 25M
*** ERROR while receiving updates:
Domain firewallvm sent not signed rpm: libvpx-1.2.0-1.fc18.x86_64.prm
This guide
http://qubes-os.org/trac/wiki/SoftwareUpdateDom0
doesn’t cover this situation
This thread
suggests:
“You can check details in /var/log/qubes/qrexec.XID.log (where XID id of firewallvm, you can get it with qvm-ls -i).”
This file
/var/log/qubes/qrexec.2.log
contains all the same lines
“eintr
Domain firewallvm sent not signed rpm: …
No delta-package files removed by presto
eintr”
Marek: “By disabling verification (editing yum.conf and qubes-receive-updates) you probably allowed that attack to be successful against your system.”
if i change line
gpgcheck=1
to
gpgcheck=0
in
sudo nano -w /etc/yum.conf
then I still receive the same messages (about “not signed rpm”).
$ sudo /usr/lib/ques/qubes-receive-updates
Domain None not allowed to send dom0 updates
I don’t want to copy rpm’s like in this page
http://wiki.qubes-os.org/trac/wiki/CopyToDomZero
because these are not additional software. I think that update procedure should work automatically.
There is also similar problem in this unanswered thread:
So, how to perform Dom0 update right?