As pointed by HW42 here the public key downloaded from here permits to do verify the ISO prior of booting the installer successfully (where downloaded key from keys.openpgp.org is not importable. Might want to document where to download public key in OP here.)
Commit here. (Will cherry-pick and push in new PR once QubesOS 4.1 installer over Heads ISO boot: blivet doesn't find mount attribute on already mounted loopback device for install when installing packages · Issue #6792 · QubesOS/qubes-issues · GitHub is fixed)
@fepitre : Can you look quickly into QubesOS 4.1 installer over Heads ISO boot: blivet doesn't find mount attribute on already mounted loopback device for install when installing packages · Issue #6792 · QubesOS/qubes-issues · GitHub to let me know if I need to add more info there? It was tagged as needing diagnosis by Andew, where all information was already provided. Please tag me there if you need more input.
Is it normal for a download that says it’s 5.1 GB to show up as 5.4 GB after its downloaded? This has me curious. It happens with me frequently. Might be worth looking into, might be paranoia. Anyone wanna take a guess?
You should be sure of the units you use…It 's 5.4GB vs 5.1GiB…In an the cases compare in Bytes
A post was split to a new topic: Qubes 4.1 Does Not Have the Whisker Menu
this can happen because some software counts kilo, mega, gigabytes by multiples of 1000, other 1024, and it can also vary depending on the blocksizes of the filesystem the file is stored on.
either way, it is always good to check via pgp signatures, or at least checksums like sha256 or sha512, e.g.
@fepitre is it possible to have a similar setup for 4.2? Some users are interested in testing with an already built ISO.
Yes, this is in the pipe.
We have integrated and added
kernel-latest by default into Qubes OS ISO (see Latest kernel in ISO · Issue #5900 · QubesOS/qubes-issues · GitHub). There is no need to have separate ISO flavor for
hey! I am modifying qubes-builderv2 to run Xen 14.7rc and a fedora-37 for dom0.
Wanna test it?
Try build script once we are done?
Is the signing key signed by the qubes master signing key?
No and you could check that on your own
Thanks for the reply
It would be nice then if it could be added to the GPG keys of Qubes Security Pack on Github so we’d have another place to verify it from.
@Scumbag I think this is purposefully separate from the official releases and for practical reasons has a lower requirements of release security.
I have unpinned this topic. If it is needed to be pinned at any other point in time, let me know. (for example, to encourage users to test 4.2).
@fepitre Any news on this?
Following the post:
It would be nice to be able to test this easily (while as you know, detached signed ISOs facilitates integrity+authenticity).
Downloading https://openqa.qubes-os.org/tests/55506/asset/iso/Qubes-202212113-4.2-x86_64.iso now but would be better if iso and iso.asc were accessible from
Still not finished, we are still debugging new 4.2 with dom0 being Fedora 37. We had an unexpected series of issues with installer and other stuff that took us more time than expected. I’ve setup weekly builds for 4.2 already and there exist some ISO uploaded to openqa by @marmarek. Next run is on Thursday so I would announce it.