Safety when forced NOT to use Updater

Hard on the heels of a discussion about the Updater, it has just crashed 3 times in succession on an update to dom0: system froze, hard reset required.

This is not uncommon (usually on Fedora updates). I have used dnf in the template as a work around previously, as have others.

This time I updated via the GUI in Qubes Manager. It worked, via dnf update in xterm (or something that looked like it).

However, now I know that Salt is doing something extra with updates via the Updater - but I really don’t understand what - I’m suddenly wary that I have a system that isn’t fully patched.

What do I need to do here?

You have several (non-exclusive) options:

  1. Salt updates via the command line. The commands are in the email thread you linked, as well as more formally documented here:
  2. Report the Qubes Update tool bugs and hope they get fixed quickly so that you can use it more reliably.
  3. Use dnf, apt, etc. inside templates and qubes-dom0-update in dom0 for regular updates. It seems to be only rarely that Salt does any of the “extra” stuff you mention, and anything security critical would almost certainly coincide with a QSB, so you’d know (as long as you’re paying attention to QSBs).

@adw Sorry its taken me a few days to get to this.


However, despite having used Qubes for >2yrs now, I find myself squinting at the screen, muttering “What f&^@ is a ‘QSB’”?

OK, so I get it now (I got this info before by happening to look at your reddit stickies, I think). I could easily miss this, not because I don’t care.

Anyway. Just a signpost to where info is clear or opaque in all this, meant to be constructive.

6 posts were merged into an existing topic: What are Qubes Security Bulletins (QSBs)? How to find them?