I’m managing my setup using salt and recentlly became aware that the salt setup appears blind to available updates in my fedora-42 template. Independently of whether I am using the QubesOS/distributed update.qubes-vm or include a *.sls file containing
any qubesctl-mediated action reports that no packages are available for update. If I, however, start the template manually and runsudo dnf update on the console I get hundreds of available upgrades.
I have investigated the corresponding policy files and everything points at sys-whonix as the update VM.
debian-based templates appear to be up to date indeed.
Any pointers on how to figure out what is going on here?
Thank you.
First feedback: changing updateVM to sys-firewall didn’t fix this. But I now see an error Could not create DNF metadata cache - this error does NOT shop up when using sys-whonix.
I looked around and found an old post of yours here:
Changing the repo lines for fedora to http://HTTPS/// did not seem to fix it either.
After manually updating the corresponding fedora templates (using dnf update && dnf clean all) all went back to normal - packages I can see as updatable from within the template system are being updated via salt as well.
In brief: I have no idea what happened here. Very unsatisfying. There were approx. 700 packages updated manually and I am at a loss on how to pinpoit potential culprits.