Unman arch template/updating qubes components


I have spent the entire day trying to resolve this issue without joining the forum but it appears I have no choice but to join and seek assistance. It also appears I can’t post more than 2 links as a new user so urls have been escaped, sorry for the inconvenience, but at the same time you’re welcome for having to read the url before accessing it rather than clicking on a link from a stranger.

To begin, Qubes 4.1.2 so if I need to just upgrade to 4.2.0 even though it is still in RC status then I guess I can try that out but I believe there was an issue with the iso and both 4.1.2 and 4.2.0 did not boot in Grub2 mode or with kernel-latest.

Now, I’m trying to update a template made by @unman from 3isec-templates since apparently there are some issues with building templates from scratch. If anyone wants to discuss the template issue, let me know because I’d love to sort that out so I can document it in my knowledge garden and teach others how to use Qubes.

Trying to update using pacman -Syu reveals that I can’t update python to the latest version, which I actually need, as in hard requirement, to be able to work on Veilid.

Configuring pacman to ignore python, it updates fine. However I still need python updated, so I find https://github.com/QubesOS/qubes-issues/issues/8170#issuecomment-1587743518 which points me to https://ftp.qubes-os.org/repo/archlinux/r4.1/current/vm/archlinux/pkgs/ which appears to also be mirrored at https://archlinux.qubes-os.org/r4.1/current/vm/archlinux/pkgs/ which I currently have in my /etc/pacman.d/99-qubes-repository-4.1.conf

I tried manually installing as suggested, however I ran into an issue with pacman where despite the key in question being trusted in gpg.

gpg --verify showing db.sig/db good signature by ultimately trusted key, pacman -S replies unknown trust for same key

Now, before anyone says I should use Full instead of Ultimate trust on this key, I agree. However gpg is also exhibiting problematic behavior where if I set the trust to 4 instead of 5, it reports it as unknown. Only when setting it to 5 does it show trusted.

I’ve grabbed and imported the keys listed in other issues I’ve come across, such as https://github.com/QubesOS/qubes-builder-archlinux/tree/master/keys and from https://keys.qubes-os.org/keys/ I’ve grabbed dev, master, os-security-team, and release 4 signing keys. I’ve also tried installing the keyring through pacman and I get the same feedback from pacman.

As far as networking is concerned, I’ve seen some troubleshooting requiring connecting directly to the netvm in the past, I don’t know what is current best practice however I have tested and had no success either way.

Multiple reboots have taken place to ensure settings are not dependent on reboot for full effect. pacman-key --init has been run and repopulated multiple times.

If there are any log files that would assist with troubleshooting, let me know.