There is still some malfunction or vuln in Qubes updater (gold gear in upper right corner). I have been waiting a long time to get hardware that was powerful enough for Qubes. I had a Thinkpad with pre-4.0.4 Qubes that was attacked. As I remember, the issue was with salt-mgt in the gui updater which would always fail. I could only update through terminal in each template but that is not recommended due to security considerations someone might explain to me. But now I have 4.1.1 on a brand new computer that is fully HCL (except for increasing screen brightness - please see S76 Galp6 topic if you know solution). Still, the updater is stalled and I can only update through Qubes Manager. I think this is a safe method otherwise why would “update” be in the Manager? What is the best practice in this situation and why is the sw updater not working properly? It’s a bug that has lasted several versions, so it would be good if someone found out what is going on with this. Thanks.
Many users are and have been successfully using the Qubes Update tool to perform routine updates. If there is a bug in that tool that prevents updates, it is clearly not affecting everyone. There is likely something about your situation that is causing the problem. However, without more details, it will be difficult for anyone to help you diagnose the problem.
You might begin by expounding on the first half of this sentence. When you say that the updater is “stalled,” what exactly do you mean? What exact steps do you take, and what exactly are the results?
Also, have you tried updating from the command line in dom0 as described here? What output do you receive?
If the issue effects me across hardware and ISPs in distant regions of the US, then it could potentially effect at least everyone in the US. I just used Qubes Update to update gateway and ws and now I am getting .onion injections, so actually it was strongest at fresh install state before updating. Then Qubes was ejected from the public wireless I was on. I tried connecting with TAILS with and without bridges. TAILS was also blocked. But Whonix on PopOS could connect to tor. I don’t have all the answers; that is why I am asking the forum. I can only report what is happening and fixing that should make everyone stronger. Unless your goal is to make software with holes in it deliberately when it is “just” one person’s situation, then it would be best for everyone to fix the vuln, otherwise, why doesn’t everyone go back to bare-backing http just because someone want access to your data? I have done nothing wrong. There should be no “lawful” intercept.
Stalling just meant the Update never made any progress after waiting more that 45min. But now when the update was successful, there are “flaws” (observable software behaviors that did not occur before).
I am hesitant to update Dom0 since I’m not even sure I trust the last update that was made. Maybe what happened only effects the onionsite (duckduckgo search anomalies) and not the Qubes side, but I’m not sure.