What is the best way to update QubesOS? Which repos are best, and which mirrors are reliable to update
over Whonix? Which file is this configured in? Which directory?
This is the recommended way:
That depends on your needs, but I generally recommend sticking to the defaults, unless you know you need to change them.
This I don’t know, but in case it helps, you can see that there are some onion repos on the full list of download mirrors.
In dom0 and Fedora-based qubes, have a look at the files in /etc/yum.repos.d/.
In Debian-based qubes, have a look at the files in /etc/apt/ and /etc/apt/sources.list.d/.
(This answer is kind of basic; hopefully someone else can give you more advanced information, if that’s what you’re looking for.)
I checked my repos in /etc/yum.repos.d/ and realized they might be out of date. I have the following repos:
3isec-dom0.repo
https://qubes.3isec.org/rpm/r4.1/current/dom0/fc32/
fedora.repo
http://download.fedoraproject.org/pub/fedora/linux/releases/32/everything/x86_64/os/
→ Should this be switched to f38?
fedora-updates.repo
http://download.fedoraproject.org/pub/fedora/linux/updates/32/x86_64/
qubes-dom0.repo
http://yum.qubesosfasa4zl44o4tws22i6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/4.2/current/dom0/fc32
qubes-templates.repo
http://yum.qubesosfasa4zl44o4tws22i6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/4.2/current/dom0/fc32
→ Is this the best .onion repo?
If this is in dom0 on Qubes 4.1, then Fedora 32 is to be expected:
https://www.qubes-os.org/doc/supported-releases/#dom0
I think that question is unanswerable until you define “best.” When it comes to things like this, it’s generally recommended not to mess with the defaults, unless an official source says so or you know what you’re doing. You could break your system or weaken your security in ways you don’t understand.
1 Like
I just find that my templates are perpetually out of date and so they become very buggy and crash all the time. It would be better if there were some type of “rolling release” system to make sure that updates are automatically fetched and applied. I find that even the fetching of new updates is cumbersome.
This is the reason I’m questioning the URLs of the code repos that are supposed to be used within
the /etc/yum.repos.d/
Dom0 being Fedora-based doesn’t limit your template options. You’re free to use other OSes for templates. You can see a full list of available templates here:
I would say that dom0 being Fedora-based does actually limit your template options, as it is the most used part of QubesOS for system administration. There is no way of switching the distro.
The other issue is; does the version of Fedora used by dom0 receive updates? Is it possible to update from f32 to f38 ? (for example).
Futhermore, is the f32 used by dom0 a minimal, stripped down version of the OS? Is it similar to something like a unikernel(LibraryOS)?
Can you give a couple examples for those curious?
Yes, only by installing a new Qubes version.
2 Likes
Please explain what you mean. In Qubes OS, you can install many different templates that use many different operating systems, even though you can’t change the OS used in dom0. How, then, does dom0 being Fedora-based limit your template options?
I think what would be a smart idea is to have the dom0 OS be switchable by way of the Qubes Manager,
you right click on the dom0 VM and go to settings, then change the template to a template you have installed.
But what exactly do you want to achieve with that?
1 Like
Currently, dom0 isn’t based on any template. I think it would require a significant redesign of the system to make dom0 based on a template. I’m not even sure if it’s possible. It’s also not clear what the benefit would be. Even if this were to happen, it’s still not clear how it would give you more template options.
Then what is dom0 based on? Why does it use dnf?
Dom0 is based on Fedora and indeed uses dnf. But you should not install anything in it. So why do you care?
I mean, why is it such a controversy to ask questions? I would just like the option of switching to a dom0 which is based on Alpine Linux, as opposed to Fedora.
Is there a document which describes how Fedora and dom0 are integrated? Is it done using an .iso?
There is no controversy. We are just curious what exactly is inconvenient for you with Fedora in dom0. Perhaps you can achieve what you want with Salt, which doesn’t depend on it? Or, depending on your needs, we could suggest some other things. Or maybe you do not fully understand the compartmentalization approach of Qubes if you want to use dnf in dom0?
I am simply trying to achieve transparency into dom0 because it is quite opaque right now. There is a lack of documentation on its software stack.
Which question about dom0 do you have exactly? It’s Fedora with some packages removed. Full list can be obtained with dnf in dom0. No software should be run there.
What exactly is opaque about dom0? Everything is open source and documented on both Qubes and Fedora ends. What you want to do with alpine is to build everything from scratch and patching a few things along the way because fedora and alpine don’t work the same. You can try it yourself with qubes-builderv2, edit every single component that runs in dom0 and then start a new thread here to show us what you were able to do.
Where is this documentation that shows where dom0 ends and Fedora begins. I find the existing documentation confusing an unclear. There is no diagram that shows how Fedora is integrated into dom0.
Can you demonstrate documentation that shows how dom0 and Fedora software stack is structured?
Is there a diagram?