What should I do after accidentally updating dom0 to the qubes-testing repository?

Hello, I am hoping for some help from some qubes experts here.

I am worried about my Qubes 4.2 system due to a mistake that I made while updating dom0: I ran the qubes update utility on dom0, while I had (unknowingly) mistakenly enabled the testing repositories in the qubes global configuration utility. After the dom0 update finished, I reviewed the text log of the updates shown in the GUI. I was confused to see that it had installed packages from the testing repository, so I opened the global settings utility to find that somehow the testing repositories option was checked (instead of the stable repository).

My question is: how can I fix this? I changed the setting in the global settings back to the stable repository, and did another update. However, the qubes update utility just said that dom0 was up to date, and didn’t change anything.

Another question: is the security of my system damaged by my mistake? Or is this just a configuration problem that I have to address?

Finally, two notes of feedback for the developers. First, it would be great if (at least for dom0) before actually installing, the qubes update utility makes a statement to the user about what packages will be updated (and from which repos) and gets the user to confirm that it looks OK. That would have prevented my problem here.

Second, the documentation for the testing repos has a warning:

Software testing is intended for advanced users and developers. You should only attempt to do this if you know what youre doing. Never rely on code that is in testing for critical work!

If this setting requires the user to be so advanced, then I don’t see why it needs to so easily accessed in the qubes global setting utility. An advanced user could be trusted to change this setting using a command line method. Thinking back on it, I think I accidentally made this change when I had been making other changes on that page of the qubes settings utility (probably changing settings about automatic updates for some specific qubes). When I was on that page, the “keyboard focus” was probably on the update repos and I probably hit the “down arrow” or some other shortcut that caused that setting to get changed. Unfortunately I didn’t notice the fact that I had accidentally made a change, which is what brought me to where I am.

Thanks in advance for any help!

Short answer:

man dnf-history

and see undo sub-command.

Detailed explanation:

That is normal. You will receive updates from the stable repo once more in weeks or months. This will happen once the version of packages available from stable repo is again higher than the installed packages.

Usually no problem with security of the system (at this point). Currently security of packages are tested once on CI/CD facilities, then once more on r4.3 testing. Then once again on r4.2 testing and finally delivered to r4.2 stable. And in many cases the testing updates are indeed for improving the security of the system. They are just tested for days or weeks to assure they won’t break anything (functionality/stability wise).

You may open an issue for this on Github.(under Feature request category):

Same as above.

2 Likes

Thanks for the help @alimirjamali, I appreciate it.

Actually I thought of a follow-up question. I kept the log generated by the qubes update utility, so I know which packages came from the testing repo. You said that whenever updates become available in the stable repo, and are higher version than what I have installed from the testing repo, then I will get those updates. So my question is: suppose the packages that got installed from testing repo are packages A, B, and C; then is my system back to its normal state once I see that A, B, and C get installed from the stable repo (say in like a month or something)?

Yes

1 Like