How to update dom0 via mirage-firewall
41 views
Skip to first unread message
ron...@riseup.net
May 29, 2019, 9:06:44 AM5/29/19
to qubes...@googlegroups.com
I'm trying to get mirage-firewall as the vehicle for dom0 updates.
Seemingly, it's only possible to update dom0 using sys-firewall or
sys-whonix via the following settings: Qubes VM Manager -> System ->
Global Settings -> UpdateVM -> sys-whonix.
Anyone know how to get mirage-firewall as the default update mechanism
for dom0?
Seemingly, it's only possible to update dom0 using sys-firewall or
sys-whonix via the following settings: Qubes VM Manager -> System ->
Global Settings -> UpdateVM -> sys-whonix.
Anyone know how to get mirage-firewall as the default update mechanism
for dom0?
Thomas Leonard
May 29, 2019, 10:17:27 AM5/29/19
to qubes-users
That won't work - the dom0 updater wants to run the shell script /usr/lib/qubes/qubes-download-dom0-updates.sh in UpdateVM, which is only going to work on a Unix-type system (mirage-firewall doesn't have any kind of shell).
But you can use any Linux VM as your UpdateVM instead. https://www.qubes-os.org/doc/software-update-dom0/ says:
> The role of UpdateVM can be assigned to any VM in the Qubes VM Manager, and there are no significant security implications in this choice. By default, this role is assigned to the firewallvm.
unman
May 29, 2019, 10:18:59 AM5/29/19
to qubes...@googlegroups.com
The mirage-firewall provides firewalling capacity only. It doesn't have
the proxy server or qrpc interaction that is required for dom0 updating.
ronpunz
May 29, 2019, 10:24:45 AM5/29/19
to qubes...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages