Fedora 24?

[Niels Kobschätzki]

Hi,

what would I need to do to update an existing Fedora-template or install a new template to/with Fedora24?

Will Fedora24-templates come with Qubes 3.2?

Niels

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

In Qubes 3.2 we build packages also for Fedora 24. There is no prepared
template available, and packages aren't tested yet, but it should be
possible to upgrade using something similar to:
https://www.qubes-os.org/doc/fedora-template-upgrade-21/
Just replace 23 with 24 and probably use dnf instead of yum.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXaxEZAAoJENuP0xzK19csKvwH/3hZlk5OT0NPGRucYgYKmbVe
h8mLV6jq6RrJcU4xgKeVFJrvS6gTuTHkN+hzOpES3FFcY68tWKGPug005fpKtF9l
6geVR8zG3U3wj1n/5KUF4m75AB9iInyZIrXzT9BuOD3pdmseXpomds0/jLdERwnf
4W1Td5fOwNzwrVDFT+byMer+eGsuKyhbSiKx9vjsUwMtzYB4zetlzh3Wrd9DBudj
w2nl0EN4JEs3JxRQWgFDBypX4fJTtQ2EGJNyogVFl5M8Lv2cmi6Xr9y/isg6EVuH
3A2xHDmCov5fRmBBjLNNri0JUsX1gdwEYY6GwpRiwA8j4WEBc7oE2sWCxZxmGoQ=
=benD
-----END PGP SIGNATURE-----

[ni...@kobschaetzki.net]

> On June 23, 2016 at 12:28 AM Marek Marczykowski-Górecki <marm...@invisiblethingslab.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote:
>
> > Hi,
> >
> > what would I need to do to update an existing Fedora-template or install a new template to/with Fedora24?
> >
> > Will Fedora24-templates come with Qubes 3.2?
>
> In Qubes 3.2 we build packages also for Fedora 24. There is no prepared
> template available, and packages aren't tested yet, but it should be
> possible to upgrade using something similar to:
> https://www.qubes-os.org/doc/fedora-template-upgrade-21/
> Just replace 23 with 24 and probably use dnf instead of yum.

Thanks a lot for the information. I will probably try my luck tonight :)

Niels

[Niels Kobschaetzki]

On 16/06/23 00:28, Marek Marczykowski-Górecki wrote:
>On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote:
>> Hi,
>>
>> what would I need to do to update an existing Fedora-template or install a new template to/with Fedora24?
>>
>> Will Fedora24-templates come with Qubes 3.2?
>
>In Qubes 3.2 we build packages also for Fedora 24. There is no prepared
>template available, and packages aren't tested yet, but it should be
>possible to upgrade using something similar to:
>https://www.qubes-os.org/doc/fedora-template-upgrade-21/
>Just replace 23 with 24 and probably use dnf instead of yum.

It seems that the commands might work but the packages in the Qubes-repo
have still dependency-problems with Fedora 24. It seems I need to wait
for 3.2.
And I am not eager to do an allowerasing or some force installing which
burnt me in the past (not with Qubes but in general).

The error messages are:
Error: package python3-dnf-plugins-qubes-hooks-3.1.16-1.fc23.x86_64 requires python(abi) = 3.4, but none of the providers can be installed.
package qubes-gui-vm-3.1.5-1.fc23.x86_64 requires pulseaudio = 7.1, but none of the providers can be installed.
package xen-qubes-vm-2001:4.6.0-13.fc23.x86_64 requires xen-libs = 2001:4.6.0-13.fc23, but none of the providers can be installed.
package qubes-core-vm-3.1.16-1.fc23.x86_64 requires python3-dnf-plugins-qubes-hooks, but none of the providers can be installed.
package qubes-core-vm-systemd-3.1.16-1.fc23.x86_64 requires qubes-core-vm, but none of the providers can be installed
(try to add '--allowerasing' to command line to replace conflicting
packages)

Cheers,

Niels

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've just tried this and successfully upgraded Fedora 23 to Fedora 24
template.

TL;DR version:
1. Clone fedora-23 to fedora-24-test.
2. Open terminal in fedora-24-test.
3. Run "dnf upgrade --releasever=24".
4. Shutdown the template.
5. Switch (some of?) VMs to this template.

Some basic tests are ok. Please, if any of you have a chance, test such
template. If that would work, we'll build full template for convenience.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXzf6RAAoJENuP0xzK19cslMwH/37T/x0gSoVd3wS52cPibhlU
aKgyRW1DCs/cYaBhiTLI3yk5FANbhedqmNB1NQ8hdNIus7s0qtRHdHWv25DH4Dd6
b/qvJlOsB1xWI+EIhkr+1Bxw58MVRXYD6LWB+Z0jaH0fco4tCdb6s7Xls5Dt5OJ4
3UUZQAPvrZ42oh5WEd+brY/48AmNSS10YTkuKJD9/rfh1g6BxHMC/dNAwIH+dJWQ
WjuDdX6V5AKV11F1fbS7cGOJiVsv5v7ohJdglDNC8B2bQNwDiQ7+u4ScBVDn96+o
BzDntrIG8U1dN6PuAW6nxG361+mF4SXzTz7L/X1TIsswnVN3Ize/AxKYoHDxj8s=
=O9Wf
-----END PGP SIGNATURE-----

[Foppe de Haan]

What kind of tests are you hoping for? It seems to be running fine here, and moving files between VMs also seems to be working.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Just some standard usage things, like:
- networking (like standard web browsing)
- updates / package installation (is it working at all? does new apps
show up in the menu?)
- emails (for example if Qubes addon for Thunderbird still works)
- update process itself (some broken dependencies?)
- memory usage, performance - compared to Fedore 23

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXzomQAAoJENuP0xzK19csSK0H/i4PVnl2Il+W+IU2mAE4DLQe
ujiBZ9//2zipC0PuIVgiXix0mpqUu4vvACUwCczQmTmpIY380mgckgj6QDongvwD
jG1xrG3PpLXg07v++hOPxF4fvDCIdDhhXJuDDYKQy9qUAPvP8+Lj72P2QYnCNJLL
LPGetCsGyhopu8zAH/Nx2riGxJlfJVpvcJIqHNXbb2Rq1t6WcIq5WUbKtrxaJmJ8
A0ALDdXMnQNHYboywAgSIYR3V1rUJRUxxCnuQ94TyG89XE8WtZmuNIyPaE9870Vc
+lpkHZN5iO2KDKoK1rn+bzB6KC1/jZ3RhYDYIlFpSGc44UkBTxTm043565J/p9A=
=+lMC
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Sep 06, 2016 at 08:27:09AM +0200, Achim Patzner wrote:

> Am 06.09.2016 um 01:24 schrieb Marek Marczykowski-Górecki:
> > I've just tried this and successfully upgraded Fedora 23 to Fedora 24
> > template.
> >
> > TL;DR version:
> > 1. Clone fedora-23 to fedora-24-test.
> > 2. Open terminal in fedora-24-test.
> > 3. Run "dnf upgrade --releasever=24".
> > 4. Shutdown the template.
> > 5. Switch (some of?) VMs to this template.
> >
> > Some basic tests are ok. Please, if any of you have a chance, test such
> > template. If that would work, we'll build full template for convenience.
>

> I did that a two weeks ago and it improved a lot of things on my system.
> It is working better if the display's resolution has been correctly set
> _before_ launching anything X...
>
> Does anyone have a simple tool to diff the rpm inventory of two machines
> and apply everything that is not installed in the target machine? 8-)

rpm -qa |sort > pkg_list
Then diff those files...

Dnf also keep track of what packages have you installed manually (in
contrast to those installed as dependencies). I can't find a tool to
query this (only add/remove packages: dnf mark). But apparently you can
easily get this from its database:

grep -l user /var/lib/dnf/yumdb/*/*/reason

That list needs some postprocessing unfortunately (like removing
"/reason"), but shouldn't be that hard.

> For some unknown reasons it was not a good idea to start with my R3.1
> (with all bells and whistles) template VM; I had to use the template
> that came with the R3.2 installation to get it running.

There are no fc24 packages for R3.1. So if you're starting with R3.1
template, first you need to upgrade it to R3.2.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXzoyYAAoJENuP0xzK19csENcIAIOVCEzebbNJmsv2x3ZjgtXO
Wq4XVkShDzymDKIsJ4tBCm5Ra1pX6nkswlFnDr8NadW2z0uL0YbgvAcMzrcRZ3Io
wFwuSCSOOgrH61VE1uLzlV2Ew5nsC3tBuM6W4lnKR4eYHb0j3SUk22XBtiQtP219
kutHl5incaT5D91xYEi3GPPzAZLRIoxyLy6xlXbtCWdyOH4yJti8jW/PGoy3E70i
M+eFJoJDBVC5IJDK6NUnNDKuixYlt3xFQSbNXiyGiM6JujGLsfqmdd+0gbDTvJTS
zb931SA0fCCLQFa6HPpKxYi+Cm4QYOLevqJtdz0DC1fsyB+3nTt86NSWL8PlhcQ=
=EaQo
-----END PGP SIGNATURE-----

[Foppe de Haan]

Okay.

I've cloned and upgraded the fc23 template in the manner indicated, plus upgraded a Standalone fc23-based VM. Both upgraded & started without issues.
No errors during update for me, just some Fedora-related annoyances (e.g. postgresql 9.4->9.5 requiring the old binaries for a database upgrade, and fedora not keeping those around)

Networking / browsing seems fine so far; I swapped sys-usb, sys-net and sys-firewall to fc24, and they are working as well, at least at first glance. Qvm-usb device listing & passthrough works as well.
Sys-usb and -net memory usage still at 300mb; sys-firewall memory usage (once it's been running for a while) may be at a somewhat higher level than before, but hard to say (~900mb now)
Updating packages works (using the QVM manager dropdown menu selection, and simply via sudo dnf update);
Installing new packages works, and they show up in the Qubes app menu list)
Haven't test t-bird because I'm running that on a Debian VM.

[Achim Patzner]

Am 06.09.2016 um 11:30 schrieb Marek Marczykowski-Górecki:
> > Does anyone have a simple tool to diff the rpm inventory of two machines
> > and apply everything that is not installed in the target machine? 8-)
>
> rpm -qa |sort > pkg_list
> Then diff those files...

I hoped there was an easier way 8-). I did that (actually not using a
diff; adding a package that is already there doesn't matter). But that
didn't solve what wou were mentioning next:

> But apparently you can
> easily get this from its database:
>
> grep -l user /var/lib/dnf/yumdb/*/*/reason

That did a bit more for me and reduced overhead quite a bit.

> There are no fc24 packages for R3.1. So if you're starting with R3.1
> template, first you need to upgrade it to R3.2.

What I wanted to way was "using an old template I brought forward from
3.1 to 3.2 got me into a dead end so I started over with the fedora-23
from 3.2". Don't ask me, I'm only the end user and don't know much about
growing penguins.

Which reminds me: Is there a serious difference betwenn sys-* in 3.1 and
3.2 or is it a bad idea to backup and restore the old VMs?


Achim

[Achim Patzner]

Am 06.09.2016 um 11:17 schrieb Marek Marczykowski-Górecki:
> Just some standard usage things, like:
> - networking (like standard web browsing)

Working.

> - updates / package installation (is it working at all? does new apps
> show up in the menu?)

Working.

> - emails (for example if Qubes addon for Thunderbird still works)

Working.

> - update process itself (some broken dependencies?)

Working.

> - memory usage, performance - compared to Fedore 23

No realy noticeable difference.

Some key bindings might have changed; ctrl-"+" in a terminal window
increases the font size but the terminal window does not grow with it
anymore.


Achim

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Sep 06, 2016 at 01:07:49PM +0200, Achim Patzner wrote:
> Am 06.09.2016 um 11:30 schrieb Marek Marczykowski-Górecki:
> > There are no fc24 packages for R3.1. So if you're starting with R3.1
> > template, first you need to upgrade it to R3.2.
>
> What I wanted to way was "using an old template I brought forward from
> 3.1 to 3.2 got me into a dead end so I started over with the fedora-23
> from 3.2". Don't ask me, I'm only the end user and don't know much about
> growing penguins.

Ok, so I think we can simply recommend the working path (or using fresh
fedora-24 template when released). We don't have enough resources to
support every upgrade combination...

> Which reminds me: Is there a serious difference betwenn sys-* in 3.1 and
> 3.2 or is it a bad idea to backup and restore the old VMs?

Not much difference (if any).

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXzqbwAAoJENuP0xzK19cshuAIAJgMgBThPhdMcXJLr33G2Lr8
lC8upKbbNV/IqX3xYEamDxkSDNqrwXoqqMXEEhovtu89WTWJPhzzELJcj8Gw28Te
Ip2GkvyAH5H+e6gpA4cUVcgfYEv5yO7COi8G+BVxxE+TUJ4ZoGEsxKOFhxe2RROd
Kia14lALeSDoMYfkzhf5I0iK1GLhdispVNMwdX3aMdmZdfp5KT+k11/O5Spu/zeF
yuvkamSaWdTI4REfSsgXlbHaHvTB95+b2pB0gRms/SigEGARpHjX4AHqGceEil+2
vsrM6xitMHTEYdU6fLn8j6T2tMRsWRf+S842bIDB+rqH35BSsJgAoFPxZvijML4=
=ASzm
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Sep 06, 2016 at 01:10:51PM +0200, Achim Patzner wrote:
> Am 06.09.2016 um 11:17 schrieb Marek Marczykowski-Górecki:
> > Just some standard usage things, like:
> > - networking (like standard web browsing)
>
> Working.
>
> > - updates / package installation (is it working at all? does new apps
> > show up in the menu?)
>
> Working.
>
> > - emails (for example if Qubes addon for Thunderbird still works)
>
> Working.
>
> > - update process itself (some broken dependencies?)
>
> Working.
>
> > - memory usage, performance - compared to Fedore 23
>
> No realy noticeable difference.

Thanks :)

> Some key bindings might have changed; ctrl-"+" in a terminal window
> increases the font size but the terminal window does not grow with it
> anymore.

Interesting, it may be a feature :)

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXzqdYAAoJENuP0xzK19csaicH/0yAZt3iqamnAtN2BEKH/m80
plrbo19x5xyRBxZTAfALq3ey4gl/8CLIp9WIJ7cxmtw120rIOz5OvUc5gGg/gmF+
VNPlDB7fIuGSmnSnvdTCSNXTKTToTPE+EzyHFWPWyrpIQxJhCN+jBU8wCENh7V9b
Ip/8ygIGYJV/FDwBcSYR+WpqpobeRF4TlaT+c7gayy34+8kPVgwqWLfRUIw71lcT
B5NW6NXmiUxBYU6MGEBNeedih4GForjJQkIkliWM4SlEHnBR6NpcizWrdQ0IY801
s+23aTO5jyN4mDU7xy7hcSfRFMJ+Al07hX/ErCmzSegRxb/7tB4wZr/hNI9xbaw=
=d2jD
-----END PGP SIGNATURE-----

[Torsten Grote]

On 09/05/2016 08:24 PM, Marek Marczykowski-Górecki wrote:
> Please, if any of you have a chance, test such template.

I had to resize the system partition, because the upgrade was too big to
fit on it. Automatic resizing didn't work. I had to run resize2fs manually.

The upgrade went through smoothly. Only noticed this warning:

Upgrading : glibc-2.23.1-10.fc24.x86_64
/bin/sh: error while loading shared libraries: libtinfo.so.6: cannot
open shared object file: No such file or directory
warning: %triggerin(cronie-1.5.0-3.fc23.x86_64) scriptlet failed, exit
status 127
Non-fatal <unknown> scriptlet failure in rpm package glibc
Non-fatal <unknown> scriptlet failure in rpm package glibc
Upgrading : libstdc++-6.1.1-3.fc24.x86_64


Kind Regards,
Torsten

[pixel fairy]

> On 09/05/2016 08:24 PM, Marek Marczykowski-Górecki wrote:
> > Please, if any of you have a chance, test such template.

Whats the time frame on 3.2? fedora 25 is out in november. would it be worth it to wait? or just make an updated template then?

would also be good to have a newer set of graphics drivers in dom0

[Connor Page]

I upgraded all fedora-based vms to 24 about a month ago when I noticed a qubes repo for that. all upgrades went smooth but I suggest backups first because of different versions of software. things may break if you switch back to 23. I had this problem with remmina, it couldn't work properly with config from 23 but after changes in 24 and switching back to 23 it was again broken. in the end I just stopped using it.
I think f24 is more memory hungry. because of that I created a separate update vm so that RAM can be quickly freed up after updating dom0.
I haven't noticed any downgrade in performance but that may happen for users with limited RAM and swaps on HDDs.
f24 pushes substantial amount of updates daily, however delta RPMs don't consume much bandwidth.

[Connor Page]

and forgot to mention, I followed the documentation for upgrade from 21 to 23, i.e. used an additional disk image for cache and modules. otherwise it would fail with my densely populated templates.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Sep 06, 2016 at 08:44:35PM -0700, pixel fairy wrote:
> > On 09/05/2016 08:24 PM, Marek Marczykowski-Górecki wrote:
> > > Please, if any of you have a chance, test such template.
>
> Whats the time frame on 3.2? fedora 25 is out in november. would it be worth it to wait? or just make an updated template then?

We will release 3.2 much earlier. It will come with default Fedora 23
template - it is too late in release cycle for such big change.

But the new template will be available in repositories.

> would also be good to have a newer set of graphics drivers in dom0

In Qubes 3.2 dom0 will stay in Fedora 23 - generally it will be mostly
the same as 3.2-rc3.

For Qubes 4.0 it hasn't been decided yet (most likely will be Fedora
23 too). But hopefully we'll have newer kernel there. I'd aim for 4.8.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX0BivAAoJENuP0xzK19csgJ8H/0kPV3AUDysnOqpAXnJH+5FW
n3ULpuumBvGI1S7z+zGbba65UI70KGQ25Aq4EVRObSq+y5JdZrLkji7liGif4acA
j4Qxh9/IAfKYlY6T7BMqU760EIlEa091crKxYa8KpkNU/DRtYaKQ48Jbra3CS49z
HolUzKI+l2KfqcoC5YGOUQT98zgdaC4U/oN9FbIXUPBc4psQdz43jpx9A283L+XV
P/5vFfIZjzVr8PvMuYGCzo66FGZ4VRXixuNAnGRHBDZ1lOD0Ma87k9U+fyBJWBQi
hxOCyQy4edOs+XaNjEkiFCJcxoARgeNZvJpE6atx2D6VpUwJ8qg+9xjSnuQg2WY=
=nEAN
-----END PGP SIGNATURE-----

[pixel fairy]

On Wednesday, September 7, 2016 at 6:40:24 AM UTC-7, Marek Marczykowski-Górecki wrote:

>
> For Qubes 4.0 it hasn't been decided yet (most likely will be Fedora
> 23 too). But hopefully we'll have newer kernel there. I'd aim for 4.8.

looks like fedora 23 will be EOL in 3-4 months. https://fedoraproject.org/wiki/End_of_life

[Steve Coleman]

On 09/05/2016 07:24 PM, Marek Marczykowski-Górecki wrote:

>
> I've just tried this and successfully upgraded Fedora 23 to Fedora 24
> template.
>
> TL;DR version:
> 1. Clone fedora-23 to fedora-24-test.
> 2. Open terminal in fedora-24-test.
> 3. Run "dnf upgrade --releasever=24".
> 4. Shutdown the template.
> 5. Switch (some of?) VMs to this template.
>
> Some basic tests are ok. Please, if any of you have a chance, test such
> template. If that would work, we'll build full template for convenience.

Just wanted to pass on that I cloned fc23 and created an fc24 template
under 3.2 like mentioned above, and have switched _all_ my VM's over to
it. I have been running this way for a solid two days now with no major
issues. I had a little bit of weird behavior during the transition (menu
stopped working, Qubes manager didn't start). After applying all updates
and after about the third reboot everything seems to have smoothed out
and is working properly as best as I can tell.

My only outstanding issue is more 3.2 upgrade related, where my clock
keeps getting set an hour ahead.


Steve Coleman

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I've just added this note regarding the safety of using an EOL base OS
in dom0 to our Supported Versions page:[1]

"Note: Dom0 is isolated from domUs. DomUs can access only a few
interfaces, such as Xen, device backends (in the dom0 kernel and in
other VMs, such as the NetVM), and Qubes tools (gui-daemon,
qrexec-daemon, etc.). These components are security-critical, and we
provide updates for all of them (when necessary), regardless of the
support status of the base distribution. For this reason, we consider
it safe to continue using a given base distribution in dom0 even after
it has reached end-of-life."

This is from a reply Marek gave about the same issue with Fedora 20
reaching EOL approximately four months before the release of R3.0.[2]
(Note that we've continued to use Fedora 20 in dom0 ever since, in
both R3.0 and R3.1.)


[1] https://www.qubes-os.org/doc/supported-versions/#tocAnchor-1-1-2
[2] https://groups.google.com/d/msg/qubes-users/D8CvUWYpQxk/VYFLp7raI_IJ

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX0xpbAAoJENtN07w5UDAwPOIP/1ENQeJz5y/7amzioScLTzVj
jt84fGJ62eY+n1QNTYAWLa/90JjI++52Nvqn+CZ3LFIV/MKzyKf31LeIMrhH5w+I
X1PT6MIw5xFMxeIqKYCaLORnUrgZQg4Lu2UXWiCGJoOjgb8XuBHjre2XL/LYp2Fr
X//n5j8TfoWC6JsAVDxrQ6GVw5BTJowcBG0a2dOll/01qCDhxX8r8SuFwaGbbfsc
N5Vaqt0BbJvQI5GN0dyNRxIjl98sJymWf4SRJ5QW+zT0FU2QBLi9GP2OMHqR3JPv
D70fZS8xyAyUIUQNRdUEOdYCKLWereSi/EMaZOsBfA+n6LTAZmtmlqKKJQ/6+gEc
7iFFzIbj7j2xZOZC4z6uPT0kbEPRpp1bB2bpwlYOE5MepGY1+N1s3fuExf30lSD3
fX0sl0Ae9Yrf10wjC7xdKUxt2o5+9ocLFZK31fJ6pH1vb6UvvjMgw3S9d+Qkz4S1
1h8jQmwsxAd+42dAbQ05vpuxYLAKiMyzeTacOFmad9qv/QyF4bp8WzYheJ5VCfOY
eZlk64o4kFSSbsB3cSgywyLuWD+zRlIXPNOxt+WPN+DcDWMahpOkN2ApdfWwg92U
YBsSopAMzReNU1FtoVuVMZU2WWCAWKASWgb33CmFwErLPrJGn2R7hpSywGiXRR6+
ijTKNBgs66YJLBKhf+0C
=obj3
-----END PGP SIGNATURE-----

[pixel fairy]

it all worked, except the option to delete the old template was grayed out.

[pixel fairy]

i think fedora24 should be the default template for qubes 3.2. were all testing it, cant see any problems. we cant have an EOL release for appvms.

[Noses]

Ok, as everybody was looking for a problem, I finally found one. I've been
bitten by this
http://forums.fedoraforum.org/showthread.php?p=1770311 ("/etc/resolv.conf
missing once NetworkManager is stopped") and don't really know how to deal
with it right now in a way that does not require quite a bit of work.

Marek? Is NetworkManager necessary for a happy AppVM? Does anybody know what
this is good for and how to counter it?


Achim

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

No, it shouldn't be needed in AppVM, only in NetVM.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX2b41AAoJENuP0xzK19csG8wH/30hrD6cCGiKIQbtAGhIPnXX
c7TW/0JThVH+R7lO12wFilzwS9eeSgTwNSMFTw3y2jORV8AlBoYPA/MADUfp+xKc
R/SW6z0aaPk1yxF0VxO18NyjP7Ze8LNChS/ApaySSbli9KIMbuVGjzWaMovv8KxX
sGOFIHHXsLDT/Z4tj0FNX/bCgxEBsmTKILRQAW9OunjYGJK7YIUG+wGXwlguovj4
F3DM2AEAnv/npTPJwrLB0E2upqLQJaaCBQGg+v5JXeu3nviSF1GcvF+NXrml0H/g
tH6NJvKqFaXjNafZxct4CGIfeobBffihs1PrXBZdYNzPr5M+OP8vTfY/vGWks4s=
=cOQU
-----END PGP SIGNATURE-----

[Achim Patzner]

Am 14.09.2016 um 23:16 schrieb Marek Marczykowski-Górecki:
> > Ok, as everybody was looking for a problem, I finally found one.
> I've been
> > bitten by this
> > http://forums.fedoraforum.org/showthread.php?p=1770311
> ("/etc/resolv.conf
> > missing once NetworkManager is stopped") and don't really know how
> to deal
> > with it right now in a way that does not require quite a bit of work.
>
> > Marek? Is NetworkManager necessary for a happy AppVM? Does anybody
> know what
> > this is good for and how to counter it?
>
> No, it shouldn't be needed in AppVM, only in NetVM.

Nevertheless I've been bitten by this nonsense for some unknown reason;
maybe I've awoken some mummy in its grave when I added NM-based things
to the template in order to create a vpn proxy VM. No matter why, it
might be a good idea to add

rc-manager=file

to the [main] section of NetworkManager.conf to avoid running into it
suddenly. For something as unclean as a standard Linux system it is
ridiculous to suddenly start symlinking files around (and the generating
conflcts between systemd and NetworkManager – didn't anyone learn
anything from Apple's early problems with launchd?).


Achim

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, Sep 14, 2016 at 11:27:20PM +0200, Achim Patzner wrote:
> Am 14.09.2016 um 23:16 schrieb Marek Marczykowski-Górecki:
> > > Ok, as everybody was looking for a problem, I finally found one.
> > I've been
> > > bitten by this
> > > http://forums.fedoraforum.org/showthread.php?p=1770311
> > ("/etc/resolv.conf
> > > missing once NetworkManager is stopped") and don't really know how
> > to deal
> > > with it right now in a way that does not require quite a bit of work.
> >
> > > Marek? Is NetworkManager necessary for a happy AppVM? Does anybody
> > know what
> > > this is good for and how to counter it?
> >
> > No, it shouldn't be needed in AppVM, only in NetVM.
>
> Nevertheless I've been bitten by this nonsense for some unknown reason;
> maybe I've awoken some mummy in its grave when I added NM-based things
> to the template in order to create a vpn proxy VM. No matter why, it
> might be a good idea to add
>
> rc-manager=file
>
> to the [main] section of NetworkManager.conf to avoid running into it
> suddenly.

This is indeed a good idea, thanks.
https://github.com/marmarek/qubes-core-agent-linux/pull/83

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX2dpiAAoJENuP0xzK19cshfwH/3wzqa1f3QgjFG0+BKpmiFSZ
kh1WKXu2fb0opQhuNOe5xpk74wUEeiH/9bEm2kkB4zEEfePwYKj1eN/Ypr12CzJm
i2p1T46gq2oTtqWPej2R+UGthIDsZyo/uXe4zrqyGnUH1rCP4h4mGB24XV6oUKMy
+QXR55jFwgyv63RQY77T0+p57YzYiSC2EPWlgZxjuZbCdOVtH+f5sG2I60NYW+1e
EnrPUgtU8T71xR10WZ+Uy/XZMvNNezEkLILH71ptsgBqmdW3qf9KS/0S2ShETrUI
efG+M5Sl2ShkGFvMWH6XuXbI79txzmv15kotmT2+N7SV/2jnVjH8J00yCs+KGRI=
=HZV5
-----END PGP SIGNATURE-----

[J. Eppler]

Is it a good idea to spend time on fedora 24? Fedora 25 should be released in November/December and will use Wayland per default. Would it not be better to skip Fedora 24 and focus on resources and efforts on Fedora 25?

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, Sep 15, 2016 at 09:41:37PM -0700, J. Eppler wrote:
> Is it a good idea to spend time on fedora 24? Fedora 25 should be released in November/December and will use Wayland per default. Would it not be better to skip Fedora 24 and focus on resources and efforts on Fedora 25?

Most likely problems found on F24 will also affect F25, so those will
need to be fixed anyway. On the other hand, since it mostly works, it
isn't much effort.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX2684AAoJENuP0xzK19csEGYH/1mZK2nJH7bU9WwVP8pHFNJL
yT3VApyDAC/h4p9WVCS/3Jaj0ZTkNsPUzXLh85Ico5L++rz7Cg0HxhjnNSkh7gSK
cQOWbVq4Eeo4iRybCgkR7d1oKG+ar4mkvyXzE4psWFDb95WV3m/zZsNFgw4YhM9/
IN5ZbsOSE6DVF32lOh9Qbv2MkhSeyi7eI8KB1DIWoqEJUt+5CA3pXDVRsPvbIxIe
w3uTZWnPn3tA4aZCEh2/dnkULiVpZTM+iHNgUKQHpr0WRMtXPj1oAxx9O1SaZr7m
9pB6RfGGFZDZ0uEHeJfrei3hd0LHU4OXx5+CAsGmhIBIDxKw6D4FS2r59AORnh0=
=meEW
-----END PGP SIGNATURE-----

[Sebastian Jug]

Split GPG does not work with Fedora 24. I upgraded my fedora-23 minimal gpg template to Fedora 24 and I just get:

[user@personal ~]$ qubes-gpg-client -K
/bin/sh: /etc/qubes-rpc/qubes.Gpg: No such file or directory
EOF

It doesn't do the second prompt to allow access for the 300 seconds at all. What would cause this?

[pixel fairy]

does the new fedora24 template exist, or should we just update as your earlier message?

[Zrubi]

On 09/06/2016 01:24 AM, Marek Marczykowski-Górecki wrote:

> I've just tried this and successfully upgraded Fedora 23 to Fedora 24
> template.
>
> TL;DR version:
> 1. Clone fedora-23 to fedora-24-test.
> 2. Open terminal in fedora-24-test.
> 3. Run "dnf upgrade --releasever=24".
> 4. Shutdown the template.
> 5. Switch (some of?) VMs to this template.
>

Just tried to upgrade my templates and got this error:


Error: Transaction check error:
file /usr/lib64/libpython3.so from install of
system-python-libs-3.5.1-17.fc24.x86_64 conflicts with file from package
python3-libs-3.4.3-12.fc23.x86_64


Was not able to workaround it, because(?) those libs are used by dnf
itself :o

The official fedora upgrade way:
https://fedoraproject.org/wiki/DNF_system_upgrade
seems not compatible with Qubes


any hints how to solve this?

Thanks.


--
Zrubi

[Manuel Amador (Rudd-O)]

On 09/16/2016 04:41 AM, J. Eppler wrote:
> Is it a good idea to spend time on fedora 24? Fedora 25 should be released in November/December and will use Wayland per default. Would it not be better to skip Fedora 24 and focus on resources and efforts on Fedora 25?
>

We will not get to Fedora 25 in time, which means leaving our users with
F23, which will be unsupported by that time.


:-(

--
Rudd-O
http://rudd-o.com/

[Manuel Amador (Rudd-O)]

On 09/06/2016 11:10 AM, Achim Patzner wrote:
> Some key bindings might have changed; ctrl-"+" in a terminal window
> increases the font size but the terminal window does not grow with it
> anymore.

Finally! The GNOME people finally unfucked Ctrl++!

--
Rudd-O
http://rudd-o.com/

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I haven't tried recently, but it worked before. Maybe a workaround would
be to disable "updates" repository for the upgrade time? Just add
- --disablerepo=updates.

I think it may be possible to use "official" upgrade method, by
switching to pvgrub first:
https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm
But in practice probably it will be more complex than just following
that instructions... Maybe worth a try?

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYEgHCAAoJENuP0xzK19csXQYH/2DWHoZ+Td3+a4Rd2Y6L8Aj0
ECAK3TCObhmtCTgCi16rHtGTGY0zTZiE1a0yYFpAM1XwVan9Baalbu3gYGwUOLcx
imQ+gYsXccLh1JdxrH/NeovzuoRvH1jFW0upUpawuPAsmebVpRbcQ2y9wNwe9mWF
pajUFwpNZMEarfIXbsd6dVnPbJTAHUhPzC1Iq01zxtpcDoAWSzAzSwmWUSN8rfCt
McMgVK8cZcS4rNvsVfxfEqR6+Pxz9qiCHjZZGJweRYQ/DoksFqr1cwYfoNhh0NnB
TuYnlmW9DUL1FOqHW4I9wAE6B93cTvkBmCMH24YnAXkq9JN/jeiJxSI+RAmYra0=
=xINa
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, Oct 27, 2016 at 03:31:46PM +0200, Marek Marczykowski-Górecki wrote:
> On Thu, Oct 27, 2016 at 09:50:56AM +0200, Zrubi wrote:
> > On 09/06/2016 01:24 AM, Marek Marczykowski-Górecki wrote:
> >
> > > I've just tried this and successfully upgraded Fedora 23 to Fedora 24
> > > template.
> > >
> > > TL;DR version:
> > > 1. Clone fedora-23 to fedora-24-test.
> > > 2. Open terminal in fedora-24-test.
> > > 3. Run "dnf upgrade --releasever=24".
> > > 4. Shutdown the template.
> > > 5. Switch (some of?) VMs to this template.
> > >
> >
> > Just tried to upgrade my templates and got this error:
> >
> >
> > Error: Transaction check error:
> > file /usr/lib64/libpython3.so from install of
> > system-python-libs-3.5.1-17.fc24.x86_64 conflicts with file from package
> > python3-libs-3.4.3-12.fc23.x86_64
> >
> >
> > Was not able to workaround it, because(?) those libs are used by dnf
> > itself :o
> >
> > The official fedora upgrade way:
> > https://fedoraproject.org/wiki/DNF_system_upgrade
> > seems not compatible with Qubes
> >
> >
> > any hints how to solve this?
>
> I haven't tried recently, but it worked before. Maybe a workaround would
> be to disable "updates" repository for the upgrade time? Just add

> --disablerepo=updates.

Or another idea: use `dnf distro-sync --releasever=24`, instead of `dnf
upgrade`. Not sure if that helps.

> I think it may be possible to use "official" upgrade method, by
> switching to pvgrub first:
> https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm
> But in practice probably it will be more complex than just following
> that instructions... Maybe worth a try?

Actually, it looks like it almost works this way, even without switching
to pvgrub. The only problem is that we put "3" on kernel cmdline, which
forces systemd going into multi-user.target (instead of
system-update.target). This can be worked around by putting
"systemd.unit=system-update.target" on the template kernel command line
("kernelopts" property) before starting second phase of the upgrade. So
the procedure is:
1. Clone fedora-23 template to fedora-24.
2. Start fedora-24, launch terminal
3. Proceed with https://fedoraproject.org/wiki/DNF_system_upgrade
4. Triggering a reboot will actually shutdown the template.
5. Add "systemd.unit=system-update.target" to kernel options of the
template.
6. Start fedora-24 template. It will fail to connect qrexec daemon, GUI
etc. But it will be running and performing the upgrade. Be patient, it
will take some time - for me it was about two hours on non-SSD machine.
There will be no progress information.
7. When upgrade is completed, template with automatically shutdown
itself. When it happens, remove "systemd.unit=system-update.target" from
kernel options.
8. Done.

I'll look into removing "3" from kernel command line - it would simplify
the above instruction (steps 5 and 7 will be unnecessary).

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYErAwAAoJENuP0xzK19csGrIH/iSWPIa8LmRlSta8Xv6Lyr3A
5XEZFh6nNevKGX2emPmL3K8z//cBr2gULQ7lkldo9l/RJ8Xb3nFRUrazzbLNyTcF
1YHFAGGS3W8A4ZnTMldmAAlcqzcWAX112td5QWzMtX4y++zPNEx8ZgVZ+C7WWFCX
UH5ZSVvrV0rePTbwJeE29K6n5ke6OjwsBQg6kQeamNDMPV0n9BXUls/dPPe2w4dG
9wRY8Eo40zqzaRvn+GzQ4eT9ovTaKDdAD+U2irQD80wFu1DfwNm0b8hOu5xI21FI
YvsDB8+PIuuiLrioGIYMizWfC8CZvekqpXfjTN47mi0Bhsllw4kvkG0XR2AlZns=
=w9HA
-----END PGP SIGNATURE-----

[Zrubi]

On 10/27/2016 03:31 PM, Marek Marczykowski-Górecki wrote:

> I haven't tried recently, but it worked before. Maybe a workaround would
> be to disable "updates" repository for the upgrade time? Just add

> --disablerepo=updates.

I do not understand the reason - but it was worked this way - thanks.



--
Zrubi

[Zrubi]

I just celebrated to early :(

now it seems I'm running FC24 - but still have a lot of packages named:
*fc23*
including several qubes related.

And if i try to update the system got the same dependency error as
before :( Also noticed that the update skipping several packages because
boken dependencies - see the attached file "b"

distro-sync (and system-upgrade) also fails by broken dependencies - see
file "c"




--
Zrubi

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Wait a sec, qubes-gui-vm-3.1.7 ? Is this Qubes 3.1? We don't have fc24
support there...

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYExBPAAoJENuP0xzK19csV+AH/ifcVnFxqZdeiYaY9n39YTJA
6vdpnV7r35lhriV4W0rb9eWceMkQLrRNGB7Omlo0cQBlCS4bFz+HiLvUEiPQBoO0
5vao4Id0OAsyviIVHijbK6leFrYrMoLqqo2JdT66ZBPAxwofVUx/zeecuBUOLF0U
iNfjR5CPHmmGsko4AwQ5NqNUf0ZZeJ57aV/U5uHNs0Si9oph7qtPl2RABs46rJqb
qeKsHC2SHlfI2AmYF6c3RS/3CgcZnUvnF+hXkN5UPZkdYiklizFjK86gRCv6jsId
oFGxLac1CQEMQSicgfN74jb1d0pJe5bOwUo80ZDM5SPAe1dG55NW4sRMlcl0RU8=
=MHGZ
-----END PGP SIGNATURE-----

[Zrubi]

On 10/28/2016 10:46 AM, Marek Marczykowski-Górecki wrote:

> Wait a sec, qubes-gui-vm-3.1.7 ? Is this Qubes 3.1? We don't have fc24
> support there...

Well no. It is Qubes 3.2 - but a restored template.

Maybe I just messed up something related to 3.1 -> 3.2 upgrade?
However to template is working fine. I'm using it for a while for
production.


--
Zrubi

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, Oct 28, 2016 at 10:51:43AM +0200, Zrubi wrote:
> On 10/28/2016 10:46 AM, Marek Marczykowski-Górecki wrote:
>
> > Wait a sec, qubes-gui-vm-3.1.7 ? Is this Qubes 3.1? We don't have fc24
> > support there...
>
> Well no. It is Qubes 3.2 - but a restored template.
>
> Maybe I just messed up something related to 3.1 -> 3.2 upgrade?

It looks so... See here:
https://www.qubes-os.org/doc/upgrade-to-r3.2/#upgrade-all-template-and-standalone-vms

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYExhCAAoJENuP0xzK19csgR4H/A2MIF9uxVpAq+WOf1ETGzAY
u5fzU36/GtEpIUXfLelKGFyBujADToW0VHuhBFmoGJjiRRg6v9QFElOUkQojjfdd
eRkVzQxNizKdYdCUErIJyEK0fWW6K60XYG2GcR5i5mqmojoOpa7XttBwNGggZcUU
E/4Hw+WVC4VaiELbIfxvoWpaastgtbBM5PlAIv6OHb3P24osNNhxWoC81PT4d/aK
7pRTwkKv3T7TyoNbl1xbWipCD+ujakaXtWGyvAJtutORPAM2+/AJANdVEDEJx5ar
zlWhvveUINIEM6/KdMCPOiRXDrQc8T3CJa//nAcz3zSUP7nZMa5abdL0fPfeJ4Q=
=Lw7k
-----END PGP SIGNATURE-----

[Manuel Amador (Rudd-O)]

We should not be putting 3 in the kernel command line, and we should not
be modifying the default target in qubes-core-vm-systemd either. What
we should do is do the necessary work to get the default system
configuration to work when we boot a VM into graphical.target (the
default). That way we avoid these integration issues.

I believe the correct thing to do is to create the necessary
configuration for the default display manager to start qubes-guid with
autologin. This will also give us a complete desktop session inside the
VM, and XDG autostart as well, as opposed to just a tiny stub that
doesn't have e.g. password manager environment or GPG agent.

This area is ripe for research, and it's time we matured in that
direction. Also noteworthy is that, with the move to Wayland, this sort
of work is very apropos.

--
Rudd-O
http://rudd-o.com/

[Laszlo Zrubecz]

On 10/28/2016 11:20 AM, Marek Marczykowski-Górecki wrote:

> It looks so... See here:
> https://www.qubes-os.org/doc/upgrade-to-r3.2/#upgrade-all-template-and-standalone-vms

It was not made a difference - only the package versions changed, the
error is the same.

so I'm still stucked with broken dependencies :(

--
Laszlo Zrubecz

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Actually yes, we may hook qubes-gui-agent.service into graphical.target
and call it "display manager", preventing others from running. This is
good idea, but something I'd like to avoid as a stable update - so, for
Qubes 4.0.

> I believe the correct thing to do is to create the necessary
> configuration for the default display manager to start qubes-guid with
> autologin. This will also give us a complete desktop session inside the
> VM,

This is exactly what we want to avoid. We don't want another window
manager there (which would be fighting with the one in dom0), as well as
a ton of other useless things like panels, clock icons etc. Excluding
this crap makes Qubes VMs lightweight enough to run 20+ of them at the
same machine.

> and XDG autostart as well, as opposed to just a tiny stub that
> doesn't have e.g. password manager environment or GPG agent.
>
> This area is ripe for research, and it's time we matured in that
> direction. Also noteworthy is that, with the move to Wayland, this sort
> of work is very apropos.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYEx0UAAoJENuP0xzK19csoDkH/3rXbCEvgXE12IABaV18dldb
PPEgp+6DrpEAuY56rhVQGHEo7QWUhSQzspotvs0UANirdVLiTFaIb3Q/Yv2uUPSZ
RyHucDCu6bEcnBMDIDVX9jYvh3PZR8LdVMkKbQ1DdzMKDCCcjFU9bdwnUnVmdXVb
hzy9W9BfWKIo8PzdJ/H9un6OqlGYR3RqtPOXD2hjO85yrmGjrC2MNi1OYh86s4EF
o1DIwb7rDcMCA05b2RjiagucNprB64VGBo5RBh8ZW3cU1NMycViUG0yWEF2iqNGV
AxfmrdWsyjSxC1d9Nhv45k5u2EruWKkCqjl9rxX6RLlzot+KgTU5h3e+te+l+lg=
=w9P+
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Interesting. Check qubes repositories definitions.
/etc/yum.repos.d/qubes-r3.repo should look like this:

[qubes-vm-r3.2-current]
name = Qubes OS Repository for VM (updates)
baseurl = http://yum.qubes-os.org/r3.2/current/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3-primary
skip_if_unavailable=False
gpgcheck = 1
enabled=1

[qubes-vm-r3.2-current-testing]
name = Qubes OS Repository for VM (updates-testing)
baseurl = http://yum.qubes-os.org/r3.2/current-testing/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3-primary
skip_if_unavailable=False
gpgcheck = 1
enabled=0

[qubes-vm-r3.2-security-testing]
name = Qubes OS Repository for VM (security-testing)
baseurl = http://yum.qubes-os.org/r3.2/security-testing/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3-primary
skip_if_unavailable=False
gpgcheck = 1
enabled=0

[qubes-vm-r3.2-unstable]
name = Qubes OS Repository for VM (unstable)
baseurl = http://yum.qubes-os.org/r3.2/unstable/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3-unstable
gpgcheck = 1
enabled=0

Especially "fc$releasever" part is important. Maybe you have hardcoded
"23" there for some reason? Or have the repository disabled? Or maybe
it's still at 3.1 there (and the updated one saved in .rpmnew file)?

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYEx3pAAoJENuP0xzK19csMY4H/jVMeRDhv8BV7Z/Kmw59o94Y
ZtaondXxCwQzeuqIXPp8UD0bxscBbduOadl+ARwNH3Xnvgsa6GG6xVrvjsOWLqP2
R3JUxEVLtHq76x68m9XuBIosXSTkBQTRbZ/wR8WxrdY9xGlzIM8hHJ2pZRrY2Usn
QYkxIoH29ty8a0ac62i292/ITR/xgKj7jt1gt0d7olXagE+xlSwdTqV/Vd7qHWRA
a/Tv4gMIcauNN9Y4cwXBrYIZv8HFLchId0L4jvgZ03X02h43HOVUJqSZ+lcNfS9I
vNcfN/sBuaeiG3nKDiW3bZq5noRVENOcEszuJd36g27NLiBEkjPur+SIuZvTg6c=
=DFlG
-----END PGP SIGNATURE-----

[Zrubi]

On 10/28/2016 11:44 AM, Marek Marczykowski-Górecki wrote:

> Or maybe
> it's still at 3.1 there (and the updated one saved in .rpmnew file)?

That was the case.
My templates are updated to fc24 now.




A few notes about this:

- skipping the template upgrade from 3.1 has no immediate visible
effect, easy to forget.

- the /etc/yum.repos.d/qubes-r3.repo file hardcoded to Qubes versions,
and the upgrade not overwriting it if you made any change (enable more
repos for example)

- the short upgrade path (You discribed before) is working fine :)


Thanks for the fast response :)

--
Zrubi

[Manuel Amador (Rudd-O)]

On 10/28/2016 09:40 AM, Marek Marczykowski-Górecki wrote:
>
> Actually yes, we may hook qubes-gui-agent.service into graphical.target
> and call it "display manager", preventing others from running. This is
> good idea, but something I'd like to avoid as a stable update - so, for
> Qubes 4.0.

Yes, this would be a good start.

>
>> I believe the correct thing to do is to create the necessary
>> configuration for the default display manager to start qubes-guid with
>> autologin. This will also give us a complete desktop session inside the
>> VM,
> This is exactly what we want to avoid. We don't want another window
> manager there (which would be fighting with the one in dom0), as well as
> a ton of other useless things like panels, clock icons etc. Excluding
> this crap makes Qubes VMs lightweight enough to run 20+ of them at the
> same machine.

I was not suggesting you run a window manager. Just a qubes-guid
session. No window manager whatsoever. Certainly not clocks, or
panels, or any of that shit.

--
Rudd-O
http://rudd-o.com/

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, Oct 28, 2016 at 12:56:28PM +0200, Zrubi wrote:
> On 10/28/2016 11:44 AM, Marek Marczykowski-Górecki wrote:
>
> > Or maybe
> > it's still at 3.1 there (and the updated one saved in .rpmnew file)?
>
> That was the case.
> My templates are updated to fc24 now.
>
> A few notes about this:
>
> - skipping the template upgrade from 3.1 has no immediate visible
> effect, easy to forget.

This is somehow intended effect - we try to not break compatibility
(that much) between 3.x releases.
But indeed some warning would be nice.

> - the /etc/yum.repos.d/qubes-r3.repo file hardcoded to Qubes versions,
> and the upgrade not overwriting it if you made any change (enable more
> repos for example)

Ideally we'd have some variable for Qubes version there, but
unfortunately there is only one $releasever and it's about Fedora
release number...

> - the short upgrade path (You discribed before) is working fine :)

:)

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYEzW1AAoJENuP0xzK19cs/1gH/3Pwm2xczqc199X1Wgtzja7B
wQaXMO4XnGSl/hwcUEXrm1puZC4374aW95xWbkE9tbsQxP8BEbIOGNUBxLtqLfe0
TyDBdeF+lp6FBHsxvIEKmm8f6DBzvVNvfPJQ0OgMKQfazVe8Js5jVNjOMC8gkQuH
tr4ctNzejltFYDBjsR/Q7z21agoJrtbZh+oAvYQc7aSSDooz6tbibrcq6mNIpy1U
rJv+uZlRwIekmgLbZEmLzQ4kX1ZB6cdX+iNTY5OtBwpaDkQRO4h4jVhCFAW7Cmn2
MGSHMxUvJpXtCw6/mkBN2f4e2cV0DCJDt7dIJw1rLHJ0+TpdTfn7PJjA54YTPw4=
=5P1Q
-----END PGP SIGNATURE-----