-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 14/07/2019 9.08 PM, Andrew David Wong wrote:
> On 14/07/2019 8.19 AM, unman wrote:
>> On Sat, Jul 13, 2019 at 06:40:00PM -0500, Andrew David Wong
>> wrote:
>>>
>>> 1. When using the Qubes Update widget, a mgmt DisposableVM is
>>> started. Why is that? Is it just for executing Salt commands so
>>> that they're not executed in dom0?
>
>> Yes, this is standard in Qubes.
>
>>>
>>> 2. How can one update a TemplateVM the way the Qubes Update
>>> widget does? For example, when I update a Fedora TemplateVM
>>> myself, I just execute `dnf update` in the template. I don't
>>> start any DisposableVMs, so clearly my method of updating is
>>> different from what the Qubes Update widget does. Is there some
>>> kind of scriptable qubesctl command I can issue from dom0 that
>>> does the same thing as the Qubes Update widget?
>>>
>
>> The update widget calls qubesctl and runs the state file in
>> /srv/formuals/base/update-formula/update/qubes-vm.sls
>
>> You can run this yourself by: qubesctl --skip-dom0
>> --targets=<targets> --show-output state.sls update.qubes-vm
>
>> Skip the "show-output" option if you want to script.
>
>> It's a wrapper to salts pkg.uptodate call, so you could put that
>> in a state file yourself.
>
>
> Thanks, unman. I'm not quite sure what the last sentence means.
> Why would one want to put that in a state file oneself?
>
Could you explain what these options mean?
--skip-dom0 -- The documentation doesn't really explain this.
--targets -- Is this the qube to be updated in this case?
The reason I'm asking: I've just been updating via `dnf update` (and
similar) for a long time now, but I'm noticing that certain bug fixes
are being implemented via Salt, and I'm worried that I might skip
these fixes if I never update via Salt. Do you think that updating via
qubesctl is a better idea than updating "manually," or does it not
matter?
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0r4TgACgkQ203TvDlQ
MDBq0w/8DmHxyfuwQXgW7jOOhkbeK3HbO0L0Yw9samgGe14kmFUy6XBag9Ek3uNU
U7qDigdon4hALBLF0SHXW8csw/nnFv6y9DlARVwLvjeyZJETALWd4LYK5v4GndC2
2Smrgj5sZNvLgNhkaSfFuAqWw1NC1z2lYMtroDMiy9dHdKCJn0wfOfS4IZN24pqm
XU9yiDS/QdYjETX2Z0lNCxfskBGzqrtXNSdLC5bUH96/6lY+Yqxcx4NCVpxtJZsB
U/WO7eMh12h9GVDtwxQl7LCo9eBiQhj5QdCp40Zx42BBeCT4nAcu2MbvmXVMRQnh
9JQNMtu76zZ35TqEnp5pbzGhsLpo7d9RMYjPT/wCJWwZsAQpOYyDyMzIGN9bXz/8
9N5A0mXWcey/5AFS+kvgnJMpBLgh96hWHNFJK++G4+3LFDWMWCdbxMyBOAttKEv9
ea9SGiDYHHeVmoy5E2GzPYMQEkz3voYWR7BvRs8ilCMaAETdtorYyAy59s8Y4t0P
1zT6IFgnD48p9pjLBUxbkegsCWPbCnFKBWUBLTaR8lMYbykvCkdEkT43A1+FMVDJ
4yuUeIwDcPElzlDZzHh7UuBgkJHrcglfEobsWCPgXwI3Cr56eBwq90Sm5iX/e2iL
J9x9tiiYZ/DhZaAr0uyhv8IZJkXLHY2Y6c3uVA58RQ+xtAxN4mE=
=VhP6
-----END PGP SIGNATURE-----