Which templates update automatically?
161 views
Skip to first unread message
Salmiakki
Apr 8, 2016, 4:54:38 AM4/8/16
to qubes-users
I made a clone of the fedora-23 template for a less trusted environment where I wanted rpmfusion and video codecs and the like.
My VM Manager currently displays pending updates for fedora-23 but not for my fedora-23-trash.
Is there a list of templates that are checked for updates somewhere? In the global settings "Check for VM updates" is currently in an unknown state which I find rather irritating as well. :)
My VM Manager currently displays pending updates for fedora-23 but not for my fedora-23-trash.
Is there a list of templates that are checked for updates somewhere? In the global settings "Check for VM updates" is currently in an unknown state which I find rather irritating as well. :)
Marek Marczykowski-Górecki
Apr 8, 2016, 5:35:36 AM4/8/16
to Salmiakki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Unknown state in "Check for VM updates" means it is enabled for some
templates, but not the others. It isn't easy to show state of all the
templates in a single checkbox ;) (and there is no per-template
checkbox...).
Updates for a given template are checked by VMs based on it. So if you
don't start such VMs, updates will not be checked.
You can check per-VM setting in services tab of given template based VM
- - there should be "qubes-updates-check" entry (enabled or disabled). If
you don't see such entry there, the default is "enabled".
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXB3tfAAoJENuP0xzK19csmhcH/j+7zMVvLsMPvldGfue+3hFo
rHne7+GpNEtPbuRRDcI+tMfKT9vYCtEMRYscRso3iij4F9bqnhWQFZufWYFnrjtS
0oi18Kl+O9X0Ja7GoqFiz/Rm1NXcCiW+0rDL87nJBll/fdWnSsD0YjOsBNgQnoXB
QNwbO795hHSp+/f5ZKrVMGa0PSlyxAMvwWnCYZECVPowRBYp7jbiKA+xlKZWBW6S
JOLb1kPYR6cepUd4wEjRq81ofdJj8vSryNKQ4NgDLQ/76rkeHJgf5JxwQPCA/Gy6
wFaeSVG5RPCKGF2HG81UyR95UYHbYiNoD7Aa12JkIrLI7AFPPJIOp74ekuozWSI=
=0pKJ
-----END PGP SIGNATURE-----
Hash: SHA256
templates, but not the others. It isn't easy to show state of all the
templates in a single checkbox ;) (and there is no per-template
checkbox...).
Updates for a given template are checked by VMs based on it. So if you
don't start such VMs, updates will not be checked.
You can check per-VM setting in services tab of given template based VM
- - there should be "qubes-updates-check" entry (enabled or disabled). If
you don't see such entry there, the default is "enabled".
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXB3tfAAoJENuP0xzK19csmhcH/j+7zMVvLsMPvldGfue+3hFo
rHne7+GpNEtPbuRRDcI+tMfKT9vYCtEMRYscRso3iij4F9bqnhWQFZufWYFnrjtS
0oi18Kl+O9X0Ja7GoqFiz/Rm1NXcCiW+0rDL87nJBll/fdWnSsD0YjOsBNgQnoXB
QNwbO795hHSp+/f5ZKrVMGa0PSlyxAMvwWnCYZECVPowRBYp7jbiKA+xlKZWBW6S
JOLb1kPYR6cepUd4wEjRq81ofdJj8vSryNKQ4NgDLQ/76rkeHJgf5JxwQPCA/Gy6
wFaeSVG5RPCKGF2HG81UyR95UYHbYiNoD7Aa12JkIrLI7AFPPJIOp74ekuozWSI=
=0pKJ
-----END PGP SIGNATURE-----
Message has been deleted
Salmiakki
Apr 10, 2016, 12:52:04 PM4/10/16
to qubes-users, simonthecr...@gmail.com
So let me see if I understand correctly:
It is only checked if there are updates for a VM when an AppVM is run.
In particular, running the template VM or a Standalone VM does not check for updates.
If the AppVM has update checking disabled (default is it is enabled) there is no check for updates.
Okay...that leaves that setting in the global options...
i assume it only influences the setting for AppVMs not any of the other things, correct?
(Edited to bottom-post)
Salmiakki
Apr 10, 2016, 12:55:28 PM4/10/16
to qubes-users, simonthecr...@gmail.com
Okay...that leaves that setting in the global options...
i assume it only influences the setting for AppVMs not any of the other things, correct?
It seems this setting is not persisted on my machine.
After setting it to enabled and closing and reopening the dialog it is set to unknown again.
Marek Marczykowski-Górecki
Apr 10, 2016, 3:18:14 PM4/10/16
to Salmiakki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Sun, Apr 10, 2016 at 09:52:04AM -0700, Salmiakki wrote:
>
>
> On Friday, April 8, 2016 at 11:35:36 AM UTC+2, Marek Marczykowski-Górecki
> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Fri, Apr 08, 2016 at 01:54:38AM -0700, Salmiakki wrote:
> > > I made a clone of the fedora-23 template for a less trusted environment
> > > where I wanted rpmfusion and video codecs and the like.
> > > My VM Manager currently displays pending updates for fedora-23 but not
> > for
> > > my fedora-23-trash.
> > > Is there a list of templates that are checked for updates somewhere? In
> > the
> > > global settings "Check for VM updates" is currently in an unknown state
> > > which I find rather irritating as well. :)
> >
> > Unknown state in "Check for VM updates" means it is enabled for some
> > templates, but not the others. It isn't easy to show state of all the
> > templates in a single checkbox ;) (and there is no per-template
> > checkbox...).
> >
> > Updates for a given template are checked by VMs based on it. So if you
> > don't start such VMs, updates will not be checked.
> > You can check per-VM setting in services tab of given template based VM
> > - - there should be "qubes-updates-check" entry (enabled or disabled). If
> > you don't see such entry there, the default is "enabled".
>
>
>
>
> On Friday, April 8, 2016 at 11:35:36 AM UTC+2, Marek Marczykowski-Górecki
> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Fri, Apr 08, 2016 at 01:54:38AM -0700, Salmiakki wrote:
> > > I made a clone of the fedora-23 template for a less trusted environment
> > > where I wanted rpmfusion and video codecs and the like.
> > > My VM Manager currently displays pending updates for fedora-23 but not
> > for
> > > my fedora-23-trash.
> > > Is there a list of templates that are checked for updates somewhere? In
> > the
> > > global settings "Check for VM updates" is currently in an unknown state
> > > which I find rather irritating as well. :)
> >
> > Unknown state in "Check for VM updates" means it is enabled for some
> > templates, but not the others. It isn't easy to show state of all the
> > templates in a single checkbox ;) (and there is no per-template
> > checkbox...).
> >
> > Updates for a given template are checked by VMs based on it. So if you
> > don't start such VMs, updates will not be checked.
> > You can check per-VM setting in services tab of given template based VM
> > - - there should be "qubes-updates-check" entry (enabled or disabled). If
> > you don't see such entry there, the default is "enabled".
>
>
> So let me see if I understand correctly:
>
> It is only checked if there are updates for a VM when an AppVM is run.
> In particular, running the template VM or a Standalone VM does not check
> for updates.
It does check the updates for that VM itself. Not other templates for
>
> It is only checked if there are updates for a VM when an AppVM is run.
> In particular, running the template VM or a Standalone VM does not check
> for updates.
example.
> If the AppVM has update checking disabled (default is it is enabled) there
> is no check for updates.
update checking disabled, there will be no check for updates.
> Okay...that leaves that setting in the global options...
> i assume it only influences the setting for AppVMs not any of the other
> things, correct?
support checking the current state (which would involve checking all the
VMs and dealing with situations like enabled for some, but disabled for
others). Slightly better output you could get from `qubes-set-updates
status` command - it will show you either 'enabled', 'disabled', or
'mixed'.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
t0w+RXd4nl7L5aqUPHwcGdZa2nSdjntPrCqF/L89g8FdffM8YXOPTvvg5rcZoT5L
vhAAeMNS4oiyHAGwS19Mnfp3+XIZiuIn9LWHFj1jnJmvRdv16qODQHsjUqy5t6cf
rOWm5u92maOB6Zj6sUKU6WB+f3uYQHjLuytqxSdrqo/hI7m7BUpqPUtpr0j1TM25
okSssS3c3BVA8dcoSgPktpheix9uzc3Efb9ptNCYZYHJ22N61OxgVxw9baOO5C0D
SsykVRTTJ/0oBCvOFcDchuIbdsgXWHLy7x6/gwwYVnmNAM0qJe6uUqeR6xIuufA=
=oIME
-----END PGP SIGNATURE-----
Salmiakki
Apr 10, 2016, 6:22:16 PM4/10/16
to qubes-users, simonthecr...@gmail.com
On Sunday, April 10, 2016 at 9:18:14 PM UTC+2, Marek Marczykowski-Górecki wrote:
> Okay...that leaves that setting in the global options...
> i assume it only influences the setting for AppVMs not any of the other
> things, correct?
This setting affect all the VMs at once. Qubes Manager currently doesn't
support checking the current state (which would involve checking all the
VMs and dealing with situations like enabled for some, but disabled for
others). Slightly better output you could get from `qubes-set-updates
status` command - it will show you either 'enabled', 'disabled', or
'mixed'.
So the checkbox is actually a button that will enable updating for all VMs on first press and then disable it for all when pressed again and never actually checks the state?
Marek Marczykowski-Górecki
Apr 10, 2016, 6:28:27 PM4/10/16
to Salmiakki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
J7NNdxZ64vSpyJhQjo67HrF8y9WT8swAVqeejbhkMWaRUpd2Ww1mpjnseFUSHTCA
xiBmpXrgip3OQ0Koe+x8JXIVZQoFikoshiQ4vS/bO03p+p8YPyFnpLSn6L0MW6FR
fLLYogHuMje+O+PlLoSi4AAVVbyjWfpFZzdZPrhLD62IAYOCgzBWK7j/tGHUgXqI
1ESH2hpBUipDwC6kJ/np5PzTj5nF2Robe7hifIVYEY6It+ctHlt2U6axsyLJRRwL
1g8bRVner8VyjL44js4zY1n/lDVn8GwoJdO0Wxmckw739yxaJfuGT3TE4bcCSpY=
=MedY
-----END PGP SIGNATURE-----
raah...@gmail.com
Apr 10, 2016, 9:38:48 PM4/10/16
to qubes-users, simonthecr...@gmail.com
Axon
Apr 10, 2016, 10:22:09 PM4/10/16
to raah...@gmail.com, qubes-users, simonthecr...@gmail.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
raah...@gmail.com:
https://github.com/QubesOS/qubes-issues/issues/1760
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXCwosAAoJEJh4Btx1RPV8/Z8P/0y3m9Jj8EhpkJYf1j9DOHMS
leRcxdJPT9YetWlcTckMDsQedXarQv34XzUnezRc4Xv7AsaAJ9DE9PrH7qTKWeez
lmaVDgPs0m1QaDlf1k513bQuLZblNYqESfXKCb2lDlGfx23oYVm/CCKlq6vEkjxA
DaKupnttKTdv478xrIS+WBYwzwDvv46Wro+GuHpSo1Tvmu8LcgbdYT0UJgGGpd8P
hLqSgQIZDlV9YK1KSct+s9bLP03YMwUWvAJojnvuRsl4+0Hd1h/Jq4YamZLzcMZy
XQ9uk/1T2pTqEK+aB0+izFZoXuPUneTH7lQMQKYdY7q7Gk1j6S/dJ8u3SN+qAutJ
GyobVfyruNdchSYzQ61SoLC/f+7BFG9c8pRfEsskkg5vaa4MH7cFb4zxytkNtIZz
JzZqs7+LAOiaP7noq/4lReNnfldg+IGN6in8ahC6f7IihhRR6+PNr0dmF6Ywu71r
BK3xyEsHUlIVKQsrA3lv8Tmqq+4+00ZQx89gne2886olT4wjmg8sjrEkADarbFy0
uwPsddwutDc3B+wt9Q8AVv6fhjk6JkV8teJVS1Wy+22YaTsOg+YBIhGKCOGzDG5x
xUAQgvAqrViPSvJUqqiNAclck57HBzx6n5gLn5AUUWG8M/KA4Kj1znMxqK8dGMXv
+OQMOLd8qPHutEX8YQCO
=nd7N
-----END PGP SIGNATURE-----
Hash: SHA512
raah...@gmail.com:
> On Sunday, April 10, 2016 at 6:28:27 PM UTC-4, Marek
> Marczykowski-Górecki wrote: On Sun, Apr 10, 2016 at 03:22:16PM
> -0700, Salmiakki wrote:
>>>> On Sunday, April 10, 2016 at 9:18:14 PM UTC+2, Marek
>>>> Marczykowski-Górecki wrote:
>>>>>
>>>>>> Okay...that leaves that setting in the global options...
>>>>>> i assume it only influences the setting for AppVMs not
>>>>>> any of the other things, correct?
>>>>>
>>>>> This setting affect all the VMs at once. Qubes Manager
>>>>> currently doesn't support checking the current state (which
>>>>> would involve checking all the VMs and dealing with
>>>>> situations like enabled for some, but disabled for others).
>>>>> Slightly better output you could get from
>>>>> `qubes-set-updates status` command - it will show you
>>>>> either 'enabled', 'disabled', or 'mixed'.
>>>>>
>>>>
>>>> So the checkbox is actually a button that will enable
>>>> updating for all VMs on first press and then disable it for
>>>> all when pressed again and never actually checks the state?
>
> Yes.
>
>
>>>> On Sunday, April 10, 2016 at 9:18:14 PM UTC+2, Marek
>>>> Marczykowski-Górecki wrote:
>>>>>
>>>>>> Okay...that leaves that setting in the global options...
>>>>>> i assume it only influences the setting for AppVMs not
>>>>>> any of the other things, correct?
>>>>>
>>>>> This setting affect all the VMs at once. Qubes Manager
>>>>> currently doesn't support checking the current state (which
>>>>> would involve checking all the VMs and dealing with
>>>>> situations like enabled for some, but disabled for others).
>>>>> Slightly better output you could get from
>>>>> `qubes-set-updates status` command - it will show you
>>>>> either 'enabled', 'disabled', or 'mixed'.
>>>>>
>>>>
>>>> So the checkbox is actually a button that will enable
>>>> updating for all VMs on first press and then disable it for
>>>> all when pressed again and never actually checks the state?
>
> Yes.
>
>
> it would be nice to have some update notification icon to show on
> the panel taskbar as well as just in the qubes manager.
>
Yes, that feature is already being tracked here:
> the panel taskbar as well as just in the qubes manager.
>
https://github.com/QubesOS/qubes-issues/issues/1760
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXCwosAAoJEJh4Btx1RPV8/Z8P/0y3m9Jj8EhpkJYf1j9DOHMS
leRcxdJPT9YetWlcTckMDsQedXarQv34XzUnezRc4Xv7AsaAJ9DE9PrH7qTKWeez
lmaVDgPs0m1QaDlf1k513bQuLZblNYqESfXKCb2lDlGfx23oYVm/CCKlq6vEkjxA
DaKupnttKTdv478xrIS+WBYwzwDvv46Wro+GuHpSo1Tvmu8LcgbdYT0UJgGGpd8P
hLqSgQIZDlV9YK1KSct+s9bLP03YMwUWvAJojnvuRsl4+0Hd1h/Jq4YamZLzcMZy
XQ9uk/1T2pTqEK+aB0+izFZoXuPUneTH7lQMQKYdY7q7Gk1j6S/dJ8u3SN+qAutJ
GyobVfyruNdchSYzQ61SoLC/f+7BFG9c8pRfEsskkg5vaa4MH7cFb4zxytkNtIZz
JzZqs7+LAOiaP7noq/4lReNnfldg+IGN6in8ahC6f7IihhRR6+PNr0dmF6Ywu71r
BK3xyEsHUlIVKQsrA3lv8Tmqq+4+00ZQx89gne2886olT4wjmg8sjrEkADarbFy0
uwPsddwutDc3B+wt9Q8AVv6fhjk6JkV8teJVS1Wy+22YaTsOg+YBIhGKCOGzDG5x
xUAQgvAqrViPSvJUqqiNAclck57HBzx6n5gLn5AUUWG8M/KA4Kj1znMxqK8dGMXv
+OQMOLd8qPHutEX8YQCO
=nd7N
-----END PGP SIGNATURE-----
FWM
Jan 22, 2017, 5:59:48 AM1/22/17
to qubes-users
From my experience, This auto check for updates doesnt seem to work properly.
The default templates definitely get checked for updates, but the cloned templates never seem to. If i manually click the "Update VM system" on a cloned template, it will often find updates.
I ran "qubes-set-update status" in dom0, and both were enabled.
Running Qubes OS 3.1
Unman
Jan 22, 2017, 4:24:34 PM1/22/17
to FWM, qubes-users
The notification should come if you have a network connected qube based
on that template. If you have firewall rules implemented, that will
affect this process, obviously.
Can you check that you have the "qubes-update-check" service running in
the qube based on the cloned template, and that it has unfettered access
to the internet?
Which templates do you think are affected?
raah...@gmail.com
Jan 23, 2017, 2:09:06 PM1/23/17
to qubes-users
I believe its only templates that you have running at the time and connected to the internet that will get the update notice. So I only have sys-net, sys-firewall, usually running at boot. so those two templates will get checked first it seems. so one is fedora and one is debian. if one of them gets and update, I check the clones of them as well.
On another note, it would be nice to get popups to desktop or taskbar for template updates, like when there is a dom0 update. I still resort to just keeping the qubes-manager onscreen at all times. (although alsso to look for yellow triangles if any).
Reply all
Reply to author
Forward
0 new messages