Programmatically performing software update

[lok...@gmail.com]

I tend to use Qubes VM's not just for security purposes, but also as a very convenient way to have clean, manageable VM's where I only install the stuff I need for a specific task.

This has led me to have a large number non-template VM's, all of which needs to be manually updated every time there is a software update.

Right now, for each VM, I have to click on update, wait for the dialogue box to spin for a while waiting for the VM to start, then manually choose “yes” to update. This process gets old really fast.

Is there a way to automate this so that I can simply say “yes, I want to update all these VM's, go ahead and do it”?

Regards,
Elias

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here's an example of scripting updates (optionally as a cron job):

https://gist.github.com/andrewdavidwong/d0b109186de65835255d467ae103c289

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYtptVAAoJENtN07w5UDAwkLwP/3Wp9RLzcU44+GWgGtzEWzgP
S7PAPMQRhHVg0LlXP2Y77iKvk9D9g13qOnqKqfnLmKntADavm+nyFn5bIxWInm7F
J0CmLoLgIDW3Ceo25CnqzjNL14c1G7ttdmV0g795kmNlL4YjNMl3R8Ums+yltfcx
vAgX0/R0524wN34QMZNk07utc9P/NKrty7JiyyGffYQy7Cc2Q70SkC4z6lGNesJw
kNOeC6LK3iS4ba6U9Xh/fqO7sHP8cUax27yuj0Un5EfKKWtcbUplzkL/Hwnq4Okh
sQ5XxHL/43tOycanPhqOy+oigHx5/mGP3JIvcbBunL6lg6i/4WWS+mrnp4ERCzIk
BVqGugrlTL5Up0DNBkynpCJGd/77rCCTFxXg1o9OtSpIMfjP4NChvf1dn0t8YX2o
hlpx8G+R6KYP1Taztfjs5WRtvQgKR+CGTtUexidsyFhs5zdFo3SRyL4JXJ/Bz3Z9
puH1l6YHTKdF9cHhkzMv7r0CooevrHdmxzAgchQIAO6kHdgfbv9iAhteNeKRodkY
zxYqvQoGMf9xJGGI9Q8OAaREzuQKQAl8NoOrvhgNNqBZ2dH+MvMOe5RB2y0YLHIN
GcF06uQhYIZnHPdRxH/zBeb4SupaXk7eiqaY8ZfmAFELCJCeMOWgaLqQBzjpoWh+
wwmp+H7uI00kWumcsZeD
=O2W9
-----END PGP SIGNATURE-----

[Jimmy Axenhus]

I got a Python script for that. Put in dom0 and run it. Unlike Andrews
script this one will update all VMs in parallel and is interactive
rather than non-interactive.

https://gist.github.com/JimmyAx/818bcf11a14e85531516ef999c8c5765


Here it is, embedded in the email:



#!/usr/bin/python2

import subprocess

from time import sleep

from qubes.qubes import QubesVmCollection


if __name__ == "__main__":
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_reading()
try:
qvm_collection.load()
finally:
qvm_collection.unlock_db()

vms = qvm_collection.values()

exclude_vms = ("debian-8-hvm", "win7", "win7-orig")
#"archlinux-aur", "archlinux")

processes = []
for vm in vms:
dom0 = vm.qid == 0
if not dom0 and vm.updateable and vm.name not in exclude_vms:
print "Updating VM template %s..." % vm.name
if not vm.is_running():
vm.start()
sleep(3)
p = vm.run_service("qubes.InstallUpdatesGUI", gui=True,
wait=False, passio_popen=True)
processes.append((vm, p))

print "Waiting for VMs to complete updating..."
for vm, p in processes:
p.wait()
if vm.is_running():
vm.shutdown()

subprocess.check_call(["sudo", "/usr/bin/qubes-dom0-update"])

[lok...@gmail.com]

On Thursday, 2 March 2017 03:59:39 UTC+8, Jimmy Axenhus wrote:

> I got a Python script for that. Put in dom0 and run it. Unlike Andrews
> script this one will update all VMs in parallel and is interactive
> rather than non-interactive.

Thanks a lot to both you and David for helping out with this. I have no managed to do what I want.

By the way, is there a way to access this Qubes management API without using Python? (I specifically want to use Lisp, but I can hook into anything that isn't language-specific).

Regards,
Elias