[feature request] Shutdown template after update

[Eva Star]

After template updated ask user at the console to shutdown current template.

"Shutdown current template [Y/n]"

--
Regards

[Jean-Philippe Ouellet]

See also https://github.com/QubesOS/qubes-issues/issues/2388

If we have appropriate metadata for each VM, we could automatically
shut-down VMs if they were not running prior to triggering the update.

This may be a preferable user experience.

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-11-07 10:05, Eva Star wrote:
> After template updated ask user at the console to shutdown current template.
>
> "Shutdown current template [Y/n]"
>

Currently tracking a very similar suggestion here:

https://github.com/QubesOS/qubes-issues/issues/832

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYIZXYAAoJENtN07w5UDAwxggP/jGZBpTvA/gwWbRumpZ/HTlI
s6TG1DR01Wmn2CxhPgryId3PnUOKp+Z1v0R74oD4q8QxIPUkJSgLG5QuqkN2WCpQ
du9IS60m9GVIetgu5UUaAHBpk9vNNG7GBTFiZiPuhYLqxyvbbr+KO4Kxdhk+i5jk
OsNMNyxkjTaVhNA2cZqT9YTlOYjRh7EmUX5JqKpeTWi+F8Who71NpUQqD2tAluRG
YnrHSCWyuAAZymrKt/MVKb1aZRMxqlcMa67Vo0CIisoEnTbQigQDQDpHnMLBh7XD
tu8rENQT0HXngzC7qTKJsvwBD+U0SyUFxp7RQBaU3wsyE86ROUcvlsCrfHA3pUYG
IJkikbSIMgdHejZ4yC8abpdaOcj/hod3yexh0Rquvp64+NX+4tN9L/wblhaVXBgN
ogxW8LWtDpHUljla6T4BegnfnRVMgp9GMqVdBn4fAts2YFszMcNYanV3GnjuoCNt
vF9+Wk+uwFM14nwyjFTusQhP+uBeXajMdyN9gMSFIg1L7CD0Cjndy9Pk2o/odmfb
r+xERYSvBZocmjazKoTZfQoC2fktniIroH7C7t2iwk2e5wwyFu5+KVUN1NsMknPm
EFnfNYselmls/PpdxM82oYT7wXPGZmdQsT8Z4rDAKkKQEx/fnPxRSP2UphY6Hlih
2g+Wv6Hr9ls/UTty7T4E
=de3L
-----END PGP SIGNATURE-----

[Achim Patzner]

m 08.11.2016 um 10:07 schrieb Andrew David Wong:
> On 2016-11-07 10:05, Eva Star wrote:
> > After template updated ask user at the console to shutdown current
> template.
>
> > "Shutdown current template [Y/n]"
>
>
> Currently tracking a very similar suggestion here:
>
> https://github.com/QubesOS/qubes-issues/issues/832

Wouldn't a command-line tool qvm-update-template [--all]
[--shutdown-after-upgrade] <vm-name>[, <vm-name>]* be much more flexible?


Achim

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Yes, but I don't think the primarily goal of that ticket is flexibility.
Rather, I think it's to implement a quality-of-life feature that will
benefit users generally, including novice users who never touch the
command-line.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYIbeOAAoJENtN07w5UDAwmccQAKpiMzbhePkkj46KaVOQ5WoY
K1AtMMhzmRnU1Faq0RHafTEc31UaJSNczioGwDQvFDszVU0D1Df+BspnKBHkDpBW
zhAvtMm/vTMN7DnYVEWEfiAnyIwY2kGjWTq4tP3e1aEA/NW9G+r9OnwMVcLXFuBd
SFV9oX7tbVmn4Xd/zMzsZlhV9I+8pxC72GAlQPsbfJwT/qDNwDN2nuJzpIqnfXVV
BKJPQ3squBXR9hGBx03yGj9gRCJyZzvcMSQlv58nSjP9oCOYHJ3qls97qx4JVSLi
exurkz8jtpVOBskGZXHZ9QNRpm5Pc4p8prgPzwNE/xkJ8gNAXWTeuJYb8Z4iY5H+
p4zim60oved4OxpeuYySzdl/x+ThyIrxPL2SAeDyeKfW/CIeXWL+J6Dho2aQxHXZ
lCjmF+YWqEqANM4b3pAd6SGOiZfHR3yOuPYuxGIiquIYLC0/V5Smc7eZeN2nXdV2
vRzuExSUNvigR3xJru+zFNh56mrZgS55bPOZaLjI2z5ZZDmtgXOdl7vtWcw6AHM+
+oXzv3ZUB9JhR5TOPekYG2JaaqqoNvlW5j+V+S+D/giM1Bn7M+BiHWQrSAsNX45L
dPKDSuvYXYP+v38SEI5I/ADlJxnjpVrmSD+MEnp+eFmZcL7/PCOCE9jXCuwK/ef1
knavpTYoo1VSqKr2quSn
=IKkm
-----END PGP SIGNATURE-----

[Achim Patzner]

Am 08.11.2016 um 12:31 schrieb Andrew David Wong:
> >>> After template updated ask user at the console to shutdown current
> template.
> >>
> >>> "Shutdown current template [Y/n]"
> >>
> >> Currently tracking a very similar suggestion here:
> >>
> >> https://github.com/QubesOS/qubes-issues/issues/832
>
> > Wouldn't a command-line tool qvm-update-template [--all]
> > [--shutdown-after-upgrade] <vm-name>[, <vm-name>]* be much more
> flexible?
>

> Yes, but I don't think the primarily goal of that ticket is flexibility.
> Rather, I think it's to implement a quality-of-life feature that will
> benefit users generally, including novice users who never touch the
> command-line.

Maybe I should have added the (obviously in my eyes obvious) argument:
The current update-procedures are launched by a GUI-application and then
open a window that is asking questions which need keyboard interaction.
And in some cases the default answer (at least in Fedora) (which is
making things worse – at least the default Xterm is looking different
for Fedora and Debian) is not what you want. Or at least not what I want
(aborting the update). Now someone wants to add another bloody
interactive option that will require at least me to select the
non-default option.

No. Thank you very much, but no. If someone is making things even more
like a text adventure they could just as well do it right, make the
update process command line based and give up interactive decisions in
favor of command line parameters to finally deliver a launch-and-forget
solution. That could be easily scripted without opening that barrel of salt.


Achim

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Nov 08, 2016 at 10:37:02PM +0100, Achim Patzner wrote:
> Am 08.11.2016 um 12:31 schrieb Andrew David Wong:
> > >>> After template updated ask user at the console to shutdown current
> > template.
> > >>
> > >>> "Shutdown current template [Y/n]"
> > >>
> > >> Currently tracking a very similar suggestion here:
> > >>
> > >> https://github.com/QubesOS/qubes-issues/issues/832
> >
> > > Wouldn't a command-line tool qvm-update-template [--all]
> > > [--shutdown-after-upgrade] <vm-name>[, <vm-name>]* be much more
> > flexible?
> >
> > Yes, but I don't think the primarily goal of that ticket is flexibility.
> > Rather, I think it's to implement a quality-of-life feature that will
> > benefit users generally, including novice users who never touch the
> > command-line.
>
> Maybe I should have added the (obviously in my eyes obvious) argument:
> The current update-procedures are launched by a GUI-application and then
> open a window that is asking questions which need keyboard interaction.
> And in some cases the default answer (at least in Fedora) (which is
> making things worse – at least the default Xterm is looking different
> for Fedora and Debian) is not what you want. Or at least not what I want
> (aborting the update). Now someone wants to add another bloody
> interactive option that will require at least me to select the
> non-default option.

I'd like to change this default - indeed it is very confusing, but I
don't know how. The only related option is to accept automatically.
Maybe this is the way to go?
Personally I like to review list of packages to be updated, but I guess
most users don't do that.

> No. Thank you very much, but no. If someone is making things even more
> like a text adventure they could just as well do it right, make the
> update process command line based and give up interactive decisions in
> favor of command line parameters to finally deliver a launch-and-forget
> solution. That could be easily scripted without opening that barrel of salt.

I think it's important to give the user some feedback. Fully automated
updates are somehow broken in most tools[1] - this is why we have this
terminal window, instead of just some progress bar or something even
less intrusive.
But automatically shutting down the template (after user have a chance
to see update feedback) is a good idea. Something like "Press enter to
shutdown template, or Ctrl-C to just close this window".

[1] https://phabricator.whonix.org/T373

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYI7A9AAoJENuP0xzK19cslx4H/3JFzlpcZZxatNmBjcB9Fuuf
gOgWK5iG8ql1ekKKYvGldOatjw3+c9pYGtY/u3jZTF5lrdifMO5kh1cbsnJ9EYJ8
Z7bjJ07Xa/3Now3fxfznBhe5tKpi+q6SqNjiGXNuSkZyoZqMfH+z1Zlv4FYXlft1
FlD5HpID7zJt90EAJVgQ5S1JAnDA++jmJDvIR/04H/LBiyCzJRrWw/4tctotzbOL
wQa1pEa79Fz2fuw5UlWvkcGRMXR9H+Yu+oAJ0+TO/ObwGrSfwlqcOqg/qSNjFIm6
PAfxPM2iGuL/B0oRVi8ST2Zb50LLa5K5k2jCk8WGdBv2RisXMrXh2sJkLspwxeM=
=dI89
-----END PGP SIGNATURE-----

[raah...@gmail.com]

I hope I'm not too offtopic but a gui option to shut down multiple vms at once would be cool.

[Eva Star]

> I hope I'm not too offtopic but a gui option to shut down multiple vms at once would be cool.

`qvm-shutdown --all --wait` -- will shutdown all VMs (if it helps)

p.s. Marek, this command work NOT well. Time to time it freeze Qubes Manager and never end especially at the situations when need to shutdown cascade of VMs like this sys-net > sys-firewal -> sys-firrewall2 -> whinux -> sys-firrewall3 -> AppVm

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Yes, that's a known issue. I've noticed it too lately.

https://github.com/QubesOS/qubes-issues/issues/1826

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYJO9DAAoJENtN07w5UDAwxJ4P/j6+Qz9OENUWPr/PHBSKHULO
VgRDZPioUN64OH6wm+5V1bHjHoSmoVGGUY3WKODLVkAU2o22V50ykpq5G8gMLa4R
Iwe71wJYi9Y5rnTo08zkGY8BhwpRorskHbq7amhkpv4vuhQ1gEirIHqpJ9GCHWAo
9UC/B0fAT99mSrm8IuOhAu8GEfIVzxmLuLhoOzr0LpPFBw+XGROj0ZVDjLX8reEM
/NBmGa4M0jTDTm5+jWCRFtWIrvjrNZh5woPAS2LvjlqoUGHmxpGrpCIu6kWMaxcD
fHAbc4+2K1imi7JsIDWBt10DyaCBIdYv1mU+O6ZkBfv7x88k881jCWKCclfmtP2r
QkTKEy49tiJoiVHNtMzgoLTedhuE78bBBiqJYJ8Ixva+WbP5CsANxqthJxCuLNwc
wm1i/cKuJ4+w4qF22CxL8vn46498a3O/gqT0I0zOVvbicJ3vBbpYqTnBYu05NOfz
aW7TyAjbV0JyTr/uzVsn8oAzspA63ru1DkaYN7fPLHAW5Fwuk0gxPpjKEsqWI4q2
/Hcwrq0AixBAFjVvQZkchs3TjBwbvec7y4VIeOl9bT0Rx871rwHiOLC51RcZyvgo
/zXdhEDiCa7N9MgYRy9+HXOQowsHBkomP804nNf9RgQ21RzXhlz8vXgzgZAc/zxk
Ef/N5Syy5vmQ6dr0nPsX
=5a97
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Nov 08, 2016 at 01:07:38AM -0800, Andrew David Wong wrote:
> On 2016-11-07 10:05, Eva Star wrote:
> > After template updated ask user at the console to shutdown current template.
> >
> > "Shutdown current template [Y/n]"
> >
>
> Currently tracking a very similar suggestion here:
>
> https://github.com/QubesOS/qubes-issues/issues/832

Indeed this is similar, but not the same because it does matter when you
shutdown the template - until you do so, child VMs do not see the
changes.

Created new issue here:
https://github.com/QubesOS/qubes-issues/issues/2431

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYJ4nRAAoJENuP0xzK19csKJYH/232f3ts6oGOcVDvnqubDaEI
NFSENa+ovKD9v7ZQjVmd0bdWlj7vH8HfhzCgzJZzFR0qLZb5sBHKmE1o3iqEkiYf
HYi3WBKNgu7YtGhmS8iGLnBilSuJYjAyiaAzvVRbEHc8WFuy04U42lPzKSo/GMj6
FQxLXU/1lVz8TmwKVRkmVq+VuOxkO4OS58STu2PW5pKn3B1nx+qREzhNURhybYSV
d4zgGQmvztNk88PG2sppnQAeYprqgR+fINwLqjPu8Mg7DfW2kb6EIpcFMJbNGqb3
WvV1ZmNPeIMAtzv8rvlvPE80niEOBsU0UDiTJ6T0YMlMBt/LnhEJeSX3yj2fm8o=
=5wOE
-----END PGP SIGNATURE-----

[Achim Patzner]

Am 10.11.2016 um 00:24 schrieb Marek Marczykowski-Górecki:
> On Tue, Nov 08, 2016 at 10:37:02PM +0100, Achim Patzner wrote:
> > Maybe I should have added the (obviously in my eyes obvious) argument:
> > The current update-procedures are launched by a GUI-application and then
> > open a window that is asking questions which need keyboard interaction.
> > And in some cases the default answer (at least in Fedora) (which is
> > making things worse – at least the default Xterm is looking different
> > for Fedora and Debian) is not what you want. Or at least not what I want
> > (aborting the update). Now someone wants to add another bloody
> > interactive option that will require at least me to select the
> > non-default option.
>
> I'd like to change this default - indeed it is very confusing, but I
> don't know how.

Only be recompiling it. This is hardcoded. I remember a
"Linux-Stammtisch" in the area where the discussion over this topic
nearly led to bloodshed so please avoid supplying patches unless you've
got a black belt in something.

> The only related option is to accept automatically.
> Maybe this is the way to go?

I'm currently living with about 10 Fedora-based templates. I'm usually
updating the fattest, reviewing the list carefully and then go on with
the update. The others are just getting a treatment using qvm-run
(because I am annoyed by all those questions using the Manager). So
using "-y" on the command line would not be exactly what I consider safe
nor secure.

> Personally I like to review list of packages to be updated, but I guess
> most users don't do that.

… until they have been burnt. I just spent hours finding out how I
destroyed my native Arch system until I remembered that I'm EFI booting
without grub and forgot copying the new kernel (which I didn't notice
being installed because I didn't check the f* list) to /boot/efi/EFI/arch.

> I think it's important to give the user some feedback. Fully automated
> updates are somehow broken in most tools[1] - this is why we have this
> terminal window,

I guess I mentioned already that I'm mildly hating someone for using an
xterm in default settings 8-). Although it is looking coool when you're
updating 20 machines at the same time and showing your stamp collection
to someone I've yet to figure out how to use a different font size for it.

> instead of just some progress bar or something even less intrusive.

Sometimes I like the way Ubuntu and the likes are handling things –
until they break something. 8-)

> But automatically shutting down the template (after user have a chance
> to see update feedback) is a good idea. Something like "Press enter to
> shutdown template, or Ctrl-C to just close this window".

I once got into a serious discussion with Jordan Hubbard about the fact
that I really disliked the sudden pop-ups asking for something innocent
like "do you really want to shut down/have your cat slaughtered by
satanists/vote for Trump?" with the least convenient option being the
default while I was busily typing at something (you know that Macs are
used by pushing mice and touching pads; that's why you can remove keys,
one after the other, without any user noticing it).

It's the same with the update process; the keyboard is not flushed
before the "shutdown or not" question so any extraneous return key will
still be in the buffer. Shutting a machine down isn't as bad as messing
up your boot disk (which I did on the Mac by accepting a system update I
would not have accepted if I had time to read the pop-up) but you should
always be careful with users… Their attitude might type first, think later.


Achim

[Achim Patzner]

Am 10.11.2016 um 12:43 schrieb Eva Star:

>> I hope I'm not too offtopic but a gui option to shut down multiple vms at once would be cool.
> `qvm-shutdown --all --wait` -- will shutdown all VMs (if it helps)

Multiple, not all. Select multipel lines and then get a pop-up option
"shut these down". Or "qvm-shutdown --class=Template --all".


Achim