Normal routine updating of TemplateVM through command line
156 views
Skip to first unread message
Otto Kratik
Jul 13, 2015, 1:46:29 PM7/13/15
to qubes...@googlegroups.com
Sometimes in Qubes VM manager it shows the refresh/recycle icon for a TemplateVM, such as Fedora-20, indicating updates available. It is easy enough to perform this update graphically using the Manager interface. What I am wondering is what is the correct way to perform this update from the command line, so as to see more status/progress/error messages during the process?
Is it done from dom0 konsole, or from terminal within TemplateVM itself? And is it..
yum update?
yum distro-sync?
yum install fedora-upgrade?
Thanks.
Jeremias E.
Jul 13, 2015, 1:57:18 PM7/13/15
to qubes...@googlegroups.com
Hello,
I use always:
yum update
I mean this is just for updates e. g. fedora 20. It does not upgrade to another version of fedora.
For debian it would be:
apt-get update
apt-get upgrade
or as one line: apt-get update & apt-get upgrade
and with aptitude:
aptitude update
aptitude upgrade
as one line: aptitude update & aptitude upgrade
Best regards
J. Eppler
I use always:
yum update
I mean this is just for updates e. g. fedora 20. It does not upgrade to another version of fedora.
For debian it would be:
apt-get update
apt-get upgrade
or as one line: apt-get update & apt-get upgrade
and with aptitude:
aptitude update
aptitude upgrade
as one line: aptitude update & aptitude upgrade
Best regards
J. Eppler
Otto Kratik
Jul 13, 2015, 2:01:06 PM7/13/15
to qubes...@googlegroups.com
On Monday, July 13, 2015 at 1:57:18 PM UTC-4, Jeremias E. wrote:
I use always:
yum update
I mean this is just for updates e. g. fedora 20. It does not upgrade to another version of fedora.
Thanks and yes, it was just normal ongoing updates of fedora 20 I meant, not actual migration to a new base version (like 21).
Marek Marczykowski-Górecki
Jul 13, 2015, 3:48:16 PM7/13/15
to Jeremias E., qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, Jul 13, 2015 at 10:57:18AM -0700, Jeremias E. wrote:
> Hello,
>
> I use always:
> yum update
>
> I mean this is just for updates e. g. fedora 20. It does not upgrade to
> another version of fedora.
>
> For debian it would be:
> apt-get update
> apt-get upgrade
>
> or as one line: apt-get update & apt-get upgrade
I think it should be apt-get dist-upgrade instead of apt-get
upgrade. If new dependency is added to a package, plain upgrade will not
install such updated package.
> and with aptitude:
> aptitude update
> aptitude upgrade
>
> as one line: aptitude update & aptitude upgrade
>
> Best regards
> J. Eppler
>
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVpBX2AAoJENuP0xzK19csccAH/3X2vQxfgrONgRyWpRWmuDE/
T9n4qnOu97xrAUjMWDhGy2ElNs8D6a5jx5qSZCsxIgo7Hg1D9B7cFwg1WaVeU3nF
uvA4NVTQzmwr3ERsUIwG2RvgrlNThAM5Bz9rGA9EEfM11aZJ3K4h32qx8NdJFXMU
NCMnacFPkuO1guk1l4uqb8fjD8mn1yktiRjYd/Yg2X27WmdfguDDEF12EBfxMiSJ
sN0puvlpW8SJZllOvH+ivbJ1nngF+D9AwXdHD3KPwLHOx99z9B1aUwgp7YBDOlR4
U2dM62ZdCo4kO8Fol7MZV3FUJFVySr4za3SwgkjayWdPdwOmmKEqQ160LtFqk48=
=vmdH
-----END PGP SIGNATURE-----
Hash: SHA256
On Mon, Jul 13, 2015 at 10:57:18AM -0700, Jeremias E. wrote:
> Hello,
>
> I use always:
> yum update
>
> I mean this is just for updates e. g. fedora 20. It does not upgrade to
> another version of fedora.
>
> For debian it would be:
> apt-get update
> apt-get upgrade
>
> or as one line: apt-get update & apt-get upgrade
upgrade. If new dependency is added to a package, plain upgrade will not
install such updated package.
> and with aptitude:
> aptitude update
> aptitude upgrade
>
> as one line: aptitude update & aptitude upgrade
>
> Best regards
> J. Eppler
>
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVpBX2AAoJENuP0xzK19csccAH/3X2vQxfgrONgRyWpRWmuDE/
T9n4qnOu97xrAUjMWDhGy2ElNs8D6a5jx5qSZCsxIgo7Hg1D9B7cFwg1WaVeU3nF
uvA4NVTQzmwr3ERsUIwG2RvgrlNThAM5Bz9rGA9EEfM11aZJ3K4h32qx8NdJFXMU
NCMnacFPkuO1guk1l4uqb8fjD8mn1yktiRjYd/Yg2X27WmdfguDDEF12EBfxMiSJ
sN0puvlpW8SJZllOvH+ivbJ1nngF+D9AwXdHD3KPwLHOx99z9B1aUwgp7YBDOlR4
U2dM62ZdCo4kO8Fol7MZV3FUJFVySr4za3SwgkjayWdPdwOmmKEqQ160LtFqk48=
=vmdH
-----END PGP SIGNATURE-----
Otto Kratik
Jul 13, 2015, 4:12:57 PM7/13/15
to qubes...@googlegroups.com, j.ep...@openmailbox.org
On Monday, July 13, 2015 at 3:48:16 PM UTC-4, Marek Marczykowski-Górecki wrote:
I think it should be apt-get dist-upgrade instead of apt-get
upgrade. If new dependency is added to a package, plain upgrade will not
install such updated package.
But for Fedora, presumably just 'yum update' by itself, is sufficient to do everything needed...
Jeremias E.
Jul 13, 2015, 4:34:42 PM7/13/15
to qubes...@googlegroups.com, j.ep...@openmailbox.org
the yum man page says that, basically that: yum update and yum upgrade are the same statment, with one small difference. The yum upgrade command is exactly the same as yum --obsoletes update. The obsolete option removes unused packages too.
Jeremias E.
Jul 13, 2015, 5:21:46 PM7/13/15
to qubes...@googlegroups.com, j.ep...@openmailbox.org
Hello,
I think it should be apt-get dist-upgrade instead of apt-get
upgrade. If new dependency is added to a package, plain upgrade will not
install such updated package.
the only thing is that apt-get dist-upgrade also upgrades the kernel, whereas apt-get upgrade does not. But yes dist-upgrade makes more sense.
raf...@elitemail.org
Jul 13, 2015, 5:47:54 PM7/13/15
to Otto Kratik, qubes...@googlegroups.com
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to qubes-users...@googlegroups.com
> <mailto:qubes-users...@googlegroups.com>.
> To post to this group, send email to qubes...@googlegroups.com
> <mailto:qubes...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/6dcd1ab9-0247-460f-9a5a-61b48b4d67e0%40googlegroups.com
> <https://groups.google.com/d/msgid/qubes-users/6dcd1ab9-0247-460f-9a5a-61b48b4d67e0%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
As said, yum update (within the TemplateVM).
Also, you can separate the networking from the templates as is done with
dom0:
1 - create an update-vm
2 - set update-vm's template as the template to be updated
- I have used this method with the fedora-2x, fedora-2x-minimal, and
debian-8 templates
3 - open a terminal in the update-vm
4 - create a folder (once) for the updates: mkdir updates
5 - run "cd updates;sudo yum update --downloadonly --downloaddir=."
6 - run "qvm-copy-to-vm (templateVM) *" (or qvm-move-to-vm)
7 - open a terminal in the template, cd to
/home/user/QubesIncoming/update-vm
8 - run "sudo yum localinstall *"
Run the commands without the quotes and change the names as necessary,
of course.
Marek Marczykowski-Górecki
Jul 13, 2015, 6:03:15 PM7/13/15
to Jeremias E., qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
Kernel for the VM is provided by dom0.
Anyway I don't think preventing kernel upgrades is a good idea. Why keep
this particular system component outdated?
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
WDFM9a1nYAmsiud1Ti7dqV+JQuNLqhZZHvFx6P9FBaosKZEBfp5A7xvd56rQTJLz
lVa5GqfAfEiHWdVOqv6fEgQlksjkOoFGY49jleK82Zui+sLKfzgPm/FMvDEBkryO
BaAEjxs7H6CuRQl9GuAZQcFP66rjpIKVVV2HtX0BxX55djRon5vxB2jei5UavIHU
04QAVki4ZrQKINs8VZaH59jXSNenv1eemg3bDflFf1pXzH2m3g6mVvxfOkWBVV+u
e1xRLqGh5jgLBbkPH6s0UMWQq/VeU3GcjuJa/4/WIVENxp4BsKc/1Z+hLDc8JrI=
=0PiK
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Jul 13, 2015, 6:10:45 PM7/13/15
to raf...@elitemail.org, Otto Kratik, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Mon, Jul 13, 2015 at 03:48:11PM -0600, raf...@elitemail.org wrote:
> On 07/13/2015 11:46 AM, Otto Kratik wrote:
> > Sometimes in Qubes VM manager it shows the refresh/recycle icon for a
> > TemplateVM, such as Fedora-20, indicating updates available. It is
> > easy enough to perform this update graphically using the Manager
> > interface. What I am wondering is what is the correct way to perform
> > this update from the command line, so as to see more
> > status/progress/error messages during the process?
> >
> > Is it done from dom0 konsole, or from terminal within TemplateVM
> > itself? And is it..
> >
> > yum update?
> > yum distro-sync?
> > yum install fedora-upgrade?
>
> On 07/13/2015 11:46 AM, Otto Kratik wrote:
> > Sometimes in Qubes VM manager it shows the refresh/recycle icon for a
> > TemplateVM, such as Fedora-20, indicating updates available. It is
> > easy enough to perform this update graphically using the Manager
> > interface. What I am wondering is what is the correct way to perform
> > this update from the command line, so as to see more
> > status/progress/error messages during the process?
> >
> > Is it done from dom0 konsole, or from terminal within TemplateVM
> > itself? And is it..
> >
> > yum update?
> > yum distro-sync?
> > yum install fedora-upgrade?
>
> As said, yum update (within the TemplateVM).
>
> Also, you can separate the networking from the templates as is done with
> dom0:
>
> 1 - create an update-vm
> 2 - set update-vm's template as the template to be updated
> - I have used this method with the fedora-2x, fedora-2x-minimal, and
> debian-8 templates
> 3 - open a terminal in the update-vm
> 4 - create a folder (once) for the updates: mkdir updates
> 5 - run "cd updates;sudo yum update --downloadonly --downloaddir=."
> 6 - run "qvm-copy-to-vm (templateVM) *" (or qvm-move-to-vm)
> 7 - open a terminal in the template, cd to
> /home/user/QubesIncoming/update-vm
> 8 - run "sudo yum localinstall *"
Make sure that the last command verifies package signatures. AFAIR yum
>
> Also, you can separate the networking from the templates as is done with
> dom0:
>
> 1 - create an update-vm
> 2 - set update-vm's template as the template to be updated
> - I have used this method with the fedora-2x, fedora-2x-minimal, and
> debian-8 templates
> 3 - open a terminal in the update-vm
> 4 - create a folder (once) for the updates: mkdir updates
> 5 - run "cd updates;sudo yum update --downloadonly --downloaddir=."
> 6 - run "qvm-copy-to-vm (templateVM) *" (or qvm-move-to-vm)
> 7 - open a terminal in the template, cd to
> /home/user/QubesIncoming/update-vm
> 8 - run "sudo yum localinstall *"
localinstall doesn't do that. Most likely signatures needs to be checked
manually, I don't see an option to force signature verification on yum
localinstall. Something like this:
rpm -K * | grep -v "\<gpg\>"
(output should be empty)
> Run the commands without the quotes and change the names as necessary,
> of course.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
LuB2+//VlVJwmUhDsriRpZl4CRDuy2V3ZsXEe+Mp4enBsCc2ufvr2w1RvFudQ1jV
YgS1lwGLM3GbWKfJ+NK+t9iaB7V/LXDAf1dB126aVfvpzefWByqwfViOUOU5uZIE
/d2gMAzCJ2hZ0KgPrn4LpVY+yJg72//IpPHDj3hbzLIXulCvaGhPiH+DlXe6Y7j6
kq2TMruw8QUW7mUX4AXaOE/IFDA/kuVW6vrycMh1oSGPvnoCUo4lxoBpVJx8Idz4
/j2MwgUBmk+aikbP/ViEZTi9ubNTXUzgq+UTtXMAOg4FZHhMZS8BtXuqXdSL+7Y=
=yFrR
-----END PGP SIGNATURE-----
raf...@elitemail.org
Jul 15, 2015, 9:30:48 PM7/15/15
to Marek Marczykowski-Górecki, Otto Kratik, qubes...@googlegroups.com
and config files, and falsely assumed that the signature was being
checked. Installing (in a dispVM) an otherwise properly signed package
after:
$ echo " " >> package.rpm
to produce a bad signature shows that is not the case. Verifying
manually is necessary.
Reply all
Reply to author
Forward
0 new messages