[bug] 'qubes-set-updates disable' does not work if a new VM is created

[Andrew B]

Hi,

I've noticed that even though I have disabled all automatic update checks (through Qubes Manager, and verified disabled with `qubes-set-updates status`; also, the flag file /var/lib/qubes/updates/disable-updates exists), I am still sometimes notified of available updates. It's rather disconcerting and makes me worried that I do not have full control over my network traffic.

After investigating which VM has the /var/run/qubes-service/qubes-update-check file that enables the qubes-update-check.timer service, I found exactly one: a newly-created (as in, created *after* I disabled automatic update checks) network-connected VM. I did not dig deeper, but I suspect the service is not being properly disabled upon VM creation as it should be.

Best,
Andrew

[Marek Marczykowski-Górecki]

Thanks for the report, I though I've documented this known limitation somewhere...
Anyway created a ticket:
https://wiki.qubes-os.org/ticket/892

That /var/lib/qubes/updates/disable-updates file is only for dom0 updates,
there is currently no simple way to check that setting for VMs (other than
checking each VM individually, which Qubes Manager does). So apparently
default for VMs needs to be stored somewhere

--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?