On Saturday, December 15, 2018 at 4:47:19 PM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 03:19:15PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > wrote: > > > Some typos corrected and clarification added: > > > > > > > > > John, > > > I'll take a shot at helping but would defer to Unman who has helped me > > > out a lot, both directly and indirectly on this forum. > > > > > > Some notes: > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > Not an expert but have having been using Qubes as my primary for over a > > > year. > > > > > > I loaded 4.0, however during the setup I did not add the default whonix > > > template(v13 I think) to my system as the default whonix needs to be > > > removed in order to upgrade to whonix-14. This option is chosen when > > > loading Qubes for the first time. > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 template > > > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > > > > > All updates going forward are done thru sys-whonix-14-GW......... > > > > > > When you say upgrading Firefox are you just updating Firefox or the whole > > > template...I don't just upgrade Firefox, I update the whole template i.e. > > > I update the Debian template and the Fedora template and this updates > > > Firefox in the template and the appvm's associated with the templates. > > > Make sure you are aware of the template/appvm relationship...you don't > > > update the appvm(e.g. sys-whonix), you update the template(whonix-gw) > > > which is the source for the appvm(sys-whonix). > > > > > > Other best practices I follow: > > > *Fresh templates seems to be the advice(vs upgrading) > > > *Whonix-gw template is a key template to update as all my updates are > > > done thru this template/appvms > > > * Get a VPN appvm setup as a priority > > > * Clone your templates and experiment on the clones, this way you can > > > resort back to your clean template WHEN you F%$# it up (Not IF...you will > > > at some point mess one up) > > > > > > Good luck, hope this helps... > > > > Thank you @tutamail. This is more like what I was looking for. I've tried > > most of what you recommend, but not everything. I'll re-install 4.0 and > > give your suggestions a try. > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > > tried 4.0.1-rc1 out of desperation. What I want is the latest production > > 4.0 platform. Most operating systems have a simple process by which you > > are informed of packages that are out of date and are offered an > > opportunity to upgrade them to the most recent version supported by the > > distributor. It would be great if Qubes had something like that. Perhaps > > someday it will. In the meantime, there ought to be a document that clearly > > explains how to go from a fresh install to the most recent Qubes-supported > > version of every package installed in each template and dom0. It would be > > even nicer if there were a nightly/weekly build of the same packages used > > in a fresh install, but all updated to the latest supported version so that > > we could simply download and install that and know that we have all of the > > most recent patches and upgrades. > > > > Qubes already has a simple process to show you when updates are > available , and enables you to update them. If you open the Qube manager > you will see an indicator of when updates are available, and can R-click > to select "update qube".
I've noticed and tried the update notices in QM. I wasn't sure if that was the same as using the shortcuts and/or os package manager. I've tried both and had issues with both. > If you don't use the Qube manager, then you can just run "sudo > qubes-dom0-update" periodically to check for and install updates in > dom0, and 'apt update' as you will. I generally do include qubes-dom0-update as either the first step after a fresh install or right after installing fedora-28. Oddly, the first section of the doc on installing and updating software in dom0 https://www.qubes-os.org/doc/software-update-dom0/ reads like a warning not to do it unless you have a specific reason (and then goes on to list some of those reasons), so at first didn't run qubes-dom0-update. It was only after I started reading some of the Xen security patch announcements that I started including this as a mandatory early step after a fresh install. > > I use salt to update all my templates with a single command, but other > users have python/bash scripts to iterate over templates. Interesting. I'm not familiar with this at all. I'll see what I can find out with some searching. > > There's also an update widget on the way. > > There are already docs about updating dom0 and templates: > www.qubes-os.org/doc/software-update-dom0 > www.qubes-os.org/doc/software-update-vm > These give a fairly detailed guide. If you think they need clarification > please suggest changes in a PR. > > The latest versions of packages are in the current repository after > spending some time in testing. There really isn't any need for nightly > builds, I think. If you keep your dom0 updated then it will transition > to 4.0.1. (Many users seem to find this hard to grasp.) Thanks for pointing this out. So once 4.0.1 goes GA, a 4.0 system will automatically upgrade itself to 4.0.1 via qubes-dom0-update? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd118e8b-c590-4f37-adb8-752cbb8a557c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
