On Wed, May 26, 2021 at 04:22:39PM +0200, Ulrich Windl wrote: > Hi! > > I know that the issue is marked fixed already, but I wonder if there should > have been some more popular notice for this surprising change in the update > mechanism. > > Today I saw there (before installing updates): > [master@dom0 ~]$ sudo qubes-dom0-update > Using sys-firewall as UpdateVM to download updates for Dom0; this may take > some time... > warning: Converting database from bdb to sqlite backend > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: > OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: > OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: > OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; > Configuration: OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; > Configuration: OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; > Configuration: OptionBinding with id "failovermethod" does not exist > Warning: Enforcing GPG signature check globally as per active RPM security > policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this message) > > Today's updates were: > pm-plugin-systemd-inhibit-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM > CEST > rpm-plugin-selinux-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM > CEST > qubes-rpm-oxide-0.2.2-1.fc25.x86_64 Wed 26 May 2021 03:34:19 PM > CEST > qubes-mgmt-salt-dom0-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:19 PM > CEST > qubes-core-dom0-linux-kernel-install-4.0.30-1.fc25.x86_64 Wed 26 May 2021 > 03:34:19 PM CEST > qubes-core-dom0-linux-4.0.30-1.fc25.x86_64 Wed 26 May 2021 03:34:19 PM > CEST > python3-rpm-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM > CEST > python2-rpm-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM > CEST > rpm-sign-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM > CEST > rpm-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM > CEST > rpm-build-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM > CEST > rpm-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM > CEST > qubes-mgmt-salt-config-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:12 PM > CEST > qubes-mgmt-salt-base-config-4.0.2-1.fc25.noarch Wed 26 May 2021 03:34:12 PM > CEST > qubes-mgmt-salt-base-4.0.4-1.fc25.noarch Wed 26 May 2021 03:34:12 PM > CEST > qubes-mgmt-salt-admin-tools-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:12 PM > CEST > qubes-mgmt-salt-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:12 PM > CEST > > When re-trying after those updates, (most of) the message is still there: > Using sys-firewall as UpdateVM to download updates for Dom0; this may take > some time... > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: > OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: > OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: > OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; > Configuration: OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; > Configuration: OptionBinding with id "failovermethod" does not exist > Invalid configuration value: failovermethod=priority in > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; > Configuration: OptionBinding with id "failovermethod" does not exist > Warning: Enforcing GPG signature check globally as per active RPM security > policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this message) > Last metadata expiration check: 0:41:44 ago on Wed May 26 15:33:47 2021. > Dependencies resolved. > ========================================================================================= > Package Arch Version Repository > Size > ========================================================================================= > Upgrading: > python2-rpm x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 118 k > python3-rpm x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 118 k > qubes-core-dom0-linux x86_64 4.0.30-1.fc25 > qubes-dom0-current 54 k > qubes-core-dom0-linux-kernel-install x86_64 4.0.30-1.fc25 > qubes-dom0-current 14 k > qubes-mgmt-salt noarch 4.0.25-1.fc25 > qubes-dom0-current 11 k > qubes-mgmt-salt-admin-tools noarch 4.0.25-1.fc25 > qubes-dom0-current 23 k > qubes-mgmt-salt-base noarch 4.0.4-1.fc25 > qubes-dom0-current 23 k > qubes-mgmt-salt-base-config noarch 4.0.2-1.fc25 > qubes-dom0-current 16 k > qubes-mgmt-salt-config noarch 4.0.25-1.fc25 > qubes-dom0-current 27 k > qubes-mgmt-salt-dom0 noarch 4.0.25-1.fc25 > qubes-dom0-current 12 k > rpm x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 531 k > rpm-build-libs x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 137 k > rpm-libs x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 325 k > rpm-plugin-selinux x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 68 k > rpm-plugin-systemd-inhibit x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 69 k > rpm-sign-libs x86_64 4.14.2.1-5.fc25 > qubes-dom0-current 71 k > Installing dependencies: > qubes-rpm-oxide x86_64 0.2.2-1.fc25 > qubes-dom0-current 138 k > > Transaction Summary > ========================================================================================= > Install 1 Package > Upgrade 16 Packages > > Total size: 1.7 M > DNF will only download packages for the transaction. > Downloading Packages: > [SKIPPED] qubes-rpm-oxide-0.2.2-1.fc25.x86_64.rpm: Already downloaded > > [SKIPPED] python2-rpm-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded > > [SKIPPED] python3-rpm-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded > > [SKIPPED] qubes-core-dom0-linux-4.0.30-1.fc25.x86_64.rpm: Already downloaded > [SKIPPED] qubes-core-dom0-linux-kernel-install-4.0.30-1.fc25.x86_64.rpm: > Already downloaded > [SKIPPED] qubes-mgmt-salt-4.0.25-1.fc25.noarch.rpm: Already downloaded > > [SKIPPED] qubes-mgmt-salt-admin-tools-4.0.25-1.fc25.noarch.rpm: Already > downloaded > [SKIPPED] qubes-mgmt-salt-base-4.0.4-1.fc25.noarch.rpm: Already downloaded > [SKIPPED] qubes-mgmt-salt-base-config-4.0.2-1.fc25.noarch.rpm: Already > downloaded > [SKIPPED] qubes-mgmt-salt-config-4.0.25-1.fc25.noarch.rpm: Already > downloaded > [SKIPPED] qubes-mgmt-salt-dom0-4.0.25-1.fc25.noarch.rpm: Already downloaded > [SKIPPED] rpm-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded > > [SKIPPED] rpm-build-libs-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded > > [SKIPPED] rpm-libs-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded > > [SKIPPED] rpm-plugin-selinux-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded > [SKIPPED] rpm-plugin-systemd-inhibit-4.14.2.1-5.fc25.x86_64.rpm: Already > downloaded > [SKIPPED] rpm-sign-libs-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded > > Complete! > The downloaded packages were saved in cache until the next successful > transaction. > You can remove cached packages by executing 'dnf clean packages'. > Qubes OS Repository for Dom0 > > 33 MB/s | 34 kB 00:00 > > So (as it seems) I'll have to follow > https://github.com/QubesOS/qubes-issues/issues/6581 > Unfortunately > https://github.com/QubesOS/qubes-issues/issues/6581#issuecomment-832121456 > is not really helpful: Where is that configuration file? Specifically > /var/lib/qubes/dom0-updates/ does not exist after running the update > command. > > So what's the status? > > Regards, > Ulrich >
The changes consequent on hardening of the rpm update mechanism were poorly handled. The changes consequent to upgrading the updateVM to fedora-33 were warnings, and the solution was signalled in the warning message. (see 'gpgcheck' in dnf.conf(5) for how to squelch this message) Very few users seem to have a) read that message, or b) tried to do what it said. You have to look at the manpage in the updateVM (since that is where the warning is coming from) and apply the solution in dom0. This isnt intuitive unless you know about the Qubes dom0 update mechanism. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210526152314.GE16045%40thirdeyesecurity.org.
