Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sun, Dec 16, 2018 at 08:35:57PM -0800, John Smiley wrote: > On Sunday, December 16, 2018 at 4:12:56 AM UTC-8, unman wrote: > > On Sat, Dec 15, 2018 at 06:31:35PM -0800, John Smiley wrote: > > > On Saturday, December 15, 2018 at 6:24:49 PM UTC-8, unman wrote: > > > > On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > > > > > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > > > > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > > > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley > > > > > > > wrote: > > > > > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, > > > > > > > > 22...@tutamail.com wrote: > > > > > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > > > > > > > > > > > > > John, > > > > > > > > > I'll take a shot at helping but would defer to Unman who has > > > > > > > > > helped me out a lot, both directly and indirectly on this > > > > > > > > > forum. > > > > > > > > > > > > > > > > > > Some notes: > > > > > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > > > > > Not an expert but have having been using Qubes as my primary > > > > > > > > > for over a year. > > > > > > > > > > > > > > > > > > I loaded 4.0, however during the setup I did not add the > > > > > > > > > default whonix template(v13 I think) to my system as the > > > > > > > > > default whonix needs to be removed in order to upgrade to > > > > > > > > > whonix-14. This option is chosen when loading Qubes for the > > > > > > > > > first time. > > > > > > > > > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my > > > > > > > > > network > > > > > > > > > > > > > > > > > > After installing Qubes 4.0, I immediately install the > > > > > > > > > whonix-14 template following these instructions: > > > > > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > > > > > > > > > All updates going forward are done thru > > > > > > > > > sys-whonix-14-GW. > > > > > > > > > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox > > > > > > > > > or the whole template...I don't just upgrade Firefox, I > > > > > > > > > update the whole template i.e. I update the Debian template > > > > > > > > > and the Fedora template and this updates Firefox in the > > > > > > > > > template and the appvm's associated with the templates. Make > > > > > > > > > sure you are aware of the template/appvm relationship...you > > > > > > > > > don't update the appvm(e.g. sys-whonix), you update the > > > > > > > > > template(whonix-gw) which is the source for the > > > > > > > > > appvm(sys-whonix). > > > > > > > > > > > > > > > > > > Other best practices I follow: > > > > > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > > > > > *Whonix-gw template is a key template to update as all my > > > > > > > > > updates are done thru this template/appvms > > > > > > > > > * Get a VPN appvm setup as a priority > > > > > > > > > * Clone your templates and experiment on the clones, this way > > > > > > > > > you can resort back to your clean template WHEN you F%$# it > > > > > > > > > up (Not IF...you will at some point mess one up) > > > > > > > > > > > > > > > > > > Good luck, hope this helps... > > > > > > > > > > > > > > > > Thank you @tutamail. This is more like what I was looking for. > > > > > > > > I've tried most of what you recommend, but not everything. > > > > > > > > I'll re-install 4.0 and give your suggestions a try. > > > > > > > > > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't > > > > > > > > clear. I only tried 4.0.1-rc1 out of desperation. What I want > > > > > > > > is the latest production 4.0 platform. Most operating systems > > > > > > > > have a simple process by which you are informed of packages > > > > > > > > that are out of date and are offered an opportunity to upgrade > > > > > > > > them to the most recent version supported by the distributor. > > > > > > > > It would be great if Qubes had something like that. Perhaps > > > > > > > > someday it will. In the meantime, there ought to be a document > > > > > > > > that clearly explains how to go from a fresh install to the > > > > > > > > most recent Qubes-supported version of every package installed > > > > > > > > in each template and dom0. It would be even nicer if there > > > > > > > > were a nightly/weekly build of the same packages used in a > > > > > > > > fresh install, but all updated to the latest supported version > > > > > > > > so that we could simply download and install that and know that > > > > > > > > we have all of the most recent patches and upgrades. > > > > > > > > > > > > > > I can hear some of you now saying that if I want these things > > > > > > > then get up off my lazy ass and build them. If I weren't fully > > > > > > > (some would say overyly) employed wit
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sunday, December 16, 2018 at 4:12:56 AM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 06:31:35PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 6:24:49 PM UTC-8, unman wrote: > > > On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > > > > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > > > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley > > > > > > wrote: > > > > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, > > > > > > > 22...@tutamail.com wrote: > > > > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > > > > > > > > > > John, > > > > > > > > I'll take a shot at helping but would defer to Unman who has > > > > > > > > helped me out a lot, both directly and indirectly on this forum. > > > > > > > > > > > > > > > > Some notes: > > > > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > > > > Not an expert but have having been using Qubes as my primary > > > > > > > > for over a year. > > > > > > > > > > > > > > > > I loaded 4.0, however during the setup I did not add the > > > > > > > > default whonix template(v13 I think) to my system as the > > > > > > > > default whonix needs to be removed in order to upgrade to > > > > > > > > whonix-14. This option is chosen when loading Qubes for the > > > > > > > > first time. > > > > > > > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > > > > > template following these instructions: > > > > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > > > > > > > All updates going forward are done thru > > > > > > > > sys-whonix-14-GW. > > > > > > > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox or > > > > > > > > the whole template...I don't just upgrade Firefox, I update the > > > > > > > > whole template i.e. I update the Debian template and the Fedora > > > > > > > > template and this updates Firefox in the template and the > > > > > > > > appvm's associated with the templates. Make sure you are aware > > > > > > > > of the template/appvm relationship...you don't update the > > > > > > > > appvm(e.g. sys-whonix), you update the template(whonix-gw) > > > > > > > > which is the source for the appvm(sys-whonix). > > > > > > > > > > > > > > > > Other best practices I follow: > > > > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > > > > *Whonix-gw template is a key template to update as all my > > > > > > > > updates are done thru this template/appvms > > > > > > > > * Get a VPN appvm setup as a priority > > > > > > > > * Clone your templates and experiment on the clones, this way > > > > > > > > you can resort back to your clean template WHEN you F%$# it up > > > > > > > > (Not IF...you will at some point mess one up) > > > > > > > > > > > > > > > > Good luck, hope this helps... > > > > > > > > > > > > > > Thank you @tutamail. This is more like what I was looking for. > > > > > > > I've tried most of what you recommend, but not everything. I'll > > > > > > > re-install 4.0 and give your suggestions a try. > > > > > > > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. > > > > > > > I only tried 4.0.1-rc1 out of desperation. What I want is the > > > > > > > latest production 4.0 platform. Most operating systems have a > > > > > > > simple process by which you are informed of packages that are out > > > > > > > of date and are offered an opportunity to upgrade them to the > > > > > > > most recent version supported by the distributor. It would be > > > > > > > great if Qubes had something like that. Perhaps someday it will. > > > > > > > In the meantime, there ought to be a document that clearly > > > > > > > explains how to go from a fresh install to the most recent > > > > > > > Qubes-supported version of every package installed in each > > > > > > > template and dom0. It would be even nicer if there were a > > > > > > > nightly/weekly build of the same packages used in a fresh > > > > > > > install, but all updated to the latest supported version so that > > > > > > > we could simply download and install that and know that we have > > > > > > > all of the most recent patches and upgrades. > > > > > > > > > > > > I can hear some of you now saying that if I want these things then > > > > > > get up off my lazy ass and build them. If I weren't fully (some > > > > > > would say overyly) employed with nothing but free time on my hands, > > > > > > I still wouldn't do that because I have other interests. I'm the > > > > > > consumer here. Some of you seem to forget that. This is feeback > > > > > > coming from a customer. Treat it as such. > > > > > > > > > > > > I'
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sat, Dec 15, 2018 at 06:31:35PM -0800, John Smiley wrote: > On Saturday, December 15, 2018 at 6:24:49 PM UTC-8, unman wrote: > > On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > > > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > > > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, > > > > > > 22...@tutamail.com wrote: > > > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > > > > > > > John, > > > > > > > I'll take a shot at helping but would defer to Unman who has > > > > > > > helped me out a lot, both directly and indirectly on this forum. > > > > > > > > > > > > > > Some notes: > > > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > > > Not an expert but have having been using Qubes as my primary for > > > > > > > over a year. > > > > > > > > > > > > > > I loaded 4.0, however during the setup I did not add the default > > > > > > > whonix template(v13 I think) to my system as the default whonix > > > > > > > needs to be removed in order to upgrade to whonix-14. This option > > > > > > > is chosen when loading Qubes for the first time. > > > > > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > > > > template following these instructions: > > > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox or > > > > > > > the whole template...I don't just upgrade Firefox, I update the > > > > > > > whole template i.e. I update the Debian template and the Fedora > > > > > > > template and this updates Firefox in the template and the appvm's > > > > > > > associated with the templates. Make sure you are aware of the > > > > > > > template/appvm relationship...you don't update the appvm(e.g. > > > > > > > sys-whonix), you update the template(whonix-gw) which is the > > > > > > > source for the appvm(sys-whonix). > > > > > > > > > > > > > > Other best practices I follow: > > > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > > > *Whonix-gw template is a key template to update as all my updates > > > > > > > are done thru this template/appvms > > > > > > > * Get a VPN appvm setup as a priority > > > > > > > * Clone your templates and experiment on the clones, this way you > > > > > > > can resort back to your clean template WHEN you F%$# it up (Not > > > > > > > IF...you will at some point mess one up) > > > > > > > > > > > > > > Good luck, hope this helps... > > > > > > > > > > > > Thank you @tutamail. This is more like what I was looking for. > > > > > > I've tried most of what you recommend, but not everything. I'll > > > > > > re-install 4.0 and give your suggestions a try. > > > > > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. > > > > > > I only tried 4.0.1-rc1 out of desperation. What I want is the > > > > > > latest production 4.0 platform. Most operating systems have a > > > > > > simple process by which you are informed of packages that are out > > > > > > of date and are offered an opportunity to upgrade them to the most > > > > > > recent version supported by the distributor. It would be great if > > > > > > Qubes had something like that. Perhaps someday it will. In the > > > > > > meantime, there ought to be a document that clearly explains how to > > > > > > go from a fresh install to the most recent Qubes-supported version > > > > > > of every package installed in each template and dom0. It would be > > > > > > even nicer if there were a nightly/weekly build of the same > > > > > > packages used in a fresh install, but all updated to the latest > > > > > > supported version so that we could simply download and install that > > > > > > and know that we have all of the most recent patches and upgrades. > > > > > > > > > > I can hear some of you now saying that if I want these things then > > > > > get up off my lazy ass and build them. If I weren't fully (some > > > > > would say overyly) employed with nothing but free time on my hands, I > > > > > still wouldn't do that because I have other interests. I'm the > > > > > consumer here. Some of you seem to forget that. This is feeback > > > > > coming from a customer. Treat it as such. > > > > > > > > > > I'm also not a Linux newbie. I'm not stumbling around trying to > > > > > figure out where the power button is. I've used, installed, and > > > > > upgraded various forms of Linux for years. My point is I know a lot > > > > > more than most about Linux and virtualization and I'm ha
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 6:24:49 PM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, > > > > > 22...@tutamail.com wrote: > > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > > > > John, > > > > > > I'll take a shot at helping but would defer to Unman who has helped > > > > > > me out a lot, both directly and indirectly on this forum. > > > > > > > > > > > > Some notes: > > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > > Not an expert but have having been using Qubes as my primary for > > > > > > over a year. > > > > > > > > > > > > I loaded 4.0, however during the setup I did not add the default > > > > > > whonix template(v13 I think) to my system as the default whonix > > > > > > needs to be removed in order to upgrade to whonix-14. This option > > > > > > is chosen when loading Qubes for the first time. > > > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > > > template following these instructions: > > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox or the > > > > > > whole template...I don't just upgrade Firefox, I update the whole > > > > > > template i.e. I update the Debian template and the Fedora template > > > > > > and this updates Firefox in the template and the appvm's associated > > > > > > with the templates. Make sure you are aware of the template/appvm > > > > > > relationship...you don't update the appvm(e.g. sys-whonix), you > > > > > > update the template(whonix-gw) which is the source for the > > > > > > appvm(sys-whonix). > > > > > > > > > > > > Other best practices I follow: > > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > > *Whonix-gw template is a key template to update as all my updates > > > > > > are done thru this template/appvms > > > > > > * Get a VPN appvm setup as a priority > > > > > > * Clone your templates and experiment on the clones, this way you > > > > > > can resort back to your clean template WHEN you F%$# it up (Not > > > > > > IF...you will at some point mess one up) > > > > > > > > > > > > Good luck, hope this helps... > > > > > > > > > > Thank you @tutamail. This is more like what I was looking for. I've > > > > > tried most of what you recommend, but not everything. I'll > > > > > re-install 4.0 and give your suggestions a try. > > > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I > > > > > only tried 4.0.1-rc1 out of desperation. What I want is the latest > > > > > production 4.0 platform. Most operating systems have a simple > > > > > process by which you are informed of packages that are out of date > > > > > and are offered an opportunity to upgrade them to the most recent > > > > > version supported by the distributor. It would be great if Qubes had > > > > > something like that. Perhaps someday it will. In the meantime, there > > > > > ought to be a document that clearly explains how to go from a fresh > > > > > install to the most recent Qubes-supported version of every package > > > > > installed in each template and dom0. It would be even nicer if there > > > > > were a nightly/weekly build of the same packages used in a fresh > > > > > install, but all updated to the latest supported version so that we > > > > > could simply download and install that and know that we have all of > > > > > the most recent patches and upgrades. > > > > > > > > I can hear some of you now saying that if I want these things then get > > > > up off my lazy ass and build them. If I weren't fully (some would say > > > > overyly) employed with nothing but free time on my hands, I still > > > > wouldn't do that because I have other interests. I'm the consumer > > > > here. Some of you seem to forget that. This is feeback coming from a > > > > customer. Treat it as such. > > > > > > > > I'm also not a Linux newbie. I'm not stumbling around trying to figure > > > > out where the power button is. I've used, installed, and upgraded > > > > various forms of Linux for years. My point is I know a lot more than > > > > most about Linux and virtualization and I'm having lots of issues with > > > > Qubes. I fully expect to spend many hours learning how Qubes works and > > > > how I can make the best use of it. I should not have to spend many > > > > hours simply getting it installed
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sat, Dec 15, 2018 at 06:12:04PM -0800, John Smiley wrote: > On Saturday, December 15, 2018 at 4:47:19 PM UTC-8, unman wrote: > > On Sat, Dec 15, 2018 at 03:19:15PM -0800, John Smiley wrote: > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > > wrote: > > > > Some typos corrected and clarification added: > > > > > > > > > > > > John, > > > > I'll take a shot at helping but would defer to Unman who has helped me > > > > out a lot, both directly and indirectly on this forum. > > > > > > > > Some notes: > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > Not an expert but have having been using Qubes as my primary for over a > > > > year. > > > > > > > > I loaded 4.0, however during the setup I did not add the default whonix > > > > template(v13 I think) to my system as the default whonix needs to be > > > > removed in order to upgrade to whonix-14. This option is chosen when > > > > loading Qubes for the first time. > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > template following these instructions: > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > > > When you say upgrading Firefox are you just updating Firefox or the > > > > whole template...I don't just upgrade Firefox, I update the whole > > > > template i.e. I update the Debian template and the Fedora template and > > > > this updates Firefox in the template and the appvm's associated with > > > > the templates. Make sure you are aware of the template/appvm > > > > relationship...you don't update the appvm(e.g. sys-whonix), you update > > > > the template(whonix-gw) which is the source for the appvm(sys-whonix). > > > > > > > > Other best practices I follow: > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > *Whonix-gw template is a key template to update as all my updates are > > > > done thru this template/appvms > > > > * Get a VPN appvm setup as a priority > > > > * Clone your templates and experiment on the clones, this way you can > > > > resort back to your clean template WHEN you F%$# it up (Not IF...you > > > > will at some point mess one up) > > > > > > > > Good luck, hope this helps... > > > > > > Thank you @tutamail. This is more like what I was looking for. I've > > > tried most of what you recommend, but not everything. I'll re-install > > > 4.0 and give your suggestions a try. > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > > > tried 4.0.1-rc1 out of desperation. What I want is the latest production > > > 4.0 platform. Most operating systems have a simple process by which you > > > are informed of packages that are out of date and are offered an > > > opportunity to upgrade them to the most recent version supported by the > > > distributor. It would be great if Qubes had something like that. > > > Perhaps someday it will. In the meantime, there ought to be a document > > > that clearly explains how to go from a fresh install to the most recent > > > Qubes-supported version of every package installed in each template and > > > dom0. It would be even nicer if there were a nightly/weekly build of the > > > same packages used in a fresh install, but all updated to the latest > > > supported version so that we could simply download and install that and > > > know that we have all of the most recent patches and upgrades. > > > > > > > Qubes already has a simple process to show you when updates are > > available , and enables you to update them. If you open the Qube manager > > you will see an indicator of when updates are available, and can R-click > > to select "update qube". > > I've noticed and tried the update notices in QM. I wasn't sure if that was > the same as using the shortcuts and/or os package manager. I've tried both > and had issues with both. > > > If you don't use the Qube manager, then you can just run "sudo > > qubes-dom0-update" periodically to check for and install updates in > > dom0, and 'apt update' as you will. > > I generally do include qubes-dom0-update as either the first step after a > fresh install or right after installing fedora-28. Oddly, the first section > of the doc on installing and updating software in dom0 > https://www.qubes-os.org/doc/software-update-dom0/ reads like a warning not > to do it unless you have a specific reason (and then goes on to list some of > those reasons), so at first didn't run qubes-dom0-update. It was only after > I started reading some of the Xen security patch announcements that I started > including this as a mandatory early step after a fresh install. > > > > > I use salt to update all my templates with a single command, but other > > users have python/bash scripts to iterate over templates. >
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > > > wrote: > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > John, > > > > > I'll take a shot at helping but would defer to Unman who has helped > > > > > me out a lot, both directly and indirectly on this forum. > > > > > > > > > > Some notes: > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > Not an expert but have having been using Qubes as my primary for over > > > > > a year. > > > > > > > > > > I loaded 4.0, however during the setup I did not add the default > > > > > whonix template(v13 I think) to my system as the default whonix needs > > > > > to be removed in order to upgrade to whonix-14. This option is chosen > > > > > when loading Qubes for the first time. > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > > template following these instructions: > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox or the > > > > > whole template...I don't just upgrade Firefox, I update the whole > > > > > template i.e. I update the Debian template and the Fedora template > > > > > and this updates Firefox in the template and the appvm's associated > > > > > with the templates. Make sure you are aware of the template/appvm > > > > > relationship...you don't update the appvm(e.g. sys-whonix), you > > > > > update the template(whonix-gw) which is the source for the > > > > > appvm(sys-whonix). > > > > > > > > > > Other best practices I follow: > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > *Whonix-gw template is a key template to update as all my updates are > > > > > done thru this template/appvms > > > > > * Get a VPN appvm setup as a priority > > > > > * Clone your templates and experiment on the clones, this way you can > > > > > resort back to your clean template WHEN you F%$# it up (Not IF...you > > > > > will at some point mess one up) > > > > > > > > > > Good luck, hope this helps... > > > > > > > > Thank you @tutamail. This is more like what I was looking for. I've > > > > tried most of what you recommend, but not everything. I'll re-install > > > > 4.0 and give your suggestions a try. > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I > > > > only tried 4.0.1-rc1 out of desperation. What I want is the latest > > > > production 4.0 platform. Most operating systems have a simple process > > > > by which you are informed of packages that are out of date and are > > > > offered an opportunity to upgrade them to the most recent version > > > > supported by the distributor. It would be great if Qubes had something > > > > like that. Perhaps someday it will. In the meantime, there ought to be > > > > a document that clearly explains how to go from a fresh install to the > > > > most recent Qubes-supported version of every package installed in each > > > > template and dom0. It would be even nicer if there were a > > > > nightly/weekly build of the same packages used in a fresh install, but > > > > all updated to the latest supported version so that we could simply > > > > download and install that and know that we have all of the most recent > > > > patches and upgrades. > > > > > > I can hear some of you now saying that if I want these things then get up > > > off my lazy ass and build them. If I weren't fully (some would say > > > overyly) employed with nothing but free time on my hands, I still > > > wouldn't do that because I have other interests. I'm the consumer here. > > > Some of you seem to forget that. This is feeback coming from a customer. > > > Treat it as such. > > > > > > I'm also not a Linux newbie. I'm not stumbling around trying to figure > > > out where the power button is. I've used, installed, and upgraded > > > various forms of Linux for years. My point is I know a lot more than > > > most about Linux and virtualization and I'm having lots of issues with > > > Qubes. I fully expect to spend many hours learning how Qubes works and > > > how I can make the best use of it. I should not have to spend many hours > > > simply getting it installed and updated. I don't think it's too big of > > > an ask to have this spelled out well enough that someone experienced with > > > Linux, but fresh to Qubes, can follow it and have be confident that the > > > many security and othe
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > > wrote: > > > > Some typos corrected and clarification added: > > > > > > > > > > > > John, > > > > I'll take a shot at helping but would defer to Unman who has helped me > > > > out a lot, both directly and indirectly on this forum. > > > > > > > > Some notes: > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > Not an expert but have having been using Qubes as my primary for over a > > > > year. > > > > > > > > I loaded 4.0, however during the setup I did not add the default whonix > > > > template(v13 I think) to my system as the default whonix needs to be > > > > removed in order to upgrade to whonix-14. This option is chosen when > > > > loading Qubes for the first time. > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > template following these instructions: > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > > > When you say upgrading Firefox are you just updating Firefox or the > > > > whole template...I don't just upgrade Firefox, I update the whole > > > > template i.e. I update the Debian template and the Fedora template and > > > > this updates Firefox in the template and the appvm's associated with > > > > the templates. Make sure you are aware of the template/appvm > > > > relationship...you don't update the appvm(e.g. sys-whonix), you update > > > > the template(whonix-gw) which is the source for the appvm(sys-whonix). > > > > > > > > Other best practices I follow: > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > *Whonix-gw template is a key template to update as all my updates are > > > > done thru this template/appvms > > > > * Get a VPN appvm setup as a priority > > > > * Clone your templates and experiment on the clones, this way you can > > > > resort back to your clean template WHEN you F%$# it up (Not IF...you > > > > will at some point mess one up) > > > > > > > > Good luck, hope this helps... > > > > > > Thank you @tutamail. This is more like what I was looking for. I've > > > tried most of what you recommend, but not everything. I'll re-install > > > 4.0 and give your suggestions a try. > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > > > tried 4.0.1-rc1 out of desperation. What I want is the latest production > > > 4.0 platform. Most operating systems have a simple process by which you > > > are informed of packages that are out of date and are offered an > > > opportunity to upgrade them to the most recent version supported by the > > > distributor. It would be great if Qubes had something like that. > > > Perhaps someday it will. In the meantime, there ought to be a document > > > that clearly explains how to go from a fresh install to the most recent > > > Qubes-supported version of every package installed in each template and > > > dom0. It would be even nicer if there were a nightly/weekly build of the > > > same packages used in a fresh install, but all updated to the latest > > > supported version so that we could simply download and install that and > > > know that we have all of the most recent patches and upgrades. > > > > I can hear some of you now saying that if I want these things then get up > > off my lazy ass and build them. If I weren't fully (some would say > > overyly) employed with nothing but free time on my hands, I still wouldn't > > do that because I have other interests. I'm the consumer here. Some of > > you seem to forget that. This is feeback coming from a customer. Treat it > > as such. > > > > I'm also not a Linux newbie. I'm not stumbling around trying to figure out > > where the power button is. I've used, installed, and upgraded various > > forms of Linux for years. My point is I know a lot more than most about > > Linux and virtualization and I'm having lots of issues with Qubes. I fully > > expect to spend many hours learning how Qubes works and how I can make the > > best use of it. I should not have to spend many hours simply getting it > > installed and updated. I don't think it's too big of an ask to have this > > spelled out well enough that someone experienced with Linux, but fresh to > > Qubes, can follow it and have be confident that the many security and other > > fixes described so well in your announcements are fixed/patched. Perhaps > > the problems I'm experiencing are unusual. I've been told that my hardware > > isn't all that peculiar for Qubes, so this should be a cake walk. > > > > John, most
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 4:47:19 PM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 03:19:15PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > wrote: > > > Some typos corrected and clarification added: > > > > > > > > > John, > > > I'll take a shot at helping but would defer to Unman who has helped me > > > out a lot, both directly and indirectly on this forum. > > > > > > Some notes: > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > Not an expert but have having been using Qubes as my primary for over a > > > year. > > > > > > I loaded 4.0, however during the setup I did not add the default whonix > > > template(v13 I think) to my system as the default whonix needs to be > > > removed in order to upgrade to whonix-14. This option is chosen when > > > loading Qubes for the first time. > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 template > > > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > When you say upgrading Firefox are you just updating Firefox or the whole > > > template...I don't just upgrade Firefox, I update the whole template i.e. > > > I update the Debian template and the Fedora template and this updates > > > Firefox in the template and the appvm's associated with the templates. > > > Make sure you are aware of the template/appvm relationship...you don't > > > update the appvm(e.g. sys-whonix), you update the template(whonix-gw) > > > which is the source for the appvm(sys-whonix). > > > > > > Other best practices I follow: > > > *Fresh templates seems to be the advice(vs upgrading) > > > *Whonix-gw template is a key template to update as all my updates are > > > done thru this template/appvms > > > * Get a VPN appvm setup as a priority > > > * Clone your templates and experiment on the clones, this way you can > > > resort back to your clean template WHEN you F%$# it up (Not IF...you will > > > at some point mess one up) > > > > > > Good luck, hope this helps... > > > > Thank you @tutamail. This is more like what I was looking for. I've tried > > most of what you recommend, but not everything. I'll re-install 4.0 and > > give your suggestions a try. > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > > tried 4.0.1-rc1 out of desperation. What I want is the latest production > > 4.0 platform. Most operating systems have a simple process by which you > > are informed of packages that are out of date and are offered an > > opportunity to upgrade them to the most recent version supported by the > > distributor. It would be great if Qubes had something like that. Perhaps > > someday it will. In the meantime, there ought to be a document that clearly > > explains how to go from a fresh install to the most recent Qubes-supported > > version of every package installed in each template and dom0. It would be > > even nicer if there were a nightly/weekly build of the same packages used > > in a fresh install, but all updated to the latest supported version so that > > we could simply download and install that and know that we have all of the > > most recent patches and upgrades. > > > > Qubes already has a simple process to show you when updates are > available , and enables you to update them. If you open the Qube manager > you will see an indicator of when updates are available, and can R-click > to select "update qube". I've noticed and tried the update notices in QM. I wasn't sure if that was the same as using the shortcuts and/or os package manager. I've tried both and had issues with both. > If you don't use the Qube manager, then you can just run "sudo > qubes-dom0-update" periodically to check for and install updates in > dom0, and 'apt update' as you will. I generally do include qubes-dom0-update as either the first step after a fresh install or right after installing fedora-28. Oddly, the first section of the doc on installing and updating software in dom0 https://www.qubes-os.org/doc/software-update-dom0/ reads like a warning not to do it unless you have a specific reason (and then goes on to list some of those reasons), so at first didn't run qubes-dom0-update. It was only after I started reading some of the Xen security patch announcements that I started including this as a mandatory early step after a fresh install. > > I use salt to update all my templates with a single command, but other > users have python/bash scripts to iterate over templates. Interesting. I'm not familiar with this at all. I'll see what I can find out with some searching. > > There's also an update widget on the way. > > There are already docs about updating dom0 and templates: > www.qubes-os.org/doc/software-update-do
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > wrote: > > > Some typos corrected and clarification added: > > > > > > > > > John, > > > I'll take a shot at helping but would defer to Unman who has helped me > > > out a lot, both directly and indirectly on this forum. > > > > > > Some notes: > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > Not an expert but have having been using Qubes as my primary for over a > > > year. > > > > > > I loaded 4.0, however during the setup I did not add the default whonix > > > template(v13 I think) to my system as the default whonix needs to be > > > removed in order to upgrade to whonix-14. This option is chosen when > > > loading Qubes for the first time. > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 template > > > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > When you say upgrading Firefox are you just updating Firefox or the whole > > > template...I don't just upgrade Firefox, I update the whole template i.e. > > > I update the Debian template and the Fedora template and this updates > > > Firefox in the template and the appvm's associated with the templates. > > > Make sure you are aware of the template/appvm relationship...you don't > > > update the appvm(e.g. sys-whonix), you update the template(whonix-gw) > > > which is the source for the appvm(sys-whonix). > > > > > > Other best practices I follow: > > > *Fresh templates seems to be the advice(vs upgrading) > > > *Whonix-gw template is a key template to update as all my updates are > > > done thru this template/appvms > > > * Get a VPN appvm setup as a priority > > > * Clone your templates and experiment on the clones, this way you can > > > resort back to your clean template WHEN you F%$# it up (Not IF...you will > > > at some point mess one up) > > > > > > Good luck, hope this helps... > > > > Thank you @tutamail. This is more like what I was looking for. I've tried > > most of what you recommend, but not everything. I'll re-install 4.0 and > > give your suggestions a try. > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > > tried 4.0.1-rc1 out of desperation. What I want is the latest production > > 4.0 platform. Most operating systems have a simple process by which you > > are informed of packages that are out of date and are offered an > > opportunity to upgrade them to the most recent version supported by the > > distributor. It would be great if Qubes had something like that. Perhaps > > someday it will. In the meantime, there ought to be a document that clearly > > explains how to go from a fresh install to the most recent Qubes-supported > > version of every package installed in each template and dom0. It would be > > even nicer if there were a nightly/weekly build of the same packages used > > in a fresh install, but all updated to the latest supported version so that > > we could simply download and install that and know that we have all of the > > most recent patches and upgrades. > > I can hear some of you now saying that if I want these things then get up off > my lazy ass and build them. If I weren't fully (some would say overyly) > employed with nothing but free time on my hands, I still wouldn't do that > because I have other interests. I'm the consumer here. Some of you seem to > forget that. This is feeback coming from a customer. Treat it as such. > > I'm also not a Linux newbie. I'm not stumbling around trying to figure out > where the power button is. I've used, installed, and upgraded various forms > of Linux for years. My point is I know a lot more than most about Linux and > virtualization and I'm having lots of issues with Qubes. I fully expect to > spend many hours learning how Qubes works and how I can make the best use of > it. I should not have to spend many hours simply getting it installed and > updated. I don't think it's too big of an ask to have this spelled out well > enough that someone experienced with Linux, but fresh to Qubes, can follow it > and have be confident that the many security and other fixes described so > well in your announcements are fixed/patched. Perhaps the problems I'm > experiencing are unusual. I've been told that my hardware isn't all that > peculiar for Qubes, so this should be a cake walk. > John, most of us have little free time and other interests.We're all participant/consumers, although I dont believe any of us are customers - you're not. But your feedback is valued. It would be *more* helpful if you gave some details about what issues you hav
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sat, Dec 15, 2018 at 03:19:15PM -0800, John Smiley wrote: > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com wrote: > > Some typos corrected and clarification added: > > > > > > John, > > I'll take a shot at helping but would defer to Unman who has helped me out > > a lot, both directly and indirectly on this forum. > > > > Some notes: > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > Not an expert but have having been using Qubes as my primary for over a > > year. > > > > I loaded 4.0, however during the setup I did not add the default whonix > > template(v13 I think) to my system as the default whonix needs to be > > removed in order to upgrade to whonix-14. This option is chosen when > > loading Qubes for the first time. > > > > I immediately update Dom0 using a VPN connection thru my network > > > > After installing Qubes 4.0, I immediately install the whonix-14 template > > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > When you say upgrading Firefox are you just updating Firefox or the whole > > template...I don't just upgrade Firefox, I update the whole template i.e. I > > update the Debian template and the Fedora template and this updates Firefox > > in the template and the appvm's associated with the templates. Make sure > > you are aware of the template/appvm relationship...you don't update the > > appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the > > source for the appvm(sys-whonix). > > > > Other best practices I follow: > > *Fresh templates seems to be the advice(vs upgrading) > > *Whonix-gw template is a key template to update as all my updates are done > > thru this template/appvms > > * Get a VPN appvm setup as a priority > > * Clone your templates and experiment on the clones, this way you can > > resort back to your clean template WHEN you F%$# it up (Not IF...you will > > at some point mess one up) > > > > Good luck, hope this helps... > > Thank you @tutamail. This is more like what I was looking for. I've tried > most of what you recommend, but not everything. I'll re-install 4.0 and give > your suggestions a try. > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > tried 4.0.1-rc1 out of desperation. What I want is the latest production 4.0 > platform. Most operating systems have a simple process by which you are > informed of packages that are out of date and are offered an opportunity to > upgrade them to the most recent version supported by the distributor. It > would be great if Qubes had something like that. Perhaps someday it will. In > the meantime, there ought to be a document that clearly explains how to go > from a fresh install to the most recent Qubes-supported version of every > package installed in each template and dom0. It would be even nicer if there > were a nightly/weekly build of the same packages used in a fresh install, but > all updated to the latest supported version so that we could simply download > and install that and know that we have all of the most recent patches and > upgrades. > Qubes already has a simple process to show you when updates are available , and enables you to update them. If you open the Qube manager you will see an indicator of when updates are available, and can R-click to select "update qube". If you don't use the Qube manager, then you can just run "sudo qubes-dom0-update" periodically to check for and install updates in dom0, and 'apt update' as you will. I use salt to update all my templates with a single command, but other users have python/bash scripts to iterate over templates. There's also an update widget on the way. There are already docs about updating dom0 and templates: www.qubes-os.org/doc/software-update-dom0 www.qubes-os.org/doc/software-update-vm These give a fairly detailed guide. If you think they need clarification please suggest changes in a PR. The latest versions of packages are in the current repository after spending some time in testing. There really isn't any need for nightly builds, I think. If you keep your dom0 updated then it will transition to 4.0.1. (Many users seem to find this hard to grasp.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181216004716.bxxrmrttfbrnzamk%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com wrote: > > Some typos corrected and clarification added: > > > > > > John, > > I'll take a shot at helping but would defer to Unman who has helped me out > > a lot, both directly and indirectly on this forum. > > > > Some notes: > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > Not an expert but have having been using Qubes as my primary for over a > > year. > > > > I loaded 4.0, however during the setup I did not add the default whonix > > template(v13 I think) to my system as the default whonix needs to be > > removed in order to upgrade to whonix-14. This option is chosen when > > loading Qubes for the first time. > > > > I immediately update Dom0 using a VPN connection thru my network > > > > After installing Qubes 4.0, I immediately install the whonix-14 template > > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > When you say upgrading Firefox are you just updating Firefox or the whole > > template...I don't just upgrade Firefox, I update the whole template i.e. I > > update the Debian template and the Fedora template and this updates Firefox > > in the template and the appvm's associated with the templates. Make sure > > you are aware of the template/appvm relationship...you don't update the > > appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the > > source for the appvm(sys-whonix). > > > > Other best practices I follow: > > *Fresh templates seems to be the advice(vs upgrading) > > *Whonix-gw template is a key template to update as all my updates are done > > thru this template/appvms > > * Get a VPN appvm setup as a priority > > * Clone your templates and experiment on the clones, this way you can > > resort back to your clean template WHEN you F%$# it up (Not IF...you will > > at some point mess one up) > > > > Good luck, hope this helps... > > Thank you @tutamail. This is more like what I was looking for. I've tried > most of what you recommend, but not everything. I'll re-install 4.0 and give > your suggestions a try. > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > tried 4.0.1-rc1 out of desperation. What I want is the latest production 4.0 > platform. Most operating systems have a simple process by which you are > informed of packages that are out of date and are offered an opportunity to > upgrade them to the most recent version supported by the distributor. It > would be great if Qubes had something like that. Perhaps someday it will. In > the meantime, there ought to be a document that clearly explains how to go > from a fresh install to the most recent Qubes-supported version of every > package installed in each template and dom0. It would be even nicer if there > were a nightly/weekly build of the same packages used in a fresh install, but > all updated to the latest supported version so that we could simply download > and install that and know that we have all of the most recent patches and > upgrades. I can hear some of you now saying that if I want these things then get up off my lazy ass and build them. If I weren't fully (some would say overyly) employed with nothing but free time on my hands, I still wouldn't do that because I have other interests. I'm the consumer here. Some of you seem to forget that. This is feeback coming from a customer. Treat it as such. I'm also not a Linux newbie. I'm not stumbling around trying to figure out where the power button is. I've used, installed, and upgraded various forms of Linux for years. My point is I know a lot more than most about Linux and virtualization and I'm having lots of issues with Qubes. I fully expect to spend many hours learning how Qubes works and how I can make the best use of it. I should not have to spend many hours simply getting it installed and updated. I don't think it's too big of an ask to have this spelled out well enough that someone experienced with Linux, but fresh to Qubes, can follow it and have be confident that the many security and other fixes described so well in your announcements are fixed/patched. Perhaps the problems I'm experiencing are unusual. I've been told that my hardware isn't all that peculiar for Qubes, so this should be a cake walk. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fbd00f9e-de92-4070-8838-49b735abc62f%40googlegroups.com. For more options, visit https://groups.google.com/d/opt
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com wrote: > Some typos corrected and clarification added: > > > John, > I'll take a shot at helping but would defer to Unman who has helped me out a > lot, both directly and indirectly on this forum. > > Some notes: > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > Not an expert but have having been using Qubes as my primary for over a year. > > I loaded 4.0, however during the setup I did not add the default whonix > template(v13 I think) to my system as the default whonix needs to be removed > in order to upgrade to whonix-14. This option is chosen when loading Qubes > for the first time. > > I immediately update Dom0 using a VPN connection thru my network > > After installing Qubes 4.0, I immediately install the whonix-14 template > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > All updates going forward are done thru sys-whonix-14-GW. > > When you say upgrading Firefox are you just updating Firefox or the whole > template...I don't just upgrade Firefox, I update the whole template i.e. I > update the Debian template and the Fedora template and this updates Firefox > in the template and the appvm's associated with the templates. Make sure you > are aware of the template/appvm relationship...you don't update the > appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the > source for the appvm(sys-whonix). > > Other best practices I follow: > *Fresh templates seems to be the advice(vs upgrading) > *Whonix-gw template is a key template to update as all my updates are done > thru this template/appvms > * Get a VPN appvm setup as a priority > * Clone your templates and experiment on the clones, this way you can resort > back to your clean template WHEN you F%$# it up (Not IF...you will at some > point mess one up) > > Good luck, hope this helps... Thank you @tutamail. This is more like what I was looking for. I've tried most of what you recommend, but not everything. I'll re-install 4.0 and give your suggestions a try. I appreciate the other replies as well. Sorry if I wasn't clear. I only tried 4.0.1-rc1 out of desperation. What I want is the latest production 4.0 platform. Most operating systems have a simple process by which you are informed of packages that are out of date and are offered an opportunity to upgrade them to the most recent version supported by the distributor. It would be great if Qubes had something like that. Perhaps someday it will. In the meantime, there ought to be a document that clearly explains how to go from a fresh install to the most recent Qubes-supported version of every package installed in each template and dom0. It would be even nicer if there were a nightly/weekly build of the same packages used in a fresh install, but all updated to the latest supported version so that we could simply download and install that and know that we have all of the most recent patches and upgrades. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e8badc9-16c2-441e-861f-f7aa44f2d343%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
Some typos corrected and clarification added: John, I'll take a shot at helping but would defer to Unman who has helped me out a lot, both directly and indirectly on this forum. Some notes: Been using 3.2 and 4.0 only...haven't tried 4.0.1 Not an expert but have having been using Qubes as my primary for over a year. I loaded 4.0, however during the setup I did not add the default whonix template(v13 I think) to my system as the default whonix needs to be removed in order to upgrade to whonix-14. This option is chosen when loading Qubes for the first time. I immediately update Dom0 using a VPN connection thru my network After installing Qubes 4.0, I immediately install the whonix-14 template following these instructions: https://www.whonix.org/wiki/Qubes/Install All updates going forward are done thru sys-whonix-14-GW. When you say upgrading Firefox are you just updating Firefox or the whole template...I don't just upgrade Firefox, I update the whole template i.e. I update the Debian template and the Fedora template and this updates Firefox in the template and the appvm's associated with the templates. Make sure you are aware of the template/appvm relationship...you don't update the appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the source for the appvm(sys-whonix). Other best practices I follow: *Fresh templates seems to be the advice(vs upgrading) *Whonix-gw template is a key template to update as all my updates are done thru this template/appvms * Get a VPN appvm setup as a priority * Clone your templates and experiment on the clones, this way you can resort back to your clean template WHEN you F%$# it up (Not IF...you will at some point mess one up) Good luck, hope this helps... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c48d2951-3a73-4e17-a537-bb19ddd08ef7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
John, I'll take a shot at helping but would defer to Unman who has helped me out a lot, both directly and indirectly on this forum. Some notes: Been using 3.2 and 4.0 only...haven't tried 4.0.1 No an expert but have having been hacking my way thru Qubes to make it my primary I loaded 4.0, however during the setup I did not add the default whonix template(v13 I think) to my system as the default whonix needs to be removed in order to upgrade to 14. This option is chosen when loading Qubes for the first time. I immediately update Dom0 using a VPN connection thru my network After installing Qubes 4.0, I immediately install whonix-14 following these instructions: https://www.whonix.org/wiki/Qubes/Install All updates going forward are done thru whonix-14-GW. When you say upgrading Firefox are you just updating Firefox or the whole template...I don't just upgrade Firefox, I update the whole template i.e. I update Debian and Fedora and this updates Firefox in the template and the appvm's associated with the template. Make sure you are aware of the template/appvm relationship...you don't update the appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the source for the appvm(sys-whonix). Other best practices I follow: *Fresh templates seems to be the advice(vs upgrading) *Whonix-gw is a key template to update as all my updates are done thru this template/appvms * Get a VPN appvm setup as a priority * Clone you templates and experiment on the clones, this way you can resort back to your clean template WHEN you F%$# it up (Not IF...you will at some point mess one up) Good luck, hope this helps... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1497de65-baf6-41cb-9813-1b7a05062330%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sat, Dec 15, 2018 at 01:17:59AM -0800, John Smiley wrote: > On Saturday, December 15, 2018 at 1:09:59 AM UTC-8, John Smiley wrote: > > I'm interested in what and in what order, upgrades should be applied > > starting from a base 4.0 install. I've tried several times and gotten > > jammed up each time. I've also tried starting with 4.0.1-rc1, but had > > problems with that out of the box where sys-whonix would die right away. > > 4.0 at least didn't die until I tried upgrading. > > > > There are a lot of upgrades to be applied: firefox and whonix being the top > > two. I've tried both upgrade orders (firefox then whonix as well as whonix > > then firefox). I also usually include a qubues-dom0-update. I also > > typically like to go with fresh template installs rather than upgrades, > > although I've tried both and still ran into issues. > > > > Is there a tried and true path? > > Would some hardware details help? > Gigabyte X299 Aorus Gaming 3 mobo > All firmware and BIOS at latest releases > Intel Core i7-7820X CPU > 32GB RAM > 2 x NVMe 512GB drives (another Linux, usually Ubuntu 18.x installed on one of > these, leaving one free for Qubes) > 1 x SSD 512GB drive (Windows 10 installed here) > TPM 2.0 hardware-based module > 1 x 4K display > 1 x 3K display > 1 x Nvidia 1080 Ti (I built this rig for gaming and then they stopped making > good PC games - at least for my generation - I think I've aged out of all > gaming demographics) > > I have to believe that my problems with 4.0.1-rc are somehow related to my > hardware being a bit unusual for a Qubes box. It can't be as broken for > everyone as it is for me. > If you have a working 4.0 you can upgrade to 4.0.1 by enabling the testing repositories and installing the packages from there. But remember this is currently a testing release - it is NOT "the latest recommended build". If you want that, stay with 4.0 and install updates from the current Qubes repository. If you do want to test 4.0.1rc1, then enable the testing repositories in dom0, update package lists and install latest packages. If you are installing fresh templates remember to also enable Qubes testing repositories in the templates and upgrade them also, to avoid friction between the 4.0 packages in the templates and the 4.0.1 in dom0. Normal distro updates can just be applied. It isn't clear to me in what way 4.0.1 is broken for you. You've reported one issue about Whonix - it should be clear that there are a number of issues with Whonix in 4.0 and in 4.0.1. If you encounter a problem using Whonix make sure that it doesn't apply in the Debian templates, and report it as a Whonix specific issue, or use this mailing list for help. I don't think here's anything in your hardware that strikes me as off, although you may find issues with the Nvidia and 4k - see on this list for other user's experiences. Allocating more memory to the individual qubes seems to help with external displays. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181215151137.74qhjk6d5tcrfblb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 1:09:59 AM UTC-8, John Smiley wrote: > I'm interested in what and in what order, upgrades should be applied starting > from a base 4.0 install. I've tried several times and gotten jammed up each > time. I've also tried starting with 4.0.1-rc1, but had problems with that out > of the box where sys-whonix would die right away. 4.0 at least didn't die > until I tried upgrading. > > There are a lot of upgrades to be applied: firefox and whonix being the top > two. I've tried both upgrade orders (firefox then whonix as well as whonix > then firefox). I also usually include a qubues-dom0-update. I also > typically like to go with fresh template installs rather than upgrades, > although I've tried both and still ran into issues. > > Is there a tried and true path? Would some hardware details help? Gigabyte X299 Aorus Gaming 3 mobo All firmware and BIOS at latest releases Intel Core i7-7820X CPU 32GB RAM 2 x NVMe 512GB drives (another Linux, usually Ubuntu 18.x installed on one of these, leaving one free for Qubes) 1 x SSD 512GB drive (Windows 10 installed here) TPM 2.0 hardware-based module 1 x 4K display 1 x 3K display 1 x Nvidia 1080 Ti (I built this rig for gaming and then they stopped making good PC games - at least for my generation - I think I've aged out of all gaming demographics) I have to believe that my problems with 4.0.1-rc are somehow related to my hardware being a bit unusual for a Qubes box. It can't be as broken for everyone as it is for me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dce55e31-1c31-4f6c-b89e-08954ed4da7e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
