Dear Qubes Community,
At long last, the Qubes 4.1.0 stable release has arrived! The
culmination of years of development, this release brings a host of new
features, major improvements, and numerous bug fixes. Read on to find
out what's new, how to install or upgrade to the new release, and all
the noteworthy changes it includes.
## What's new in Qubes 4.1.0?
In case you still haven't heard, Qubes 4.1.0 includes several major new
features, each of which is explained in depth in its own article.
### Qubes Architecture Next Steps: The GUI Domain
https://www.qubes-os.org/news/2020/03/18/gui-domain/
The GUI domain is a qube separate from dom0 that handles all
display-related tasks and some system management. This separation allows
us to more securely isolate dom0 while granting the user more
flexibility with respect to graphical interfaces.
Note: The GUI domain is still experimental, so it's an opt-in feature in
Qubes 4.1.0:
https://www.qubes-os.org/news/2020/03/18/gui-domain/#what-will-actually-be-in-qubes-41
### Qubes Architecture Next Steps: The New Qrexec Policy System
https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/
Qrexec is is an RPC (remote procedure call) mechanism that allows one
qube to do something inside another qube. The qrexec *policy* system
enforces "who can do what and where." Qubes 4.1 brings a new qrexec
policy format, significant performance improvements, support for socket
services, and policy notifications that make it easier to detect
problems.
### New Gentoo templates and maintenance infrastructure
https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/
There are three new flavors of Gentoo templates, as well as an advanced
infrastructure for automated building and testing, which also supports
Linux kernel and Arch Linux building and testing.
### Improvements in testing and building: GitLab CI and reproducible builds
https://www.qubes-os.org/news/2021/02/28/improvements-in-testing-and-building/
This article explains our work on continuous integration (CI), which
automates and improves several aspects of the development process, and
reproducible builds, which improves the security of the build and
verification process.
### Reproducible builds for Debian: a big step forward
https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/
This article explains the tools and infrastructure we've built to verify
official package builds by rebuilding them. While this was supposed to
be possible in theory, making it a reality required significant work,
including rewriting certain components from scratch.
### More improvements, bug fixes, and updated components
In addition to the articles above, there are also numerous other
improvements and bug fixes listed in the release notes (reproduced
below) and in the issue tracker:
- https://www.qubes-os.org/doc/releases/4.1/release-notes/
-
https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+
Finally, Qubes 4.1.0 features the following updated default components:
- Xen 4.14
- Fedora 32 in dom0
- Fedora 34 template
- Debian 11 template
- Whonix 16 Gateway and Workstation templates
- Linux kernel 5.10
## How to install or upgrade to Qubes 4.1.0
- To perform a fresh install, download Qubes 4.1.0, then follow the
installation guide:
1. https://www.qubes-os.org/downloads/
2. https://www.qubes-os.org/doc/installation-guide/
- If you're currently on Qubes 4.0, please see how to upgrade
to Qubes 4.1:
https://www.qubes-os.org/doc/upgrade/4.1/
- If you're already on any 4.1.0 release candidate, simply perform a
normal update:
https://www.qubes-os.org/doc/how-to-update/
## Support for older releases
In accordance with our release support policy, Qubes 4.0 will remain
supported for six months until 2022-08-04.
https://www.qubes-os.org/doc/supported-releases/#qubes-os
However, the Whonix Project has its own support policy for Whonix
templates, which states that one month after a new stable version of
Qubes OS is released, Whonix templates will no longer be supported on
any older version of Qubes OS. This means that users who wish to
continue using Whonix templates on Qubes must always upgrade to the
latest stable Qubes OS version within one month of its release.
https://www.qubes-os.org/doc/supported-releases/#note-on-whonix-support
## Thank you to our partners, donors, contributors, and testers!
This release would not be possible without generous support from our
partners and donors, as well as contributions from our active community
members, especially bug reports from our testers. We are eternally
grateful to our excellent community for making the Qubes OS Project a
great example of open-source collaboration.
https://www.qubes-os.org/partners/
https://www.qubes-os.org/donate/
https://www.qubes-os.org/doc/contributing/
https://www.qubes-os.org/doc/issue-tracking/
https://www.qubes-os.org/doc/testing/
## Release notes
The following list is also available on the Qubes OS 4.1 release notes
page:
https://www.qubes-os.org/doc/releases/4.1/release-notes/
- Optional qubes-remote-support package now available from repositories
(strictly opt-in, no package installed by default; no new ports or
network connections open by default; requires explicit connection
initiation by the user, then requires sharing a code word with the
remote party before a connection can be established; see
[#6364](https://github.com/QubesOS/qubes-issues/issues/6364) for more
information)
- Qubes firewall reworked to be more defensive (see
[#5540](https://github.com/QubesOS/qubes-issues/issues/5540) for
details)
- Xen upgraded to version 4.14
- Dom0 operating system upgraded to Fedora 32
- Default desktop environment upgraded to Xfce 4.14
- Upgraded default template releases
- Experimental support for GUI running outside of dom0 (hybrid mode GUI
domain without real GPU passthrough; see
[#5662](https://github.com/QubesOS/qubes-issues/issues/5662) for
details)
- Experimental support for audio server running outside of dom0 ("Audio
domain")
- sys-firewall and sys-usb are now disposables by default
- UEFI boot now loads GRUB, which in turn loads Xen, making the boot
path similar to legacy boot and allowing the user to modify boot
parameters or choose an alternate boot menu entry
- New qrexec policy format (see
[#4370](https://github.com/QubesOS/qubes-issues/issues/4370) for
details)
- qrexec protocol improvements (see
[#4909](https://github.com/QubesOS/qubes-issues/issues/4909) for
details)
- New qrexec-policy daemon
- Simplified using in-qube kernels
- Windows USB and audio support courtesy of
[tabit-pro](https://github.com/tabit-pro) (see
[#5802](https://github.com/QubesOS/qubes-issues/issues/5802) and
[#2624](https://github.com/QubesOS/qubes-issues/issues/2624))
- Clarified disposable-related terminology and properties
- Default kernelopts can now be specified by a kernel package
- Improved support for high-resolution displays
- Improved notifications when a system drive runs out of free space
- Support for different cursor shapes
- "Paranoid mode" backup restore option now properly supported using
disposables
- Users can now choose between Debian and Fedora in the installer
- Certain files and applications are now opened in disposables, e.g.,
Thunderbird email attachments
- New graphical interface for managing testing repository updates
- New "Cute Qube" icon family (replaces padlock icons)
- Disposable qube types now use the disposable icon
- New Template Manager tool for installing, removing, and updating
templates (meanwhile, the tool previously known as the "Template
Manager," which was for mass template switching, has been integrated
into the Qube Manager)
- The "file" storage driver has been deprecated in Qubes 4.1 and will be
removed in Qubes 4.2
- `property-del` event renamed to `property-reset` to avoid confusion
- qrexec no longer supports non-executable files in `/etc/qubes-rpc`
- qrexec components have been reorganized into the core-qrexec
repository
- The `qvm-pool` argument parser has been rewritten and improved
- Removed the need for the out-of-tree u2mfn kernel module
- Qrexec services can now run as a socket server
- Improved template distribution mechanism
- Now possible to restart qrexec-agent
- The term "VM" has largely been replaced by "qube"
- GUI daemon is now configured using `qvm-features` tool,
`/etc/qubes/guid.conf` file is no longer used
- `qvm-run` tool got `--no-shell` option to run a single command without
using a shell inside the qube
For a full list, including more detailed descriptions, please see here:
https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+milestone%3A%22Release+4.1%22+label%3A%22release+notes%22+is%3Aclosed
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2022/02/04/qubes-4-1-0/
--
Andrew David Wong
Community Manager
The Qubes OS Project
https://www.qubes-os.org
--
You received this message because you are subscribed to the Google Groups
"qubes-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-announce+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-announce/0f88fd4c-4095-0bb3-4c31-30cc8aecb083%40qubes-os.org.