Dear Qubes Community,

At long last, the Qubes 4.1.0 stable release has arrived! The
culmination of years of development, this release brings a host of new
features, major improvements, and numerous bug fixes. Read on to find
out what's new, how to install or upgrade to the new release, and all
the noteworthy changes it includes.


## What's new in Qubes 4.1.0?

In case you still haven't heard, Qubes 4.1.0 includes several major new
features, each of which is explained in depth in its own article.


### Qubes Architecture Next Steps: The GUI Domain

https://www.qubes-os.org/news/2020/03/18/gui-domain/

The GUI domain is a qube separate from dom0 that handles all
display-related tasks and some system management. This separation allows
us to more securely isolate dom0 while granting the user more
flexibility with respect to graphical interfaces.

Note: The GUI domain is still experimental, so it's an opt-in feature in
Qubes 4.1.0:

https://www.qubes-os.org/news/2020/03/18/gui-domain/#what-will-actually-be-in-qubes-41


### Qubes Architecture Next Steps: The New Qrexec Policy System

https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/

Qrexec is is an RPC (remote procedure call) mechanism that allows one
qube to do something inside another qube. The qrexec *policy* system
enforces "who can do what and where." Qubes 4.1 brings a new qrexec
policy format, significant performance improvements, support for socket
services, and policy notifications that make it easier to detect
problems.


### New Gentoo templates and maintenance infrastructure

https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/

There are three new flavors of Gentoo templates, as well as an advanced
infrastructure for automated building and testing, which also supports
Linux kernel and Arch Linux building and testing.


### Improvements in testing and building: GitLab CI and reproducible builds

https://www.qubes-os.org/news/2021/02/28/improvements-in-testing-and-building/

This article explains our work on continuous integration (CI), which
automates and improves several aspects of the development process, and
reproducible builds, which improves the security of the build and
verification process.


### Reproducible builds for Debian: a big step forward

https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/

This article explains the tools and infrastructure we've built to verify
official package builds by rebuilding them. While this was supposed to
be possible in theory, making it a reality required significant work,
including rewriting certain components from scratch.


### More improvements, bug fixes, and updated components

In addition to the articles above, there are also  numerous other
improvements and bug fixes listed in the release notes (reproduced
below) and in the issue tracker:

- https://www.qubes-os.org/doc/releases/4.1/release-notes/
- https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+

Finally, Qubes 4.1.0 features the following updated default components:

- Xen 4.14
- Fedora 32 in dom0
- Fedora 34 template
- Debian 11 template
- Whonix 16 Gateway and Workstation templates
- Linux kernel 5.10


## How to install or upgrade to Qubes 4.1.0

- To perform a fresh install, download Qubes 4.1.0, then follow the
  installation guide:

  1. https://www.qubes-os.org/downloads/
  2. https://www.qubes-os.org/doc/installation-guide/

- If you're currently on Qubes 4.0, please see how to upgrade
  to Qubes 4.1:

  https://www.qubes-os.org/doc/upgrade/4.1/

- If you're already on any 4.1.0 release candidate, simply perform a
  normal update:

  https://www.qubes-os.org/doc/how-to-update/


## Support for older releases

In accordance with our release support policy, Qubes 4.0 will remain
supported for six months until 2022-08-04.

https://www.qubes-os.org/doc/supported-releases/#qubes-os

However, the Whonix Project has its own support policy for Whonix
templates, which states that one month after a new stable version of
Qubes OS is released, Whonix templates will no longer be supported on
any older version of Qubes OS. This means that users who wish to
continue using Whonix templates on Qubes must always upgrade to the
latest stable Qubes OS version within one month of its release.

https://www.qubes-os.org/doc/supported-releases/#note-on-whonix-support


## Thank you to our partners, donors, contributors, and testers!

This release would not be possible without generous support from our
partners and donors, as well as contributions from our active community
members, especially bug reports from our testers. We are eternally
grateful to our excellent community for making the Qubes OS Project a
great example of open-source collaboration.

https://www.qubes-os.org/partners/
https://www.qubes-os.org/donate/
https://www.qubes-os.org/doc/contributing/
https://www.qubes-os.org/doc/issue-tracking/
https://www.qubes-os.org/doc/testing/


## Release notes

The following list is also available on the Qubes OS 4.1 release notes
page:

https://www.qubes-os.org/doc/releases/4.1/release-notes/

- Optional qubes-remote-support package now available from repositories
  (strictly opt-in, no package installed by default; no new ports or
  network connections open by default; requires explicit connection
  initiation by the user, then requires sharing a code word with the
  remote party before a connection can be established; see
  [#6364](https://github.com/QubesOS/qubes-issues/issues/6364) for more
  information)
- Qubes firewall reworked to be more defensive (see
  [#5540](https://github.com/QubesOS/qubes-issues/issues/5540) for
  details)
- Xen upgraded to version 4.14
- Dom0 operating system upgraded to Fedora 32
- Default desktop environment upgraded to Xfce 4.14
- Upgraded default template releases
- Experimental support for GUI running outside of dom0 (hybrid mode GUI
  domain without real GPU passthrough; see
  [#5662](https://github.com/QubesOS/qubes-issues/issues/5662) for
  details)
- Experimental support for audio server running outside of dom0 ("Audio
  domain")
- sys-firewall and sys-usb are now disposables by default
- UEFI boot now loads GRUB, which in turn loads Xen, making the boot
  path similar to legacy boot and allowing the user to modify boot
  parameters or choose an alternate boot menu entry
- New qrexec policy format (see
  [#4370](https://github.com/QubesOS/qubes-issues/issues/4370) for
  details)
- qrexec protocol improvements (see
  [#4909](https://github.com/QubesOS/qubes-issues/issues/4909) for
  details)
- New qrexec-policy daemon
- Simplified using in-qube kernels
- Windows USB and audio support courtesy of
  [tabit-pro](https://github.com/tabit-pro) (see
  [#5802](https://github.com/QubesOS/qubes-issues/issues/5802) and
  [#2624](https://github.com/QubesOS/qubes-issues/issues/2624))
- Clarified disposable-related terminology and properties
- Default kernelopts can now be specified by a kernel package
- Improved support for high-resolution displays
- Improved notifications when a system drive runs out of free space
- Support for different cursor shapes
- "Paranoid mode" backup restore option now properly supported using
  disposables
- Users can now choose between Debian and Fedora in the installer
- Certain files and applications are now opened in disposables, e.g.,
  Thunderbird email attachments
- New graphical interface for managing testing repository updates
- New "Cute Qube" icon family (replaces padlock icons)
- Disposable qube types now use the disposable icon
- New Template Manager tool for installing, removing, and updating
  templates (meanwhile, the tool previously known as the "Template
  Manager," which was for mass template switching, has been integrated
  into the Qube Manager)
- The "file" storage driver has been deprecated in Qubes 4.1 and will be
  removed in Qubes 4.2
- `property-del` event renamed to `property-reset` to avoid confusion
- qrexec no longer supports non-executable files in `/etc/qubes-rpc`
- qrexec components have been reorganized into the core-qrexec
  repository
- The `qvm-pool` argument parser has been rewritten and improved
- Removed the need for the out-of-tree u2mfn kernel module
- Qrexec services can now run as a socket server
- Improved template distribution mechanism
- Now possible to restart qrexec-agent
- The term "VM" has largely been replaced by "qube"
- GUI daemon is now configured using `qvm-features` tool,
  `/etc/qubes/guid.conf` file is no longer used
- `qvm-run` tool got `--no-shell` option to run a single command without
  using a shell inside the qube

For a full list, including more detailed descriptions, please see here:

https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+milestone%3A%22Release+4.1%22+label%3A%22release+notes%22+is%3Aclosed

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2022/02/04/qubes-4-1-0/

--
Andrew David Wong
Community Manager
The Qubes OS Project
https://www.qubes-os.org

--
You received this message because you are subscribed to the Google Groups 
"qubes-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-announce+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-announce/0f88fd4c-4095-0bb3-4c31-30cc8aecb083%40qubes-os.org.

Reply via email to