-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2018-01-14 15:51, Marek Marczykowski-Górecki wrote: > Hi, > > I'm testing upgrade process for QSB37 patches for R3.2[1]. And it > isn't straightforward, mostly because of major Xen upgrade > (4.6->4.8). What I have currently: > > 1. Execute `sudo qubes-dom0-update`, but when prompted for > confirmation, abort (answer `n`). 2. Shutdown all the VMs 3. Run > `sudo dnf update` in dom0. Note, after this step (until you restart > the system), most qvm-* tools will stop working. 4. Restart the > system > > As you can see, after updating Xen but before restarting the > system, things are broken. This include inability to cleanly > restart the system if any VM remain running. > > Having manual procedure may be an option for "security-testing" > repository, but IMO it would be bad for "current" repository, > especially for "stable" and "long term support" release. I think we > shouldn't assume that _every_ Qubes user read qubes-announce (or > other announcement channel) frequent enough. Such system breakage > would be unpleasant surprise for anyone just applying stable > (non-testing) updates. > > Currently, I'm trying to abort the upgrade if any VM is running. > And display this: > > ***** USER ACTION REQUIRED ***** Major Xen upgrade detected (4.6 -> > 4.8) and some VMs are running. Please shutdown all of them, then > resume the process by executing 'sudo dnf update' from dom0 > console > > But still not sure if that's the right thing to do. Maybe we > shouldn't put such upgrades to the stable r3.2 repository at all, > and require users to manually initiate such upgrade? There was a > suggestion to name an updated version as r3.3 (which means separate > repository). But this technically would also break our promise to > keep "R3.2" supported at least 1 year after final 4.0 release. And > I can see how people may be afraid of "major" upgrade of a > production system. > > Related: https://github.com/QubesOS/qubes-issues/issues/3430 > "Mechanism to notify users when critical action is required" > > [1] https://github.com/QubesOS/qubes-issues/issues/3460 >
I agree that: 1. We should keep our promise to support R3.2 for a full year after the release of R4.0 stable. 2. We should not force R3.2 users to install an upgrade that may break their stable installations. 3. We should not expect every Qubes user to be subscribed to the mailing lists, website, or social media or regularly check them for announcements. Users who test betas and release candidates are more likely to be on the mailing lists and see announcements, but users who choose to stay with a stable release may be less likely to receive communications from us. I think the best solution is to display the "user action required" message (we can work on a more verbose version) whenever the user runs qubes-dom0-update (at the very least), but do not take any action pertaining to this special upgrade unless the user agrees. The user should be able to see the message, decline the special upgrade (or refrain from taking the steps required to initiate it), and complete qubes-dom0-update normally. This is important, because even if the user wants to perform the special upgrade, she must be allowed to decline it initially so that she has a chance to save work and make backups before any potentially breaking changes are introduced to the system. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpb2WoACgkQ203TvDlQ MDDt+BAAx1Oty+yDbai93Jk1XnlJlHXd5oK7WvF71yIRWb+XSzlpG4/M+flMx/TT T5Sm8bPDER72ZlFJMP9fuOp187Nrmrpp6zai9Z0l8O6j/Aqgq1t5WQ8DVSQPH9Ts zl1HldrE9U+K0Yv8dqeZ7qT04dqf+xRoFCb2VnlWHnocZjrImCPMeRzCZG4AJl83 e8J5+r3ZvkT1NlDZDT1DDwY5rS/2bz50FOPfuGsKeISC5lT2fws8zuzwzTMPY6zq QHZwtLOocjBIFTFPbxWUmEr/YxeTCVc9ukSdidXvj1raRejhn9NGWp+2PQUDlXbg FnaRG28q4ww2UY5I1P1gWkC7BKMYk6XKYtbVQn34XolwR7Iy6lhNMEHnA4iS4bFb LTa9k2g105H4TF8eIxN3uo8ouBGqo9nIkziisbGNit2zAr9/HSklDi6Ig013+0im 2fQqE6J8kJEMalOQs8KlSwmyFv5kAn9qmDi/8ZzhdFlTWfLWjIC3uxC/1EFFfugM oUkj5QdxpfBO2WOr/4G+xmJW2wdYuxxlDwb9bB/xHFso2XCsakqIaIljrbv2BKpW OMyJoWdYPOogd0EpumWELDX1RSIbJcckWjlGYJ1RkkQ2dtLDbtTlg6MAulj+MlO1 CCFd1eFdED8CeuLqnKLNrJnrKn1ua1g1Qtll7H+ivZA3Et4oXcE= =cEF0 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/27f1a6b0-f5ee-e683-b012-558f721806ed%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.