On Sun, Jul 14, 2019 at 09:13:16PM -0500, Andrew David Wong wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 14/07/2019 9.08 PM, Andrew David Wong wrote: > > On 14/07/2019 8.19 AM, unman wrote: > >> On Sat, Jul 13, 2019 at 06:40:00PM -0500, Andrew David Wong > >> wrote: > >>> > >>> 1. When using the Qubes Update widget, a mgmt DisposableVM is > >>> started. Why is that? Is it just for executing Salt commands so > >>> that they're not executed in dom0? > > > >> Yes, this is standard in Qubes. > > > >>> > >>> 2. How can one update a TemplateVM the way the Qubes Update > >>> widget does? For example, when I update a Fedora TemplateVM > >>> myself, I just execute `dnf update` in the template. I don't > >>> start any DisposableVMs, so clearly my method of updating is > >>> different from what the Qubes Update widget does. Is there some > >>> kind of scriptable qubesctl command I can issue from dom0 that > >>> does the same thing as the Qubes Update widget? > >>> > > > >> The update widget calls qubesctl and runs the state file in > >> /srv/formuals/base/update-formula/update/qubes-vm.sls > > > >> You can run this yourself by: qubesctl --skip-dom0 > >> --targets=<targets> --show-output state.sls update.qubes-vm > > > >> Skip the "show-output" option if you want to script. > > > >> It's a wrapper to salts pkg.uptodate call, so you could put that > >> in a state file yourself. > > > > > > Thanks, unman. I'm not quite sure what the last sentence means. > > Why would one want to put that in a state file oneself? > > > > Could you explain what these options mean? > > --skip-dom0 -- The documentation doesn't really explain this. > --targets -- Is this the qube to be updated in this case? > --skip-dom0 -- Doesnt try to action state in dom0.
--targets -- You can give list of qubes to use as targets, (comma delimited) or use keywords. 'qubesctl --templates'. > The reason I'm asking: I've just been updating via `dnf update` (and > similar) for a long time now, but I'm noticing that certain bug fixes > are being implemented via Salt, and I'm worried that I might skip > these fixes if I never update via Salt. Do you think that updating via > qubesctl is a better idea than updating "manually," or does it not > matter? I really do recommend using qubesctl for almost all system configuration. If only because it makes recovery so much easier. I see people saying "keep a list of packages you've installed" - if you keep state and use salt you can rebuild your system (almost) completely automatically. I think there are some cases where a configuration fix may be pushed via salt, but in most I would expect changes to be incorporated in to an updated package, so you would get those using a manual update. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190716143509.u3e4st4shagi3tiu%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
