-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 16/07/2019 9.35 AM, unman wrote: > On Sun, Jul 14, 2019 at 09:13:16PM -0500, Andrew David Wong wrote: >> On 14/07/2019 9.08 PM, Andrew David Wong wrote: >>> On 14/07/2019 8.19 AM, unman wrote: >>>> On Sat, Jul 13, 2019 at 06:40:00PM -0500, Andrew David Wong >>>> wrote: >>>>> >>>>> 1. When using the Qubes Update widget, a mgmt DisposableVM is >>>>> started. Why is that? Is it just for executing Salt commands so >>>>> that they're not executed in dom0? >>> >>>> Yes, this is standard in Qubes. >>> >>>>> >>>>> 2. How can one update a TemplateVM the way the Qubes Update >>>>> widget does? For example, when I update a Fedora TemplateVM >>>>> myself, I just execute `dnf update` in the template. I don't >>>>> start any DisposableVMs, so clearly my method of updating is >>>>> different from what the Qubes Update widget does. Is there some >>>>> kind of scriptable qubesctl command I can issue from dom0 that >>>>> does the same thing as the Qubes Update widget? >>>>> >>> >>>> The update widget calls qubesctl and runs the state file in >>>> /srv/formuals/base/update-formula/update/qubes-vm.sls >>> >>>> You can run this yourself by: qubesctl --skip-dom0 >>>> --targets=<targets> --show-output state.sls update.qubes-vm >>> >>>> Skip the "show-output" option if you want to script. >>> >>>> It's a wrapper to salts pkg.uptodate call, so you could put that >>>> in a state file yourself. >>> >>> >>> Thanks, unman. I'm not quite sure what the last sentence means. >>> Why would one want to put that in a state file oneself? >>> >> >> Could you explain what these options mean? >> >> --skip-dom0 -- The documentation doesn't really explain this. >> --targets -- Is this the qube to be updated in this case? >> > --skip-dom0 -- Doesnt try to action state in dom0. > > --targets -- You can give list of qubes to use as targets, (comma > delimited) or use keywords. 'qubesctl --templates'. >
Thanks, unman. This is helpful, but I'm still unclear on --skip-dom0. Looking at the command you provided: qubesctl --skip-dom0 --targets=<targets> --show-output state.sls update.qubes-vm What is the difference between including --skip-dom0 and excluding that option? It's counterintuitive to me that, if I *specify* a target to be acted upon using --targets, I *also* have to specify *not* to take action on a *different* target (namely dom0). >> The reason I'm asking: I've just been updating via `dnf update` (and >> similar) for a long time now, but I'm noticing that certain bug fixes >> are being implemented via Salt, and I'm worried that I might skip >> these fixes if I never update via Salt. Do you think that updating via >> qubesctl is a better idea than updating "manually," or does it not >> matter? > > I really do recommend using qubesctl for almost all system > configuration. If only because it makes recovery so much easier. > I see people saying "keep a list of packages you've installed" - if you > keep state and use salt you can rebuild your system (almost) completely > automatically. > > I think there are some cases where a configuration fix may be pushed via > salt, but in most I would expect changes to be incorporated in to an > updated package, so you would get those using a manual update. > Good to know. Thank you. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl000X0ACgkQ203TvDlQ MDD+4RAAjYpeinjlq4LRr6x6TlWW+e0fjB9XAQhlMUJrA4op1AzABy5csN7L5bHr n5+z78CbWMkHQA9LmNHa49Es939jCItk+RH8PEyVSTSsGWvZHp8dX+9kaoIbQ8cH 5ihNUIXwlglKzeKbGTTE2DgI2S6GY3pr8aO2VwOMXilygIhsWE2cygR2DI2jXlme haWIF/soHxrqGUHiXvnbhd2nwTI4Mt0RCjPct1R5L5Hq4cSHhDxioRke4htFl1zB vXRfe2NpJ0i2gUKesKqo55qo3NqKS19H9XFiHuBxasybFuXJyqKT8uhV05nwlCvb IjRgoPxzC3X6hilA0zYMQsWc7RxcZ0VfYArYuwaI0nwCLDUC8RxhtmzTj261If0i /hcHSvj2QpNtxfNnavF9ck8+8R9bn+MJdNLCEJj4BWtqwOhddOMhTwkcE9goziwx Tw8EusMQvePdBk1Bf7qqzPFLHA6P8Lr775ZRaZq+k7j8afW/VGLRH7J6Db/f0Se+ YxjWI/SoW6Mzjy8UJXg8e6vyImriBk99tDypNf2RA1QYbCIINiVRBHfnFhrDFBcX EPrCRrvDIQTyewQIx3X/uZxYjnZ7wN2xHv4rYcx7y5kCr71SVJkt6xO4qIdD3nQW 33K44GsxJ9FgAtg3dhP/PYmE8ShPtHD0VKTZRPOj8XlviWP5LtM= =aoC0 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0038bc4-c526-692b-1e6e-acf56042dc38%40qubes-os.org.
