Thank you for your time and expertise; This time it connected, but failed again. In accordance with instructions to Upgrade Template In Place at https://www.qubes-os.org/doc/template/fedora/upgrade/ ... I created a new clone from Fedora-30-work (which has all the programs and data I'd like to keep) called Fedora-31-work and set netVM to sys-firewall. In the new template Fedora-31-work terminal I ran step 3, but this time returned Curl error (35) Apparently, it connected, but timed out on mirrors.fedoraproject.org. May I again ask your advise? It shouldn't be because of my internet connection, which is pretty good (fiber to the curb). Thanks again for your help. Terminal transcript:
[user@fedora-31-work ~]$ sudo dnf clean all > 53 files removed > [user@fedora-31-work ~]$ sudo dnf --releasever=31 distro-sync --best > --allowerasing > Fedora Modular 31 - x86_64 0.0 B/s | 0 B > 03:18 > Errors during downloading metadata for repository 'fedora-modular': > - Curl error (35): SSL connect error for > https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-31&arch=x86_64 > [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to > mirrors.fedoraproject.org:443 ] > - Curl error (28): Timeout was reached for > https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-31&arch=x86_64 > [Operation timed out after 30000 milliseconds with 0 out of 0 bytes > received] > - Curl error (28): Timeout was reached for > https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-31&arch=x86_64 > [Operation timed out after 30001 milliseconds with 0 out of 0 bytes > received] > Error: Failed to download metadata for repo 'fedora-modular': Cannot > prepare internal mirrorlist: Curl error (28): Timeout was reached for > https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-31&arch=x86_64 > [Operation timed out after 30000 milliseconds with 0 out of 0 bytes > received] > [user@fedora-31-work ~]$ > On Tue, May 26, 2020 at 3:45 PM Sven Semmler <s...@svensemmler.org> wrote: > > The purist idea is: > > - templates are never connected to a netvm > - you never run any programs in a template (except dnf) > > Your actual issue above can be solved by temporarily giving your template > sys-firewall as a netvm for update process. My reading is that the > upgrade process needs to accress mirrors.fedoraproject.org and can't do > so through the UpdateProxy. > > This is maybe a security risk, but a rather small one from my > perspective. But I don't know you thread model, nor which attacks this > would enable. > > If you go this way, don't forget to remove the netvm access again after > the upgrade. > > /Sven > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CADWGf5DHcGkvmyjJAQD4AdGo3cbs5V-YVn-YNUTMGJm_dP0Shw%40mail.gmail.com.
