Re: [qubes-users] Re: How to update dom0 via mirage-firewall
On 5/29/19 2:17 PM, Thomas Leonard wrote: On Wednesday, May 29, 2019 at 2:06:44 PM UTC+1, ron...@riseup.net wrote: I'm trying to get mirage-firewall as the vehicle for dom0 updates. Seemingly, it's only possible to update dom0 using sys-firewall or sys-whonix via the following settings: Qubes VM Manager -> System -> Global Settings -> UpdateVM -> sys-whonix. Anyone know how to get mirage-firewall as the default update mechanism for dom0? That won't work - the dom0 updater wants to run the shell script /usr/lib/qubes/qubes-download-dom0-updates.sh in UpdateVM, which is only going to work on a Unix-type system (mirage-firewall doesn't have any kind of shell). But you can use any Linux VM as your UpdateVM instead. https://www.qubes-os.org/doc/software-update-dom0/ says: The role of UpdateVM can be assigned to any VM in the Qubes VM Manager, and there are no significant security implications in this choice. By default, this role is assigned to the firewallvm. OK Thanks for the feedback anyway -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd3d56d0-1479-2cfb-2352-50ec8759713b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to update dom0 via mirage-firewall
On Wednesday, May 29, 2019 at 2:06:44 PM UTC+1, ron...@riseup.net wrote: > I'm trying to get mirage-firewall as the vehicle for dom0 updates. > Seemingly, it's only possible to update dom0 using sys-firewall or > sys-whonix via the following settings: Qubes VM Manager -> System -> > Global Settings -> UpdateVM -> sys-whonix. > Anyone know how to get mirage-firewall as the default update mechanism > for dom0? That won't work - the dom0 updater wants to run the shell script /usr/lib/qubes/qubes-download-dom0-updates.sh in UpdateVM, which is only going to work on a Unix-type system (mirage-firewall doesn't have any kind of shell). But you can use any Linux VM as your UpdateVM instead. https://www.qubes-os.org/doc/software-update-dom0/ says: > The role of UpdateVM can be assigned to any VM in the Qubes VM Manager, and > there are no significant security implications in this choice. By default, > this role is assigned to the firewallvm. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/00f830f5-251c-488e-a944-a5edcfa6d0a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.