Hi, I am just sharing my experience from the update mechanism process described here: http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/news/2019/01/23/qsb-46/ <http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/news/2019/01/23/qsb-46/>
Note please, that all downloads of the new patched templates were provided through fedora based VMs, to mitigate the potential compromise issue with the debian based templates and VMs based on it. Deletion of the 2018 debian-tempaltes went smooth. All worked quite smoothly, with few exceptions. I followed the guide and point 4 didnt work for me by default. As an example I update the whonix-gw-14 template here: $ sudo qubes-dom0-update \ --enablerepo=qubes-templates-community-testing \ qubes-template-whonix-gw-14 a) returned error that the testing repo isnt enabled b) after enabling it, it started download the 2108 version I worked around it in a following way in dom0: a) $ sudo nano /etc/yum.repos.d/qubes-templates.repo #now just enable [qubes-tempates-community] enabled = 1 #now just enable [qubes-tempates-community-testing] enabled = 1 In case you set up qubes to update the system through Tor, don't forget to comment out the .onion baseurl, and uncomment the clearnet baseurl and metalink respectively. b) in the table provided, I just put the qubes-template-whonix-gw-14-4.0.1-201901231238 directly to the command ans it worked well. $ sudo qubes-dom0-update \ --enablerepo=qubes-templates-community-testing \ qubes-template-whonix-gw-14-4.0.1-201901231238 This pointed to the right download of the 2019 version and prevented the 2018 version to be downloaded. For the other templates, see the table provided in the guide. Just change it and you are fine. Guide says that within 2 weeks there will be a migration of the testing content to a stable part, so there can possibly be some adjustments. Also after updating the whonix-gw-14 and whonix-ws-14 there will be no sys-whonix and anon-whonix recreated. You need to do it manually. Thanks to marmarek for the help with that! If you wish to keep your existing anon-whonix, just rename it, like anon-whonix-old. You can than transfer securely the data from the anon-whonix-old to the new one easily. If you dont rename it, the new anon-whonix will not be created with the command. The sys-whonix should be deleted already so it can be created fresh :) With following command creates the new sys-whonix and anon-whonix based on the patched 2019 template version. in dom0: sudo qubesctl state.sls qvm.anon-whonix Follow the same logic with whonix-ws-14 and debian templates. Good luck! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LX4sO4G--3-1%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
