[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-users
Subject: Re: [EXT] Re: [qubes-users] qubes-dom0-update (https://github.com/QubesOS/qubes-issues/issues/6581)
From: Ulrich Windl <Ulrich.Windl () rz ! uni-regensburg ! de>
Date: 2021-05-26 16:32:58
Message-ID: f631b00b-5867-25c4-0e2c-d3ca2da308f3 () rz ! uni-regensburg ! de
[Download RAW message or body]
On 5/26/21 5:23 PM, unman wrote:
> On Wed, May 26, 2021 at 04:22:39PM +0200, Ulrich Windl wrote:
> > Hi!
> >
> > I know that the issue is marked fixed already, but I wonder if there should
> > have been some more popular notice for this surprising change in the update
> > mechanism.
> >
> > Today I saw there (before installing updates):
> > [master@dom0 ~]$ sudo qubes-dom0-update
> > Using sys-firewall as UpdateVM to download updates for Dom0; this may take
> > some time...
> > warning: Converting database from bdb to sqlite backend
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
> > OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
> > OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
> > OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
> > Configuration: OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
> > Configuration: OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
> > Configuration: OptionBinding with id "failovermethod" does not exist
> > Warning: Enforcing GPG signature check globally as per active RPM security
> > policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this message)
> >
> > Today's updates were:
> > pm-plugin-systemd-inhibit-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
> > CEST
> > rpm-plugin-selinux-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
> > CEST
> > qubes-rpm-oxide-0.2.2-1.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
> > CEST
> > qubes-mgmt-salt-dom0-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:19 PM
> > CEST
> > qubes-core-dom0-linux-kernel-install-4.0.30-1.fc25.x86_64 Wed 26 May 2021
> > 03:34:19 PM CEST
> > qubes-core-dom0-linux-4.0.30-1.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
> > CEST
> > python3-rpm-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
> > CEST
> > python2-rpm-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
> > CEST
> > rpm-sign-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM
> > CEST
> > rpm-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM
> > CEST
> > rpm-build-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM
> > CEST
> > rpm-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM
> > CEST
> > qubes-mgmt-salt-config-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:12 PM
> > CEST
> > qubes-mgmt-salt-base-config-4.0.2-1.fc25.noarch Wed 26 May 2021 03:34:12 PM
> > CEST
> > qubes-mgmt-salt-base-4.0.4-1.fc25.noarch Wed 26 May 2021 03:34:12 PM
> > CEST
> > qubes-mgmt-salt-admin-tools-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:12 PM
> > CEST
> > qubes-mgmt-salt-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:12 PM
> > CEST
> >
> > When re-trying after those updates, (most of) the message is still there:
> > Using sys-firewall as UpdateVM to download updates for Dom0; this may take
> > some time...
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
> > OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
> > OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
> > OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
> > Configuration: OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
> > Configuration: OptionBinding with id "failovermethod" does not exist
> > Invalid configuration value: failovermethod=priority in
> > /var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
> > Configuration: OptionBinding with id "failovermethod" does not exist
> > Warning: Enforcing GPG signature check globally as per active RPM security
> > policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this message)
> > Last metadata expiration check: 0:41:44 ago on Wed May 26 15:33:47 2021.
> > Dependencies resolved.
> > =========================================================================================
> > Package Arch Version Repository
> > Size
> > =========================================================================================
> > Upgrading:
> > python2-rpm x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 118 k
> > python3-rpm x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 118 k
> > qubes-core-dom0-linux x86_64 4.0.30-1.fc25
> > qubes-dom0-current 54 k
> > qubes-core-dom0-linux-kernel-install x86_64 4.0.30-1.fc25
> > qubes-dom0-current 14 k
> > qubes-mgmt-salt noarch 4.0.25-1.fc25
> > qubes-dom0-current 11 k
> > qubes-mgmt-salt-admin-tools noarch 4.0.25-1.fc25
> > qubes-dom0-current 23 k
> > qubes-mgmt-salt-base noarch 4.0.4-1.fc25
> > qubes-dom0-current 23 k
> > qubes-mgmt-salt-base-config noarch 4.0.2-1.fc25
> > qubes-dom0-current 16 k
> > qubes-mgmt-salt-config noarch 4.0.25-1.fc25
> > qubes-dom0-current 27 k
> > qubes-mgmt-salt-dom0 noarch 4.0.25-1.fc25
> > qubes-dom0-current 12 k
> > rpm x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 531 k
> > rpm-build-libs x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 137 k
> > rpm-libs x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 325 k
> > rpm-plugin-selinux x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 68 k
> > rpm-plugin-systemd-inhibit x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 69 k
> > rpm-sign-libs x86_64 4.14.2.1-5.fc25
> > qubes-dom0-current 71 k
> > Installing dependencies:
> > qubes-rpm-oxide x86_64 0.2.2-1.fc25
> > qubes-dom0-current 138 k
> >
> > Transaction Summary
> > =========================================================================================
> > Install 1 Package
> > Upgrade 16 Packages
> >
> > Total size: 1.7 M
> > DNF will only download packages for the transaction.
> > Downloading Packages:
> > [SKIPPED] qubes-rpm-oxide-0.2.2-1.fc25.x86_64.rpm: Already downloaded
> >
> > [SKIPPED] python2-rpm-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded
> >
> > [SKIPPED] python3-rpm-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded
> >
> > [SKIPPED] qubes-core-dom0-linux-4.0.30-1.fc25.x86_64.rpm: Already downloaded
> > [SKIPPED] qubes-core-dom0-linux-kernel-install-4.0.30-1.fc25.x86_64.rpm:
> > Already downloaded
> > [SKIPPED] qubes-mgmt-salt-4.0.25-1.fc25.noarch.rpm: Already downloaded
> >
> > [SKIPPED] qubes-mgmt-salt-admin-tools-4.0.25-1.fc25.noarch.rpm: Already
> > downloaded
> > [SKIPPED] qubes-mgmt-salt-base-4.0.4-1.fc25.noarch.rpm: Already downloaded
> > [SKIPPED] qubes-mgmt-salt-base-config-4.0.2-1.fc25.noarch.rpm: Already
> > downloaded
> > [SKIPPED] qubes-mgmt-salt-config-4.0.25-1.fc25.noarch.rpm: Already
> > downloaded
> > [SKIPPED] qubes-mgmt-salt-dom0-4.0.25-1.fc25.noarch.rpm: Already downloaded
> > [SKIPPED] rpm-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded
> >
> > [SKIPPED] rpm-build-libs-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded
> >
> > [SKIPPED] rpm-libs-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded
> >
> > [SKIPPED] rpm-plugin-selinux-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded
> > [SKIPPED] rpm-plugin-systemd-inhibit-4.14.2.1-5.fc25.x86_64.rpm: Already
> > downloaded
> > [SKIPPED] rpm-sign-libs-4.14.2.1-5.fc25.x86_64.rpm: Already downloaded
> >
> > Complete!
> > The downloaded packages were saved in cache until the next successful
> > transaction.
> > You can remove cached packages by executing 'dnf clean packages'.
> > Qubes OS Repository for Dom0
> >
> > 33 MB/s | 34 kB 00:00
> >
> > So (as it seems) I'll have to follow
> > https://github.com/QubesOS/qubes-issues/issues/6581
> > Unfortunately
> > https://github.com/QubesOS/qubes-issues/issues/6581#issuecomment-832121456
> > is not really helpful: Where is that configuration file? Specifically
> > /var/lib/qubes/dom0-updates/ does not exist after running the update
> > command.
> >
> > So what's the status?
> >
> > Regards,
> > Ulrich
> >
>
> The changes consequent on hardening of the rpm update mechanism were
> poorly handled.
> The changes consequent to upgrading the updateVM to fedora-33 were
> warnings, and the solution was signalled in the warning message.
> (see 'gpgcheck' in dnf.conf(5) for how to squelch this message)
> Very few users seem to have a) read that message, or b) tried to do what
> it said.
Sorry, but I feel stupid:
Even after removing any failovermethod line from
/var/lib/qubes/dom0-updates/etc/yum.repos.d/* in sys-firewall, those
lines were re-added next time when I had run qubes-dom0-update in Dom0.
Same for adding localpkg_gpgchgeck.
> You have to look at the manpage in the updateVM (since that is where the
> warning is coming from) and apply the solution in dom0. This isnt
> intuitive unless you know about the Qubes dom0 update mechanism.
It wasn't obvious to me that the command output came from sys-firewall
(UpdateVM), sorry.
The comment cited earlier reads: "This is harmless. The fix is simply to
delete those lines from the configuration in dom0."
I still feel stupid.
Regards,
Ulrich
>
--
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/f631b00b-5867-25c4-0e2c-d3ca2da308f3%40rz.uni-regensburg.de.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic