Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qubes-dom0-update --refresh --check-only fails when using Whonix #9212

Closed
DemiMarie opened this issue May 10, 2024 · 8 comments · Fixed by QubesOS/qubes-core-agent-linux#502
Closed

qubes-dom0-update --refresh --check-only fails when using Whonix #9212

DemiMarie opened this issue May 10, 2024 · 8 comments · Fixed by QubesOS/qubes-core-agent-linux#502
Labels
affects-4.2 This issue affects Qubes OS 4.2. backport pending On closed issues, indicates fix released for newer version will be backported to older version. C: updates diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.

Comments

@DemiMarie
Copy link

How to file a helpful issue

Qubes OS release

R4.2 with all testing updates enabled.

Brief summary

The GUI update tool cannot update dom0, complaining about a bad GPG signature on the metadata. qubes-dom0-update works, as does the update.qubes-dom0 Salt state.

Steps to reproduce

Update dom0 via the GUI.

Expected behavior

Works

Actual behavior

Fails
@DemiMarie DemiMarie added T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels May 10, 2024
@marmarek
Copy link
Member

Please be more specific - provide exact error message you got

@DemiMarie
Copy link
Author 

Updating dom0...
dom0 does not support in-progress update information.
Using sys-whonix as UpdateVM to download updates for Dom0; this may take some time...
Checking for dom0 updates...
Importing GPG key 0x8E34D89F:
 Userid     : "Qubes OS Release 4.2 Signing Key"
 Fingerprint: 9C88 4DF3 F810 64A5 69A4 A9FA E022 E58F 8E34 D89F
 From       : /var/lib/qubes/dom0-updates/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-primary
Error: Failed to download metadata for repo 'qubes-dom0-current': repomd.xml GPG signature verification error: Bad GPG signature
Failed to check for dom0 updates

@andrewdavidwong andrewdavidwong added needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. C: updates affects-4.2 This issue affects Qubes OS 4.2. C: manager/widget labels May 10, 2024
@marmarek
Copy link
Member

Does it happen every time, or was it one time network glitch?
I cannot reproduce it. And also, the GUI updater literally calls qubes-dom0-update, so it's weird one works for you but not the other.
Do you have any usual configuration?

@DemiMarie
Copy link
Author

The bug reproduced twice, but I think this may have been a combination of Tor being slow to start and truncated downloads being mishandled.

@DemiMarie
Copy link
Author

Happened a third time today. Maybe some flag passed to qubes-dom0-update causes problems?

@DemiMarie
Copy link
Author

I managed to reproduce this without the GUI. sudo qubes-dom0-update works, while qubes-dom0-update --check-only fails with the error mentioned in the initial report.

@DemiMarie DemiMarie changed the title qubes-dom0-update and Salt can update dom0, but GUI cannot qubes-dom0-update --refresh --check-only fails when using Whonix May 25, 2024
@DemiMarie
Copy link
Author

Does it happen every time, or was it one time network glitch? I cannot reproduce it. And also, the GUI updater literally calls qubes-dom0-update, so it's weird one works for you but not the other.

Can you try qubes-dom0-update --refresh --check-only when updating over Tor?

DemiMarie added a commit to DemiMarie/qubes-core-agent-linux that referenced this issue May 25, 2024
@DemiMarie
Always pass -y to DNF when downloading dom0 updates
ac704ee 
When downloading updates for dom0, DNF's stdin is not connected to any
terminal, so it makes no sense for DNF to ever prompt for interactive
confirmation.  By default, DNF would prompt for confirmation before
importing a metadata signing key, causing breakage.

This change fixes 'qubes-dom0-update --check-only' using sys-whonix as
UpdateVM.

Fixes: QubesOS/qubes-issues#9212
@DemiMarie DemiMarie mentioned this issue May 25, 2024
Merged
@DemiMarie
Copy link
Author

I’m not sure why this didn’t cause a problem for other people, but I do have a fix.

@DemiMarie DemiMarie added diagnosed Technical diagnosis has been performed (see issue comments). pr submitted A pull request has been submitted for this issue. and removed needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. labels May 25, 2024
@qubesos-bot qubesos-bot mentioned this issue May 26, 2024
Open
@DemiMarie DemiMarie added the backport pending On closed issues, indicates fix released for newer version will be backported to older version. label May 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-4.2 This issue affects Qubes OS 4.2. backport pending On closed issues, indicates fix released for newer version will be backported to older version. C: updates diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Always pass -y to DNF when downloading dom0 updates DemiMarie/qubes-core-agent-linux
3 participants
@marmarek @DemiMarie @andrewdavidwong