/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installing and updating software in VM: the startup script remains disabled #2770

Closed
Sen-Dion opened this Issue Apr 23, 2017 · 5 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
5 participants
@Sen-Dion @marmarek @unman @qubesos-bot @andrewdavidwong
@Sen-Dion

Sen-Dion commented Apr 23, 2017

Qubes OS version: 3.2.

Affected appVMs are based on: fedora-23.

1. Topology

my-experiment is a node in the following topology:

my-experiment <==> switch-firewall <==> sys-firewall <==> sys-net

The details of each VM node:

VM VM type NetVM setting
my-experiment appVM switch-firewall
switch-firewall proxyVM sys-firewall
sys-firewall proxyVM sys-net
sys-net netVM N/A

2. Use case

An experimental installation and configuration may take place to test and troubleshoot software before it is fully deployed. During this period, the tester mitigates user errors like using browser.

3. Expected behavior

AppVM should receive the benefits of the qubes updates proxy so updates can proceed as usual.

4. Actual behavior

AppVM updates are blocked.

5. How to reproduce

  1. Use Qubes VM Manager to create my-experiment appVM based on fedora-23 template, where switch-firewall is set as the netVM.
  2. Select my-experiment in "Qubes VM Manager", then click on "Edit VM firewall rules" icon in the toolbar. Select "Deny network access except . . ." radio button. Remove check mark from all check boxes. Place check mark on the "Allow connection to Updates Proxy" check box. Click "OK" button.
  3. Start my-experiment terminal. Try to install rpm package: sudo dnf install lsscsi. Installation fails with an error: "Failed to synchronize cache for repo 'qubes-vm-r3.2-current'". Shutdown the VM: poweroff.
  4. Select my-experiment in "Qubes VM Manager", then click on "Edit VM firewall rules" icon in the toolbar. Remove check mark from the "Allow connection to Updates Proxy" check box. Click "OK" button.
  5. Select my-experiment in "Qubes VM Manager", then click on "Edit VM firewall rules' in the toolbar. Place check mark on the "Allow connection to Updates Proxy" check box. Click "OK" button.
  6. Start my-experiment terminal. Try to install rpm package: sudo dnf install lsscsi. Installation fails with an error: "Failed to synchronize cache for repo 'qubes-vm-r3.2-current'". Shutdown the VM: poweroff.
  7. Select my-experiment in "Qubes VM Manager", then click on "VM Setting" icon in the toolbar. Click on "Services" tab. Remove check mark from the "yum-proxy-setup" check box. Click "OK" button.
  8. Select my-experiment in "Qubes VM Manager", then click on "VM Setting" icon in the toolbar. Click on "Services" tab. Place check mark on the "yum-proxy-setup" check box. Click "OK" button.
  9. Start my-experiment terminal. Try to install rpm package: sudo dnf install lsscsi. Installation succeeds. Shutdown the VM: poweroff.

6. Observation of yum-proxy-setup service

6.1. qvm-service report

List services by running qvm-service command:

dom0$ qvm-service -l my-experiment

After the step 2, yum-proxy-setup is not present.
After the step 5, yum-proxy-setup is not present.
After the step 8, yum-proxy-setup is present and enabled.

6.2. Services tab report

Select my-experiment in "Qubes VM Manager", then click on "VM Setting" icon in the toolbar. Click on "Services" tab.
After the step 2, yum-proxy-setup is not present.
After the step 5, yum-proxy-setup is present and has a check mark beside it.
After the step 8, yum-proxy-setup is present and has a check mark beside it.

7. General notes

7.1. Update documentation

User places check mark on the "Allow connection to Updates Proxy" check box. Does this action enable "yum-proxy-setup" service? Please, clarify it in [1].

7.2. Fix Services Tab

Regardless of the answer to 7.1, the Services Tab incorrectly displays the status of "yum-proxy-setup" service after the step 5. Please, fix this problem.

8. References

[1] https://www.qubes-os.org/doc/software-update-vm/#updates-proxy

@andrewdavidwong andrewdavidwong added bug C: core C: doc C: qubes-manager labels Apr 23, 2017

@andrewdavidwong andrewdavidwong added this to the Release 3.2 updates milestone Apr 23, 2017

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Apr 23, 2017

Member
Member

marmarek commented Apr 23, 2017

@unman

This comment has been minimized.

Show comment
Hide comment
@unman

unman Apr 23, 2017

Member

@marmarek But, (and I've just confirmed this), as @Sen-Dion points out, selecting "Allow connection to Updates Proxy", puts an entry on the Services tab, but doesn't actually enable the service. No matter how many restarts, the service doesn't get enabled.
Member

unman commented Apr 23, 2017

@marmarek But, (and I've just confirmed this), as @Sen-Dion points out, selecting "Allow connection to Updates Proxy", puts an entry on the Services tab, but doesn't actually enable the service. No matter how many restarts, the service doesn't get enabled.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Apr 23, 2017

Member

Ah, sorry, you're right.
Member

marmarek commented Apr 23, 2017

Ah, sorry, you're right.

@marmarek marmarek closed this Apr 24, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot May 31, 2017

Automated announcement from builder-github

The package qubes-manager-3.2.12-1.fc23 has been pushed to the r3.2 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented May 31, 2017

Automated announcement from builder-github

The package qubes-manager-3.2.12-1.fc23 has been pushed to the r3.2 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r3.2-dom0-cur-test label May 31, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status May 31, 2017

Closed

manager v3.2.12 (r3.2) #65

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 11, 2017

Automated announcement from builder-github

The package qubes-manager-3.2.12-1.fc23 has been pushed to the r3.2 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

qubesos-bot commented Jul 11, 2017

Automated announcement from builder-github

The package qubes-manager-3.2.12-1.fc23 has been pushed to the r3.2 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

@qubesos-bot qubesos-bot added r3.2-dom0-stable and removed r3.2-dom0-cur-test labels Jul 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment