Qubes OS daily canary package

[adubois]

Qubes OS version: 4.x, 3.x

Affected component(s): qubes-linux-dom0-update, qubes-dom0-current repository

---

Feature request: Qubes OS Daily canary package

---

Context: An adversary is preventing a Qubes OS system from being updated

• with the objective to exploit it (i.e. following/in prevision of/ a major Xen vulnerability)
• by for example DNS redirection, pointing to a mirror of yum.qubes-os.org which does not serve new packages
• note that the system admin may not make use of Tor (i.e. not concerned with his privacy, also a target: i.e. Cisco iOS developer...)

Counter measure: Qubes OS daily canary package

Package which would be consumed by qubes-dom0-update to alert the user/administrator

• In case of version mismatch for a given package
• In case of non reception of the canary package after 2 days
  Package would contain:
• list of packages and their version
• time stamp

Other benefit

qubes-dom0-update could try to clean-up activities and retry, addressing some client side bug related to package management which were preventing updates from being processed.

Alternative option

• To decrease load on central infrastructure (if this is a problem), other distribution vector could be explored (i.e. github).
• Release at fixed date, with emergency release via security announcement (not as strong).

---

Related issues: