-
-
Notifications
You must be signed in to change notification settings - Fork 46
-
-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Salt-based updates fail on Debian and Whonix templates when using a Debian-based mgmt VM #6642
Comments
A Fedora-based This applies to 4.0, but I think it's already fixed in 4.1. @DemiMarie, can you confirm, and you can you provide the number for that issue? |
Honestly I am not sure. |
I use debian-based VMs for everything... Maybe that is why it hasn't been reported before - most people use fedora-based mgmt VM, which might have site-packages instead of dist-packages. |
That would certainly do it! I will fix this. |
To elaborate: the problem is that Fedora has a newer version of Python, which is incompatible with the older version of Salt in Debian. Fixing this would likely require that Qubes OS either ship its own version of Salt (overriding the distribution package), or that each non-minimal TemplateVM package provide a ManagementVM based on that TemplateVM (which is what I recommend). |
Can you confirm whether this is fixed in 4.1? (I thought I recall hearing that from you, but now I'm not sure.) If so, then the question is what, if anything, to do about it in 4.0. One option is just to document the fact that a Fedora TemplateVM should be used for the |
On Wed, May 26, 2021 at 02:19:19PM -0700, Andrew David Wong wrote:
> > > This applies to 4.0, but I think it's already fixed in 4.1. @DemiMarie, can you confirm, and you can you provide the number for that issue?
> >
> >
> > Honestly I am not sure.
>
> To elaborate: the problem is that Fedora has a newer version of Python, which is incompatible with the older version of Salt in Debian. Fixing this would likely require that Qubes OS either ship its own version of Salt (overriding the distribution package), or that each non-minimal TemplateVM package provide a ManagementVM based on that TemplateVM (which is what I recommend).
Can you confirm whether this is fixed in 4.1? (I thought I recall hearing that from you, but now I'm not sure.)
If so, then the question is what, if anything, to do about it in 4.0. One option is just to document the fact that a Fedora TemplateVM should be used for the `mgmt` VM in 4.0. @marmarek, thoughts?
It's worth pointing out that airelemental neglected a crucial fact -
that they are using update-candidates.
So the system has worked well - something in testing has been found to
be wrong, and is now being fixed. It has no impact on the main release.
Two things:
1. There should be some way of flagging these cases - so that reporters and
other users know they relate to "testing".
2. There should be more testing *before* updated packages are pushed to
testing. At present, it seems restricted to "does it build". ( I
often find that changes break Ubuntu, and older Debian.)
I know this is difficult with a small team: it isn't impossible.
|
That's why the very first field in the issue template is "Qubes OS version." In this case, @airelemental wrote:
Was this a lie? |
On Thu, May 27, 2021 at 06:19:36AM -0700, Andrew David Wong wrote:
> It's worth pointing out that airelemental neglected a crucial fact - that they are using update-candidates.
> [...]
> 1. There should be some way of flagging these cases - so that reporters and other users know they relate to "testing".
That's why the very first field in the issue template is "Qubes OS version."
In this case, @airelemental wrote:
> **Qubes OS version**
> R4.0 with latest updates applied
Was this a lie?
Certainly not a lie - misleading.
It would depend on whether you interpret "latest" as "latest updates"
or "latest candidates for updates". These are different things.
Flagging such issues would enable devs to block package transition to
"updates": otherwise *many* users would encounter the problem.
|
Personally I do try to remember to indicate that I am using the testing repo when filling out a QubesOS bug report. Perhaps a reference to that can be added to the template in the first section for QubesOS version, e.g. "If using testing, security-testing or other non-default repos, please indicate which one(s) here as well." and then Andrew can tag accordingly. |
On Thu, May 27, 2021 at 07:12:20AM -0700, Brendan Hoar wrote:
Personally I do try to remember to indicate that I am using the testing repo when filling out a QubesOS bug report. Perhaps a reference to that can be added to the template in the first section for QubesOS version, e.g. "If using testing, security-testing or other non-default repos, please indicate which one(s) here as well."
Yes, this would be good, although many users wont remember after they
have enabled those repositories.
Having a Label for Testing/Proposed_update would, I think, be useful,
since there is some immediacy required in dealing with those issues.
|
Thanks for the feedback. I've updated the bug report issue template to add sections regarding testing: 0ee2cc3. Hopefully this helps.
We actually already have a procedure in place for providing feedback on packages in testing via the
Unsure what label text would be most perspicuous here. |
On Thu, May 27, 2021 at 09:25:22PM -0700, Andrew David Wong wrote:
> Personally I do try to remember to indicate that I am using the testing repo when filling out a QubesOS bug report. Perhaps a reference to that can be added to the template in the first section for QubesOS version, e.g. "If using testing, security-testing or other non-default repos, please indicate which one(s) here as well." and then Andrew can tag accordingly.
Thanks for the feedback. I've updated the bug report issue template to add sections regarding testing: 0ee2cc3. Hopefully this helps.
> Flagging such issues would enable devs to block package transition to "updates": otherwise *many* users would encounter the problem.
We actually already have a procedure in place for [providing feedback on packages in testing via the `updates-status` repo](https://www.qubes-os.org/doc/testing/#providing-feedback). I wasn't sure exactly how best to integrate this into the bug report issue template, but I figure we want to avoid a situation in which someone reports a bug here without indicating anything in `updates-status` or without linking together to their bug report here with their comment in `updates-status`, so I added an extra section specifically for this. (CC @marmarek)
> Having a Label for Testing/Proposed_update would, I think, be useful, since there is some immediacy required in dealing with those issues.
Unsure what label text would be most perspicuous here. `testing` is likely to be misused for things like writing unit tests and other work related to automated testing. Since we already have the `updates-status` repo, we could use that same name for this label, but people who don't know about `updates-status` might not make that connection. `updates-testing` might be confusing, given that we already have `C: updates`. It could be misinterpreted as testing the update system itself, but I suppose this is unlikely and the least of three evils. I'll go with this for now.
If I knew how to give a thumbs up, I would do so.
|
I also ran into this and worked around it by: Menu -> System Tools -> Qubes Template Manager default-mgmt-dvm: switched to fedora (had debian there) |
@ThomasWaldmann wrote:
Are you also on 4.0 with testing repos enabled? If so, which ones? (@airelemental, I would also like to ask these same questions of you.) @unman wrote:
To clarify, by "main release" you mean "stable release (4.0) without any testing repos enabled"? @DemiMarie wrote:
To be clear, you're saying that one of these fixes would likely be required for fixing this in 4.0, right? Regarding your second/recommended proposal, I foresee a few challenges:
|
Automated announcement from builder-github The component
|
Automated announcement from builder-github The package
Or update dom0 via Qubes Manager. |
Automated announcement from builder-github The package
|
Automated announcement from builder-github The component
|
Automated announcement from builder-github The package
Or update dom0 via Qubes Manager. |
Qubes OS version
R4.0 with latest updates applied
Affected component(s) or functionality
qubes-update-gui
qubesctl
Brief summary
qubes-update-gui
andqubesctl
fail to update debian-10 and whonix-15 templates, with obscure error.How Reproducible
Always
To Reproduce
qubes-update-gui
to upgrade any debian or whonix templateOR
sudo qubesctl --skip-dom0 --targets=debian-10-test --show-output state.sls update.qubes-vm
Expected behavior
green check mark
Actual behavior
red cross
debian-10-test: ERROR (exception list index out of range)
A workaround
disp-mgmt console says:
In disp-mgmt VM's /etc/qubes-rpc/qubes.SaltLinuxVM, there is a sed at the bottom that runs on jinga.py inside site-packages which doesn't exist in debian-10 and whonix-ws-15.
There's a dist-packages/ though, and if I replace "site-packages" by "dist-packages" in the sed, the upgrade seems to work.
Thanks to oush9 on qubes:matrix.org for troubleshooting help.
The text was updated successfully, but these errors were encountered: