Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).
It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).
So, disable this feature completely.
The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.
FixesQubesOS/qubes-issues#2621
Few reasons for this:
1. new templates use dnf to download packages, so yum.conf is unused
2. dom0 in Qubes 4.0 don't have this file at all (so sed fails here)
3. $OPTS already contains --setopt=reposdir=...
FixesQubesOS/qubes-issues#2945
When there is only console=hvc0 (i.e. no output to emulated VGA) and
GRUB_TIMEOUT is set to 0, VM startup hangs. This may be very well some
race condition broken by either of console=tty0 or GRUB_TIMEOUT > 0, but
even in such a case, apply this as a workaround for now.
This configuration isn't included twice - it's Debian post-installation
script of grub that copy settings to /etc/default/grub, which results in
parameters being duplicated. Leave it as is for now.
Add GRUB_TIMEOUT=0 for faster VM startup.
QubesOS/qubes-issues#2577
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.
QubesOS/qubes-issues#2577
glib-compile-schemas recommend naming override files with nn_ prefix,
where nn is a number. Lets use 20, to allow both higher and lower
priority files.
QubesOS/qubes-issues#1108
When `qubes-dom0-update --refresh` was called, the script checked
metadata twice - once to check updates availability, then to actually
download them. This two stage approach is needed only on Debian, when
--downloadonly option is not supported. Rearrange code accordingly.
Also, drop --doit option (ignore it), as the same (but more readable)
can be achieved with --check-only.
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.
FixesQubesOS/qubes-issues#2096
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).
This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.
Related to QubesOS/qubes-issues#1574
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.
FixesQubesOS/qubes-issues#1565
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.
FixesQubesOS/qubes-issues#1475
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.
FixesQubesOS/qubes-issues#1529
Because those services do not yet support being restarted.
Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.
See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)
Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared.
No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.)
No longer clear upgrade notification in QVMM on arbitrary package installation.
Check if upgrades have been actually installed before clearing the notifications.
https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.
QubesOS/qubes-issues#1282