Skip to content

Code reviews: Qubes update and verification story

Erik Moeller edited this page Jun 7, 2021 · 1 revision

SecureDrop Knowledge Share, 2021-06-07

Topics:

  • How are dom0 RPM updates managed in Qubes?
    • How are keys for verifying RPM signatures managed/used?
  • How does our provisioning logic manage the signing key?

Notes and links

Updating software in dom0 involves complicated machinery, in order to move data safely from package repos, via a network-connected VM, into dom0, which has no network connection.

High-level Qubes docs on this workflow can be found here:

For a deeper understanding, review code in the following files (in order):

  1. https://github.com/QubesOS/qubes-core-admin-linux/blob/release2/dom0-updates/qubes-dom0-update (L126, hop to next)
  2. https://github.com/QubesOS/qubes-core-agent-linux/blob/master/package-managers/qubes-download-dom0-updates.sh
  3. https://github.com/QubesOS/qubes-core-admin-linux/blob/release2/dom0-updates/qubes-receive-updates
Clone this wiki locally