QubesOS
Inform about TemplateVM shutdown after update
Qubes OS release
4.2.2 (R4.2)
Brief summary
Updater shuts down TemplateVMs without warning after update.
Steps to reproduce
Successfully update a TemplateVM until you are guided into the following window
Expected behavior
The UI should at least inform about imminent shutdowns. Being able to see and adjust the actions applied to each individual VM that was affected by the update would be even better.
Actual behavior
As seen in the image above, the UI does not inform about the looming shutdown of the updated VM. Instead, it informs about imminent AppVM actions only (with https://github.com/QubesOS/qubes-issues/issues/9024 adjusting the wording to cover not only their restarts but also shutdowns, which depend on the type of AppVM).
The explicit mention of no restarts in the case of updated TemplateVMs (without any updated AppVMs), potentially misleads the user into thinking that no shutdowns are applied either.
Additional notes
Rather recently there was a similar issue in which the shutdown of TemplateVMs is described as intentional https://github.com/QubesOS/qubes-issues/issues/9024#issuecomment-2048911680. However, this is not communicated via the UI and the fix for that issue (https://github.com/QubesOS/qubes-desktop-linux-manager/pull/188/files) does not seem to cover any changes regarding the handling of TemplateVMs, as they were not the focus of that issue.
I chose to submit this as a "bug" because of the (subjectively perceived) misleading character. Please feel free to convert it into an "enhancement" if you disagree.
Just for context: Setting in which this issue was encountered
I used/misused a TemplateVM to setup a ZFS pool and ran it in the background to provide an AppVM A with a LUKS encrypted zvol block storage device, without A being aware of its ZFS nature. Within A this device was decrypted and the resulting (decrypted) block storage device attached to AppVM B. The automatic shutdown of the TemplateVM after its update may have resulted in a premature device destruction, which I will now investigate further.
I'm aware that this is not the purpose of TemplateVMs, but they seemed best suited, as ZFS must keep state outside of the home directory, so an AppVM can't be used. I considered a Standalone VM, but automatically being able to access Debian repositories while still having any other networking disabled was too tempting.
PR Submitted
Review priority: low
Looking at qubes-vm-update which is responsible for upgrading TemplateVMs in background, it does the shutdown after successful update. Only a note has to be added to Qubes OS Update GUI intro page (at the bottom):
@marmarta Just recognized recent good first issue markings of some of the issues. I guess it is better to avoid consuming all of them and leave some for new contributors. I will advertise them on forum.