I installed qubes 4, installed whonix 14 then tried to update the whonix templates by manually opening up konsole but I get errors and it then does not update. I have sys-whonix as my update vm in the global settings. other templates that are using sys-whonix, like debian9, are updating. whonix DOES update via the qubes manager update option but still not manually via the console. I can’t make sense of this. I posted the output of updates via terminal for whonix template, trying update from within sys-whonix, and in deb9 templates here https://pastebin.com/8FZhVc5J
help!
Transient issue?
Hi McJack
I had a similar exactly the same problems you are reporting when I first upgraded to Qubes-R4. Updates in Qubes-R4 are done differently than in Qubes-R3.2
- Qubes Global setting for UpdateVM only apply to updates for Dom0 (not TemplateVMs)
- TemplateVMs do not use network connections for updates. They use
RPC/qrexec. Set the NetVM for all Templates as none.
qvm-prefs <some_templatevm> netvm "" - To configure updates for your TemplateVMs
1. In dom0, open your qubes-rpc qubes.UpdatesProxy configuration file in a text editor.
sudo nano /etc/qubes-rpc/policy/qubes.UpdatesProxy
2. Configure all Whonix and TemplateVMs to use sys-whonix for updates. Your configuration file should look similar to this.
##any VM with tag `whonix-updatevm` should use `sys-whonix`; this tag is added to `whonix-gw` and `whonix-ws` during installation and is preserved during template clone
$tag:whonix-updatevm $default allow,target=sys-whonix
$tag:whonix-updatevm $anyvm deny
##other templates use sys-whonix
$type:TemplateVM $default allow,target=sys-whonix
$anyvm $anyvm deny
https://qubes-os.org/doc/software-update-vm/#technical-details-r40
1 Like