Qubes-Whonix 14 SaltStack state files - Testers Wanted!

Qubes ticket:

Available for Qubes current-testing.

1 Like

Please first Operating System Software and Updates as usual since many fixes are in the repository such as Tor Browser in DispVM preinstallation.


This one every tester might like to test.

Installs ‘anon-whonix’ AppVM.

sudo qubesctl state.sls qvm.anon-whonix

This one every tester might like to test.

Installs ‘whonix-ws-dvm’ AppVM as a base for Disposable VMs.

sudo qubesctl state.sls qvm.whonix-ws-dvm

This depends on your personal preference.

Setup UpdatesProxy to always use sys-whonix all TemplateVMs are upgraded over Tor.

sudo qubesctl state.sls qvm.updates-via-whonix

( Dev/Qubes - Whonix )

1 Like

Updated to latest testing and sudo qubesctl state.sls qvm.anon-whonix and sudo qubesctl state.sls qvm.whonix-ws-dvm work now.

sudo qubesctl state.sls qvm.updates-via-whonix is still glitchy. For example, if the first line of qubes.UpdatesProxy is $type:TemplateVM $default allow,target=sys-net, running the Salt command results in it prepending $type:TemplateVM $default allow,target=sys-whonix to the file. It’s first match so technically will work, but not very clean.

Is there also a Salt command to update sys-whonix to 14, or does that just need a template change to whonix-gw-14?

What would you suggest?

Related:

Can Salt search for the first (not commented out) $type:TemplateVM $default allow,target= in the file, then update it instead? Not really sure of its capabilities.

I confirmed qubesctl state.sls qvm.anon-whonix will create a sys-whonix with the -14 template if it does not already exist, but not update it to -14 if it does. Guess this would be difficult to automate because it would have to search out everything set to use the old sys-whonix and temporarily disable it before it could update to new.

I guess so. Could you open a qubes-issue please?

What about salt commenting out the offending ones rather then keeping them?

You mean this one…?


Added Whonix settings to Qubes base file versions:

1 Like
1 Like