About my amazing experience of upgrading disposablevm’s torbrowser

Qubes-Whonix
1

I encountered the problem that the disposable vm—tor browser of Qubes cannot be updated.

  1. I created a disposable vm-tamplate of type appvm

  2. Then create a disposable vm using disposable vm-tamplate as the template

  3. I think it is too troublesome to update tor every time I restart the disposable vm, so I want to update it all at once.

  4. Here comes the problem, I first choose to update in tamplateVM and set netvm to sys-whonix
    bash
    update-torbrowser, however, the update always reports an error. I want to start the tamplateVM directly. However, the qubes security mechanism cannot start the torbrowser gui in tamplateVM, so it fails.

  5. Then I thought of going to disposable vm-tamplate to update. I first unchecked disposable tamplate in the advance of disposable vm-tamplate, then updated the gui, and then closed disposable vm-tamplate. I tried opening torbrowser-gui again and found that the persistence was no problem. Then I checked disposable tamplate in advance of disposable vm-tamplate again.
    And started the torbrowser gui of disposable vm, something magical happened, it asked me to update torbrowser again.

  6. Is this my problem or a design problem? I think my logic is correct. I think the developers should make this update more convenient.

1 Like
2

What you’re doing sounds somewhat different than how update-torbrowser is designed to be used. See the documentation on how to properly update Tor Browser under Qubes-Whonix:

Most of what you’re mentioning should be addressed there.

Could you share the exact error message you get, preferably by sharing a screenshot or by typing out all of the text in the error popup?

3 Likes
3

General Advice

Tip: Be careful not to confuse Tor with Tor Browser in discussions, as this can lead to misunderstandings. Remember, the correct term is Tor, not TOR.

In Qubes, TemplateVMs are non-networked by default (Qubes upstream default) for security reasons and are typically updated through Qubes UpdatesProxy instead. For that reason, setting a NetVM for a TemplateVM is generally discouraged.

At this point, please follow the bug reporting instructions so the issue can be diagnosed properly:

If you did that because Tor Browser Updater (by Whonix developers) refused to run and showed an error message, it is best not to work around that check.

Do not run Tor Browser Downloader (by Whonix developers) in Qubes Disposable Template!

More info: https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#Running_Tor_Browser_in_Qubes_Template_or_Disposable_Template

It is not recommended to bypass this kind of warning or try to trick the system into proceeding anyway. These checks are intentionally added by developers and usually indicate something important that should be addressed first.

In general, it helps to consult the documentation before making changes that override expected safeguards.

Unfortunately, this is largely outside the control of the Whonix project. Tor Browser Updater (by Whonix developers) is already the simplest and most secure way to acquire the latest Tor Browser inside Qubes Disposables.

Technical details: Tor Browser Update: Technical Details

If you want to see the complexity involved, you can try doing it yourself: ignore Tor Browser Updater (by Whonix developers) and handle installation manually as if it did not exist.

The process would be similar to:

2 Likes
4

First of all, I would like to thank the developers for answering my questions and express my highest respect.

I am using this reference document. Just execute the following command in TempleteVM and it will be successful. I would like to reply here so that people who encounter the same problem in the future can quickly solve it.

Now I find that I can’t add links. I don’t know why. I can’t send reference documents.

bash

update-torbrowser --onion

2 Likes