enable onion apt repository by default for Qubes /etc/apt/sources.list.d/qubes-r4.list

i just have discovered that Qubes has already their onion repo and its working , better to use it than the HTTP one.


Edit by Patrick:

Related…

Hi @nurmagoz

Comments to use Qubes onion repositories was Patricks idea. The commits where recently pushed to Qubes stable.

https://github.com/QubesOS/qubes-issues/issues/2623

And instructions added to the wiki.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onionizing_Repositories

However, Whonix/Tor is not used by all Qubes users. Maybe a small subset of users and any patches would have to be approve by Qubes devs. Unfortunately I don’t think that is likely to happen.

1 Like

just enabling it by default , its enough from our side.

We could enable the Qubes onion by default in Qubes-Whonix only. Not too
easy since the file is owned by Qubes, not Whonix. So whonix-repository
would need some if/else Qubes and add the onion.

But not exclusively onion sources by default. That is another ticket:

use onion sources list exclusively for apt-get updating by default
https://phabricator.whonix.org/T812

Hi zerop

The Whonix forum does not have PM enabled.

Also please don’t cross post asking Whonix developers for help. If someone has an answer to your question they will let you know. Please be patient.

1 Like

another reason to keep active only onion and/or https repos:

(Whonix http repo included)

1 Like

for debian security https we can use:
deb https://deb.debian.org/debian-security stretch/updates main
qubes onion has this issue:
https://github.com/QubesOS/qubes-issues/issues/2604#issuecomment-330423579though its possible to make deb.qubes repo going through https:
deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm stretch main

Edit: we can allow onion qubes repo inside Whonix, but Qubes itself might use only https. (which is still better than the http)

@Patrick shall i ticket this to phabricator or no need?

TNT BOM BOM:

for debian security https we can use:

deb https://deb.debian.org/debian-security stretch/updates main

Made a note here:

https://phabricator.whonix.org/T721

1 Like