Since few days I receive errors when trying to update Whonix GW.
(see below the logs).
Also, can someone explain me whether I should use apt autoremove, or not? The logs suggest I do, but I can remember it broke Whonix some months ago when someone did that.
Thanks for the help!
user@host:~$ sudo apt-get update && sudo apt-get dist-upgrade
Hit:1 http://security.debian.org stretch/updates InRelease
Hit:2 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch InRelease
Ign:3 http://ftp.us.debian.org/debian stretch InRelease
Hit:4 http://deb.whonix.org stretch InRelease
Hit:5 http://ftp.us.debian.org/debian stretch Release
Err:7 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease
SOCKS proxy socks5h://localhost:9050 could not connect to sgvtcaew4bxjd7ln.onion (0.0.0.0:0) due to: Host unreachable (6)
Err:8 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease
SOCKS proxy socks5h://localhost:9050 could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)
Reading package listsā¦ Done
W: Failed to fetch tor+http://sgvtcaew4bxjd7ln.onion/dists/stretch/updates/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to sgvtcaew4bxjd7ln.onion (0.0.0.0:0) due to: Host unreachable (6)
W: Failed to fetch tor+http://vwakviie2ienjx6t.onion/debian/dists/stretch/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package listsā¦ Done
Building dependency tree
Reading state informationā¦ Done
Calculating upgradeā¦ Done
The following packages were automatically installed and are no longer required:
anon-gateway-default-applications anon-gateway-packages-dependencies anon-gateway-packages-recommended anon-shared-applications-kde
anon-shared-default-applications anon-shared-desktop anon-shared-desktop-kde anon-shared-packages-dependencies
anon-shared-packages-recommended libcdio13 libdirectfb-1.2-9 libgles1-mesa libiso9660-8 libvcdinfo0 libvlccore8 linux-headers-4.9.0-6-amd64
linux-headers-4.9.0-6-common linux-image-4.9.0-6-amd64 non-qubes-vm-enhancements non-qubes-whonix-gateway
whonix-gateway-packages-dependencies whonix-gateway-packages-recommended whonix-shared-packages-dependencies
whonix-shared-packages-recommended
Use āsudo apt autoremoveā to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Adding to that, WhonixCheck also cannot check updates properly and takes a very long time to complete. Probably because of the same reason. Is this a repository issue? and why it happened?
Note this is a Debian server and/or Tor network issue, and nothing to do with Whonix.
Before we get another 50 posts about this topic, can we / shall we change the wiki to note that users should comment out Debianās dodgy onion to be able to complete updates properly?
torjunkie: Thanks for the reply, so is just commenting out these onions a complete solution? or should i replace them with āproperā ones? and if so, what are the āproperā ones?
Also, the apt autoremove question is still unanswered, can you maybe also let me know what is your advise on that? Thanks a bunch.
Also perhaps not a bad idea to update the wiki with that, because when inexperienced users, like myself, get these errors, it is not clear what to do - mainly because you simply are afraid changing things on your Whonix system, so commenting out repositories is not something you do automatically.
Also, if you leave them commented, does this mean you run a risk of not getting updates when needed? You are right saying it is a Debian server and/or Tor network issue, but if people are advised to comment out the buggy repositories, then that can cause a security risk, or not?
Better would be to have some alternative onion(s) - or have Whonixcheck to āflagā buggy repositories and warn about it that it will comment out for X days or something, but then re-enable them.
Is this a valid comment? If not, correct me please!
1. In Whonix-Workstation konsole, open Debian sources.list in an editor.
sudo nano /etc/apt/sources.list.d/debian.list
deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
#deb http://security.debian.org stretch/updates main contrib non-free
deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
#deb http://ftp.us.debian.org/debian stretch main contrib non-free
Now comment (#) the lines with the .onion address and uncomment the lines with the clearnet address. The first two code blocks should look like this. Note: only blocks shown need to be edited.
#deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
deb http://security.debian.org stretch/updates main contrib non-free
#deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
deb http://ftp.us.debian.org/debian stretch main contrib non-free
Save and exit.
2. Confirm the clearnet repositories are functional
sudo apt-get update && sudo apt-get dist-upgrade
3. Now repeat steps for Whonix-Gateway.
Keep in mind you will not reap the security benefits from using onion repositories:
