Errors updating September 2018

Since few days I receive errors when trying to update Whonix GW.
(see below the logs).
Also, can someone explain me whether I should use apt autoremove, or not? The logs suggest I do, but I can remember it broke Whonix some months ago when someone did that.
Thanks for the help!

user@host:~$ sudo apt-get update && sudo apt-get dist-upgrade
Hit:1 http://security.debian.org stretch/updates InRelease
Hit:2 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch InRelease
Ign:3 http://ftp.us.debian.org/debian stretch InRelease
Hit:4 http://deb.whonix.org stretch InRelease
Hit:5 http://ftp.us.debian.org/debian stretch Release
Err:7 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease
SOCKS proxy socks5h://localhost:9050 could not connect to sgvtcaew4bxjd7ln.onion (0.0.0.0:0) due to: Host unreachable (6)
Err:8 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease
SOCKS proxy socks5h://localhost:9050 could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)
Reading package listsā€¦ Done
W: Failed to fetch tor+http://sgvtcaew4bxjd7ln.onion/dists/stretch/updates/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to sgvtcaew4bxjd7ln.onion (0.0.0.0:0) due to: Host unreachable (6)
W: Failed to fetch tor+http://vwakviie2ienjx6t.onion/debian/dists/stretch/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package listsā€¦ Done
Building dependency tree
Reading state informationā€¦ Done
Calculating upgradeā€¦ Done
The following packages were automatically installed and are no longer required:
anon-gateway-default-applications anon-gateway-packages-dependencies anon-gateway-packages-recommended anon-shared-applications-kde
anon-shared-default-applications anon-shared-desktop anon-shared-desktop-kde anon-shared-packages-dependencies
anon-shared-packages-recommended libcdio13 libdirectfb-1.2-9 libgles1-mesa libiso9660-8 libvcdinfo0 libvlccore8 linux-headers-4.9.0-6-amd64
linux-headers-4.9.0-6-common linux-image-4.9.0-6-amd64 non-qubes-vm-enhancements non-qubes-whonix-gateway
whonix-gateway-packages-dependencies whonix-gateway-packages-recommended whonix-shared-packages-dependencies
whonix-shared-packages-recommended
Use ā€˜sudo apt autoremoveā€™ to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Adding to that, WhonixCheck also cannot check updates properly and takes a very long time to complete. Probably because of the same reason. Is this a repository issue? and why it happened?

Please do a forum search before posting.

Note this is a Debian server and/or Tor network issue, and nothing to do with Whonix.

Before we get another 50 posts about this topic, can we / shall we change the wiki to note that users should comment out Debianā€™s dodgy onion to be able to complete updates properly?

1 Like

torjunkie: Thanks for the reply, so is just commenting out these onions a complete solution? or should i replace them with ā€˜properā€™ ones? and if so, what are the ā€˜properā€™ ones? :slight_smile:
Also, the apt autoremove question is still unanswered, can you maybe also let me know what is your advise on that? Thanks a bunch.

Also perhaps not a bad idea to update the wiki with that, because when inexperienced users, like myself, get these errors, it is not clear what to do - mainly because you simply are afraid changing things on your Whonix system, so commenting out repositories is not something you do automatically.
Also, if you leave them commented, does this mean you run a risk of not getting updates when needed? You are right saying it is a Debian server and/or Tor network issue, but if people are advised to comment out the buggy repositories, then that can cause a security risk, or not?
Better would be to have some alternative onion(s) - or have Whonixcheck to ā€˜flagā€™ buggy repositories and warn about it that it will comment out for X days or something, but then re-enable them.
Is this a valid comment? If not, correct me please!

Hi. Have same issue with debian servers in tor. How I can do it?

Hi chitas

To use Debian http:// URI clearnet repositories.

1. In Whonix-Workstation konsole, open Debian sources.list in an editor.

sudo nano /etc/apt/sources.list.d/debian.list

deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
#deb http://security.debian.org stretch/updates main contrib non-free

deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
#deb http://ftp.us.debian.org/debian stretch main contrib non-free

Now comment (#) the lines with the .onion address and uncomment the lines with the clearnet address. The first two code blocks should look like this. Note: only blocks shown need to be edited.

#deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
deb http://security.debian.org stretch/updates main contrib non-free

#deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
deb http://ftp.us.debian.org/debian stretch main contrib non-free

Save and exit.

2. Confirm the clearnet repositories are functional

sudo apt-get update && sudo apt-get dist-upgrade

3. Now repeat steps for Whonix-Gateway.

Keep in mind you will not reap the security benefits from using onion repositories:

2 Likes

Edits have been made to the wiki updating section i.e. circumvent future problems by defaulting to clearnet repositories.

1 Like

Thank you 0brand.

The best reply for months on this forum!

Will try the workaround!

ef86