Since few days I receive errors when trying to update Whonix GW.
(see below the logs).
Also, can someone explain me whether I should use apt autoremove, or not? The logs suggest I do, but I can remember it broke Whonix some months ago when someone did that.
Thanks for the help!
user@host:~$ sudo apt-get update && sudo apt-get dist-upgrade
Hit:1 http://security.debian.org stretch/updates InRelease
Hit:2 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch InRelease
Ign:3 http://ftp.us.debian.org/debian stretch InRelease
Hit:4 http://deb.whonix.org stretch InRelease
Hit:5 http://ftp.us.debian.org/debian stretch Release
Err:7 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease
SOCKS proxy socks5h://localhost:9050 could not connect to sgvtcaew4bxjd7ln.onion (0.0.0.0:0) due to: Host unreachable (6)
Err:8 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease
SOCKS proxy socks5h://localhost:9050 could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)
Reading package lists… Done
W: Failed to fetch tor+http://sgvtcaew4bxjd7ln.onion/dists/stretch/updates/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to sgvtcaew4bxjd7ln.onion (0.0.0.0:0) due to: Host unreachable (6)
W: Failed to fetch tor+http://vwakviie2ienjx6t.onion/debian/dists/stretch/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages were automatically installed and are no longer required:
anon-gateway-default-applications anon-gateway-packages-dependencies anon-gateway-packages-recommended anon-shared-applications-kde
anon-shared-default-applications anon-shared-desktop anon-shared-desktop-kde anon-shared-packages-dependencies
anon-shared-packages-recommended libcdio13 libdirectfb-1.2-9 libgles1-mesa libiso9660-8 libvcdinfo0 libvlccore8 linux-headers-4.9.0-6-amd64
linux-headers-4.9.0-6-common linux-image-4.9.0-6-amd64 non-qubes-vm-enhancements non-qubes-whonix-gateway
whonix-gateway-packages-dependencies whonix-gateway-packages-recommended whonix-shared-packages-dependencies
Use ‘sudo apt autoremove’ to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
torjunkie: Thanks for the reply, so is just commenting out these onions a complete solution? or should i replace them with ‘proper’ ones? and if so, what are the ‘proper’ ones?
Also, the apt autoremove question is still unanswered, can you maybe also let me know what is your advise on that? Thanks a bunch.
Also perhaps not a bad idea to update the wiki with that, because when inexperienced users, like myself, get these errors, it is not clear what to do - mainly because you simply are afraid changing things on your Whonix system, so commenting out repositories is not something you do automatically.
Also, if you leave them commented, does this mean you run a risk of not getting updates when needed? You are right saying it is a Debian server and/or Tor network issue, but if people are advised to comment out the buggy repositories, then that can cause a security risk, or not?
Better would be to have some alternative onion(s) - or have Whonixcheck to ‘flag’ buggy repositories and warn about it that it will comment out for X days or something, but then re-enable them.
Is this a valid comment? If not, correct me please!
1. In Whonix-Workstation konsole, open Debian sources.list in an editor.
sudo nano /etc/apt/sources.list.d/debian.list
deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
#deb http://security.debian.org stretch/updates main contrib non-free
deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
#deb http://ftp.us.debian.org/debian stretch main contrib non-free
Now comment (#) the lines with the .onion address and uncomment the lines with the clearnet address. The first two code blocks should look like this. Note: only blocks shown need to be edited.
#deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
deb http://security.debian.org stretch/updates main contrib non-free
#deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
deb http://ftp.us.debian.org/debian stretch main contrib non-free
Save and exit.
2. Confirm the clearnet repositories are functional
sudo apt-get update && sudo apt-get dist-upgrade
3. Now repeat steps for Whonix-Gateway.
Keep in mind you will not reap the security benefits from using onion repositories: