Installing and updating Tor browser on VM by VM basis is very cumbersome (time and bandwidth-wise) when you have 10 or so separate VMs you'd like it in.
It would be nice if you could update it in the template, and that could execute a qrexec service (really a script that is triggered and runs the qrexec service multiple times depending on the input parameters you give it) that would do the following:
1. Prompt you with a gui asking which whonix-ws based VMs you'd like to update Tor browser in. Each one could have a checkbox and it could remember your last choice(s).
But did you know already, that tb-updater is unable to keep your user settings? It renames your old folder so nothing is lost. Then installs a fresh one. Something important to know. I don’t think this limitation can be lifted in tb-updater. Upgrading Tor Browser is hard. (Upstream often changed the folder layout in past.) That’s what Tor Browser’s internal updater is for.
So most likely your solution should rely on Tor Browser’s internal updater rather than tb-updater?
2. If the first VM in the list of those chosen is already on, intiate a qrexec request. If it is rejected by the qrexec daemon, do not go any further and shutdown the process with an error report. The user probably made a mistake or otherwise your dom0 is really someone else's.
3. Supposing the user accepts it, whonix-ws template will send the verified Tor browser tar archive to the VM. The VM will then move the old one aside and extract the new one in it's place. If everything goes right, it sends back an exit code 0. If something went wrong (this seems really unlikely considering how basic the operation is), we send back an error code and continue.
Ok. (But my above considerations apply.)
4. Repeat steps 2-3 for the rest of the VMs selected in step 1.
The obvious threat here is for a malicious VM to somehow infect the template. It should not be too hard to express in Python that if the input coming back is not 0 or one of the recognized error codes, that an exception should be thrown and error printed that says "Hey, maybe VM X it totally pwn3d. You might want to check that out."
Sounds good overall.
I could try writing this.
I am not sure into which package this belongs. Perhaps https://github.com/Whonix/tb-updater. Or https://github.com/Whonix/qubes-whonix.
Actually... it seems like it might just be easier to install Tor browser to root.
I don't see any danger or difficulty to doing so, do you? You could simply modify your GUI tool to download and verify in /home, and then prompt root and install to / in whonix-ws template only.
Tor Browser refuses to run as root. (Could be patched, but probably not a good solution, would cause other confusing permission issues.)
Due to Tor Browser binaries being entangled with user data in the same folder (Tor Browser is packaged and only available as portable app) (“upstream issue”?), you cannot install Tor Browser to /usr/bin or /opt or so as root and then run it as a user having your profile in user’s home folder.
I understand why there is no point in doing so on a non-template-based Whonix setup, but as far as Qubes goes, this would provide a reliable way to upgrade and update Tor browser for all whonix-ws based VMs.
We can consider any Qubes specific command line switches [run as root, install to root etc.] switches for tb-updater, but as said above, I don't think it would work that way.