Installing Whonix on Kicksecure host with conflicting error messages
sudo apt-get update --yes --error-on=any
The user is advised to attempt to debug this with the following steps:
Run above command as root (with sudo).
Do as instructed and this error message contradicts the first:
[ERROR]: Non-Root Check: Running as root detected.
You are currently running this installer with root privileges.
This installer should not be run as root.
Please run as normal user.
the command apt-get update --allow-unauthenticated
is like the above command with argument --yes error-on=any
but
E: The update command takes no arguments
I believe the error has to do with package signing since âapt updateâ successfully updates over tor with onionized repositories so ââonionâ installer should also work. However, sometimes SOCKS timesout.
Lite RAM install
Also, the system I am testing has a nuance that might be of interest. TAILS can run on practically any hardware, even with only 4GB RAM without issue. Qubes OS had a live USB (alpha) but stopped development. I am trying to run Whonix on a Kicksecure host with lite RAM. Like Qubes, the virtualizer is what requires the higher RAM. I had an .ova from version 16 Whonix but the signatures have been revoked as of 12 days ago. Nevertheless, initial tests confirm that Whonix is possible on systems with low RAM by reducing the graphics memory requirements in VirtualBox much like the KVM option is already configured. However, VirtualBox Whonix Gateway is not entering into a prompt mode like KVM. The initial boot message is displayed but no commands can be entered.
And, besides, the installer refuses to run either way.
As for the question about ââallow-unauthenticatedâ
I only bring this up because I encounter expiration of Debian keys frequently. For, example, I already have an .ova of Whonix 16.0.9 but âupgrade-nonrootâ returns with unable to upgrade because of expired signature. What other option is there?
Furthermore, I donât think an answer that doesnât answer anything (yet) means that the question is a bad question just because an âanswerâ follows a question like a last laugh.
https:// www .whonix.org/wiki/RAM
I had a nice computer with an Intel Alder Lake 12 generation and 24 GB RAM that was closer to flawless with Qubes OS R4.2. However, no consumer computer on the market is TEMPEST shielded and up to Spectrum Dominance environmental effects standards. So, cheap âburnerâ computers with low RAM might be the only solution in my case. Hence, why I even bother with lite hardware.
The one is the installer. Donât run it as root/sudo.
The other thing is your system package manager which you should know some very basics about it. It requires root/sudo.
The installer is giving you advice. Talking about it.
Two different things.
Because your system has issues which arenât caused by the installer. Read the messages. Use a translator if you need. More productive than asking here.
Do run the command. Seriously. Do it.
sudo apt-get update --yes --error-on=any
Or at least run.
sudo apt-get update
Use a search engine to learn more about it. Really just a normal command. Weâre in the age of search engines, youtube and AI. Use it. No need to debate it here.
Any errors you see there are your system issues. Fix them. Not caused by Whonix or the installer.
Stop sleeping, read the news, upgrade in time before the old version is deprecated, perform a release upgrade or install a new version.
I have a Kicksecure host. The system is exactly like every other Kicksecure system. sha512sum checks out fine. Verified with GPG key. âaptâ works just fine with onionized repositories.
The command
is run WITHIN THE INSTALLER which contradicts itself.
whonix-cli-installer-cli: [NOTICE]: Command executing: $ sudo -- apt-get update --yes --error-on=any --see, you are wrong. You donât have a PhD in Information Warfare.
I will answer my own question. The installer canât run this command within the installer because the installer is run nonroot. So, there shouldnât be a âcommand executingâ sudo within a non-sudo installer.
None of this is âbasics.â You have a problem. Or, rather, you donât know the answer which does not make me stupid.
What about this Timed out while waiting to read 'first part of response' from proxy socks5h://127.0.0.1:905
I have found no information about why these time outs happen and refreshing tor doesnât help. I can try non-onion, but it would be good to know why these time outs happen. It is not my system. The network might be an obstacle or the onion server has an issue.
Not everything is user error. Do you know why, for instance, âshiftâ has an electromagnetic IRQ? There is no sign of physical intermittence in a bad keyboard that sometimes works and sometimes does not when in PAM. People will say youre just imagining but I have empirical repeatability. Oh, no! Not âlow lang.â (They have âdeprecated encephalusâ which means âlow head.â) No one has explanations for this!
You need a free github account to view the log (as per github policy). But that doesnât matter. Here is the relevant excerpt.
2024-03-20T15:50:23.4376011Z dist-installer-cli: [e[1me[32mNOTICEe[0m]: Command executing: $ sudo -- apt-get update --yes --error-on=any
2024-03-20T15:50:23.4376902Z ++ sudo -- apt-get update --yes --error-on=any
2024-03-20T15:50:23.4377636Z Hit:1 http://deb.debian.org/debian stable InRelease
2024-03-20T15:50:23.4378260Z Hit:2 http://deb.debian.org/debian stable-updates InRelease
2024-03-20T15:50:23.4379047Z Hit:3 http://deb.debian.org/debian-security stable-security InRelease
2024-03-20T15:50:23.4379605Z Reading package lists...'
2024-03-20T15:50:23.4380672Z + true 'INFO: Exit code is zero but that does not guarantee in case of dnf that there is no error.'
The installer runs as non-root, right, but any script/program running as non-root can attempt to use sudo. The installer attempts to use sudo. And itâs working.
The installer tests if it is able to run sudo. Here is a demo.
dist-installer-cli: [NOTICE]: Version Detection: Setting dev software version.
dist-installer-cli: [NOTICE]: Command executing: $ sudo -- echo test
test
Please post the installer log. But probably not even need for it.
If the installer stops after sudo apt-get update --yes --error-on=any then it does that because of an error being detected.
That is why the installer is advising the user to run that command manually to see it for themselves and fix these issues.
Without log output I donât think we can make meaningful progress here.
The installer without --onion argument progresses farther but exits after this error:
whonix-cli-installer-cli: [NOTICE]: Connectivity Test: Testing internet connection to 'rsync://www.whonix.org'...
verify depth is 4
write:errno=104
rsync: did not see server greeting
rsync error: error starting client-server protocol (code 5) at main.c(1863) [Receiver=3.2.7]
That looks like an interruption on the server side, as with the onion servers.
--non-interactive --log-level notice provides the same detail.
But this is the error from when --onion is appended with repos configured as needed
Err:4 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Connection timed out [IP: 127.0.0.1 9050]
Err:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Timed out while waiting to read 'first part of response' from proxy socks5h://127.0.0.1:9050 [IP: 127.0.0.1 9050]
Reading package lists...
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm-backports/InRelease Connection timed out [IP: 127.0.0.1 9050]
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm/InRelease Timed out while waiting to read 'first part of response' from proxy socks5h://127.0.0.1:9050 [IP: 127.0.0.1 9050]
E: Some index files failed to download. They have been ignored, or old ones used instead.
I think it is a network obstacle issue because tor is working fine on my system.
tor transport infrastructure must have a defect on network because VPN is successful (and much faster)
With VPN (multi-node, provider-defined, quantum-resistant, wireguard):
whonix-cli-installer-cli: [NOTICE]: Connectivity Test: Testing internet connection to 'rsync://www.whonix.org'...
verify depth is 4
whonix-cli-installer-cli: [NOTICE]: Connectivity Test Result: 'success'
How could tor transport be interfered with on Kicksecure? systemctl status tor.service shows tor is enabled and check.torproject.org is âsuccessfulâ and I can navigate to onion sites and apt can get most updates via onion. Nyx shows that tor is functioning as expected.
There is something deeper going on no one can explain or has yet.
But I have Whonix 17.1.3.1 now and am interested to see if I can run it with minimal RAM requirements? Isnât KVM about as minimal as VirtualBox with the memory adjustments?