Have you considered separating updates and upgrades? In other words, make it so that when users follow the normal update procedure, they do not accidentally upgrade to a new version. Instead, upgrading to a new version could require an explicit command or procedure so that it must be done intentionally. (Of course, the user can still be asked/prompted to take that action.)
Ideally to be avoided. Complex. Difficult to get right. See
qubes-upgrade-vm ticket discussion. I really would like to avoid having
this for Qubes as well as for Whonix.
Given your answer, I think this would be a good situation to use the new Whonix News functionality that you described here:
whonixcheck Whonix 14 ideas
Some advance notice should be provided before a version upgrade so users know to backup and/or expect a big update. Ideally, users should confirm the updates that they apply anyway but it’s safe to say that’s probably not the case.
Whonix XX will be released on Jan 1, 2017. Please prepare your system by reading the upgrade instructions here: www…
I also did update without knowing it will upgrade the versions and Im now stuck with that error message about the meta package that everyone else has.
I read the whole thread but still unsure, should I fix it and how? Should I leave it? Or just backup my data and start with clean whonix 13. (that will probably take me whole day)
Follow https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13 and you will be fine.
I think a lot of the confusion / panic / mystery surrounding this warning message is because people don’t know what a meta-package is.
Here’s a nice description:
TL;DR: A Meta-package doesn’t contain code. It’s just a list of packages - in this case, all the packages that make up Whonix 13. Having the meta-package guarantees that you have at least all of the packages that you should. Not having the meta-package doesn’t necessarily mean that you are missing something but why take the chance?
To describe myself as upset right now is a major understatement. One of the major justifications to adding Whonx to Qubes was that much of the updating and maintaining of VMs would be handled by the Whonix templates within Qubes. Now, we find that this totally untrue.
I spent two hours downloading and installing regular updates and dist upgrades and only at the very end when I get this error message do find out that I did it all wrong. Worse, now that I am root there are packages to be installed that I just auto-removed when I was updating as non-root because that it what the upgrade program told me to do. I want to cry.
Not everyone is a forum junkie. Not everyone keeps up to date on what Whonix is doing. We should be able to rely on the regular update process to upgrade Whonix without any special instructions to following Qubes has an updater, use it!
If the net result of using Qubes with Whonix is that one has to go through the exact same nonesense to upgrade that one has to under KVM or Windows I’d rather go back there–all I have to do then is download the new release and start all over again. The amazing thing is that is would have been faster to download gigbytes over clearnet than all this non-sense over Tor and I doubt sincerely that I would be less safe.
Please understand, that Whonix is far more complex than most standard issue virtual systems.
Also, if redownloading and installing the entire system isn’t a problem, this may be done on Qubes at least as fast as on other systems, probably even faster. If you look at the guide, non Qubes users have to go through a similar amount of stress when trying to purely upgrade.
Furthermore, the fact that you were informed this late about issues and that some packages are reinstalling themselves sadly isn’t a Whonix related issue, but just created by how Debian (and most Linux based OS’s in general) handle updates.
Have a nice day,
A major talking point tof moving to Qubes was to avoid this problem. When I connect sys-whonix to Tor I get a message in the message box that says “Connecting to Tor” and then “Connect to Tor”. There is simply no reason on earth why that message cannot also read, when necessary, “A new distribution to Whonix is now available. Please see the whonix website for special instructions.”
These messages are the exact reason why people like myself do not run Whonix Check on a regular basis. There is no need because we get those notifications another way.
There is a way to deliver the correct information to the user right at the desktop. It’s not being used. Instead, what we have is notifications cast to the wind and pray that the user sees one of them and if not, well, their bad luck.
Despite being a forum junkie, I do agree with you. “Better news delivery” is being worked on: whonixcheck Whonix 14 ideas
Whonix 14 should have a more-informed transition process.
Regarding the actual upgrade process: Qubes does not handle template upgrades. Each template is responsible for itself - meaning no guarantees can be made that future upgrades will be any simpler or more automatic. However, your point about being directed to upgrade instructions before actually upgrading is well taken (by me - but I’m not a dev )
Good to hear it. Let me be clear. I am grateful for the hard work that Patrick and others have put into Whonix and Qubes. It is simply the fact that when one is dealing with security, especially secure operating system, what one doesn’t like is to be surprised. This is the first time I have gone up a distribution while under Qubes and I didn’t expect this type of situation. I now know better.
FWIW this error message has now gone away after I followed the directions on the Wiki.
Sorry, my statement sounded declarative. “should” should read “hopefully will” not “likely will”.
For reference, this was the upgrade procedure for the Fedora template(!):
Keep in mind, in most cases, you can simply swap out your template for the newest one. There are actually 3 methods to upgrade your Whonix distribution:
- In-place using apt-get (per wiki instructions)
- Semi-fresh: Keep your existing proxyVMs & appVMs.
Download latest templates.
Switch templateVM for each of your existing VMs.
(Since Whonix templates are the same name regardless of version (ie qubes-template-whonix-ws), I like to clone them right after downloading to something like whonix-ws-13. Then I remove the templates right away. That way when whonix-14 comes around, I can download the new templates and still have my whonix-13 templates.)
- Completely-fresh: Download latest templates.
Make new proxyVMs & appVMs.
Copy data only from existing VMs.
Actually, I would like someone to comment on the probability of breaking your system doing #2.
(My guess would be that it should be fairly safe until people start using bind directories and then have stale configs that persist…)
Can you please add it to the wiki page?
the problem i couldnt , because the button upload is not there which is very weird:-
In the left hand side, there is the publish button…
Have a nice day,
but the image didnt uploaded , so if i publish it then there will be nothing changed.
Odd, will have to try this later.
Have a nice day,
I have done only apt-get update && apt-get upgrade as I always do when there are no packages to update.
And this updated me to whonix 13 right?
now that I have done, do I still just follow everything from https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_136 ?
Please follow the guide from here completely when upgrading to Whonix 13.
Have a nice day,
Yes but since I’ve already run “apt-get update && apt-get upgrade” should I just do the guide now and everything be ok?