Ok, I just remembered why Option #1 is hard: Using Whonix-Workstation as a DisposableVM (DispVM) - #20 by Patrick
IIUC, there is no way to set tb-updater to permanently get the latest version of a specific type of TBB (alpha, hardened). Without this feature, user must manually update TBB via update-torbrowser every time a new TBB is released. This is the issue I wanted resolved before documenting Option #1. In the present state, Option #1 would look something like this:
- run update-torbrowser in whonix-ws
- qvm-create-default-dvm whonix-ws
- every time you change whonix-ws, tbb will be recopied but that’s ok because the version you wanted will still be present in /var/cache
- when new tbb is released, pay attention and run update-torbrowser again in whonix-ws. if you forget, then stable tbb will be copied to your dispVM-templates. Better idea is to set tb_install_follow=false. Then run update-torbrowser in whonix-ws when TBB internal updater prompts for upgrade.
I guess that’s not so bad. With auto tb-updater though would be simpler:
- set preferred tbb type in whonix-ws
- qvm-create-default-dvm whonix-ws
No further maintenance required. DispVM-Template TBB will always be what you wanted.
Should I document current Option #1, wait for change to tb-updater, or omit entirely?
You just have to be different… 