Qubes-Whonix 14.0.0.7.9 TemplateVMs for R3.2 and R4 -- Testers Wanted!

Patrick · July 22, 2018, 2:00pm

iry · July 22, 2018, 6:35pm

Step 2.1:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-core-admin-addon-whonix

Complains that there is no match. Is this Qubes 4.0 only?

iry · July 22, 2018, 6:42pm

I ignored the problem in Step 2.1 and went on:

Step 2.2

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-release

Says Skip one package as it is already installed. However, there is no [qubes-templates-itl-testing] section, and no /etc/yum.repos.d/qubes-templates.repo.rpmnew.

Note: I was testing on Qubes 3.2

iry · July 22, 2018, 7:04pm

Fixed by running sudo qubes-dom0-update

iry · July 22, 2018, 7:25pm

Step 4:

sudo qubesctl state.sls qvm.anon-whonix

I executed it once without deleting the existing sys-whonix, and the existing sys-whonix remained unchanged. Then I deleted sys-whonix and executed the command again. I got a brand new sys-whonix.

iry · July 22, 2018, 7:36pm

Note: I need to manually configure the templates whonix-gw-14 and whonix-ws-14 to use sys-whonix as NetVM. Since it’s been documented, Update Qubes-Whonix ™, I think it’s fair.

Patrick · July 23, 2018, 2:40am

iry:

Step 2.1:
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-core-admin-addon-whonix
Complains that there is no match. Is this Qubes 4.0 only?

Yes. Documentation updated.

iry · July 23, 2018, 2:46am

I didn’t set sys-whonix as my UpdateVM/ClockVM/netVM, however, sys-whonix is auto-started at every boot of Qubes now.

Is this the expected default behavior? People argues that Issues · QubesOS/qubes-issues · GitHub

This can weaken the anonymity, if one connects automatically to different Networks with the same sys-whonix VM because of the same entry guards.

To disable the auto-start:

In Qubes Manager, open the VM settings for sys-net.
Deselect “Start VM automatically on boot”.
Click “OK”.
Reboot the whole system.

Patrick · July 23, 2018, 2:44am

iry:

I ignored the problem in Step 2.1 and went on:

Step 2.2

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-release

Says Skip one package as it is already installed. However, there is no [qubes-templates-itl-testing] section, and no /etc/yum.repos.d/qubes-templates.repo.rpmnew.

Note: I was testing on Qubes 3.2

[quote=“iry, post:3, topic:5529”]
Says Skip one package as it is already installed. However, there is
no [qubes-templates-itl-testing] section, and no
/etc/yum.repos.d/qubes-templates.repo.rpmnew .
[/quote]

Fixed by running sudo qubes-dom0-update

Alright, can’t explain this but I added to the very top:

Update Qubes dom0. sudo qubes-dom0-update

Can’t be wrong to update Qubes before anything else.

Patrick · July 23, 2018, 3:09am

iry:

Note: I need to manually configure the templates whonix-gw-14 and whonix-ws-14 to use sys-whonix as NetVM. Since it’s been documented, Update Qubes-Whonix, I think it’s fair.

Yes. Anyhow I guess it will generate a ton of confusion. Usability issue
on Qubes R3.2. The proper way to fix this would be the following but not
sure if realistic to happen:

github.com/QubesOS/qubes-issues

backport versioned Whonix template names from Qubes R4 to Qubes R3.2

opened 03:01AM - 23 Jul 18 UTC

closed 01:40PM - 04 Aug 18 UTC

adrelanos

T: task C: Whonix r3.2-dom0-stable

Otherwise Qubes-Whonix 14 installation instructions will be too difficult for Qu…bes-Whonix 14 on Qubes R3.2: https://www.whonix.org/wiki/Qubes/Install/Testing Even Whonix contributors run into issues: https://forums.whonix.org/t/qubes-whonix-14-0-0-7-9-templatevms-for-r3-2-and-r4-testers-wanted Related: * https://github.com/QubesOS/qubes-issues/issues/3765 * https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/pull/10/files

Patrick · July 23, 2018, 3:10am

iry:

I didn’t set sys-whonix as my UpdateVM/ClockVM/netVM, however, sys-whonix is auto-started at every boot of Qubes now.

Is this the expected default behavior?

Expected.

github.com

QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/sys-whonix.sls#L35


      
          
          {% load_yaml as defaults -%}
          name:          sys-whonix
          present:
            - template:  whonix-gateway-{{ whonix.whonix_version }}
            - label:     black
            - mem:       500
          prefs:
            - netvm:     sys-firewall
            - provides-network: true
            - autostart: true
          require:
            - qvm:       template-whonix-gateway-{{ whonix.whonix_version }}
            - qvm:       sys-firewall
          {%- endload %}
          
          {{ load(defaults) }}

People argues that Cannot deactivate automatically start default netvm on boot. · Issue #3554 · QubesOS/qubes-issues · GitHub

This can weaken the anonymity, if one connects automatically to different Networks with the same sys-whonix VM because of the same entry guards.

Reference: Tor Documentation for Whonix Users

mig5 · August 2, 2018, 2:59am

I tried to follow the steps at HowTo: Install the Testers-Only Version of Qubes-Whonix ™

However, in section ‘Qubes R4 Only’, this fails:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing mgmt-salt-dom0-virtual-machines

Error is:

No match for argument: mgmt-salt-dom0-virtual-machines
Error: Unable to find a match

The subsequent command sudo qubesctl top.enable qvm.whonix-testing pillar=true also then fails with salt.exceptions.SaltRenderError: Could not find relpath for qvm.whonix-testing.top

mig5 · August 2, 2018, 3:00am

It looks as though the package name is actually

qubes-mgmt-salt-dom0-virtual-machines

I also had to add --best --allowerasing to force the upgrade to 4.0.0.13-1.fc25 from 40.0.11-1.fc25 due to apparent ‘conflicts’ (though it wasn’t clear what conflicts they were)

mig5 · August 2, 2018, 3:06am

Section “Add Qubes’ Community Templates Testing Repository” :

Ensure the file contains [qubes-templates-itl-testing]

minor note, this should be “Ensure the file contains [qubes-templates-community-testing]” because the text pasted beneath it is for templates-community-testing. (or, the text pasted beneath is incorrect, and should be that of qubes-templates-itl-testing. Whichever is true).

I have both qubes-templates-itl-testing and qubes-templates-community-testing in my qubes-templates.repo.

Patrick · August 2, 2018, 4:48am

mig5:

Section “Add Qubes’ Community Templates Testing Repository” :

Ensure the file contains [qubes-templates-itl-testing]

minor note, this should be “Ensure the file contains [qubes-templates-community-testing]” because the text pasted beneath it is for templates-community-testing. (or, the text pasted beneath is incorrect, and should be that of qubes-templates-itl-testing. Whichever is true).

I have both qubes-templates-itl-testing and qubes-templates-community-testing in my qubes-templates.repo.

Fixed.

Patrick · August 2, 2018, 3:55pm

mig5:

mig5:

mgmt-salt-dom0-virtual-machines

It looks as though the package name is actually
qubes-mgmt-salt-dom0-virtual-machines

Fixed.

Patrick · August 2, 2018, 5:14pm

iry:

Step 4:

sudo qubesctl state.sls qvm.anon-whonix

I executed it once without deleting the existing sys-whonix, and the existing sys-whonix remained unchanged. Then I deleted sys-whonix and executed the command again. I got a brand new sys-whonix.

This is addressed for now through:
How-to: Install Qubes-Whonix

But I don’t like that solution. Could you report a bug to Qubes please?

iry · August 3, 2018, 3:02pm

Sure thing, done:

github.com/QubesOS/qubes-issues

No error information when salt failed to create a VM due to name collision

opened 03:01PM - 03 Aug 18 UTC

irykoon

T: enhancement C: mgmt C: Whonix P: default

### Qubes OS version: R3.2 and R4.0  ### Affected component(s): Whonix --- ### Steps to reproduce the behavior:  When `sudo qubesctl state.sls qvm.anon-whonix` is executed as [instructed by Whonix wiki](https://whonix.org/wiki/Qubes/Install/Testing) while `sys-whonix` VM already exists, the existing `sys-whonix` VM will remain unchanged. ### Expected behavior: User should be informed that the `sys-whonix` VM is not created as expected because it already exists. ### Actual behavior: User is not informed that they are still using the old `sys-whonix` VM. ### General notes: The current workaround is to delete the existing `sys-whonix` and then executed the command again. Whonix Wiki has also been updated to [address the issue](https://www.whonix.org/wiki/Qubes/Install/Testing#Remove_Old_Versions), but this solution is not very [satisfying](https://forums.whonix.org/t/qubes-whonix-14-0-0-7-9-templatevms-for-r3-2-and-r4-testers-wanted/5529/17). The `anon-whonix` may be affected by this problem as well.

Patrick · August 6, 2018, 7:02am