[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Qubes-Whonix 14.0.0.7.9 TemplateVMs for R3.2 and R4 -- Testers Wanted!

Patrick 2018-07-22 14:00:57 UTC #1

Whonix 14 release blockers - status of Whonix 14 development

Qubes-Whonix 14.0.0.6.9 TemplateVMs for R3.2 and R4--Testers Wanted!

Qubes-Whonix 14 SaltStack state files - Testers Wanted!

iry 2018-07-22 18:35:46 UTC #2

Step 2.1:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-core-admin-addon-whonix

Complains that there is no match. Is this Qubes 4.0 only?

iry 2018-07-22 18:42:42 UTC #3

I ignored the problem in Step 2.1 and went on:

Step 2.2

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-release

Says Skip one package as it is already installed. However, there is no [qubes-templates-itl-testing] section, and no /etc/yum.repos.d/qubes-templates.repo.rpmnew.

Note: I was testing on Qubes 3.2

iry 2018-07-22 19:04:59 UTC #4

Fixed by running sudo qubes-dom0-update

iry 2018-07-22 19:25:35 UTC #5

Step 4:

sudo qubesctl state.sls qvm.anon-whonix

I executed it once without deleting the existing sys-whonix, and the existing sys-whonix remained unchanged. Then I deleted sys-whonix and executed the command again. I got a brand new sys-whonix.

iry 2018-07-22 19:36:06 UTC #6

Note: I need to manually configure the templates whonix-gw-14 and whonix-ws-14 to use sys-whonix as NetVM. Since it’s been documented, https://www.whonix.org/wiki/Qubes/Update, I think it’s fair.

Patrick 2018-07-23 02:40:00 UTC #7

iry:

Step 2.1:
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-core-admin-addon-whonix
Complains that there is no match. Is this Qubes 4.0 only?

Yes. Documentation updated.

iry 2018-07-23 02:46:03 UTC #8

I didn’t set sys-whonix as my UpdateVM/ClockVM/netVM, however, sys-whonix is auto-started at every boot of Qubes now.

Is this the expected default behavior? People argues that https://github.com/QubesOS/qubes-issues/issues/3554:

This can weaken the anonymity, if one connects automatically to different Networks with the same sys-whonix VM because of the same entry guards.

To disable the auto-start:

In Qubes Manager, open the VM settings for sys-net.
Deselect “Start VM automatically on boot”.
Click “OK”.
Reboot the whole system.

Patrick 2018-07-23 02:44:00 UTC #9

iry:

I ignored the problem in Step 2.1 and went on:

Step 2.2

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-release

Says Skip one package as it is already installed. However, there is no [qubes-templates-itl-testing] section, and no /etc/yum.repos.d/qubes-templates.repo.rpmnew.

Note: I was testing on Qubes 3.2

[quote=“iry, post:3, topic:5529”]
Says Skip one package as it is already installed. However, there is
no [qubes-templates-itl-testing] section, and no
/etc/yum.repos.d/qubes-templates.repo.rpmnew .
[/quote]

Fixed by running sudo qubes-dom0-update

Alright, can’t explain this but I added to the very top:

Update Qubes dom0. sudo qubes-dom0-update

Can’t be wrong to update Qubes before anything else.

Patrick 2018-07-23 03:09:00 UTC #10

iry:

Note: I need to manually configure the templates whonix-gw-14 and whonix-ws-14 to use sys-whonix as NetVM. Since it’s been documented, https://www.whonix.org/wiki/Qubes/Update, I think it’s fair.

Yes. Anyhow I guess it will generate a ton of confusion. Usability issue
on Qubes R3.2. The proper way to fix this would be the following but not
sure if realistic to happen:

Patrick 2018-07-23 03:10:57 UTC #11

iry:

I didn’t set sys-whonix as my UpdateVM/ClockVM/netVM, however, sys-whonix is auto-started at every boot of Qubes now.

Is this the expected default behavior?

Expected.

github.com

QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/sys-whonix.sls#L35




{% load_yaml as defaults -%}
name:          sys-whonix
present:
- template:  whonix-gw-{{ whonix.whonix_version }}
- label:     black
- mem:       500
prefs:
- netvm:     sys-firewall
- provides-network: true
- autostart: true
require:
- pkg:       template-whonix-gw-{{ whonix.whonix_version }}
- qvm:       sys-firewall
{%- endload %}


{{ load(defaults) }}

People argues that https://github.com/QubesOS/qubes-issues/issues/3554

This can weaken the anonymity, if one connects automatically to different Networks with the same sys-whonix VM because of the same entry guards.

Reference: https://www.whonix.org/wiki/Tor#Entry_Guards