[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Qubes-Whonix 14 SaltStack state files - Testers Wanted!

Patrick 2018-06-13 07:23:50 UTC #1

Qubes ticket:

Available for Qubes current-testing.

Whonix 14 release blockers - status of Whonix 14 development

Patrick 2018-06-14 07:45:32 UTC #2

Please first https://www.whonix.org/wiki/Update as usual since many fixes are in the repository such as Tor Browser in DispVM preinstallation.

This one every tester might like to test.

Installs ‘anon-whonix’ AppVM.

sudo qubesctl state.sls qvm.anon-whonix

This one every tester might like to test.

Installs ‘whonix-ws-dvm’ AppVM as a base for Disposable VMs.

sudo qubesctl state.sls qvm.whonix-ws-dvm

This depends on your personal preference.

Setup UpdatesProxy to always use sys-whonix all TemplateVMs are upgraded over Tor.

sudo qubesctl state.sls qvm.updates-via-whonix

( https://www.whonix.org/wiki/Dev/Qubes#salt )

Patrick 2018-07-15 15:37:38 UTC #3

awokd 2018-07-25 07:12:09 UTC #4

Updated to latest testing and sudo qubesctl state.sls qvm.anon-whonix and sudo qubesctl state.sls qvm.whonix-ws-dvm work now.

sudo qubesctl state.sls qvm.updates-via-whonix is still glitchy. For example, if the first line of qubes.UpdatesProxy is $type:TemplateVM $default allow,target=sys-net, running the Salt command results in it prepending $type:TemplateVM $default allow,target=sys-whonix to the file. It’s first match so technically will work, but not very clean.

Is there also a Salt command to update sys-whonix to 14, or does that just need a template change to whonix-gw-14?

Patrick 2018-07-25 07:29:05 UTC #5

What would you suggest?

awokd 2018-07-25 07:50:18 UTC #6

Can Salt search for the first (not commented out) $type:TemplateVM $default allow,target= in the file, then update it instead? Not really sure of its capabilities.

I confirmed qubesctl state.sls qvm.anon-whonix will create a sys-whonix with the -14 template if it does not already exist, but not update it to -14 if it does. Guess this would be difficult to automate because it would have to search out everything set to use the old sys-whonix and temporarily disable it before it could update to new.