sys-whonix dom0 updates failing on Qubes R4.1 with Qubes-Whonix 16

Ok there is an error in whonix-gw and whonix-ws:

systemcheck --ip-test

[systemcheck] UpdatesProxy IP Leak Test: Qubes’ UpdatesProxy was not reachable.
(curl exit code: [22] - [HTTP page not retrieved. The requested url was not
found or returned another error with the HTTP error code being 404
or above.

Please also provide the following log:

In sys-whonix

sudo journalctl --boot --no-pager -u qubes-updates-proxy.service

Is this issue still reproducible?


  • Please post only debug output to forum threads / tickets you’re personally affected by.
  • Please do not double post - this causes further confusion on my side and only makes a solution less likely.
  • Avoid duplication. Post links instead of copy/paste.

sudo journalctl --boot --no-pager -u qubes-updates-proxy.service

Sep 02 05:40:21 host systemd[1]: Starting Qubes updates proxy (tinyproxy)…
Sep 02 05:40:21 host systemd[1]: Started Qubes updates proxy (tinyproxy).
Sep 02 05:40:22 host tinyproxy-wrapper[835]: Found tinyproxy at /usr/bin/tinyproxy

This issue is still ongoingg, please see:

Could this be a bug or vulnerability in Tinyproxy?

No, that’s not how vulnerabilities work.

Read some example vulnerability report. Random chosen one.

If you can understand it, if you can write such analysis then you can find vulnerabilities. Otherwise you cannot.

1 Like

But it could be a software bug, or an error in a configuration file.

Could be.

1 Like

Which do think is the more likely cause?

User errror. And there’s no shame in this. This is difficult stuff.

If it was a software bug then there would be many users affected.

You need to carefully re-read what developers said, information requested and provide it. Otherwise I see no chance for fix.

1 Like

And then you provided only half of it.

1 Like

In sys-whonix:

systemcheck --ip-test:

[INFO] [systemcheck] SocksPort IP Leak Test: Testing Tor’s SocksPort (SOCKS_PORT_SYSTEMCHECK: 9110)…
[INFO] [systemcheck] SocksPort IP Leak Test: Connected to Tor.
[INFO] [systemcheck] system default networking IP Leak Test: system default networking IP Leak Test…
[INFO] [systemcheck] system default networking IP Leak Test Test Result: Ok, Tor’s TransPort was not reachable.
This is expected on Whonix-Gateway’s default configuration.
(curl exit code: [6] - [Couldn’t resolve host. The given remote host was not resolved.])
[INFO] [systemcheck] Stream Isolation Test: Ok, skipped, because TransPort test failed! Can not test stream isolation. This is expected on Whonix-Gateway’s default configuration.
[INFO] [systemcheck] Debian Package Update Check: Checking for software updates via apt-get… ( Documentation: Operating System Software and Updates )
[INFO] [systemcheck] Debian Package Update Check Result: No updates found via apt-get.
[INFO] [systemcheck] Please donate!

Did you restore any Whonix App Qubes or Templates from backup?

Are you using the default names for Whonix VMs?

Default VM names for Whonix 16 are:

  • Tempaltes:
    • whonix-gw-16
    • whonix-ws-16
  • App Qubes:
    • anon-whonix
    • sys-whonix

sys-whonix is currently a cloned VM, which is named sys-whonix-clone-1.

After changing the VM names back to the default, there is a new error message being returned:

sudo systemctl restart qubes-whonix-torified-updates-proxy-check:

Failed to restart qubes-whonix-torified-updates-proxy-check.service: Unit qubes-whonix-torified-updates
-proxy-check.service not found

There is another error message being thrown by the GUI-based updater:

WARNING: Execution of /usr/bin/apt-get prevented by /etc/uwt.d/40_qubes.conf because no torified
Qubes updates proxy found

At the very top of that file you should have the following:

$tag:whonix-updatevm $default allow,target=sys-whonix

To see if it is fixed, try running in Whonix TemplateVM:

sudo systemctl restart qubes-whonix-torified-updates-proxy-check

Renaming VMs isn’t simple. There are at least 2 related Qubes usability issues:

To use additional (new or cloned) sys-whonix you would need to do it as per documentation:

I hope you wrote it without the colon (:) at the end.

I don’t see how renaming Whonix-Gateway (sys-whonix) could cause issues with qubes-whonix-torified-updates-proxy-check.

It’s also saying you should run the command in TemplateVM.

It would be really helpful to add to your post in which VM you run what command.

Some possiblities why this command might fail:

  • A) you run the command inside a sys-whonix which isn’t based on a Whonix Template
    • for example, you created sys-whonix and made the mistake to make it use the debian-12 Template
  • B) you run the command in a template which has Whonix in name but is actually based on a different operating system
    • this could happen by cloning a debian-12 Template and by mistake rename it to a name including Whonix
  • C) you uninstalled some packages?

Run systemcheck because it would tell you in the first line of its output in what kind of environment (VM name; operating system) it’s running.


[INFO] [systemcheck] sys-whonix | Whonix-Gateway | […]