If update_vm is sys-whonix and the template is not whonix-ws, but a debian or fedora template that has the sources onionized, then it will be tor over tor correct?
This does not occur on whonix templates because of the dummy tor package.
Is there a fix for this? Install anon-ws-disable-stacked-tor on the templates, but I don’t want to add whonix repo on debian and fedora.
Whonix guide to onionize debian templates and fedora templates
Tor is recommended by the package apt-transport-tor, so if I use apt install --no-install-recommends apt-transport-tor, tor will not be installed and the update on the template will be functional, but it will break if user try to update or install something directly on the appvm because it will use its netvm directly and tor wont be installed as on the template we force to not install recommends.
Tor shouldn’t be running inside the non-Whonix template already?
See:
cat /usr/lib/systemd/system/tor@default.service.d/30_qubes.conf[Unit]
ConditionPathExists=!/var/run/qubes/this-is-templatevm
After=qubes-sysinit.service
Tor shouldn’t be running inside the non-Whonix template already?
If installing apt-transport-tor, it will install as recommended the tor pkg. But when running apt commands on the appvm, it will be tor over tor, I believe.
Correct.
Yes.
But that shouldn’t matter when Template is updated? Because the Template’s Tor won’t run. Even if apt-transport-tor is installed. Even if using tor+ apt sources list syntax.
Yes, on the template it does not matter, only when using apt in the app vm.
This post was more like: “Are we aware of this scenario that tor over tor occurs”.
Thanks for the reply.
Sure.
As per Anonymize Other Operating Systems yes. Specifically as per:
Security Comparison: Whonix ™-Download-Workstation vs. Whonix-Custom-Workstation ™
Fedora doesn’t enable services (systemd units) by default? Great, no issue.
OpenBSD doesn’t do that. Also great.
Debian is the odd, messy one out here by starting all services by default that are installed from packages.
Ok, it is specifically that document, thanks.