Whonix-Downloader keeps failing

Hi,

i am using Qube-OS and would like to update my disp-vm’s Tor-Browser from 10.0.1 to 10.0.2.

For this, i am doing the following: Launching the whonix-ws-15 Tor Browser Downloader, that fails with this Error message: ERROR: [Link to dist of torproject] could not be reached. but from other disp vm’s i can access the site. Additionally Whonix Check finds, that everything is in order.

There is this additional info given from the downloader:

(Debugging information: curl_status_message: [1] - [Unsupported protocol. This build of curl has no support for this protocol.])

whonixcheck -v gives me this journalctl failed messages:
failed:
########################################
Oct 24 07:17:03 host systemd[1]: apparmor.service: Failed with result ‘exit-code’.
Oct 24 07:17:03 host systemd[1]: Failed to start Load AppArmor profiles.
########################################

errors:
########################################
Oct 24 07:17:03 host kernel: ACPI Error: No handler or method for GPE 00, disabling event (20180810/evgpe-841)
Oct 24 07:17:03 host kernel: ACPI Error: No handler or method for GPE 01, disabling event (20180810/evgpe-841)
Oct 24 07:17:03 host kernel: ACPI Error: No handler or method for GPE 03, disabling event (20180810/evgpe-841)
Oct 24 07:17:03 host kernel: ACPI Error: No handler or method for GPE 04, disabling event (20180810/evgpe-841)
Oct 24 07:17:03 host kernel: ACPI Error: No handler or method for GPE 05, disabling event (20180810/evgpe-841)
Oct 24 07:17:03 host kernel: ACPI Error: No handler or method for GPE 06, disabling event (20180810/evgpe-841)
Oct 24 07:17:03 host kernel: ACPI Error: No handler or method for GPE 07, disabling event (20180810/evgpe-841)
Oct 24 07:17:03 host kernel: Error: Driver 'pcspkr' is already registered, aborting...
########################################

Especially the Networking looks fine.

[INFO] [whonixcheck] Qubes Update Proxy Reachability Test: Trying to reach Qubes update proxy... PROXY_SERVER: http://127.0.0.1:8082/
[INFO] [whonixcheck] Qubes Update Proxy Reachability Result: Ok, torified update proxy reachable.
[INFO] [whonixcheck] Qubes Update Proxy Functionality Test: Trying to use Qubes update proxy... PROXY_SERVER: http://127.0.0.1:8082/
[INFO] [whonixcheck] Qubes Update Proxy Functionality Result: Ok, functional.

Other than that, everything looks ok to me.

What could be the problem?

thanks in advance for you help!

merboros

I went command line for this.

Running update-torbrowser in the whonix-ws-15-template runs through no problem, but my disps are not updated. (Because thats not the way to do it)

So i went with: [thisforum]/t/problems-update-or-hacked-whonix-qubes-4-0/5076/10
(can’t post links)

And getting:

user@host:~$ update-torbrowser 
INFO: Auto detecting ARCH...
INFO: ARCH x86_64 detected.
INFO: Auto detecting ARCH_DOWNLOAD...
INFO: ARCH_DOWNLOAD linux64 detected.
[INFO] [torbrowser-downloader] INFO: CURL_PROXY: --proxy socks5h://tb-updater_8922ca36-ec2b-4bf6-a9d3-e39588449dca:password@[SOMEIP]
[INFO] [torbrowser-downloader] INFO: tbb_version_previous_downloaded_version: none
[INFO] [torbrowser-downloader] INFO: stdin connected to terminal, setting TB_INPUT to stdin, will use terminal for input, ok.
[INFO] [torbrowser-downloader] INFO: Alternatively, if want to run from command line, but still use the graphical user interface for input, you could add to command line: --input gui
Do not run Tor Browser in Qubes DVM Template!
More info: https://www.whonix.org/wiki/Tor_Browser#Running_in_Qubes_DVM_Template

But following the linked answer seems to have worked for other people so i am wondering, why it straight out refuses zu start for me.

I am beginning to suspect, that i was just using Qubes the wrong way (trying to update the template instead of the dvm) and this might be the wrong forum. Sorry for that :confused:

Things worthy of note:
Running uptdate-torbrowser in the template whonix-ws-15 tells me, i have to be root. updates but no
Running uptdate-torbrowser in the template whonix-ws-15 tells me, AS ROOT updates but no change to the template is made, aka my new disps are still old.

Running update-torbrowser in the whonix-ws-15-dvm AS ROOT tells me, it must not be run as root.
Running update-torbrowser in the whonix-ws-15-dvm as user tells me, i must not start Tor Browser in the dvm Template.

So this raises 3 questions for me:

  1. How do i update this the correct way?
  2. Why do i have to run updates as root in one place, but can’t in another?
  3. Why seems update-torbrowser to be “equivalent” to running torbrowser in the dvm?

merboros

I can answer the rest later. But likely this is the root issue:

Cannot reproduce currently.

Possibly some package was removed or installed due to user modifications. Not the downloader is broken but curl which is used internally by the downloader.

Try this command:

curl --tlsv1.2 --proto =https https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions/

Probably broken. This is what you need to fix.

Probably easiest to re-install TemplateVM since debugging this otherwise would probably require some back and forth.

You could also try to “cheat” your way out of it. But I don’t recommend it since something more might be broken if above test command failed.

update-torbrowser --onion

^ but even that might fail due to Tor Project (or general?) onion availability issues (which are unrelated to Whonix). (Even

curl --head http://rqef5a5mebgq46y5.onion

currently doesn’t work for me.

Thank you very much Patrick!

I tried this answer on this forum for updating (and modification) but it didn’t work. All opened new dispVM’s from my copied modified version are… not modified.

curl seems to curl fine in the template tho. (I connected it to a NetVM for yout test and updating). Your test runs through, update also. And my new dispVM’s are on 10.0.2 now. Thank you very much!

Now i will figure out, why my modifications (namely setting tor security settings on highest) wont work with the linked answer.

So my update strategy for updating whonix-ws will be like:

  1. Attaching a NetVM (whonix-gw) to the whonix-ws-15 template (discouraged. Is it safe in this case?)
  2. update-torbrowser
  3. Remove NetVM again

So my questions are:

  1. Is this the correct/safe way of updating whonix-ws?
  2. Why do i have to run updates as root in one place, but can’t in another? (See here)
  3. Why seems update-torbrowser to be “equivalent” to running torbrowser in the dvm? (See here)

greetings

merboros

Simplified: “curl does not matter.”
scurl does.

or

curl --tlsv1.2 --proto =https

as per Secure Command Line / Scurl

I.e. enforcement of TLS might be the cause.

(reminds me: Check curl for latests tls support (–tlsv1.3) - ⚓ T682 Check curl for latests tls support (--tlsv1.3) )

Unfortunately, updating Tor Browser is more complex than regular system updates due to technical limitations outside of Whonix’s control. See:
Tor Browser Update: Technical Details

No, shouldn’t be ever done.

It’s not. Just a confusing error message in terminal.

update-torbrowser --input gui is slightly less confusing since the window title is

Tor Browser Downloader (by Whonix developers)

To resolve the confusion where to run or not run Tor Browser Downloader (by Whonix ™ developers) or Tor Browser, a new documentation chapter was added just now:
Tor Browser Essentials

The full documentation on upgrading Tor Browser can be found here:
Tor Browser Essentials

Related but to learn more about this, see:

Unrelated and this would apply:
Bug Reports, Software Development and Feature Requests

1 Like

I am experiencing the same issue:

ERROR: Failed to download: https://www.torproject.org/dist/torbrowser/11.5.1/tor-browser-linux64-11.5.1_en-US.tar.xz.asc

Possible reasons:

- Internet connectivity issue.
- The download server is down.
- File size exceeded (endless data attack triggered).
- Tor Browser Downloader (by Whonix developers) has been broken due to upstream changes.

Recommendations:

https://www.whonix.org/wiki/Tor_Browser#download_failure


(Debugging information: curl_status_message: [1] - [Unsupported protocol. This build of curl has no support for this protocol.])

Probably tb-updater package version outdated since this was fixed a while ago already.