I have 1 qube that I always have to manually update (been going on for months), claiming it can’t fetch the repo, but works fine from the command line.
running Qubes Update tool returns:
Updating sys-whonix
Refreshing package info
Refreshing packages.
Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease
Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease
Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease
Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease
Refreshed.
E:Failed to fetch https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease Temporary failure resolving 'deb.qubes-os.org', E:Some index files failed to download. They have been ignored, or old ones used instead.
running
sudo apt update
returns:
Hit:1 tor+https://fasttrack.debian.net/debian bookworm-fasttrack InRelease
Hit:2 tor+https://deb.whonix.org bookworm InRelease
Hit:3 tor+https://deb.kicksecure.com bookworm InRelease
Hit:4 https://deb.qubes-os.org/r4.2/vm bookworm InRelease
Hit:5 tor+https://deb.debian.org/debian bookworm InRelease
Hit:6 tor+https://deb.debian.org/debian bookworm-updates InRelease
Hit:7 tor+https://deb.debian.org/debian-security bookworm-security InRelease
Hit:8 tor+https://deb.debian.org/debian bookworm-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
15 packages can be upgraded. Run 'apt list --upgradable' to see them.
contents of
/etc/apt/sources.list.d/qubes-r4.list
is same on other qubes that don’t have this problem.
I tried rebuilding this qube from scratch but having the same problem. This is a Standalone whonix gateway.
The only modification I make after cloning sys-whonix is add tor authorization key files to
/var/lib/tor/authdir/
Was sys-whonix
running and properly connected before running GUI Updater?
Yes, sys-whonix is always running.
If you’re referring to the cloned one that won’t update, yes it is often running when I try to update and I still get error. All other qubes update fine whether they are running or not when i run the updater.
Change Qubes OS repository in /etc/apt/sources.list.d/qubes-r4.list
from:
deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] https://deb.qubes-os.org/r4.2/vm bookworm main
To:
deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] tor+https://deb.qubes-os.org/r4.2/vm bookworm main
(add tor+
)
I guess it’s blocking the connections that are not going through Tor.
1 Like
That worked!
I guess the tor authentication files are somehow causing this problem? Again, other qubes including the template this was derived from do not have the “tor+” and update fine. Seems this would be a Qubes OS specific bug?
I think it’s a Whonix-specific configuration that is causing this.
The templates are using updates proxy for update but the standalone is using the direct network connection for updates instead of an updates proxy.
I guess when updates proxy is used, then it’s not blocking the connection to the repositories that are not using apt-transport-tor (that don’t have tor+
in the repository link), but when direct connection is used for updates then it’s blocking the connection to the repositories that are not using apt-transport-tor.
I do have other standalone Whonix VMs that update fine. So really seems to be something unique to this one.
Are they standalone Whonix Gateway VMs?
Maybe you’ve enabled the use of updates proxy for them?
Compare the services and features of the standalone Whonix Gateway VM that is able to update with the one that is unable to update:
qvm-features qubename
qvm-service qubename
Or maybe you’ve configured it manually in the config file inside the standalone.
qvm-features for ones that work are all 3 lines, qvm-features for one that does not is dozens of lines including:
supported-service.updates-proxy-setup 1
supported-service.qubes-updates-proxy 1
As mentioned, the one that does not work is a new clone of most recent sys-whonix with some added files for Tor authentication. Not sure of the age of the other ones, but probably made years ago.
Do you have the service.updates-proxy-setup
feature set for your working standalone qube?
Do you have the same services in the qvm-service
output for both qubes?
No, those are 2 of many that are not set in the working one.
Sorry, should have mentioned nothing came up for qvm-service
on either, so they’re the same.