OK, in the process of getting dom0 to update in spite of issues…my laptop notified me that whonix-gw-16 needs to be updated.
It won’t update.
It prints out an error message telling me what to do (verify the policy is set up properly, verify sys-whonix is running). Then running sytemctl restart in the template. All seems in order.
yet it continues to complain there’s no torified update proxy.
This is aggravating because the update blazing sun icon is lit up on my task bar, whether or not there are any actual updates I care about (I only just realized now I had two other templates that needed updating). (I never use whonix–well maybe I do now for updating dom0.)
If you mean the round-padlock-looking thing in the taskbar that runs whenever I am running sys-whonix…yes, I think so. On the other hand I’m not sure what it is supposed to look like.
Edit. I just ran it again, with the same sys-whonix session as before (so it has been up for at least ten minutes). Same result.
Yes that one; if it’s round, then you are definitely connected to tor; you can also click on it to see the various ways to verify you’re connected.
Well…tor is sometimes overloaded, so maybe try again in a few hours / tomorrow. Also try running the “Reload tor” app from sys-whonix. If it still doesn’t work then I’m out of ideas.
FWIW, I just tried updating my whonix-gw-16 and it completed without errors.
I also noticed this lately (last 4-5 days). Especially on startup, I have to open the Tor Control Panel and restart Tor to get sdwdate to start successfully and the padlock to be complete.
If you use tor+https for updates, any updates, before sdwdate starts in sys-whonix, will fail.
OK, a week later and the template still refuses to update.
So I am thinking about uninstalling and reinstalling it…unfortunately I found this problem when I had to use whonix to update dom0. For whatever reason, I must use whonix to update dom0.
So I seem to be in a situation where, in order to install whonix, I first need to be running whonix.
Try debian-11 or fedora-38 as base templates for your clearnet updateVM for dom0…ppl on GitHub are reporting that it works with those, but not with debian-12.
Before switching over to using whonix for dom0 updates, I had sys-firewall-wifi as the qube. Should I base it on debian-11…or sys-net-wifi…or both? (Yes, I have separate qubes for wifi vs. ethernet; I never want the two networks to be able to see each other.)
(I’m now glad I didn’t delete debian-11 when I moved to debian-12-minimal.)
OK…tried to recreate my debian-11-minimal clearnet templates…and could not. It’s just failing to find packages. Well, that could be anything including a crappy network connection.
Then i realized that if I made debian-11 (not minimal) the template, everything I need would already be installed.
So, I changed templates for the network and firewall qubes to debian-11…and the same damned result.
It’s still telling me I have no “torified” update proxy. I am running sys-whonix; the policy file it points to has the correct line in it.
Going into whonix-gw-16 and running the sudo systemctl restart command given in the update error message returns no output.
[EDIT: Correction. Several minutes after I start the whonix gw template, it pops up a dialog to tell me that sys-whonix isn’t running–whether or not I start the service. The problem is, that it is in fact running.]
In other words from everything I can see, I am running debian-11 templates and everything is configured properly, yet the SOB refuses to work. I’ve tried it with and without cacher, too.
And now it’s complaining debian-11 needs updating too…
I’m getting close to wanting to do a complete system reinstall just to get rid of this bullshit notification.
Oh I see there has been a misunderstanding. What I meant was that dom0 updates are reported to work via a clearnet updateVM as long as it’s not based on debian-12…I thought you might want to try that and then won’t need whonix at all anymore or, alternatively, use that to download new whonix-templates, in case that helps.
OK…well as it happens, I’m downloading the new copies of the templates whilst still using debian-11-not-minimal as a template–I forgot to switch back–so by accident I am doing one of the two things you meant. And yes now I am a little less worried that the process of downloading and installing them will fail after all that time on the slow connection I’m using.
I am going to have to consider how to manage two sets of clearnet templates (or just decide to stay with debian-11-minimal based templates for everything) because I suspect you’re right about how to fix dom0 updates more permanently
I was able to reinstall Whonix, sure…but today it again lit up the update sun, and when I tried to update it again said there was no torified proxy. In spite of the fact that sys-whonix started on my logging in.
What’s frustrating about this is that none of this crap is happening on my other qubes system. (It’s not that it updated successfully…it doesn’t tell me it needs updating.)
I am now going to simply uninstall whonix and leave it uninstalled. It can die in a fire for all of me.