I have been trying since last night to get this to work, from two different locations.
And while waiting on your reply, I stumbled across “Reload tor” and ran it.
So at this point in order to clear the notification (so that I can see other update notifications) I’m going to have to delete the template.
I also noticed this lately (last 4-5 days). Especially on startup, I have to open the Tor Control Panel and restart Tor to get sdwdate to start successfully and the padlock to be complete.
If you use tor+https for updates, any updates, before sdwdate starts in sys-whonix, will fail.
If you use tor+https for updates, any updates, before sdwdate starts in sys-whonix, will fail.
Does this mean I need to reboot and start again, making sure I give sys-whonix several minutes before trying again?
No, I would rather right-click on the padlock, select sys-whonix, then open Tor Control Panel, and restart/reset the tor connection.
OK…restarted it, made sure Tor was connected, reset it just on general principles.
The update just failed, again.
Thanks for your assistance…and thanks to Bearillo as well.
But at this point it just doesn’t seem to want to work.
OK, a week later and the template still refuses to update.
So I am thinking about uninstalling and reinstalling it…unfortunately I found this problem when I had to use whonix to update dom0. For whatever reason, I must use whonix to update dom0.
So I seem to be in a situation where, in order to install whonix, I first need to be running whonix.
Anyone have any ideas how to get around this?
Try debian-11 or fedora-38 as base templates for your clearnet updateVM for dom0…ppl on GitHub are reporting that it works with those, but not with debian-12.
Before switching over to using whonix for dom0 updates, I had sys-firewall-wifi as the qube. Should I base it on debian-11…or sys-net-wifi…or both? (Yes, I have separate qubes for wifi vs. ethernet; I never want the two networks to be able to see each other.)
(I’m now glad I didn’t delete debian-11 when I moved to debian-12-minimal.)
OK…tried to recreate my debian-11-minimal clearnet templates…and could not. It’s just failing to find packages. Well, that could be anything including a crappy network connection.
Then i realized that if I made debian-11 (not minimal) the template, everything I need would already be installed.
So, I changed templates for the network and firewall qubes to debian-11…and the same damned result.
It’s still telling me I have no “torified” update proxy. I am running sys-whonix; the policy file it points to has the correct line in it.
Going into whonix-gw-16 and running the sudo systemctl restart command given in the update error message returns no output.
[EDIT: Correction. Several minutes after I start the whonix gw template, it pops up a dialog to tell me that sys-whonix isn’t running–whether or not I start the service. The problem is, that it is in fact running.]
In other words from everything I can see, I am running debian-11 templates and everything is configured properly, yet the SOB refuses to work. I’ve tried it with and without cacher, too.
And now it’s complaining debian-11 needs updating too…
I’m getting close to wanting to do a complete system reinstall just to get rid of this bullshit notification.
Oh I see there has been a misunderstanding. What I meant was that dom0 updates are reported to work via a clearnet updateVM as long as it’s not based on debian-12…I thought you might want to try that and then won’t need whonix at all anymore or, alternatively, use that to download new whonix-templates, in case that helps.
OK…well as it happens, I’m downloading the new copies of the templates whilst still using debian-11-not-minimal as a template–I forgot to switch back–so by accident I am doing one of the two things you meant. And yes now I am a little less worried that the process of downloading and installing them will fail after all that time on the slow connection I’m using.
I am going to have to consider how to manage two sets of clearnet templates (or just decide to stay with debian-11-minimal based templates for everything) because I suspect you’re right about how to fix dom0 updates more permanently
Was able to download the templates and install them (and configure to get sys-whonix back too).
Still pondering what to do about the dom0 updates, whether to use debian-11 based templates or stay with whonix.
Well, OK maybe I marked “solution” prematurely.
I was able to reinstall Whonix, sure…but today it again lit up the update sun, and when I tried to update it again said there was no torified proxy. In spite of the fact that sys-whonix started on my logging in.
What’s frustrating about this is that none of this crap is happening on my other qubes system. (It’s not that it updated successfully…it doesn’t tell me it needs updating.)
I am now going to simply uninstall whonix and leave it uninstalled. It can die in a fire for all of me.
It might “fix itself” when you upgrade to Q4.2…the more important issue is dom0 updates anyway.
Agreed–particularly since the only thing I (thought I) needed this for is dom0 updating!
I’ll try building clearnet off of debian-11-minimal. From everything I’ve seen that should work as well as whonix did.
If you run sudo apt upgrade in whonix-gw-16 template, what does it say when it fails?
The procedure that I took in [R4.2] whonix-gw-16 update failed - #5 by augsch might be helpful in debugging such problems.
Good way of checking connectivity… but isn’t this kind of direct update frowned upon? I would answer “no” to the subsequent prompt.
At this point I can’t say. In frustration with having gone through the whole exercise of reinstalling just to get the same crappy and inexplicable result (I didn’t start the template and trigger the update notification the second time around…sys-whonix did)…I simply deleted the damn thing. There is no whonix on my laptop any more, and (since my motivation for using it was to get dom0 to update) I now have debian-11 based network qubes instead of debian-12, which appear to be broken for dom0 updates.
NONE of this happened on my desktop computer, by the way. whonix-gw never even claimed to need an update.
Try in sys-whonix terminal:
upgrade-nonroot
You maybe able to upgrade the template the same way.
My templates in general are heavily modified and I do have additional security hardware including a GPS (clock).
If you feel like having the same approach as I have:
sys-net (gufw deny-deny and open-snitch deny all)
same for sys-firewall.
Over the years I had major problems with Whonix and I will never use factory stock again. If you like time shifts make a Kaisen OS template (it does tie you in with Firefox but it does time-shifts much better)
You seem to have missed the part where I said I had deleted whonix from my system. I’m not going to deal with it any more.
However…I am glad you responded as it might help others in the future.