Hello, I am struggling to update templateVMs.
I have chosen to install Whonix qube at installation, but wish not to use it yet.
Internet comes in from a usb device. Browsing works, apparently.
Update checking works, as I get notifications for new updates.
There are two issues:
Issue 1 - template updates keep failing:
GUI updater tells me that the Debian template is up to date. It is not.
Upon entering sudo apt-get update
into debian-10 template terminal, I get:
Err:1 https://deb.debian.org/debian buster InRelease
Reading from proxy failed - read (11: Resource temporarily unavailable) [IP: 127.0.0.1 8082]
Err:2 https://deb.qubes-os.org/r4.0/vm buster InRelease
Reading from proxy failed - read (11: Resource temporarily unavailable) [IP: 127.0.0.1 8082]
Err:3 https://deb.debian.org/debian-security buster/updates InRelease
Reading from proxy failed - read (11: Resource temporarily unavailable) [IP: 127.0.0.1 8082]
Reading package lists... Done
W: Failed to fetch https://deb.debian.org/debian/dists/buster/InRelease Reading from proxy failed - read (11: Resource temporarily unavailable) [IP: 127.0.0.1 8082]
W: Failed to fetch https://deb.debian.org/debian-security/dists/buster/updates/InRelease Reading from proxy failed - read (11: Resource temporarily unavailable) [IP: 127.0.0.1 8082]
W: Failed to fetch https://deb.qubes-os.org/r4.0/vm/dists/buster/InRelease Reading from proxy failed - read (11: Resource temporarily unavailable) [IP: 127.0.0.1 8082]
W: Some index files failed to download. They have been ignored, or old ones used instead.
Then, I configured qubes.UpdatesProxy file in dom0 to point to sys-net
(note that I prefer not to use Whonix for anything):
## Note that policy parsing stops at the first match,
## so adding anything below "$anyvm $anyvm action" line will have no effect
## Please use a single # to start your custom comments
# Upgrade all TemplateVMs through sys-net. Previous config: sys-whonix.
#$type:TemplateVM $default allow,target=sys-net
# Upgrade Whonix TemplateVMs through sys-whonix. Previous config: sys-whonix.
$tag:whonix-updatevm $default allow,target=sys-net
# Deny Whonix TemplateVMs using UpdatesProxy of any other VM. Previous config: anyvm deny
$tag:whonix-updatevm $anyvm allow,target=sys-net
# Default rule for all TemplateVMs - direct the connection to sys-net
#$type:TemplateVM $default allow,target=sys-net
$anyvm $anyvm deny
Then I configured sys-net VM:
sudo systemctl enable qubes-updates-proxy
As no qubes-updates-service file was created in /var/run/qubes-service (why?), I made an empty one myself, and by mistake, performed an update and upgrade in sys-net - a beginner mistake that beginners do. Yet it worked.
However, I cannot perform the same configuration in the Debian 10 template.
The system does not allow me to create the service file. Thus update fails.
I tried the third path:
In dom0:
sudo qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm
For Debian, the console prints, among other things, this:
ID: update Function: pkg.uptodate Result: True Comment: System is already up-to-date Started: 12:36:20.976612 Duration: 1441.566 ms Changes: ...
What should I do?
Issue 2:
I tried to find a setting that would route all updates over non-torrified internet, to no avail.
For instance, the above procedure in dom0 still tries to update Whonix templates over Whonix, adn these template updates fail just as well.
Is there a chance to everything bypassing Whonix?
Many thanks in advance,
Evol