My adventures in re-creating whonix-workstation-17-dvm

Recently I transfered by mistake files into disposable whonix-workstation instead of its disposable vm, so I’ve decided to consider it potentially compromised and to create a new one and delete the old one. I created new whonix workstation appvm, called it “whonix-workstation-17-dvm-2”, checked in its settings “disposable template” and chose itself as its disposable template (just reproduced all the settings the original had). Set it as default disposable vm in all qubes based on whonix (including original whonix disposable template, since it couldn’t be deleted while was based on itself), then deleted the old whonix disposable template. And then started the most interesting… When I tried to rename new disposable, giving it the name of the old one, it returned error that it can’t be renamed and sent me to watch log in dom0 terminal. I looked into it and it was saying that disposable can’t be renamed while “whonix-workstation-17-dvm” is based on it. “But I just deleted you! How can you be based on something since you’re dead, you mother****er?!” - I thought. Then I checked app menu and it really was there! Its identical copy! Next to my new created one! And moreover - all whonix qubes were binded to it again! As a result I even set it as regular vm and set its and all the other qubes’ disp. template to “none” but every time when I tried to rename my new disp. template, the old one was rising from the dead like Highlander, giving me the same error! When I deleted it the last time I realized that new disp. template can’t be renamed until it is based on itself and is disp. template. Then I made it the regular vm, set its disp. template to “none” and only then could rename it successfully… After that the old one didn’t rise from the dead anymore. Then I set the new as disp. template again. Set itself as its own disp. template (at least the same was in the old one’s settings so I just reproduced it), and set it as disp. template for other whonix app vm’s.
So as I understand, the right order of actions should have been be like this (let the newbies write it for themselves in case they some day need it): create new whonix app vm > set all whonix app vms' default disposables to "none" (including the old whonix disposable template) > in whonix disp. template settings uncheck "disposable template" and then just delete this qube > in new whonix app qube settings check "disposable template" and set it as all whonix app qubes' default disp. template (including itself). Am I right?
From all this I have few questions:

  1. Why Qubes re-created the old disp. template and binded to it all whonix app vms again, each time when I tried to rename the new one, since the old one was deleted at that moment and should have not to cause that error?
  2. Did I end up doing all right? Do I need to do some extra steps (for example to enter some additional commands in terminal) or what I did was enough? I tested the new whonix disposable and it seems working just as the old one (I mean properly). Didn’t I break something in Qubes work and security? I hope not.
    P. S. Just in case: Because of some reason each time when I created the new whonix disposable template it had no apps in its app shortcuts though they were present in its right column of selected apps. I had to replace them in the left, save settings and then re-select them againg and save, so they to be displayed in shortcuts. Don’t know why this bug happened.

Okay, instead of reading your wall of text and/or answering your various questions, I will provide you steps to do for next time.

  1. If applicable, remove whonix-workstation-17-dvm as a disposable template in anon-whonix.
  2. Delete whonix-workstatation-17-dvm using Qubes Manager.
  3. In dom0 for Qubes R4.2.0, run:
sudo qubesctl state.sls qvm.whonix-workstation-dvm
  1. If applicable, in anon-whonix’s settings, change the disposable template back to whonix-workstation-17-dvm.

All of this can be done in under a minute.

1 Like