Only Fedora-based templates (and not Debian- or Arch-based ones) updateable

balin1 · August 19, 2024, 9:13am

For the last couple of weeks I cannot manage to update any Debian or Arch based templates (neither manually by e.g. apt-get nor through salt, which I commonly use to maintain my system. This extends to the whonix templates as well.

I am puzzled, as Fedora-based templates seem not to experience any such problem, nor does dom0. May this be an issue with apt-cacher-ng?

No amount of searchengining has helped so far, so I’m turning here for advise.

Some details:

QubesOS 4.2
Default update proxy and whonix update proxy both set to sys-whonix

debian-12 example error produced by apt-get update:

  Reading from proxy failed - read (115: Operation now in progress) [IP: 127.0.0.1 8082]

Example error when targeting debian-12 using salt:

 ----------
        ID: uptodate
  Function: pkg.uptodate
    Result: False
   Comment: E: Failed to fetch https://deb.debian.org/debian/dists/bookworm/InRelease  Reading from proxy failed - read (115: Operation now in progress) [IP: 127.0.0.1 8082]
            E: Failed to fetch https://deb.debian.org/debian-security/dists/bookworm-security/InRelease  Reading from proxy failed - read (115: Operation now in progress) [IP: 127.0.0.1 8082]
            E: Failed to fetch https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease  Reading from proxy failed - read (115: Operation now in progress) [IP: 127.0.0.1 8082]
            E: Some index files failed to download. They have been ignored, or old ones used instead.
   Started: 11:11:07.032379
  Duration: 7670.156 ms
   Changes:   
----------

Please chime in whith hints on how to remedy and/or troubleshoot.

apparatus · August 19, 2024, 9:31am

Maybe it’s this issue with IPv6 in your update proxy qube:

github.com/QubesOS/qubes-issues

IPv6 enabled in sys-net results in debian-based TemplateVM update failure

opened 03:48AM - 25 Jul 24 UTC

BetoHydroxyButyrate

T: bug C: Debian/Ubuntu P: default needs diagnosis C: updates C: networking affects-4.2

[How to file a helpful issue](https://www.qubes-os.org/doc/issue-tracking/) #…## Qubes OS release 4.2.2 ### Brief summary TemplateVMs, debian-based, fail to update when ipv6 is enabled in `sys-net` ### Steps to reproduce enable IPv6 in sys-net qubes-update-gui --log DEBUG --target debian-12-xcfe ### Expected behavior I expect it to succeed. ### Actual behavior It fails. ``` Updating debian-12-xfce Refreshing package info Refreshing packages. Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease Fail to refresh InRelease: https://deb.debian.org/debian bookworm InRelease from https://deb.debian.org/debian/dists/bookworm/InRelease Fail to refresh InRelease: https://deb.debian.org/debian-security bookworm-security InRelease from https://deb.debian.org/debian-security/dists/bookworm-security/InRelease Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease Fail to refresh InRelease: https://deb.debian.org/debian bookworm InRelease from https://deb.debian.org/debian/dists/bookworm/InRelease Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease Fail to refresh InRelease: https://deb.debian.org/debian-security bookworm-security InRelease from https://deb.debian.org/debian-security/dists/bookworm-security/InRelease Fail to refresh InRelease: https://deb.qubes-os.org/r4.2/vm bookworm InRelease from https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease Fail to refresh InRelease: https://deb.debian.org/debian bookworm InRelease from https://deb.debian.org/debian/dists/bookworm/InRelease Fail to refresh InRelease: https://deb.debian.org/debian-security bookworm-security InRelease from https://deb.debian.org/debian-security/dists/bookworm-security/InRelease Fail to refresh InRelease: https://deb.debian.org/debian bookworm InRelease from https://deb.debian.org/debian/dists/bookworm/InRelease Refreshed. Fail to refresh InRelease: https://deb.debian.org/debian-security bookworm-security InRelease from https://deb.debian.org/debian-security/dists/bookworm-security/InRelease E:Failed to fetch https://deb.debian.org/debian/dists/bookworm/InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082], E:Failed to fetch https://deb.debian.org/debian-security/dists/bookworm-security/InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082], E:Failed to fetch https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082], E:Some index files failed to download. They have been ignored, or old ones used instead. ``` If I `qvm-run -u root debian-12-xfce xterm` and then manually update: ``` root@debian-12-xfce:~# apt update 0% [Connecting to HTTP proxy (http://127.0.0.1:8082)] [Connecting to HTTP proxy (http://127.0.0.1:8082)] Ign:1 https://deb.qubes-os.org/r4.2/vm bookworm InRelease Ign:2 https://deb.debian.org/debian bookworm InRelease 0% [Connecting to HTTP proxy (http://127.0.0.1:8082)] [Connecting to HTTP proxy (http://127.0.0.1:8082)] Ign:3 https://deb.debian.org/debian-security bookworm-security InRelease Ign:1 https://deb.qubes-os.org/r4.2/vm bookworm InRelease 0% [Connecting to HTTP proxy (http://127.0.0.1:8082)] [Connecting to HTTP proxy (http://127.0.0.1:8082)] Ign:2 https://deb.debian.org/debian bookworm InRelease Ign:1 https://deb.qubes-os.org/r4.2/vm bookworm InRelease 0% [Connecting to HTTP proxy (http://127.0.0.1:8082)] [Connecting to HTTP proxy (http://127.0.0.1:8082)] Ign:3 https://deb.debian.org/debian-security bookworm-security InRelease 0% [Connecting to HTTP proxy (http://127.0.0.1:8082)] [Connecting to HTTP proxy (http://127.0.0.1:8082)] Err:1 https://deb.qubes-os.org/r4.2/vm bookworm InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082] Ign:2 https://deb.debian.org/debian bookworm InRelease Ign:3 https://deb.debian.org/debian-security bookworm-security InRelease Err:2 https://deb.debian.org/debian bookworm InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082] Err:3 https://deb.debian.org/debian-security bookworm-security InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082] Reading package lists... Done E: Failed to fetch https://deb.debian.org/debian/dists/bookworm/InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082] E: Failed to fetch https://deb.debian.org/debian-security/dists/bookworm-security/InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082] E: Failed to fetch https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease Reading from proxy failed - select (115: Operation now in progress) [IP: 127.0.0.1 8082] E: Some index files failed to download. They have been ignored, or old ones used instead. root@debian-12-xfce:~# ``` If I open a terminal on `sys-net`: ``` root@nuc13:/home/user# systemctl status qubes-updates-proxy ● qubes-updates-proxy.service - Qubes updates proxy (tinyproxy) Loaded: loaded (/lib/systemd/system/qubes-updates-proxy.service; enabled; preset: enabled) Active: active (running) since Thu 2024-07-25 13:20:56 AEST; 2s ago Main PID: 2177 (tinyproxy) Tasks: 3 (limit: 381) Memory: 1.2M CPU: 7ms CGroup: /system.slice/qubes-updates-proxy.service └─2177 /usr/bin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf Jul 25 13:20:56 nuc13.wtf.com systemd[1]: Started qubes-updates-proxy.service - Qubes updates proxy (tinyproxy). Jul 25 13:20:56 nuc13.wtf.com tinyproxy-wrapper[2177]: Found tinyproxy at /usr/bin/tinyproxy Jul 25 13:20:56 nuc13.wtf.com tinyproxy[2177]: Initializing tinyproxy ... Jul 25 13:20:56 nuc13.wtf.com tinyproxy[2177]: Reloading config file Jul 25 13:20:56 nuc13.wtf.com tinyproxy[2177]: Reloading config file finished root@nuc13:/home/user# vi /etc/tinyproxy/tinyproxy-updates.conf ``` If I attempt to interact directly with the proxy: ``` root@debian-12-xfce:~# time curl -v --proxy http://127.1:8082/ https://www.example.com/ * Trying 127.0.0.1:8082... * Connected to 127.0.0.1 (127.0.0.1) port 8082 (#0) * allocate connect buffer * Establish HTTP proxy tunnel to www.example.com:443 > CONNECT www.example.com:443 HTTP/1.1 > Host: www.example.com:443 > User-Agent: curl/7.88.1 > Proxy-Connection: Keep-Alive > ``` It outputs the above promptly, and then hangs. ``` < HTTP/1.0 200 Connection established < Proxy-agent: tinyproxy/1.11.1 < * CONNECT phase completed * CONNECT tunnel established, response 200 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted h2 * Server certificate: * subject: CN=example.com * start date: Jun 11 02:44:21 2024 GMT * expire date: Sep 9 02:44:20 2024 GMT * subjectAltName: host "www.example.com" matched cert's "*.example.com" * issuer: C=US; O=Google Trust Services; CN=WE1 * SSL certificate verify ok. * using HTTP/2 * h2h3 [:method: GET] * h2h3 [:path: /] * h2h3 [:scheme: https] * h2h3 [:authority: www.example.com] * h2h3 [user-agent: curl/7.88.1] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x59751e801460) > GET / HTTP/2 > Host: www.example.com > user-agent: curl/7.88.1 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < HTTP/2 301 < date: Thu, 25 Jul 2024 03:31:16 GMT < content-type: text/html < content-length: 167 < location: https://example.com < cache-control: max-age=3600 < expires: Thu, 25 Jul 2024 04:31:16 GMT < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Msa1JxOFTYzmlkwVlgo%2BtRg%2BaRdWLA1e0HKVHTG02W%2FeMhEExiUSTabAg0g6BOBxWj%2Fnl2WKm%2BkfQZXjldLVqHVABKieKlVHBJ4S7sG4KvyC7m8WCZcSbnV%2FlV%2B95wiV"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < server: cloudflare < cf-ray: 8a89137e2f1355b1-SYD < alt-svc: h3=":443"; ma=86400 < <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>cloudflare</center> </body> </html> * Connection #0 to host 127.0.0.1 left intact real 2m5.478s user 0m0.051s sys 0m0.023s root@debian-12-xfce:~# ``` No matter what I try, it connects to the proxy promptly, and then it takes about 3 minutes to complete. Could be the `apt` gives up before 3 minutes. I note that `deb.debian.org` returns some stuff which is actually a re-direct, but if I edit the <whatever> file in `/etc` in the template to explicitly reference the `fastly` redirect, it still fails. I just this morning accepted a `dom0` update, rebooted, and then attempted to apply the rest of the pending updates.

But since you have sys-whonix as your update qube then maybe it’s not the case.
Or did you maybe enable IPv6 in sys-whonix?

balin1 · August 19, 2024, 10:30am

Did not fiddle with sys-whonix networking and ip a | grep inet6 comes up empty when run in sys-whonix.

apparatus · August 19, 2024, 10:45am

Do you use apt-cacher-ng? Is it installed in sys-whonix?
Check the updates proxy service log in the sys-whonix:

sudo journalctl -b -u qubes-updates-proxy.service

balin1 · August 19, 2024, 11:47am

Something not working here:

Aug 19 11:46:31 host systemd[1]: Starting qubes-updates-proxy.service - Qubes updates proxy (tinyproxy)...
Aug 19 11:46:31 host tinyproxy-config-patch[2554]: + set -e
Aug 19 11:46:31 host tinyproxy-config-patch[2554]: + true '/usr/lib/qubes-whonix/tinyproxy-config-patch: START'
Aug 19 11:46:31 host tinyproxy-config-patch[2554]: + append-once /etc/tinyproxy/tinyproxy-updates.conf '## BEGIN: auto-generated configuration by /usr/lib/qubes-whonix/tinyproxy-config-patch'
Aug 19 11:46:31 host tinyproxy-config-patch[2555]: /usr/lib/qubes-whonix/tinyproxy-config-patch: line 25: append-once: command not found
Aug 19 11:46:31 host systemd[1]: qubes-updates-proxy.service: Control process exited, code=exited, status=127/n/a
Aug 19 11:46:31 host systemd[1]: qubes-updates-proxy.service: Failed with result 'exit-code'.
Aug 19 11:46:31 host systemd[1]: Failed to start qubes-updates-proxy.service - Qubes updates proxy (tinyproxy).

Damien · August 19, 2024, 12:45pm

maybe your debian template runs out of space ?

unman · August 19, 2024, 1:00pm

Something not working here:

Aug 19 11:46:31 host systemd[1]: Starting qubes-updates-proxy.service - Qubes updates proxy (tinyproxy)...
Aug 19 11:46:31 host tinyproxy-config-patch[2554]: + set -e
Aug 19 11:46:31 host tinyproxy-config-patch[2554]: + true '/usr/lib/qubes-whonix/tinyproxy-config-patch: START'
Aug 19 11:46:31 host tinyproxy-config-patch[2554]: + append-once /etc/tinyproxy/tinyproxy-updates.conf '## BEGIN: auto-generated configuration by /usr/lib/qubes-whonix/tinyproxy-config-patch'
Aug 19 11:46:31 host tinyproxy-config-patch[2555]: /usr/lib/qubes-whonix/tinyproxy-config-patch: line 25: append-once: command not found
Aug 19 11:46:31 host systemd[1]: qubes-updates-proxy.service: Control process exited, code=exited, status=127/n/a
Aug 19 11:46:31 host systemd[1]: qubes-updates-proxy.service: Failed with result 'exit-code'.
Aug 19 11:46:31 host systemd[1]: Failed to start qubes-updates-proxy.service - Qubes updates proxy (tinyproxy).

Indeed, something is not working there.
This looks Whonix specific - as such, you are best advised to take it to
the Whonix Forums (as asked by the Whonix devs). You will get better
informed eyes on it there.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

apparatus · August 19, 2024, 3:03pm

It seems that you’ve removed helper-scripts package in your Whonix Gateway template.
I guess you can reinstall the whonix-gateway-17 template to restore it to default state.

balin1 · August 19, 2024, 7:56pm

Something did get seriously borked indeed. qvm-template resinstall whonix-gateway-17 seems to have done the trick.

Thank you for your patience and insight.

The interesting (scary?) question now is: why did updating apparently work for fedora-based templates!?

balin1 · August 26, 2024, 7:40pm

More investigation ensued and here’s what I found:
Just running apt-get update && apt-get upgrade in the whonix-gateway-17 template recreates the problem, reuiring another fresh install of the template (qvm-template resinstall whonix-gateway-17)!?

This cannot be right. What is going wrong here.

@unman : do you have any insight into this?

apparatus · August 27, 2024, 2:58am

Maybe you did something in sys-whonix qube?
Try to remove the sys-whonix qube and create it again.

balin1 · August 28, 2024, 11:12am

Let me clarify:

qvm-template reinstall whonix-gateway-17 && qvm-stop sys-whonix && qvm-start sys-whonix → All template updates work
qvm-run --user root whonix-gateway-17 xterm, followed by apt-get update && apt-get upgrade therein and subsequently by qvm-stop sys-whonix && qvm-start sys-whonix → yields the inability of debian/based templates to update described above.

NO changes in the sys-whonix qube (other than the altered underlying template) involved.
apt-get update (in the fresh whonix-gateway-17 template) yields the following (maybe the last line is relevant)?

Get:1 https://deb.qubes-os.org/r4.2/vm bookworm InRelease [4,739 B]                                                                                                                                                                                              
Get:2 tor+https://deb.debian.org/debian bookworm InRelease [151 kB]                                             
Get:3 tor+https://fasttrack.debian.net/debian bookworm-fasttrack InRelease [12.9 kB]      
Get:4 tor+https://deb.kicksecure.com bookworm InRelease [62.0 kB]                                    
Get:5 tor+https://deb.whonix.org bookworm InRelease [61.5 kB]                                                                          
Get:6 https://deb.qubes-os.org/r4.2/vm bookworm/main amd64 Packages [37.9 kB]                                                                      
Get:7 tor+https://fasttrack.debian.net/debian bookworm-fasttrack/non-free amd64 Packages [492 B]                           
Get:8 tor+https://deb.whonix.org bookworm/main amd64 Packages [13.8 kB]                                          
Get:9 tor+https://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]                          
Get:10 tor+https://deb.kicksecure.com bookworm/contrib amd64 Packages [509 B]                    
Get:11 tor+https://fasttrack.debian.net/debian bookworm-fasttrack/contrib amd64 Packages [7,120 B]        
Get:12 tor+https://fasttrack.debian.net/debian bookworm-fasttrack/main amd64 Packages [5,096 B]
Get:13 tor+https://deb.whonix.org bookworm/non-free amd64 Packages [471 B]                  
Get:14 tor+https://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:15 tor+https://deb.kicksecure.com bookworm/non-free amd64 Packages [914 B]
Get:16 tor+https://deb.kicksecure.com bookworm/main amd64 Packages [36.5 kB]  
Get:17 tor+https://deb.debian.org/debian bookworm-backports InRelease [56.6 kB]
Get:18 tor+https://deb.debian.org/debian bookworm/main amd64 Packages [8,788 kB]
Get:19 tor+https://deb.debian.org/debian bookworm/non-free amd64 Packages [97.3 kB]                                                                                                                                                                                                                                                                                                                                                      
Get:20 tor+https://deb.debian.org/debian bookworm/non-free-firmware amd64 Packages [6,216 B]                                                                                                                                                                                                                                                                                                                                             
Get:21 tor+https://deb.debian.org/debian bookworm/contrib amd64 Packages [54.1 kB]                                                                                                                                                                                                                                                                                                                                                       
Get:22 tor+https://deb.debian.org/debian bookworm-updates/contrib amd64 Packages [768 B]                                                                                                                                                                                                                                                                                                                                                 
Get:23 tor+https://deb.debian.org/debian bookworm-updates/non-free-firmware amd64 Packages [616 B]                                                                                                                                                                                                                                                                                                                                       
Get:24 tor+https://deb.debian.org/debian bookworm-updates/main amd64 Packages [13.8 kB]                                                                                                                                                                                                                                                                                                                                                  
Get:25 tor+https://deb.debian.org/debian bookworm-updates/non-free amd64 Packages [12.8 kB]                                                                                                                                                                                                                                                                                                                                              
Get:26 tor+https://deb.debian.org/debian-security bookworm-security/main amd64 Packages [179 kB]                                                                                                                                                                                                                                                                                                                                         
Get:27 tor+https://deb.debian.org/debian-security bookworm-security/contrib amd64 Packages [644 B]                                                                                                                                                                                                                                                                                                                                       
Get:28 tor+https://deb.debian.org/debian bookworm-backports/non-free amd64 Packages [1,648 B]                                                                                                                                                                                                                                                                                                                                            
Get:29 tor+https://deb.debian.org/debian bookworm-backports/contrib amd64 Packages [5,608 B]                                                                                                                                                                                                                                                                                                                                             
Get:30 tor+https://deb.debian.org/debian bookworm-backports/main amd64 Packages [236 kB]                                                                                                                                                                                                                                                                                                                                                 
Fetched 9,951 kB in 17s (593 kB/s)                                                                                                                                                                                                                                                                                                                                                                                                       
Reading package lists... Done
N: Repository 'tor+https://deb.debian.org/debian bookworm InRelease' changed its 'Version' value from '12.4' to '12.6'

apt-get upgrade (in the fresh whonix-gateway-17 template) yields

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  iptables libip6tc2 libopenjp2-7 libwpe-1.0-1 libwpebackend-fdo-1.0-1 python3-daemon python3-lockfile
Use 'apt autoremove' to remove them.
The following packages have been kept back:
  helper-scripts kicksecure-dependencies-cli kicksecure-recommended-cli
The following packages will be upgraded:
  anon-apps-config anon-apt-sources-list anon-connection-wizard anon-gw-anonymizer-config anon-gw-base-files apparmor-profile-dist apparmor-profile-torbrowser apparmor-profiles-kicksecure base-files bash bind9-dnsutils bind9-host bind9-libs bootclockrandomization bsdextrautils bsdutils bubblewrap curl desktop-config-dist dist-base-files distro-info-data dnsutils fdisk gir1.2-gdkpixbuf-2.0 gstreamer1.0-plugins-base
  hardened-malloc icon-pack-dist kicksecure-desktop-applications-xfce legacy-dist less libaom3 libarchive-tools libarchive13 libblkid1 libc-bin libc-dev-bin libc-l10n libc6 libc6-dev libcryptsetup12 libcurl3-gnutls libcurl4 libdav1d6 libde265-0 libfdisk1 libfreetype6 libgdk-pixbuf-2.0-0 libgdk-pixbuf2.0-common libglib2.0-0 libglib2.0-bin libglib2.0-data libgnutls30 libgssapi-krb5-2 libgstreamer-gl1.0-0
  libgstreamer-plugins-bad1.0-0 libgstreamer-plugins-base1.0-0 libisl23 libjavascriptcoregtk-4.1-0 libk5crypto3 libkrb5-3 libkrb5support0 libltdl7 libmount1 libpam-systemd libpython3.11 libpython3.11-minimal libpython3.11-stdlib libqrexec-utils2 libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5 libqt5printsupport5 libqt5sql5 libqt5test5 libqt5widgets5 libqt5xml5 libqubes-pure0 libqubes-rpc-filecopy2 libqubesdb librpm9
  librpmbuild9 librpmio9 librpmsign9 libseccomp2 libsmartcols1 libssl3 libsystemd-shared libsystemd0 libudev1 libuuid1 libuv1 libvchan-xen1 libvpx7 libwebkit2gtk-4.1-0 libxencall1 libxendevicemodel1 libxenevtchn1 libxenforeignmemory1 libxengnttab1 libxenhypfs1 libxenmisc4.17 libxenstore4 libxentoolcore1 libxentoollog1 linux-libc-dev locales mount msgcollector msgcollector-gui nano onion-grater openssl python3-idna
  python3-qrexec python3-qubesdb python3-rpm python3.11 python3.11-minimal qubes-core-agent qubes-core-agent-dom0-updates qubes-core-agent-nautilus qubes-core-agent-networking qubes-core-agent-passwordless-root qubes-core-agent-thunar qubes-core-qrexec qubes-gui-agent qubes-input-proxy-sender qubes-kernel-vm-support qubes-usb-proxy qubes-utils qubes-vm-dependencies qubes-whonix qubes-whonix-gateway
  qubes-whonix-gateway-packages-recommended qubes-whonix-shared-packages-recommended qubesdb qubesdb-vm repository-dist repository-dist-wizard rpm rpm-common rpm2cpio sdwdate sdwdate-gui security-misc setup-dist setup-wizard-dist systemcheck systemd systemd-sysv tar timesanitycheck tinyproxy tinyproxy-bin tor tor-control-panel tor-geoipdb tzdata udev usability-misc usbutils usr-is-merged util-linux util-linux-extra
  vm-config-dist whonix-base-files whonix-firewall whonix-gateway-default-applications-gui whonix-gateway-packages-dependencies-cli whonix-gateway-packages-dependencies-pre whonix-gateway-shared-packages-shared-meta whonix-gw-network-conf whonix-shared-default-applications-gui whonix-shared-packages-dependencies-cli whonix-shared-packages-recommended-cli xen-utils-4.17 xen-utils-common xen-utils-guest xenstore-utils
  xserver-common xserver-xorg-core xserver-xorg-input-qubes xserver-xorg-qubes-common xserver-xorg-video-dummyqbs zsh
186 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 123 MB of archives.
After this operation, 11.1 MB of additional disk space will be used.
Do you want to continue? [Y/n]

balin1 · August 28, 2024, 11:27am

Ha! Found it. I needed an apt-get dist-upgrade rather than plain apt-get upgrade! Following that, whonix-gateway-17 keeps working as expected!

Only Fedora-based templates (and **not** Debian- or Arch-based ones) updateable

Only Fedora-based templates (and not Debian- or Arch-based ones) updateable