Safe to update all over whonix?

Is it safe to set the Dom0 and Default update proxies to sys-whonix?

(Qubes Global Config → Updates)

That’s what most user should do, when running QubesOS. My setup is using sys-whonix as updateVM since the beginning.

Not really, except if you want to waste Tor bandwidth. Just use Tor if you need Tor.

Yes it’s safe, the files that are downloaded for the updates are signed and Qubes OS is bundled with the files that allow to permit to verify the signature. If a file is modified during the transfer, it will be noticed, reported and discarded.

There is a “weirdness” about Qubes OS update process though, the qubes will check for updates over their current NetVM, this is so to report quickly if an update is required.

But the dom0 and templates updates will happen over the configured update proxy.

3 Likes

It’s not a waste, it has security benefits:
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onionizing_Repositories#Introduction
Clearnet link:
Onionizing Repositories

1 Like

The link is about using .onion repositories, not passing the updates over tor through a tor exit node :thinking:

OP question was not about onion repositories AFAIK.

Except if passing updates through sys-whonix automatically make use of the onionized repositories?

No, updating through sys-whonix won’t automatically make use of the onionized repositories, but even without using onionized repositories some of the benefits still stand because attacker can’t target you specifically e.g providing the malicious updates just for you, knowing that it’s you who is downloading the updates.

1 Like

Understood you both and thanks for this discussion! Very informative for me!

1 Like