Recently installed Qubes and enjoying the experience so far. I have an issue though.
From my understanding, when it comes to updating Tor Browser, I should update the Template whonix-workstation-17 using Tor Browser Downloader(AnonDist) option. Unfortunately I get the following error.
download location changed
Please check:
Start menu → System → systemcheck
or in Terminal: systemcheck
or in Terminal with debugging: systemcheck -v
If systemcheck reports no problems with internet activity and downloading Tor Browser keeps failing, please report a bug!
(Debugging information: curl_status_message: [91] - [Invalid SSL certificate status.])
Because of this each time I open a disposable TOR vm, Tor Browser updates itself. Is there a way to fix this? I selected debian templates when I installed Qubes if that is relevant. I also use sys-whonix for updates.
My understanding is that updating the Whonix Workstation template via the normal, recommended update method should also result in Tor Browser being updated inside that template.
Thanks for writing this post temp1. I’ve been ripping my hair out and didn’t want to post here and get the common response to refer to whonix forums. What’s really confusing me is that my other qubes machine got a different error but then worked the second time and I was also able to do the update because that machine still does Tor browser updates through the original Qubes Update mechanism
Sometimes Tor/whonix has a server error that lasts a few hours but it’s been down for a day now.
This used to be the way it works. On my old install it still does (Qubes Update downloads and installs Tor browser with a whonix ws template update). But my fresh installs require starting whonix ws template and running the Tor browser downloader
I first tried updating the whonix-workstation-17 template using the “Qubes Update” tool but it was up-to-date, nothing new was installed. Then I ran the command update-torbrowser in the whonix-workstation-17 template terminal using the --onion switch and it worked! The version number jumped from 14.0.3 to 14.5.3, a pretty big leap, so I think it was a good thing I updated it. Shutting down the template was necessary before the new version showed in subsequent disposable qubes launched from whonix-workstation-17-dvm app qube
For me this issue was fixed but maybe the whonix developers can chip in to fix the issue when using the standard AnonDist gui updater.
Systemcheck doesn’t return any issues, from what I can tell.
I’ve run “upgrade-nonroot” in both Whonix-workstation-17 and Sys-Whonix, and everything is up to date.
I’m running Qubes on two different laptops, and I have this same issue on both. One laptop I’ve had Qubes on for about a year, and I ran Tor Browser Downloader for updates maybe two weeks ago, and the second is a fresh install.
I was able to update my Tor Browser in my persistent Whonix qube through the browser - the issue seems isolated to Tor Browser Downloader in the Whonix-Workstation-17 Template.
I’m curious:
Can I fix this and how?
Or if I do need to file a bug report as noted on the error message, who do I file one with? Whonix?
Did you download the Whonix version that says “upgradable” in the Qubes Template Manager? Do you have sudo access? If so, then you don’t have the latest version.
If you aren’t running the absolute latest version, that may be what’s preventing you?
Oof - Yeah, certainly looks like my post here is a dupe. I swear I searched and couldn’t find another post mentioning this – thanks for flagging. I’ll give that solution a shot & mark your comment as the solution on this one if it does. Thank you!
It should be noted that this solution works to update the TOR Browser in Qubes based on the template in which the update is run, but it does mean that updating this way kills the old browser, to include profile, bookmarks, and passwords.
Can you explain a little more ? Do you mean it wiped passwords and bookmarks in anon-whonix or a standalone ? Did you run the cli update command in a qube other than the template ?
I ran the update in the Whonix-Workspace-17 Template, and was parroting the following warning from the terminal in fewer words:
WARNING: Looks like Tor Browser is already up to date.
Please close Tor Browser if you want to (re-)install!
If your currently installed version is:
- higher: you are likely target of a downgrade attack, SAY NO NOW.
- equal : only proceed, if you want to create a new browser profile.
- lower : you should upgrade.
If you would like to keep your browser profile and update rather than re-downloading Tor Browser, you must use Tor Browser's internal updater. In that case, say no now.
This program (Tor Browser Downloader (by Whonix developers)) is incapable of keeping user data.
YOUR BROWSER WILL BE KILLED.
YOUR OLD BROWSER PROFILE INCLUDING BOOKMARKS AND PASSWORDS WILL GET DELETED.
Learn more about this Download Confirmation Notification.
https://www.whonix.org/wiki/Tor_Browser#Download_Confirmation_Notification
It occurred to me shortly after posting the earlier comment that I had not run the update on my distro which included bookmarks in the anon-whonix tor browser. I backed those up to a json before running the update, and the anon-whonix tor browser was updated (along with my whonix dvm’s tor browser), and did retain the bookmarks.
I have previously run updates via the Tor Browser Downloader in the Whonix-Workspace-17 Template, and the browser in the dvm was updated while the browser in anon-whonix was not - that required using the browsers internal updater.
Which is all to say: I’m uncertain at this point if updating tor browsers via the terminal in the whonix-workspace template can remove user profiles, bookmarks, or passwords from the tor browser in anon-whonix, but I would still recommend backing those up prior to updating this way.
Thanks for the reply. It’s amazing how complicated whonix stuff on qubes can get. I didn’t realize that Tor browser update on anon-whonix vs whonix-ws template were disconnected (I only use disposables) and needed to be done separately.
I’m just chiming in to say that I am also experiencing this issue, exactly the same as temp1 and r3dr3clus3 have. I have been running and using the whonix that came with Qubes 4.2.4, and updating it, but I did not update to the community repo templates. I am doing that currently to see if that helps. (Although yes the CLI method with --onion also works in my non-community version.)
Can somebody confirm that the community templates are the correct/official whonix releases and that I should always be updating to the most recent versions of those?
Edit: I can confirm that upgrading the templates to the newest community versions solves the issue and has the GUI updater working again.
