[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    Re: [qubes-users] System and Template updates over Tor
From:       duc01k () disroot ! org
Date:       2019-09-19 8:44:00
Message-ID: b732a25b-5218-feac-b145-be0f79d43943 () disroot ! org
[Download RAW message or body]

duc01k@disroot.org:
> 'awokd' via qubes-users:
> > duc01k@disroot.org:
> > 
> > > Based on the settings I chose, should I have expected the
> > > qubes-dom0-update commands to leverage a Tor connection?
> > 
> > Yes.
> > 
> > > Does it seem
> > > likely that they did in this case?
> > 
> > No; agree it doesn't sound like it. Did you "sudo qubesctl state.sls
> > qvm.updates-via-whonix" as part of upgrading the Whonix templates? Seems
> > like it should have been unnecessary, though.
> > 
> 
> The only CLI tool I used was qubes-dom0-update, once for each template.
> 
> > > In future, what steps can I take to
> > > verify that performing similar updates will use Tor?
> > 
> > Check Qubes Global Settings to make sure Dom0's UpdateVM is set to
> > sys-whonix. Also, double-check /etc/qubes-rpc/policy/qubes.UpdatesProxy
> > and make sure the first line says "$type:TemplateVM $default
> > allow,target=sys-whonix". 
> 
> I'll check this and post back.
> 

You were right, these were incorrectly set.  I had to manually change
the Dom0 UpdateVM to Sys-Whonix, and uncomment the $type:TemplateVM
$default allow,target=sys-whonix line. I'll be performing a fresh
install of Qubes R4.0.1 on a friend's device with the same settings, if
this happens with hers too I'll report a bug.

> > You might want to
> > https://www.whonix.org/wiki/Onionizing_Repositories while you are at it.
> > 
> 
> Thanks. I'll pull all the Whonix docs for reference, seems like a good idea.
> 

I followed the Onionizing Repos guide, commented out the metalinks and
uncommented the onion lines. On first test (sudo qubes-dom0-update) I
got a 404 error:

> HTTP Error 404 - Not Found

> http://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r4.0/current/dom0/fc25/repodata/repomd.xml
>  "Error: Cannot retrieve repository metadata for (repomd.xml) for repository: \
> qubes-dom0-current"

The following text was in white instead of red, so it's possible the
other repos were successfully updated, but I'm not sure.

> Qubes OS Repository for Dom0	12 MB/s | 26kB 00:00

That was the end of the text echoed to the Console.  Has that particular
file been moved and the yum.repos.d/qubes-dom0.repo file not been updated?


-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/b732a25b-5218-feac-b145-be0f79d43943%40disroot.org.



[prev in list] [next in list] [prev in thread] [next in thread]