Re: [qubes-users] System and Template updates over Tor
'awokd' via qubes-users: > duc...@disroot.org: > >> I followed the Onionizing Repos guide, commented out the metalinks and >> uncommented the onion lines. On first test (sudo qubes-dom0-update) I >> got a 404 error: >> >>> HTTP Error 404 - Not Found >> >>> http://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r4.0/current/dom0/fc25/repodata/repomd.xml >>> "Error: Cannot retrieve repository metadata for (repomd.xml) for >>> repository: qubes-dom0-current" > > I think that's the old onion. If you hadn't ran dom0 updates since > installing, it might not have been corrected. Should now be showing this > one in your qubes-dom0.repo & qubes-templates.repo: > > http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion > Fixed it now. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ce9559e-16d9-a696-d380-c1366212d226%40disroot.org. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] System and Template updates over Tor
duc...@disroot.org: > I followed the Onionizing Repos guide, commented out the metalinks and > uncommented the onion lines. On first test (sudo qubes-dom0-update) I > got a 404 error: > >> HTTP Error 404 - Not Found > >> http://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r4.0/current/dom0/fc25/repodata/repomd.xml >> "Error: Cannot retrieve repository metadata for (repomd.xml) for repository: >> qubes-dom0-current" I think that's the old onion. If you hadn't ran dom0 updates since installing, it might not have been corrected. Should now be showing this one in your qubes-dom0.repo & qubes-templates.repo: http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6a2b508-ae6f-6411-2a52-f8d6fc89ed4c%40danwin1210.me.
Re: [qubes-users] System and Template updates over Tor
duc...@disroot.org: > 'awokd' via qubes-users: >> duc...@disroot.org: >> >>> Based on the settings I chose, should I have expected the >>> qubes-dom0-update commands to leverage a Tor connection? >> >> Yes. >> >>> Does it seem >>> likely that they did in this case? >> >> No; agree it doesn't sound like it. Did you "sudo qubesctl state.sls >> qvm.updates-via-whonix" as part of upgrading the Whonix templates? Seems >> like it should have been unnecessary, though. >> > > The only CLI tool I used was qubes-dom0-update, once for each template. > >>> In future, what steps can I take to >>> verify that performing similar updates will use Tor? >> >> Check Qubes Global Settings to make sure Dom0's UpdateVM is set to >> sys-whonix. Also, double-check /etc/qubes-rpc/policy/qubes.UpdatesProxy >> and make sure the first line says "$type:TemplateVM $default >> allow,target=sys-whonix". > > I'll check this and post back. > You were right, these were incorrectly set. I had to manually change the Dom0 UpdateVM to Sys-Whonix, and uncomment the $type:TemplateVM $default allow,target=sys-whonix line. I'll be performing a fresh install of Qubes R4.0.1 on a friend's device with the same settings, if this happens with hers too I'll report a bug. >> You might want to >> https://www.whonix.org/wiki/Onionizing_Repositories while you are at it. >> > > Thanks. I'll pull all the Whonix docs for reference, seems like a good idea. > I followed the Onionizing Repos guide, commented out the metalinks and uncommented the onion lines. On first test (sudo qubes-dom0-update) I got a 404 error: > HTTP Error 404 - Not Found > http://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r4.0/current/dom0/fc25/repodata/repomd.xml > "Error: Cannot retrieve repository metadata for (repomd.xml) for repository: > qubes-dom0-current" The following text was in white instead of red, so it's possible the other repos were successfully updated, but I'm not sure. > Qubes OS Repository for Dom0 12 MB/s | 26kB 00:00 That was the end of the text echoed to the Console. Has that particular file been moved and the yum.repos.d/qubes-dom0.repo file not been updated? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b732a25b-5218-feac-b145-be0f79d43943%40disroot.org.
Re: [qubes-users] System and Template updates over Tor
duc...@disroot.org: 'awokd' via qubes-users: You might want to https://www.whonix.org/wiki/Onionizing_Repositories while you are at it. Thanks. I'll pull all the Whonix docs for reference, seems like a good idea. Using onion repos also provides a good visual confirmation that updates really are going over tor (in addition to being more secure also), since it won't even be able to connect to the .onion repos if it's not using tor. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ca97343-febc-313f-59c8-f99a13789af9%40danwin1210.me.
Re: [qubes-users] System and Template updates over Tor
'awokd' via qubes-users: > duc...@disroot.org: > >> Based on the settings I chose, should I have expected the >> qubes-dom0-update commands to leverage a Tor connection? > > Yes. > >> Does it seem >> likely that they did in this case? > > No; agree it doesn't sound like it. Did you "sudo qubesctl state.sls > qvm.updates-via-whonix" as part of upgrading the Whonix templates? Seems > like it should have been unnecessary, though. > The only CLI tool I used was qubes-dom0-update, once for each template. >> In future, what steps can I take to >> verify that performing similar updates will use Tor? > > Check Qubes Global Settings to make sure Dom0's UpdateVM is set to > sys-whonix. Also, double-check /etc/qubes-rpc/policy/qubes.UpdatesProxy > and make sure the first line says "$type:TemplateVM $default > allow,target=sys-whonix". I'll check this and post back. > You might want to > https://www.whonix.org/wiki/Onionizing_Repositories while you are at it. > Thanks. I'll pull all the Whonix docs for reference, seems like a good idea. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b27e251d-b8e8-527a-48f5-fc15623825bd%40disroot.org.
Re: [qubes-users] System and Template updates over Tor
duc...@disroot.org: > Based on the settings I chose, should I have expected the > qubes-dom0-update commands to leverage a Tor connection? Yes. > Does it seem > likely that they did in this case? No; agree it doesn't sound like it. Did you "sudo qubesctl state.sls qvm.updates-via-whonix" as part of upgrading the Whonix templates? Seems like it should have been unnecessary, though. > In future, what steps can I take to > verify that performing similar updates will use Tor? Check Qubes Global Settings to make sure Dom0's UpdateVM is set to sys-whonix. Also, double-check /etc/qubes-rpc/policy/qubes.UpdatesProxy and make sure the first line says "$type:TemplateVM $default allow,target=sys-whonix". You might want to https://www.whonix.org/wiki/Onionizing_Repositories while you are at it. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/765acd8c-4c86-0be0-bf2d-214427e3d4e0%40danwin1210.me.
[qubes-users] System and Template updates over Tor
During the first-boot setup of R4.0.1, I chose to "Enable system and template updates over the Tor anonymity network using Whonix". I left all other settings at their defaults. I rebooted, obtained an Internet connection and followed the prompts to Configure Tor, which completed successfully. Afterwards, I followed the advice on the Installation Guide page and upgraded all the Debian and Whonix templateVMs using the supplied commands in a Dom0 console. During the download process, I noticed two things: first, the updates were performed using sys-firewall as a template for an UpdateVM (as described in the documentation); and the download speeds were much quicker than I normally expect from a Tor connection (over 1.5Mbps). This gave me some concern because sys-firewall is the last step before sys-net, and from there to the Internet - where was the Whonix/Tor stage? The download speeds also suggested I wasn't using Tor at all for these updates. Based on the settings I chose, should I have expected the qubes-dom0-update commands to leverage a Tor connection? Does it seem likely that they did in this case? In future, what steps can I take to verify that performing similar updates will use Tor? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2e22242-eeaa-7ae5-e756-9d9a332e0bad%40disroot.org.
