TOR browser updates.

[William Fisher]

How do I update the TOR browsers at the Template VM level? I've updated TOR at the APP level but it doesn't stay updated.

[Антон Чехов]

On Tuesday, November 20, 2018 at 3:39:24 AM UTC+1, William Fisher wrote:
> How do I update the TOR browsers at the Template VM level? I've updated TOR at the APP level but it doesn't stay updated.

I updated my template-vm (whonix-gw-14, whonix-ws-14 and sys-whonix) this week via console (sudo apt-get update && sudo apt-get dist-upgrade) and the latest TOR browser was downloaded.

I started a disposable whonix-vm and checked (help -> about tor browser) the version and it was 8.0.3 which should be the latest.
Starting anon-whonix-vm was not updated (8.0) but tor-browser did download the latest version upon opening it (help -> about tor browser) and it stays updated.

[brenda...@gmail.com]

On Tuesday, November 20, 2018 at 1:29:04 AM UTC-5, Антон Чехов wrote:
> On Tuesday, November 20, 2018 at 3:39:24 AM UTC+1, William Fisher wrote:
> > How do I update the TOR browsers at the Template VM level? I've updated TOR at the APP level but it doesn't stay updated.
>
> I updated my template-vm (whonix-gw-14, whonix-ws-14 and sys-whonix) this week via console (sudo apt-get update && sudo apt-get dist-upgrade) and the latest TOR browser was downloaded.

I currently avoid dist-upgrade and stick with upgrade. But YMMV.

With that said, it's important to keep cloned copies of all your templates a few update versions back...just in case. Can be difficult to recover a botched upgrade once sys-net won't work any more. :)

> I started a disposable whonix-vm and checked (help -> about tor browser) the version and it was 8.0.3 which should be the latest.
> Starting anon-whonix-vm was not updated (8.0) but tor-browser did download the latest version upon opening it (help -> about tor browser) and it stays updated.

The explanation for the different behaviors is that, unlike most software in the templates, TB is stored in the private volume (in ~/.tb). When updated in the template, the template's private volume receives the new TB version.

- DVMs are always started with a temporary copy of the parent template's current private volume. Hence the DVM automatically used the apt-get upgraded ~/.tb dir from the template.

- AppVMs keep their own separate (non-updating) private volume after being created, so they do not inherit the template's update to ~/.tb. However once you update TB in the AppVM, since it resides in the private volume, it will remain updated after AppVM restarts.

Brendan

[Patrick Schleizer]

William Fisher:

> How do I update the TOR browsers at the Template VM level? I've updated TOR at the APP level but it doesn't stay updated.
>

New documentation page just now created focusing only on updating Tor
Browser in Qubes-Whonix:

https://www.whonix.org/wiki/Qubes/Tor_Browser

[jean-...@protonmail.ch]

brendan.hoar wrote on Tue, 20 November 2018 13:41

> I currently avoid dist-upgrade and stick with upgrade.
> But YMMV.
>
> With that said, it's important to keep cloned copies of
> all your templates a few update versions back...just in
> case. Can be difficult to recover a botched upgrade once
> sys-net won't work any more. :)

Any particular reason? It has been the way I did
updates/upgrades since Qubes 3.2 (I am using Qubes 4 now)
and I can't recall any problems so far. I can't recall why I
do it this way anymore either, it just became a habit.

Thanks for your explanation, I did not know the details. And
thanks @Patrick Schleizer for the new documentation page,
it's much appreciated.

[Lorenzo Lamas]

Is there any particular reason for advising to user TB's internal updater in existing AppVM's? Afaik it does not verify GPG sigs so updating through Tor Browser Downloader is more secure.