Announcement: Qubes Tor onion services are available again!
21 views
Skip to first unread message
Andrew David Wong
Apr 17, 2019, 11:06:03 PM4/17/19
to qubes...@googlegroups.com, qubes...@googlegroups.com, Unman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Qubes Community,
We previously announced that the Qubes Tor onion services were no
longer being maintained due to lack of resources. [1] However, Unman
generously agreed to bring them back, and they're now available once
again!
Here are the new onion service URLs:
Website: www.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Yum repo: yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Deb repo: deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
ISOs: iso.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Soon, you will be able to get the new, correct repo definitions just by
updating dom0 and your TemplateVMs. However, if you can't wait, you can
edit your repository definitions by following the instructions below.
Instructions
============
Follow these instructions *only if* you wish to update dom0 and your
TemplateVMs over Tor (via `sys-whonix`). This is an opt-in feature. If,
instead, you wish to update over your regular network connection (aka
"clearnet"), *or if you are not sure*, then *do not* follow these
instructions.
In order to use the new onion services, you must ensure that *every*
line that contains an onion address uses the appropriate *new* address
above. We'll go through this for dom0, Fedora templates, and Debian
templates. Whonix templates do not require any action; their onion
addresses are still the same as before. For additional information, see
"Onionizing Repositories" on the Whonix wiki. [2]
dom0
====
1. In dom0, open `/etc/yum.repos.d/qubes-dom0.repo` in a text editor.
2. Comment out all the `baseurl = https://yum.qubes-os.org/[...]` and
`metalink` lines.
3. Uncomment all the `baseurl = [...].onion` lines.
4. Update every `.onion` address to
`yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:
#baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/fc25
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current/dom0/fc25
#metalink = https://yum.qubes-os.org/r$releasever/current/dom0/fc25/repodata/repomd.xml.metalink
5. Open `/etc/yum.repos.d/qubes-templates.repo` in a text editor and
repeat steps 2-4.
6. In *Qubes Global Settings*, set *Dom0 UpdateVM* to `sys-whonix`.
Fedora TemplateVMs
==================
1. In the TemplateVM, open `/etc/yum.repos.d/qubes-r4.repo` in a text
editor.
2. Comment out every line that contains `yum.qubes-os.org`.
3. Uncomment every line that contains `.onion`.
4. Update every `.onion` address to
`yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:
#baseurl = https://yum.qubes-os.org/r4.0/current/vm/fc$releasever
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current/vm/fc$releasever
5. In dom0, ensure that the first non-comment line in
`/etc/qubes-rpc/policy/qubes.UpdatesProxy` is:
$type:TemplateVM $default allow,target=sys-whonix
Debian TemplateVMs
==================
1. In the TemplateVM, open `/etc/apt/sources.list.d/qubes-r4.list` in a
text editor.
2. Comment out every line that contains `deb.qubes-os.org`.
3. Uncomment every line that contains `.onion`.
4. Update every `.onion` address to
`deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:
# Main qubes updates repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm stretch main
#deb-src https://deb.qubes-os.org/r4.0/vm stretch main
# Qubes Tor updates repositories
# Main qubes updates repository
deb [arch=amd64] http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch main
#deb-src http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch main
5. In dom0, ensure that the first non-comment line in
`/etc/qubes-rpc/policy/qubes.UpdatesProxy` is:
$type:TemplateVM $default allow,target=sys-whonix
[1] https://www.qubes-os.org/news/2018/01/23/qubes-whonix-next-gen-tor-onion-services/
[2] https://www.whonix.org/wiki/Onionizing_Repositories
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2019/04/17/tor-onion-services-available-again/
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAly36YEACgkQ203TvDlQ
MDD+/g//eGzEagElqNLg/6tQdHTUNZaFQQmEZlNYFt7ZU8QhS7TNQqFR77bHpy+W
1Fbwz2tGMcJwUVj/sQ1A7CQXhhKRL96BtxMjDxTYt5ZQVv7oKs7m1MYUc/3I1hg/
GtNsT7qlPjwMb4XZdrmjyeJg96lYp75msKWDXDsHiAp5Nlq/vuw190TCnw+lGfUJ
+1gf99rGUcfwZZLPl8ZaGlOCjAo6e8qb4ysJH01YvYUt04GQhuUKTyS6OJ8Vq9AV
7cQ1L/Mkc8wNq88T+VEXEmiF/wuVZXDijEV4k/JDyDF0V2ZeljJtMILs5tuvNycK
4f/TMlpJU4jNi2wpWS2VxPMrfUh45/eNpDTDQWFrQ7tFF9sfM/E2SM+GxkhRLfCj
IekhQjJwDPnj+rDSQAiOTCaAaalbAyhfY8FDoqRuOqFLHqy2L/1MKPa4uVgHpkrN
0a4pritN8ge59pbxk0j3Pj8nJvV6KEZtQlByNN5Rp4WtEUQuNK+wuhFNE4aEVYT4
NzMRlQWTJuM0Juz1PN+pnx7s4NUt4jMTXby62S2LCVfNa/lTZ2O9ez5AdCLMlW+f
sX7q6c9iqkGLBKXq0XD95En1J47YfCbv+TcDRHC9fPvrDW2s+sb1877g9u9ARc/U
xOIgDEGOkJ2/pAIvC4Y7d1pWMOKVXaUfqpPgpt+FOc9TqkOfRhc=
=0qqN
-----END PGP SIGNATURE-----
Hash: SHA512
Dear Qubes Community,
We previously announced that the Qubes Tor onion services were no
longer being maintained due to lack of resources. [1] However, Unman
generously agreed to bring them back, and they're now available once
again!
Here are the new onion service URLs:
Website: www.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Yum repo: yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Deb repo: deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
ISOs: iso.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Soon, you will be able to get the new, correct repo definitions just by
updating dom0 and your TemplateVMs. However, if you can't wait, you can
edit your repository definitions by following the instructions below.
Instructions
============
Follow these instructions *only if* you wish to update dom0 and your
TemplateVMs over Tor (via `sys-whonix`). This is an opt-in feature. If,
instead, you wish to update over your regular network connection (aka
"clearnet"), *or if you are not sure*, then *do not* follow these
instructions.
In order to use the new onion services, you must ensure that *every*
line that contains an onion address uses the appropriate *new* address
above. We'll go through this for dom0, Fedora templates, and Debian
templates. Whonix templates do not require any action; their onion
addresses are still the same as before. For additional information, see
"Onionizing Repositories" on the Whonix wiki. [2]
dom0
====
1. In dom0, open `/etc/yum.repos.d/qubes-dom0.repo` in a text editor.
2. Comment out all the `baseurl = https://yum.qubes-os.org/[...]` and
`metalink` lines.
3. Uncomment all the `baseurl = [...].onion` lines.
4. Update every `.onion` address to
`yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:
#baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/fc25
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current/dom0/fc25
#metalink = https://yum.qubes-os.org/r$releasever/current/dom0/fc25/repodata/repomd.xml.metalink
5. Open `/etc/yum.repos.d/qubes-templates.repo` in a text editor and
repeat steps 2-4.
6. In *Qubes Global Settings*, set *Dom0 UpdateVM* to `sys-whonix`.
Fedora TemplateVMs
==================
1. In the TemplateVM, open `/etc/yum.repos.d/qubes-r4.repo` in a text
editor.
2. Comment out every line that contains `yum.qubes-os.org`.
3. Uncomment every line that contains `.onion`.
4. Update every `.onion` address to
`yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:
#baseurl = https://yum.qubes-os.org/r4.0/current/vm/fc$releasever
baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current/vm/fc$releasever
5. In dom0, ensure that the first non-comment line in
`/etc/qubes-rpc/policy/qubes.UpdatesProxy` is:
$type:TemplateVM $default allow,target=sys-whonix
Debian TemplateVMs
==================
1. In the TemplateVM, open `/etc/apt/sources.list.d/qubes-r4.list` in a
text editor.
2. Comment out every line that contains `deb.qubes-os.org`.
3. Uncomment every line that contains `.onion`.
4. Update every `.onion` address to
`deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:
# Main qubes updates repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm stretch main
#deb-src https://deb.qubes-os.org/r4.0/vm stretch main
# Qubes Tor updates repositories
# Main qubes updates repository
deb [arch=amd64] http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch main
#deb-src http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch main
5. In dom0, ensure that the first non-comment line in
`/etc/qubes-rpc/policy/qubes.UpdatesProxy` is:
$type:TemplateVM $default allow,target=sys-whonix
[1] https://www.qubes-os.org/news/2018/01/23/qubes-whonix-next-gen-tor-onion-services/
[2] https://www.whonix.org/wiki/Onionizing_Repositories
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2019/04/17/tor-onion-services-available-again/
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAly36YEACgkQ203TvDlQ
MDD+/g//eGzEagElqNLg/6tQdHTUNZaFQQmEZlNYFt7ZU8QhS7TNQqFR77bHpy+W
1Fbwz2tGMcJwUVj/sQ1A7CQXhhKRL96BtxMjDxTYt5ZQVv7oKs7m1MYUc/3I1hg/
GtNsT7qlPjwMb4XZdrmjyeJg96lYp75msKWDXDsHiAp5Nlq/vuw190TCnw+lGfUJ
+1gf99rGUcfwZZLPl8ZaGlOCjAo6e8qb4ysJH01YvYUt04GQhuUKTyS6OJ8Vq9AV
7cQ1L/Mkc8wNq88T+VEXEmiF/wuVZXDijEV4k/JDyDF0V2ZeljJtMILs5tuvNycK
4f/TMlpJU4jNi2wpWS2VxPMrfUh45/eNpDTDQWFrQ7tFF9sfM/E2SM+GxkhRLfCj
IekhQjJwDPnj+rDSQAiOTCaAaalbAyhfY8FDoqRuOqFLHqy2L/1MKPa4uVgHpkrN
0a4pritN8ge59pbxk0j3Pj8nJvV6KEZtQlByNN5Rp4WtEUQuNK+wuhFNE4aEVYT4
NzMRlQWTJuM0Juz1PN+pnx7s4NUt4jMTXby62S2LCVfNa/lTZ2O9ez5AdCLMlW+f
sX7q6c9iqkGLBKXq0XD95En1J47YfCbv+TcDRHC9fPvrDW2s+sb1877g9u9ARc/U
xOIgDEGOkJ2/pAIvC4Y7d1pWMOKVXaUfqpPgpt+FOc9TqkOfRhc=
=0qqN
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages