| Is there a standard procedure to reinstall whonix? | Achim Patzner | 06/06/16 01:18 | Hi!
As I've never taken a look at the entire whonix sub-systemI'm a bit clueless myself... Someone who has so completely mesed up his whonix-ws and -gw templates that sys-whonix is not connecting to tor anymore probably needs to set it up anew. Is there a standard way of removing all VMs and downloading clean templates without reinstalling qubes? Or is there a better way to get the templates and then sys-whonix to their original states? Achim |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Andrew David Wong | 06/06/16 03:34 | -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 1. (Optional) Clone your existing whonix-gw and whonix-ws templates. 2. Temporarily change all VMs based on whonix-gw and whonix-ws to another template (e.g., the ones created in the previous step). 3. Uninstall the Whonix templates from dom0: $ sudo yum remove qubes-template-whonix-gw $ sudo yum remove qubes-template-whonix-ws 4. Reinstall the Whonix templates in dom0: $ sudo qubes-dom0-update --enablerepo=qubes-templates-community \ qubes-template-whonix-gw qubes-template-whonix-ws 5. Change the VMs from step 2 back to (the new) whonix-gw and whonix-ws. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXVVHHAAoJENtN07w5UDAwhwQP/2NZtaWCj6l41oGANjgc4GDx moAInwb6XxUDWEqk3Qn9SahELrGXo8QeL51J8eKKkb6d+suVJYoP1qjE4buwK15o 8B67LzrpFlFxQLPb7d17ZOFD1XoSGn95secZV+GoUjcULTF6i7kbTmaDRtki3JqR Tk0t4/9gdp+MSA4Vhw3SoQB4bZfgblAUfz9yy5hAGx6iEWJ5gNjBqku5bGhSCp+y uqlLMEWc/nawif/NK28TpTqGp2brj2QM2yYdEA95Eemd7ASPwTIiddz0eIdSfN69 K9abQ+/RWcRVo90mpPmX+n1puMS4AMZAhjuWHuVDEkHxCxNwGtAA/w2DzowOzSmn Y57DFuN9qwFW9WMtAie3/wm7G78HFV5KSDrnx+IB8cHx74DWu1D+F1GlrI89RBaQ 8JaVJP3e1W4XHYPJbk0Ef4ZV7F0RDlAJhg3K9TKgwymbo8KwtGYiO90XHaN1EwsX 68RSAzAN14YH4MlxVHIntX4xwaJraWaXo3NSYw3LunX5IpJL6chm/WtdD22fxE4i meLwUotjvwMaQa/X/E5rgH984By1SOfivTmxohZvA9gYvXbCA8j3LADxMdjiiKJ4 p2QXyKCKPkwcoL41OmIvrfiV4JOE3ZYcJOv9rxneJcADHMtDb6JwPQtMfWa6o4ML eu3M+zl3KCg6SfcIWvIV =mzPB -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | 7v5w7go9ub0o | 06/06/16 05:08 | Nice, clear response! |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Achim Patzner | 06/06/16 12:38 | Am 06.06.2016 um 12:34 schrieb Andrew David Wong: > 1. (Optional) Clone your existing whonix-gw and whonix-ws templates.Thank you! Would you mind adding that to the whonix pages? Maybe with two changes (reason: If someone is able to really render his whonix unusable in a way that it won't connect to Tor anymore he should be considered foolish [as in "you don't mess with security devices and much less with safety devices you do not understand or you're obviously an idiot" -- about page three of an introductory course to process automation I'm currently reading]. Point 1 and 2 are meant to salvage the modifications to the actual running whonix and this must not be considered trustworthy/safe anymore (I won't guess what happened before it stopped working). So I made this genius remove them completely and reinstall them using qubesctl. You might at least hint at the fact that "if you don't know what you modified you should throw it away". Achim |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Andrew David Wong | 06/06/16 16:02 | -----BEGIN PGP SIGNED MESSAGE-----Added: https://github.com/QubesOS/qubes-doc/commit/ ffbe63ac8c6fa3feb06ab78ac88455cc90fb746a I'm not sure if I understood the proposed two changes, but feel free to submit a pull request to edit the page if you see fit. iQIcBAEBCgAGBQJXVgD0AAoJENtN07w5UDAw1ukQANElqQ6t7GcMy013pdFwh+fX 80Pv9Vc+ZMmlUdnKxVtaeP2Qzj0gu2+P2+NAOFVt6yLrQAhqnMJsMCmnsbDgj5l8 LPeLXbZUa4C2p+1COARKFZWehytQhmg0mESc1aa5vRqOTi4UQQeapMpbtHOlhlNt AilG8miB2wqREM6El5p9P8CqXFK2OCVULqXQYl63flCr1PHxuHt/P6eWCkB76BIz ywDiUwZdWcCo7b98jidH/qr5VjGoGixD40c7YnfpHXhb9PisLjUQ7+CwAfE24YdT c1wFIrMRW5ZWop0aT2MV8ULf6i/eLmMeZIwyyo7SwKhKFl2s4vu6Ibw5dqJqF9LA DwEg+vwxOnzRq3tAwYdPPNpDgYaiSYfJkZn6y9+emrL/zIA+OuI5/QhTaaqQbpXy ibvDb67o1vmU8b+RnCrQOSgp2vW2Q5eP2qawA5L762L6eKRReSi89LwHht/8BL/i 4svbwFzoREFRyyNMsTUBfeAcLmmLjXRiiQNsIBQ0IIjtUNp3XbdQvVJCkS7MRucg OCwynf/BGXwaPyPRqiBsJqpwYYYLPN8zFhJ1nkhRhXEJrbLatGoGUr1CZv0KVKjH a65inr8zEqbDid4QGatxaU/o+xAlZRD9TH/Q15k3nBkfk3sAhBtpMhVxB8uGYvZv aD+Ot6mRRZj30n06ZOnD =eOQ+ -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Andrew David Wong | 06/06/16 16:05 | -----BEGIN PGP SIGNED MESSAGE----- On 2016-06-06 16:02, Andrew David Wong wrote:The live page is available here: https://www.qubes-os.org/doc/whonix/reinstall/ iQIcBAEBCgAGBQJXVgGUAAoJENtN07w5UDAwcZsQAKs1JWbJMqrB8yfJ6aDAODVP IbnZofo0S8P2sCxzKLkNZ12oXOgypHFMr/1j0ABaYp9zs/aqmGCzZSTA7NQk++uM /BawZ04bnvLA9gyWCHTLxBkK15o0GTOEE6EKKDeuSrlH7uqE810rXJacEEzxo/UF ncrFGHzIHSopAjyda1GLrHngz8TTMVYKa3YeInw5ty5a8d4aVAAqNa/UETqeN6mL t2jDfldyTIiuGuczAUHacuncFkRveG4kmrFaxP5vjiFgi5bNFvtZGbgbCp6lvh8g GU0b8Ug5Q5ZeTGYkcLhtiQAWihkw8prjCLha+k2Bh9omijY+xh1U6TEHZ3rK/9SV ew0Luqu81pBOGJR0Cjbqx16lzbF4D1uHTBLFSxsH08+Msa6oIGOnfkuPWkySZ7nq XeFbYyCnwlRzgdi3y9+xetSov9T2YYhMW9VTNBy3oU7nROeFJDLLFmM4pMtWBXwt wmjlqoMAvHSvhW+JmRD2D5VI4IzolKXiNeEnRvpLwyUP2Xep8q0z/Bvocd3zkymV YLMY0lWm6Ms2bRiQOpncpEvfrfupMvPCpCRPGjdjf8j9WL+KaNiCNapokg6udY8E gA6MLlCXltiW8X+PYUlI47ngRNnT4wFiKNw0a7fodCNEMOs265kG+45BtOoEr/FT s5o9/5QRlR9QBigKVVz9 =KRF1 -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | cooloutac | 06/06/16 20:46 | Whonix recently came out with a new updated release that requires some manual steps so its not you. Its happened to all of us. I followed these instructions on one machine. https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13 But on on another machine it was so borked i coudln't even update with apt-get. Kept telling me that the firewall wasn't starting or some error, so I ended up reinstalling the same way that Andrew explained. That really is the easiest way. Cheers. |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Achim Patzner | 06/06/16 22:36 | Am 07.06.2016 um 01:02 schrieb Andrew David Wong:Steps 1 and 2: If someone starts poking around in sys-whonix, changing settings arbitrarily and it suddenly fails to work one has to assume that it isn't secure anymore. So instead of preserving sys-whonix and anon-whonix they should be deleted and replaced, too. Achim |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Andrew David Wong | 06/06/16 23:51 | -----BEGIN PGP SIGNED MESSAGE-----Ok, then it looks like the page is fine as it stands (at least with respect to this concern). iQIcBAEBCgAGBQJXVm7oAAoJENtN07w5UDAwctoP/iGCn2KYa7R0Vk8bkcUD4esP TWWPRBj8WTgKyLZ1e5Wou5hhM80Fc3iEftxzbvHeN9xPmLZc3CUSWhrP/DsEYuad OYfw1aTaD0eLM5+DkDwAbO9mogZnz4DisTXPSiUv/8liYNFCrF1W7NABviB130eG IoecU8Dwk7sA60rDZq+E4sKPdYZrBuBpox4SAp/cJm1FXhspMLDX9PKDg7oZJtI1 MbSeLTHhsjaDgGITLKgbMfQeTBhL4O34SbnCnPRiyADmLPg6R/wKmCC46S8kmmH6 HXRYroZ2QvA9q25f9ufdvlVH5RXt8Pt9ASg9iZcdSDPISenPUV9QJUPC3YtOtMuo Ki9LYUNOhJylp6gzJP3my9q1c+AvIo9QglaXqXKx2L+y10eranK3r3zr+SSgm26Q 2zY2e6ZLUxmNjdnxHsZspFeNwQbuBF9L6N1ZI+sI39W/wUYXyO0iFXWbwLEcb5R+ bsCthb0Qj5nbtN//ehm7KWy3YuZfldRPXbpJRfuZPwGddOWEjo/q7V49Ek1uZYFN QySIlP4mvJUq7R0ZefxPxYTCzffDKjqlL0/jY8ZNA+uO/pMucjh6sbQ2kEtrX5qF AwHXmWxKe8E8v39esRuXkuKskxMIMLanQRfcTcjYsyJUNRSLMZpWayDGAfWqa47/ v9FSPSSdudz7N2jojo4W =BJFX -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | cooloutac | 07/06/16 10:05 | Yep thats how i feel with every anomaly, its why I love qubes. When in doubt, wipe it out! Qubes makes it too easy. |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Drew White | 09/06/16 17:36 |
If one doesn't have the templates on the machine, but didn't "uninstall" them, how would one reinstall them using the RPM's on the DVD? Hope you can help. Because I've been trying to reinstall them and I can't. |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 10/06/16 11:15 | Drew White:
> If one doesn't have the templates on the machine, but didn't "uninstall"This is a complete different question. Please create a new subject for it and do not post it in unrelated threads. Cheers, Patrick |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 10/06/16 11:33 | Andrew David Wong:
> On 2016-06-06 16:02, Andrew David Wong wrote:From #1955 https://github.com/QubesOS/qubes-issues/issues/1955 - Quote Marek: > And generally, I think normal users (not developers/testers) do not need to reinstall template ever. Instead - apply standard updates. I guess we just revisitted this. I guess reinstall has its place. I am wondering about the following... > At a minimum, you’ll want a ProxyVM (conventionally called sys-whonix) based on whonix-gw and an AppVM based on whonix-ws that uses sys-whonix as its NetVM. Perhaps that should not be done manually. Too error-prone. [ As discussed in #1955 ] perhaps invoking salt would be better. sudo qubesctl state.highstate What do you think? > (Optional) Temporarily change all VMs based on whonix-gw and whonix-ws to another template I think this is a bit dangerous. Easily forgotten. And you would not want some my-whonix-ws AppVM to boot with the temporarily set debian-8 template. Is there a way to set the template to some virtual value "none"? Or could we have such a feature? Cheers, Patrick |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 10/06/16 13:41 | Patrick Schleizer:
> sudo qubesctl state.highstate It would set whonix-gw NetVM to sys-whonix which is great. However, it would not set back sys-whonix Template from lets say debian-8 to whonix-gw, which is not great but understandable. |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Chris Laprise | 10/06/16 14:31 | If re-installation is the goal, why not use the in-place method from the
template doc? That involves 'qubes-dom0-update template-package' then after it downloads the package and says there is nothing to update, do a 'yum reinstall template-package'. Chris |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Marek Marczykowski-Górecki | 10/06/16 15:14 | -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256 Interesting idea. You can create a dummy template quite easily: mkdir /var/lib/qubes/vm-templates/dummy touch /var/lib/qubes/vm-templates/dummy/{root.img,private.img} qvm-add-template dummy Using this as a temporary template, instead of, say, debian-8 is better because you can't boot such VM accidentally (there is no OS in there, so boot will fail). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXWzvJAAoJENuP0xzK19csyeYH/j7ZFGNaf2v4LweE68hFa2oT um28bTlRHWiBVutw82v2Zk1ZylTYxoKrt2AYWEltB9j143YzpBq+fw7dWyXxb0/a Sm0YXLBTzM2hT6Ymb3PcrN6lwC9gnTzTONb3QD16m/zAMucEm9Ih+ZCqIvw1U/Jr mC3CKgH0IpKQpWPfKBu+KZQAaeg7qnIp+9E7Gkz06pHG7qd7GgT+8owKO8YsZ+fv VJAb2ywvTczrzXipyEHt5xRl4s85UdXzo57qOQ5yTJ1bD8a0wBgvsBUlt/FXS7gh pVyLmyZ06SqVgJG2itoB6Un0mMxkWoFYEYUefaGSsiy7/4fL3GbFzhYS2Apw+XY= =eqBA -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 12/06/16 05:00 | Chris Laprise:
Because qubes-dom0-update currently excludes qubes-tempalte-* packages. https://github.com/marmarek/qubes-core-admin-linux/blob/6c7443223bb13348da1f3ff20d3dc1fec19073d6/dom0-updates/qubes-dom0-update#L26 Cheers, Patrick |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Chris Laprise | 12/06/16 05:26 | Would it be better not to have qubes-dom0-update exclude template
packages when --action=reinstall is specified? Then the template could be reinstalled in-place without manual reconfiguration of vms. Chris |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Marek Marczykowski-Górecki | 12/06/16 05:41 | -----BEGIN PGP SIGNED MESSAGE-----That's some idea, pretty good IMO. Care to send a pull request? ;) iQEcBAEBCAAGBQJXXViNAAoJENuP0xzK19cs+CYH/j352zphaBW/WmVscuTqTGYh uKiAycO4CWsR6XtBIytzBz+SbFET+2VgOejbfIK1/kkC3g8vgcAjGv1aa3KDlouJ 2phQuFTInfBWVl5mp0cH6E5IoxTs3JvSBxdCiGRyJ+BkStoWDjEUUxgIV9SYu2xE Jpt47u7ez8NQJizngNqoQN6oe/i8FtPnuWY5Mb+FCQITbeNYpMlmZMBl608FMdfA E58uXFZN+7iSTB4Ql8ng8xlpsFn7XWZFXZuuUFURbNJ4NTC3nQwzhj08xNLZsBvS Grenm4f6BZZ0UbwxXcgtUFSkmpdN0oCxunrH84rnxlQkPEvQZJR9kmIEcB1dFO8= =18WT -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Marek Marczykowski-Górecki | 12/06/16 05:43 | -----BEGIN PGP SIGNED MESSAGE-----Also requires checking if rpm reinstallation really works - i.e. post-installation scripts handle that case. iQEcBAEBCAAGBQJXXVjQAAoJENuP0xzK19csDH8H/jge4UZc0B3A76duP/FmpF2t 8wwUnHK3BvNwQkudCO4GdUtwv2ZustSdXhnJF+gTDqxD2MWQyVa9aPzktTcbt6pV Gp0JN2npWA/FhB+acAY8a65I35ZFalEfTju4nLl52FuBCRI1mbNxJ0dxZxVjqRyI cMKE5x152hXcTt4BIXQYWFh6IQBgV3QY3/Tp0svNmsUOZodVi4yAdgyOfMiw8Zh4 4LCWpJ7CTb8I+ZC/VSdoQAPI7xMxYJcRcXUepba21Fvt7dUKte9pF8Agb6xp8FA6 mI0/SgVrD/B8VFcqtxX2P4y3MUZtJbW8aYSOt3/zbY0Zvqb3wDgCTPnJuaOztbg= =mWNW -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 12/06/16 05:50 | Patrick Schleizer:
> Chris Laprise: >>> Cheers,As a result of this thread, various tickets with improvements have been created. Some of them requiring code, others input for discussion and design. qubes-dom0-update template reinstallation option https://github.com/QubesOS/qubes-issues/issues/2061 option to set the TemplateVM setting for TemplateBasedVMs to none https://github.com/QubesOS/qubes-issues/issues/2062 qubes-template-manager (QTM) cli tool https://github.com/QubesOS/qubes-issues/issues/2064 Better way of packaging templates than RPM https://github.com/QubesOS/qubes-issues/issues/2063 (I posted #2064 before noticing that #2063 was posted.) (And I posted these tickets before noticing discussion below that message above.) Cheers, Patrick |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 12/06/16 06:03 | Marek Marczykowski-Górecki:
Good idea, indeed! I proposed --no-exclude and the other suggestion is --action=reinstall. Which one is better? --action-reinstall is less surprising while --no-exclude is generic once/if dom0 gets ported to Debian. Cheers, Patrick |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 12/06/16 06:06 | Patrick Schleizer:
--action=reinstall ... Would this work in all cases or are there cases where '--action' is not 'reinstall' but 'something,reinstall,something-else'. This theoretic case would obviously a lot more difficult to implement. Cheers, Patrick |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Marek Marczykowski-Górecki | 12/06/16 06:08 | -----BEGIN PGP SIGNED MESSAGE-----No, action is always one word. This is mapped directly to yum command (take a look at `yum --help`). Not all of them makes sense for `qubes-dom0-update`, but in theory it is possible to use any of them. iQEcBAEBCAAGBQJXXV7HAAoJENuP0xzK19csKGAH/jCCU5k+DmNvaUKzzmZvtW5m kX3RtitxxSLzd3lXalUV6xtOBvEnwBIFI0zLRGVr11jdu++1PyY+qlLg/A6f5o3z yzBZroIXUHkRaPhE1++q8FvsCXE3KT8VpWTZm5rd1BkIJ3NYffZDf94JOLAqf3XT PqgpdnTMS5DpGRmP1Ts3+uUeR5dP0NVpc/867HC5ezmpgnyI3PotDyuvlT9V/pWU tI46Eq06P+pwSsrCxdz8CgbTXFRyV68YXcdmJGmwTMxOfpsiCBRwroVeaJqIpPFv AlgEuoisTtrqQHW8F+REc4mI9SR06Ggr+vtcJSH1bzxnPdtF8dLDjcNmvkOVKII= =Uq4a -----END PGP SIGNATURE----- |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Drew White | 12/06/16 18:02 |
Patrick, read the subject of this post. "Is there a standard procedure to reinstall whonix?" My query related to the RPMs, because in some places around the world we don't have infinite data on our internet connection. so having a standard practice is fine, but even via the method that was stated here previously it didn't work because of the fact that I had the issue and could not uninstall or anything, so I made the query. |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Patrick Schleizer | 15/06/16 03:23 | Drew White:
> If one doesn't have the templates on the machine, but didn't "uninstall" > them, how > would one reinstall them using the RPM's on the DVD? > > Hope you can help. Because I've been trying to reinstall them and I can't. > > > > On Saturday, 11 June 2016 04:15:10 UTC+10, Patrick Schleizer wrote: >> >> This is a complete different question. Please create a new subject for >> it and do not post it in unrelated threads. >> >> Cheers, >> Patrick >> >> Patrick, read the subject of this post. "Is there a standard procedure to > reinstall whonix?" > > My query related to the RPMs, because in some places around the world we > don't have infinite data on our internet connection. > so having a standard practice is fine, but even via the method that was > stated here previously it didn't work because of the fact that I had the > issue and could not uninstall or anything, so I made the query. > I see. However, your question is still so much different, that it will highly likely - like it happened - be ignored in this thread. Since we need clean, on-topic subject lines to keep the overview in the flood of diverse requests... I suggest a subject line like this: how to reinstall Template RPMs with installation source Qubes Installer DVD Also before your explanation why you wanted to do this, it got most likely ignored because it was perhaps (at least by me) perceived as a strange request. "Because I've been trying to reinstall them and I can't." -> "Yeah, great, so why not wait until it's fully documented and/or try the instructions and tell us how and why it breaks. Why give up and invent something more difficult rather than the standard procedure." After you explained why you wanted to do that, seems like a good question, worthwhile to document. Cheers, Patrick |
| Re: [qubes-users] Is there a standard procedure to reinstall whonix? | Drew White | 16/06/16 05:58 | Hi Patrick, Why was it ignored? It wasn't, so don't say it was when it wasn't. You didn't ignore it. |