Still don't understand how Debian-9 template is connected to Whonix templates

[jrsm...@gmail.com]

I'm finally going to just ask. I've been searching for something to help me understand this for months now. Debian-9 template is somehow connected to the Whonix templates, but not by the usual templateVM / appVM mechanism. Can someone please enlighten me or point me to the docs I've not found yet.

[awokd]

jrsm...@gmail.com wrote on 3/31/19 3:04 PM:

> I'm finally going to just ask. I've been searching for something to help me understand this for months now. Debian-9 template is somehow connected to the Whonix templates, but not by the usual templateVM / appVM mechanism. Can someone please enlighten me or point me to the docs I've not found yet.
>

They share components during the build process, but by the time you
install them they are independent. Why do you think they continue to be
connected?

[jrsm...@gmail.com]

Thanks, just having that verified helps. It seemed like that had to be true (that they are wired differently than other templateVMs due to tighter coupling requirements than simple overlays can provide). I suppose that whatever sharing of components that was configured at build time persists across domain updates so that the other templates are notified of installed package changes among each other. I believe dom0 also receives the same or similar notifications.

[unman]

I don't understand what you are saying.
There is no "wiring" between the Debian and Whonix templates: Whonix is
based on Debian and therefore has Qubes Debian packages installed.
There is no notification of package changes between these templates.

[jrsm...@gmail.com]

So I can safely delete the Debian-9 template?

[awokd]

jrsm...@gmail.com wrote on 4/3/19 6:55 PM:

> So I can safely delete the Debian-9 template?
>

Correct, that won't impact your Whonix ones.

[thedigit...@gmail.com]

it happens to me that every time I update on debian-9, sys-whonix is started. In fact it does the update only through whonix.
This happens only with Debian-9.
How to remove this property?

[awokd]

thedigit...@gmail.com:

> it happens to me that every time I update on debian-9, sys-whonix is started. In fact it does the update only through whonix.
> This happens only with Debian-9.
> How to remove this property?
>

In dom0, sudo edit /etc/qubes-rpc/policy/qubes.UpdatesProxy. Set your
$type:TemplateVM $default allow,target=sys-net instead of =sys-whonix.
This affects all non-whonix template updates. If you somehow have a
different entry in there that you didn't add just for debian-9, please
record it here.

[thedigit...@gmail.com]

Il giorno domenica 31 marzo 2019 17:04:11 UTC+2, jrsm...@gmail.com ha scritto:
> I'm finally going to just ask. I've been searching for something to help me understand this for months now. Debian-9 template is somehow connected to the Whonix templates, but not by the usual templateVM / appVM mechanism. Can someone please enlighten me or point me to the docs I've not found yet.

Hi thanks for the info. that's exactly what I was looking for.