If you see the following warning...

WARNING: Execution of /usr/bin/apt-get prevented by /etc/uwt.d/40_qubes.conf because no torified Qubes updates proxy found.

If this warning message is transient, it can be safely ignored. Otherwise, try one of the fixes below.

Update dom0[edit]

To launch a dom0 terminal, click the Qubes App Launcher (blue/grey "Q") and then open the Terminal Emulator (Xfce Terminal).

Upgrade Qubes dom0. This step is mandatory. ^[1]

sudo qubes-dom0-update

sudo qubes-dom0-update

TemplateVMs[edit]

Error Resolution Methods[edit]

The following fixes are listed in order of preference.

Salt Fix[edit]

Use salt to setup dom0 settings. ^[2]

sudo qubesctl state.sls qvm.anon-whonix

sudo qubesctl state.sls qvm.anon-whonix

Next, check if the problem has been corrected. Run the following command in Whonix ™ TemplateVM.

sudo systemctl restart qubes-whonix-torified-updates-proxy-check

sudo systemctl restart qubes-whonix-torified-updates-proxy-check

Then try to update / use apt-get again.

If there are still problems, try the manual fix below.

Manual Fix[edit]

Please make sure Whonix-Gateway ™ (sys-whonix) is running.

Qubes R3.2: The NetVM of this TemplateVM should be set to Whonix-Gateway ™ (sys-whonix). ^[3]
Qubes R4 or higher: Check the dom0 /etc/qubes-rpc/policy/qubes.UpdatesProxy settings.

At the very top of that file, the following text should appear.

$tag:whonix-updatevm $default allow,target=sys-whonix

$tag:whonix-updatevm $default allow,target=sys-whonix

If it is not there, add it.

To view a complete example of the /etc/qubes-rpc/policy/qubes.UpdatesProxy file, please press on expand on the right.

/etc/qubes-rpc/policy/qubes.UpdatesProxy ^[archive] (raw ^[archive]):

## Note that policy parsing stops at the first match,
## so adding anything below "$anyvm $anyvm action" line will have no effect

## Please use a single # to start your custom comments

# Upgrade all TemplateVMs through sys-whonix.
#$type:TemplateVM $default allow,target=sys-whonix

# Upgrade Whonix TemplateVMs through sys-whonix.
$tag:whonix-updatevm $default allow,target=sys-whonix

# Deny Whonix TemplateVMs using UpdatesProxy of any other VM.
$tag:whonix-updatevm $anyvm deny

# Default rule for all TemplateVMs - direct the connection to sys-net
$type:TemplateVM $default allow,target=sys-net

$anyvm $anyvm deny

If Multiple Qubes-Whonix ™ TemplateVMs are configured -- like when the Whonix ™ TemplateVM is cloned -- please press on expand on the right.

The following syntax should apply.

Name-Of-Whonix-TemplateVM $default allow,target=Whonix-Gateway-TemplateBased-ProxyVM

Name-Of-Whonix-TemplateVM $default allow,target=Whonix-Gateway-TemplateBased-ProxyVM

Example entry for Whonix-Gateway ™ TemplateVM.

whonix-gw-15 $default allow,target=sys-whonix

whonix-gw-15 $default allow,target=sys-whonix

Example entry for Whonix-Workstation ™ TemplateVM.

whonix-ws-15 $default allow,target=sys-whonix

whonix-ws-15 $default allow,target=sys-whonix

To test if it is fixed, run the following command in Whonix ™ TemplateVM.

sudo systemctl restart qubes-whonix-torified-updates-proxy-check

sudo systemctl restart qubes-whonix-torified-updates-proxy-check

Then try to update / use apt-get again.

Reinstallation Fix[edit]

If the salt and manual fix attempts both fail, then follow the steps to Reinstall Qubes-Whonix ™ TemplateVMs. If reinstallation also fails, then ask for support in the Whonix ™ forums ^[archive].

dom0[edit]

Qubes dom0 does not use Qubes UpdatesProxy. ^[4] Therefore file /etc/qubes-rpc/policy/qubes.UpdatesProxy does not influence which VM will be used by dom0 for fetching updates.

For completeness sake, see below on how to configure Qubes dom0 UpdateVM setting.

To force dom0 updates over Tor, set Qubes' dom0 UpdateVM to sys-whonix. ^[5]

Qube Manager → System → Global Settings → Dom0 UpdateVM: sys-whonix → OK

To revert this change, set Qubes' dom0 UpdateVM to sys-firewall or another preferred VM. ^[6]

Qubes Manager → System → Global Settings → Dom0 UpdateVM: sys-firewall → OK

Development[edit]

The following development resources are recommended for interested readers:

Footnotes[edit]

↑
- This is required to make sure a recent version of Qubes repository definition files, Qubes salt, qubes-core-admin-addon-whonix ^[archive] as well as qubes-mgmt-salt-dom0-virtual-machines ^[archive] gets installed.
↑ Dev/Qubes#salt
↑ Qubes R3.2 reached EOL ^[archive] on 28 March, 2019. It is strongly recommended to upgrade to Qubes R4.0 ^[archive] to stay safe.
↑ Qubes generally, not Whonix specific implementation.
↑
Or manually set the torified UpdateVM in dom0 terminal.
```
qubes-prefs updatevm sys-whonix
```
qubes-prefs updatevm sys-whonix
↑
To revert this change in dom0 terminal, run.
```
qubes-prefs updatevm sys-firewall
```
qubes-prefs updatevm sys-firewall

Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier

Follow:

Donate:

Share: Twitter | Facebook

Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables ^[archive]. Please come and introduce yourself in the development forum ^[archive].

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee ^[archive] of the Open Invention Network ^[archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian ^[archive]. Debian is a registered trademark ^[archive] owned by Software in the Public Interest, Inc ^[archive].

Whonix ™ is produced independently from the Tor® ^[archive] anonymity software and carries no guarantee from The Tor Project ^[archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

[1] 
This is required to make sure a recent version of Qubes repository definition files, Qubes salt, qubes-core-admin-addon-whonix ^[archive] as well as qubes-mgmt-salt-dom0-virtual-machines ^[archive] gets installed.
https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/pull/17 ^[archive]

https://github.com/QubesOS/updates-status/issues/1184 ^[archive]

https://forums.whonix.org/t/14-15-issues-uninstall-install/7652 ^[archive]

[2] This is required to make sure a recent version of Qubes repository definition files, Qubes salt, qubes-core-admin-addon-whonix ^[archive] as well as qubes-mgmt-salt-dom0-virtual-machines ^[archive] gets installed.
https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/pull/17 ^[archive]

https://github.com/QubesOS/updates-status/issues/1184 ^[archive]

https://forums.whonix.org/t/14-15-issues-uninstall-install/7652 ^[archive]

[3] ttps://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/pull/17 ^[archive]

[4] ttps://github.com/QubesOS/updates-status/issues/1184 ^[archive]

[5] ttps://forums.whonix.org/t/14-15-issues-uninstall-install/7652 ^[archive]

[2] Dev/Qubes#salt

[3] Qubes R3.2 reached EOL ^[archive] on 28 March, 2019. It is strongly recommended to upgrade to Qubes R4.0 ^[archive] to stay safe.

[4] Qubes generally, not Whonix specific implementation.

[5] Or manually set the torified UpdateVM in dom0 terminal.

qubes-prefs updatevm sys-whonix

qubes-prefs updatevm sys-whonix

[6] To revert this change in dom0 terminal, run.

qubes-prefs updatevm sys-firewall

qubes-prefs updatevm sys-firewall

[1]

[2]

[3]

[4]

[5]

[6]

How-to: Fix dom0 Qubes-Whonix ™ UpdatesProxy Settings

From Whonix

< Qubes

Contents