Upgrading Whonix 15 to Whonix 16
From Whonix
DO NOT USE YET! This page is only for preparation / notes for now. Whonix ™ 16 does not exist yet at all
TODO: remove NOINDEX of this page
Notices[edit]
Table: Upgrading Whonix Notices
| Notice | Description |
|---|---|
| Difficulty | Downloading a new Whonix-Gateway ™ / Whonix-Workstation ™ is easier than applying the Release Upgrade instructions on this page, but this process is relatively smooth. |
| Release Upgrade vs Download |
To use Whonix ™ 15, users can either:
|
| Standard Upgrades |
|
| Qubes EOL | Qubes R4 and above only -- Qubes OS 3.2 has reached End Of Life [archive]. If you are using Qubes R3.2 / R3.2.1, Qubes-Whonix ™ upgrades are unsupported. |
High Level Overview[edit]
- Backup all data - ideally have a copy of the VM(s) so it is possible to try again (if necessary).
- Perform the usual standard ("everyday") upgrade instructions.
- Consider running the optional sanity tests.
- Release Upgrade Whonix-Workstation ™ (
whonix-ws-14). - Power off Whonix-Workstation ™ (
whonix-ws-14). - Release Upgrade Whonix-Gateway ™ (
whonix-gw-14). - Restart Whonix-Gateway ™ (
whonix-gw-14). - Restart Whonix-Workstation ™ (
whonix-ws-14).
Sanity Tests[edit]
These are optional, but recommended. To complete sanity tests, please press on expand on the right.
sudo dpkg --audit ; echo $?
Expected output.
0
sudo dpkg --configure -a ; echo $?
Expected output.
0
sudo apt-get update
sudo apt-get dist-upgrade
For testing purposes, install python-qt4.
sudo apt-get install python-qt4 ; echo $?
## ... successful installation of python-qt4 ... 0
Upgrading[edit]
Introduction[edit]
First consider completing the sanity tests described above; the system is checked for obvious and grave issues that must be fixed before attempting an upgrade. For example, if the package manager is broken due to the mixing of packages from both Debian stable and Debian testing, then the upgrade may fail part way through, leaving the system in an unstable state that is difficult to resolve.
Consider retaining the full terminal log. Even if the upgrade appears successful, there might be issues following reboot. To properly report a bug in the Whonix ™ forums it is necessary to share the upgrade log so the issue can be investigated.
KDE vs XFCE note: Whonix ™ KDE has been deprecated [archive], meaning Whonix ™ KDE is unsupported from Whonix ™ 15 -- all users should upgrade to Whonix ™ XFCE. These upgrade instructions replace the KDE desktop environment [1] and default applications [2] with those associated with XFCE.
Update Package and Sources Lists[edit]
First upgrade the system's packages by performing the Standard Upgrade Steps. [3]
All Platforms[edit]
Update Whonix ™ apt sources list.
sudo whonix_repository --enable --codename bullseye
Update Debian apt sources list.
sudo sed -i "s/buster/bullseye/g" /etc/apt/sources.list.d/debian.list
Delete the backports, testing and unstable repositories, as well as the default release APT config snippet. [4]
sudo rm -f /etc/apt/sources.list.d/backports.list /etc/apt/sources.list.d/testing.list /etc/apt/sources.list.d/unstable.list /etc/apt/apt.conf.d/70defaultrelease
Qubes-Whonix ™ Only[edit]
Update Qubes' apt sources list.
sudo sed -i "s/buster/bullseye/g" /etc/apt/sources.list.d/qubes*.list
Preparation[edit]
Become root.
sudo su
Enable extensive debugging so the reporting of any eventual bugs is easier.
export DEBDEBUG=1
Update the package lists.
apt-get update
Upgrade[edit]
Distribution Upgrade[edit]
To perform a distribution upgrade, it is recommended to run the following command which uses apt-get-noninteractive [archive]; see the footnotes for technical reasons. [5] [6] [7]
Ignore any eventual errors relating to exim* and/or mailx - these packages will be removed in the next step.
apt-get-noninteractive dist-upgrade --no-install-recommends
Purge packages which are not required and broken. On some platforms these packages are not installed, but the step is completely harmless.
apt-get purge exim*
Restart Necessary Services[edit]
Restart whonix-legacy service. [8]
service whonix-legacy restart
Metapackage Installation[edit]
Note: It is possible that the following packages are already installed, but these steps are necessary to confirm it.
Non-Qubes-Whonix[edit]
- In Whonix-Gateway ™, install package
non-qubes-whonix-gateway-xfce.apt-get install non-qubes-whonix-gateway-xfce
- In Whonix-Workstation ™, install package
non-qubes-whonix-workstation-xfce.apt-get install non-qubes-whonix-workstation-xfce
Qubes-Whonix[edit]
- In Whonix-Gateway ™ (
whonix-gw-14), install packagequbes-whonix-gateway.apt-get install qubes-whonix-gateway
- In Whonix-Workstation ™ (
whonix-ws-14), install packagequbes-whonix-workstation.apt-get install qubes-whonix-workstation
Remove Unneeded Packages[edit]
Note: This step is not required for Non-Qubes-Whonix ™ XFCE users.
This long command will remove deprecated meta packages and KDE leftovers; simply cut and paste the entire command. [9] [10]
Run the following command in both Whonix-Gateway ™ and Whonix-Workstation ™.
TODO: none yet
apt-get purge --yes TODO ; \
Autoremove[edit]
Remove packages which are no longer required.
apt-get autoremove
Revert to Regular Privileges[edit]
If you are root already (previously became root using sudo su), then exit now.
Open a terminal and run.
exit
Whonix ™ XFCE Desktop Config[edit]
- Qubes-Whonix ™ users: Please skip this step. [11]
- Non-Qubes-Whonix ™ users: Please click on expand on the right.
Create folder /home/user/desktop-backup
mkdir -p /home/user/desktop-backup
Reset the XFCE desktop configuration.
mv /home/user/.config/xfce4 /home/user/desktop-backup/
Delete the first-boot-skel.done file. [12]
sudo rm -f /var/cache/anon-base-files/first-boot-skel.done
Execute /usr/lib/anon-base-files/first-boot-skel [archive] to get Whonix ™ XFCE Desktop Config [archive].
sudo /usr/lib/helper-scripts/first-boot-skel
Terminal Log[edit]
Remember to retain the terminal log:
Edit → Select All → Edit → Copy → Open Editor → Paste → Save
APT Sources Lists[edit]
Open a new terminal window. [13]
Run Whonix ™ APT Repository Tool. [14]
lxsudo whonix-repository-wizard
As explained in step Distribution Upgrade, all system configuration files in /etc were reset to the distributor default. If modifications were previously made to any files in folder /etc/apt/sources.list.d, they should be re-added at this step (if desired).
Review all files in folder /etc/apt/sources.list.d
lxsudo mousepad /etc/apt/sources.list.d/*
If changes were made, follow the standard ("everyday") upgrade instructions.
Reboot[edit]
A reboot is required.
sudo reboot
Start Menu[edit]
- Non-Qubes-Whonix ™ users: Please skip this step.
- Qubes-Whonix ™ users: Please click on expand on the right.
The upgrade process does not upgrade the Qubes appmenus (start menu) entries and these must be manually updated. The reason is many applications that were installed by default in Qubes-Whonix ™ 14 are no longer present in Qubes-Whonix ™ 15, due to the change from KDEish to XFCEish default applications. [15]
Qubes appmenu→anon-whonix→Add more shortcutsQubes appmenu→sys-whonix→Add more shortcutsQubes appmenu→whonix-gw-14→Add more shortcutsQubes appmenu→whonix-ws-14→Add more shortcuts
Done[edit]
All necessary steps are now complete.
As a final recommendation, it is advisable to run whonixcheck to check numerous, important system variables. [16]
Automated[edit]
Testers only! Non-Qubes-Whonix only. XFCE only. Professional Support only.
This would probably brick Qubes-Whonix!
Create a file /usr/lib/release-upgrade with root rights.
lxsudo mousepad /usr/lib/release-upgrade
Paste the following contents. [17]
#!/bin/bash
## Copyright (C) 2020 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
set -x
set -e
set -o pipefail
error_handler() {
local MSG="\
###########################################################
## Something went wrong. Please report this bug!
##
## BASH_COMMAND: $BASH_COMMAND
###########################################################\
"
echo "$MSG"
exit 1
}
trap "error_handler" ERR
if [ "$(id -u)" != "0" ]; then
true "ERROR: Must run as root."
true "sudo $0"
exit 112
fi
if test -e /usr/share/anon-gw-base-files/gateway ; then
pkg="non-qubes-whonix-gateway-xfce"
elif test -e /usr/share/anon-ws-base-files/workstation ; then
pkg="non-qubes-whonix-workstation-xfce"
else
error "Could not detect gateway or workstation"
fi
export DEBDEBUG=1
dpkg --audit
dpkg --configure -a
rm -f /etc/apt/sources.list.d/derivative.list
sed -i 's/timeout_after="240"/timeout_after="600"/g' /usr/lib/security-misc/apt-get-update
sed -i 's/update \&/update "$@" \&/g' /usr/lib/security-misc/apt-get-update
/usr/lib/security-misc/apt-get-update -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false
apt-get-noninteractive --yes purge exim* || true
apt-get-noninteractive --yes --no-install-recommends dist-upgrade
apt-get-noninteractive --yes purge exim* || true
apt-get-noninteractive --yes --no-install-recommends install python-qt4
dpkg --audit
dpkg --configure -a
whonix_repository --enable --codename bullseye
sed -i "s/buster/bullseye/g" /etc/apt/sources.list.d/debian.list
rm -f /etc/apt/sources.list.d/backports.list /etc/apt/sources.list.d/testing.list /etc/apt/sources.list.d/unstable.list /etc/apt/apt.conf.d/70defaultrelease
sed -i "s/buster/bullseye/g" /etc/apt/sources.list.d/qubes*.list &>/dev/null || true
/usr/lib/security-misc/apt-get-update -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false
apt-get-noninteractive dist-upgrade --yes --no-install-recommends
dpkg --audit
dpkg --configure -a
apt-get-noninteractive --yes purge exim* || true
service whonix-legacy restart
apt-get-noninteractive --yes --no-install-recommends install "$pkg"
dpkg --audit
dpkg --configure -a
apt-get-noninteractive --yes purge exim* || true
apt-get-noninteractive purge --yes non-qubes-whonix-gateway || true
apt-get-noninteractive purge --yes non-qubes-whonix-gateway-kde || true
apt-get-noninteractive purge --yes non-qubes-whonix-workstation || true
apt-get-noninteractive purge --yes non-qubes-whonix-workstation-kde || true
apt-get-noninteractive purge --yes whonix-gw-kde-desktop-conf || true
apt-get-noninteractive purge --yes whonix-gw-desktop-shortcuts || true
apt-get-noninteractive purge --yes hardened-desktop-applications-kde || true
apt-get-noninteractive purge --yes hardened-desktop-environment-essential-kde || true
apt-get-noninteractive purge --yes sddm || true
apt-get-noninteractive purge --yes kde-* || true
apt-get-noninteractive purge --yes libkde* || true
apt-get-noninteractive purge --yes qml-module-org-kde-* || true
apt-get-noninteractive purge --yes polkit-kde-agent-1 || true
apt-get-noninteractive purge --yes kded5 || true
apt-get-noninteractive purge --yes *kdelibs* || true
apt-get-noninteractive purge --yes kdesudo || true
apt-get-noninteractive purge --yes ark || true
apt-get-noninteractive purge --yes konsole || true
apt-get-noninteractive purge --yes apt-cacher-ng || true
apt-get-noninteractive purge --yes wpasupplicant || true
if test -e /usr/share/anon-gw-base-files/gateway ; then
apt-get-noninteractive purge --yes vlc* || true
apt-get-noninteractive purge --yes libvlc* || true
apt-get-noninteractive purge --yes phonon* || true
fi
dpkg --audit
dpkg --configure -a
apt-get-noninteractive --yes autoremove
dpkg --audit
dpkg --configure -a
sudo -u user mkdir -p /home/user/desktop-backup || true
sudo -u user mv /home/user/Desktop/*.desktop /home/user/desktop-backup/ || true
sudo -u user mv /home/user/.config/xfce4 /home/user/desktop-backup/ || true
rm -f /var/cache/anon-base-files/first-boot-skel.done || true
/usr/lib/helper-scripts/first-boot-skel || true
unlink /usr/local/etc/onion-grater-merger.d/* || true
rm -f /usr/local/etc/onion-grater-merger.d/40_bisq.yml
sudo sed -i "s#/usr/sbin/tinyproxy#/usr/bin/tinyproxy#g" /lib/systemd/system/qubes-updates-proxy.service &>/dev/null || true
true "OK. Success."
Safe.
Make executable.
sudo chmod +x /usr/lib/release-upgrade
Run release upgrade script.
sudo /usr/lib/release-upgrade
If everything went well, at the end it will show OK. Success..
Footnotes[edit]
- ↑ Non-Qubes-Whonix only since Qubes-Whonix ™ does not have a desktop environment installed - that is dependent on dom0.
- ↑ Users have the freedom to retain KDE applications and/or to reinstall those after the upgrade.
- ↑ Mandatory, not optional for most users. Unless you know what you are doing.
This is for example to ensure that the signing key for the next Debian release gets added. Quote debian-archive-keyring changelog [archive]:
debian-archive-keyring (2019.1+deb10u1) buster; urgency=medium * Remove jessie's archive keys (Closes: #981343) * Add automatic signing keys for bullseye (Closes: #977911) * Update my own key * Add Debian Stable Release Key (11/bullseye) (ID: 600062A9605C66F00D6C9793) (Closes: #977910) * Refresh signatures over keyrings/debian-archive-keyring.gpg and keyrings/debian-archive-removed-keys.gpg * Add myself to uploaders - ↑ This step is only required if they were previously enabled, but the command is harmless either way.
- ↑
apt-get-noninteractiveprevents the user from being asked difficult technical questions anytime during the upgrade, since the upgrade is stopped until the question is answered.apt-get-noninteractiveusesapt-getwith-o Dpkg::Options::=--force-confnew. This meansapt-getwill prefer config files shipped by the distribution in case there is an existing modified config file on the system. Old config files should be automatically moved toconfigfile.dpkg-old. - ↑ Advanced users can use
apt-getrather thanapt-get-noninteractive. However, it is probably best to useapt-get-noninteractiveand to re-apply custom configurations after the upgrade. - ↑ Parameter
--no-install-recommendsprevents the installation of packages (fromdebian/controlRecommends:packages by Debian) which are not useful, confusing or waste disk space inside of virtual machines, such asxscreensaver. For other reasons why Whonix ™ uses--no-install-recommends, see: Technical Stuff. - ↑ A manual restart is required because apt-get-noninteractive is being used. This step is not crucial since it would also run after reboot.
- ↑ In order to separately run the commands, it is necessary to remove the
;and\characters at the end. - ↑ Unfortunately, as of Debian buster apt-get no longer allows a single apt-get purge command followed by a list of all packages. If one of the packages is not already installed, then it aborts the whole command and also refuses to uninstall those which are still present. Therefore, to run commands in succession the
;parameter is used, while\allows a single long command to be split into multiple lines for better readability. - ↑ VM XFCE is not being used in Qubes and package Whonix ™ XFCE Desktop Config [archive] is also not installed, so this step is unnecessary. If you want to apply this anyhow, it should be done in every AppVM.
- ↑ So it can be re-run.
- ↑ Because GUI application whonix-repository-wizard should not be run as root.
- ↑ To select the correct APT repository for use.
- ↑ https://groups.google.com/d/topic/qubes-devel/pkvvm1WNznY [archive]
- ↑ The following message is not a concern.
The following packages were automatically installed and are no longer required: hardened-packages-recommended-cli non-qubes-vm-enhancements-gui whonix-workstation-default-applications-gui whonix-ws-desktop-shortcuts
- ↑
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
.svg.png&filetimestamp=20200623163525&){kind=small}
Did you know that Whonix ™ could provide protection against backdoors? See Verifiable Builds. Help is wanted and welcomed.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.