Actions

Whonix-APT-Repository

Whonix Repository Tool

Whonix APT Repository Overview[edit]

Whonix currently provides four repository choices:

  • Whonix stable APT repository: recommended for most users. The production level packages focus on providing the most reliable Whonix experience. [1]
  • Whonix stable-proposed-updates APT repository: recommended for testers, since it is only briefly tested by Whonix developers. It also contains stable upgrades, but it can break apt-get during an upgrade, requiring terminal commands to rectify the problem. After testing by a wider audience, these packages migrate to the stable repository. [2]
  • Whonix testers APT repository: As above, except it does not have stable upgrades. [3]
  • Whonix developers APT repository: As above, except it includes untested changes. These changes may eventually migrate to the testers repository if the Whonix team is confident these changes will not break the update system. It is not recommended, unless the user is in touch with the development team.


Due to the Whonix design, a user's security is unlikely to be materially affected by preferring the "beta" (stable-proposed-updates) or "alpha" (testers, developers) repositories over the default stable one. [4]

Change Whonix APT Repository[edit]

It is easy for users to switch between Whonix repositories.

Qubes-Whonix[edit]

If you are using Qubes-Whonix, please press expand on the right.

Qubes App Launcher (blue/grey "Q") -> Template: whonix-gw or whonix-ws -> Whonix-Repository

Non-Qubes-Whonix[edit]

If you are using Non-Qubes-Whonix, please press expand on the right.

Start Menu -> Applications -> System -> Whonix Repository -> chose either "testers" or "stable" repository

Figure: Start Menu

Changerepositorygui1.png


Figure: System Folder

Changerepositorygui2.png


Figure: Whonix Repository Tool

Changerepositorygui3.png

Afterwards, the following window will appear.

Figure: Auto-update Configuration

Changerepositorygui4.png


Figure: Repository Selection

Changerepositorygui5.png

Command Line Interface[edit]

If you are a terminal user, please press expand on the right.

In Konsole, run.

sudo whonix_repository


Figure: Launch Konsole

Change repository terminal1.png


Figure: Run whonix_repository

Change repository terminal2.png

Choose one of the following repositories based on personal preferences.

sudo whonix_repository --enable --repository stable
sudo whonix_repository --enable --repository stable-proposed-updates
sudo whonix_repository --enable --repository testers
sudo whonix_repository --enable --repository developers

To use the repository, follow the usual update instructions.

Disable Whonix APT Repository[edit]

Introduction[edit]

For Trust reasons some users may prefer not to use Whonix APT Repository. In that case, it is necessary to update Debian packages in Whonix from source code, which is inconvenient.

Whonix Built from Source Code[edit]

If a user builds Whonix from source code, Whonix APT Repository is not added by default. The only exception is if users opt in using a build configuration. It is also possible to verify that it is already disabled.

Whonix Default-Download-Version[edit]

By default, Whonix APT repository is disabled at first boot. Users are prompted on first boot whether to enable it or to leave it disabled.

If Whonix APT repository is already enabled, it can be disabled via the GUI or terminal Whonix repository tool.

Qubes-Whonix

Qubes App Launcher (blue/grey "Q") -> Template: whonix-gw or whonix-ws -> Whonix-Repository -> "No, I will manually update from source code."

Non-Qubes-Whonix

Start Menu -> Applications -> System -> Whonix Repository -> "No, I will manually update from source code."

Command Line Interface

To disable it in a terminal, run.

sudo whonix_repository --disable

Users can optionally verify Whonix APT repository is disabled after this procedure.

Verify Whonix APT Repository is Disabled[edit]

To check if Whonix APT repository was successfully disabled, run the following tests.

Use apt-key.

sudo apt-key finger

This test should not show any Whonix-specific keys, such as Patrick Schleizer's OpenPGP key.

Next check if /etc/apt/sources.list.d/whonix.list exists. If it does not exist, the procedure was successful. Extra cautious users should also refer to the following footnote. [5]

Advanced[edit]

stable-proposed-updates[edit]

The stable-proposed-updates repository can be enabled using the GUI or command line.

sudo whonix_repository --enable --repository stable-proposed-updates

Repository Location URI[edit]

To set the default Whonix repository URI, choose one of the following.

Default http URI.

sudo whonix_repository --baseuri http://deb.whonix.org --enable --repository stable

Experimental https URI.

sudo whonix_repository --baseuri https://deb.whonix.org --enable --repository stable

Experimental onion URI.

sudo whonix_repository --baseuri http://deb.kkkkkkkkkk63ava6.onion --enable --repository stable

To undo any changes, just run the Whonix APT Repository Tool again.

See Also[edit]

Footnotes / References[edit]

  1. If possible, users are requested to run a separate testers-only Whonix-Gateway (sys-whonix) and Whonix-Workstation (anon-whonix) that has the testers repository enabled. If too few people test Whonix, undiscovered issues might migrate to the stable repository.
  2. Users are recommended to make a VM clone for this repository just in case it breaks. That way changes can be rolled back if necessary.
  3. Users are recommended to make a VM clone for this repository just in case it breaks. That way changes can be rolled back if necessary.
  4. The terms alpha and beta are avoided because they have generally lost their meaning in the software field; many applications remain in alpha or beta status for years, even though they work perfectly well.
  5. The following is not strictly necessary, since the whonix_repository tool has never written another sources.list file other than /etc/apt/sources.list.d/whonix.list. Examine the /etc/apt/sources.list file.
    cat /etc/apt/sources.list
    It should not include the Whonix APT Repository. Next examine the /etc/apt/sources.list.d/ folder as well.
    cat /etc/apt/sources.list.d/*

Random News:

We are looking for maintainers and developers.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)