Jump to: navigation, search


Whonix Repository Tool

Whonix APT Repository Overview[edit]

Whonix's developers APT repository likely contain untested changes. It is recommended against to use it unless you are in touch with the development team. When we are reasonably sure, that these changes won't break Whonix's update system, they may be migrated to Whonix's testers repository where a wider audience is supposed to test them.

Whonix's testers APT repository is for testers-only. Even though briefly tested by Whonix developers, it may may break apt-get during upgrade. Eventually running a few manual commands are required to fix it. Making a clone and be prepared to roll back in case anything goes wrong is recommended. After testing by a wider audience, packages are migrated to Whonix's stable repository.

Whonix's stable-proposed-updates APT repository is for testers-only. Same as above. Contains stable upgrades.

Whonix's stable APT repository is recommended for most users. Even if you're not using your production system to test Whonix's testers-only packages, you're encouraged to run separate Whonix-Gateway and Whonix-Workstation, that use Whonix's testers repository. This is because, if too few people are actually testing Whonix, it might happen that changes that are migrated to Whonix's stable repository are still causing issues.

Change Whonix APT Repository[edit]

You can switch from one repository to another.

If you are using Qubes-Whonix, please press expand on the right.

Qubes App Launcher (blue/grey "Q") -> Template: whonix-gw or whonix-ws -> Whonix-Repository

If you are using Non-Qubes-Whonix, please press expand on the right.

Start Menu -> Applications -> System -> Whonix Repository -> chose either "testers" or "stable" repository

Changerepositorygui1.png Changerepositorygui2.png Changerepositorygui3.png

Then you will see the following window.



Or if you are a terminal user, please press expand on the right.

sudo whonix_repository

Change repository terminal1.png

Change repository terminal2.png

Pick on of the following depending you your preference.

sudo whonix_repository --enable --repository stable
sudo whonix_repository --enable --repository stable-proposed-updates
sudo whonix_repository --enable --repository testers
sudo whonix_repository --enable --repository developers

To use the repository, see the usual instructions for updating.

Disable Whonix APT Repository[edit]


For Trust reasons you may prefer not to use Whonix's APT Repository. You can still update Whonix's debian packages from source code. It is just less convenient.

If you have build Whonix from Source Code[edit]

If you have build Whonix from source code, by default, Whonix's APT Repository does not get added. (Unless you opted in using a build configuration.) You can still verify, that it already is disabled, though.

If you are using the Default-Download-Version[edit]

By default, Whonix's apt repository is disabled at first boot. You will be asked on first boot if you want to enable it or prefer to leave it disabled.

If Whonix apt repository is already enabled, you can disable Whonix's APT repository using the graphical or terminal Whonix repository tool.


Qubes App Launcher (blue/grey "Q") -> Template: whonix-gw or whonix-ws -> Whonix-Repository -> "No, I will manually update from source code."


Start Menu -> Applications -> System -> Whonix Repository -> "No, I will manually update from source code."

Or in terminal.

sudo whonix_repository --disable

Feel free to verify this.

Verify Disabled Whonix APT Repository[edit]

If you want to check, if disabling Whonix's apt repository was successful, you can run the following tests.

Use apt-key.

sudo apt-key finger

It should not show any Whonix specific keys, it should not show Patrick Schleizer's OpenPGP key.

Have a look if /etc/apt/sources.list.d/whonix.list exists. If it doesn't exist, everything is fine.

If you are extra paranoid, see footnote. [1]


stable proposed updates[edit]

This is a stub.

Can be enabled using the gui as usual or cli.

sudo whonix_repository --enable --repository stable-proposed-updates

Repository Location URI[edit]

Default http.

sudo whonix_repository --baseuri http://deb.whonix.org --enable --repository stable

Experimental https.

sudo whonix_repository --baseuri https://deb.whonix.org --enable --repository stable

Experimental onion.

sudo whonix_repository --baseuri http://deb.kkkkkkkkkk63ava6.onion --enable --repository stable

To undo it, just rerun the Whonix APT Repository Tool normally.

See Also[edit]

Footnotes / References[edit]

  1. The following is not necessary, because the whonix_repository tool has never written another sources.list file other than /etc/apt/sources.list.d/whonix.list. Examine your /etc/apt/sources.list.
    cat /etc/apt/sources.list
    It should not include Whonix's APT Repository. Examine your /etc/apt/sources.list.d/ folder as well.
    cat /etc/apt/sources.list.d/*

Random News:

Please help in testing new features and bug fixes in Whonix.

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)