Whonix 14 just came out last month. I went to update, but I couldn’t figure out what version I was currently running. The documentation said to run this command, but the output didn’t make sense when I ran it on my whonix-gw TemplateVM.
user@host:~$ cat /var/lib/anon-dist/build_version 3:2.0-1
user@host:~$ cat /etc/whonix_version 14 user@host:~$
I was first alerted this morning when whonixcheck told me that I needed to update:
WARNING: Whonix News Result: ✘ Outdated: Installed whonix-gateway-packages-dependencies 3.4.2-1 is outdated! You should update. You can automatically update using Whonix's internal updater. Please update using: sudo apt-get update && sudo apt-get dist-upgrade
..but apt-get on my whonix-gw TemplateVM insisted that I was already up-to-date:
Welcome to Whonix! https://www.whonix.org The programs included with the Whonix GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Whonix GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Whonix is a derivative of Debian GNU/Linux. Whonix is based on Tor. Whonix is produced independently from the Tor (r) anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. Whonix is experimental software by means of concept and design. Do not rely on it for strong anonymity. Type: "whonix" <enter> for help. user@host:~$ sudo apt-get update && sudo apt-get dist-upgrade Hit http://deb.qubes-os.org jessie InRelease Hit http://security.debian.org jessie/updates InRelease Ign http://ftp.us.debian.org jessie InRelease Hit http://deb.whonix.org jessie InRelease Get:1 http://ftp.us.debian.org jessie Release.gpg [2,420 B] Hit http://ftp.us.debian.org jessie Release Hit http://ftp.us.debian.org jessie/main amd64 Packages Hit http://security.debian.org jessie/updates/non-free amd64 Packages Hit http://deb.qubes-os.org jessie/main amd64 Packages Hit http://ftp.us.debian.org jessie/contrib amd64 Packages Hit http://security.debian.org jessie/updates/contrib Translation-en Hit http://deb.whonix.org jessie/main amd64 Packages Hit http://ftp.us.debian.org jessie/non-free amd64 Packages Hit http://security.debian.org jessie/updates/main Translation-en Hit http://ftp.us.debian.org jessie/contrib Translation-en Hit http://security.debian.org jessie/updates/non-free Translation-en Hit http://ftp.us.debian.org jessie/main Translation-en Hit http://security.debian.org jessie/updates/main amd64 Packages Hit http://ftp.us.debian.org jessie/non-free Translation-en Hit http://security.debian.org jessie/updates/contrib amd64 Packages Ign http://deb.qubes-os.org jessie/main Translation-en_US Ign http://deb.qubes-os.org jessie/main Translation-en Ign http://deb.whonix.org jessie/main Translation-en_US Ign http://deb.whonix.org jessie/main Translation-en Fetched 2,420 B in 13s (185 B/s) Reading package lists... Done Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. user@host:~$
Upon further investigation, I found that Whonix 13 is being EOL’d at the end of this month (2018-09). I’m not sure if this is a side-effect, but–in any case–because Whonix 13 won’t be receiving any more (security) updates, it’s imperative that everyone running Whonix updates their system.
But I was stopped pretty early in my update process this morning when I couldn’t figure out what version of Whonix I was running! All the usual checks weren’t particularly helpful
user@host:~$ date
Sun Sep 9 18:01:22 UTC 2018
user@host:~$ uname -a
Linux host 4.14.57-2.pvops.qubes.x86_64 #1 SMP Tue Aug 14 14:17:42 UTC 2018 x86_64 GNU/Linux
user@host:~$ cat /etc/issue
Welcome to Whonix!
https://www.whonix.org
default user account: user
default root account: root
default passwords: changeme
user@host:~$ sudo dpkg -l | grep whonix
ii qubes-whonix 1:5.7.2.3-1 all Qubes Configuration for Whonix-Gateway and Whonix-Workstation
ii qubes-whonix-gateway 3:3.4.2-1 all Default packages for Qubes-Whonix-Gateway
ii qubes-whonix-gateway-packages-recommended 1:5.7.2.3-1 all Recommended packages for Qubes-Whonix-Gateway
ii qubes-whonix-shared-packages-recommended 1:5.7.2.3-1 all Recommended packages for Qubes-Whonix-Gateway and Qubes-Whonix-Workstation
ii whonix-base-files 3:1.4-1 all Whonix base system miscellaneous files
ii whonix-gateway-packages-dependencies 3:3.4.2-1 all Dependencies for Whonix-Gateway
ii whonix-gateway-packages-dependencies-pre 3:3.4.2-1 all Dependencies for Whonix-Gateway that changes network related files
ii whonix-gateway-packages-recommended 3:3.4.2-1 all Recommended packages for Whonix-Gateway
ii whonix-gateway-shared-packages-shared-meta 3:3.4.2-1 all Whonix-Gateway Shared Packages
ii whonix-gw-desktop-shortcuts 3:1.3-1 all Desktop Icons for Whonix-Gateway
ii whonix-gw-firewall 3:1.9.2-1 all Whonix-Gateway's Firewall
ii whonix-gw-kde-desktop-conf 3:1.3-1 all KDE Desktop Settings for Whonix-Gateway
ii whonix-gw-network-conf 3:1.3-1 all Network Configuration for Whonix-Gateway
ii whonix-initializer 3:2.4-1 all Implements Whonix's Verifiable Builds feature and initializes Whonix
ii whonix-legacy 3:2.9.3-1 all Prepare older Build Versions of Whonix for Upgrade
ii whonix-repository 3:2.2.2-1 all Whonix APT Repository Tool
ii whonix-setup-wizard 3:1.7-1 all First Time Connection Setup
ii whonix-shared-packages-dependencies 3:3.4.2-1 all Dependencies for Whonix-Gateway and Whonix-Workstation
ii whonix-shared-packages-recommended 3:3.4.2-1 all Recommended packages for Whonix-Gateway and Whonix-Workstation
ii whonixcheck 3:4.6.5-1 all Anonymity and security check
ii whonixsetup 3:1.9-1 all First Time Connection Setup
user@host:~$
And, as noted at the top of this post, the output from /var/lib/anon-dist/build_version was neither 14, 13, or anything close. Finally, I stumbled upon this post on the whonix forums that described the disconnect between Whonix versions and Qubes-built Whonix versions.
There is not a 1:1 correspondence between Whonix & Qubes versions nor are Whonix templates customized for individual Qubes versions. I believe the Whonix policy is to support all Qubes supported versions, so Whonix 13 currently supports R3.2 and R3.1.
As is touched on in the post linked above, the Whonix version numbers in Qubes-Whonix are fairly meaningless. I know of no easy way to map between the Qubes-Whonix version numbers and the corresponding Whonix version numbers. Instead, you can check the Whonix column in the TemplateVMs table on the Supported Versions Qubes Documentation Page to see which version of Whonix your version of Qubes supports.
Checking your version of Qubes is much simpler & straight-forward:
[user@dom0 ~]$ cat /etc/issue Qubes release 3.2 (R3.2) Kernel \r on an \m (\l) [user@dom0 ~]$
Then you can follow this guide to install a fresh Whonix 14 TemplateVM in Qubes
Update 2018-09-11: I hit some speedhumps trying to follow the above guide. I ended up running the following (from dom0) to iteratively install whonix.
sudo qubes-dom0-update qubes-template-whonix-ws-14 sudo qubes-dom0-update qubes-template-whonix-gw-14 sudo qubesctl state.sls qvm.anon-whonix
For debugging, I found the following directories to be extremely helpful:
- /var/lib/qubes/dom0-updates/var/log/
- /var/lib/qubes/dom0-updates/var/cache/yum/x86_64/3.2/qubes-templates-community-*
Related Posts
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
Thanks!
https://forums.whonix.org/t/add-debian-or-whonix-version-check/6059