The Steem blockchain was upgraded earlier today. You may experience trouble posting and transacting while the new bandwidth system stabilizes. Read more here.

Qubes OS Whonix Template Reinstall, Wish I would have read before to only install packages from trusted sources

in qubesos •  4 months ago

I updated my whonix-gw in Qubes when a question verifying if I wanted to install packages from sources that could not be verified, it being a security nod itself it had "y/N" option, for some reason or other ended up picking yes and even after canceling it afterwards for some reason didn't realized on time that apt-get maintained the option of installing the unverified packages so I decided to learn some reinstallation of templates on the way.

I wish I would have had resolution and Pressed N or enter and not had to spend some time debugging but the good thing it's there's a good community and documentation eventhought with that it took me a while so mayhaps if I document my experience will help some go faster.

Refer to: https://www.qubes-os.org/doc/software-update-vm/

Reverting changes of a TemplateVM (R4.0) - My specific Version

'Important: This command will roll back any changes made during the last time the TemplateVM was run, but not before. This means that if you have already restarted the TemplateVM, using this command is unlikely to help, and you’ll likely want to reinstall it from the repository instead. On the other hand, if the template is already broken or compromised, it won’t hurt to try reverting first. Just make sure to back up all of your data and changes first!'

ex
1.Shutdown fedora and maintain it shut during the process
2.In a dom0 terminal, type: qvm-revert fedora-26:root

-Template Reinstall

refer to: https://www.qubes-os.org/doc/reinstall-template/

Automated Reinstallation Method (R3.1+)

sudo qubes-dom0-update --action=reinstall qubes-template-package-name
ex. sudo qubes-dom0-update --action=reinstall qubes-template-whonix-gw

Reminder: If you’re trying to reinstall a template that is not in an enabled repo, you must enable that repo. For example:

sudo qubes-dom0-update --enablerepo=qubes-templates-community --action=reinstall qubes-template-whonix-ws

In Theory that would be all but for some reason I had tinkered beyond and couldn't get it working like that
so...

-Manual Reinstallation Method (R3.1+)

Which by the way since i messed up on the gateway I had to make sure to erase most of the whonix VMs depending on the template first like the sys-whonix, which ended up dragging me some time.

to take out the VMs you need to type on the dom0 terminal: qvm-remove <vm-name>

1 create temporary dummy templates for if you want to keep your customization, otherwise if you suspect a broken, reconfigured, or compromised template remove it.

  1. Temporary change all VMs based on the target TemplateVM to the new clone template or remove them
    to clone refer to official documentation I just removed everything

  2. Uninstall the target

sudo dnf remove <template-package-name>
ex sudo dnf remove <template-package-whonix-gw

  1. Reinstall the template you wanted in dom0
    ex sudo qubes-dom0-update --enablerepo=qubes-templates-community
    qubes-template-whonix-gw

refer to: https://www.qubes-os.org/doc/whonix/install/
somehow that ended up not working for me so instead I used:

sudo qubesctl state.sls qvm.anon-whonix
which install all the anon-whonix package again
which loosely says

Download will take a while and there will be no progress indicator.

BUT... it will look more like an error saying that the repo=qubes-templates-community was somehow not found

I had cancelled but somehow found a post online about the issue and that regardless of that error, if you just leave it with time, it will actually install the whole anon-whonix package with whonix-gw, whonix-ws, whonix-gw,sys-whonix & anon-whonix

After a couple of hours I've had reinstalled the whole template package.

Hope this post will aid you and save you some time

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!