Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add more information about updating over Tor

Browse Source
This commit is contained in:
unman 2018-03-22 14:24:26 +00:00
parent 673d5cd367
commit 03668786c4
No known key found for this signature in database
GPG Key ID: BB52274595B71262
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common-tasks/software-update-dom0.md
View File

@ -151,3 +151,5 @@ Requires installed [Whonix](/doc/privacy/whonix/).
Go to Qubes VM Manager -> System -> Global Settings. See the UpdateVM setting. Choose your desired Whonix-Gateway ProxyVM from the list. For example: sys-whonix.
Qubes VM Manager -> System -> Global Settings -> UpdateVM -> sys-whonix
If the UpdateVM is set to sys-whonix then checks for updates to dom0 will also use sys-whonix, and will therefore be torified.

28
common-tasks/software-update-vm.md
View File

@ -48,6 +48,34 @@ In order to permanently install new software, you should:
You don't need to restart all of them at the same time -- e.g. if you just need the newly installed software to be available in your 'personal' domain, then restart only this VM.
You can restart others whenever this will be convenient to you.
### Updating over Tor ###
Requires installed [Whonix](/doc/privacy/whonix/).
If you set the UpdateVM to a Whonix-Gateway proxyVM (e.g sys-whonix) or an updateVM that is downstream from a Whonix-Gateway, then template updates will run over Tor.
In 3.2 you can set this in Qubes Manager:
Go to Qubes VM Manager -> System -> Global Settings. See the UpdateVM setting. Choose your desired Whonix-Gateway ProxyVM from the list. For example: sys-whonix.
Qubes VM Manager -> System -> Global Settings -> UpdateVM -> sys-whonix
In 4.0 use the 'qubes-global-settings' tool in dom0
N.B Update checking occurs from running qubes, not from templates.
This means that if you have a qube that is NOT attached to a Whonix-Gateway, then the check for updates will run over clearnet.
This runs the risk of leaking information about the packages that you have installed in templates.
You can guard against this by turning off automatic update checking:
In 3.2 you can do this globally from Qubes Manager, or on qube-by-qube basis using qvm-service to disable the qubes-update-check service.
qvm-service --disable <qube> qubes-update-check
In 4.0 you can do this globally using qubes-global-settings, or on qube-by-qube basis using qvm-service to disable the qubes-update-check.timer service.
qvm-service --disable <qube> qubes-update-check.timer
Testing repositories
--------------------