Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Qubes-Whonix 16 for Qubes R4.0 #6891

Closed
adrelanos opened this issue Sep 10, 2021 · 15 comments · Fixed by QubesOS/qubes-posts#84
Closed

Qubes-Whonix 16 for Qubes R4.0 #6891

adrelanos opened this issue Sep 10, 2021 · 15 comments · Fixed by QubesOS/qubes-posts#84
Assignees
@adrelanos
Labels
C: Whonix This issue impacts Qubes-Whonix P: default Priority: default. Default priority for new issues, to be replaced given sufficient information.
Milestone
Release 4.0 updates

Comments

@adrelanos
Copy link
Member

adrelanos commented Sep 10, 2021
edited
Loading

Status:

Qubes-Whonix 16 images details:

Any further Qubes salt changes required or something else?
@adrelanos adrelanos added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: task labels Sep 10, 2021
@adrelanos adrelanos mentioned this issue Sep 10, 2021
Closed
@DemiMarie
Copy link

That will fail the code signing check I believe.

@andrewdavidwong andrewdavidwong added T: enhancement C: Whonix This issue impacts Qubes-Whonix and removed T: task labels Sep 10, 2021
@andrewdavidwong andrewdavidwong added this to the Release 4.0 updates milestone Sep 10, 2021
@adrelanos
Copy link
Member Author

adrelanos commented Sep 11, 2021 via email

@adrelanos
Copy link
Member Author

Known issue: Default Qubes appmenu is empty. - Maybe fixed in next build.

@airelemental
Copy link

airelemental commented Sep 15, 2021
edited
Loading

It looks like sys-whonix based on whonix-gw-16 doesn't work as dom0 updatevm (DNF not configured to get DNS over tor?):

$ qubes-prefs updatevm sys-whonix-16
$ sudo qubes-dom0-update
Using sys-whonix-16 as UpdateVM to download updates for Dom0; this may take some time...
Unable to detect release version (use '--releasever' to specify release version)
Fedora 25 - x86_64 - Updates                    0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'updates':
  - Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org]
Error: Failed to download metadata for repo 'updates': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org]

@adrelanos adrelanos mentioned this issue Sep 17, 2021
Closed
@andrewdavidwong
Copy link
Member

andrewdavidwong commented Sep 17, 2021
edited
Loading

I was just told in #1778 (comment) that Qubes-Whonix 16 is already in the stable repo, which is quite surprising, as I saw no indication of that here. The link about the staged rollout doesn't provide any details about how exactly the staged rollout for Qubes-Whonix 16 works, and it's unclear to me at what point in the staged rollout we should publish Qubes announcements for these new templates. I guess you should just let me know when, @adrelanos.

@adrelanos
Copy link
Member Author

I was just told in #1778 (comment) that Qubes-Whonix 16 is already in the stable repo, which is quite surprising, as I saw no indication of that here. The link about the staged rollout doesn't provide any details about how exactly the staged rollout for Qubes-Whonix 16 works,

Right. Generally plan:

stage 1:
Templates are added to stable community repository and documentation https://www.whonix.org/wiki/Qubes/Install is updated.

stage 2:
Release announcements.

stage 3:
Deprecation notice. - https://forums.whonix.org/t/one-time-popup-notification-of-whonix-15-deprecation-once-whonix-16-was-released/11720

Specifically this time:

Waiting for some fixes to be tested (default Qubes appmenu) and migrating to stable before starting stage 2. Current stable templates probably soon the be replaced with these ones:

and it's unclear to me at what point in the staged rollout we should publish Qubes announcements for these new templates. I guess you should just let me know when, @adrelanos.

Yes, thank you! :)

@adrelanos
Copy link
Member Author

It looks like sys-whonix based on whonix-gw-16 doesn't work as dom0 updatevm (DNF not configured to get DNS over tor?):

Created #6913 for it.

@adrelanos
Copy link
Member Author

I would like to suggest moving all of these...

to stable. @marmarek

No big changes were introduced. Just small bugfixes. Testing completed. (Could also wait the minimum time but I doubt someone else would test and report and blocking bugs before that.)

Once that's done, I'll write an announcement in the usual Whonix place.

@adrelanos
Copy link
Member Author

Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release

Next: I'd suggest to wait a few days before announcing on Qubes news. But if there was a draft, I'd of course have a look.

@andrewdavidwong andrewdavidwong mentioned this issue Sep 29, 2021
Merged
@andrewdavidwong
Copy link
Member

Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release

Next: I'd suggest to wait a few days before announcing on Qubes news.

May I ask why? Users have only one month to upgrade, and each day we wait is one fewer day they have.

But if there was a draft, I'd of course have a look.

Opened QubesOS/qubes-posts#84. Please review when you get a chance.

@adrelanos
Copy link
Member Author

Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release
Next: I'd suggest to wait a few days before announcing on Qubes news.

May I ask why?

Staged rollout.

Users have only one month to upgrade, and each day we wait is one fewer day they have.

Right, well. No problem. I wouldn't start the counter until "fully released". The spirit isn't to be overly strict about it.

Arguably (?) according to https://www.whonix.org/wiki/About#Support_Schedule we previously said we'd post a deprecation notice at https://forums.whonix.org/c/news which might be a good idea for clarification anyhow.

The deadline doesn't mean:

Just that the more time passes, release upgrades can become increasingly difficult that it becomes infeasible to troubleshoot and that questions "how do I x,y, z on deprecated version x" become more confusing for other readers and harder to answer since fewer and fewer people are using it.

But if there was a draft, I'd of course have a look.

Opened QubesOS/qubes-posts#84. Please review when you get a chance.

Looks perfect!

@andrewdavidwong
Copy link
Member

Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release
Next: I'd suggest to wait a few days before announcing on Qubes news.

May I ask why?

Staged rollout.

Ok, but some users become a bit confused when they see an announcement from the Whonix Project that Whonix 16 has been released with no similar announcement from the Qubes OS Project. Example (see replies):

https://forum.qubes-os.org/t/qubes-whonix-16-has-been-released-debian-11-bullseye-based-major-release/6647

Users have only one month to upgrade, and each day we wait is one fewer day they have.

Right, well. No problem. I wouldn't start the counter until "fully released". The spirit isn't to be overly strict about it.

Ok, that's good. It's unclear to me what the official release date is with a staged rollout.

Arguably (?) according to https://www.whonix.org/wiki/About#Support_Schedule we previously said we'd post a deprecation notice at https://forums.whonix.org/c/news which might be a good idea for clarification anyhow.

The deadline doesn't mean:

No, those are not the concerns. Rather, the concern is that there are no more security patches for EOL releases, so users definitely want to upgrade from Whonix 15 before it reaches EOL. If they're too slow or too late, they may be vulnerable to unpatched security bugs in their Whonix qubes.

Just that the more time passes, release upgrades can become increasingly difficult that it becomes infeasible to troubleshoot and that questions "how do I x,y, z on deprecated version x" become more confusing for other readers and harder to answer since fewer and fewer people are using it.

But if there was a draft, I'd of course have a look.

Opened QubesOS/qubes-posts#84. Please review when you get a chance.

Looks perfect!

Thanks! Since it's been a couple days, I'll go ahead and publish it now.

@andrewdavidwong
Copy link
Member

@adrelanos, could you let me know when Whonix 15 has officially reached EOL so that I can make another announcement and update https://www.qubes-os.org/doc/supported-releases/#templates?

@adrelanos
Copy link
Member Author

Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release
Next: I'd suggest to wait a few days before announcing on Qubes news.

May I ask why?

Staged rollout.

Ok, but some users become a bit confused when they see an announcement from the Whonix Project that Whonix 16 has been released with no similar announcement from the Qubes OS Project. Example (see replies):

https://forum.qubes-os.org/t/qubes-whonix-16-has-been-released-debian-11-bullseye-based-major-release/6647

I see.

Well, since this release seems to not cause many upgrade troubles anyhow...

Users have only one month to upgrade, and each day we wait is one fewer day they have.

Right, well. No problem. I wouldn't start the counter until "fully released". The spirit isn't to be overly strict about it.

Ok, that's good. It's unclear to me what the official release date is with a staged rollout.

Posted deprecation notice just now.

https://forums.whonix.org/t/whonix-15-deprecation-notice-all-users-should-upgrade-to-whonix-16/12473

Arguably (?) according to https://www.whonix.org/wiki/About#Support_Schedule we previously said we'd post a deprecation notice at https://forums.whonix.org/c/news which might be a good idea for clarification anyhow.
The deadline doesn't mean:

No, those are not the concerns. Rather, the concern is that there are no more security patches for EOL releases, so users definitely want to upgrade from Whonix 15 before it reaches EOL. If they're too slow or too late, they may be vulnerable to unpatched security bugs in their Whonix qubes.

I see. Seems like there are many ways to define "supported". Will keep this in mind.

@adrelanos, could you let me know when Whonix 15 has officially reached EOL so that I can make another announcement and update https://www.qubes-os.org/doc/supported-releases/#templates?

Does https://forums.whonix.org/t/whonix-15-deprecation-notice-all-users-should-upgrade-to-whonix-16/12473 clarify it?

I see https://www.qubes-os.org/news/2021/09/30/whonix-16-template-available/ was published, thank you!

@andrewdavidwong
Copy link
Member

@adrelanos, could you let me know when Whonix 15 has officially reached EOL so that I can make another announcement and update https://www.qubes-os.org/doc/supported-releases/#templates?

Does https://forums.whonix.org/t/whonix-15-deprecation-notice-all-users-should-upgrade-to-whonix-16/12473 clarify it?

Yes, thanks. I'll set a reminder for myself to perform the aforementioned actions on 2021-11-14.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adrelanos adrelanos

Labels
C: Whonix This issue impacts Qubes-Whonix P: default Priority: default. Default priority for new issues, to be replaced given sufficient information.
Projects
None yet
Milestone
Release 4.0 updates
Development

Successfully merging a pull request may close this issue.

Announcement: Whonix 16 template available QubesOS/qubes-posts
4 participants
@adrelanos @DemiMarie @andrewdavidwong @airelemental