Template:Non-functional Onion Services
Sometimes the Debian and/or Whonix onion servers are non-functional. This could be due to DDoS attacks on the Tor network. [1] As a result, updates cannot be completed automatically and an error message similar to the one below will appear.
Command:
sudo apt update
Expected output:
Hit:1 https://security.debian.org trixie/updates InRelease Hit:2 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion trixie InRelease Ign:3 https://ftp.us.debian.org/debian trixie InRelease Hit:4 https://deb.whonix.org trixie InRelease Hit:5 https://ftp.us.debian.org/debian trixie Release Err:7 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion trixie/updates InRelease SOCKS proxy socks5h://localhost:9050 could not connect to 5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion (0.0.0.0:0) due to: Host unreachable (6) Err:8 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian trixie InRelease SOCKS proxy socks5h://localhost:9050 could not connect to 2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion (0.0.0.0:0) due to: Host unreachable (6) Reading package lists… Done W: Failed to fetch tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/dists/trixie/updates/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to 5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion (0.0.0.0:0) due to: Host unreachable (6) W: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/trixie/InRelease SOCKS proxy socks5h://localhost:9050 could not connect to 2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion (0.0.0.0:0) due to: Host unreachable (6) W: Some index files failed to download. They have been ignored, or old ones used instead.
Until the onion service is re-established, complete the following steps in Whonix-Gateway™ (whonix-gateway-18) and Whonix-Workstation™ (whonix-workstation-18) to circumvent the issue. [2] [3]
1. Open the Debian sources in an editor.
Open file /etc/apt/sources.list.d/debian.sources in an editor with administrative ("root") rights.
1 Select your platform.
2 Notes.
- Sudoedit guidance: See Open File with Root Rights
for details on why using sudoeditimproves security and how to use it. - Editor requirement: Close Featherpad (or the chosen text editor) before running the
sudoeditcommand.
3 Open the file with root rights.
sudoedit /etc/apt/sources.list.d/debian.sources
2 Notes.
- Sudoedit guidance: See Open File with Root Rights
for details on why using sudoeditimproves security and how to use it. - Editor requirement: Close Featherpad (or the chosen text editor) before running the
sudoeditcommand. - Template requirement: When using Qubes-Whonix, this must be done inside the Template.
3 Open the file with root rights.
sudoedit /etc/apt/sources.list.d/debian.sources
4 Notes.
- Shut down Template: After applying this change, shut down the Template.
- Restart App Qubes: All App Qubes based on the Template need to be restarted if they were already running.
- Qubes persistence: See also Qubes Persistence

- General procedure: This is a general procedure required for Qubes and is unspecific to Qubes-Whonix.
2 Notes.
- Example only: This is just an example. Other tools could achieve the same goal.
- Troubleshooting and alternatives: If this example does not work for you, or if you are not using Whonix, please refer to Open File with Root Rights.
3 Open the file with root rights.
sudoedit /etc/apt/sources.list.d/debian.sources
2. Disable the onionized Debian repositories and enable the clearnet repositories.
The code blocks should look like this; only these entries require editing. [4]
######## ENABLED SOURCES ######## Types: deb URIs: tor+https://deb.debian.org/debian Suites: trixie trixie-updates trixie-backports Components: main contrib non-free non-free-firmware Enabled: yes # <<<<< change this line from "no" to "yes" Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb URIs: tor+https://deb.debian.org/debian-security Suites: trixie-security Components: main contrib non-free non-free-firmware Enabled: yes # <<<<< change this line from "no" to "yes" Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb URIs: tor+https://fasttrack.debian.net/debian-fasttrack Suites: trixie-fasttrack trixie-backports-staging Components: main contrib non-free Enabled: yes # <<<<< keep this line saying "yes" Signed-By: /usr/share/keyrings/fasttrack-archive-keyring.gpg ######## DISABLED BY DEFAULT SOURCES ######## #### deb #### Types: deb URIs: tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian Suites: trixie trixie-updates trixie-backports Components: main contrib non-free non-free-firmware Enabled: no # <<<<< change this line from "yes" to "no" Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb URIs: tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security Suites: trixie-security Components: main contrib non-free non-free-firmware Enabled: no # <<<<< change this line from "yes" to "no" Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg ## No onion for fasttrack yet: https://salsa.debian.org/fasttrack-team/support/-/issues/27
Save and exit.
3. Confirm the clearnet repositories are functional.
sudo apt update
4. Optional: Revert and update the package lists.
Consider reverting these changes later on, because onion repositories offer various security advantages. Afterwards, apply Updates to refresh the package lists.
- ↑
- ↑
If similar issues occur with Whonix or Qubes onion services then follow the same procedure and modify the
derivative.sourcesandqubes-r4.listfiles, respectively. - ↑
https://forums.whonix.org/t/errors-updating-september-2018/6028

- ↑ https://salsa.debian.org/fasttrack-team/support/-/issues/27

.
We believe security software like Whonix needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 14 year success story and maybe DONATE!