Parrot OS+Whonix=apt-get update no working

Hello, I have a problem.

Apt-get updates do not work in “Whonix + Parrot OS” bundle. Moreover, the Internet is in the browser, but with the command “apt-get update” it shows the error “403”.

Most likely this is due to the tricky dns settings in Parrot OS … To configure the Whonix gateway network, you need to change the DNS settings in “resolv.conf” in Parrot, but this file is overwritten with default values ​​when the system is restarted. But when you change the values ​​in resolv.conf, the Internet immediately appears, but only in the browser, “apt-get update” still does not work, and shows a “403” error.

Whonix is ​​well tuned, no problem here. the same Kali Linux works fine. Problems only with Parrot OS.

403 is a forbidden error. Standard rep doesn’t allow Torified upgrades until you set that up with the .onion addresses.

This thread may help you it lists onion repositories (as of July, may have changed):

[System update issues through TOR(Anonsurf, onion routing)]

1 Like

Thank you very much for your answer!

But all the same, I don’t understand one thing, why everything works fine in Kali + Whonix, in Kali I can update the system with or without a Tor connection … And in Parrot, you need to change the repositories, …

Please go sudo -s and go to root mode change the file which will not revert again.
Please check you are using proxy server or what is my publics IP.
I see most of the cases 403 IPS public IP black listed indeed. Most probably not able to reach parrot repository.
Check it

I guess you are using Whonix in VirtualBox?
I can also guess that you install Whonix repos in Parrot OS.
In general apt is OK for individual package installation. For updates including kernel use gnome-software.

Parrot repos don’t communicate over Tor exit relays.

no, qemu-kvm

Parrot OS - physical machine + qemu-kvm + Whonix + Parrot OS = apt-get update no working:

Err:1 rolling InRelease
  403  Forbidden [IP: 443]
Err:2 rolling-security InRelease
  403  Forbidden [IP: 443]
Reading package lists... Done
E: Failed to fetch  403  Forbidden [IP: 443]
E: The repository ' rolling InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

an identical update error occurs when you turn it on Anon Surf

no, I have not installed Whonix repos in Parrot OS. And this should be done? :thinking:

on the one hand, it is a pity … But, from a security point of view, this is correct.

You did not try the most important one gnome-software.
sudo apt install gnome-software
Menu->Software (update tab)
It is buggy in Parrot but if there is any interference it will work better than apt (I did not try it in Whonix).
To my shame I do use Qemu every day but not in this case so I can’t help you specifically!

installed - does not run on mate :grimacing:

a similar situation in similar programs, for example in Discovery, … also not updated with Whonix or Tor enabled

Gnome-software runs on Mate. You just have to install it after a new install. Here it is what I do:
New install:
Before going on line: sudo apt remove gufw
First time online: sudo apt install firewall-config (and I configure firewalld)
sudo apt install gnome-software
Menu->Software (update tab)
Hit download untill Cancel comes on.
Hit Reboot & Install a few times and reboot manually!

They are separate Linux distributions, hosted off different servers, managed by a separate team. :smile:

EDIT: Depending on the server some Parrot repos block upgrades from Tor to the clearnet addresses (some). I surmise there may be a few reasons for this as the Parrot .onion address is not only more private, but a more secure/safer way to upgrade, especially over Tor. Here are some good reasons to block clearnet Tor upgrades but allow .onion:

  • Using .onion has less chance for manipulation.

  • .onion Hidden services adds/allows Parrot to better control encryption (tor client -> .onion) without third party cert authority needed (clearnet https).

  • Hidden .onion services cannot be resolved to ip address, making the server less of a target for hackers than a publicly known clearnet server.

  • Blocking Tor nodes from connecting to clearnet servers altogether prevents abuse.

Hope this helps :slight_smile:

1 Like

thanks! Somehow I’ll do a test on a virtual machine

I’m dumb, of course, but not to that extent :joy:

1 Like

It is my time to eat the Brown I was shoveling! The repos have been changed or poisoned and gnome-software can’t be installed even in a new install. I have to change a lot of computers…

I stand by my initial assessment that gnome-software is a far better update tool.

It is working now at least on my side.

I live in a bubble and switched to GUIX a while ago (a very painful switch). Only Arch has it in their repos and it is recommended to use a self build anyway. I will have to re-examine some things and see…