Whonix host - nonfree blobs - firmware-linux-nonfree - technical discussion only

Comments on project philosophy i.e. to install or not install nonfree packages need to be added here instead:

This is the list of “our” packages from whonix-stuff/Whonix-Desktop list of new packages at master · onions-knight/whonix-stuff · GitHub

firmware-amd-graphics
firmware-atheros
firmware-b43-installer
firmware-b43legacy-installer
firmware-brcm80211
firmware-intel-sound
firmware-ipw2x00
firmware-iwlwifi
firmware-libertas
firmware-linux
firmware-linux-free
firmware-linux-nonfree
firmware-misc-nonfree
firmware-realtek
firmware-ti-connectivity
firmware-zd1211

This is the list of all firmware-* packages in Debian buster.

firmware-adi deprecated transitional package
firmware-intelwimax
firmware-myricom
firmware-amd-graphics
firmware-ipw2x00
firmware-netronome
firmware-ath9k-htc
firmware-ivtv
firmware-netxen
firmware-ath9k-htc-dbgsym
firmware-iwlwifi
firmware-qcom-media
firmware-atheros
firmware-libertas
firmware-qlogic
firmware-b43-installer
firmware-linux
firmware-ralink
firmware-b43legacy-installer
firmware-linux-free
firmware-realtek
firmware-bnx2
firmware-linux-nonfree
firmware-samsung
firmware-bnx2x
firmware-microbit-micropython
firmware-siano
firmware-brcm80211
firmware-microbit-micropython-dl
firmware-ti-connectivity
firmware-cavium
firmware-microbit-micropython-doc
firmware-zd1211
firmware-intel-sound
firmware-misc-nonfree

Could you work on Dev/nonfree - Kicksecure please, i.e. look which packages we should add to “our” list and which ones are outdated (deprecated transitional packages) and which ones are not wanted since irrelevant for some reason?

Preparing to unpack .../firmware-ipw2x00_20190114-1_all.deb ...

firmware-ipw2x00 agree question could not be asked
try '\''dpkg-reconfigure debconf'\'' to select a frontend other than noninteractive

dpkg: error processing archive /var/cache/apt/archives/firmware-ipw2x00_20190114-1_all.deb (--unpack):
 new firmware-ipw2x00 package pre-installation script subprocess returned error exit status 2
Errors were encountered while processing:
 /var/cache/apt/archives/firmware-ipw2x00_20190114-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)       '
+ apt_get_exit_code=100

search term:

preseed firmware-ipw2x00/license/accepted

https://git-tails.immerda.ch/tails/tree/config/chroot_local-preseed/firmware

Now I need to figure out how to apply such a file.

echo b43-fwcutter b43-fwcutter/cut_firmware boolean true | debconf-set-selections
echo firmware-ipw2x00 firmware-ipw2x00/license/accepted boolean true | debconf-set-selections
echo firmware-iwlwifi firmware-iwlwifi/license/accepted boolean true | debconf-set-selections
echo firmware-ralink firmware-ralink/license/accepted boolean true | debconf-set-selections

That’s functional.

I was wrong. firmware asks the question during package unpack but whonix-legacy preinst runs too late.

https://github.com/Whonix/Whonix/commit/2ed511e81f7c6c4cb2830b83dd43d1ebfd7a04e1

Not a great solution. Even Pre-Depends: does not work. The place to declare the Pre-Depends: would be in each individual package that asks debconf questions (here: firmware packages). But since Debian ships these packages, it looks very unlikely to get this change merged. “Install my package as early as possible” is a missing Debian feature. They’d probably expect this being done as a chroot script and didn’t have in mind “sudo apt-get install whonix”.

This is ugly. Uses wget inside chroot.

Setting up firmware-b43-installer (1:019-4) ...
A chroot environment has been detected.
Remember this firmware needs kernel >= 2.6.25.
--2020-03-14 12:05:05--  http://www.lwfinger.com/b43-firmware/broadcom-wl-5.100.138.tar.bz2
Resolving www.lwfinger.com (www.lwfinger.com)... 64:ff9b::adfe:1eb2, 173.254.30.178
Connecting to www.lwfinger.com (www.lwfinger.com)|64:ff9b::adfe:1eb2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13514651 (13M) [application/x-tar]
Saving to: ?broadcom-wl-5.100.138.tar.bz2?

broadcom-wl-5.100.138.tar.bz2             100%[===================================================================================>]  12.89M  1.16MB/s    in 26s     

2020-03-14 12:05:31 (516 KB/s) - ?broadcom-wl-5.100.138.tar.bz2? saved [13514651/13514651]

broadcom-wl-5.100.138.tar.bz2: OK
broadcom-wl-5.100.138/linux/wl_apsta.o
This file is recognised as:
filename   :  wl_apsta.o
version    :  666.2
MD5        :  e1b05e268bcdbfef3560c28fc161f30e
Extracting b43/lp0initvals14.fw
...

Setting up firmware-b43legacy-installer (1:019-4) ...
A chroot environment has been detected.
Remember this firmware needs kernel >= 2.6.25.
--2020-03-14 12:05:34--  http://downloads.openwrt.org/sources/wl_apsta-3.130.20.0.o
Resolving downloads.openwrt.org (downloads.openwrt.org)... 2a01:4f8:150:6449::2, 176.9.48.73
Connecting to downloads.openwrt.org (downloads.openwrt.org)|2a01:4f8:150:6449::2|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://sources.openwrt.org/wl_apsta-3.130.20.0.o [following]
--2020-03-14 12:05:35--  http://sources.openwrt.org/wl_apsta-3.130.20.0.o
Resolving sources.openwrt.org (sources.openwrt.org)... 2a01:4f8:210:5087::2, 148.251.151.136
Connecting to sources.openwrt.org (sources.openwrt.org)|2a01:4f8:210:5087::2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 652866 (638K) [application/octet-stream]
Saving to: ?wl_apsta-3.130.20.0.o?

wl_apsta-3.130.20.0.o                     100%[===================================================================================>] 637.56K  5.28KB/s    in 2m 26s  

2020-03-14 12:08:02 (4.36 KB/s) - ?wl_apsta-3.130.20.0.o? saved [652866/652866]

wl_apsta-3.130.20.0.o: OK
This file is recognised as:
filename   :  wl_apsta.o
version    :  295.14
MD5        :  e08665c5c5b66beb9c3b2dd54aa80cb3
Extracting b43legacy/ucode2.fw


/var/lib/dpkg/info/firmware-b43-installer.postinst

#!/bin/sh
set -e

#########################################################################

VERSION="5.100.138"

BROADCOM_WL="broadcom-wl-${VERSION}"

WL_APSTA="${BROADCOM_WL}/linux/wl_apsta.o"

DOWNLOAD="${BROADCOM_WL}.tar.bz2"

URL="http://www.lwfinger.com/b43-firmware/${DOWNLOAD}"

SHA512SUM="02487e76e3eca7fe97ce2ad7dc9c5d39fac82b8d5f7786cce047f9c85e2426f5b7ea085d84c7d4aae43e0fe348d603e3229211bab601726794ef633441d37a8b"

FIRMWARE_INSTALL_DIR="/lib/firmware"

B43="b43"

#########################################################################
# stable sections below, not updated for firmware updates		#
#########################################################################

. /usr/share/debconf/confmodule

latest_firmware ()
{
tmp=$(mktemp -q -d)

cd $tmp

# use apt proxy
APT_PROXIES=$(apt-config shell \
http_proxy Acquire::http::Proxy \
https_proxy Acquire::https::Proxy \
ftp_proxy Acquire::ftp::Proxy \
)

if [ -n "$APT_PROXIES" ]; then
        eval export $APT_PROXIES
fi

if ! wget --timeout=60 "${URL}"; then
	echo "$0: Some problem occurred during the firmware download. Please check your internet connection." 1>&2
	exit 1
fi
if ! sha512sum -c /dev/stdin << EOF; then
${SHA512SUM}  ${DOWNLOAD}
EOF
	echo "$0: Downloaded firmware did not match known SHA512 checksum, aborting." 1>&2
	exit 1
fi
if [ "${DOWNLOAD}" != "${WL_APSTA}" ]; then
	if ! tar xvjf "${DOWNLOAD}" "${WL_APSTA}"; then
		echo "$0: Unpacking firmware file failed, unable to continue (is /tmp full?)." 1>&2
		exit 1
	fi
fi

...

https://api.travis-ci.org/v3/job/670229709/log.txt

Setting up firmware-b43legacy-installer (1:019-4) ...
A chroot environment has been detected.
Remember this firmware needs kernel >= 2.6.25.
--2020-04-02 17:08:45--  http://downloads.openwrt.org/sources/wl_apsta-3.130.20.0.o
Connecting to 127.0.0.1:3142... connected.
Proxy request sent, awaiting response... 403 Forbidden file type or location
2020-04-02 17:08:45 ERROR 403: Forbidden file type or location.

/var/lib/dpkg/info/firmware-b43legacy-installer.postinst: Some problem occurred during the firmware download. Please check your internet connection.
dpkg: error processing package firmware-b43legacy-installer (--configure):
 installed firmware-b43legacy-installer package post-installation script subprocess returned error exit status 1

Will remove now. Can try to repair, re-add later if someone really needs this.