Build for Cubietruck (armf) / physical isolation

Hello !

I am trying to build whonix on a Cubietruck to allow my gateway to be physically isolated.
It runs Wheezy armf.

So far it has been easy, I had not to change a lot of things.
The only file I edited was grml_packages, I had to delete grub-pc as the CB does not use grub.

Anyway, here is the command I used to start the build :

./whonix_build --terminal-only --no-default-applications --enable-whonix-apt-repository --whonix-apt-repository-distribution wheezy --minimal-report --skip-verifiable --skip-sanity-tests --tor-gateway --install-to-root --build >> log_build_whonix 2>&1

The build starts, and continues well until I have a git error stating that my log file 'log_build_whonix ’ has been modified, etc etc…
That does not sound like a fatal error to me, so I decided to ignore it and continue.

The building process continues…fine, until this error pops up :

[...]
'
+ shopt -s globstar dotglob
+ touch -t 201308151102.35 ./debian
+ touch -t 201308151102.35 ./debian/ ./debian/changelog ./debian/compat ./debian/control ./debian/copyright ./debian/gain-root-command ./debian/rules ./debian/source ./debian/source/format ./debian/watch
+ shopt -u globstar dotglob
+ rm --force ../anon-apt-sources-list_0.5.orig.tar.gz
+ gzip -n
+ git archive --format=tar HEAD --prefix=anon-apt-sources-list-0.5/
+ ls -la ../anon-apt-sources-list_0.5.orig.tar.gz
-rw-r--r-- 1 user user 19149 Oct  4 12:51 ../anon-apt-sources-list_0.5.orig.tar.gz
+ '[' '--info --display-info --fail-on-warnings' = '' ']'
+ debuild --no-lintian --rootcmd=/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -sa -us -uc
dpkg: warning: failed to open configuration file '/root/.dpkg.cfg' for reading: Permission denied
 dpkg-buildpackage -r/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -D -us -uc -sa
dpkg-buildpackage: source package anon-apt-sources-list
dpkg-buildpackage: source version 3:0.5-1
dpkg-buildpackage: source changed by Patrick Schleizer <adrelanos@riseup.net>
dpkg: warning: failed to open configuration file '/root/.dpkg.cfg' for reading: Permission denied
 dpkg-source --before-build anon-apt-sources-list
dpkg-buildpackage: host architecture armhf
 /home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command debian/rules clean
/usr/bin/faketime: 102: exec: fakeroot: not found
dpkg-buildpackage: error: /home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command debian/rules clean gave error exit status 127
debuild: fatal error at line 1357:
dpkg-buildpackage -r/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -D -us -uc -sa failed
make: *** [deb-pkg] Error 25
++ error_handler_general
++ error_handler_shared
++ last_exit_code=2
++ last_bash_command='sudo -E -u "$user_name" make deb-pkg'
++ '[' test -o xtrace = 0 ']'
++ set +x
ERROR in pre detected!
Please have a look above "error_handler_general", note the command that failed, its output and last_exit_code.
[...]

Looks like an error from gain-root-command, but Im not sure what causes it.

NB: For the record, here is the git error :

+ true 'INFO: End of: /home/user/Whonix/help-steps/cleanup-files  No error detected. (benchmark: 00:02:29)'
+ true './build-steps.d/1200_create-debian-packages INFO: Cleaned old packages. '
+ check_for_uncommited_changes
+ trap error_handler_general ERR INT TERM
++ git status --porcelain
+ '[' -n ' M log_build_whonix' ']'
+ true './build-steps.d/1200_create-debian-packages ERROR: Git reports uncommitted changes! '
+ true './build-steps.d/1200_create-debian-packages INFO: Running "git status" for your convenience. '
+ git status
# Not currently on any branch.
# Changes not staged for commit:
#   (use "git add <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#	modified:   log_build_whonix
#
no changes added to commit (use "git add" and/or "git commit -a")
+ true './build-steps.d/1200_create-debian-packages INFO: Running git "clean -d --force --force --dry-run" for your convenience. '
+ git clean -d --force --force --dry-run
+ true './build-steps.d/1200_create-debian-packages You most likely like to run:
    /home/user/Whonix/help-steps/cleanup-files
or if you know what you are doing:
    git clean -d --force --force
    git reset --hard'
+ error 'Uncommitted changes! See above!'
./build-steps.d/1200_create-debian-packages: line 131: error: command not found
++ error_handler_general
++ error_handler_shared
++ last_exit_code=127
++ last_bash_command='error "Uncommitted changes! See above!"'
++ '[' test -o xtrace = 0 ']'
++ set +x
ERROR in pre detected!
Please have a look above "error_handler_general", note the command that failed, its output and last_exit_code.
- Please enter c and press enter to ignore the error and continue building. (Recommended against!)
- Please press s and enter to open an chroot interactive shell.
- Please press enter to cleanup and exit. ++ '[' false = true ']'
+++ caller
++ last_caller='128 pre'
++ last_script=pre
++ error_handler_exit
++ '[' false = true ']'
++ abort_or_continue=Aborted
++ rm --force /etc/apt/sources.list.d/whonix_temp.list
++ rm --force /var/run/package_manager_lock
++ true '
############################################################
ERROR in pre detected! Aborted!
(benchmark: 00:02:33)
BASH_COMMAND: error "Uncommitted changes! See above!"
last_exit_code: 127
caller: 128 pre
ERROR in pre! Aborted!
############################################################

Any help would be much appreciated.
Thanks !

Edit: I am building Whonix 9

armf is an unsupported platform. Not tested and not succeeded by anyone ever to my knowledge. Needs a maintainer / porter.

Where you got that “log_build_whonix” file name from?

When you create a build log, don’t put it into the Whonix source folder. Put it into ~/ or so.

Just delete that file for now so you can restart the build.

Yes I know, but It looks like there is not a lot to do to support it since wheezy is available.
And that this kind of SoC (read PI and the others) may be the perfect host for an isolated gateway. (Cheap, reliable, open hardware,…)

It is the log created by whonix_build, aka:
./whonix_build […] --install-to-root --build >> log_build_whonix 2>&1

[quote=“Patrick”]When you create a build log, don’t put it into the Whonix source folder. Put it into ~/ or so.

Just delete that file for now so you can restart the build.[/quote]

I will but I highly doubt the current error is related. I though you would see what’s causing the error in there :
(Well, looks like gain-root-command is in fault, but I don’t know exactly why…)

[code]
[…]
’

• shopt -s globstar dotglob
• touch -t 201308151102.35 ./debian
• touch -t 201308151102.35 ./debian/ ./debian/changelog ./debian/compat ./debian/control ./debian/copyright ./debian/gain-root-command ./debian/rules ./debian/source ./debian/source/format ./debian/watch
• shopt -u globstar dotglob
• rm --force …/anon-apt-sources-list_0.5.orig.tar.gz
• gzip -n
• git archive --format=tar HEAD --prefix=anon-apt-sources-list-0.5/
• ls -la …/anon-apt-sources-list_0.5.orig.tar.gz
  -rw-r–r-- 1 user user 19149 Oct 4 12:51 …/anon-apt-sources-list_0.5.orig.tar.gz
• ‘[’ ‘–info --display-info --fail-on-warnings’ = ‘’ ‘]’
• debuild --no-lintian --rootcmd=/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -sa -us -uc
  dpkg: warning: failed to open configuration file ‘/root/.dpkg.cfg’ for reading: Permission denied
  dpkg-buildpackage -r/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -D -us -uc -sa
  dpkg-buildpackage: source package anon-apt-sources-list
  dpkg-buildpackage: source version 3:0.5-1
  dpkg-buildpackage: source changed by Patrick Schleizer adrelanos@riseup.net
  dpkg: warning: failed to open configuration file ‘/root/.dpkg.cfg’ for reading: Permission denied
  dpkg-source --before-build anon-apt-sources-list
  dpkg-buildpackage: host architecture armhf
  /home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command debian/rules clean
  /usr/bin/faketime: 102: exec: fakeroot: not found
  dpkg-buildpackage: error: /home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command debian/rules clean gave error exit status 127
  debuild: fatal error at line 1357:
  dpkg-buildpackage -r/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -D -us -uc -sa failed
  make: *** [deb-pkg] Error 25
  ++ error_handler_general
  ++ error_handler_shared
  ++ last_exit_code=2
  ++ last_bash_command=‘sudo -E -u “$user_name” make deb-pkg’
  ++ ‘[’ test -o xtrace = 0 ‘]’
  ++ set +x
  ERROR in pre detected!
  Please have a look above “error_handler_general”, note the command that failed, its output and last_exit_code.
  […][/code]

Thanks Patrick.

Edit : Trying again, will post my results.

Edit : Got the exact same error as above :

[code]
[…]
’

• shopt -s globstar dotglob
• touch -t 201308151102.35 ./debian
• touch -t 201308151102.35 ./debian/ ./debian/changelog ./debian/compat ./debian/control ./debian/copyright ./debian/gain-root-command ./debian/rules ./debian/source ./debian/source/format ./debian/watch
• shopt -u globstar dotglob
• rm --force …/anon-apt-sources-list_0.5.orig.tar.gz
• gzip -n
• git archive --format=tar HEAD --prefix=anon-apt-sources-list-0.5/
• ls -la …/anon-apt-sources-list_0.5.orig.tar.gz
  -rw-r–r-- 1 user user 19149 Oct 4 12:51 …/anon-apt-sources-list_0.5.orig.tar.gz
• ‘[’ ‘–info --display-info --fail-on-warnings’ = ‘’ ‘]’
• debuild --no-lintian --rootcmd=/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -sa -us -uc
  dpkg: warning: failed to open configuration file ‘/root/.dpkg.cfg’ for reading: Permission denied
  dpkg-buildpackage -r/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -D -us -uc -sa
  dpkg-buildpackage: source package anon-apt-sources-list
  dpkg-buildpackage: source version 3:0.5-1
  dpkg-buildpackage: source changed by Patrick Schleizer adrelanos@riseup.net
  dpkg: warning: failed to open configuration file ‘/root/.dpkg.cfg’ for reading: Permission denied
  dpkg-source --before-build anon-apt-sources-list
  dpkg-buildpackage: host architecture armhf
  /home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command debian/rules clean
  /usr/bin/faketime: 102: exec: fakeroot: not found
  dpkg-buildpackage: error: /home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command debian/rules clean gave error exit status 127
  debuild: fatal error at line 1357:
  dpkg-buildpackage -r/home/user/Whonix/packages/anon-apt-sources-list/debian/gain-root-command -D -us -uc -sa failed
  make: *** [deb-pkg] Error 25
  ++ error_handler_general
  ++ error_handler_shared
  ++ last_exit_code=2
  ++ last_bash_command=‘sudo -E -u “$user_name” make deb-pkg’
  ++ ‘[’ test -o xtrace = 0 ‘]’
  ++ set +x
  ERROR in pre detected!
  Please have a look above “error_handler_general”, note the command that failed, its output and last_exit_code.
  […][/code]

Edit: Fakeroot wasn’t installed, so, I did install it.
Running a build now.

It is the log created by whonix_build, aka: ./whonix_build [...] --install-to-root --build >> log_build_whonix 2>&1

On Build Documentation: Physical Isolation it suggests

sudo ./whonix_build --tor-gateway --install-to-root --build >> ~/log-phyiso 2>&1

Note, that

~/log-phyiso

will work. While

log-phyiso

won’t work.

Because the former creates the while in your home folder while the latter creates the log in Whonix source folder, which won’t work.

[hr]

fakeroot is not installed for some reason. It should have been installed during the build-steps.d/1100_prepare-build-machine build step. So I need to that the log including that to figure out why it didn’t work.

Yeah, but from which page / chapter exactly did you read it? On https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation#Run_Build_Script it suggests [code]sudo ./whonix_build --tor-gateway --install-to-root --build >> ~/log-phyiso 2>&1[/code]

Yeah, I just came to this too. (Damn I should’ve read more before posting…)
I did install it manually anyway, running a build now.

I’ll keep the thread updated.

Edit: Lintian was not intalled neither.

There will be lots of build dependencies not installed if the build-steps.d/1100_prepare-build-machine build step does not get run.

benjy if you do get an arm build working please document any extra steps or differences from the current guide so we can add it to the wiki.

If you would be willing to test and maintain instructions for arm that would be great, that could really make efficient, low cost hidden services accessible to everyone.

Hey, I’m currently building whonix-gateway 9.4 (physical isolation) on an armhf virtual machine, fresh debian install. This is going to take a while, it runs on QEMU. So far I encountered a single error regarding the grub-pc package, which is normal because this package don’t exist for arm platforms. I chose to ignore this error and to continue the build, to see how far it can go.

ARM single-board computers could indeed be the perfect platform for physical isolation of the gateway. x64 SBC are expensives, and you can find ARM SBC starting at 35$ (Rpi, ODROID-C1).

This commit might help porting to other platforms:
https://github.com/Whonix/Whonix/commit/8ea6278baf7b12457fd40f8f178285f35592698f

(reprepro does not support “Architecture: all”, but now the same platforms as Debian supports should work for local package build and install.)

You might be able to git cherry-pick it.

git cherry-pick 8ea6278baf7b12457fd40f8f178285f35592698f

Can anyone report any progress with building for armhf?

I am struggling greatly in building a bare metal whonix gateway on the Beaglebone Black.

Any advice, success stories?