For anyone who is interested, I started a repo for defining Whonix via Packer. I think there are already some successful Vagrant defs but of course that’s just more vbox. Packer seems to be able to help convert between multiple types of images without necessarily using the underlying build def for each platform.
I don’t see any issue getting away from VirtualBox. Related:
Arguments for keeping VirtualBox Support
Multiple platforms already supported. Overview here:
Why use a link shortener/redirector? https://u.nu/p7yxa
Will have a look…
This is similar to:
i.e. similar to distro morphing.
Whonix-Packer/build.sh at master · bitnom/Whonix-Packer · GitHub
[1] --target root and distro morphing is OK for personal use but unsuitable for redstributable builds for reasons on which I expanded just now here:
Whonix Installation from Whonix APT Repository
Whonix-Packer/packer_whonix-gateway_digitalocean.box at master · bitnom/Whonix-Packer · GitHub
Binary (and in most cases also auto generated) files should not be part of of a source repository.
Tools suiteable for creation for VM images for personal use are not necessarily suitable for redistributable images. I don’t know yet about packer specifically.
If suitable generally, these might not be suitable for Whonix. Might be easier to use such tools for Kicksecure.
In case of Whonix, very specific VM settings are required to be set on the host operating system:
- VirtualBox: https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm
- KVM: https://github.com/Whonix/whonix-libvirt/tree/master/usr/share/whonix-libvirt/xml
Most importantly, the number of virtual network interfaces and connecting Whonix-Workstation through Whonix-Gateway.
I don’t know how such settings could be set on lets say digitalocean.
Got more detail comments but I leave it here for now as these are the potential major architectural blockers.
As for packer it’s interesting and good to know that it’s in packages.debian.org too.
In theory, a tool to abstract all the VM creation code into a specialized tool for that purpose is desirable. But I am not sure any tool is suitable.
Since installation from repository is unsuitable, I’d hope that packer can (I guess it can somehow) start with a raw image which would be created by Whonix build script as it is already now. Whonix build script could then use packager to create all the virtual machine images for all the platforms instead of using virtualizer specific build steps of that such as currently:
- https://github.com/Whonix/Whonix/blob/master/build-steps.d/1150_export-libvirt-xml
- https://github.com/Whonix/Whonix/blob/master/build-steps.d/2400_convert-raw-to-qcow2
- https://github.com/Whonix/Whonix/blob/master/build-steps.d/2500_convert-raw-to-vdi
- https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm
- https://github.com/Whonix/whonix-developer-meta-files/blob/master/release/prepare_release
Reading packager documentation a bit, I haven’t seen any solution for:
Therefore we’d probably have to invent custom code doing that using packer post-processors. That’s why I am not sure yet if it would be useful to include packer into Whonix build script. If the “heavy lifting”, by that I mean this…:
…is done using packer post-processor or similar, then we still need a lot virtualizer specific scripts / snippets. Therefore this also wouldn’t simplify much any port such as LXC or docker.