send a pull request to onion-grater so we ship the cwtch profile in Whonix by default
open a feature request for cwtch to set variables CWTCH_TAILSCWTCH_RESTRICT_PORTS and CWTCH_BIND_EXTERNAL_WHONIX automatically if Whonix was detected. That could be based by testing if file /usr/share/anon-ws-base-files/workstation exists.
I see all those variables as necessary on Whonix, not optional, so system detection would be nice. They are already doing that with CWTCH_BIND_EXTERNAL_WHONIX, by blocking it if Whonix is not detected.
But will wait to get a definitive profile.
Also, because the profile is repeated on the documentation an another file, I think it should not be in the docs, code duplication will be forgotten.
This is become strange because there is no reasons for Cwtch to have extra information on the profile, like Whonix packaging ## meta start for example.
In the future, we may ask for them to simply mention Whonix already has the profile that only needs to be loaded, therefore no code duplication to keep in sync with files that don’t completely match.
I’m running Qubes-Whonix (Whonix 16, waiting for Qubes OS 4.2 to be stable to upgrade to Whonix 17). I followed the install instructions.
Upon launching, I get the error output: cwtch-autobindings/lib.go [ERR ] Error connecting to Tor replacing with ErrorACN: write tcp 127.0.0.1:57352->127.0.0.1:9051: write: broken pipe
Within the UI, a similar message is under “Tor Status”.
Others in the Cwtch Testers group have had the same issue.
Note sure if this is relevant, but additionally the first two lines of output are:
(cwtch:5927): dbind-WARNING **: 15:32:42.325: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
(cwtch:5927): Gdk-CRITICAL **: 15:32:42.388: gdk_window_get_state: assertion 'GDK_IS_WINDOW (window)' failed
Any thoughts on what is causing this? Discussion in the Cwtch Testers group did not resolve the issue.
I’m not sure whether this is expected behaviour, but even after “Reload Firewall”, the Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf still appears empty. The Whonix docs imply that it would not be empty if a change to the firewall settings was made.
startup command /home/user/.local/bin/cwtch is a bit cumbersome
The install-whonix.sh by default installs to the home folder. In the future this will cause a conflict with Enhanced Security via Mount Options and Compiler Restrictions. This would be a non-issue if installed to the system. That would happen if a .deb was available.
A .deb is planned, mentioned in a comment here by upstream: