Docker Container that builds Whonix Images

Hi everyone!

I wanted to make a small contribution to show my appreciation of this amazing project and community.

whonix_builder repo:

Thanks @Patrick for his support with the derivative-maker and everyone else who is committed to this noble cause.

You guys are awesome! :+1:

1 Like

Nice work. I have a couple of questions

What do you see as the use case for this tool?

Why do you need to restart the daemon after building the image?

1 Like

Hey there!

I set up a build server that will use a variation of this dockerfile to automatically produce builds when there is a new tag available or simply on demand.

Unfortunately, Patrick advised that for reasons of licensing and security, the server would not be suitable for the Whonix Team, so I’ll just do test builds on it for now.

The Dockerfile I released on Github is a basic draft of the original that lacks some of the automation features in the whonix_starter script, but I thought it would still be suitable for private builds.

I’ll add dnscrypt and torrified apt_cacher soon, to make it complete.

Restarting the daemon directly after building local images that use ENTRYPOINT is sometimes necessary to avoid issues, if docker run is executed immediately after.

1 Like

Groovy. Your skillset is interesting. If you want to help with any of our automation efforts, I am the maintainer of our CI automation and currently have a variety of tasks that might be a good fit…mostly ansible and linux related, but triggered by a github actions container

1 Like

Sure thing, I’d love to help you guys out if I can!

I wasn’t even aware that existed, way more sophisticated and elegant. (Unsurprisingly)

I’m not a professional coder, but anything Linux/shell or Java related I can definitely help with.

I see, you actually own that repo. I’ll have a quick look.

1 Like

Cool. I’ll have to read up on ansible a bit, but if there is something I can help you guys with, please let me know.

Who is currently working on this anyway?

1 Like

Pretty much just me. Patrick makes improvements sometimes too.

I see, most of you guys are actual software engineers or work in that field professionally though, right?

When I look at the magnitude and level of coding that makes up Whonix and all of its side projects, I am truly humbled. Combined with free support, maintaining documentation, repositories, etc. it’s absolutely insane what you people are doing here. It must be like having a second full time job.

The amount of people who are benefiting from this work is surely immeasurable. Personally, I’ve known about Whonix for a while, but recently got more interested because of activism and supporting a human rights watch group. The goal is to make Whonix and other privacy oriented software more available in countries with oppressive governments and net neutrality issues.

I am, but I cant speak for everyone who works here. Many of us work in private, but my contributions are attached to my real name so I am not too worried about sharing a bit.

That said, if you know some linux/shell scripting, ansible isnt a very far jump. Its basically well organized shell scripting for configuring servers (or sometimes other devices)

I am 100% happy to help get you up to speed, and even pair with screensharing and audio/(or text chat if you wish for opsec reasons.

Also too, if there are other projects that interest you, I am willing to offer feedback and any advice that I am able.

Awesome, I’m glad I met you here!

I’ll read some Ansible documentation and fork the repo so I can make commit requests.
We can exchange ideas here or via e-mail if you like. You just tell me what specific area needs a second set of eyes and I’ll do my best to contribute what I can.

If it’s ok, I’d also like to finish my work with the whonix_builder. I managed to get dsncrypt working with systemd (dnscrypt-proxy removed from bookworm main), but torrified apt-cacher-ng is still a bit challenging. I’ll figure it out though, hopefully lol.