Docker Container that builds Whonix Images

Development
1

Hi everyone!

I wanted to make a small contribution to show my appreciation of this amazing project and community.

whonix_builder repo:

Thanks @Patrick for his support with the derivative-maker and everyone else who is committed to this noble cause.

You guys are awesome! :+1:

1 Like
2

Nice work. I have a couple of questions

What do you see as the use case for this tool?

Why do you need to restart the daemon after building the image?

1 Like
3

Hey there!

I set up a build server that will use a variation of this dockerfile to automatically produce builds when there is a new tag available or simply on demand.

Unfortunately, Patrick advised that for reasons of licensing and security, the server would not be suitable for the Whonix Team, so I’ll just do test builds on it for now.

The Dockerfile I released on Github is a basic draft of the original that lacks some of the automation features in the whonix_starter script, but I thought it would still be suitable for private builds.

I’ll add dnscrypt and torrified apt_cacher soon, to make it complete.

Restarting the daemon directly after building local images that use ENTRYPOINT is sometimes necessary to avoid issues, if docker run is executed immediately after.

1 Like
4

Groovy. Your skillset is interesting. If you want to help with any of our automation efforts, I am the maintainer of our CI automation and currently have a variety of tasks that might be a good fit…mostly ansible and linux related, but triggered by a github actions container

1 Like
5

Sure thing, I’d love to help you guys out if I can!

I wasn’t even aware that existed, way more sophisticated and elegant. (Unsurprisingly)

I’m not a professional coder, but anything Linux/shell or Java related I can definitely help with.

I see, you actually own that repo. I’ll have a quick look.

6
1 Like
7

Cool. I’ll have to read up on ansible a bit, but if there is something I can help you guys with, please let me know.

Who is currently working on this anyway?

1 Like
8

Pretty much just me. Patrick makes improvements sometimes too.

9

I see, most of you guys are actual software engineers or work in that field professionally though, right?

When I look at the magnitude and level of coding that makes up Whonix and all of its side projects, I am truly humbled. Combined with free support, maintaining documentation, repositories, etc. it’s absolutely insane what you people are doing here. It must be like having a second full time job.

The amount of people who are benefiting from this work is surely immeasurable. Personally, I’ve known about Whonix for a while, but recently got more interested because of activism and supporting a human rights watch group. The goal is to make Whonix and other privacy oriented software more available in countries with oppressive governments and net neutrality issues.

10

I am, but I cant speak for everyone who works here. Many of us work in private, but my contributions are attached to my real name so I am not too worried about sharing a bit.

That said, if you know some linux/shell scripting, ansible isnt a very far jump. Its basically well organized shell scripting for configuring servers (or sometimes other devices)

I am 100% happy to help get you up to speed, and even pair with screensharing and audio/(or text chat if you wish for opsec reasons.

Also too, if there are other projects that interest you, I am willing to offer feedback and any advice that I am able.

11

Awesome, I’m glad I met you here!

I’ll read some Ansible documentation and fork the repo so I can make commit requests.
We can exchange ideas here or via e-mail if you like. You just tell me what specific area needs a second set of eyes and I’ll do my best to contribute what I can.

If it’s ok, I’d also like to finish my work with the whonix_builder. I managed to get dsncrypt working with systemd (dnscrypt-proxy removed from bookworm main), but torrified apt-cacher-ng is still a bit challenging. I’ll figure it out though, hopefully lol.

12

There is a problem with whonix-builder at build stage /build-steps.d/3200_create-raw-image

Another member explains there has to be extra build steps for converting image to docker format.

Can you explain how this is done?

+ true 'INFO: BEGIN: dist_build_one_build_step_current: ./build-steps.d/3200_create-raw-image'
+ ././build-steps.d/3200_create-raw-image --flavor whonix-workstation-cli --target raw --arch amd64 --repo true
+ set -e
+ true 'INFO: Currently running script: ././build-steps.d/3200_create-raw-image --flavor' whonix-workstation-cli --target raw --arch amd64 --repo true
+++ dirname ././build-steps.d/3200_create-raw-image
++ cd ././build-steps.d
++ pwd
+ MYDIR=/home/user/whonix/build/derivative-maker/build-steps.d
+ cd /home/user/whonix/build/derivative-maker/build-steps.d
+ cd ..
+ cd help-steps
+ source pre
++ true 'pre INFO: begin'
++ '[' '!' '' = true ']'
++ dist_build_no_unset_xtrace=false
++ true 'pre INFO: dist_build_no_unset_xtrace=false - Therefore setting +x...'
++ set +x
INFO: Script running as as non-root, ok.
INFO: Running 'sudo --non-interactive -- test -d /usr' to test if sudo password entry prompt is needed...
INFO: sudo password already previously cached (entered) or this system has passwordless sudo, ok.
INFO: Running 'sudo --non-interactive -- test -d /usr 2>&1' to test if output (stdout, stderr) is empty as expected (no warnings or error messages shown)...
INFO: root_check ok.
pre INFO: set -x
++ true 'pre INFO: End of script, ok.'
+ source colors
++ '[' '!' true = true ']'
+ source variables
++ true 'variables INFO: begin'
++ test -o xtrace
++ xtrace_was_set=true
++ '[' '!' false = true ']'
++ dist_build_no_unset_xtrace=false
++ true 'variables INFO: dist_build_no_unset_xtrace=false - Therefore setting +x...'
++ set +x
INFO: Setting... export UWT_DEV_PASSTHROUGH="1"
INFO: dist_build_target_arch         (--arch): amd64
INFO: BUILD_KERNEL_PKGS       (--kernel): linux-image-amd64
INFO: BUILD_HEADER_PKGS      (--headers): linux-headers-amd64
INFO: No --connection type 'clearnet' or 'onion' has been chosen. Defaulting dist_build_sources_clearnet_or_onion to clearnet.
(Alternative value would be 'onion'.)
INFO: BUILD_INITRAMFS_PKGS (--initramfs): dracut dracut-live dracut-config-generic dracut-config-rescue binutils dmsetup pigz
INFO: Variable dist_build_version was unset. Auto detected. Set to: dist_build_version=17.0.5.9
++ true 'variables INFO: End of script, ok.'
variables INFO: set -x
+ main --flavor whonix-workstation-cli --target raw --arch amd64 --repo true
+ '[' '' = true ']'
+ '[' '' = true ']'
+ '[' workstation = custom-workstation ']'
+ '[' workstation = gateway ']'
+ '[' workstation = workstation ']'
+ create-debian-raw-image
+ mkdir --parents /home/user/derivative-binary/
+ '[' '!' '' = '' ']'
++ uname --machine
+ ARCH=x86_64
+ true '././build-steps.d/3200_create-raw-image INFO: Architecture x86_64 detected.'
+ true 'INFO: dist_build_target_arch set to: amd64'
+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD mkdir --parents /etc/debootstrap/etc/apt/
+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD cp /home/user/whonix/build/derivative-maker/build_sources/debian_stable_current_clearnet.list /etc/debootstrap/etc/apt/sources.list
+ true 'INFO: Using the following /etc/apt/sources.list for grml-debootstrap: '
+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD cat /etc/debootstrap/etc/apt/sources.list
## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## Using specific codenames (for example: "bookworm") rather than generic code
## names (for example: "stable") because grml-debootstrap did not support
## generic code names for --release. See also:
## github.com/grml/grml-debootstrap/issues/37

## Using contrib, because it contains virtualbox-guest-x11.

## Added deb-src so source package can also be downloaded.

deb http://HTTPS///deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://HTTPS///deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

deb http://HTTPS///deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb-src http://HTTPS///deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware

deb http://HTTPS///deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
deb-src http://HTTPS///deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware

deb http://HTTPS///fasttrack.debian.net/debian bookworm-fasttrack main contrib non-free
deb-src http://HTTPS///fasttrack.debian.net/debian bookworm-fasttrack main contrib non-free

deb http://HTTPS///deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb-src http://HTTPS///deb.debian.org/debian bookworm main contrib non-free non-free-firmware

## Last entry must be a "good" one since dist_build_apt_stable_release is set
## from last line starting with 'deb'. Should be "bookworm" (stable) and not
## backports or something else.
+ '[' -n '' ']'
+ export DEBUG=true
+ DEBUG=true
+ '[' -n '' ']'
+ export REPORT_TRAP_ERR=yes
+ REPORT_TRAP_ERR=yes
+ '[' -n '' ']'
+ export FAIL_TRAP_ERR=yes
+ FAIL_TRAP_ERR=yes
+ '[' -n '' ']'
+ export 'DPKG_OPTIONS=-o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew'
+ DPKG_OPTIONS='-o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew'
+ '[' -n '' ']'
+ export KERNEL=none
+ KERNEL=none
+ '[' -n '' ']'
+ export COMPONENTS=main
+ COMPONENTS=main
+ '[' -n '' ']'
+ export FSCK=yes
+ FSCK=yes
+ '[' -n '' ']'
+ export TIMEZONE=UTC
+ TIMEZONE=UTC
+ '[' -n '' ']'
+ export RM_APTCACHE=no
+ RM_APTCACHE=no
+ '[' -n '' ']'
+ export UPGRADE_SYSTEM=no
+ UPGRADE_SYSTEM=no
+ '[' -n '' ']'
+ export FIXED_DISK_IDENTIFIERS=yes
+ FIXED_DISK_IDENTIFIERS=yes
+ '[' -n '' ']'
+ export NOKERNEL=true
+ NOKERNEL=true
+ '[' -n '' ']'
+ export NOINTERFACES=true
+ NOINTERFACES=true
+ mmdebstrap_wrapper=/home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter
+ '[' whonix-workstation-cli = whonix-gateway-rpi ']'
+ '[' amd64 = arm64 ']'
+ '[' -n '' ']'
+ export DEBOOTSTRAP=/home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter
+ DEBOOTSTRAP=/home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter
+ '[' /home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter = /home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter ']'
+ '[' -n '' ']'
+ export MIRROR=/home/user/whonix/build/derivative-maker/build_sources/debian_stable_current_clearnet.list
+ MIRROR=/home/user/whonix/build/derivative-maker/build_sources/debian_stable_current_clearnet.list
+ grep -q dracut
+ echo 'dracut dracut-live dracut-config-generic dracut-config-rescue binutils dmsetup pigz'
+ '[' -n '' ']'
+ export INITRD_GENERATOR=dracut
+ INITRD_GENERATOR=dracut
+ dist_grml_mount_point=/mnt/derivative-maker-grml-debootstrap.153034
+ export dist_grml_mount_point
+ true 'INFO: --debopt when grml-debootstrap invokes debootstrap dist_build_debopt:  --verbose '
+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD --preserve-env env http_proxy=http://127.0.0.1:3142 https_proxy=http://127.0.0.1:3142 ALL_PROXY=http://127.0.0.1:3142 dist_build_multiarch_package_item=amd64 bash -x -e /usr/sbin/grml-debootstrap --debopt ' --verbose ' --arch amd64 --filesystem ext4 --vmefi --force --hostname host --nopassword --release bookworm --keep_src_list --verbose --vmfile --vmsize 100G --packages /home/user/whonix/build/derivative-maker/grml_packages --mntpoint /mnt/derivative-maker-grml-debootstrap.153034 --target /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
+ '[' -n yes ']'
+ '[' -n yes ']'
+ '[' yes = yes ']'
+ set -e
+ set -E
+ set -o pipefail
+ trap error_handler ERR
+ export -f error_handler
++ basename /usr/sbin/grml-debootstrap
+ PN=grml-debootstrap
+++ command -v /usr/sbin/grml-debootstrap
++ dirname /usr/sbin/grml-debootstrap
+ [[ -d /usr/sbin/.git ]]
++ dpkg-query --show '--showformat=${Version}' grml-debootstrap
+ VERSION=0.103
+ VERSION=0.103
+ MNTPOINT=/mnt/debootstrap.153227
+ '[' -n '' ']'
+ CHROOT_SCRIPTS=yes
+ '[' -n '' ']'
+ CONFFILES=/etc/debootstrap
+ '[' -n '' ']'
+ DEBCONF=yes
+ '[' -n noninteractive ']'
+ '[' -n /home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter ']'
+ '[' -n '' ']'
+ DEFAULT_LANGUAGE=en_US:en
+ '[' -n '' ']'
+ DEFAULT_LOCALES=en_US.UTF-8
+ '[' -n 26ada0c0-1165-4098-884d-aafd2220c2c6 ']'
+ '[' -n '' ']'
+ EXTRAPACKAGES=yes
+ '[' -n '' ']'
+ FALLBACK_MIRROR=http://deb.debian.org/debian
+ '[' -n yes ']'
+ '[' -n '' ']'
+ FORCE=
+ '[' -n 7ab618bbbbfd ']'
+ '[' -n '' ']'
+ INITRD=yes
+ '[' -n dracut ']'
+ '[' -n '' ']'
+ INITRD_GENERATOR_OPTS=
+ '[' -n '' ']'
+ INSTALL_NOTES=/etc/debootstrap/install_notes
+ '[' -n '' ']'
+ LOCALES=yes
+ '[' -n /home/user/whonix/build/derivative-maker/build_sources/debian_stable_current_clearnet.list ']'
+ '[' -n '' ']'
+ MKFS=mkfs.ext4
+ '[' -n '' ']'
+ MKFS_OPTS=
+ '[' -n '' ']'
+ PACKAGES=yes
+ '[' -n '' ']'
+ POST_SCRIPTS=yes
+ '[' -n '' ']'
+ PRE_SCRIPTS=yes
+ '[' -n '' ']'
+ RECONFIGURE=console-data
+ '[' -n '' ']'
+ RELEASE=bookworm
+ '[' -n no ']'
+ '[' -n '' ']'
+ SCRIPTS=no
+ '[' -n '' ']'
+ SECURE=yes
+ '[' -n UTC ']'
+ '[' -n '' ']'
+ TUNE2FS='tune2fs -c0 -i0'
+ '[' -n no ']'
+ '[' -n 100G ']'
+ '[' -n '' ']'
+ GRUB_INSTALL=yes
+ export LANG=C
+ LANG=C
+ export LC_ALL=C
+ LC_ALL=C
+ export LANGUAGE=C
+ LANGUAGE=C
+ INTERACTIVE=
+ '[' --debopt = -h ']'
+ '[' --debopt = -help ']'
+ '[' --debopt = --help ']'
+ '[' xterm = dumb ']'
+ GOOD=''
+ BAD=''
+ WARN=''
+ NORMAL=''
+ trap bailout HUP INT QUIT TERM
+ '[' -r /etc/debootstrap/config ']'
+ . /etc/debootstrap/config
+ CMDLINE_OPTS=mirror:,iso:,release:,target:,mntpoint:,debopt:,defaultinterfaces,interactive,nodebootstrap,nointerfaces,nokernel,nopackages,filesystem:,config:,confdir:,packages:,chroot-scripts:,scripts:,post-scripts:,pre-scripts:,debconf:,vm,vmfile,vmsize:,vmefi,keep_src_list,hostname:,password:,nopassword,grmlrepos,backportrepos,bootappend:,grub:,efi:,arch:,insecure,verbose,help,version,force,debug,contrib,non-free,remove-configs,sshcopyid,sshcopyauth
++ getopt --name grml-debootstrap -o +m:i:r:t:p:c:d:vhV --long mirror:,iso:,release:,target:,mntpoint:,debopt:,defaultinterfaces,interactive,nodebootstrap,nointerfaces,nokernel,nopackages,filesystem:,config:,confdir:,packages:,chroot-scripts:,scripts:,post-scripts:,pre-scripts:,debconf:,vm,vmfile,vmsize:,vmefi,keep_src_list,hostname:,password:,nopassword,grmlrepos,backportrepos,bootappend:,grub:,efi:,arch:,insecure,verbose,help,version,force,debug,contrib,non-free,remove-configs,sshcopyid,sshcopyauth -- --debopt ' --verbose ' --arch amd64 --filesystem ext4 --vmefi --force --hostname host --nopassword --release bookworm --keep_src_list --verbose --vmfile --vmsize 100G --packages /home/user/whonix/build/derivative-maker/grml_packages --mntpoint /mnt/derivative-maker-grml-debootstrap.153034 --target /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
+ _opt_temp=' --debopt '\'' --verbose '\'' --arch '\''amd64'\'' --filesystem '\''ext4'\'' --vmefi --force --hostname '\''host'\'' --nopassword --release '\''bookworm'\'' --keep_src_list --verbose --vmfile --vmsize '\''100G'\'' --packages '\''/home/user/whonix/build/derivative-maker/grml_packages'\'' --mntpoint '\''/mnt/derivative-maker-grml-debootstrap.153034'\'' --target '\''/home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw'\'' --'
+ '[' 0 '!=' 0 ']'
+ eval set -- ' --debopt '\'' --verbose '\'' --arch '\''amd64'\'' --filesystem '\''ext4'\'' --vmefi --force --hostname '\''host'\'' --nopassword --release '\''bookworm'\'' --keep_src_list --verbose --vmfile --vmsize '\''100G'\'' --packages '\''/home/user/whonix/build/derivative-maker/grml_packages'\'' --mntpoint '\''/mnt/derivative-maker-grml-debootstrap.153034'\'' --target '\''/home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw'\'' --'
++ set -- --debopt ' --verbose ' --arch amd64 --filesystem ext4 --vmefi --force --hostname host --nopassword --release bookworm --keep_src_list --verbose --vmfile --vmsize 100G --packages /home/user/whonix/build/derivative-maker/grml_packages --mntpoint /mnt/derivative-maker-grml-debootstrap.153034 --target /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw --
+ :
+ case "$1" in
+ shift
+ _opt_debopt=' --verbose '
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_arch=amd64
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_filesystem=ext4
+ FILESYSTEM=ext4
+ shift
+ :
+ case "$1" in
+ _opt_vmefi=T
+ shift
+ :
+ case "$1" in
+ _opt_force=T
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_hostname=host
+ shift
+ :
+ case "$1" in
+ _opt_nopassword=T
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_release=bookworm
+ shift
+ :
+ case "$1" in
+ _opt_keep_src_list=T
+ shift
+ :
+ case "$1" in
+ '[' '' ']'
+ _opt_verbose=1
+ shift
+ :
+ case "$1" in
+ _opt_vmfile=T
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_vmsize=100G
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_packages=/home/user/whonix/build/derivative-maker/grml_packages
+ _opt_packages_set=T
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_mntpoint=/mnt/derivative-maker-grml-debootstrap.153034
+ shift
+ :
+ case "$1" in
+ shift
+ _opt_target=/home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
+ shift
+ :
+ case "$1" in
+ shift
+ break
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' bookworm ']'
+ RELEASE=bookworm
+ '[' /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
+ TARGET=/home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
+ '[' '' ']'
+ '[' T ']'
+ VMFILE=1
+ VIRTUAL=1
+ '[' 100G ']'
+ VMSIZE=100G
+ '[' T ']'
+ VMEFI=1
+ '[' /mnt/derivative-maker-grml-debootstrap.153034 ']'
+ MNTPOINT=/mnt/derivative-maker-grml-debootstrap.153034
+ '[' ' --verbose ' ']'
+ DEBOOTSTRAP_OPT=' --verbose '
+ '[' '' ']'
+ '[' '' ']'
+ '[' ext4 ']'
+ MKFS=mkfs.ext4
+ '[' T ']'
+ PACKAGES=yes
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' T ']'
+ KEEP_SRC_LIST=yes
+ '[' '' ']'
+ '[' '' ']'
+ '[' host ']'
+ HOSTNAME=host
+ '[' '' ']'
+ '[' T ']'
+ NOPASSWORD=yes
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' amd64 ']'
+ ARCH=amd64
+ '[' '' ']'
+ '[' T ']'
+ FORCE=T
+ '[' 1 ']'
+ VERBOSE=-v
+ '[' '' ']'
+ '[' '' ']'
+ '[' -z main ']'
+ '[' '' ']'
+ case "${RELEASE}" in
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' -n '' ']'
+ '[' true = true ']'
+ set -x
+ '[' '' ']'
+ '[' '' ']'
+ check4root
++ id -u
+ '[' 0 '!=' 0 ']'
+ check4progs /home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter
+ local RC=
+ for arg in "$@"
+ command -v /home/user/whonix/build/derivative-maker/help-steps/pbuilder-debootstrap-command-filter
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ check4progs kpartx parted qemu-img
+ local RC=
+ for arg in "$@"
+ command -v kpartx
+ for arg in "$@"
+ command -v parted
+ for arg in "$@"
+ command -v qemu-img
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ echo ''
+ grep -q '^hd'
+ '[' -z /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
+ '[' -n '' ']'
+ '[' -n amd64 ']'
+ ARCHCMD='--arch amd64'
+ ARCHINFO=' (amd64)'
+ '[' -z amd64 ']'
++ uname -m
+ CURRENT_ARCH=x86_64
+ '[' x86_64 '!=' x86_64 ']'
+ '[' bookworm = stable ']'
+ '[' bookworm = testing ']'
+ checkconfiguration
+ efi_support
+ local efivars_loaded=false
+ modprobe efivars
+ modprobe efivarfs
 * EFI support detected.
 * EFI support detected but no --efi option given, please consider enabling it.
 * grml-debootstrap [0.103] - Please recheck configuration before execution:

   Target:          /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
   Mount point:     /mnt/derivative-maker-grml-debootstrap.153034
   Install grub:    yes
   Install efi:     yes
   Using release:   bookworm
   Using hostname:  host
   Using mirror:    /home/user/whonix/build/derivative-maker/build_sources/debian_stable_current_clearnet.list
   Using arch:      amd64
   Config files:    /etc/debootstrap
   Deploying as Virtual Machine.
   Using Virtual Disk file with size of 100G.

   Important! Continuing will delete all data from /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw!
 * Skip user acknowledgement as requested via --force option.
+ '[' -d /sys/firmware/efi ']'
+ einfo 'EFI support detected.'
+ einfon 'EFI support detected.\n'
+ '[' '' '!=' yes ']'
+ '[' '' = ebegin ']'
+ printf ' %s*%s EFI support detected.\n' '' ''
+ LAST_E_CMD=einfon
+ return 0
+ return 0
+ eend 0
+ local retval=0
+ shift
+ '[' 0 -gt 0 ']'
+ return 0
+ return 0
+ '[' -z '' ']'
+ ewarn 'EFI support detected but no --efi option given, please consider enabling it.'
+ printf ' %s*%s EFI support detected but no --efi option given, please consider enabling it.\n' '' ''
+ return 0
+ eend 0
+ local retval=0
+ shift
+ '[' 0 -gt 0 ']'
+ return 0
+ '[' -n '' ']'
+ '[' -n '' ']'
+ einfo 'grml-debootstrap [0.103] - Please recheck configuration before execution:'
+ einfon 'grml-debootstrap [0.103] - Please recheck configuration before execution:\n'
+ '[' '' '!=' yes ']'
+ '[' einfon = ebegin ']'
+ printf ' %s*%s grml-debootstrap [0.103] - Please recheck configuration before execution:\n' '' ''
+ LAST_E_CMD=einfon
+ return 0
+ return 0
+ echo
+ echo '   Target:          /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw'
+ case "$MNTPOINT" in
+ echo '   Mount point:     /mnt/derivative-maker-grml-debootstrap.153034'
+ '[' -n 1 ']'
+ echo '   Install grub:    yes'
+ '[' -n 1 ']'
+ echo '   Install efi:     yes'
+ '[' -n bookworm ']'
+ echo '   Using release:   bookworm'
+ '[' -n host ']'
+ echo '   Using hostname:  host'
+ '[' -n /home/user/whonix/build/derivative-maker/build_sources/debian_stable_current_clearnet.list ']'
+ echo '   Using mirror:    /home/user/whonix/build/derivative-maker/build_sources/debian_stable_current_clearnet.list'
+ '[' -n '' ']'
+ '[' -n amd64 ']'
+ echo '   Using arch:      amd64'
+ '[' -n /etc/debootstrap ']'
+ echo '   Config files:    /etc/debootstrap'
+ '[' -n 1 ']'
+ echo '   Deploying as Virtual Machine.'
+ '[' -n 100G ']'
+ '[' -n 1 ']'
+ echo '   Using Virtual Disk file with size of 100G.'
+ '[' '!' -t 0 ']'
+ echo
+ echo '   Important! Continuing will delete all data from /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw!'
+ '[' -n T ']'
+ einfo 'Skip user acknowledgement as requested via --force option.'
+ einfon 'Skip user acknowledgement as requested via --force option.\n'
+ '[' '' '!=' yes ']'
+ '[' einfon = ebegin ']'
+ printf ' %s*%s Skip user acknowledgement as requested via --force option.\n' '' ''
+ LAST_E_CMD=einfon
+ return 0
+ return 0
+ '[' -n /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
+ SHORT_TARGET=Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
+ '[' -z '' ']'
+ STAGES=/var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
+ '[' -d /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
+ mkdir -p /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
+ '[' -r /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw/grml-debootstrap ']'
+ PARTITION=
+ DIRECTORY=
+ '[' -b /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
+ '[' -n 1 ']'
+ PARTITION=1
+ '[' -n '' ']'
+ ISODIR=
+ ISODIR=
+ '[' -n '' ']'
+ for i in format_efi_partition prepare_vm mkfs tunefs mount_target mountpoint_to_blockdevice debootstrap_system preparechroot execute_pre_scripts chrootscript execute_post_scripts remove_configs umount_chroot grub_install umount_target fscktool
+ stage format_efi_partition
+ '[' -n '' ']'
+ grep -q done /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw/format_efi_partition
+ format_efi_partition
+ '[' -z '' ']'
+ return 0
+ '[' 0 -eq 0 ']'
+ stage format_efi_partition done
+ '[' -n done ']'
+ echo done
+ return 0
+ rm -f /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw/format_efi_partition
+ for i in format_efi_partition prepare_vm mkfs tunefs mount_target mountpoint_to_blockdevice debootstrap_system preparechroot execute_pre_scripts chrootscript execute_post_scripts remove_configs umount_chroot grub_install umount_target fscktool
+ stage prepare_vm
+ '[' -n '' ']'
+ grep -q done /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw/prepare_vm
+ prepare_vm
+ '[' -z 1 ']'
+ '[' -b /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
+ '[' '!' -b /home/user/derivative-binary/17.0.5.9/Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
+ '[' -z 1 ']'
+ modprobe -q loop
++ error_handler
++ last_exit_code=1
++ last_bash_command='modprobe -q loop'
Unexpected non-zero exit code 1 in /usr/sbin/grml-debootstrap /usr/sbin/grml-debootstrap /usr/sbin/grml-debootstrap at line 1486 2181 0 detected!
last bash command: modprobe -q loop
++ '[' yes = yes ']'
++ echo 'Unexpected non-zero exit code 1 in /usr/sbin/grml-debootstrap /usr/sbin/grml-debootstrap /usr/sbin/grml-debootstrap at line 1486 2181 0 detected!
last bash command: modprobe -q loop'
++ '[' '!' yes = yes ']'
++ command -v bailout
++ bailout 1
++ cleanup
++ '[' -n '' ']'
++ '[' -n /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw ']'
++ einfo 'Removing /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw'
++ einfon 'Removing /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw\n'
++ '[' '' '!=' yes ']'
++ '[' einfon = ebegin ']'
 * Removing /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
++ printf ' %s*%s Removing /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw\n' '' ''
++ LAST_E_CMD=einfon
++ return 0
++ return 0
++ rmdir /var/cache/grml-debootstrap/stages_Whonix-Workstation-CLI-17.0.5.9.Intel_AMD64.raw
++ eend 0
++ local retval=0
++ shift
++ '[' 0 -gt 0 ']'
++ return 0
++ echo /mnt/derivative-maker-grml-debootstrap.153034
++ grep -q '/mnt/debootstrap\.'
++ '[' -n /mnt/derivative-maker-grml-debootstrap.153034 ']'
++ grep -q /mnt/derivative-maker-grml-debootstrap.153034 /proc/mounts
++ '[' -n '' ']'
++ '[' -n 1 ']'
++ EXIT=1
++ '[' -n '' ']'
++ exit 1
++ exception_handler_general ERR
++ last_failed_exit_code=1
++ last_failed_bash_command='$SUDO_TO_ROOT --preserve-env $DEBOOTSTRAP_PREFIX dist_build_multiarch_package_item="$dist_build_target_arch" bash -x -e "$dist_build_grml_bin" --debopt "$dist_build_debopt" --arch "$dist_build_target_arch" --filesystem "$dist_build_file_system" --vmefi --force --hostname "$dist_build_hostname" --nopassword --release "$dist_build_apt_stable_release" --keep_src_list --verbose --vmfile --vmsize "$VMSIZE" --packages "$source_code_folder_dist/grml_packages" --mntpoint "$dist_grml_mount_point" --target "$binary_image_raw"'
++ output_cmd_set
++ '[' -o xtrace ']'
++ output_cmd=true
++ true 'INFO: Middle of function exception_handler_general of ././build-steps.d/3200_create-raw-image.'
++ exception_handler_process_shared ERR
++ last_script=././build-steps.d/3200_create-raw-image
++ trap_signal_type_previous=
++ '[' '' = '' ']'
++ trap_signal_type_previous=unset
++ trap_signal_type_last=ERR
++ dist_build_error_counter=1
+++ benchmarktimeend 1698934311
++++ date +%s
+++ benchmarktimeend=1698934311
+++ benchmark_took_seconds=0
++++ convertsecs 0
++++ local h m s
++++ (( h=0/3600 ))
++++ true
++++ (( m=(0%3600)/60 ))
++++ true
++++ (( s=0%60 ))
++++ true
++++ printf '%02d:%02d:%02d\n' 0 0 0
+++ echo 00:00:00
++ benchmark_took_time=00:00:00
++ local first
++ read -r first _
++ process_backtrace_function
++ true 'INFO: BEGIN: process_backtrace_function'
++ '[' -o xtrace ']'
++ set +x
++ true 'INFO: END  : process_backtrace_function'
++ function_trace_function
++ true 'INFO: BEGIN: function_trace_function'
++ '[' -o xtrace ']'
++ set +x
++ true 'INFO: END  : function_trace_function'
++ output_cmd_set
++ '[' -o xtrace ']'
++ output_cmd=true
++ true '
############################################################
ERROR detected in script!: ././build-steps.d/3200_create-raw-image

dist_build_version: 17.0.5.9
dist_build_error_counter: 1
benchmark: 00:00:00
last_failed_exit_code: 1
trap_signal_type_previous: unset
trap_signal_type_last    : ERR

process_backtrace_result:
1: : init
2: : /bin/bash -exc source /etc/docker-entrypoint-cmd 
3: : /bin/bash /whonix_starter.sh 
4: : sudo -u user /bin/bash -c { mkdir -p ~/whonix/build ~/whonix/logs && wget https://www.whonix.org/keys/derivative.asc -O ~/derivative.asc &&     gpg --keyid-format long --import --import-options show-only --with-fingerprint ~/derivative.asc &&     gpg --import ~/derivative.asc &&     gpg --check-sigs 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA; } | tee ~/whonix/logs/key.log &&     { cd ~/whonix/build && git clone --depth=1 --branch 17.0.5.9-developers-only --jobs=4 --recurse-submodules --shallow-submodules https://github.com/Whonix/derivative-maker.git &&     cd ~/whonix/build/derivative-maker; git fetch &&     git verify-tag 17.0.5.9-developers-only &>> ~/whonix/logs/git.log &&     git verify-commit 17.0.5.9-developers-only^{commit} &&     git checkout --recurse-submodules 17.0.5.9-developers-only &&     git describe && git status; } | tee -a ~/whonix/logs/git.log &&     { tbb_version=13.0.1 ~/whonix/build/derivative-maker/derivative-maker     --flavor whonix-workstation-cli --target raw --arch amd64 --repo true | tee ~/whonix/logs/build_ws.log &&     tbb_version=13.0.1 ~/whonix/build/derivative-maker/derivative-maker     --flavor whonix-gateway-cli --target raw --arch amd64 --repo true | tee ~/whonix/logs/build_gw.log; } 
5: : sudo -u user /bin/bash -c { mkdir -p ~/whonix/build ~/whonix/logs && wget https://www.whonix.org/keys/derivative.asc -O ~/derivative.asc &&     gpg --keyid-format long --import --import-options show-only --with-fingerprint ~/derivative.asc &&     gpg --import ~/derivative.asc &&     gpg --check-sigs 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA; } | tee ~/whonix/logs/key.log &&     { cd ~/whonix/build && git clone --depth=1 --branch 17.0.5.9-developers-only --jobs=4 --recurse-submodules --shallow-submodules https://github.com/Whonix/derivative-maker.git &&     cd ~/whonix/build/derivative-maker; git fetch &&     git verify-tag 17.0.5.9-developers-only &>> ~/whonix/logs/git.log &&     git verify-commit 17.0.5.9-developers-only^{commit} &&     git checkout --recurse-submodules 17.0.5.9-developers-only &&     git describe && git status; } | tee -a ~/whonix/logs/git.log &&     { tbb_version=13.0.1 ~/whonix/build/derivative-maker/derivative-maker     --flavor whonix-workstation-cli --target raw --arch amd64 --repo true | tee ~/whonix/logs/build_ws.log &&     tbb_version=13.0.1 ~/whonix/build/derivative-maker/derivative-maker     --flavor whonix-gateway-cli --target raw --arch amd64 --repo true | tee ~/whonix/logs/build_gw.log; } 
6: : /bin/bash -c { mkdir -p ~/whonix/build ~/whonix/logs && wget https://www.whonix.org/keys/derivative.asc -O ~/derivative.asc &&     gpg --keyid-format long --import --import-options show-only --with-fingerprint ~/derivative.asc &&     gpg --import ~/derivative.asc &&     gpg --check-sigs 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA; } | tee ~/whonix/logs/key.log &&     { cd ~/whonix/build && git clone --depth=1 --branch 17.0.5.9-developers-only --jobs=4 --recurse-submodules --shallow-submodules https://github.com/Whonix/derivative-maker.git &&     cd ~/whonix/build/derivative-maker; git fetch &&     git verify-tag 17.0.5.9-developers-only &>> ~/whonix/logs/git.log &&     git verify-commit 17.0.5.9-developers-only^{commit} &&     git checkout --recurse-submodules 17.0.5.9-developers-only &&     git describe && git status; } | tee -a ~/whonix/logs/git.log &&     { tbb_version=13.0.1 ~/whonix/build/derivative-maker/derivative-maker     --flavor whonix-workstation-cli --target raw --arch amd64 --repo true | tee ~/whonix/logs/build_ws.log &&     tbb_version=13.0.1 ~/whonix/build/derivative-maker/derivative-maker     --flavor whonix-gateway-cli --target raw --arch amd64 --repo true | tee ~/whonix/logs/build_gw.log; } 
7: : /bin/bash /home/user/whonix/build/derivative-maker/derivative-maker --flavor whonix-workstation-cli --target raw --arch amd64 --repo true 
8: : /bin/bash ././build-steps.d/3200_create-raw-image --flavor whonix-workstation-cli --target raw --arch amd64 --repo true 

function_trace_result:
main (line number: 219)
main (line number: 207)
create-debian-raw-image (line number: 162)
exception_handler_general (line number: 162)
exception_handler_process_shared (line number: 162)


last_failed_bash_command: $SUDO_TO_ROOT --preserve-env $DEBOOTSTRAP_PREFIX dist_build_multiarch_package_item="$dist_build_target_arch" bash -x -e "$dist_build_grml_bin" --debopt "$dist_build_debopt" --arch "$dist_build_target_arch" --filesystem "$dist_build_file_system" --vmefi --force --hostname "$dist_build_hostname" --nopassword --release "$dist_build_apt_stable_release" --keep_src_list --verbose --vmfile --vmsize "$VMSIZE" --packages "$source_code_folder_dist/grml_packages" --mntpoint "$dist_grml_mount_point" --target "$binary_image_raw"
############################################################
13

That’s a bug in grml-debootstrap fork by derivative-maker due to more strict error (that I authored and attempting to upstream improve error handling 3 by adrelanos · Pull Request #255 · grml/grml-debootstrap · GitHub).

The fix might be in git now. (error handling · Kicksecure/grml-debootstrap@817b3a0 · GitHub)

This might be fixed in 17.0.8.4 and above.

1 Like
14

Good evening much appreciated

I maybe misunderstand but this error is not causing build error correct?

This must be docker problem because it does not happen when building normally without whonix-builder.

I could find this post when you said to a member who asks about docker building whonix that you need build steps to convert docker image format and no time for hacks and personal. This means this image error must be caused cz build setps are missing

For a proper implementation, it shouldn’t be using --target root. Rather --target raw initially during development. And then add another build step to to convert to the docker image format, which I haven’t looked into.

Btw I won’t be spending time on personal projects / hacks.

15

It is.

You can see this as a docker bug or missing feature indeed. Unrelated to Whonix.

What is failing in docker without Whonix being involved is the equivalent of the following command:

sudo modprobe loop

Or just modprobe loop as root.

This wasn’t an issue previously because grml-debootstrap ignored modprobe loop failing (non-zero exit code). Now strict error handling was added by me which made this issue apparent. The sudo modprobe loop by grml-debootstrap could be seen as a bug too because it seems superfluous unless I am missing something. I might report a bug and/or fix this in grml-debootstrap later after my current pull requests were merged.

1 Like
16

Sorry for misunderstanding you

I misunderstand then about extra buildsteps and converting docker image format advice.

In the link you show it says the changes (green / red) for grml-debootstrap

 - modprobe -q loop
 + modprobe loop || tru

So I think I just have to change this in my local download from derivativemaker to fix yes?

1 more question please about onion source

This problem is in docker and normal environment but I already could find many forum posts about apt-cacher-ng and bookworm problem.

In whonix-builder there is also apt-transport-https package which is wrong but also without same error.

Is this a Whonix or docker bug too?

+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD apt-get -o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew -o Dir::Etc::sourcelist=/home/user/derivative-maker/build_sources/debian_stable_current_onion.list -o Dir::Etc::sourceparts=- update
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Err:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Reading package lists...
E: Failed to fetch tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security/dists/bookworm-security/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm-updates/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm-backports/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian/dists/bookworm-fasttrack/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Some index files failed to download. They have been ignored, or old ones used instead.
++ exception_handler_general ERR
++ last_failed_exit_code=100
++ last_failed_bash_command='$SUDO_TO_ROOT apt-get ${APTGETOPT[@]} -o Dir::Etc::sourcelist="$dist_build_sources_list_primary" -o Dir::Etc::sourceparts="-" update'
17

You could do this but you need exactly copy/paste all of it. If you can’t please wait for the next stable git tag.

--connection onion isn’t easy to use. For onion see:
Build Configuration - Whonix chapter Torified or Host APT Cache in Whonix wiki

This is currently broken. No fix available. No ETA for a fix available either. This might remain broken for a long time unless a fix is contributed. Unrelated to docker. Also broken for non-docker builds since Debian bookworm.

1 Like
18

Sorry I asked before checking everything

Solution for using APT_ONION=true or --onion sources is lower version for apt-cacher-ng
I could find this in qubes forum they say 3.6 works

I did not test docker but in normal build on bookworm you have to add deb https://deb.debian.org/debian bookworm main to /etc/apt/sources.list and install with sudo apt-get install apt-cacher-ng= 3.6.4-1

Then everything works and no apt-transport-https needed cz the wiki says it sucks.

Just until create image error but I will try your fix now.

This docker repo is ok little bit broken but not good for repeating or restart.

I will keep my normal Workstation for builds cz also automatic --onion sources with latest version and no need for dnscrypt or other gimmick.

Whats even the point of this?

19

sorry for some reason I cant edit my post up top.

It should be deb https://deb.debian.org/debian bullseye main in /etc/apt/sources.list added to install apt-cacher-ng version 3.6

20 
+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD apt-get -o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew -o Dir::Etc::sourcelist=/home/user/derivative-maker/build_sources/debian_stable_current_onion.list -o Dir::Etc::sourceparts=- update
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Ign:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
Ign:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
Ign:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
Ign:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
Err:2 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:1 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:4 tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian bookworm-fasttrack InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Err:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm InRelease
  503  Operation not permitted [IP: 127.0.0.1 3142]
Reading package lists...
E: Failed to fetch tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security/dists/bookworm-security/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm-updates/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm-backports/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion/debian/dists/bookworm-fasttrack/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Failed to fetch tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm/InRelease  503  Operation not permitted [IP: 127.0.0.1 3142]
E: Some index files failed to download. They have been ignored, or old ones used instead.
++ exception_handler_general ERR
++ last_failed_exit_code=100
++ last_failed_bash_command='$SUDO_TO_ROOT apt-get ${APTGETOPT[@]}

This is exactly what happens when --connection onion is used.

I did not test docker but in normal build on bookworm you have to add deb https://deb.debian.org/debian bookworm main to /etc/apt/sources.list and install with sudo apt-get install apt-cacher-ng= 3.6.4-1 Then everything works and no apt-transport-https needed cz the wiki says it sucks.

Installing this version of apt-cacher-ng does not solve the issue.
Is there maybe something else you did to make it work?