[Help Welcome] KVM Development - staying the course

new required for build machine:

sudo apt-get install apt-cacher-ng
1 Like

Yeah I always do this anyway :slight_smile:

Dev/KVM - Whonix

1 Like

Whonix ™ for KVM still needs update.

Yes I know, but I am waiting for instructions to upload to sf.

Sorted.


Please remove from script used to build Whonix:

WHONIX_APT_REPOSITORY_OPTS='--enable --repository stable'
export WHONIX_APT_REPOSITORY_OPTS

And as replacement, whenever a line says:

--build

Keep the --build but add also the following switch:

--redistribute

I.e. it should look like this:

--build --redistribute

After booting Whonix, please check that Whonix stable (buster!) repository is enabled and apt-get update is functional.

(This was required because of this.)


Whonix 15 build testing can start as per

However, functionality wise, it will take some more time.

1 Like

Could you please port Whonix ™ for KVM and KVM/Minimalized Installation - Whonix to be using CodeSelect rather than pre tags? That would help using wiki templates.

A series of scripts for downloading, verifying, and installing KVM Whonix on Debian. - juxtin/install-whonix

Did we ever see this one? I don’t remember? Wondering why its author never contacted us?

(It’s gpg verification code might be unsafe in fully automated scripts. → Should use GitHub - Kicksecure/gpg-bash-lib: gpg file verification bash library, addresses comprehensive threat model, that covers file name tampering, indefinite freeze, rollback, endless data attacks, etc. style.)

1 Like
1 Like

Done. Changed it for all commands however some command outputs are just left as pre as no one is expected to copy paste those. I didn’t realize how much info was added over the years until I went thru it all to change it. :sweat_smile:


Never. He didn’t contact us either, but it’s definitely an interesting building block for a “KVM installer” once the crypto stuff gets sorted out.

1 Like

I don’t think it gets sorted out. And maybe also not needed for Whonix KVM Host / whonix-host-kvm.

For Whonix KVM Host we could copy over the files during a build-step.

For sudo apt-get install whonix-host-kvm on Debian hosts it looks more complicated. We’d need a deb package shipping the qcow2 files. Not sure that would be crazy.

Good.

Will there be a Whonix host meta-package for vanilla Debian hosts that includes as much securtiy specific and privacy enhancements as applicably possible? This is doubly relevant for a hardened Debian VM which can also act as a sandbox for the browser that accesses captive portals.

1 Like

Will there be a Whonix host meta-package for vanilla Debian hosts that includes as much security specific and privacy enhancements as applicably possible?

Yes. It’s required for a Whonix-KVM-Host anyhow.

  • hardened-debian-host-kvm-xfce (rename required) (not sure in which order the name, getting a lot: host vs VM, kvm vs virtualbox, xfce vs cli)
  • whonix-host-kvm (depending on hardened-debian-host-kvm-xfce most likely to avoid code duplication, that’s a clean way to implement it anyhow)

But I am not sure yet a whonix-host-kvm meta package (installable on Debian hosts or default installed meta package on a Whonix-KVM-Host) could be capable of fetching Whonix qcow2 images since we don’t have a Debian package(s) which which ships qcow2 images, and I am not sure yet it’s sane to create them.

This is doubly relevant for a hardened Debian VM which can also act as a sandbox for the browser that accesses captive portals.

Interesting idea, so we could ship the hardened Debian VM by default on a Whonix-Host too.

1 Like

Are these two packages available anywhere? I’m building a new host and it sounds like this could save me some time.

No, for now it’s only a development discussion.

KVM Testers Only Version - Whonix is broken.

This page is strange. When I edit the steps 1 and 2 don;t appear in the page source just the broken template link. If I paste the proper download table template, it replaces everything.

Somewhat(?) fixed. See now please.

1 Like

Looks good now :slight_smile:

1 Like

Could you invite this guy here to join development please? GitHub - juxtin/install-whonix: A series of scripts for downloading, verifying, and installing KVM Whonix on Debian.

1 Like