[Help Welcome] KVM Development - staying the course

Could you review KVM: Difference between revisions - Whonix please?

Wow what a great cleanup effort. Accepted. Thanks to the author.

More edits.

KVM: Difference between revisions - Whonix

Could you please update Whonix ™ for KVM?

• no more use of keyservers due to gpg --recv-keys fails / no longer use keyservers for anything
• more similar to Whonix ™ Signing Key (most importantly using that super long, unfortunately required, gpg command which is the only one which shows the full key id.

This

gpg --keyid-format long --import --import-options show-only --with-fingerprint hulahoop.asc

That command would need me to refer to a download link for my key on the Whonix website. I just tested the current keyserver command without problems though, so why is it needed (besides unifying instructions)?

From my limited experience there can be issues with downloading keys from one day to the next regardless of which keyserver is used. Users should have no issues with downloading hulahoop.asc . If they do, it would also mean they would not be able to download the ova images either . I think the push is to try to find a more reliable and just as secure way to verify whonix images then what is currently available.

Last post on that topic
From: Patrick

Ticket created just now.

stop using gpg keyservers / provide OpenPGP keys for download as files from torproject.org
https://trac.torproject.org/projects/tor/ticket/31090#ticke

I see, OK let me know if/where my key is on the site and I’ll change things. In the long term, we can’t afford to ignore the key management infrastrucutre completely becuase that just puts too much trust and availability in one place (our site).

For Whonix software downloads? I don’t see any advantage of using keyservers even if they are functional. Users get documentation, software downloads, signatures from whonix.org. So can as well add keys there for completion. Doesn’t improve trust or availability by using keyservers for OpenPGP keys. Well, OpenPGP keys can still be additionally uploaded to keyservers but that’s just a bonus.

For the more general discussion besides Whonix software downloads, see:

From what is can see this is the only spot. Although it has both hulahoop.asc and Cli download instructions.

https://www.whonix.org/wiki/KVM#Verify_the_Whonix_.E2.84.A2_Images

Thanks. Just discovered the wiki blocks .asc uploads.
@Patrick can you please delete my HulaHoop porfile page on the wiki?

EDIT:
KVM instructions updated.

Can’t see. Link?

and import:

gpg --keyid-format long --import --import-options show-only --with-fingerprint hulahoop.asc

That is wrong. That ocmmand does not import. It shows the fingerprint. Import is a separate step after checking the key fingerprint. See Whonix ™ Signing Key

https://www.whonix.org/wiki/HulaHoop

Thanks. Finished edits and looks much better now

I’m not sure that page exist. If I search for https://www.whonix.org/wiki/Captain_Kangaroo I get the same result.

You can search for this page title in other pages, or search the related logs, but you do not have permission to create this page.

Could you please document how to use SysRq with KVM?

@Patrick_mobile

Attempting build but I’m seeing a nasty error. Does this have anything to do wih recent fixes to the script for kicksecure?

Processing triggers for systemd (241-7~deb10u1) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for libc-bin (2.28-10) ...
[ ERR] Writing extended state information
[ ERR] Building tag database

Current status: 0 (-1) broken, 1 (+1) upgradable.
E: Failed to fork process for dpkg selections.
E: failed to save selections to dpkg database
E: pbuilder-satisfydepends failed.
I: Copying back the cached apt archive contents
I: unmounting dev/ptmx filesystem
I: unmounting dev/pts filesystem
I: unmounting dev/shm filesystem
I: unmounting proc filesystem
I: unmounting sys filesystem
I: Cleaning COW directory
I: forking: rm -rf /var/cache/pbuilder/cow.cow_amd64/cow.11131
++ error_handler_pre
++ local exit_code=1
++ local 'last_err=sudo $COWBUILDER_PREFIX cowbuilder --build "$make_main_dsc_file" $make_cowbuilder_arch_opt --basepath "$base_folder" --buildplace "$cow_folder" --distribution "$make_cowbuilder_distribution" --mirror "$make_cowbuilder_mirror" --extrapackages "$make_deb_build_dependencies" --buildresult "$DISTDIR"'
++ '[' '!' 1 = 1 ']'
++ '[' '' = '' ']'
++ output='## See above.'
++ force_output '
####################################################################
## BEGIN ERROR in /usr/share/genmkfile/make-helper-one.bsh detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: sudo $COWBUILDER_PREFIX cowbuilder --build "$make_main_dsc_file" $make_cowbuilder_arch_opt --basepath "$base_folder" --buildplace "$cow_folder" --distribution "$make_cowbuilder_distribution" --mirror "$make_cowbuilder_mirror" --extrapackages "$make_deb_build_dependencies" --buildresult "$DISTDIR"
## EXIT_CODE: 1
##
## END ERROR in /usr/share/genmkfile/make-helper-one.bsh detected!
## Please report this bug!
####################################################################
'
++ '[' '' = true ']'
++ echo '
####################################################################
## BEGIN ERROR in /usr/share/genmkfile/make-helper-one.bsh detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: sudo $COWBUILDER_PREFIX cowbuilder --build "$make_main_dsc_file" $make_cowbuilder_arch_opt --basepath "$base_folder" --buildplace "$cow_folder" --distribution "$make_cowbuilder_distribution" --mirror "$make_cowbuilder_mirror" --extrapackages "$make_deb_build_dependencies" --buildresult "$DISTDIR"
## EXIT_CODE: 1
##
## END ERROR in /usr/share/genmkfile/make-helper-one.bsh detected!
## Please report this bug!
####################################################################
'

####################################################################
## BEGIN ERROR in /usr/share/genmkfile/make-helper-one.bsh detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: sudo $COWBUILDER_PREFIX cowbuilder --build "$make_main_dsc_file" $make_cowbuilder_arch_opt --basepath "$base_folder" --buildplace "$cow_folder" --distribution "$make_cowbuilder_distribution" --mirror "$make_cowbuilder_mirror" --extrapackages "$make_deb_build_dependencies" --buildresult "$DISTDIR"
## EXIT_CODE: 1
##
## END ERROR in /usr/share/genmkfile/make-helper-one.bsh detected!
## Please report this bug!
####################################################################

++ '[' '' = true ']'
++ rm -f /tmp/tmp.eYa8A4Mop6
++ exit 1
++ error_handler_pre
++ local exit_code=1
++ local 'last_err="$GENMKFILE_PATH/make-helper-one.bsh" deb-pkg-build'
++ '[' '!' 1 = 1 ']'
++ '[' '' = '' ']'
++ output='## See above.'
++ force_output '
####################################################################
## BEGIN ERROR in /usr/share/genmkfile/make-helper.bsh detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: "$GENMKFILE_PATH/make-helper-one.bsh" deb-pkg-build
## EXIT_CODE: 1
##
## END ERROR in /usr/share/genmkfile/make-helper.bsh detected!
## Please report this bug!
####################################################################
'
++ '[' '' = true ']'
++ echo '
####################################################################
## BEGIN ERROR in /usr/share/genmkfile/make-helper.bsh detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: "$GENMKFILE_PATH/make-helper-one.bsh" deb-pkg-build
## EXIT_CODE: 1
##
## END ERROR in /usr/share/genmkfile/make-helper.bsh detected!
## Please report this bug!
####################################################################
'

####################################################################
## BEGIN ERROR in /usr/share/genmkfile/make-helper.bsh detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: "$GENMKFILE_PATH/make-helper-one.bsh" deb-pkg-build
## EXIT_CODE: 1
##
## END ERROR in /usr/share/genmkfile/make-helper.bsh detected!
## Please report this bug!
####################################################################

++ '[' '' = true ']'
++ rm -f /tmp/tmp.lqG0IRLCWh
++ exit 1
make: *** [/usr/share/genmkfile/makefile-full:67: deb-pkg] Error 1
++ retry_last_failed_bash_command_exit_code=2
++ true
++ '[' 2 = 0 ']'
++ true 'INFO: Retry failed. exit code of last_failed_bash_command: 2 '
++ last_failed_exit_code=2
++ last_failed_bash_command='sudo $SUDO_OPTS -E make -f "$make_file" deb-pkg'
++ '[' '!' '' = '' ']'
++ true 'INFO: Skipping whonix_build_dispatch_after_retry (--retry-after), because empty, ok.'
++ '[' 2 = 0 ']'
++ errorhandlerprocessshared 'NONE_(called_by_errorhandlerretry)'
++ last_script=././build-steps.d/1200_create-debian-packages
++ trap_signal_type_previous='NONE_(called_by_errorhandlerretry)'
++ '[' 'NONE_(called_by_errorhandlerretry)' = '' ']'
++ trap_signal_type_last='NONE_(called_by_errorhandlerretry)'
++ whonix_build_error_counter=4
+++ benchmarktimeend 1567959907
++++ date +%s
+++ benchmarktimeend=1567961580
+++ benchmark_took_seconds=1673
++++ convertsecs 1673
++++ local h m s
++++ (( h=1673/3600 ))
++++ true
++++ (( m=(1673%3600)/60 ))
++++ (( s=1673%60 ))
++++ printf '%02d:%02d:%02d\n' 0 27 53
+++ echo 00:27:53
++ benchmark_took_time=00:27:53
++ processbacktracefunction
++ true 'INFO: BEGIN: processbacktracefunction'
++ '[' -o xtrace ']'
++ set +x
++ true 'INFO: END  : processbacktracefunction'
++ functiontracefunction
++ true 'INFO: BEGIN: functiontracefunction'
++ '[' -o xtrace ']'
++ set +x
++ true 'INFO: END  : functiontracefunction'
++ output_cmd_set
++ '[' -o xtrace ']'
++ output_cmd=true
++ true '
############################################################
ERROR in ././build-steps.d/1200_create-debian-packages detected!
anon_dist_build_version: 15.0.0.4.9
(whonix_build_error_counter: 4)
(benchmark: 00:27:53)
trap_signal_type_previous: NONE_(called_by_errorhandlerretry)
trap_signal_type_last    : NONE_(called_by_errorhandlerretry)
process_backtrace_result:
1: : /sbin/init 
2: : xfce4-terminal 
3: : bash 
4: : sudo REPO_PROXY=http://127.0.0.1:3142 ./whonix_build --flavor whonix-gateway-xfce --build --redistribute --target qcow2 --unsafe-io true 
5: : /bin/bash ./whonix_build --flavor whonix-gateway-xfce --build --redistribute --target qcow2 --unsafe-io true 
6: : /bin/bash ././build-steps.d/1200_create-debian-packages 
function_trace_result:
main (line number: 212)
main (line number: 208)
create-debian-packages (line number: 200)
create_whonix_debian_packages (line number: 172)
errorhandlergeneral (line number: 334)
errorhandlerprocessshared (line number: 220)
errorhandlerretry (line number: 154)
errorhandlerprocessshared (line number: 275)
errorhandlerretry (line number: 154)
errorhandlerprocessshared (line number: 220)
errorhandlerretry (line number: 154)
errorhandlerprocessshared (line number: 169)
main (line number: 212)
main (line number: 208)
create-debian-packages (line number: 200)
create_whonix_debian_packages (line number: 172)
errorhandlergeneral (line number: 334)
errorhandlerprocessshared (line number: 220)
errorhandlerretry (line number: 154)
errorhandlerprocessshared (line number: 169)
errorhandlerprocessshared (line number: 169)
errorhandlergeneral (line number: 334)
create_whonix_debian_packages (line number: 172)
create-debian-packages (line number: 200)
main (line number: 208)
main (line number: 212)
errorhandlerprocessshared (line number: 169)
errorhandlerretry (line number: 154)
errorhandlerprocessshared (line number: 275)
errorhandlerretry (line number: 154)
errorhandlerprocessshared (line number: 220)
errorhandlergeneral (line number: 334)
create_whonix_debian_packages (line number: 172)
create-debian-packages (line number: 200)
main (line number: 208)
main (line number: 212)
last_failed_bash_command: sudo $SUDO_OPTS -E make -f "$make_file" deb-pkg
last_failed_exit_code: 2
ERROR in ././build-steps.d/1200_create-debian-packages detected!
############################################################
'
++ '[' 'NONE_(called_by_errorhandlerretry)' = INT ']'
++ '[' 'NONE_(called_by_errorhandlerretry)' = TERM ']'
++ '[' 'NONE_(called_by_errorhandlerretry)' = ERR ']'
++ '[' 'NONE_(called_by_errorhandlerretry)' = 'NONE_(called_by_errorhandlerretry)' ']'
++ true 'INFO: trap_signal_type_last: NONE_(called_by_errorhandlerretry), considering auto retry...'
++ '[' '!' 1 = 0 ']'
++ '[' 2 = '' ']'
++ '[' -n 1 ']'
++ '[' -n 5 ']'
++ local first
++ read -r first _
++ '[' sudo = error_ ']'
++ '[' 2 -gt 1 ']'
++ true 'INFO: Auto retried (--retry-max) already 1 times. No more auto retry. '
++ unset whonix_build_auto_retry_counter
++ true
++ ignore_error=false
++ answer=
++ '[' 'NONE_(called_by_errorhandlerretry)' = ERR ']'
++ '[' 'NONE_(called_by_errorhandlerretry)' = 'NONE_(called_by_errorhandlerretry)' ']'
++ true 'INFO: whonix_build_non_interactive: '
++ '[' '' = true ']'
++ '[' -t 0 ']'
++ true 'INFO: stdin connected to terminal, using interactive error handler.'
++ true '   ERROR in ././build-steps.d/1200_create-debian-packages detected!
   Please have a look above (the block within ###...), note the command that failed, last_failed_exit_code and its output (further above).
   - Please enter c and press enter to ignore the error and continue building. (Recommended against!)
   - Please press r and enter to retry.
   - Please press s and enter to open an chroot interactive shell.
   - Please press a and enter to abort.'
++ read -p 'Answer? ' answer

Root account unlocked and user added to the wheel if it’s any use for debugging.

Building on plain Debian? Or Whonix?

If Whonix, make sure it’s updated.

Whonix. Yes it’s always updated before building. Booted into root emergency mode with same results