Yes I know, but I am waiting for instructions to upload to sf.
Sorted.
Please remove from script used to build Whonix:
WHONIX_APT_REPOSITORY_OPTS='--enable --repository stable'
export WHONIX_APT_REPOSITORY_OPTS
And as replacement, whenever a line says:
--build
Keep the --build
but add also the following switch:
--redistribute
I.e. it should look like this:
--build --redistribute
After booting Whonix, please check that Whonix stable (buster!) repository is enabled and apt-get update is functional.
(This was required because of this.)
Whonix 15 build testing can start as per
However, functionality wise, it will take some more time.
Could you please port Whonix ā¢ for KVM and KVM/Minimalized Installation - Whonix to be using CodeSelect rather than pre tags? That would help using wiki templates.
A series of scripts for downloading, verifying, and installing KVM Whonix on Debian. - juxtin/install-whonix
Did we ever see this one? I donāt remember? Wondering why its author never contacted us?
(Itās gpg verification code might be unsafe in fully automated scripts. ā Should use GitHub - Kicksecure/gpg-bash-lib: gpg file verification bash library, addresses comprehensive threat model, that covers file name tampering, indefinite freeze, rollback, endless data attacks, etc. style.)
Done. Changed it for all commands however some command outputs are just left as pre as no one is expected to copy paste those. I didnāt realize how much info was added over the years until I went thru it all to change it.
Never. He didnāt contact us either, but itās definitely an interesting building block for a āKVM installerā once the crypto stuff gets sorted out.
I donāt think it gets sorted out. And maybe also not needed for Whonix KVM Host / whonix-host-kvm.
For Whonix KVM Host we could copy over the files during a build-step.
For sudo apt-get install whonix-host-kvm
on Debian hosts it looks more complicated. Weād need a deb package shipping the qcow2 files. Not sure that would be crazy.
Good.
Will there be a Whonix host meta-package for vanilla Debian hosts that includes as much securtiy specific and privacy enhancements as applicably possible? This is doubly relevant for a hardened Debian VM which can also act as a sandbox for the browser that accesses captive portals.
Will there be a Whonix host meta-package for vanilla Debian hosts that includes as much security specific and privacy enhancements as applicably possible?
Yes. Itās required for a Whonix-KVM-Host anyhow.
hardened-debian-host-kvm-xfce
(rename required) (not sure in which order the name, getting a lot: host vs VM, kvm vs virtualbox, xfce vs cli)whonix-host-kvm
(depending onhardened-debian-host-kvm-xfce
most likely to avoid code duplication, thatās a clean way to implement it anyhow)
But I am not sure yet a whonix-host-kvm
meta package (installable on Debian hosts or default installed meta package on a Whonix-KVM-Host) could be capable of fetching Whonix qcow2 images since we donāt have a Debian package(s) which which ships qcow2 images, and I am not sure yet itās sane to create them.
This is doubly relevant for a hardened Debian VM which can also act as a sandbox for the browser that accesses captive portals.
Interesting idea, so we could ship the hardened Debian VM by default on a Whonix-Host too.
Are these two packages available anywhere? Iām building a new host and it sounds like this could save me some time.
No, for now itās only a development discussion.
KVM Testers Only Version - Whonix is broken.
This page is strange. When I edit the steps 1 and 2 don;t appear in the page source just the broken template link. If I paste the proper download table template, it replaces everything.
Somewhat(?) fixed. See now please.
Looks good now
Could you invite this guy here to join development please? GitHub - juxtin/install-whonix: A series of scripts for downloading, verifying, and installing KVM Whonix on Debian.
Qubes does something similar. Qubes ships rpm (similar deb) packages with VM images.
The problem with such a package is if used just as regular package:
- A) big size
- B) once upgraded (new version), user modifications are lost.
Issue B) could be solved by not using the file from the package but by using a copy of that file originating from such a package. But then we are at issue C):
the package would get getting upgraded (wasting download time and download quota)
Qubes (dom0 is Fedora based) solves this issue by disabling upgrading of the package. It can be done on Debian too using sudo apt-mark hold package-name
. On Debian that would lead to a probably user confusing message during sudo apt-get dist-upgrade
. For example:
The following packages have been kept back:
whonix-vm-image-kvm
That would allow users to stick with whatever vm image they got earlier and keep their modifications. That would also allow users to easily re-install their vm image (thereby loosing all image modification) by using apt-unhold, apt-get dist-upgrade, apt-hold (re-block from upgrading).