For VM images (both ova’s and qcow’s):
- Using Whonix’s build script (https://github.com/Whonix/Whonix/tree/Whonix8)
- that uses grml-debootstrap (https://github.com/Whonix/Whonix/blob/Whonix8/build-steps.d/1300_create-debian-img)
- that creates a bootable (grub) raw image without lvm [which is a difficult task, especially making it bootable (grml-debootstrap/grml-debootstrap at master · grml/grml-debootstrap · GitHub)]
- later converted to qcow2 (https://github.com/Whonix/Whonix/blob/Whonix8/build-steps.d/2400_convert-img-to-qcow2)
- later compressed (https://github.com/Whonix/whonix-developer-meta-files/blob/master/release/compress_qcow2)
Physical Isolation:
I thought that the KVM version is build in a qemu/KVM VM using qcow2 or raw LV...- Redistributed Whonix VM images are build without starting any VMs. - Using qemu-img, mount, chroot and so forth. - Everything is scripted and automated. - No manual interventions for image creation.
No need to make performance tests here: image based VMs (no matter if OVA using sparse files or qcow2) are slower than VMs that use a LVM raw partition.
Working on files in an image file for sure is at least more disk IO.
Ah, you meant raw LVM partitions in your previous post? I was talking about VM images using LVM. I could get convinced, that we should use LVM for VM images. That discussion however, should be unrelated to this KVM thread. But I guess you didn’t raise that point.
KVM LVM partitions with Whonix are theoretically possible. Perhaps they would have even better performance. No one is working it it at the moment. The problem is, how to redistribute KVM LVM partitions with Whonix? It would make the setup more host operating system specific. More instructions would be required. A new option for Whonix’s build script would be required. Instructions would look a bit similar to build instructions for physical isolation (Build Documentation: Physical Isolation), I think.
What we’re working on here are VM images, we agreed to use qcow2 images for advantages stated in previous post. It is much simpler to redistribute them. The plan roughly is: 1. download qcow2.xz 2. extract 3. use our kvm instructions [or in future hopefully, run our kvm setup script] 4. done.
Creating a KVM partition however looks much more scary (data loss), difficult for the user (instructions) and technically difficult to implement to me. But if anyone wants to work on this, by all means, go ahead.
LVM itself is the GUI to manage LVs, also to resize them. But there is a also a simple command in the terminal.What's the GUI package for resizing?
And qcow2 images still can be compressed with gzip, so no worries about huge uploads. Watch out, a gzipped qcow2 image will be about 10% smaller than the native qcow2 zlib compression :)So if you don't complain about compression. Great. I guess you will like the new qcow2 images. They're already briefly tested by me (that they do boot up, 100 GB apparent size, ~2GB really used space) and uploaded. Just hoping all mirrors updates already. Please try.
http://mirror.whonix.de/8.2/Whonix-Gateway-8.2.qcow2.xz
http://mirror.whonix.de/8.2/Whonix-Gateway-8.2.qcow2.xz.asc
http://mirror.whonix.de/8.2/Whonix-Workstation-8.2.qcow2.xz
http://mirror.whonix.de/8.2/Whonix-Workstation-8.2.qcow2.xz.asc
tar xvf Whonix-Gateway-8.2.qcow2.xz
(unxz
won’t work!)
gpg (date/time must match for this release):
gpg --verify Whonix-Gateway-8.2.qcow2.xz.asc
gpg: Signature made Wed 07 May 2014 02:41:41 AM CEST using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
gpg --verify Whonix-Workstation-8.2.qcow2.xz.asc
gpg: Signature made Wed 07 May 2014 02:41:56 AM CEST using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
sha512:
5266eaacb3446f366ce644fe4788858aa4f3dbb073bec9b347f7adffeb969aa5bfe8e08fd073c32389c3345cb9a4e5c62ff5c206871d27740b20016b41012659 Whonix-Gateway-8.2.qcow2.xz
feec2956fe78a7ad7d47c48f39faac469bb634600d03f550d4f0ba76ff0edf483d9b96a54e845af271c07170d81bed022dc9788a6a10e602456106a71038d9d0 Whonix-Gateway-8.2.qcow2.xz.asc
2e84f51d1f905b28227e8b2df1114e0ea6f3f021a374866ab36d8ae8fab8d0f9bce0c84f7f804bbee33d030c5c555a87a1d3320d860030dc27489cf7be18022e Whonix-Workstation-8.2.qcow2.xz
fe6cec1e5858aa61f3b013aee9650b0297858a7eb4141cfa6d257af47a508c08e1de840098729da119279f241da6e2ea365e7181c66faea05bded3bcf3f28bc6 Whonix-Workstation-8.2.qcow2.xz.asc