Long Wiki Edits Thread

Good idea re: reverting changes (due to .onions down or possibly poor connection speeds).

torjunkie:

@Patrick, how about this below (not sure which features etc you’d like to highlight - took a guess. April date to be confirmed upon release.)

Whonix 14 has been Released

April X, 2018

Greetings to the Whonix community!

After 22 months of development, the Whonix Project is proud to announce the release of Whonix 14.

Whonix 14 is based on the Debian stretch (Debian 9) distribution which was released in June 2017, meaning users have access to numerous updated and new software packages, a modern branch of GnuPG, and more. [1][2][3]

Major Changes and New Features

Whonix 14 contains many security and usability improvements, new features and bug fixes. For a detailed description of these and other changes, please refer to the official release notes. [4]

  • Rebased Whonix on Debian stretch (Debian 9).

  • Whonix 14 is 64-bit (amd64) only - 32-bit (i386) images will no longer be built and made available for download. [5]

  • The new Anon Connection Wizard [6] feature in Whonix simplifies connections to the Tor network via a Tor bridge and/or a proxy.

  • Onionshare and onioncircuits are installed by default in Whonix.

  • Tails’ onion-grater program has been implemented to enable onionshare, Ricochet and Zeronet compatibility with Whonix.

  • Onion sources are now preferred for Whonix updates/upgrades for greater security.

  • Updated Tor to the v3.2.10 major (stable) release to enable full v3 onion functionality for both hosting of onion services and access to v3 onion addresses in Tor Browser.

  • Created the grub-live package [7] which can run Whonix as a live system on non-Qubes-Whonix platforms. [8]

  • Corrected and hardened various AppArmor profiles to ensure the correct functioning of Tor Browser, obfsproxy and other applications.

Known Issues

  • Desktop shortcuts are no longer available in non-Qubes-Whonix.

While there may be other problems that exist in this declared stable release, even effort has been made to address major known problems.

Please report any other issues to us in the forums, after first searching for whether it is already known.

Download Whonix 14

Whonix is cross-platform and can be installed on the Windows, macOS, Linux or Qubes operating systems. Choose your operating system from the link below and follow the instructions to install it.

https://www.whonix.org/download/

Upgrade to Whonix 14

Current Whonix users (or those with 32-bit hardware) who would prefer to upgrade their existing Whonix 13 platform should follow the upgrade instructions below.

Release Upgrade

What’s Next?

Work on Whonix 15 is ongoing and interested users can refer to the roadmap to see where Whonix is heading. [9]

Developer priorities are currently focused on easing the transition to the next Debian release due in 2019 (“buster”; Debian 10) and squashing existing bugs, rather than implementing new features.

We need your help and there are various ways to contribute to Whonix - donating or investing your time will help the project immensely. Come and talk with us! [10]

References

[1] Debian -- News -- Debian 9 "Stretch" released
[2] Release Notes for Debian 12 (bookworm), 64-bit PC
[3] Release Notes for Debian 12 (bookworm), 32-bit PC
[4] Changelog - Whonix
[5] Whonix 13 users with 32-bit systems can however upgrade their platform by following the available wiki instructions, rather than download new Whonix-WS and Whonix-GW images.
[6] Anon Connection Wizard - Whonix
[7] Live Mode for Kicksecure
[8] grub-live is optional and requires the user to first enable it manually.
[9] ⚓ Query: Open Tasks
[10] https://forums.whonix.org

This is really good!

Could you make this a wordpress draft please?

(Should also be possible to copy and paste html there.)

OK - will do.

1 Like

Great job, @torjunkie !

Shall we include the support meek_lite, too? It greatly improved the user experience in heavily censored area: http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Whonix_Release_Notes&oldid=33415

It can be put under the Major Changes and New Features:

  • Tor Pluggable Transport meek_lite is supported, making Whonix much easier to connect to the Tor network in heavily censored areas, like China.

: News - Whonix Forum

3 Likes

I am not good at wording. So in your opinion, do you think using word like “tremendous” or “huge number of” will be better than using “many”, @torjunkie ?

It is not exaggerated considering to number of changes from Whonix 13 → 14.
http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Whonix_Release_Notes#Whonix_14

1 Like

Done!

https://whonix.org/wiki/w/index.php?title=Manually_Downloading_Tor_Browser&oldid=32458&diff=cur

Please let me know if changes are necessary.

2 Likes

It seems onionshare is not in and will not be in Whonix 14 because of it is not available in Debain Stretch repository.

2 Likes

Thanks to you both. I will get back to this shortly (bit busy today) and fix these things up.

1 Like

@iry @0brand

Changes made to suggested Whonix 14 blog release (further above).

If you like it and don’t have any other suggestions, I’ll save it as a draft blog for Patrick.

2 Likes

Excellent edits! :slight_smile:

Tor Browser sandboxed

You sure we need stretch-backports? In Debian stretch, versions should
be new enough so it might work without any backports.

onionshare

Could be either installed manually using onionshare homepage
instructions https://onionshare.org/ or perhaps by “cheating” since it
is in Debian buster.

Perhaps by pinning onionshare from buster. Perhaps there is no
dependency hell. (Not pulling lot of packages from buster besides
onionshare.) Needs testing (figuring out) as well as documentation.

Either way, not as easy as if it was in stretch, users will be able to
use onionshare.

2 Likes

Great job, @torjunkie !

One more thing before finalizing the draft?

Modify draft as follows:

  • Onionshare is not installed by default in Whonix 14 as it is not in the stretch repository. It could be still be manually installed by following this instructions [X].

[X]: link to a Whonix Wiki page containing instructions.


Wiki instruction can be filled out later after testing:

Onionshare could either be installed manually using onionshare homepage instructions https://onionshare.org or perhaps by “cheating” since it is in Debian buster.

2 Likes

@torjunkie

Went through the Whonix 14 release blog post. Great work!!

First one is just a suggestion. Obviously ignore if you like. :wink:

Next one - I think is a typo. Maybe not?

Whonix 14 is based on the Debian stretch (Debian 9) distribution which was released in June 2017, meaning users have access to numerous updated and new software packages, a modern branch of GnuPG, and more.

meaning users have access to many new software packages in concert with existing packages such as a modern branch of GNuPG, and more.

Known Issues

Desktop shortcuts are no longer available in non-Qubes-Whonix.
Onionshare is unavailable in Whonix 14 as it is not in the stretch repository.

While there may be other problems that exist in this declared stable release, even effort has been made to address major known problems.

every effort has been made to address major know problems

2 Likes

@Patrick

The Qubes wiki/apparmor instructions require updating. More specifically -l option in qvm-prefs was replaced with -g for R4.0 both R3.2, and R4.0.

Also: kernelopts can be listed without an option.

qvm-prefs sys-whonix kernelopts

https://github.com/QubesOS/qubes-doc/pull/622#event-1549528064


I would need permissions to edit wiki template?

https://whonix.org/wiki/Template:Qubes_AppArmor

1 Like

Thanks all. I will make those blog changes shortly.

@0brand. Good pickup. I ended up protecting all the 250+ templates to deter trolls who were getting a little active in recent months.

I’ve changed the permission on that template so you should be able to edit it now.

No problem - let me test Sandboxed Tor Browser without backports (will purge the other version of Bubblewrap).

Will also change wording on onionshare also i.e. users can manually install it or use Sid package.

Draft instructions to follow here - I’ll give it a crack and you linux pros tell me whether it’s the canonical method or not. To say the online Debian instructions are involved would be an understatement i.e. just installing one package from testing requires a ton of pinning & APT steps.

2 Likes

OK - Sandboxed Tor Browser does not need Bubblewrap from stretch-backports to work correctly, just the normal repos:

  • Fixed wiki.

  • Updated wiki text to reflect April 2018 status of sandbox specs.

  • I’ve tested that both Sandboxed Tor Browser stable and alpha work in Whonix 14 - they do.

  • Haven’t played with optional configurations like sound etc, so I’ll leave that as an exercise for the interested Whonix user, since it opens up unnecessary attack vectors.

Note the error message around Adawaita theme in Konsole is:

sandbox: Failed to find Adwaita gtk-2.0 theme.

Since this theme is probably installed in standard Tor Browser (the running Sandboxed Tor Browser instance does look a little different), perhaps we should recommend users install it, as it may otherwise pose a fingerprinting vector(?).

Moving on to onionshare…

@iry @0brand

Adopted your changes for the suggested Whonix 14 blog release wording (further above).

Once we have acceptable OnionShare install instructions with a Whonix wiki reference, it’s ready for saving as a draft blog. Anything else you want to highlight feature-wise?

1 Like

Thank you for your awesome work! It looks great to me!

1 Like

torjunkie

Whonix 14 blog release is impeccable. Great work!

1 Like

What do you think about adding this step by step guide to wiki/Tor? Then have a step in the Whonix 14 testers blog that has users copy and paste Tor State File from sys-whonix-13 to sys-whonix-14. ( and also has a link to these instructions?)

Copying Tor State to secondary sys-whonix

torjunkie: the language in this guide is not complete. Just wanted to get your opinion before I went any further. Aslo these instructions assume sys-whonix is based on Whonix-14 and sys-whonix-13 (obvious)

  1. In sys-whonix stop Tor.

    sudo systemctl stop tor@default

  2. In sys-whonix remove Tor State File. Note: Its likely that this command will complain that the process is busy. This can be ignored.

    sudo rm -r /var/lib/tor

  3. In sys-whonix, ensure /var/lib/tor is empty. This command should produce no output.

    sudo ls /var/lib/tor

  4. In sys-whonix-13, stop tor.

    sudo systemctl stop tor@default

  5. In sys-whonix-13, copy the Tor State File to sys-whonix. Users must upgrade to a root prompt (root@host:# ) for the command to exit successfully.

    Note: If users encounter this error it can be ignored. qfile-agent: Fatal error: stat “VM” (error type: No such file or directory) . Hit “OK” when prompted

    sudo su

    qvm-copy /var/lib/tor sys-whonix

  6. In sys-whonix, list the QubesIncoming directory to ensure Tor State File was copied over successfully.

    ls ~/QubesIncoming/sys-whonix-13/tor

    The output should include these files:

    cached-certs cached-microdescs lock
    cached-microdesc-consensus cached-microdescs.new state

  7. In sys-whonix, move Tor State File to /var/lib/tor .

    sudo mv ~/QubesIncoming/sys-whonix-13/tor/* /var/lib/tor

  8. In sys-whonix, ensure all files listed in step 6 are now in /var/lib/tor and have the proper ownership. For Tor to function, files in this directory should be owned by debian-tor . If files do not have proper ownership, proceed to step 9. Otherwise skip to step 10.

    sudo ls -l /var/lib/tor

    Note: The first 2 lines of the output should look similar to this. Notice the proper file ownership ‘debian-tor debian-tor’.

    -rw------- 1 debian-tor debian-tor 20442 Feb 22 21:22 cached-certs
    -rw------- 1 debian-tor debian-tor 1985454 Apr 4 00:04 cached-microdesc-consensus

  9. In sys-whonix, change ownership of the Tor State File to debian-tor.

    sudo chown debian-tor: -R /var/lib/tor

  10. In sys-whonix, verify Tor State file is owned by debian-tor.

    sudo ls -l /var/lib/tor

  11. In sys-whonix, start Tor.

    sudo systemctl start tor@default

  12. In sys-whonix, verify Tor is functioning properly.

    whonixcheck -v

1 Like

Excellent work 0brand and great idea to add to the wiki!

Then your blog post only needs to refer to the wiki link. i.e. something like →

Step X: Copy the Whonix 13 Tor state to the secondary sys-whonix

Users are recommended to copy their Whonix 13 Tor state to the secondary (Whonix 14) sys-whonix to maintain the same Tor entry guard and defend against tracking attempts by advanced adversaries.

Follow the instructions at the following link:

whonix.org/wiki/XXXXXX

Note:

  • Steps 1 & 2 have same commands.
  • The rest of it looks logical to me, but I haven’t tested it.

Does it work okay for you?

These instructions can live under the Advanced Topics section of the Tor chapter with an appropriate title.