Monero Integration in Whonix

Hello Whonix community! The Monero community was contacted by @nurmagoz at this thread.

We were really excited to get a message from you guys. As you may or may not know, Monero has no central leadership structure, no corporation, or foundation, or anything. We’re just a decentralized community that’s passionate about privacy. If you want to learn more about how Monero works, check out the website at getmonero.org or watch this video (two hours long though).

All this being said, the Monero community seems to by and large greatly respect Whonix and we’re thrilled to lend whatever aid we can (under current human resource constraints). In answer to the question presented, we have a Qubes-Whonix tutorial awaiting review and merge into the website.

Anything we can do to further the idea of bringing back the basic human right of privacy to the people alongside the Whonix community is something many of us would be very excited about. You have allies in the Monero Project.

Let’s share ideas of collaboration here.

Thank you!

Hello rehrar and thanks for your post!

Having one of your Monero community members who is knowledgeable in Whonix tinkering to nominate themselves an an anonymous maintainer of the relevant Whonix Monero wiki page i.e. must keep it up-to-date and functional at all times, would be a great help!

In fact, I nominate this as a strategy for all future cryptocurrencies because the sheer number makes it impossible for the limited number of part-time editors here to keep up.

(Plus not all of us are crypto fans to begin with… )

How come I have had Monero running for all these months, and have never installed any of those dependencies?

Also, I always start monero with torsocks, is that wrong?

Hello everyone! I’m OsrsNeedsF2P from the Monero community. I would love to help in any grudge-work Wiki editing you need, because I’m kind of good at that stuff!

Anyways, I’m excited to be here, and I love the idea put forward by torjunkie for having anonymous maintainers for different cryptocurrencies.

That’s fine

That’s fine!

But is it the most secure and anonymous method?

Hi,

I am a moderator of the Monero sub on Dread (a .onion Reddit alternative).

I maintain a guide on how to set up a Monero wallet on Whonix over here:
http://dreadditevelidot.onion/d/Monero/wiki?id=0a1f4743

My intended audience includes complete beginners at Whonix and Monero.

I’d love to hear your thoughts/feedback.

Broken link.

Try the link again after entering the captcha, the redirect seems broken.

alright so steps to open your link:

• open the link and you will find captcha
• fill the captcha and you should be redirected to the subject? no
• close that link and press on the link here again and it will redirect you to the subject.

(so i think the admin need to fix that )

i looked at the instructions, instructions looks like been written with careful and its step by step. i didnt test that personally but it looks nice.

bravo!

This is the Monero page: Please fill it with nice easy spicy instructions

add your instructions.

and @rehrar @OSNF2P @0xB44EFD8751077F97 maybe your help with the steps will rich the subject and add great touch as aggregating work in the wiki.

related:

http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/improving-cryptocurrencies-installation-inside-whonix-wiki/5898/3

You can explain to HugBunter@jabber.calyxinstitute.org how sessions work.

I have reformatted the guide and made some improvements in the structuring and layout to make it more suitable for the wiki.

The changes are pending review on the wiki.

Thanks thotbot!

Monero/Manual Instructions: Difference between revisions - Whonix

Packages

qtbase5-dev qt5-default qtdeclarative5-dev qml-module-qtquick-controls qml-module-qtquick-xmllistmodel qttools5-dev-tools qml-module-qtquick-dialogs

No longer required for monero-gui?

Could you please simplify Monero (XMR): A Reasonably Private Digital Currency?

Concentrate on GUI with remote node, and move the CLI part to https://www.whonix.org/wiki/Monero/CLI?

Some parts of the instructions are currently using one version, others another version:

• 0.14.0.0
• 0.14.0.2

Newest is v0.14.1.0 or is that developers only or something?

Software signature verification instructions are also unclear to me. We links to Binary Verification: Linux, Mac, or Windows Using CLI Tools (Advanced) | Monero - secure, private, untraceable and they link to https://web.getmonero.org/downloads/hashes.txt which however does not show version 0.14.0.2, only version 0.14.0.0.

Latest GUI binaries are for 0.14.0.0, latest CLI binaries are for 0.14.1.0.

The file https://web.getmonero.org/downloads/hashes.txt matches that.

For now our instructions (if want to be up to date) for GUI should use 0.14.0.0, our instructios for CLI should use 0.14.1.0

Monero/Manual Instructions: Difference between revisions - Whonix

https://src.getmonero.org/resources/user-guides/verification-allos-advanced.html

Could you please add verification instructions to Monero (XMR): A Reasonably Private Digital Currency?

Next release (0.15.0.0) is scheduled for October 31, hard fork planned to take place on November 30.

Currently 0.15 is available for CLI only. GUI version still isn’t out. Many nodes already using 0.15.

Official Monero site has served possible malware for 30 minutes between Nov.18 and Nov.19.

Always verify hashes!

According to the email from the monero-announce list the malware was being served for 14 hours.

https://lists.getmonero.org/hyperkitty/list/monero-announce@lists.getmonero.org/thread/DXJ223SBTCWKP7EDHVS7X73VP6WWX4S4/

The malware will steal your coins: Wrong hashes (from getmonero.org) · Issue #6151 · monero-project/monero · GitHub

I’ve posted a proposal at monero Community Crowdfunding System (CCS) where I suggested myself to become the maintainer of a monero GUI Debian package installable from whonix.org repository, avaiable for all users of Debian buster, Whonix and Qubes Debian buster template.

Discussion here:
Monero Debian Package Repository for 2 years (!130) · Merge requests · monero-project / CCS Proposals · GitLab

See full proposal text here:
Monero Debian Package Repository for 2 years (!130) · Merge requests · monero-project / CCS Proposals · GitLab

• https://github.com/monero-project/monero/issues/2395#issuecomment-593526293

The CCS proposal was a success. Funding as provided.

https://ccs.getmonero.org/proposals/adrelanos-debian-package.html

Monero GUI was packaged for Debian. It’s available in all Whonix repositories.

https://github.com/Whonix/monero-gui

Not calling for testers just yet since I am still testing myself.

There’s also a non-packaging, probably non-Whonix specific 100% CPU use bug: v0.14.x.x High CPU Usage on Linux · Issue #2238 · monero-project/monero-gui · GitHub

Looks like a new ticket was created instead of re-opening the old one:

Good to see a developer react so quickly.

Test command from inside VM to detect if VirtualBox 3D acceleration is enabled or disabled?

Could you please test monero-gui (from Whonix repository https://github.com/Whonix/monero-gui)

sudo apt update
sudo apt install monero-gui

in Whonix-Workstation KVM and see if KVM is affected by any of these bugs?

• Automatic fallback to softwarecontext renderer · Issue #2878 · monero-project/monero-gui · GitHub
• 30% CPU in Debian buster based VirtualBox VM · Issue #2880 · monero-project/monero-gui · GitHub

@HulaHoop

Related, perhaps you also have an idea for Test command from inside VM to detect if VirtualBox 3D acceleration is enabled or disabled?

Install mesa-utils then run glxinfo | grep OpenGL

If 3D is being emulated in pure software because no acceleration it will say llvmpipe. At least it’s the case with KVM. This isn’t future proof and makes no sense in vulkan environments.

OpenGL vendor string: VMware, Inc.
OpenGL renderer string: llvmpipe (LLVM 7.0, 128 bits)

VirtaulBox host setting VMSVGA 3D acceleration seems to be working.

• Without, 3D acceleration disabled the CPU utilization is higher as expected (100%).
• With, 3D acceleration enabled the CPU utilization is lower (30%).

The output of glxinfo is exactly the same with and without 3D acceleration.

I can’t find any way to figure that out from inside the VM. The only way to find this out is by testing. Environment variable QMLSCENE_DEVICE=softwarecontext is either required or not.

QMLSCENE_DEVICE=softwarecontext monero-wallet-gui

or

monero-wallet-gui

For VirtualBox, this will be simplified in the future in Whonix ™ 15.0.1.3.4 (and above) which is coming soon. QMLSCENE_DEVICE=softwarecontext will be globally set as environment variable if VirtualBox is detected. Script:

vm-config-dist/20software_rendering_in_vms at master · Kicksecure/vm-config-dist · GitHub

Seeing the exact same behavior described in bug reports. Expected because 3D acceleration is not fully ready yet for KVM on Debian stable.

any way to test if it works for kvm?

/etc/X11/Xsession.d/20software_rendering_in_vms

Uploaded Monero GUI 0.17.1.1 just now.

Monero and Whonix 15.0.1.5.1 bug (possibly actually non-bug)

Upgraded to 0.17.1.4 just now.

Upgraded to 0.17.1.6 just now.

Upgraded to 0.17.1.7 just now.

Upgraded to 0.17.1.9 just now.

Upgraded to 0.17.2.1 just now.

monero-gui directly stored binaries in git is awful since git cloning over Tor (even just the current revision without history) times out when cloning from gitlab.

(And github rejects the repository size.)

du -sh usr/bin/*

16M     usr/bin/monero-blockchain-ancestry
14M     usr/bin/monero-blockchain-depth
14M     usr/bin/monero-blockchain-export
14M     usr/bin/monero-blockchain-import
11M     usr/bin/monero-blockchain-mark-spent-outputs
14M     usr/bin/monero-blockchain-prune
14M     usr/bin/monero-blockchain-prune-known-spent-data
14M     usr/bin/monero-blockchain-stats
14M     usr/bin/monero-blockchain-usage
25M     usr/bin/monerod
9.5M    usr/bin/monero-gen-ssl-cert
31M     usr/bin/monero-gen-trusted-multisig
32M     usr/bin/monero-wallet-cli
107M    usr/bin/monero-wallet-gui
4.0K    usr/bin/monero-wallet-gui.AppImage
33M     usr/bin/monero-wallet-rpc

Even if just shipping the compressed file would be too much.

121M monero-gui-linux-x64-v0.17.2.1.tar.bz2

If monero-gui was removed from source folder ~/Whonix/packages/monero-gui, it would be no longer installed by default inside Whonix, also bad.

Whonix builds using Whonix’s build script could build using Whonix binary APT repository but that wouldn’t be a real build from Whonix source code where Whonix Debian packages are build from and installed from source. Seems awful to change the Whonix build design just for that.

A build script command line option --monero-gui true|false would be feasible but that would also be very messy.

“If you want monero-gui, you additionally need to clone that repository. That will probably only work if cloning over clearnet. Otherwise your build will differ from original build. Oh, and after the build you’re also free to install the binary package from Whonix repository.” Messy.

Keeping monero-gui pre-installed is pretty important.

git LFS perhaps? Not free on github. And a 1 GB quota for downloads per month is nothing. Paying per GB would be a DOS opportunity.

gitlab has 10 GB for LFS but that’s also not much.

git LFS is in Debian.

Self-hosting a git LFS server seems overkill. That would add all the complexities of git LFS + a git LFS server. Instead, it might be easier to install a simple git server on whonix.org. Not a fully featued gitlab CE. Perhaps something simpler such as gitweb.

Then git clone over Tor wouldn’t be blocked obviously and no timeouts.

Existing git locations (gitlab, github) would be kept but when git cloning Whonix, it would be by default cloned from whonix.org.

(pull requests would still be welcome on gitlab, github. No changes. This isn’t an issue since git is federated.)

Perhaps gitweb.

Anonymous edit Monero: Difference between revisions - Whonix

Advanced {{q_project_name}} users can investigate [monero-site/_i18n/ar/resources/user-guides/wallet_daemon_isolation_qubes_whonix.md at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub Wallet/Daemon Isolation]. In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor. This is untested by {{project_name}} maintainers.

Qubes gives the flexibility to easily create separate VMs for different purposes. First you will create a Whonix workstation for the daemon which will use a Whonix gateway for networking. Next, another Whonix workstation for the wallet with no connection to the network. For communication between the wallet and daemon you can make use of Qubes qrexec.
+
+
This is safer than other approaches which route the wallet’s rpc over a Tor hidden service, or that use physical isolation but still have networking to connect to the daemon. In this way you don’t need any network connection on the wallet, you preserve resources of the Tor network, and you incur less latency.

I am not sure that is correct:

In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor.

Quote monero-site/_i18n/ar/resources/user-guides/wallet_daemon_isolation_qubes_whonix.md at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub

For communication between the wallet and daemon you can make use of Qubes qrexec.

That qrexec connection is as good as a network connection. Different from a split (offline + watch-only) wallet Contents/docs/security/split-bitcoin.md at master · Qubes-Community/Contents · GitHub

Found that on the qubes-os forum where users talk about using it and it working.

Also - we already mention that link in the Intro on that wiki page. So if it’s wrong, it should be removed from both sections.

Personally I don’t put much faith in cryptocoin vaporware, so I don’t mind either way.

Alright. Too complex to get into as a sideline. Could you remove both mentions please?

Fixed.

Advanced [[Qubes]] users could look into [CLI Wallet/Daemon Isolation with Qubes + Whonix | Monero - secure, private, untraceable CLI Wallet/Daemon Isolation with Qubes + {{project_name}}]

−
[Redirecting to Google Groups qubes-users - Guide: Monero wallet/daemon isolation w/qubes+whonix]

−

Or we could keep this as an honorable mention, let advanced users look into it but otherwise stay out of it since complex, unspecific to Whonix?

Was 0.17.2.3 previously. (Forgot to post.)

Upgraded to 0.17.3.0 just now.

Dependencies issues according to ticket creator.

Answered in above ticket.

Current Monero-gui is 0.17.3.2 in upstream (29 April 2022), In Whonix 0.17.3.0 ( 4 December 2021)

I think its worth to have new version.

Uploaded 0.17.3.2 to testers repository just now.

Now in stable repository.

could this be relevant to whonix and steam isolation?

Yes.

The new software (v0.18 “Fluorine Fermi”) will be released one month before the network upgrade, on the ~13th of July.

@nurmagoz via Whonix Forum:

Monero will undergo a network upgrade on 13th August, 2022 | Monero - secure, private, untraceable

The new software (v0.18 “Fluorine Fermi”) will be released one month before the network upgrade, on the ~13th of July.

Monero GUI 0.18 not released yet. To check:

Upgraded to 0.18.0.0 just now.

Upgraded to 0.18.1.0 just now.

Upgraded to 0.18.1.2 just now.

The CCS Monero Debian Package Repository for 2 years (!130) · Merge requests · monero-project / CCS Proposals · GitLab has been successfully completed. The CSS has expired at the beginning of this year. No extension request is planned. It is recommended to use the official Monero flatpak installation method which documented. Monero (XMR): A Reasonably Private Digital Currency

The monero-gui Debian package by Kicksecure has been deprecated and removed from the repository.

Alright. Thanks for the maintenance work. Going forward, I will download the binaries directly from getmonero.org

Btw, what’s going to happen to the existence of outdated monero binaries in Whonix, come the next Monero network upgrade? Is whonix going to remove those monero binaries?

No automatic removal. During upgrading, there will be the usual notification that packages can be automatically removed by running:

sudo apt autoremove

related on autoremove:

Support for Monero really, really sucks in the latest Whonix.

1. Monero is no longer installed by default (huge mistake)
2. The flatpak method of installation mentioned on Whonix wiki does not work - a related package throws an error during installation. Even if it worked, it has to download nearly a gigabyte of data over Tor just to install something that was available out-of-the-box before.
3. When downloaded directly from getmonero, the GUI crashes with out-of-memory error when trying to sync the blockchain. This didn’t happen before with the pre-installed client.

This all happens on the freshly installed latest Whonix VirtualBox release. Wtf guys?

The Monero Debian package by Whonix previously were exactly the same binaries. So the issue you’re experiencing now would equally apply.

Try add more RAM.

Otherwise needs to be resolved as per Free Support Principle.

Tested Monero flathub version in WS and its working as expected.

https://www.youtube.com/playlist?list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y

?

It isn’t like Monero can be traced, just some few shortcomings that Seraphis will hopefully fix it.

Monero can’t be deterministically traced. In a few edge-cases in which it might be probabilistically traced, the user can mitigate that attack vector by churning.

Currently, full membership proofs are under research by the Monero Research Lab. See this: Luke Parker - Full Chain Membership Proofs: Solving One of Monero’s Last Privacy Hurdles - Invidious

Also this research proposal: Monero Observer - rehrar submits CCS proposal to get 'Generalized Bulletproofs' reviewed by CypherStack