Monero Integration in Whonix

Upgraded to just now.


monero-gui directly stored binaries in git is awful since git cloning over Tor (even just the current revision without history) times out when cloning from gitlab.

(And github rejects the repository size.)

du -sh usr/bin/*

16M     usr/bin/monero-blockchain-ancestry
14M     usr/bin/monero-blockchain-depth
14M     usr/bin/monero-blockchain-export
14M     usr/bin/monero-blockchain-import
11M     usr/bin/monero-blockchain-mark-spent-outputs
14M     usr/bin/monero-blockchain-prune
14M     usr/bin/monero-blockchain-prune-known-spent-data
14M     usr/bin/monero-blockchain-stats
14M     usr/bin/monero-blockchain-usage
25M     usr/bin/monerod
9.5M    usr/bin/monero-gen-ssl-cert
31M     usr/bin/monero-gen-trusted-multisig
32M     usr/bin/monero-wallet-cli
107M    usr/bin/monero-wallet-gui
4.0K    usr/bin/monero-wallet-gui.AppImage
33M     usr/bin/monero-wallet-rpc

Even if just shipping the compressed file would be too much.

121M monero-gui-linux-x64-v0.17.2.1.tar.bz2

If monero-gui was removed from source folder ~/Whonix/packages/monero-gui, it would be no longer installed by default inside Whonix, also bad.

Whonix builds using Whonix’s build script could build using Whonix binary APT repository but that wouldn’t be a real build from Whonix source code where Whonix Debian packages are build from and installed from source. Seems awful to change the Whonix build design just for that.

A build script command line option --monero-gui true|false would be feasible but that would also be very messy.

“If you want monero-gui, you additionally need to clone that repository. That will probably only work if cloning over clearnet. Otherwise your build will differ from original build. Oh, and after the build you’re also free to install the binary package from Whonix repository.” Messy.

Keeping monero-gui pre-installed is pretty important.

git LFS perhaps? Not free on github. And a 1 GB quota for downloads per month is nothing. Paying per GB would be a DOS opportunity.

gitlab has 10 GB for LFS but that’s also not much.

git LFS is in Debian.

Self-hosting a git LFS server seems overkill. That would add all the complexities of git LFS + a git LFS server. Instead, it might be easier to install a simple git server on Not a fully featued gitlab CE. Perhaps something simpler such as gitweb.

Then git clone over Tor wouldn’t be blocked obviously and no timeouts.

Existing git locations (gitlab, github) would be kept but when git cloning Whonix, it would be by default cloned from

(pull requests would still be welcome on gitlab, github. No changes. This isn’t an issue since git is federated.)

Perhaps gitweb.

1 Like

Anonymous edit Monero: Difference between revisions - Whonix

Advanced {{q_project_name}} users can investigate [monero-site/ at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub Wallet/Daemon Isolation]. In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor. This is untested by {{project_name}} maintainers.

Qubes gives the flexibility to easily create separate VMs for different purposes. First you will create a Whonix workstation for the daemon which will use a Whonix gateway for networking. Next, another Whonix workstation for the wallet with no connection to the network. For communication between the wallet and daemon you can make use of Qubes qrexec.
This is safer than other approaches which route the wallet’s rpc over a Tor hidden service, or that use physical isolation but still have networking to connect to the daemon. In this way you don’t need any network connection on the wallet, you preserve resources of the Tor network, and you incur less latency.

I am not sure that is correct:

In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor.

Quote monero-site/ at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub

For communication between the wallet and daemon you can make use of Qubes qrexec.

That qrexec connection is as good as a network connection. Different from a split (offline + watch-only) wallet Contents/ at master · Qubes-Community/Contents · GitHub

Found that on the qubes-os forum where users talk about using it and it working.

Also - we already mention that link in the Intro on that wiki page. So if it’s wrong, it should be removed from both sections.

Personally I don’t put much faith in cryptocoin vaporware, so I don’t mind either way.

1 Like

Alright. Too complex to get into as a sideline. Could you remove both mentions please?


1 Like

Advanced [[Qubes]] users could look into [CLI Wallet/Daemon Isolation with Qubes + Whonix | Monero - secure, private, untraceable CLI Wallet/Daemon Isolation with Qubes + {{project_name}}]

[Redirecting to Google Groups qubes-users - Guide: Monero wallet/daemon isolation w/qubes+whonix]

Or we could keep this as an honorable mention, let advanced users look into it but otherwise stay out of it since complex, unspecific to Whonix?

Was previously. (Forgot to post.)

Upgraded to just now.

Dependencies issues according to ticket creator.

1 Like

Answered in above ticket.

1 Like

Current Monero-gui is in upstream (29 April 2022), In Whonix ( 4 December 2021)

I think its worth to have new version.

Uploaded to testers repository just now.

1 Like

Now in stable repository.

1 Like

could this be relevant to whonix and steam isolation?



1 Like

The new software (v0.18 “Fluorine Fermi”) will be released one month before the network upgrade, on the ~13th of July.

1 Like