Monero Integration in Whonix

Patrick · May 1, 2021, 5:54pm

monero-gui directly stored binaries in git is awful since git cloning over Tor (even just the current revision without history) times out when cloning from gitlab.

(And github rejects the repository size.)

du -sh usr/bin/*

16M     usr/bin/monero-blockchain-ancestry
14M     usr/bin/monero-blockchain-depth
14M     usr/bin/monero-blockchain-export
14M     usr/bin/monero-blockchain-import
11M     usr/bin/monero-blockchain-mark-spent-outputs
14M     usr/bin/monero-blockchain-prune
14M     usr/bin/monero-blockchain-prune-known-spent-data
14M     usr/bin/monero-blockchain-stats
14M     usr/bin/monero-blockchain-usage
25M     usr/bin/monerod
9.5M    usr/bin/monero-gen-ssl-cert
31M     usr/bin/monero-gen-trusted-multisig
32M     usr/bin/monero-wallet-cli
107M    usr/bin/monero-wallet-gui
4.0K    usr/bin/monero-wallet-gui.AppImage
33M     usr/bin/monero-wallet-rpc

Even if just shipping the compressed file would be too much.

121M monero-gui-linux-x64-v0.17.2.1.tar.bz2

If monero-gui was removed from source folder ~/Whonix/packages/monero-gui, it would be no longer installed by default inside Whonix, also bad.

Whonix builds using Whonix’s build script could build using Whonix binary APT repository but that wouldn’t be a real build from Whonix source code where Whonix Debian packages are build from and installed from source. Seems awful to change the Whonix build design just for that.

A build script command line option --monero-gui true|false would be feasible but that would also be very messy.

“If you want monero-gui, you additionally need to clone that repository. That will probably only work if cloning over clearnet. Otherwise your build will differ from original build. Oh, and after the build you’re also free to install the binary package from Whonix repository.” Messy.

Keeping monero-gui pre-installed is pretty important.

git LFS perhaps? Not free on github. And a 1 GB quota for downloads per month is nothing. Paying per GB would be a DOS opportunity.

gitlab has 10 GB for LFS but that’s also not much.

git LFS is in Debian.

https://packages.debian.org/buster/git-lfs

Self-hosting a git LFS server seems overkill. That would add all the complexities of git LFS + a git LFS server. Instead, it might be easier to install a simple git server on whonix.org. Not a fully featued gitlab CE. Perhaps something simpler such as gitweb.

Then git clone over Tor wouldn’t be blocked obviously and no timeouts.

Existing git locations (gitlab, github) would be kept but when git cloning Whonix, it would be by default cloned from whonix.org.

(pull requests would still be welcome on gitlab, github. No changes. This isn’t an issue since git is federated.)

Perhaps gitweb.

https://packages.debian.org/buster/gitweb

Patrick · May 8, 2021, 3:46pm

Patrick · June 21, 2021, 11:52am

Anonymous edit Difference between revisions of "Monero" - Whonix

Advanced {{q_project_name}} users can investigate [monero-site/wallet_daemon_isolation_qubes_whonix.md at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub Wallet/Daemon Isolation]. In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor. This is untested by {{project_name}} maintainers.

Qubes gives the flexibility to easily create separate VMs for different purposes. First you will create a Whonix workstation for the daemon which will use a Whonix gateway for networking. Next, another Whonix workstation for the wallet with no connection to the network. For communication between the wallet and daemon you can make use of Qubes qrexec.
+
+
This is safer than other approaches which route the wallet’s rpc over a Tor hidden service, or that use physical isolation but still have networking to connect to the daemon. In this way you don’t need any network connection on the wallet, you preserve resources of the Tor network, and you incur less latency.

I am not sure that is correct:

In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor.

Quote monero-site/wallet_daemon_isolation_qubes_whonix.md at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub

For communication between the wallet and daemon you can make use of Qubes qrexec.

That qrexec connection is as good as a network connection. Different from a split (offline + watch-only) wallet Contents/split-bitcoin.md at master · Qubes-Community/Contents · GitHub

torjunkie · June 22, 2021, 9:24pm

Found that on the qubes-os forum where users talk about using it and it working.

Also - we already mention that link in the Intro on that wiki page. So if it’s wrong, it should be removed from both sections.

Personally I don’t put much faith in cryptocoin vaporware, so I don’t mind either way.

Patrick · June 23, 2021, 1:34pm

Alright. Too complex to get into as a sideline. Could you remove both mentions please?

torjunkie · June 23, 2021, 8:56pm

Fixed.

Patrick · June 24, 2021, 11:43am

Advanced [[Qubes]] users could look into [https://getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html CLI Wallet/Daemon Isolation with Qubes + {{project_name}}]

−
[Google Grupper qubes-users - Guide: Monero wallet/daemon isolation w/qubes+whonix]

−

Or we could keep this as an honorable mention, let advanced users look into it but otherwise stay out of it since complex, unspecific to Whonix?

Patrick · November 2, 2021, 12:27pm

Patrick · December 13, 2021, 11:28pm

Was 0.17.2.3 previously. (Forgot to post.)

Upgraded to 0.17.3.0 just now.

TNT_BOM_BOM · March 27, 2022, 10:25am

Dependencies issues according to ticket creator.

Patrick · March 28, 2022, 11:11am

Answered in above ticket.

TNT_BOM_BOM · May 19, 2022, 8:49pm

Current Monero-gui is 0.17.3.2 in upstream (29 April 2022), In Whonix 0.17.3.0 ( 4 December 2021)

I think its worth to have new version.

Patrick · May 25, 2022, 2:08pm

Uploaded 0.17.3.2 to testers repository just now.

Patrick · June 5, 2022, 11:30am

Now in stable repository.

redex · June 14, 2022, 7:27pm

could this be relevant to whonix and steam isolation?

github.com/monero-project/monero

daemon: add command line arg to set socks proxy

monero-project:master ← tobtoht:daemon_proxy

opened 11:34PM - 18 Mar 21 UTC

tobtoht

+61 -11

Patch originally provided by wfaressuissia[m] in #monero-dev, with minor changes…. Tails does not transparently torify traffic, as such torsocks must be used in absence of application-level configuration. This introduces various issues, such as long timeouts (See: https://github.com/monero-project/monero/issues/6708#issuecomment-658899258) and problems closing monerod because torsocks likes to eat sigints. This patch eliminates the need for torsocks by introducing a command line argument for setting the socks proxy. This will also allow the GUI to spawn monerod without using torsocks to fix simple and bootstrap mode on Tails.

Patrick · June 15, 2022, 10:56am

Yes.

TNT_BOM_BOM · July 9, 2022, 10:21am

The new software (v0.18 “Fluorine Fermi”) will be released one month before the network upgrade, on the ~13th of July.

Patrick · July 15, 2022, 1:18pm

TNT_BOM_BOM via Whonix Forum:

Monero will undergo a network upgrade on 13th August, 2022 | Monero - secure, private, untraceable

The new software (v0.18 “Fluorine Fermi”) will be released one month before the network upgrade, on the ~13th of July.

Monero GUI 0.18 not released yet. To check:

Patrick · July 22, 2022, 5:41pm

Upgraded to 0.18.0.0 just now.

Patrick · August 27, 2022, 11:23am

Upgraded to 0.18.1.0 just now.