Open Build Service

I propose the use of a dedicated package building system for Whonix project packages. The most advanced one I have found is the Suse developed Open Build System. Most important features are [1]: Supports a wide variety of distros and package formats. Can fetch from different collaborative coding platforms including Git. Supports different hardware architectures (think ARM support). Supports reproducible builds.

Besides being available as an online service, the build server software is available as an appliance package you can download and use locally. [2]

Open Build System is used by some major projects: Linux foundation and Tizen. [3]


The Open Build Service (OBS) is a generic system to build and distribute binary packages from sources in an automatic, consistent and reproducible way. You can release packages as well as updates, add-ons, appliances and entire distributions for a wide range of operating systems and hardware architectures.

[1] https://en.opensuse.org/openSUSE:Build_Service_comparison#Comparison
[2] http://openbuildservice.org/download/
[3] https://en.wikipedia.org/wiki/Open_Build_Service


consistent and reproducible way
I did some searching and I don't think they are using reproducible as synonym for deterministic. As far I understand, they're referring to reproducible in the simpler sense, just being able to repeat the build, not in the debian-reproducible sense, not as in byte for byte identical (deterministic).
Supports different hardware architectures (think ARM support).
I am not sure it would be security wise a great idea to deploy binary packages there were build on some CI server to end users.

Also also not eager to get ARM specific packages into Whonix’s repository without having a dedicated maintainer for ARM. Fortunately, Whonix doesn’t include any to be complied [at build time] code yet. To my knowledge there is no platform specific code yet. (Well, tb-updater, because The Tor Project does not ship ARM builds of TBB.) What Whonix ARM support needs next is a maintainer supporting that use case, perhaps a very few lines of changed code, building the image, maintaining it.

Can also build full OS images, appliances or VM's (KIWI)

Sounds terrific. Something that using CI’s I found is not possible due to their inherit limitations using OpenVZ.
Apparently appliance building is only supported for Suse?
(I briefly checked out KIWI / susestudio. They from suse are providing their community with some great dev tools, looks like. And I am all for great dev tools. :slight_smile: )


At my current knowledge, I don’t think I’ll be working on this.

Unless, have I missed any arguments in favor?

Having that said, anyone feel free to work on this.

At my current knowledge, I don't think I'll be working on this.

Unless, have I missed any arguments in favor?

Having that said, anyone feel free to work on this.

Nice write up on why it won’t work, I am not a dev so didn’t know much about the process. I wanted to run this by you just in case you found it more helpful.

One thing occurred to me. Since their CI is probably based on KVM, maybe it can be used to create Debian VM images. Worth trying.

Asked in their forums:

Got redirected. Asked on their mailing list:

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]