Bad News
To elaborate on that one…
During the build process of Non-Qubes-Whonix and Qubes-Whonix a Debian base image (created in earlier build step) will be morphed into Whonix.
During the build process of Kicksecure a Debian base image (created in earlier build step) will be morphed into Kicksecure.
What’s hard indeed is supporting arbitrary user installations of Debian which could contain a lot state (configuration, gnome vs kde vs whatever desktop environment) to be morphed to Whonix or Kicksecure.
Good News
This is also related to distro-morphing:
chroot debootstrap install Whonix / Kicksecure to folder
Other Linux distributions such as Qubes and ParrotOS indicated interest in a package developed by Whonix developers, namely security-misc , which does Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings.
But security-misc is only one component of security hardening. These and other Linux distributions might in future become interested to re-base to Kicksecure , which is a security-hardened, non-anonymous Linux Distribution.
chroot / debootstrap is a method to download (“install”) a Linux distribution in a folder from an already installed operating system. This has many uses and can be used to build a derivative (of Kicksecure) Linux distribution or Qubes template.
Actually not debootstrap but mmdebstrap which is better .
More about Kicksecure:
whonix.org – 21 Mar 20
Kicksecure ™ is a security-hardened Debian based Linux distribution that provides better protection from malware.
How to install Kicksecure in a chroot:
whonix.org – 3 Apr 20
You can install Kicksecure ™ on top of your existing Debian (based) Linux installation inside a chroot (change root).
To learn early when distro-morphing would break due to package installation issues:
Continuous Integration (CI)
One test running on Travis CI uses travis.debian.net script (sets up a docker container which runs Debian) where package whonix-host-xfce-kvm-nonfreedom gets installed for real.
Another two tests running on Travis CI (one not using apt-cacher-ng, another using apt-cacher-ng) uses mmbdebstrap to create a chroot for the following meta packages whonix-host-xfce-kvm-nonfreedom , qubes-whonix-gateway , qubes-whonix-workstation , kicksecure-cli , kicksecure-cli-vm , kicksecure-xfce , kicksecure-xfce-vm , non-qubes-whonix-gateway-xfce , non-qubes-whonix-workstation-xfce , which then pull other Whonix packages. Therefore many new build bugs can be quickly spotted.
generally:Travis CI - Test and Deploy with Confidence
a recent successful build:https://travis-ci.org/github/Whonix/Whonix/builds/671191361
1 Like