swap - swap file - Whonix-Gateway freezing during apt-get dist-upgrade - encrypted swap-file-creator

Whonix-Gateway default RAM is currently set to 768 MB.
(Whonix-Workstation default RAM is currently set to 2048 MB.)

During upgrade Whonix-Gateway freezes. Not totally. But it looks frozen. The seconds on the clock stay at the same number for several minutes. This happens during module building (VirtualBox guest additions) as well as kernel header package upgrade. During that time, Tor running on Whonix-Gateway is not accessible from Whonix-Workstation.

Hence, I plan to re-vitalize swap-file-creator. I couldn’t find out why it was previously removed from installation by default. Once swap-file-creator is running, this issue is gone. (A small fix for buster was required.)

This is about Non-Qubes-Whonix only since Qubes-Whonix has dynamic RAM assignment (and higher system requirements).

Could you please review / improve this line? @HulaHoop

cryptsetup --batch-mode --hash sha512 -c aes-xts-plain64 --key-size 512 luksFormat

Alright I guess this doesn’t affect live mode since everything is redirected to RAM including the swap file. Question is if this would push current RAM reqs way higher than it is now vs increasing GW RAM without adding a swap file.

Everything else looks good. Since we don’t care about memorizing passphrases here just use a randomly generated character string.

1 Like

In effect,

  • no swap file will be created by default in Whonix-Workstation (since it has 2 GB RAM).
  • But in Whonix-Gateway would create a swapfile (since default 768 MB RAM). - Unless the user gives Whonix-Gateway 2 GB RAM manually.

Disabled in live mode already (but in theoretic case that was broken, then yes). I guess. Location of swapfile is /var/swapfile.

https://github.com/Whonix/swap-file-creator/blob/master/usr/share/swap-file-creator/start#L95

Why would adding a swap file increase GW RAM requirements? Perhaps I got that wrong.


I don’t like swap / swapfile since use of these can make the system super slow but it seems necessary. Also therefore, related, swappiness kernel setting is set to lowest:

https://github.com/Whonix/swappiness-lowest/blob/master/etc/sysctl.d/swappiness-lowest.conf

Indeed. However, anti-forensics cannot be guaranteed due to the same reasons listed on Encrypted VM Images.

1 Like

I was under the impression any newly file created since boot up is redirected to RAM and since it’s being recreated anew every boot it occupies space?

1 Like

This concern is for live mode only?
Yes, I have no idea what would happen there. Creating a (swap) file (really any file) in live mode could be an issue.
But fairly certain, it swap-file-creator will not create a swapfile in live mode.
Therefore no issue?

Yes

Perfect :slight_smile:

1 Like

HulaHoop via Whonix Forum:

Alright I guess this doesn’t affect live mode since everything is redirected to RAM including the swap file.

Disabled in live mode already (but in theoretic case that was broken,
then yes). I guess. Location of swapfile is /var/swapfile.

Question is if this would push current RAM reqs way higher than it is now vs increasing GW RAM without adding a swap file.

Why would adding a swap file increase GW RAM requirements? Perhaps I got
that wrong.

Well, adding 256 MB or 512 MB “real” (virtual) RAM instead of a swap
file could abolish need for a swapfile. Additional 512 MB should e
sufficient for sure since swapfile has that size currently and solved
these issues.

swap-file-creator could abort creating a swap file if more than XXX MB
of RAM is available. Such a feature would be easy to add if that seems
useful.

I don’t like swap / swapfile since use of these can make the system
super slow but it seems necessary. Also therefore, related, swappiness
kernel setting is set to lowest:

https://github.com/Whonix/swappiness-lowest/blob/master/etc/sysctl.d/swappiness-lowest.conf

Since we don’t care about memorizing passphrases here just use a randomly generated character string.

Indeed.

1 Like
  1. swap-file-creator can probably be speed up massively by using fallocate instead of dd to create the swap file at boot time.

  2. It might also become more compatible, fast, reliable by making better use of systemd as per:

  1. How big should the swap file be?

Done.

This is now in the testers repository.