Testers Wanted! Whonix 11 ( 11.0.0.2.3 )

[html]

The version number for this testers-only release is 11.0.0.2.3, which will become Whonix 11 the moment it’s blessed stable.

Major changes are port of Whonix from being Debian wheezy (that is Debian oldstable) based to Debian jessie (that now is Debian stable) based. And port from sysvinit to systemd among other enhancements, see changelog below.

Download link for Virtual Box images (.ova), kvm / qemu images and OpenPGP signatures (.asc):

http://mirror.whonix.de/11.0.0.2.3/

Upgrading Whonix 10 to Whonix 11:

https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

If you want to build from source code, see:

https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:

https://www.whonix.org/forum/index.php/topic,1282

Changelog between Whonix 10.0.0.5.5 and Whonix 11.0.0.2.3:

– fixed custom workstation build

– build script: refactoring, use errtrace rather than many traps – ⚓ T48 use errtrace would lead to fewer traps required

– build script: refactoring, use exit trap to reduce code duplication – ⚓ T269 use exit trap to reduce code duplication

– whonixcheck: warn if whonix-gateway / whonix-workstation package is not installed – ⚓ T264 warn if whonix-gateway / whonix-workstation package is not installed

– whonixcheck: warn if there is low entropy – ⚓ T202 check available entropy in whonixcheck

– build, anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository: changed release codename from wheezy to jessie – ⚓ T270 change release codename from wheezy to jessie

– grub-enable-apparmor: Refactoring. Simplified for Debian jessie. Thanks to the new /etc/default/grub.d configuration folder, the grub-enable-apparmor has been greatly simplified. No longer need to config-package-dev divert /etc/default/grub.

– genmkfile: if debuild not available, recommend installation of the devscripts package

– build script: added fakeroot to whonix_build_script_build_dependency (required for verifiable builds)

– genmkfile: if debuild not available, recommend installation of the devscripts package

– genmkfile: fix, do not set automatically make_use_gain_root_command to true if fakeroot is not installed

– genmkfile: run dpkg-checkbuilddeps before lintian to show better hint if build dependencies are missing

– build script: build-steps.d/1200_create-debian-packages: commented out get_extra_packages, no longer need to download packages from testing

– build script: refactoring, created separate help step, help-steps/git_sanity_test

– whonixcheck: verbose output for check_tor_socks_port_reachability

– all packages: packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support

– lintian warning copyright fix

– tb-updater: show “highest version number is not necessarily the best one” message also on first run if no Tor Browser is installed yet – ⚓ T283 tb-updater's download confirmation screen multiple version numbers info msg not shown on first run

– build script: No longer install acpi-support-base by default on jessie, because systemd now implements that functionality. – ⚓ T284 no longer install acpi-support-base by default on jessie

– whonixcheck: added link to Whonix Build Version documentation systemcheck - Security Check Application⚓ T276 explain Whonix Build Version

– build script: Fix commit 287bdcf6ddee007ba579e3ee9a1997edc8188581 ‘”makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning’ – added –pedantic help-steps/variables.

– all packages: added debian/source/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning – ⚓ T277 genmkfile lintian debian-watch-may-check-gpg-signature build issue

– whonix-setup-wizard, anon-gw-anonyminizer-config, whonixcheck, whonix-ws-start-menu-additions, whonix-host-firewall: added ‘Keywords=’ to ‘.desktop’ files to fix lintian warning ‘desktop-entry-lacks-keywords-entry’ – ⚓ T281 lintian warnings when building packages on jessie

– anon-shared-helper scripts: replaced dependency ‘python-support (>= 0.90)’ with dh-python to fix lintian warning

– control-port-filter-python: packaging, use debhelper with python2 to fix lintian warning

– modify apt-get parameters during build to prevent need to remove apt-listchanges – ⚓ T282 modify apt-get parameters during build to prevent need to remove apt-listchanges

– build-script: refactoring, moved variables DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND from help-steps/variables to buildconfig.d/30_apt_opts

– genmkfile: hint “Is the build dependency genmkfile installed?” if genmkfile is not installed

– genmkfile: hint ‘dpkg-parsechangelog not found. Do you have the “build-essential” package installed?’ if dpkg-parsechangelog is not available

– sdwdate: removed dependency on ruby1.9.1-dev to fix lintian warning ‘E: sdwdate: depends-on-obsolete-package depends: ruby1.9.1-dev’

– whonixcheck: show diagnostic message on whonixcheck Whonix News gpg verification failure by default

– build script: Fix building Whonix on Whonix, fix if lsb_release –short –i returns ‘Whonix’. Temp hack ‘export whonix_build_on_operating_system=”debian”‘ no longer required. Thanks to @nrgaway for the bug report and the analysis. – ⚓ T278 building Whonix11 for qubes-whonix: Package installation errors

– tb-updater: tbbversion_installed parser fix

– anon-meta-packages: removed dependency on libupower-glib1 which is no longer available in Debian jessie (which has been replaced by upower, that already gets installed)

– anon-base-files, whonix-developer-meta-files: implemented WHONIX_BUILD_QUBES=true environment variable support – ⚓ T298 add --target qubes

– anon-meta-packages: whonix-gateway and whonix-workstation package no longer depend on anon-shared-build-fix-grub because it has been made a weak dependency for better physical isolation and Qubes support

– code simplification, removed support for environment variable ANON_BUILD_INSTALL_TO_ROOT=true because anon-shared-build-fix-grub now gets only installed on required platforms

– implemented build parameter ‘–unsafe-io true’, that speeds up builds, that uses ‘-o Dpkg::Options::=–force-unsafe-io’, eatmydata and ignores ‘sync’. – Thanks to @nrgaway for the suggestion! – ⚓ T295 Speedup Whonix 11 build time

– implemented $apt_misc_opts – ⚓ T295 Speedup Whonix 11 build time

– whonixcheck: new –verbose debug feature, showing output of systemd-detect-virt

– vbox-disable-timesync: more robust implementation that is compatible with systemd – ⚓ T106 port Whonix's init.d scripts to systemd

– timesync: compatibility with systemd – ⚓ T106 port Whonix's init.d scripts to systemd

– whonixcheck, msgdispatcher: ported to systemd – ⚓ T106 port Whonix's init.d scripts to systemd

– qubes-whonix: skip rads on Qubes – ⚓ T306 rads skip mechanism

– systemd unit files: workaround/fix, removed spaces from ‘WantedBy = ‘, likely bug in ‘deb-systemd-helper’ that prevents enabling the service by default – ⚓ T316 systemd units are not enabled by default

– created a hellodaemon package, useful for Debian systemd packaging debugging – not part of Whonix – GitHub - adrelanos/hellodaemon: https://www.whonix.org/wiki/Impressum

– whonixcheck: debian/control: fix, added to ‘Build-Depends:’ ‘ruby-ronn (>= 0.7.3)’

– disable torsocks warning spam – ⚓ T317 disable torsocks warning spam

– whonix-libvirt: fixed CI builds

– whonix-libvirt: added driver name=’qemu’ – Thanks to HulaHoop! – Update Whonix-Custom-Workstation.xml by HulaHoopWhonix · Pull Request #20 · Kicksecure/libvirt-dist · GitHub virtio hardcoded by HulaHoopWhonix · Pull Request #19 · Kicksecure/libvirt-dist · GitHub https://github.com/Whonix/whonix-libvirt/pull/18

– anon-meta-packages: added obfs4proxy to anon-gateway-packages-recommended – ⚓ T323 install obfs4proxy in Whonix-Gateway 11 by default

– anon-meta-packages: added apt-transport-tor to anon-shared-packages-recommended – ⚓ T92 apt-transport-tor installed by default

– whonix-gw-network-conf, whonix-ws-network-conf: Removed ‘pre-up /usr/bin/whonix_firewall’, because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – ⚓ T68 use /etc/network/if-pre-up.d/ instead of /etc/network/interfaces to load Whonix's firewall

whonix-gw-firewall, whonix-ws-firewall, whonix-host-firewall: Made package more standalone. Requiring ‘pre-up /usr/bin/whonix_firewall’ in /etc/network/interfaces is no longer necessary. Added etc/network/if-pre-up.d/30_whonix_firewall to load the firewall, because of a Debian upstream bug ‘interface comes up even if a script in /etc/network/if-pre-up.d/ fails’ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – ⚓ T68 use /etc/network/if-pre-up.d/ instead of /etc/network/interfaces to load Whonix's firewall

– whonixsetup, whonix-setup-wizard: fix ‘Tor fails after reload related to torrc DisableNetwork setting issue’ by only restarting Tor, no longer trying to reload Tor – ⚓ T320 Tor fails after reload related to torrc DisableNetwork setting issue

– rads: Improved implementation. When there is enough RAM… On ‘enter’: instantly start login manager. On ‘ctrl + c’: instantly abort and do not start login manager. On ‘timeout’: start login manager. Thanks to ‘dh_systemd_start –no-start’ we can now use ‘StandardInput=tty’ and ‘read’ instead of ‘systemd-ask-password’. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). – ⚓ T57 implement rads (ram adjusted desktop starter) systemd unit

– whonixcheck: abolished random wait by default – ⚓ T299 abolish whonixcheck random wait

– anon-ws-disable-stacked-tor: fixed ‘insserv: script tor.anondist-orig: service tor already provided!’ warning during upgrades – ⚓ T303 anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd, insserv already provided issue

– anon-ws-disable-stacked-tor: systemd compatibility – ⚓ T303 anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd, insserv already provided issue

– anon-base-files: no longer ‘set -o pipefail’ in /usr/lib/pre.bsh. config-package-dev doesn’t like ‘set -o pipefail’ – [config-package-dev] config-package-dev doesn't like 'set -o pipefail'?⚓ T329 do not 'set -o pipefail' in /usr/lib/pre.bsh

– upstream bug report: spaces in Tor’s systemd unit file causes issues – spaces in Tor's systemd unit file causes issues (#16162) · Issues · Legacy / Trac · GitLab

– upstream bug report: Tor dies on reload when swichting to ‘DisableNetwork 0′ when using ‘DnsPort 127.0.0.1:53′ – Tor dies on reload when switching to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53' (#16161) · Issues · Legacy / Trac · GitLab

build script: fix, support ‘–verifiable false’ (was ‘–verifiable minimal’ while build documentation said ‘false’)

– uwt: multi user fix – Whonix Forum

– Qubes: WiFi Realtek RTL8191SEvB Issue and Solution – Redirecting to Google Groups

– whonix-setup-wizard API proposal: Dev/setup-dist - Whonix


[/html]

All running well.

Small details not important but when I choose a bigger resolution in the workstation, the Whonix logo of the local browser page in TBB becomes disfigured.

The networkmanager taskbar icon is not normal, it shows question marks. But it looks better than the red X’s it had before.

Edit:
It could be something to do with using the TBB 5x alpha series

Noticed a bug. Whonix locks the account if not used for some time. This didn’t happen before.

Screen locker in KDE session?
Strange. Mine was running for hours without locking.

Whonix Forum

Screen locker in KDE session? Strange. Mine was running for hours without locking.

Actually I meant to say force logged me out, because the programs I had open were closed when I logged back in.

Whonix Forum

What kind of issue? Just now tested. Haven’t experienced anything unusual.

I was thinking of the resolution fingerprinting mitigation in the alpha series but thats not it. I excluded that by seeing the same problem on 4.5.1

Hes been working for a couple of days, after building 11.0.0.2.3-developers-only. No issue so far.

cool , thnx guys for all of ur efforts. going to test this now :slight_smile:

i have imported the two images of whonix 11 (workstation and gateway) into the virtualbox , but when i want to start any of them , it cant be open and this message will appear:-

[url=http://i.imgur.com/wEJAtWX.jpg]http://i.imgur.com/wEJAtWX.jpg[/url]

i have know the issue , here is how to produce it:-

import for e.g whonix gateway into the virtualbox

after finishing , dont press on “start” instead press on “settings”

change the name from “Whonix-Gateway_1” which is the default name to “Whonix-Gateway 11” or 12 …etc. then after that click on save then press on start = u gonna have the same error.

is “sudo apt-get update” disabled temporarily in the gateway ? c this:-

(btw the repository is tester not stable, i donno if this related or not)

i have tried to make “sudo apt-get update” from the workstation it worked. so i went to the gateway and restarted the system, now “sudo apt-get update” working on both. also i have faced problem with downloading tor in the workstation from “tor browser updater”. similarly i have restarted the workstation then run it again, now working good. i think system updates r playing some rules here regarding to these actions. i think u should check which updates should be default downloaded in whonix 11 to make it run in a correct way.

a minor fixing , hope u can change the taskbar color , from white to any other color like gray for example.

this is eye burning/confusing:-

[quote=“nurmagoz, post:16, topic:346”]a minor fixing , hope u can change the taskbar color , from white to any other color like gray for example.

this is eye burning/confusing:-

http://i.imgur.com/aJvQpaL.jpg[/quote]
It’s Debian’s or KDE’s default. You can change that as per Whonix ™ - Overview. I don’t think we should go through the effort of changing the default as long as this doesn’t become a frequent request.

[quote=“nurmagoz, post:12, topic:346”]i have imported the two images of whonix 11 (workstation and gateway) into the virtualbox , but when i want to start any of them , it cant be open and this message will appear:-

[url=http://i.imgur.com/wEJAtWX.jpg]http://i.imgur.com/wEJAtWX.jpg[/url][/quote]

[quote=“nurmagoz, post:13, topic:346”]i have know the issue , here is how to produce it:-

import for e.g whonix gateway into the virtualbox

after finishing , dont press on “start” instead press on “settings”

change the name from “Whonix-Gateway_1” which is the default name to “Whonix-Gateway 11” or 12 …etc. then after that click on save then press on start = u gonna have the same error.[/quote]
Probably nothing we can do about that. VirtualBox developers aren’t listening.

Certainly not on purpose / not by Whonix default.

(btw the repository is tester not stable, i donno if this related or not)
Most likely unrelated.