Testers Wanted! Whonix 11 ( 11.0.0.3.0 ) - Release Candidate

Development
1

[html]

The version number for this testers-only release is 11.0.0.3.0, which will become Whonix 11 the moment it’s blessed stable.

Major changes are port of Whonix from being Debian wheezy (that is Debian oldstable) based to Debian jessie (that now is Debian stable) based. And port from sysvinit to systemd among other enhancements, see changelog below.

Download link for Virtual Box images (.ova), kvm / qemu images and OpenPGP signatures (.asc):

http://mirror.whonix.de/11.0.0.3.0/

Upgrading Whonix 10 to Whonix 11:

https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

If you want to build from source code, see:

https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:

https://www.whonix.org/forum/index.php/topic,1312

Changelog between Whonix 10.0.0.5.5 and Whonix 11.0.0.2.3:

https://www.whonix.org/blog/whonix-11-testers-wanted

Changelog between Whonix 11.0.0.2.3 and Whonix 11.0.0.3.0:

– tb-starter: Made path to Tor Browser configurable by tb_home_folder variable. Renamed variable home_folder to tb_home_folder to synchronize it with tb-updater. – https://phabricator.whonix.org/T338

– anon-meta-packages: added dependency on ‘gir1.2-gtk-3.0′ to ‘anon-workstation-default-applications’ because ‘mat’ misses it – http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788099Whonix Forum

upstream bug report: mat missed dependency gir1.2-gtk-3.0 – http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788099

– genmkfile: cleanup debian.tar.xz (jessie support)

– tb-updater: output: improved message in case hash verification failed – output: improved message in case hash verification failed · Kicksecure/tb-updater@285cb5c · GitHub

– msgcollector: progress bar initial value fix for Debian jessie – progress bar initial value fix for Debian jessie · Kicksecure/msgcollector@bc26aee · GitHub

– grub-enable-apparmor: backwards compatiblity fix with Whonix 10, restore original /etc/default/grub – https://github.com/Whonix/grub-enable-apparmor/commit/b99978709575365b99bebf4ca3bda129890f7d97

– rads: backwards compatiblity fix with Whonix <= 10.x: backwards compatiblity fix with Whonix <= 10.x · Kicksecure/rads@cf02675 · GitHub

– whonixcheck: fixed Tor Config Check Result issue that was caused by the Tor upgrade; improved output for Tor Config Check Result – Whonix Forumhttps://github.com/Whonix/whonixcheck/commit/bf55af20a5856d8a024a7eb821f5d54692dc5b15

– whonix-legacy: anon-gw-first-run-notice has been deprecated, merged into whonix-setup-wizard, therefore get rid of “/etc/xdg/autostart/gateway_first_run_notice.desktop”; Get rid of “/etc/grub.d/30_apparmor.cfg”, because that file has been moved from /etc/grub.d/30_apparmor.cfg to /etc/default/grub.d/30_apparmor.cfg since the path has changed since release of jessie. – anon-gw-first-run-notice has been deprecated, merged into whonix-setu… · Kicksecure/legacy-dist@9b50b5c · GitHub

– vbox-disable-timesync: Do not try to (re-)start the service after package install/upgrade, because it could fail if kernel was upgraded, which would make the whole postinst script fail. – https://github.com/Whonix/vbox-disable-timesync/commit/f18af1107cedfc50ef06b054d1463835376e0415

– whonixcheck 2.2.1-1 / Whonix 10: stable fix, no longer run test check_tor_config, because it false positively detects an issue since the Tor upgrade – Whonix Forumhttps://github.com/Whonix/whonixcheck/commit/44b8921a214799b2d3e17281b2f4b0ee04643295

– debian-systemd mailing list: cannot extend network-manager unit file by using network-manager.service.d – cannot extend network-manager unit file by using network-manager.service.d

– control-port-filter-python: added apparmor profile

documentation: Improved gpg import instructions. Key fingerprint is now checked before importing the key for better security. – https://www.whonix.org/wiki/Template:Build_Documentation_Get_Source_Code#Get_the_Signing_KeyWhonix ™ Signing Key

– msgcollector: increased MinimumSize so first line of gpg output is not needlessy line broken into two – Whonix Forum

– rads: silence by default when disabled – silence by default when disabled · Kicksecure/rads@270db5b · GitHub

– repository: updated repository as per 11.0.0.3.0

– build script: added grub-screen-resolution and grub-output-verbose as weak recommended packages – ⚓ T354 Add grub-screen-resolution and grub-output-verbose to anon-meta-packages?


[/html]

2

In reason of so many answers i guess i can post here and don’t have to create a new topic.

Did an build from source now and did not run successful.

Build command: Whonix/whonix_build --gnw -- --build --target qcow2 --vmsize 50G --gui none --apps false --arch amd64

Seems the script tries to install the non existent packet linux-image-486

E: Unable to locate package linux-image-486
+ apt_get_exit_code=100
+ true
+ chroot /home/user/whonix_binary/Whonix-Gateway_image sync
+ sync
+ '[' 100 = 0 ']'
+ true 'e[1me[31mERROR: Failed to install linux-image-486. (apt_get_exit_code: 100) Attempting to gather debug output to diagnose the problem...e[m'
+ true 'e[1me[36mINFO: Read output of apt-get trying to install linux-image-486 into a variable for debugging. This may take a while...e[m'
+ local apt_get_exit_code=0
++ chroot /home/user/whonix_binary/Whonix-Gateway_image apt-get -o Dir::Etc::sourcelist=/tmp/empty -o Dir::Etc::sourceparts=/var/lib/whonix/sources_temp_list.d -o Acquire::http::Timeout=180 -o Acquire::ftp::Timeout=180 -o Acquire::Retries=3 -o Acquire::Check-Valid-Until=false -o APT::Get::force-yes=0 --yes --no-install-recommends install linux-image-486
+ apt_get_output='          Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package linux-image-486       '
+ apt_get_exit_code=100

If you would like to have the complete build log, i can mail it. It’s about 3.5 MB.

3

I saw apt-get 100 in case of network issues. Dunno if it also happens in other cases.

Therefore, is this a transient error? Can you try again please? Maybe it was just a flaky network connection and will work.

4

It’s persistent. Did two builds before the post and another after your answer.

The trigger is the “–arch amd64” flag.

Did another build with Whonix/whonix_build --gnw -- --build --target qcow2 --vmsize 50G --gui none --apps false last night and it was successful.

5

Confirmed.

As a workaround you can add the following two options in meanwhile.

I.e. in your case the full build command will be.

6

The workaround will no longer be required in Whonix 12 because it’s fixed there.

Fixed,broken build when using '--arch amd64' that failed because the linux-image-586 package is no longer available on Debian jessie for amd64. From now, when using '--arch amd64' while '--kernel' and/or respectively '--headers' is unset, the build script will automatically default to "--kernel linux-image-amd64" and/or '--headers linux-headers-amd64' respectively.
https://github.com/Whonix/Whonix/commit/ce54d634da5c9d01706d085a7eda2a0d36f3d165
7

Why in the world would systemd get picked over SysV init system?

The choice inspires an emacs/vi level of rancor and I’ve only just started to pay attention to this, but it seems to me an older, well understood method trumps something that is new/developing.

8

From Whonix perspective, the best reason is perhaps, that Debian switched to systemd. So it will be better maintained than sysvinit over the years to come. There are other reasons, but I don’t see a useful positive outcome of debating those.

9

Hello,

I’m hoping someone can provide some insight and/or help with a persistant fatal error that prevents building this release tag (among others) across multiple platforms. I’ve tried building whonix 11 virtualbox images within a fresh Debian 8 instance, a Debian “wheezy” (oldstable) instance, & within whonix itself --all being entirely clean installs-- only fail with this same issue with packages/sdwdate:

fatal: reference is not a tree: cb69ced8ef084b723eace651a3db04b080c4fab6 Unable to checkout 'cb69ced8ef084b723eace651a3db04b080c4fab6' in submodule path 'packages/sdwdate'

and this did also fail in the exact same way when using the ‘expirimental’ faster method of checking out the git submodules. This is unquestionably an issue with how the package is being referred to in the github repo… b/c when you click on the sdwdate package in your browser it immediately resolves to the imfamous 404 page not found we’ve all come to know and love.

what can we do to make the sdwdate package appropriately directed for the build script?

and help is greatly appreciated! and don’t hesitate to ask me for further details or any other information that could be of relevance :]

10

Messed up master. Forgot to push that package. Should work now. Please try.

(Would have been possible to recover from this issue, by checking out the tag first and fetching submodules then. Documentation is lacking here.)

11

[quote=“Patrick, post:10, topic:1145”]Messed up master. Forgot to push that package. Should work now. Please try.

(Would have been possible to recover from this issue, by checking out the tag first and fetching submodules then. Documentation is lacking here.)[/quote]

ahh yes! thank you sir.
everything looks in order now…restarting my whonix 11 building efforts now…and i’ll be sure to report back on the results!
:]

cheers,
rc

12

The AppArmor profiles in Whonix stable repository do not seem in sync with the ones in Whonix master. whonixcheck, timesync, sdwdate, torbrowser… fail. Had to reinstall them from source.

13

I went from a fresh install with Virtualbox portable. No problem at all to import the both .ova, But change keyboard layout is not possible. sudo dpkg-reconfigure keyboard-configuration is ok when I’m choosing french languauge for the keyboard layout.
Then a dpkg-reconfigure console-data is ending with a NULL configuration when I try to setup an azerty Logitch Optical keayboard.

I understood Whonix is in English, and it is not disturbing me more than this, but a azerty keyboard with a qwerty conf is a little bit annoying :wink: Don’t you think so ?

Where is the thigamma then ?

Dji

14

[quote=“Dji, post:13, topic:1145”]I went from a fresh install with Virtualbox portable. No problem at all to import the both .ova, But change keyboard layout is not possible. sudo dpkg-reconfigure keyboard-configuration is ok when I’m choosing french languauge for the keyboard layout.
Then a dpkg-reconfigure console-data is ending with a NULL configuration when I try to setup an azerty Logitch Optical keayboard.

I understood Whonix is in English, and it is not disturbing me more than this, but a azerty keyboard with a qwerty conf is a little bit annoying :wink: Don’t you think so ?

Where is the thigamma then ?

Dji[/quote]
Saw this already? Change the System or Tor Browser Language

15

It should have the very same versions as 11.0.0.3.0.

“stable” is ambiguous here. Because choosing stable in Whonix 10 results in “wheezy” and stable in Whonix 11 results in “jessie”.

Using 11.0.0.3.0?

/etc/apt/sources.list.d/whonix.list contains “jessie”?

16

It is OK now, with the second build of 11.0.0.3.0. Had many problems, not related to Whonix.

17

There is an explanation, though. At the first installation of Whonix 11.0.0.3.0, I had selected the testers repository in whonix-setup-wizard. Just retried for confirmation, the profiles are outdated in the testers repo.

18

Yes, this is non-ideal. The testers repository still contains packages for wheezy based Whonix. Updating the testers repository before we recommend to upgrade to jessie would cause trouble.

19

my builds have gone successfully!
and running without a hitch…so far the 11.0.0.3.0 testers rc is good over here

best,
RC