@Cerberus,
so update-locale is indeed installed.
When you get the error when running outside the build script, you will also get that error when running the build script. Doesn’t make sense to re-run that build step before fixing that error when running that command manually.

This also could be a bug in update-locale, not being able when installed with en_GB to reset to en_US.

I still have it all saved here. en_GB:en is probably due to the fact that I selected United Kingdom as my region/locale during install just as advertised at the wiki.

I think this was a mistake in the instructions.

[code]user@host:~$ cat /etc/default/locale # File generated by update-locale LANG="en_GB.UTF-8" LANGUAGE="en_GB:en"[/code]

Should probably be:

cat /etc/default/locale
#  File generated by update-locale
LANG=en_US.UTF-8

Also the selected locale shouldn't break the script (be it French, German, US, whatever) if you ask me.

To keep things simple and maintainable, Physical Isolation build is very similar to VM builds. For VM builds, en-US seems to be the best available choice. Also while building, it's best if we all use very similar choices expect for passwords of course. From anonymity set perspective, using en-US also seems best choice. What kind of settings you change after build is up to you, that script won't interfere with what you set up later.

Any other input needed?

No.

Did I miss something important?

No.

What I recommend for now… Try very little effort to manually fix the update-locale error. Perhaps by deleting/changing /etc/default/locale, running “locale-gen”. Then manually re-run this build step. Then manually run the missing build steps. If all worked well, start fresh and run the build script in one run.

Aren’t we using en_US though?

Only the country is set on UK. Instruction set the keyboard is American English.

@Occq, adrelanos
I deleted #60 (was #60 actually) as the 2000 lines of logs contained slightly identifying hardware infos. obviously adrelanos missed my request to delete it. If you want the logs again, I’m willing to share these by pgp-encrypted email but not on a public forum. let me know.

@adrelanos
is this info forever gone from the server if i click “remove”? sorry, but this isn’t a ubuntu forums and i’m really not cool with sharing build logs that way. let’s find a more secure solution for this please.

On a fresh build, installed as instructed in the previous versions on the guide (UK/American English).

user@host:~$ cat /etc/default/locale

File generated by update-locale

LANG=“en_US.UTF-8”

I might be biased here but it looks that GB/ETC/American English is a totally valid choice, in terms of usability and blending in.

I saved the logs Cerberus.

OOPS.
That was preseed installation.

Now, in physical isolation instructions we do.

Not any longer.

Not any longer. Set this to “choose yours”. We never asked to set keyboard to American English before (checked wiki history). I don’t know why it has been changed to American English. I see no need for that requirement. Setting keyboard to a layout which isn’t your real layout can be very frustrating.

[quote=“Cerberus, post:63, topic:67”]@Occq, adrelanos
I deleted #60 (was #60 actually) as the 2000 lines of logs contained slightly identifying hardware infos. obviously adrelanos missed my request to delete it. If you want the logs again, I’m willing to share these by pgp-encrypted email but not on a public forum. let me know.[/quote]
I got the log. Don’t think it’s required again.

[quote=“Cerberus, post:63, topic:67”]@adrelanos
is this info forever gone from the server if i click “remove”?[/quote]
I don’t know about the forum database.

Solution #1, figure out parts that should not be in the log and remove them in the code for Whonix 8 + 1. I commented out the “df -h” part already in git.
Solution #2, gpg encrypted mail. (Contact - Whonix)

[quote=“Occq, post:64, topic:67”]On a fresh build, installed as instructed in the previous versions on the guide (UK/American English).

user@host:~$ cat /etc/default/locale

File generated by update-locale

LANG=“en_US.UTF-8”

I might be biased here but it looks that GB/ETC/American English is a totally valid choice, in terms of usability and blending in.[/quote]
I would like to say something about the keyboard setting I used, but again, this isn’t for public consumption.

Send a signed email with your public key and we can share this information. My public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGiBFL7NoERBADpLRrS2y/sus9juZF4bRSwZOpx4li5GR8pB/WNK5iZMgmiW7RU
NleTWFyyStrjxx9vcbqFOnxMDUlHYqdaYamHCZ7WwwrDMSmnSfMmi6/OWakl7Lh8
2jItxJx/FQLGzisVJz7duijOU7d3uuj4kvw9iI1N3z1538jD7Lw3c7Ai8wCgv+yw
g5vKvKp9XJQoMxWCYJRU/7kEAIiMpsDo1myA4KQuPWSjL118WtPnmpmJ76stWp2c
h/xvVNDXsopLsiGWeI5ad5EfPGiDW9OMuhQDt01EoeJur9sVpvctugltXLqYLKDq
PAnYQZgIrxnllgJjfTAISGaq4Vrp7jF44VwV+SYCZbUhRl9otfw4v2vRjd06iLug
0/0kBADHKH6uypwOsGEtnUedrKIGcm7WFGdJv8c+VZFaTh9cfEgVj2PWzmS+HUfp
g/bQSXeA6WjtR8ckvCUM0ZytDQV7t+M7kMyOpa0Bsd16B6cFBfFzMutnZe+Sw9p5
Bm43WcJptK7sK7v/rHeclTXMVVVhvxgURxoKZ+KEMA0nppoyr7RNc2l3dXd5a2lz
ZWVxbmV6cWJ4NHlAcHJpdmF0ZGVtYWlsLm5ldCA8c2l3dXd5a2lzZWVxbmV6cWJ4
NHlAcHJpdmF0ZGVtYWlsLm5ldD6IYQQTEQoAIQUCUvs2gQIbIwULCQgHAwUVCgkI
CwUWAgMBAAIeAQIXgAAKCRBixX0bFHtkNVRwAKC6heDM4bBbEVTSotFYhqZGkr4i
DgCeMUa6Ks+chsMztNz6InAC2D5aqim5Ag0EUvs2gRAIAOIOR3VLF4GlC746IrXh
74UpFjdOcsoRwS49KtWjja1jCmS47qU2xEsc8u/VPdq5OgfMvaY/ezSI8r7crsz9
T2qt1HqCiQHQIH5K6UOMhKsRevmU32dGRCGNuOl2/uKEaXf3MgGUUBm4IdYCRx8O
nJkJS7oUdzIFyhpdIKqiOMJmek7O7aeLF7XQdPPgu3aT9brt2hlur+c8/ggfmA36
d9fECpqMIqT+GHayXvQvrG5ChaH/gDlrJoG8I4GgY/2k0Up/ZA94VlRqW/tIETmy
NFuPbIYL5RSzG4l/YW9gR/T5hpSnb48d3G2I9Is+/0XDG1MJDvohZvjk6O03rXmA
B0MAAwUIAKGJNywfK58p0s23TBmLZmaUhdiYDbYFUMfZjW+YZhVKi9cnv6Cfk5BR
1rgx1yLjSh6BBtqC+Rutn/kyp3ai2NBIKXfWROkUnvfGa4msXmZBk/vS24gX3woY
FHx/ItnTYmQfcvwJJ+c88TleZhlK7PTznfTLWQBx3L5L4JKRtPea2YANyf1Cg1gR
f2f8xRi5MRODUna0CfCioO9jWGIf2ebHdiFmeDFn4Kl8DUSCqk1AKOGrJD8aVb7a
LnCbJnb5RwaJobtvMu4u7Zd3AeclEcoJ15ecnJ5FRiX9zWEOkcwMoCE2Yxt/12hr
v2KG2fiWxdKI+koRiSMTgjQv/G3prAWISQQYEQoACQUCUvs2gQIbDAAKCRBixX0b
FHtkNduQAKCONCT1M5zRM7U+zR+93RzKs4v6bQCdFQZXvacI6FUFf1z+Ar6wkdKC
d6g=
=5AUs
-----END PGP PUBLIC KEY BLOCK-----

I saved the logs Cerberus.

I see, #60 deleted by now.

It seems I was wrong.

My apologizes for the faulty instructions.

[quote=“Occq, post:64, topic:67”]On a fresh build, installed as instructed in the previous versions on the guide (UK/American English).

user@host:~$ cat /etc/default/locale

File generated by update-locale

LANG=“en_US.UTF-8”[/quote]
This is strange…

Not that the keyboard layout choice matters, but I don’t see how GB and American English are related.

About keyboard layout: why American English instead what the user actually has for a keyboard? Buying an US keyboard might make sense for hardcore security against online threats. For non-US countries, having such a physical keyboard around isn’t so great for physical attacks. Discussing this would be worth another topic. And documenting this being worth noticed in Advanced Security Guide - Whonix.

As for en-US vs en-GB also see Reply #59.

@Cerberus, I stored your gpg key.

[quote=“Occq, post:68, topic:67”]It seems I was wrong.

My apologizes for the faulty instructions.[/quote]
Nevermind. I am happy your work.

@Cerberus, riseup currently down. Can’t send mail right now.

that cat entry is wrong (edited it).

I forgot that my latest installations are done through preseed.

d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8

From that error I gained some wrong insights.

American English was chosen because I thought the majority of users have those settings. Thinking back, UK/American English is probably not that common.

I don't know about the forum database.

may you please make sure that it gets wiped then? I would really like to contribute to Whonix testing with logs and everything. Shared with a small group but doing this on a public forum is stupid to say the least. Wouldn't want to be too paranoid but (1) posting the log was never needed as it's perfectly clear that it's your script that's failing, not me - other than you assumed for the last 36 hours + 3 failed build runs ("locales" certainly is installed) and (2) I do not have control over your database and I do not want that information in there. So, if possible, please wipe it.

No offense intended here (really) but this testing session just isn’t worth it from my perspective. Let’s change some parameters and I’m gladly in. That is to say: (1) exchanging logs by encrypted means (pgp, otr, whatever else) and (2) taking reports about failing scripts seriously. I heard several times during the last two days, that something stupid (“locales” not installed, possible typo, etc.) is the reason for a failing script while it’s the stupid script itself that’s failing (sorry, again, no offense intended really).

hope you don’t mind my response but this needed to be said after 2 days of failures due to a faulty script and especially due to my log, presumably, in your database (something that wouldn’t be needed anyways as the actual build error is more than clear). Honesty is the best policy here I guess - with all due respect.

EDIT: I’m really sorry if this sounds harsh. It’s not at all meant that way, but - in all honesty - I can’t stand the testing procedure as is due to the reasons outlined. I hope we get in sync again and continue to be productive.

My apologies to you too Cerberus. I wrote to set the country as UK and that, it seems, broke the script.

We need a certain form for reporting build errors.

Maybe this.

:::::::::::::::::::::::::
If you are having problems, share the following:

Are you building in a VM or not?
On what (guest) OS are you building?
Which git tag?
Workstation, Gateway, bare metal option?
Share you build log file (through someSecureOption)
::::::::::::::::::::::::::::::::::::

I have to disagree there.

Posting the log is an essential diagnostic tool. Sure, the script failed but why it failed can only be seen from the log. Without it we’re are all just guessing.

No problem. Not needed currently. Thanks for saving the GPG key. Could be needed for further testing.

Really, no worries here. We all make mistakes. I’m more pissed about not taking thorough testing seriously, like mentioning stupid things like “locales” not installed, possible typos etc. as a possible reason for failure if it’s the script, the instructions or something related.

We need a certain form for reporting build errors.

Maybe this.

:::::::::::::::::::::::::
If you are having problems, share the following:

Are you building in a VM or not?
On what (guest) OS are you building?
Which git tag?
Workstation, Gateway, bare metal option?
Share you build log file (through someSecureOption)
::::::::::::::::::::::::::::::::::::

Agreed!

[quote=“Occq, post:75, topic:67”]I have to disagree there.

Posting the log is an essential diagnostic tool. Sure, the script failed but why it failed can only be seen from the log. Without it we’re are all just guessing.[/quote]
I disagree here. The few lines I posted in #40 perfectly identified the reason for the failing script. I selected them due to this fact as an excerpt after all. Posting 2000 lines with potentially identifying information on a public forum was not required. Also the error could have been identified way earlier if one wouldn’t concentrate on (im)possible silly user mistake like not being able to read two pages of build instructions. I mean, due to the pseudonymity involved on these forums we cannot be sure with whom we’re dealing with. I mean we cannot share how much experience we have, background, etc - if we could, we wouldn’t need to assume pebkac. I won’t tell you too much here, but I can 100% assure you, that pebkac isn’t very likely if I test something Linux-related due to experience. Git isn’t in my skillset I have to admit. SVN is. Thus I stumbled over the commit issue earlier on.

Success! After re-installing with Region “United States” the build went through. So, I’m reporting a finished build of Whonix-Gateway, bare-metal on bare metal, terminal-only here, 7.7.8.9.

Now, while it messed up my network configuration (deleted my encryption settings), I guess I’ll be able to fix that manually.

That said, I have a question: During build I opted in to enable APT repository. After reboot whonixsetup asks me if I want to subscribe to stable/testers/developers repo. What am I supposed to do here? testers I assume? or even developers? does it need to be switched to stable later on or how does that work? I searched for documentation but haven’t find sufficient information. I’m going to look through the repo to find out. I guess making the wrong choice here would be fatal due to Debian stable/testing. I’m taking the chance and will select testers for now. Any feedback here?

Thanks!

EDIT: Selected stable repo for now - until I’m told to select something else. I guess it won’t downgrade or something. Managed to fix the network configuration. Seems to work.

may you please make sure that it gets wiped then? I would really like to contribute to Whonix testing with logs and everything. Shared with a small group but doing this on a public forum is stupid to say the least. Wouldn’t want to be too paranoid but (1) posting the log was never needed as it’s perfectly clear that it’s your script that’s failing, not me - other than you assumed for the last 36 hours + 3 failed build runs (“locales” certainly is installed) and (2) I do not have control over your database and I do not want that information in there. So, if possible, please wipe it.[/quote]
I and perhaps fortasse (webmaster) as well know as much as smf forum database as you do. If you tell us, how to do that, it can gladly be done. I’ve spend an hour already figuring out how to do it. Well, learned one thing or another in meanwhile. Seems like no one else on search engines ever asked how to do it. (And I doubt it’s so trivial no one needed to ask.) I asked fortasse and stackexchange. With some nagging others it may be possible. If you want to speed up the process: 1. install smf locally 2. post something 3. delete it 4. check the database 5. delete from database 6. tell us how you did it.

No offense intended here (really) but this testing session just isn't worth it from my perspective.

Sad to hear.

Let's change some parameters and I'm gladly in.

What parameters?

That is to say: (1) exchanging logs by encrypted means (pgp, otr, whatever else) and (2) taking reports about failing scripts seriously.

There is pgp e-mail available. Linked on the contact site. And I guess you overestimate those uuids. Those aren't hardware serials, they're software uuids. If you figure out how, you can change them without re-installation. They're gone after re-installation.

I heard several times during the last two days, that something stupid ("locales" not installed, possible typo, etc.) is the reason for a failing script while it's the stupid script itself that's failing (sorry, again, no offense intended really).

Any command that exits with an unexpected exit code is considered a failure and the script exits. This ensures integrity of the build. This isn't a game, where small differences in the gameplay don't matter. Whonix makes these things uniform, i.e. timezone, username, hostname as well as locale. In case later any custom installed application leaks it, you're in the Whonix (and in many cases Tails etc.) anonymity set and better off.

Whonix 8 + 1’s build script will have an undocumented feature to continue in case of unexpected exit codes.

hope you don't mind my response but this needed to be said after 2 days of failures due to a faulty script

Well, the physical isolation instructions are meant to be used by advanced Linux users. It can probably never be convenient and simple. Advanced Linux users as well as testers require a high frustration tolerance. Welcome to Free Software development. And you can always claim your money back, if you're not satisfied.

Honesty is the best policy here I guess - with all due respect.

Honesty is fine. And I don't easily take offense, because I am not convinced of the hypothesis of free will.

I’ve read the http://producingoss.com/ book by Karl Fogel. He advises to treat users as developers as well. I can’t provide the quality of robustness and simplicity you’re asking for. And without any help of testers, it would be simplest to just drop support for physical isolation at all.

But for my defense, I guess there are worse build environments.

How to build a Debian/Ubuntu installer cd from source code? I haven’t even found instructions on how to do it. Then I asked on stackexchange, and no one else knew either. Well, would I have been more serious about it, i.e. by meeting up with Debian developers, they would have probably told me.

Did you try to build Tails from source code? Last time I checked, their git repository was several gigabytes big. And since their forum and website shares the same git repository, it is difficult to keep up with changes they make in git, because most changes were simply irrelevant (website, forum). You need to build using squeeze (which I consider obsolete) and manually install build dependencies using backports (there is no script to automate it). And when you finally have your build environment, it requires a vagrant box (a virtual machine). So building Tails within a virtual machine is difficult, since you would have to build inside a nested VM. That vagrant box is a binary box based on Ubuntu. I didn’t want to use their binary box, not because I distrust it, but because I really wanted to build from source code for the sake of it. And I didn’t want to use a Ubuntu box, because I don’t trust and choose to boycott Ubuntu since they started messing up with amazon data leaks. And they have no instructions on how to build that vagrant box from source. So I would have required to learn vagrant first, then I gave up.

I do my best to do better. And I am not there yet where I want it to be.

[quote=“Cerberus, post:77, topic:67”]That said, I have a question: During build I opted in to enable APT repository. After reboot whonixsetup asks me if I want to subscribe to stable/testers/developers repo. What am I supposed to do here? testers I assume? or even developers? does it need to be switched to stable later on or how does that work? I searched for documentation but haven’t find sufficient information. I’m going to look through the repo to find out. I guess making the wrong choice here would be fatal due to Debian stable/testing. I’m taking the chance and will select testers for now. Any feedback here?

Thanks!

EDIT: Selected stable repo for now - until I’m told to select something else. I guess it won’t downgrade or something. Managed to fix the network configuration. Seems to work.[/quote]

Choose stable/testers/developers as you wish. You an always switch from one repository to another. Stable is supposed to be the most convenient, most stable, least contributing one. It won’t downgrade from testers to stable, though. Since the whonix_repository tool only configures up apt-key and apt sources.

Stable has least chance of breaking down. Stable is currently providing Whonix 7 packages. Fortunately, apt-get/dpkg won’t downgrade by mistake.

Testers is the same as this thread currently, testing things with the community before it gets migrated to stable.

Developers is just for me at the moment. I’ll upload my test packages there, test them on one and another machine. If they badly break, i.e. if they manual fixing is required afterwards, those won’t be migrated to the testers repository. When I am confident, they’re working well enough, they are migrated to the testers repository.

This has nothing to do with Debian stable vs Debian testing. The Whonix repository only provides Whonix’s Debian packages (Debian Packages - Whonix).

Please tell me if this answers everything.

Seems indeed undocumented. Should be added here:

We can do this depending on how much other questions this may raise.

I and perhaps fortasse (webmaster) as well know as much as smf forum database as you do. If you tell us, how to do that, it can gladly be done. I've spend an hour already figuring out how to do it. Well, learned one thing or another in meanwhile. Seems like no one else on search engines ever asked how to do it. (And I doubt it's so trivial no one needed to ask.) I asked fortasse and stackexchange. With some nagging others it may be possible. If you want to speed up the process: 1. install smf locally 2. post something 3. delete it 4. check the database 5. delete from database 6. tell us how you did it.

Thanks for that. Do you still have the 2000 lines of log I posted? If so, please send it back to me by email. I deleted it already and to make sure there's nothing in there, I'm going to read it whole through, manually. If there is something identifying in there, I'm getting back to you, if not, screw it. I'm not talking about the uuids in particular (I know that these are gone after re-install) but after spotting them, I thought: omg! mac addresses maybe? I guess you understand where I'm coming from.

What parameters?

(1) posting logs that I'm not 100% certain (may) contain hardware ids by pgp/otr, by encrypted means. I mean, you know your build scripts, I do not. I'm just seeing that they're very verbose and I haven't checked 2000 lines of logs for hardware ids. If you can assure me that there are no hardware ids in there (not uuids) then fine. If not, I would prefer to have a look at again and then we can forget about it. (2) I dislike not being taken seriously. I like Whonix and I would even contribute much more (if appreciated) but if I tell you that I haven't made a pebkac mistake (like forgetting to install "locales", checking out the wrong branches, typos in my modifications, etc.), I dislike being asked for another and another time. There is a reason I say that the build script is failing and it's not me as I have very carefully examined (in this very specific case) if it's my mistake before even posting that it's failing. (to 2) being treated like a user/newbie, call it whatever you like - instead of a peer - contributed very much to a 2-day build-horror that could have been avoided if my very first mention of locale failing would have been taken seriously, looked at, thought about why it's producing errors. At the end of the day, the build instructions were plain wrong (UK) and nothing on my part and building this beast three times in a row on bare metal hardware with 3 re-installs is pita (unnecessary pita).

There is pgp e-mail available. Linked on the contact site. And I guess you overestimate those uuids. Those aren't hardware serials, they're software uuids. If you figure out how, you can change them without re-installation. They're gone after re-installation.

I commented on the uuids. I know what a uuid is (again, I'm not stupid) but seeing uuids in there at least implicates that mac addresses may be in there as well. Again, you know what your script logs, I do not. If other people carelessly post thousands of lines of logs to public forums without being aware of the actual contents, fine, I'm not and due to not reacting at me first mentioning of the locale fail, I was more or less forced to post it to not test a week with fail after fail. I hope you understand my point here.

This isn't a game, where small differences in the gameplay don't matter. (...) Advanced Linux users as well as testers require a high frustration tolerance. Welcome to Free Software development. And you can always claim your money back, if you're not satisfied.

How to comment here? I put it that way: would you contribute to a software project were you need to build something four times in a row, be treated like stupid: "Welcome to Free Software Development"? < trust me, I'm way longer in the free software world than you (presumably) are and do not like to be treated arrogant. OK? Fact is, a volunteer tester loses 2 full working days to test your build, get questions asked like "are you sure you're not stupid and can read English?", i.e. have you installed "locales" - you asked me several times this question, last time via a command I understand (no worries), typos, faulty modifications ... at the end of the day it's nothing of that but your instructions and/or your script. If you want to work like that, fine, I can contribute to other projects then. If you'd like to start to talk to me respectfully, I'm gladly in.

Most likely (at least part of the story) we get into conflict here as writing is such a bad medium for something like that. I can tell you that I do not feel treated the way I want here. Re-read what you said, especially the last quote and several other things along those lines - the tone is important here (I know my tone isn’t cool as well at the moment). Anyways, I hope we get in sync again as I’m not at all interested in this to be honest but in productive contribution (I’m sure you’re on the same page here).

To sum up: I make mistakes as everybody does but if I assure you that I did something correct, please do not ask me another and another time the same thing and let me re-install an OS 3 times. You know, I very much know what “sudo which update-locale ; echo $?” actually means. The very same as “do you have “locales” installed”? - are you kidding me? It’s a nice try, but you need to try harder here or better stop it and treat contributors like peers, not idiots.

Feel free to get rid of any bad emotions. Same opportunity for both of us. If you want to, let’s shake hands afterwards - my preferred outcome here.