Looks nice, however… Not sure vs https://github.com/Whonix/Whonix/issues/318? @HulaHoop
Another thing, should we make shoulder surfing detecting one is running Whonix trivial?
Running on gateway: there is a /usr/share/anon-gw-base-files/gateway as identifier file for that indeed.
ischroot might help to figure out we’re currently in a build process. tb-updater is using that.
(Also a good template for a postinst script.)