Whonix 14.0.0.0.7 developers-only

https://download.whonix.org/linux/14.0.0.0.7/

Networking is broken. No network cards detected on either gateway or workstation. This might be because network interfaces are no longer named eth0 / eth1 but otherwise.

See Predictable Network Interface Names:
https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/

This might be a good chance to port from ifupdown to systemd-networkd.

Many things are obviously broken. Upgrading these images will not be supported. They’re only useful for development purposes and supposed to be trashed when new images are out.

VirtualBox only.

Building the git tag 14.0.0.0.7 developers-only from source code should work.

These are 64 bit (amd64) images, based on Debian stretch and KDE plasma 5.

(VirtualBox import says 32 bit Debian, but that is just a cosmetic bug that will be fixed in next release.)

Is systemd guaranteed air-tight for failing closed and not leaking packets? IIRC you reported something to upstream on these lines?

IIRC you reported something to upstream on these lines?

That was ifupdown in wheezy or so that did not fail closed when the pre hook (that we set to Whonix firewall) failed or so, not systemd-networkd.

Is systemd guaranteed air-tight for failing closed and not leaking packets?

Getting a network card up is not a that complex task. Theoretically it could have bugs such as using dhcp even if configured to use static networking.

The conservative approach is to stay with ifupdown since it’s long term stable and - speculation - slower changing target compared to systemd-networkd.

systemd-networkd could have some features we don’t want. Requires research.


As for Predictable Network Interface Names we most likely want to disable them.

With Predictable Network Interface Names on VirtualBox Whonix-Gateway:

  • eth0 became enp0s3
  • eth1 became enp0s8

With Predictable Network Interface Names on VirtualBox Whonix-Workstation:

  • eth0 became enp0s3

I would not be surprised if these have different names in KVM and Qubes.

Currently eth0 and eth1 are hardcoed in various Whonix components.

  • whonix-gw-firewall
  • whonix-ws-firewall
  • whonix-gw-network-conf
  • whonix-ws-network-conf
  • control-port-filter-python
  • whonixcheck
  • qubes-whonix

All of these components would have to read these values from some config. With platform specific differences this is absolutely horrible. Would be even more horrible if the same different virtualizers produce different network interface names depending on host operating system and virtuzalizer version.

I am currently searching for a way to disable Predictable Network Interface Names in a clean way:

  • without a kernel parameter (may be unreliable, grub dependent)
  • without a symlink (cannot be commented) (only one package can own the symlink, what if Qubes also wants to set that symlink)
  • using a drop-in


Closed in favor of the new thread.

https://forums.whonix.org/t/whonix-13-0-0-1-4-developers-only