Whonix 14.0.0.4.8 developers-only

Patrick · September 1, 2017, 10:51am

https://download.whonix.org/linux/14.0.0.4.8/

Completely untested.

Patrick · September 3, 2017, 12:00pm

Patrick · September 3, 2017, 12:00pm

Patrick · September 3, 2017, 12:01pm

sudo aa-enforce /etc/apparmor.d/usr.lib.onion-grater
sudo systemctl restart onion-grater

Patrick · September 3, 2017, 12:02pm

related, reminder:

https://forums.whonix.org/t/whonix-14-debian-stretch-apparmor-related-changes

Patrick · September 3, 2017, 12:37pm

Patrick · September 3, 2017, 12:49pm

Manual fixup required until next version:

sudo mv /lib/systemd/system/onion-grater.d /lib/systemd/system/onion-grater.service.d

sudo systemctl daemon-reload

Patrick · September 3, 2017, 12:52pm

Path fixes for next build are here https://github.com/Whonix/Whonix/commit/931f1a2c2a2802aa7affcf8413c238aee13c449d.

JasonJAyalaP · September 4, 2017, 9:01pm

I’ll build 14.0.0.4.9 as practice with the fix

JasonJAyalaP · September 4, 2017, 9:32pm

Ah, but I will need a tag. Should I let you do that or try it myself?

Patrick · September 5, 2017, 9:59am

JasonJAyalaP:

Ah, but I will need a tag. Should I let you do that or try it myself?

Try.

Patrick · September 7, 2017, 2:44pm

Fixed a build issue. (My environment had VirtualBox already installed. Build script only builds without failing to install VirtualBox on build machine with this fix.)

https://github.com/Whonix/Whonix/commit/58a1d98fcc2c3c3e4465387c050e2ee34b5a70bc

iry · September 18, 2017, 8:59pm

NOTE: If my questions are actually lagging the development process, instead of helping it, please just ignore them. I do not want to block the development process because of my “personal” questions.

For clarity, for Qubes users who would like to test Whonix 14.0.0.4.8, they can just follow this Wiki page, correct?

In wiki:

TODO: Skip the following. (Just a reminder to update this in future.)

This is a little bit confusing to me. Could you explicitly say which command(s) should be skipped please? Thank you very much!

Remember to store the terminal (Konsole) log. (File → Save Output As)

I have doing the upgrade for several times, but every time I attempted to save the log, Konsole would crash. Is there a better way to avoid this?

Another issue is, sometimes even if the upgrade seems to be successful, later when doing a template update, it will stuck at requiring information from repositories. Did I do something wrong?

The problem does not happen when upgrading from a Whonix13 AppVM. But have happened when upgrading from a Whonix13 Template for several times.

Is the following manual configuration required after doing all the instructions in that wiki page? Or how one should get all the fixes after that?

Patrick · September 18, 2017, 9:17pm

iry:

NOTE: If my questions are actually lagging the development process, instead of helping it, please just ignore them. I do not want to block the development process because of my “personal” questions.

For clarity, for Qubes users who would like to test Whonix 14.0.0.4.8, they can just follow this Wiki page, correct?

Release Upgrade

Yes, if that works.

In wiki:

TODO: Skip the following. (Just a reminder to update this in future.)

This is a little bit confusing to me. Could you explicitly say which command(s) should be skipped please? Thank you very much!

Just the following line. Just skip sudo whonix_repository --enable --codename stretch.

Remember to store the terminal (Konsole) log. (File → Save Output As)

I have doing the upgrade for several times, but every time I attempted to save the log, Konsole would crash. Is there a better way to avoid this?

That’s strange. First time that’s reported. Another terminal emulator
that supports unlimited log?

If it goes through without error then there is not so much need to keep it.

Another issue is, sometimes even if the upgrade seems to be successful, later when doing a template update, it will stuck at requiring information from repositories. Did I do something wrong?

I need to see the messages.

The problem does not happen when upgrading from a Whonix13 AppVM. But have happened when upgrading from a Whonix13 Template for several times.

Is the following manual configuration required after doing all the instructions in that wiki page? Or how one should get all the fixes after that?

Patrick:

sudo aa-enforce /etc/apparmor.d/usr.lib.onion-grater
sudo systemctl restart onion-grater

Patrick:

Manual fixup required until next version:

sudo mv /lib/systemd/system/onion-grater.d /lib/systemd/system/onion-grater.service.d

sudo systemctl daemon-reload

This is still required.

iry · September 23, 2017, 12:30am

The following operations were done after doing:

Got the following error:

ERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.

Got the error:

mv: cannot stat ‘/lib/systemd/system/onion-grater.d’: No such file or directory

Actually, /lib/systemd/system/onion-grater.service.d does exist?

Patrick · September 23, 2017, 12:40pm

iry:

The following operations were done after doing:
Release Upgrade

Patrick:

sudo aa-enforce /etc/apparmor.d/usr.lib.onion-grater

Got the following error:

ERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.

So apparmor isn’t enabled for some reason. Not great, but then apparmor
won’t block you either.

Patrick:

sudo mv /lib/systemd/system/onion-grater.d /lib/systemd/system/onion-grater.service.d

Got the error:

mv: cannot stat ‘/lib/systemd/system/onion-grater.d’: No such file or directory

Actually, /lib/systemd/system/onion-grater.service.d does exist?

Does /lib/systemd/system/onion-grater.service.d already exist? Then
it’s alright.