Whonix 14 release blockers - status of Whonix 14 development

torjunkie · April 25, 2018, 8:09am

Related -> Qubes-Whonix 14 Salt Issue

I presume the anon-vm tag and salt issues for configuration / downloading of new Whonix 14 templates are the only blockers for Qubes-Whonix 14.

Since the salt issue has stalled, it might be helped along by this individual below (vic viq), who claims to be a salt expert and has put his hand up to help in the qubes-devel forums during the last week ->

https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-devel/EfQCiYcnc4g#!topic/qubes-devel/EfQCiYcnc4g

Suggest you call on this offer.

Patrick · April 26, 2018, 8:07am

torjunkie:

Related → Qubes-Whonix 14 Salt Issue

I presume the anon-vm tag and salt issues for configuration / downloading of new Whonix 14 templates are the only blockers for Qubes-Whonix 14.

Yes.

Also…

https://phabricator.whonix.org/T781
https://phabricator.whonix.org/T726
(might be duplicate)

All tasks (but these are less important, shouldn’t block release):
https://phabricator.whonix.org/maniphest/query/m5ldmi_.8fg1/#R

Since the salt issue has stalled, it might be helped along by this individual below (vic viq), who claims to be a salt expert and has put his hand up to help in the qubes-devel forums during the last week →

https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-devel/EfQCiYcnc4g#!topic/qubes-devel/EfQCiYcnc4g

Suggest you call on this offer.

Excellent find! Done, asked.

Patrick · June 3, 2018, 5:24am

New blocker:

github.com/QubesOS/qubes-issues

qubes-core-agent /etc/qubes/post-install.d mechanism / qvm-features-request broken

opened 05:20AM - 03 Jun 18 UTC

closed 11:43PM - 13 Jun 18 UTC

adrelanos

T: bug C: core P: blocker r3.2-jessie-stable r3.2-stretch-stable r3.2-fc25-stable r4.0-jessie-stable r4.0-stretch-stable r4.0-centos7-stable r4.0-fc26-stable r3.2-fc26-stable r3.2-buster-stable r4.0-buster-stable r3.2-centos7-stable r3.2-fc27-stable r3.2-fc28-stable r4.0-fc27-stable r4.0-fc28-stable

### Qubes OS version: R4 ### Affected component(s): all templates ### S…teps to reproduce the behavior: Upgrade qubes core agent. When qubesdb is being upgraded (i.e. not running) and at the same time https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qubes.PostInstall is processing a ` /etc/qubes/post-install.d/` trigger, ### Expected behavior: Functional. ### Actual behavior: For example `qvm-features-request whonix-ws=1` won't work, because qubesdb not running. Other things from https://github.com/QubesOS/qubes-core-agent-linux/tree/master/post-install.d will also not work. ``` Leaving 'diversion of /etc/init/tty.conf to /etc/init/tty.conf.qubes-disabled by qubes-core-agent' Leaving 'diversion of /etc/init/serial.conf to /etc/init/serial.conf.qubes-orig by qubes-core-agent' No such key 'auto-update-type' in schema 'org.gnome.settings-daemon.plugins.updates' as specified in override file '/usr/share/glib-2.0/schemas/20_org.gnome.settings-daemon.plugins.updates.qubes.gschema.override'; ignoring override for this key. Failed connect to local daemon Traceback (most recent call last): File "/usr/bin/qvm-features-request", line 81, in <module> sys.exit(main()) File "/usr/bin/qvm-features-request", line 70, in main qdb = qubesdb.QubesDB() qubesdb.Error: (2, 'No such file or directory') Traceback (most recent call last): File "/usr/bin/qvm-features-request", line 81, in <module> sys.exit(main()) File "/usr/bin/qvm-features-request", line 70, in main qdb = qubesdb.QubesDB() qubesdb.Error: (2, 'No such file or directory') Traceback (most recent call last): File "/usr/bin/qvm-features-request", line 81, in <module> sys.exit(main()) File "/usr/bin/qvm-features-request", line 70, in main qdb = qubesdb.QubesDB() qubesdb.Error: (2, 'No such file or directory') Traceback (most recent call last): File "/usr/bin/qvm-features-request", line 81, in <module> sys.exit(main()) File "/usr/bin/qvm-features-request", line 70, in main qdb = qubesdb.QubesDB() qubesdb.Error: (2, 'No such file or directory') Setting up qubes-core-agent-networking (4.0.28-1+deb8u1) ... ``` ### General notes: I think the current /etc/qubes/post-install.d implementation is fragile. ### Related issues: Affects Whonix `anon-vm` tag implementation. https://www.whonix.org/wiki/Dev/Qubes#anon-vm_tag https://github.com/QubesOS/qubes-issues/issues/3765 https://github.com/QubesOS/qubes-issues/issues/3595

Patrick · June 13, 2018, 9:07pm

This will soon be resolved, hopefully. Soon available form Qubes testing repository.

Patrick · June 14, 2018, 9:07am

Not a blocker, but really really bad to ensure there won’t be leaks due to user configuration mistake.

github.com/QubesOS/qubes-issues

change Qubes network policy, UpdatesProxy to network disabled by default for better leak-proofness

opened 09:02AM - 14 Jun 18 UTC

adrelanos

T: enhancement C: core P: major privacy C: Whonix

### Qubes OS version: R4 and above ### Affected component(s): dom0, Whonix …### Steps to reproduce the behavior: Set NetVM of anon-whonix to default (sys-net). Then use system default networking `curl.anondist-orig https://check.torproject.org` or otherwise to connect to clearnet. ### Expected behavior: Secure defaults. No clearnet connections possible through small user configuration mistake / oversight. ### Actual behavior: Insecure defaults. Clearnet leak. ### General notes: Qubes UpdatesProxy mechanism currently is more likely to produce a leak in future. A leak as in a user expecting to have connections torified while these are over clearnet. The problem is, that https://github.com/QubesOS/qubes-core-admin/blob/master/qubes-rpc-policy/qubes.UpdatesProxy.policy by default says `$type:TemplateVM $default allow,target=sys-net`. And sys-net traffic isn't torified by default. Therefore, if any of the following goes wrong (salt / tags / qvm-features maybe / qubes-core-admin-addon-whonix), Whonix TemplateVMs might connect through clearnet. Would be better if `qubes.UpdatesProxy.policy` only included `$anyvm $anyvm deny` and then opt-in each and every TemplateVM rather than an opt-out approach. When the user wants torification, the default non-torification setting needs to be overwritten. This is done by salt: * https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/template-whonix-gw.sls - which depends on `tag:whonix-updatevm` * https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/updates-via-whonix.sls And then there is also https://github.com/QubesOS/qubes-core-admin-addon-whonix. The user accidentally setting a whonix-ws based AppVM such as anon-whonix to NetVM default (sys-net) results in `curl.anondist-orig https://check.torproject.org` being able to reach it over clearnet. This is a huge disadvantage over the VirtualBox version of Whonix where such mistakes are very very unlikely to happen. (Because the Whonix-Workstation VirtualBox version of Whonix has only an internal network card (in internal network `whonix`) - which cannot accidentally connect to clearnet.) ---- Qubes-Whonix has code to detect wrongly configured Qubes updates proxy settings and refuses to upgrade but that's just a workaround and more complexity (possible including bugs leading to situations where users cannot upgrade or false-positive warnings). * https://github.com/Whonix/qubes-whonix/blob/master/etc/uwt.d/40_qubes.conf * https://github.com/Whonix/qubes-whonix/blob/master/usr/lib/qubes-whonix/init/torified-updates-proxy-check * https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-torified-updates-proxy-check.service There's also `whonixcheck --leak-tests`. It's not a real fix, not as strong as a technical guarantee as it could be. ---- It's a complex design and interaction. Hard to fully understand (more so the more time passes). Prone for bugs in future or user mistake. In summary, Qubes default and technical design currently is: network-enabled, clearnet, options to change to network-disabled or torified For better control of connections the technical design should be: non-networked by default and then opt-in networking by using salt / core-admin-addon's.

Patrick · June 19, 2018, 9:06am

https://forums.whonix.org/t/whonix-14-will-be-a-rolling-distribution

Patrick · June 19, 2018, 9:06am

once testing this version is done, Whonix 14 will be released.

Patrick · June 25, 2018, 5:20am

github.com/QubesOS/qubes-issues

check Qubes-Whonix 14 Template Appmenus implementation

opened 05:23AM - 25 Jun 18 UTC

closed 07:08PM - 13 Jul 18 UTC

adrelanos

T: task C: Whonix

Do you think appmenus (Qubes start menu default entries) will work like this? A …quick look would be great so we don't need another template build just for this. (#4016) * https://github.com/Whonix/qubes-template-whonix * https://github.com/Whonix/qubes-template-whonix/tree/master/appmenus_stretch_whonix-gateway * https://github.com/Whonix/qubes-template-whonix/tree/master/appmenus_stretch_whonix-workstation [Just renamed from jessie to stretch (and removed wheezy symlinks).](https://github.com/Whonix/qubes-template-whonix/commit/f30acad3219ef9812d573ce39326a6e8b5a33cd1)

Patrick · June 27, 2018, 1:34am

Besides the known bugs on the Whonix and Qubes issue trackers, Whonix 14 should be ready as stable Whonix 14 release. Only waiting for new Qubes templates to be built and tested before the Whonix 14 release will be made.

HulaHoop · June 27, 2018, 2:29pm

Time to unleash its greatness? Wohoo!

Patrick · July 15, 2018, 3:38pm

~~Qubes-Whonix salt failing - sudo qubesctl state.sls qvm.anon-whonix dom0 · Issue #4082 · QubesOS/qubes-issues · GitHub~~

Patrick · July 15, 2018, 6:01pm

~~all Qubes-Whonix 14 Appmenu (Qubes start menu) entries missing · Issue #4083 · QubesOS/qubes-issues · GitHub~~

Patrick · July 17, 2018, 6:55am

~~some Qubes-Whonix 14 Appmenu (Qubes start menu) entries missing · Issue #4093 · QubesOS/qubes-issues · GitHub~~

Patrick · July 17, 2018, 8:52am

~~/usr/local fails to persist in Qubes-Whonix 14 / mount-dirs.sh[295]: head: error writing 'standard output': Broken pipe · Issue #4095 · QubesOS/qubes-issues · GitHub~~

Patrick · July 18, 2018, 4:30am

~~New templates fails to install on R3.2 - UnknownSignatureType · Issue #4100 · QubesOS/qubes-issues · GitHub~~

Patrick · July 20, 2018, 9:31am

/usr/local fails to persist in Qubes-Whonix 14 / mount-dirs.sh[295]: head: error writing 'standard output': Broken pipe · Issue #4095 · QubesOS/qubes-issues · GitHub is still an issue. Qubes-Whonix 14 on Qubes R3.2 affected only.

Qubes-Whonix 14 new templates on Qubes R4 should work well. Instructions: HowTo: Install the Testers-Only Version of Qubes-Whonix ™

Patrick · July 22, 2018, 2:04pm

When testing is done and no grave issues reported, Whonix 14 will be released.

iry · July 22, 2018, 6:07pm

What an exciting news!

Patrick · August 6, 2018, 7:01am

Patrick · August 6, 2018, 7:01am