Whonix Desktop Installer with Calamares - field report

Patrick · May 12, 2019, 7:35am

https://github.com/Whonix/Whonix/commit/21e53c63fd85fb0bdb16c937730103bab3698269

https://github.com/Whonix/Whonix/commit/4dad36875fe3b8d2b6f0a5024fc3626688332cc5

Patrick · May 12, 2019, 8:26am

freedom vs nonfreedom build siwtches are now implemented.

Example pure build only containing Freedom Software.

sudo ./whonix_build --target qcow2 --flavor whonix-host-xfce --freedom true --build --redistribute

results in installation of package whonix-host-xfce-kvm-freedom

vs Example containing nonfreedom software.

sudo ./whonix_build --target qcow2 --flavor whonix-host-xfce --freedom false --build --redistribute

results in installation of package whonix-host-xfce-kvm-nonfreedom

Patrick · May 12, 2019, 8:27am

https://github.com/Whonix/Whonix/commit/d74ec50c6da27cdf066cacd87ce903b39306e9f1

https://github.com/Whonix/Whonix/commit/006dfd933e7902a5cbecc386171ea777d1c5c987

https://github.com/Whonix/Whonix/commit/26802c5566ae9a97cb05d8c01c712fe486e2c354

Patrick · May 12, 2019, 8:33am

https://github.com/Whonix/Whonix/commit/61d26248c569c19b04794df2e4e54cb89b183f2a

Patrick · May 12, 2019, 8:36am

I’ll be moving as much as possible from the two new build steps to packages. First was vboxsf group issue, next done is package insatllation.

https://github.com/Whonix/Whonix/commit/7897954192072c7b7e7228a29c60195268da6866

I plan on moving as much as possible from function configure-kvm() to package GitHub - Kicksecure/libvirt-dist: Libvirt XML Files for Derivative Linux Distributions KVM - https:/www.kicksecure.com/wiki/KVM / https://www.whonix.org/wiki/KVM.

Patrick · May 12, 2019, 9:13am

https://github.com/Whonix/Whonix/commit/4a03bbe9662a92ebb6d83fddd357c8eb63c5d713

https://github.com/Whonix/whonix-libvirt/blob/master/usr/lib/whonix-libvirt/install

/usr/lib/whonix-libvirt/install is currently not (yet?) idempotent, meaning

it cannot be re-run without error
if it breaks in the middle, it cannot recover when run again

Not yet added to postinst but soon.

I am not sure what’s best. It could be easily made idempotent but then we would keep re-running its commands on each time whonix-libvirt gets upgraded. I guess the best solution is to make it idempotent but run it only at initial installation. That’s what I’ll be going for unless there are better suggestions.

Patrick · May 12, 2019, 9:19am

Patrick · May 12, 2019, 9:32am

https://github.com/Whonix/Whonix/commit/029a780168053d743e4b5a8abd539549b79f07f0

Patrick · May 12, 2019, 9:33am

https://github.com/Whonix/Whonix/commit/597875c6700909cf1e8cd021be0f37d956da68ab

and intend style changes that hopefully did not break anything.

Patrick · May 12, 2019, 9:44am

https://github.com/Whonix/Whonix/commit/5e8fc7a31db91dbf6a58a9a1b5bb84a0d98820da

https://github.com/Whonix/Whonix/commit/2306b25846cec9cc6f2acd1b34ad64e7db9bd4e5

Patrick · May 12, 2019, 9:48am

This was to make whonix-initializer install on hardened debian / whonix host builds too, so the cleanup chroot script runs there too.

Patrick · May 12, 2019, 9:59am

Patrick · May 12, 2019, 10:40am

https://github.com/Whonix/Whonix/commit/400827e09b3158618686b151229684f6e4fe7e85

https://github.com/Whonix/Whonix/commit/54fa6e8d1d02912c5328b619eb973e79fd83c674

Patrick · May 12, 2019, 10:42am

In whonix-stuff/2950_create_iso_sketch at master · onions-knight/whonix-stuff · GitHub why did you put some commands into ( )?

For example

	(cd $RAW_DIRECTORY/image/ && \

		cp /usr/lib/ISOLINUX/isolinux.bin isolinux/ && \
		cp /usr/lib/syslinux/modules/bios/menu.c32 isolinux/ && \
		cp /usr/lib/syslinux/modules/bios/hdt.c32 isolinux/ && \
		cp /usr/lib/syslinux/modules/bios/ldlinux.c32 isolinux/ && \
		cp /usr/lib/syslinux/modules/bios/libutil.c32 isolinux/ && \
		cp /usr/lib/syslinux/modules/bios/libmenu.c32 isolinux/ && \
		cp /usr/lib/syslinux/modules/bios/libcom32.c32 isolinux/ && \
		cp /usr/lib/syslinux/modules/bios/libgpl.c32 isolinux/ && \
		cp /usr/share/misc/pci.ids isolinux/ && \
		cp /boot/memtest86+.bin live/memtest
	)

What is the first ( and last ) used for?

onion_knight · May 12, 2019, 10:56am

I don’t remember. I don’t think they are necessary.

Patrick · May 12, 2019, 11:11am

Great. Therefore simplified the code https://github.com/Whonix/Whonix/commit/9b5cfadc82cca8c615ccec51112d7544f6d2cd85 (and hopefully not introduced any bugs).

Patrick · May 12, 2019, 11:18am

https://github.com/Whonix/Whonix/commit/6b82ac0d3fb99ff9e8f8d9133bd4cb9226ccc504

Patrick · May 12, 2019, 11:29am

Wondering about these 3 [and fortunately only] generated source files now.

/grub-embedded.cfg
/image/boot/isolinux/isolinux.cfg
/image/boot/grub/grub.cfg

Is there a more suitable place for grub-embedded.cfg other than the root / directory?
Would /image/boot/grub/grub-embedded.cfg be a good place?

Can we drop /imagefrom path to be compliant with FHS?

Would it be appropriate if these 3 files were shipped by some package?

If yes, great.
If no: Rather than generating these source files I would prefer putting them into standalone files.

Patrick · May 12, 2019, 11:30am

Just recognized that /boot/grub/grub.cfg is not a great idea to be owned by a package that stays installed. That would break the usual upgrade-grub mechanism during apt dist-upgrades.

/image/boot however (or otherwise) would be ok?

HulaHoop · May 12, 2019, 4:59pm

haven’t seen any results on that. Worth trying then see if package changes break anything.