Now have a file /home/user/whonix_binary/Whonix-Host-XFCE-15.0.0.2.0.raw.
du -sh whonix_binary/*
...
824M whonix_binary/Whonix-Host-XFCE-15.0.0.2.0.iso
4.3G whonix_binary/Whonix-Host-XFCE-15.0.0.2.0.raw
(I’ve prepended anon_dist_build_version=15.0.0.2.0 after sudo so I did not have to create a wholly new build. git tag 15.0.0.2.4-developers-only isn’t tested yet as a full build but I am positive it has good chances to succeed. More testing soon.)
I did not test yet if the iso would actually boot.
Due to the widely generic nature of Whonix build script it may even be possible to re-use 2550_convert-raw-to-iso to create bootable Whonix-Gateway or Whonix-Workstation, for whatever that may be worth.
I did not put qcow2 images into packages (yet) because I am not sure how to implement this and implementing above is quicker and easier. Maybe future work.
Please create tickets for any bugs, missing features, future work and/or pull requests with fixes.
I stopped posting all git commits here. Just too many and maybe not useful. I’ll move on the post only “major” ones, “interesting” ones, those who could use extra scrutiny and like that. The full set of changes after first import of the two scripts by @onion_knight and the result now can be seen here.
It’s because this should be done in chroot, otherwise it will look for the user:group libvirt-qemu on the host (building machine) and fail if they do not exist:
No live user is created. I think this due to the package user-setup not being installed, from cat /lib/live/config/0030-user-setup :
Init ()
{
# Checking if package is installed or already configured
if [ ! -e /var/lib/dpkg/info/user-setup.list ] ||
[ -e /var/lib/live/config/user-setup ]
then
exit 0
fi
echo -n " user-setup"
}
After install, it seems to work. “Seems” because I was not able to start a graphical session (see below).
There is a weird stupid annoying xfce4 error that fails to start a xfce4 session:
Debugging this is long and very frustrating. I’ll just do a full rebuild and see if it still fails.
Rebuilt everything. Still fails to load graphical session with
unable to load failsafe session
Unable to determine a failsafe session name. Possible causes:
xfconfd isn’t running (D-Bus setup problem);
environment variable $XDG_CONFIG_DIRS is set incorrectly (must include “/etc”), or xfce4-session is installed incorrectly
Something must be missing somewhere… It’s a very generic error that may be caused by many different issues.
Using the RAW disk file (in chroot) I’ve tried reinstalling manually X stuff, dbus, xinit (wasn’t installed), nothing works.
This error might be useful to debug:
Failed to open connection to "system" message bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
Recreating the non-existent dbus directory and reinstalling dbus (and even systemd) does not solve the problem. I still have the unable to load failsafe session after lightdm (even though the file /var/run/dbus/system_bus_socket now exists).
I have no idea what causes this crazy error and how to solve it. My head is about to explode…
The file /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session is now a link to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix.
This breaks XFCE4 as /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix's content does not seem to be compliant with what is expected to be in this file, thus preventing xfce4-session to be launched.
OK, I rebuilt sudo -E /home/user/Whonix/whonix_build --build --redistribute --target iso --flavor whonix-host-xfce --freedom false using git branch 15.0.0.2.7-developers-only and I am glad to report that it is working now, provided the following corrections:
File /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix breaks XFCE4, needs to be corrected (in the meantime I just did mv /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dpkg-new /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml)
Package user-setup needs to be installed in the master whonix-host-xfce VM otherwise live-boot will fail to create a live user
Package squashfs-tools needs to be installed in the master whonix-host-xfce VM otherwise Calamares will fail to install (it needs it to unsquashfs the filesystem.squashfs file into the target)
Package live-config needs to be installed in the master whonix-host-xfce VM otherwise live user will not be created in live-boot mode (it may already be the case, just a reminder)
Furthermore, the following bugs/corrections need to be addressed (and probably more to come):
Theming is completely broken. Live user starts with a default environment, while root user and newly installed user in the target have broken panel launchers (see screenshots below). Probably related to missing config in /etc/skel
Live user by default still has passwordless root rights. It seems it can be easily corrected by creating /etc/sudoers.d/live with right syntax and permissions, as described in live-config script /lib/live/config/0040-sudo:
Config ()
{
# Skip sudo configuration if username is root
case “${LIVE_USERNAME}” in
root)
exit 0
;;
esac
# Checking if package is already configured differently
if grep -qs "^${LIVE_USERNAME}" /etc/sudoers.d/live
then
exit 0
fi
echo "${LIVE_USERNAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/live
chmod 0440 /etc/sudoers.d/live
Grub boot menu of install target still has the same parameters of default Whonix-Host grub boot menu, i.e. normal + Live Boot. The live boot option line should be suppressed since the install target does not have live-boot packages anymore (suppressed during install). Furthermore, Debian/GNU Linux should be replaced by Whonix/GNU Linux
Some branding work to be done on the default debian Calamares installer. Very easy (working in progress, will post suggestions soon).
Still having problems with getting the clock right both on the ISO and install target.
The master Whonix-XFCE VM has no apt sources other than whonix. Is it on purpose?
No live user is created. I think this due to the package user-setup not being installed, from cat /lib/live/config/0030-user-setup :
added in git master
Debugging this is long and very frustrating.
Would it help to debug this using --target qcow2 (or --target raw)?
Then only that would be created, and no ISO. That might make starting
the build in a VM more convenient? (These --target’s are implemented and
might already build as is.)
Any other suggestions to ease debugging? I am all for making debugging
as simple as possible.
I did another build of normal hardened raw debian to compare and try to understand what went wrong. ( version: 15.0.0.2.7-developers-only):
sudo ./whonix_build --flavor hardened-debian-xfce --target raw --build
Result: I have the same exact error…
Also, I noticed that the user user is also inexistent on the --target raw build (no iso). Isn’t he supposed to be skipped only in the iso build?
Currently user “user” creation is an open question for Whonix host and
hardened debian builds. It’s not created in either. Also target raw,
qcow2 or iso, all currently does not create user “user” by any packages
by Whonix. Let me know if you have suggestion show to implement this. I
was considering to add a systemd unit file that creates user “user” at
first - perhaps persistent-only (?) - boot. What do you think?
Another inconsistency (during debugging)… build-step
1700_install-packages currently uses:
## Weak recommended packages so calamares can remove them.
if [ "$WHONIX_BUILD_ISO" = "true" ]; then
pkg-install-maybe calamares
pkg-install-maybe calamares-settings-debian
pkg-install-maybe live-config
pkg-install-maybe rsync
pkg-install-maybe user-setup
fi
I.e. it installs these packages only when using --target iso. I’ve
changed this in git master to