This is what I do: I test everything in a (copied) version of the raw file that I boot in KVM. I test stuff in persistent/live-mode and one things seem clean, I make the needed adjustments in the master raw and then only the ISO file. Remastering the ISO file each time would be very long. This error was very difficult to debug because it was very generic, and can be caused by a ton of different things. Eventually, I just did a diff between all files installed in the previous hardened version and in the whonix-host to see what changed…
If we want a hardened-debian VM, I think user should be created. If we want an live ISO-installer, then no. So --flavor whonix-host should trigger the skipping of user creation, while all other flavours should create it as was the case before (don’t know if clear enough - easy to do?).
I read somewhere that they have to be deleted on debian during the install otherwise the install would not be bootable… Obviously needs some more testing/research.
Maybe, but I suspect that this file needs at least these settings:
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-session" version="1.0">
<property name="general" type="empty">
<property name="FailsafeSessionName" type="string" value="Failsafe"/>
</property>
<property name="sessions" type="empty">
<property name="Failsafe" type="empty">
<property name="IsFailsafe" type="bool" value="true"/>
<property name="Count" type="int" value="5"/>
<property name="Client0_Command" type="array">
<value type="string" value="xfwm4"/>
</property>
And now:
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-session" version="1.0">
<property name="general" type="empty">
<property name="SaveOnExit" type="bool" value="false"/>
</property>
</channel>
Can’t we keep the default one?
Great!
OK would it be feasible to ship this particular file with another package? Or just writing it during build?
Great, I’ll try a build now!