Whonix Desktop Installer with Calamares - field report

Patrick · July 17, 2019, 8:33pm

onion_knight via Whonix Forum:

Patrick:
Sure you are not building from git master?
There was work on this:
Restrict root access
These are not yet tested in a new build and might cause some issues.

Does /var/lib/dpkg/info/anon-base-files.postinst contain passwd ? To check:
cat /var/lib/dpkg/info/anon-base-files.postinst | grep 
This would mean you build from git master.
There is no such file:
ls var/lib/dpkg/info/anon-*
var/lib/dpkg/info/anon-icon-pack.list
var/lib/dpkg/info/anon-icon-pack.md5sums
var/lib/dpkg/info/anon-icon-pack.postinst
var/lib/dpkg/info/anon-icon-pack.postrm

No anon-base-files installed package then. “Good” because nothing
“randomly” pulls the package. “Bad” because then also nothing sets
password for user “user” to “changeme”. Expected that sudo does not work
then since no password is set.

Just now added anon-base-files to whonix-host-xfce-kvm-freedom for user
“user” creation. Will be included in next git tag.

To gain “emergency” root, next git tag will also include a passwordless
recovery mode.

( Restrict root access - #46 by Patrick )
( Recovery - Kicksecure )

(But that might already work in your build too.)
(For example, set a root password from recovery mode, or whatever
needed, type “exit” and continue boot.)

Can you boot the raw image of Whonix host for further experimentation
rather than iso? That might help making persistent changes (such

This is all the commands I used for building. Is it correct?:

git clone --jobs=4 --recursive https://github.com/Whonix/Whonix
cd Whonix
git branch 15.0.0.3.3-stable
git checkout 15.0.0.3.3-stable
sudo -E ./whonix_build --build --redistribute --target iso --flavor whonix-host-xfce --freedom false

Looks correct.

build-steps.d/1100_prepare-build-machine does

sudo $SUDO_OPTS git submodule sync --recursive
sudo $SUDO_OPTS git submodule update --init --recursive --jobs=200

the latter should set the git submodules to the correct git revision.

Does manually running git submodule update do something? It should not
but if it does it sets the correct revision (as it should reflect the
git tag).

OK as per the official guide there is a virtinst package needed for creating/cloning VMs via commandline. Please install and let me know if it works.

KVM - Debian Wiki

Could you please make KVM - Debian Wiki suitable
for use with apt --no-install-recommends? @HulaHoop

Thanks, will try it later. I didn’t have this problem last time I built a Whonix-Host-ISO (in May I think). Was the package removed from the Whonix-Host build?

I did not touch it. Manual build vs --no-install-recommends issue?