This specifically could use some review since I moved the files into their own source files.
https://github.com/Whonix/Whonix/commit/23f794a6261a079bc595f6e1d3693c19bb102c1b
Iso creation build step paths modified.
https://github.com/Whonix/Whonix/commit/3d5b7712a7694279cfd2acecbdadb7cad3022bde
https://github.com/Whonix/Whonix/commit/e10f3a5d9f9b8af84e1289814c712956f032b346
https://github.com/Whonix/Whonix/commit/10f4b0974e11ab9f398f1cb8c577dffcabe2482e
Build step https://github.com/Whonix/Whonix/blob/master/build-steps.d/2550_convert-raw-to-iso looks now in OK shape as far as integration into Whonix build script. It’s entirely untested. There are some code style imperfections but may be good enough.
Btw 2900_configure_desktop_sketch is not executable at this point and actually ignored by the build. It is there for reference, things that are not merged in any Whonix packages yet. As more stuff gets merged, the smaller 2900_configure_desktop_sketch becomes. Every time something is removed, there will be (mostly) an accompanying commit message explaining it. It looks possible to completely merge all functionality of 2900_configure_desktop_sketch in Whonix packages.
15.0.0.2.0-developers-only successfully build but not an iso yet.
sudo -E /home/user/Whonix/whonix_build --build --redistribute --target iso --flavor whonix-host-xfce --freedom falseBuild step https://github.com/Whonix/Whonix/blob/master/build-steps.d/2550_convert-raw-to-iso is now tested standalone in git tag 15.0.0.2.4-developers-only in so far that it creates an iso! 
The following worked for me.
sudo anon_dist_build_version=15.0.0.2.0 ./build-steps.d/2550_convert-raw-to-iso --build --redistribute --target iso --flavor whonix-host-xfce --freedom false
Now have a file /home/user/whonix_binary/Whonix-Host-XFCE-15.0.0.2.0.raw.
du -sh whonix_binary/*
...
824M whonix_binary/Whonix-Host-XFCE-15.0.0.2.0.iso
4.3G whonix_binary/Whonix-Host-XFCE-15.0.0.2.0.raw
(I’ve prepended anon_dist_build_version=15.0.0.2.0 after sudo so I did not have to create a wholly new build. git tag 15.0.0.2.4-developers-only isn’t tested yet as a full build but I am positive it has good chances to succeed. More testing soon.)
I did not test yet if the iso would actually boot.
Due to the widely generic nature of Whonix build script it may even be possible to re-use 2550_convert-raw-to-iso to create bootable Whonix-Gateway or Whonix-Workstation, for whatever that may be worth.
https://github.com/Whonix/Whonix/commit/5581117170f827f630b6173bf8397df8637488fc
https://github.com/Whonix/Whonix/commit/b2cb893c135cd8b5ce658d92a2271f60f9fa9889
Build step 1800_copy_vms_into_raw now looks good in theory but untested.
https://github.com/Whonix/Whonix/blob/master/build-steps.d/1800_copy_vms_into_raw
I did not put qcow2 images into packages (yet) because I am not sure how to implement this and implementing above is quicker and easier. Maybe future work.
The two scripts by @onion_knight are now fully incorporated into Whonix source code.
Done in git tag 15.0.0.2.6-developers-only.
In theory the following three commands should have the same ISO as result as @onion_knight.
sudo -E /home/user/Whonix/whonix_build --build --redistribute --target qcow2 --flavor whonix-gateway-xfce
sudo -E /home/user/Whonix/whonix_build --build --redistribute --target qcow2 --flavor whonix-workstation-xfce
sudo -E /home/user/Whonix/whonix_build --build --redistribute --target iso --flavor whonix-host-xfce --freedom false
My activity will be lower for the next few days.
Please create tickets for any bugs, missing features, future work and/or pull requests with fixes.
I stopped posting all git commits here. Just too many and maybe not useful. I’ll move on the post only “major” ones, “interesting” ones, those who could use extra scrutiny and like that. The full set of changes after first import of the two scripts by @onion_knight and the result now can be seen here.
https://github.com/Whonix/Whonix/compare/15.0.0.1.2-developers-only...15.0.0.2.6-developers-only
Amazing, testing now
1 Like
OK, currently building with
sudo -E /home/user/Whonix/whonix_build --build --redistribute --target iso --flavor whonix-host-xfce --freedom false
and git branch 15.0.0.2.7-developers-only
I have added the Whonix-Gateway/Workstation .qcow2 myself with the correct version numbers in the build host.
The build fails at
build-steps.d/1800_copy_vms_into_raw
chown -v -R libvirt-qemu:libvirt-qemu /home/user/whonix_binary/Whonix-Host-XFCE_image/var/lib/libvirt/images/Whonix-Gateway.qcow2
chown: invalid user: ‘libvirt-qemu:libvirt-qemu’
It’s because this should be done in chroot, otherwise it will look for the user:group libvirt-qemu on the host (building machine) and fail if they do not exist:
chown -v -R libvirt-qemu:libvirt-qemu "$CHROOT_FOLDER/var/lib/libvirt/images/Whonix-Gateway.qcow2"
chown -v -R libvirt-qemu:libvirt-qemu "$CHROOT_FOLDER/var/lib/libvirt/images/Whonix-Workstation.qcow2"
This instead seems to work:
$CHROOT chown -v -R libvirt-qemu:libvirt-qemu /var/lib/libvirt/images/Whonix-Gateway.qcow2
$CHROOT chown -v -R libvirt-qemu:libvirt-qemu /var/lib/libvirt/images/Whonix-Workstation.qcow2
1 Like
Build complete.
Problems:
-
No live user is created. I think this due to the package
user-setupnot being installed, fromcat /lib/live/config/0030-user-setup:Init ()
{
# Checking if package is installed or already configured
if [ ! -e /var/lib/dpkg/info/user-setup.list ] ||
[ -e /var/lib/live/config/user-setup ]
then
exit 0
fiecho -n " user-setup"}
After install, it seems to work. “Seems” because I was not able to start a graphical session (see below).
- There is a weird stupid annoying xfce4 error that fails to start a xfce4 session:
Debugging this is long and very frustrating. I’ll just do a full rebuild and see if it still fails.
1 Like
Rebuilt everything. Still fails to load graphical session with
unable to load failsafe session
Unable to determine a failsafe session name. Possible causes:
xfconfd isn’t running (D-Bus setup problem);
environment variable $XDG_CONFIG_DIRS is set incorrectly (must include “/etc”), or xfce4-session is installed incorrectly
Something must be missing somewhere… It’s a very generic error that may be caused by many different issues.
1 Like
Using the RAW disk file (in chroot) I’ve tried reinstalling manually X stuff, dbus, xinit (wasn’t installed), nothing works.
This error might be useful to debug:
Failed to open connection to "system" message bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
Recreating the non-existent dbus directory and reinstalling dbus (and even systemd) does not solve the problem. I still have the unable to load failsafe session after lightdm (even though the file /var/run/dbus/system_bus_socket now exists).
I have no idea what causes this crazy error and how to solve it. My head is about to explode…
1 Like
I did another build of normal hardened raw debian to compare and try to understand what went wrong. ( version: 15.0.0.2.7-developers-only):
sudo ./whonix_build --flavor hardened-debian-xfce --target raw --build
Result: I have the same exact error…
Also, I noticed that the user user is also inexistent on the --target raw build (no iso). Isn’t he supposed to be skipped only in the iso build?
1 Like
After literally HOURS of useless debugging I think I have finally found the culprit.
The following xfce4 config files are unique to version 15.0.0.2.7 when compared to version 15.0.0.1.0-2:
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dpkg-new
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfwm4.xml
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dpkg-new
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.whonix
The file /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session is now a link to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix.
This breaks XFCE4 as /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix's content does not seem to be compliant with what is expected to be in this file, thus preventing xfce4-session to be launched.
A simple
mv /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dpkg-new /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
seems to solve the problem! (or just reviewing this particular file in the build process)
2 Likes