Whonix Desktop Installer with Calamares - field report

OK, I rebuilt sudo -E /home/user/Whonix/whonix_build --build --redistribute --target iso --flavor whonix-host-xfce --freedom false using git branch 15.0.0.2.7-developers-only and I am glad to report that it is working now, provided the following corrections:

• File /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix breaks XFCE4, needs to be corrected (in the meantime I just did mv /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dpkg-new /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml)

• Package user-setup needs to be installed in the master whonix-host-xfce VM otherwise live-boot will fail to create a live user

• Package squashfs-tools needs to be installed in the master whonix-host-xfce VM otherwise Calamares will fail to install (it needs it to unsquashfs the filesystem.squashfs file into the target)

• Package live-config needs to be installed in the master whonix-host-xfce VM otherwise live user will not be created in live-boot mode (it may already be the case, just a reminder)

Furthermore, the following bugs/corrections need to be addressed (and probably more to come):

• Theming is completely broken. Live user starts with a default environment, while root user and newly installed user in the target have broken panel launchers (see screenshots below). Probably related to missing config in /etc/skel

• Live user by default still has passwordless root rights. It seems it can be easily corrected by creating /etc/sudoers.d/live with right syntax and permissions, as described in live-config script /lib/live/config/0040-sudo:

  Config ()
  {
  # Skip sudo configuration if username is root
  case “${LIVE_USERNAME}” in
  root)
  exit 0
  ;;
  esac

    # Checking if package is already configured differently
    if grep -qs "^${LIVE_USERNAME}" /etc/sudoers.d/live
    then
    	exit 0
    fi
  
    echo "${LIVE_USERNAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/live
    chmod 0440 /etc/sudoers.d/live
  

• Grub boot menu of install target still has the same parameters of default Whonix-Host grub boot menu, i.e. normal + Live Boot. The live boot option line should be suppressed since the install target does not have live-boot packages anymore (suppressed during install). Furthermore, Debian/GNU Linux should be replaced by Whonix/GNU Linux

• Some branding work to be done on the default debian Calamares installer. Very easy (working in progress, will post suggestions soon).

• Still having problems with getting the clock right both on the ISO and install target.

• The master Whonix-XFCE VM has no apt sources other than whonix. Is it on purpose?

Some screenshots:

Screenshot_2019-05-15_15-59-30.png1023×765 269 KB

Screenshot_2019-05-15_16-00-03.png1021×762 258 KB

Booting the ISO with root user

Screenshot_2019-05-15_16-00-44.png730×488 2.76 KB

Screenshot_2019-05-15_16-01-31.png1027×765 257 KB

chroot changing of permissions should now be fixed but untested in
actual build.

onion_knight via Whonix Forum:

Build complete.

Great!

Problems:

1. No live user is created. I think this due to the package user-setup not being installed, from cat /lib/live/config/0030-user-setup :

added in git master

Debugging this is long and very frustrating.

Would it help to debug this using --target qcow2 (or --target raw)?
Then only that would be created, and no ISO. That might make starting
the build in a VM more convenient? (These --target’s are implemented and
might already build as is.)

Any other suggestions to ease debugging? I am all for making debugging
as simple as possible.

onion_knight via Whonix Forum:

I did another build of normal hardened raw debian to compare and try to understand what went wrong. ( version: 15.0.0.2.7-developers-only):

sudo ./whonix_build --flavor hardened-debian-xfce --target raw --build

Result: I have the same exact error…

Also, I noticed that the user user is also inexistent on the --target raw build (no iso). Isn’t he supposed to be skipped only in the iso build?

Currently user “user” creation is an open question for Whonix host and
hardened debian builds. It’s not created in either. Also target raw,
qcow2 or iso, all currently does not create user “user” by any packages
by Whonix. Let me know if you have suggestion show to implement this. I
was considering to add a systemd unit file that creates user “user” at
first - perhaps persistent-only (?) - boot. What do you think?

Another inconsistency (during debugging)… build-step
1700_install-packages currently uses:

   ## Weak recommended packages so calamares can remove them.
   if [ "$WHONIX_BUILD_ISO" = "true" ]; then
      pkg-install-maybe calamares
      pkg-install-maybe calamares-settings-debian
      pkg-install-maybe live-config
      pkg-install-maybe rsync
      pkg-install-maybe user-setup
   fi

I.e. it installs these packages only when using --target iso. I’ve
changed this in git master to

if [ "$WHONIX_BUILD_TYPE" = "whonix-host" ]; then

I.e. this will work for any --flavor whonix-host…

(Not implemented yet for hardened debian.)

Alternatively install the required packages or just don’t remove them so you can also run the host live.

(Stuff not mentioned: noticed, but not addressed yet.)

Would it help for debugging if VM files in ~/whonix_binary folder were
non-versioned? So greater Whonix host version than VM versions could be
used to build without need to adjust version number or Whonix version
variable manually?

onion_knight via Whonix Forum:

• File /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix breaks XFCE4, needs to be corrected (in the meantime I just did mv /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dpkg-new /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml)

That should also break regular Whonix-(Gateway|Workstation) XFCE VM
builds too? Move to /etc/xdg/xfce4/ folder was just added recently and
untested.

ls -la /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
lrwxrwxrwx 1 root root 24 May 16 10:50
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml ->
xfce4-session.xml.whonix

Maybe symlinks are unsupported by XFCE?

ls -la /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
total 44
drwxr-xr-x 2 root root 4096 May 16 10:50 .
drwxr-xr-x 3 root root 4096 Nov 17 05:17 ..
-rw-r--r-- 1 root root 1024 May 13 06:03 xfce4-desktop.xml
-rw-r--r-- 1 root root 5961 May  6  2015 xfce4-keyboard-shortcuts.xml
-rw-r--r-- 1 root root 2940 May 13 06:03 xfce4-panel.xml
lrwxrwxrwx 1 root root   24 May 16 10:50 xfce4-session.xml ->
xfce4-session.xml.whonix
-rw-r--r-- 1 root root  211 May 13 06:03 xfce4-session.xml.whonix
-rw-r--r-- 1 root root 1551 Oct 21  2017 xfce4-session.xml.whonix-orig
-rw-r--r-- 1 root root  246 May 13 06:03 xfwm4.xml
lrwxrwxrwx 1 root root   20 May 16 10:50 xsettings.xml ->
xsettings.xml.whonix
-rw-r--r-- 1 root root  316 May 13 06:03 xsettings.xml.whonix
-rw-r--r-- 1 root root 2610 Jul  9  2018 xsettings.xml.whonix-orig

• Package user-setup needs to be installed in the master whonix-host-xfce VM otherwise live-boot will fail to create a live user

Done in git master.

• Package squashfs-tools needs to be installed in the master whonix-host-xfce VM otherwise Calamares will fail to install (it needs it to unsquashfs the filesystem.squashfs file into the target)

Done in git master.

• Package live-config needs to be installed in the master whonix-host-xfce VM otherwise live user will not be created in live-boot mode (it may already be the case, just a reminder)

Wondering why you added “VM” here?

As per

calamares
calamares-settings-debian
live-config
rsync
user-setup
squashfs-tools

• Grub boot menu of install target still has the same parameters of default Whonix-Host grub boot menu, i.e. normal + Live Boot. The live boot option line should be suppressed since the install target does not have live-boot packages anymore (suppressed during install). Furthermore, Debian/GNU Linux should be replaced by Whonix/GNU Linux

This is because package whonix-base-files is not installed on Whonix
host (yet) which ships /etc/default/grub.d/30_whonix.cfg (because that
package would create user user) during installation. Once user “user”
creation is sorted, we probably want to install that package anyhow?

All fixed mentioned so far are untested and included in
15.0.0.2.8-developers-only.

This is what I do: I test everything in a (copied) version of the raw file that I boot in KVM. I test stuff in persistent/live-mode and one things seem clean, I make the needed adjustments in the master raw and then only the ISO file. Remastering the ISO file each time would be very long. This error was very difficult to debug because it was very generic, and can be caused by a ton of different things. Eventually, I just did a diff between all files installed in the previous hardened version and in the whonix-host to see what changed…

If we want a hardened-debian VM, I think user should be created. If we want an live ISO-installer, then no. So --flavor whonix-host should trigger the skipping of user creation, while all other flavours should create it as was the case before (don’t know if clear enough - easy to do?).

I read somewhere that they have to be deleted on debian during the install otherwise the install would not be bootable… Obviously needs some more testing/research.

Maybe, but I suspect that this file needs at least these settings:

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-session" version="1.0">
  <property name="general" type="empty">
    <property name="FailsafeSessionName" type="string" value="Failsafe"/>
  </property>
  <property name="sessions" type="empty">
    <property name="Failsafe" type="empty">
      <property name="IsFailsafe" type="bool" value="true"/>
      <property name="Count" type="int" value="5"/>
      <property name="Client0_Command" type="array">
        <value type="string" value="xfwm4"/>
      </property>

And now:

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-session" version="1.0">
  <property name="general" type="empty">
    <property name="SaveOnExit" type="bool" value="false"/>
  </property>
</channel>

Can’t we keep the default one?

Great!

OK would it be feasible to ship this particular file with another package? Or just writing it during build?

Great, I’ll try a build now!

Just built Whonix-Host-XFCE 15.0.0.2.8-developers-only

XFCE still broken because of misconfigured xfce4-session.xml.whonix file.

Once corrected, everything seems to be fine. Debian Live User is created on boot.

Didn’t try out the installer yet, but should be fine too I guess.

Theming is still broken though, but I understand it is not a priority right now.

Other issues still need to be addressed (see my posts above, passwordless sudo rights for Live User, etc.).

Almost operational

Trying out the Calamares Installer on this new build (in KVM, not on real hardware).

Installation failed in job packages:
Command 'apt-get --purge -q -y remove live-boot live-boot-doc...' returned non-zero exit status 100
-> it fails because it doesn’t find the packages live-config-doc, live-task-localisation and live-boot-doc in the ISO (and thus in the install target where it extracted the filesystem.squashfs image of the ISO file).

Did you remove them from the list of installed packages? Or they are in --no-install dependencies mode?

Anyway, removing these packages from the/etc/calamares/modules/packages.conf.whonix file solves the problem. So I guess that is sufficient.

This version works:

backend: apt

operations:
   - remove:
      - 'live-boot'
      - 'live-config'
      - 'live-config-systemd'
      - 'live-config-systemd'
      - 'live-tools'
      - 'calamares'
      - 'calamares-settings-debian'
EOF

onion_knight via Whonix Forum:

• File /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.whonix
  breaks XFCE4, needs to be corrected (in the meantime I just did mv /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dpkg-new /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml)

onion_knight via Whonix Forum:

Can’t we keep the default one?

I merged the Debian one, and Whonix modifications into one. The result
is here:

Not sure if this is what you meant? Hopefully that works. The change by
Whonix looks of medium importance, disabling session saving. Not yet tested.

I’ll process a few more easy to add fixes in new posts to come soon, and
then create a new git tag.

No.

Yes. Have to use this.

Fixed.

Package xfce4-session also owns file

/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml

Package xfce4-settings also owns file:

/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml

/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfwm4.xml lxqt-common

etc.

I did undo all the port form /etc/skel to /etc/xdg.

If we want a hardened-debian VM, I think user should be created. If we want an live ISO-installer, then no. So --flavor whonix-host should trigger the skipping of user creation, while all other flavours should create it as was the case before (don’t know if clear enough - easy to do?).

Will be covered by https://phabricator.whonix.org/T913

Any idea how the systemd unit file would detect that we are booting into
calamares so it will skip and not create user user?

Maybe, but I suspect that this file needs at least these settings:

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-session" version="1.0">
  <property name="general" type="empty">
    <property name="FailsafeSessionName" type="string" value="Failsafe"/>
  </property>
  <property name="sessions" type="empty">
    <property name="Failsafe" type="empty">
      <property name="IsFailsafe" type="bool" value="true"/>
      <property name="Count" type="int" value="5"/>
      <property name="Client0_Command" type="array">
        <value type="string" value="xfwm4"/>
      </property>

And now:

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-session" version="1.0">
  <property name="general" type="empty">
    <property name="SaveOnExit" type="bool" value="false"/>
  </property>
</channel>

Can’t we keep the default one?

This should be solved by:

OK would it be feasible to ship this particular file with another package? Or just writing it during build?

whonix-base-files can continue to ship
/etc/default/grub.d/30_whonix.cfg. User user creation will be sorted
out in https://phabricator.whonix.org/T913

onion_knight via Whonix Forum:

XFCE still broken because of misconfigured xfce4-session.xml.whonix file.

That should be fixed in
https://github.com/Whonix/whonix-xfce-desktop-config and in next Whonix
tag yet to be created.

Theming is still broken though, but I understand it is not a priority right now.

Not really anything sorted by priority yet. all needs implementation.

https://phabricator.whonix.org/project/board/145/

https://phabricator.whonix.org/project/view/26/

https://phabricator.whonix.org/project/view/132/

Other issues still need to be addressed (see my posts above, passwordless sudo rights for Live User, etc.).

I should have created tickets for all of that?

Please have a look at:

https://phabricator.whonix.org/feed/

Please kindly create tickets for any missing items.

It’s rather difficult to take action based on forum posts for me if it
is getting complex and convulsed with a bunch of tasks that require
different work such as research, implementation, build, testing that all
easily take more than 1 hour of time.

Didn’t see that until now becuase no one copied me. Seems that dnsmasq package is missing on Whonix Host which prevents the network from starting NAT successfully.

Should dnsmasq then be part of the https://www.whonix.org/wiki/KVM guide?

dnsmasq is a DHCP server. Security issue having it installed on the host? Can be reconfigured to serve KVM only? If yes, any alternative without dnsmasq?

If ok or no alternative, could you add to Depends: please here:

Scratch that, That was a wrong guess. Tested libvirt/KVM install on Buster and dnsmasq-base is one of the automatically installed deps of libvirt. There are no security problems with the way libvirt uses and confgures it. It is otherwise not active for external interfaces. (links about that will be posted shortly in the DHCP thread).

I have no idea what other reason causes Whonix-External to fail. Let’s deal with it when other blockers are solved.

HulaHoop via Whonix Forum:

I have no idea what other reason causes Whonix-External to fail. Let’s deal with it when other blockers are solved.

Only start is failing inside chroot but start inside chroot is not
important at all as long as start works when the image gets actually booted.

Could calamares be configured to somehow not create user user during boot instead? That would simplify implementation on the Whonix side a lot.

Then we might be able to use /usr/share/pam-configs/mkhomedir ( http://blog.dailystuff.nl/2012/07/create-home-directory-on-first-login/ ) which would also solve https://phabricator.whonix.org/T913 / bug: not all files form /etc/skel are copied to /home/user.

( sudo pam-auth-update --enable mkhomedir )

Hi @Patrick

I am not sure I understand what you ask.

Here is how it works last time I tested:

-> Starting “Whonix-Desktop-with-Calamares-Installer” in live-mode: live-user is created on boot if correct kernel flags or appended (so already working)
-> Using Calamares-Installer: the user creates a user for his new machine he is installing Whonix-Desktop on (is this what you would like to suppress?)

Just to let you know that I am currently rebuilding from scratch with version 15.0.0.3.3.