Simplified Package Build Process
genmkfile is no longer a build dependency.
genmkfile is now only a tool useful for developers. It provides commands such as genmkfile manpages
or genmkfile debinstfile
. See make help
. It’s no longer using a Makefile
but can be used like any other tool by running genmkfile
from command line. Therefore most Whonix packages now no longer depend on any other Whonix packages. Therefore getting started with development of any specific package got easier.
See:
chroot debootstrap install Whonix / Kicksecure to folder
Other Linux distributions such as Qubes and ParrotOS indicated interest in a package developed by Whonix developers, namely security-misc, which does Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings.
- Package security-misc from Whonix to Qubes · Issue #1885 · QubesOS/qubes-issues · GitHub
- https://community.parrotlinux.org/t/parrotos-hardening/11649
- ParrotOS + Whonix
But security-misc is only one component of security hardening. These and other Linux distributions might in future become interested to re-base to Kicksecure, which is a security-hardened, non-anonymous Linux Distribution.
chroot / debootstrap
is a method to download (“install”) a Linux distribution in a folder from an already installed operating system. This has many uses and can be used to build a derivative (of Kicksecure) Linux distribution or Qubes template.
Actually not debootstrap
but mmdebstrap
which is better.
More about Kicksecure:
How to install Kicksecure in a chroot:
Continuous Integration (CI)
One test running on Travis CI uses travis.debian.net script (sets up a docker container which runs Debian) where package whonix-host-xfce-kvm-nonfreedom
gets installed for real.
Another two tests running on Travis CI (one not using apt-cacher-ng, another using apt-cacher-ng) uses mmbdebstrap
to create a chroot for the following meta packages whonix-host-xfce-kvm-nonfreedom
, qubes-whonix-gateway
, qubes-whonix-workstation
, kicksecure-cli
, kicksecure-cli-vm
, kicksecure-xfce
, kicksecure-xfce-vm
, non-qubes-whonix-gateway-xfce
, non-qubes-whonix-workstation-xfce
, which then pull other Whonix packages. Therefore many new build bugs can be quickly spotted.
generally:
a recent successful build:
Consolidating Whonix Packages
Progress was made, see: consolidating Whonix packages.
Fix Extraneous Whonix Default Installed Packages Bug
See Whonix default packages review - mmdebstrap varriant related - risk of regressions.
Whonix for arm64 / Raspberry Pi ( RPi )
Quote Whonix for arm64 / Raspberry Pi ( RPi ) - duplicate forum topic - #153
There might still be minor build issues or unrelated issues due to the recent development efforts. Therefore this is likely to work better when the next stable release of Whonix gets released.
Note: only the build was fixed. I didn’t try to boot the image let alone try it on real hardware. You could help the development if you could create instructions how to boot that image using virtualization such as libvirt configuration files and/or qemu command line to boot the image from a amd64 host.
It would be good if we had a Debian based CI (continuous integration) server with full support to use
mount
etc. Then Whonix build script could continue to build RPi builds on that server to make sure that new changes don’t break again RPi builds.
Whonix-Host
Features:
- Debian based,
- virtualizer KVM pre-installed
- Whonix-Gateway KVM pre-installed
- Whonix-Workstation KVM pre-installed
- Kicksecure hardened by default.
- Whonix-Host Live ISO
- Installable to internal hard drive or external USB.
- Whonix-Host Installed version can be booted into Persistent Mode or Live Mode.
Whonix-Host development progressed.
See task list for initial release of Whonix-Host:
⚓ Query: Advanced Search
Help welcome!
Fixing the Desktop Linux Security Model
See also previous Whonix blog post Fixing the Desktop Linux Security Model.
Automated Testing
Done:
In development:
Whonix Automated Test Suite WATS Developer Chat
Whonix User Telegram Chat | Whonix User Matrix Chat