Whonix for arm64 / Raspberry Pi (RPi)

HulaHoop:

Last thing: I found a guide with all the exact steps to do what I was looking for. Please take a look and tell me if these steps can be automated:

Ubuntu 14.04 arm64 Port QEMU Configuration · GitHub
https://archive.is/bBlzB (archived link)

Doesn’t create bootable raw images.

grml-debootstrap or package compiling is easy when doing same architecture builds but crossbuilds and crosscompiling are where things get complicated.

Cross builds are missing features in grml-debootstrap or
image-bootstrap. Post feature requests against both projects. Or add
these features to these projects. We cannot [also no need] invent this here.

FYI: For now, no stuff requires being compiled.

OK so these are limitations of the tools we are using not about how to use them.

FYI: For now, no stuff requires being compiled.

Yes I know just another example.

Why not pursue as suggested in post 14 here Whonix for arm64 / Raspberry Pi ( RPi ) - duplicate forum topic - #14 ?

(The DEBOOTSTRAP=‘qemu-debootstrap’ plus --arch and plus --kernel way.)

debootstrap’s inability to automatically prepare the kernel is a deliberate design choice and not a missing feature:

http://mikelev.in/2010/07/debootstrap-howto-debian-qemu/

The qemu-debootstrap wrapper calls debootstrap(8) making use of the --foreign and --second-stage options, and copies the appropriate qemu-user-static(1) binary into place in order to install cross-architecture chroots. In order for it to work seamlessly, the binfmt-support package must be installed.

https://manned.org/qemu-debootstrap

https://manned.org/debootstrap.8

grml-debootstrap is a wrapper suite around debootstrap (and cdebootstrap) for installing a plain Debian system and creating virtual images easily.

https://grml.org/grml-debootstrap/

So? grml-debootstrap will keep care of all of that. It does not stop you
from doing what was suggested in post 14.

I added the alternative architecture in the conf file.

When I combine the instructions like this it doesn’t work:

sudo ./whonix_build --flavor whonix-gateway – --build --target qcow2 DEBOOTSTRAP=‘qemu-debootstrap’ --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64

My current solution is to run:

sudo ./whonix_build --flavor whonix-gateway – --build --target qcow2 --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64 --debopt download-only

then apply qemu-debootstrap

Likely won’t work because the script will put the files non installed in the vm image.

The problem is how to combine the commands in a non-conflicting way.

Maybe:

sudo ./whonix_build --flavor whonix-gateway – --build --target qcow2 --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64 --allow-untagged true --allow-uncommitted true --debopt qemu-debootstrap

• stage mount_target
• ‘[’ -n ‘’ ‘]’
• grep -q done /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw/mount_target
• mount_target
• ‘[’ -n ‘’ ‘]’
• grep -q /dev/mapper/loop1p1 /proc/mounts
• ‘[’ -d /mnt/debootstrap.9080 ‘]’
• ‘[’ -n 1 ‘]’
• einfo ‘Mounting /dev/mapper/loop1p1 to /mnt/debootstrap.9080’
• einfon ‘Mounting /dev/mapper/loop1p1 to /mnt/debootstrap.9080\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Mounting /dev/mapper/loop1p1 to /mnt/debootstrap.9080\n’

• Mounting /dev/mapper/loop1p1 to /mnt/debootstrap.9080

• LAST_E_CMD=einfon
• return 0
• return 0
• mkdir -p /mnt/debootstrap.9080
• mount -o rw,suid,dev /dev/mapper/loop1p1 /mnt/debootstrap.9080
• eend 0
• local retval=0
• shift
• ‘[’ 0 -gt 0 ‘]’
• return 0
• ‘[’ -n ‘’ ‘]’
• stage mount_target done
• ‘[’ -n done ‘]’
• echo done
• return 0
• rm -f /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw/mount_target
• for i in prepare_vm mkfs tunefs mount_target debootstrap_system preparechroot execute_pre_scripts chrootscript execute_scripts umount_chroot finalize_vm fscktool
• stage debootstrap_system
• ‘[’ -n ‘’ ‘]’
• grep -q done /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw/debootstrap_system
• debootstrap_system
• ‘[’ ‘’ ‘]’
• grep -q /mnt/debootstrap.9080 /proc/mounts
• :
• ‘[’ -n ‘’ ‘]’
• einfo ‘Running debootstrap qemu-debootstrap --verbose for release jessie (arm64) using debian:/ 2015-06-10 10:40:57 - snapshot.debian.org’
• einfon ‘Running debootstrap qemu-debootstrap --verbose for release jessie (arm64) using http://snapshot.debian.org/archive/debian/20150610T104057Z/\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Running debootstrap qemu-debootstrap --verbose for release jessie (arm64) using http://snapshot.debian.org/archive/debian/20150610T104057Z/\n’

• Running debootstrap qemu-debootstrap --verbose for release jessie (arm64) using debian:/ 2015-06-10 10:40:57 - snapshot.debian.org

• LAST_E_CMD=einfon
• return 0
• return 0
• einfo ‘Executing: debootstrap --arch arm64 qemu-debootstrap --verbose jessie /mnt/debootstrap.9080 debian:/ 2015-06-10 10:40:57 - snapshot.debian.org’
• einfon ‘Executing: debootstrap --arch arm64 qemu-debootstrap --verbose jessie /mnt/debootstrap.9080 http://snapshot.debian.org/archive/debian/20150610T104057Z/\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Executing: debootstrap --arch arm64 qemu-debootstrap --verbose jessie /mnt/debootstrap.9080 http://snapshot.debian.org/archive/debian/20150610T104057Z/\n’

• Executing: debootstrap --arch arm64 qemu-debootstrap --verbose jessie /mnt/debootstrap.9080 debian:/ 2015-06-10 10:40:57 - snapshot.debian.org

• LAST_E_CMD=einfon
• return 0
• return 0
• debootstrap --arch arm64 qemu-debootstrap --verbose jessie /mnt/debootstrap.9080 debian:/ 2015-06-10 10:40:57 - snapshot.debian.org
• RC=127
• ‘[’ 127 -ne 0 ‘]’
• ‘[’ -r /mnt/debootstrap.9080/debootstrap/debootstrap.log ‘]’
• eend 127
• local retval=127
• shift
• ‘[’ 127 -gt 0 ‘]’
• printf ’ → Failed (rc=127)\n’
  → Failed (rc=127)
• return 127
• bailout 2 debootstrap_system
• cleanup
• ‘[’ -n ‘’ ‘]’
• ‘[’ -n /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw ‘]’
• einfo ‘Removing /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw’
• einfon ‘Removing /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Removing /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw\n’

• Removing /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw

• LAST_E_CMD=einfon
• return 0
• return 0
• rmdir /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw
• eend 0
• local retval=0
• shift
• ‘[’ 0 -gt 0 ‘]’
• return 0
• echo /mnt/debootstrap.9080
• grep -q ‘/mnt/debootstrap.’
• rmdir /mnt/debootstrap.9080
• ‘[’ -n /mnt/debootstrap.9080 ‘]’
• grep -q /mnt/debootstrap.9080 /proc/mounts
• for service in ssh mdadm
• ‘[’ -x /mnt/debootstrap.9080/etc/init.d/ssh ‘]’
• for service in ssh mdadm
• ‘[’ -x /mnt/debootstrap.9080/etc/init.d/mdadm ‘]’
• ‘[’ -x /mnt/debootstrap.9080/bin/umount ‘]’
• for ARG in /sys /proc /proc /dev /dev
• ‘[’ -x /mnt/debootstrap.9080/bin/umount ‘]’
• umount /mnt/debootstrap.9080//sys
• for ARG in /sys /proc /proc /dev /dev
• ‘[’ -x /mnt/debootstrap.9080/bin/umount ‘]’
• umount /mnt/debootstrap.9080//proc
• for ARG in /sys /proc /proc /dev /dev
• ‘[’ -x /mnt/debootstrap.9080/bin/umount ‘]’
• umount /mnt/debootstrap.9080//proc
• for ARG in /sys /proc /proc /dev /dev
• ‘[’ -x /mnt/debootstrap.9080/bin/umount ‘]’
• umount /mnt/debootstrap.9080//dev
• for ARG in /sys /proc /proc /dev /dev
• ‘[’ -x /mnt/debootstrap.9080/bin/umount ‘]’
• umount /mnt/debootstrap.9080//dev
• ‘[’ -n ‘’ ‘]’
• ‘[’ -n ‘’ ‘]’
• einfo ‘Unmounting /mnt/debootstrap.9080’
• einfon ‘Unmounting /mnt/debootstrap.9080\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Unmounting /mnt/debootstrap.9080\n’

• Unmounting /mnt/debootstrap.9080

• LAST_E_CMD=einfon
• return 0
• return 0
• umount /mnt/debootstrap.9080
• eend 0
• local retval=0
• shift
• ‘[’ 0 -gt 0 ‘]’
• return 0
• ‘[’ -n /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw ‘]’
• echo -n 'Removing stages directory /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw: ’
  Removing stages directory /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw: + rm -rf /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw
• echo done
  done
• echo /mnt/debootstrap.9080
• grep -q ‘/mnt/debootstrap.’
• einfo ‘Removing directory /mnt/debootstrap.9080’
• einfon ‘Removing directory /mnt/debootstrap.9080\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Removing directory /mnt/debootstrap.9080\n’

• Removing directory /mnt/debootstrap.9080

• LAST_E_CMD=einfon
• return 0
• return 0
• rmdir /mnt/debootstrap.9080
• eend 0
• local retval=0
• shift
• ‘[’ 0 -gt 0 ‘]’
• return 0
• ‘[’ -n /home/user/whonix_binary/Whonix-Gateway-12.0.0.0.3.raw ‘]’
• einfo ‘Removing loopback mount of file /home/user/whonix_binary/Whonix-Gateway-12.0.0.0.3.raw.’
• einfon ‘Removing loopback mount of file /home/user/whonix_binary/Whonix-Gateway-12.0.0.0.3.raw.\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Removing loopback mount of file /home/user/whonix_binary/Whonix-Gateway-12.0.0.0.3.raw.\n’

• Removing loopback mount of file /home/user/whonix_binary/Whonix-Gateway-12.0.0.0.3.raw.

• LAST_E_CMD=einfon
• return 0
• return 0
• kpartx -d /home/user/whonix_binary/Whonix-Gateway-12.0.0.0.3.raw
  loop deleted : /dev/loop1
• eend 0
• local retval=0
• shift
• ‘[’ 0 -gt 0 ‘]’
• return 0
• ‘[’ -n 2 ‘]’
• EXIT=2
• ‘[’ -n debootstrap_system ‘]’
• einfo ‘Notice: remove /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw/debootstrap_system to reexecute the stage’
• einfon ‘Notice: remove /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw/debootstrap_system to reexecute the stage\n’
• ‘[’ ‘’ ‘!=’ yes ‘]’
• ‘[’ einfon = ebegin ‘]’
• printf ’ * Notice: remove /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw/debootstrap_system to reexecute the stage\n’

• Notice: remove /var/cache/grml-debootstrap/stages_Whonix-Gateway-12.0.0.0.3.raw/debootstrap_system to reexecute the stage

• LAST_E_CMD=einfon
• return 0
• return 0
• exit 2
  ++ retry_last_failed_bash_command_exit_code=2
  ++ true
  ++ ‘[’ 2 = 0 ‘]’
  ++ true ‘INFO: Retry failed. exit code of last_failed_bash_command: 2 ’
  ++ last_failed_exit_code=2
  ++ last_failed_bash_command=’$DEBOOTSTRAP_PREFIX bash -x “$whonix_build_grml_bin” --debopt “$whonix_build_debopt” --arch “$BUILD_TARGET_ARCH” --filesystem “$whonix_build_file_system” --force --hostname “$whonix_build_hostname” --password “$whonix_build_os_password” --release “$whonix_build_apt_stable_release” --keep_src_list --verbose --vmfile --vmsize “$VMSIZE” --packages “$WHONIX_SOURCE_FOLDER/grml_packages” --target “$binary_image_raw” --mirror “$whonix_build_apt_sources_mirror”’
  ++ ‘[’ ‘!’ ‘’ = ‘’ ‘]’
  ++ true ‘INFO: Skipping whonix_build_dispatch_after_retry (–retry-after), because empty, ok.’
  ++ ‘[’ 2 = 0 ‘]’
  ++ errorhandlerprocessshared ‘NONE_(called_by_errorhandlerretry)’
  ++ last_script=././build-steps.d/1300_create-raw-image
  ++ trap_signal_type_previous=ERR
  ++ ‘[’ ERR = ‘’ ‘]’
  ++ trap_signal_type_last=‘NONE_(called_by_errorhandlerretry)’
  ++ whonix_build_error_counter=2
  +++ benchmarktimeend 1451328074
  ++++ date +%s
  +++ benchmarktimeend=1451328128
  +++ benchmark_took_seconds=54
  ++++ convertsecs 54
  ++++ local h m s
  ++++ (( h=54/3600 ))
  ++++ true
  ++++ (( m=(54%3600)/60 ))
  ++++ true
  ++++ (( s=54%60 ))
  ++++ printf ‘%02d:%02d:%02d\n’ 0 0 54
  +++ echo 00:00:54
  ++ benchmark_took_time=00:00:54
  ++ processbacktracefunction
  ++ true ‘INFO: BEGIN: processbacktracefunction’
  ++ ‘[’ -o xtrace ‘]’
  ++ set +x
  ++ true ‘INFO: END : processbacktracefunction’
  ++ functiontracefunction
  ++ true ‘INFO: BEGIN: functiontracefunction’
  ++ ‘[’ -o xtrace ‘]’
  ++ set +x
  ++ true ‘INFO: END : functiontracefunction’
  ++ true ’
  ############################################################
  ERROR in ././build-steps.d/1300_create-raw-image detected!
  anon_dist_build_version: 12.0.0.0.3
  (whonix_build_error_counter: 2)
  (benchmark: 00:00:54)
  trap_signal_type_previous: ERR
  trap_signal_type_last : NONE_(called_by_errorhandlerretry)
  process_backtrace_result:
  1: : /sbin/init
  2: : /usr/bin/konsole
  3: : /bin/bash
  4: : sudo ./whonix_build --flavor whonix-gateway – --build --target qcow2 --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64 --allow-untagged true --allow-uncommitted true --debopt qemu-debootstrap
  5: : /bin/bash ./whonix_build --flavor whonix-gateway – --build --target qcow2 --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64 --allow-untagged true --allow-uncommitted true --debopt qemu-debootstrap
  6: : /bin/bash ./help-steps/whonix_build_one --flavor whonix-gateway --build --target qcow2 --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64 --allow-untagged true --allow-uncommitted true --debopt qemu-debootstrap
  7: : /bin/bash ././build-steps.d/1300_create-raw-image
  function_trace_result:
  main (line number: 152)
  main (line number: 141)
  create-debian-raw-image (line number: 109)
  errorhandlergeneral (line number: 311)
  errorhandlerprocessshared (line number: 209)
  errorhandlerretry (line number: 144)
  errorhandlerprocessshared (line number: 159)
  errorhandlerprocessshared (line number: 159)
  errorhandlergeneral (line number: 311)
  create-debian-raw-image (line number: 109)
  main (line number: 141)
  main (line number: 152)
  last_failed_bash_command: $DEBOOTSTRAP_PREFIX bash -x “$whonix_build_grml_bin” --debopt “$whonix_build_debopt” --arch “$BUILD_TARGET_ARCH” --filesystem “$whonix_build_file_system” --force --hostname “$whonix_build_hostname” --password “$whonix_build_os_password” --release “$whonix_build_apt_stable_release” --keep_src_list --verbose --vmfile --vmsize “$VMSIZE” --packages “$WHONIX_SOURCE_FOLDER/grml_packages” --target “$binary_image_raw” --mirror “$whonix_build_apt_sources_mirror”
  last_failed_exit_code: 2
  ERROR in ././build-steps.d/1300_create-raw-image detected!
  ############################################################
  ’
  ++ ‘[’ ‘NONE_(called_by_errorhandlerretry)’ = INT ‘]’
  ++ ‘[’ ‘NONE_(called_by_errorhandlerretry)’ = TERM ‘]’
  ++ ‘[’ ‘NONE_(called_by_errorhandlerretry)’ = ERR ‘]’
  ++ ‘[’ ‘NONE_(called_by_errorhandlerretry)’ = ‘NONE_(called_by_errorhandlerretry)’ ‘]’
  ++ true ‘INFO: trap_signal_type_last: NONE_(called_by_errorhandlerretry), considering auto retry…’
  ++ ‘[’ ‘!’ 1 = 0 ‘]’
  ++ ‘[’ 2 = ‘’ ‘]’
  ++ ‘[’ -n 1 ‘]’
  ++ ‘[’ -n 5 ‘]’
  ++ local first
  ++ read -r first _
  ++ ‘[’ ‘$DEBOOTSTRAP_PREFIX’ = error_ ‘]’
  ++ ‘[’ 2 -gt 1 ‘]’
  ++ true 'INFO: Auto retried (–retry-max) already 1 times. No more auto retry. ’
  ++ unset whonix_build_auto_retry_counter
  ++ ignore_error=false
  ++ answer=
  ++ ‘[’ ‘NONE_(called_by_errorhandlerretry)’ = ERR ‘]’
  ++ ‘[’ ‘NONE_(called_by_errorhandlerretry)’ = ‘NONE_(called_by_errorhandlerretry)’ ‘]’
  ++ true 'INFO: whonix_build_non_interactive: ’
  ++ ‘[’ ‘’ = true ‘]’
  ++ ‘[’ -t 0 ‘]’
  ++ true ‘INFO: stdin connected to terminal, using interactive error handler.’
  ++ true 'ERROR in ././build-steps.d/1300_create-raw-image detected!
  Please have a look above (the block within ###…), note the command that failed, last_failed_exit_code and its output (further above).

• Please enter c and press enter to ignore the error and continue building. (Recommended against!)
• Please press r and enter to retry.
• Please press s and enter to open an chroot interactive shell.
• Please press enter to cleanup and exit.’
  ++ read -p 'Answer? ’ answer
  Answer?

HulaHoop:

sudo ./whonix_build --flavor whonix-gateway – --build --target qcow2 DEBOOTSTRAP=‘qemu-debootstrap’ --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64

You cannot set environment variables in the middle of the command line.
Generally.

sudo DEBOOTSTRAP='qemu-debootstrap' ./whonix_build --flavor whonix-gateway -- --build --target qcow2 --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64

Build failed for cryptic reasons…

I am done testing but IIRC the failure happened at the virtual image creation stage. ARM installs need a special partitioning scheme for the install.

So this requires fixing grml-debootstrap and/or image-bootstrap first.

I just want to drop in to tell you both that I GREATLY appreciate this effort. Hopefully a useable build can come to fruition.

At the present moment, is it possible to at least use qemu to build a working Whonix Gateway containing some binary blobs / precompiled headers etc? I may be willing to run a mostly-transparent build if this is the case. What is the status in this regard?

Good day,

QEMU has been unsupported for quite some time now, as it’s far to slow to be useable.

Have a nice day,

Ego

Just the project I was looking for: Armbian is a cross-compiling toolchain project that runs on x86 hardware and generates Debian images for ARM boards:

GitHub - armbian/build: Armbian Linux Build Framework

How to build my own image?
Preparation
…
virtual box or similar virtualization software, (highly recommended)

What is virtualization software required for?

Does it work?

The hypervisor is just a recommended dependency to create a self contained build environment. It also assumes that people could be running non Linux hosts that cannot run the toolchain.

I have not tested it yet.

Resurrecting this old thread …
I gave it a try and running the scripts in build-steps.d/ with some minor modifications + some rpi firmware stuff gave a bootable image for the rpi 3 which connected to the tor network.
A problem is in the 1300 script with grml-debootstrap. It will always try to install grub-pc and fail since the package is not available for arm64. Is it somehow possible to disable the whonix build script error handler for this specific error or to just automatically continue? Cross debootstrapping works otherwise.
Running the image is still sort of slow/buggy, maybe because of kde/gui or other reasons.
Is there some kind of list of essential packages for a non-gui gateway?
Running 1300 alone takes 1:15 h which I’d like to cut down.

Dev/git - Kicksecure

Feel free to experiment with removing grub-pc from https://github.com/Whonix/Whonix/blob/master/grml_packages.

I would love if the grml_packages file would not be required. Would be much better if that could just be a normal variable.

https://github.com/Whonix/Whonix/blob/master/build-steps.d/1300_create-raw-image#L107-L111

Seems like a bug or missing feature in grml-debootstrap. Feel free to work on that with upstream so we could make it easier to not hardcode that file / content in Whonix for easy arm support without need to modify a file beforehand.

grml_packages should already be as minimal as possible without confusing grml-debootstrap. By removing grub-pc without replacement the image may or may not boot. Perhaps there is a package tailored for arm? See list: Debian -- Details of source package grub2 in buster

Feel free to experiment with GitHub - grml/grml-debootstrap: wrapper around debootstrap / Debian -- Package Search Results -- grml-debootstrap for creating bootable Debian images. Whonix is automating the use of grml-debootstrap in https://github.com/Whonix/Whonix/blob/master/build-steps.d/1300_create-raw-image. So mastering grml-debootstrap is a good exercise for porting Whonix.

There is variable last_failed_bash_command in https://github.com/Whonix/Whonix/blob/master/help-steps/pre. In function errorhandlerprocessshared we could check a to be introduced variable with a whitelist of commands (maybe just the first word of the variable) which are ignored to fail or something like that.

But that may not work for this specific case since this error is deep inside grml-debootstrap which is from Whonix build script perspective just a single command.

anon-meta-packages/debian/control at master · Whonix/anon-meta-packages · GitHub is modular.

whonix-gateway-packages-dependencies should do. Untested.
Related: Other Desktop Environments - Whonix

I am not satisfied with https://github.com/Whonix/Whonix/blob/master/build-steps.d/1700_install-packages. I would like to get rid of the -pre packages. Maybe that workaround is no longer required anyhow. Maybe Whonix’s build script should be ported from chroot to systemd-nspawn anyhow which may allow to get rid of the -pre packages.

Due to…

https://github.com/Whonix/Whonix/blob/master/build-steps.d/1700_install-packages#L354-L360

Btw I don’t like that hardcoded there. 1700_install-packages is currently not modular enough / easily configurable enough.

What could be set…

whonix_build_script_skip_package_install="non-qubes-whonix-gateway"

The following should also work.

whonix_build_script_skip_package_install="non-qubes-whonix-gateway non-qubes-whonix-workstation"

But while 1700_install-packages has a feature “skip to install this package” there is a missing feature “do install this package”.

So for a quick test just try to hardcode it by replacing
pkg-install-maybe non-qubes-whonix-gateway with
pkg-install-maybe whonix-gateway-packages-dependencies

Let me know if I addressed everything.

Removing grub-pc from grml-packages won’t help since installing the package is hardcoded in /usr/sbin/grml-debootstrap. It will always be installed when building a VM image. A workaround might be to install in a directory and create the image afterwards so the following build scripts would still work. the rpi needs some other filesystem layout anyways. I’d probably create a new flavor like whonix-gateway-rpi which only creates a minimal system + maybe packages for wifi support. Another issue is the lacking rtc so timesync will always fail and I had to set the date manually. I’m also not sure what to do with eth0. Currently the IP is hardcoded and won’t be of any use. Either use dhcp or leave the network configuration to the user.
Is there maybe some way in the 1200 step to only build packages required for the specific flavor?