Whonix Host Calamares Branding Suggestion

No. That’s not how it works for the most part. A package that gets installed will ship the files as included by the package. There’s no check during build. That is because Whonix is supposed to be upgradeable through apt dist-upgrade. Therefore as little logic as possible happens during the build process as this would be unavailable for already installed systems / VMs.

whonix-xfce-desktop-config is currently installed by default in gateway, workstation, kicksecure. (xfce version)

Package name whonix-xfce-desktop-config is outdated. There’s little Whonix specific about this package. (Except link to Whonix Live documentation.) The part whonix- could be removed from that package name but I am not sure what to replace it with to mean both Whonix and Kicksecure. There’s not much Kicksecure specific too. And dist-xfce-desktop-config is a kinda silly name. Also it causes some work to change package names. Hence I just kept the name as is for now.

Name dist and anondist are not great names anyhow. I am also undecided how much confusion a package with a name including kicksecure causes inside Whonix. For example at the moment kicksecure-base-files isn’t installed in Whonix. It gets replaced by whonix-base-files. Therefore there would be no way to check “this version of Whonix is based on this version of Kicksecure”. But shouldn’t matter for now as there isn’t much Kicksecure outreach for now and versions Whonix / Kicksecure can probably stay the same for a long time.

Yes, please.
Please keep the settings files as minimal as possible.
(Similar to examples in https://github.com/Whonix/whonix-xfce-desktop-config/tree/master/etc/skel/.config/xfce4 .)
Ideally just 1 file per setting and changing only the very setting we want to change.

Whonix-Host ISO Live (to be similar to Tails Live) maybe shouldn’t encourage, make it encouraging to mount the host (internal) drive?

All clear.

Ok, will do.

See here (Whonix-Host files only for now):

I added a modification of thunar.xml which gives the option to delete a file or a directory on right mouse click (instead of only having the option of ‘Move to Trash’) . It was default behavior on xfce4 until debian 10.

Maybe for gw and ws only one of them could be changed to differentiate between the two?

We could only change desktop background of workstation for now for example…

Would something as simple as this be OK?

321017×769 11.7 KB

current thunar settings file: security-misc/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml at master · Kicksecure/security-misc · GitHub

diff / your proposed additions:

  <property name="last-view" type="string" value="ThunarIconView"/>
  <property name="last-location-bar" type="string" value="ThunarLocationEntry"/>
  <property name="last-icon-view-zoom-level" type="string" value="THUNAR_ZOOM_LEVEL_100_PERCENT"/>
  <property name="misc-single-click" type="bool" value="false"/>
  <property name="misc-show-delete-action" type="bool" value="true"/>

Could you please send a pull request against security-misc/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml at master · Kicksecure/security-misc · GitHub

I guess then only line <property name="misc-show-delete-action" type="bool" value="true"/> is needed to be added.

Otherwise could you please explain the rationale for the other changes?

Possible.

However, getting rid of the XFCE logo background would be good anyhow since we’re not really a fashion focused XFCE distribution.

Yes. Considered improvement.

Yes, only this line is needed. Rest is noise.
Pull request:

How, do you like this for whonix-gw? (not meant to be beautiful. just easier to differentiate between gw and ws, and possibly Whonix-Host)

351022×768 12.1 KB

Great. Template here:

Good enough.

Template xml file:

google:

site:debian.org "/usr/share/backgrounds/"

default (therefore only on the host):
https://github.com/Whonix/whonix-xfce-desktop-config/blob/master/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml

gateway:
anon-gw-base-files/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml.anondist at master · Whonix/anon-gw-base-files · GitHub

workstation:
anon-ws-base-files/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml.anondist at master · Whonix/anon-ws-base-files · GitHub

I am not sure yet if that will actually work. Two sources of issues:

• mistake in config file by me
• XFCE does not like symlinks
• copying over the symlink from /etc/skel to /home/user goes wrong

I.e.

ls -la ~/.config/xfce4/xfconf/xfce-perchannel-xml

lrwxrwxrwx 1 user3 user3 26 Mar 21 14:58 xfce4-desktop.xml → xfce4-desktop.xml.anondist

It’s copied from skel to user home as a file. Not as a symlink. Therefore that’s functional.

Having used Whonix-Host for more than a few hours lately, I must say that the grayish background is extremely ugly and depressing. It’s almost as we picked up the ugliest color by design, it’s so ugly I have the feeling I am running the default X session without a desktop environment.

561026×764 18.6 KB

Could we consider changing that to a more “joyful” color? Anything but this would do. We can also “mix” colors" to have horizontal or vertical gradients.

A few suggestions (“vertical gradient”, also with transparent top panel):
Just suggestions, there are literally millions of available combinations. I figured that blueish-dark colors are better for the eye than too bright ones

1.

481022×772 20.5 KB

2.

491022×766 19.8 KB

3.

501022×766 19.6 KB

4 (this one is with “horizontal gradient”)

551019×767 21.2 KB

Agreed. When I choose this, it really was only to make sure to have Whonix-Host differ from Whonix-Gateway differ from Whonix-Workstation. Did this as quickly as possible.

Yeah. By all means.

Could you edit https://github.com/Whonix/whonix-xfce-desktop-config/blob/master/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml please?

Which one? I guess since you’re the main inventor of Whonix-Host it should be choose. The three prposals all look good to me.

Makes sense.

Btw I also appreciate the changed taskbar color as the new sdwdate-gui icons (these and these) are gray and not looking good / are not well visible with a black taskbar. This also goes for both, Whonix-Host and Whonix VMs.

Great, I took the first one, see https://github.com/Whonix/whonix-xfce-desktop-config/pull/7

Btw don’t we want desktop icons on Whonix-Host also? Or was there a reason for not displaying them? Great for direct access to /home/ and disk devices, I guess also expected by most users (see how everybody got mad when Gnome 3 dropped desktop icons support).

For this we need to edit the panel bar for transparency. But would need to know if we move it on top first:

If a good way to implement these can be found…

Awesome. Merged.

The reason for no longer shipping default desktop icons:
Hard to technically implement without these breaking in future.
Broken desktop icons resulted in “i wiped my system because desktop icon was dysfunctional which was evidence for compromise”.

Problem with desktop icons is that these need to reside in user home folder. Example:
/home/user/Desktop/file-name.desktop
[1] Dev/About Debian Packaging - Kicksecure

Due to these issues these were removed to not spend any more time on it. Really complex for something as simple as desktop icons.

The previous implementation was using symlinks. The files resides in /usr/share somewhere while folder /home/user/Desktop contained symlinks to these files. (As a best compromise with [1].) Maybe would have been easier to manage/update desktop icons by directly installing these into /home/user/Desktop.

But then it’s still a question for to combine this in future with Multiple Boot Modes for Better Security - an Implementation of Untrusted Root with user , user secureadmin and user superadmin.

Yes. Many great use cases.

Yes, I also didn’t like that.

Yes I see, but here I see no reason for breaking, as we would ony for enable the following icons:

  <property name="desktop-icons" type="empty">>
    <property name="file-icons" type="empty">
      <property name="show-home" type="bool" value="false"/>
      <property name="show-filesystem" type="bool" value="false"/>
      <property name="show-trash" type="bool" value="false"/>
      <property name="show-removable" type="bool" value="false"/>

Like this:

571024×766 34.4 KB

That sounds good! It’s a different implementation indeed. Please go for it.

Done.

Merged.

Changed to #status_open_issue_rebuild_test_required.

(For forum tag discussion please see abolishing Whonix phabricator issue tracker, moving issue tracking to forums, migrating phabricator.whonix.org to forums.whonix.org .)

Overlooked Update thunar.xml by onions-knight · Pull Request #71 · Kicksecure/security-misc · GitHub - finally merged.