The following packages are also needed for “Whonix-Host” (and probably also Kicksecure?):
x11-xserver-utils "If x11-xserver-utils is not installed nothing happens after clicking on an option in the xfce logout dialogue. If logout is clicked again the message: Failed to log out. Session manager must be in idle state when requesting a shutdown comes up. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902137
→ btw seems to be already installed by default on Whonix-Gateway/Workstation (at least the versions I have here)
gvfs " GVfs is a userspace virtual filesystem implementation for GIO (a library available in GLib). GVfs comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. GVfs also contains modules for GIO that implement volume monitors and persistent metadata storage. There is also FUSE support that provides limited access to the GVfs filesystems for applications not using GIO." https://wiki.gnome.org/Projects/gvfs
→ btw seems to be already installed by default on Whonix-Gateway/Workstation (at least the versions I have here)
Related, Whonix Host and Kicksecure need the proper host network configuration needs the proper packages and configuration files: Kicksecure Network Configuration
After some manual modifications (see above), I successfully built a 15.0.0.9-developpers-only ISO that successfully installed a “Whonix-Host” KVM virtual machine…
At first glance I have the impression that since my last tries (end of summer) there are a lot of “regressions” in terms of default desktop support (missing packages such as x11-xserver-utils, gvfs, pavucontrol… and other ones?), is it on purpose?
Next step: I will try a new build 15.0.0.9.3-developers-only and do a more in-depth report.
The following packages are also needed for “Whonix-Host” (and probably also Kicksecure?):
x11-xserver-utils "If x11-xserver-utils is not installed nothing happens after clicking on an option in the xfce logout dialogue. If logout is clicked again the message: Failed to log out. Session manager must be in idle state when requesting a shutdown comes up. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902137
gvfs " GVfs is a userspace virtual filesystem implementation for GIO (a library available in GLib). GVfs comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. GVfs also contains modules for GIO that implement volume monitors and persistent metadata storage. There is also FUSE support that provides limited access to the GVfs filesystems for applications not using GIO." Projects/gvfs - GNOME Wiki!
→ btw seems to be already installed by default on Whonix-Gateway/Workstation (at least the versions I have here)
Booting the ISO works, however it ends at the lightdm login page (no auto-login or no live user creation). I guess it’s because you removed live-config package.
Installing live-config and reburning the ISO solved the problem, as expected.
I don’t understand for what reasons exactly. I don’t know how make it work without it.
No, there shouldn’t be a user user! It had been removed on purpose back then, for various reasons, the most important being that during Calamares install it is being copied over to the newly installed system. Very bad.
And yes you’re right, user user seems to be created again during the Whonix-Host build, but it shouldn’t be that way. It was removed a long time ago.
The good thing about live-config and user-setup is that it takes care of the live-user creation at boot time and its behavior is very easily customizable via simple kernel boot flags
User user creation, sudo, su, groups got rather complex. Full story:
It’s hard to have live-config create the live user and at the same time have security-misc installed. That’s where the build breaking bug “no user is a member of group sudo” bug came from.
Can we configure calamares to:
skip copying files from live iso home user to installed system
skip calamares user creation (leave that to anon-base-files)
?
Otherwise anon-base-files, user user creation, security-misc permission hardening, VMs, live user, VM user gets a hard to resolve labyrinth.
Calamares being quite customizable I guess we could, but unless we remove its account completely, user user won’t go away after the installation.
We could probably also skip calamares user creation, but then what is the purpose of an installer if no user can be created during installation?
Coming back from a long break I had no idea of the changes made that rendered the creation of a user user a prerequisite for security-misc. It seems very complex and unusual to me to have a user user already set up at this stage. Would be much cleaner and easier if we could revert back to the no user installed scenario (which is how all debian-base live distros behave by default as far as I know, regardless of the installer type):
no user user → live-boot with live-user → creation of a final user account is done during installation as expected (Calamares)
