[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Whonix host operating system

As per Whonix Live KVM instructions - https://www.whonix.org/wiki/Whonix_Live#KVM_2 - even the grub-live package says:

To increase security, the VM disks can be set to read-only.

grub-live is compatible with virtualizer read-only setting, even recommended.

Does this solve your concern?

This is really good. Could be done using systemd unit file.

Not sure too. whonix-libvirt package also seems wrong since not tied to Whonix only (also hardened debian). Since there is the grub-live and grub-default-live package, it would have to be duplicated or yet another grub-live-shared package would have to be invented. On the other hand, setting disk to read only in virtualizer settings is not generic for any VM but Whonix KVM VMs only so maybe whonix-libvirt is a good place?

1 Like

Oh now I see… didn’t know that. Yes it solves my question.

The grub-live host package would be absoutely ideal. It’s a conditional command that makes sense there.

Unless you plan on making Whonix Desktop support other virtualizers, it doesn’t matter if it’s not generic. It fits within the context of a Linux host and hypervisor IMO.

1 Like

onion_knight via Whonix Forum:

Regarding branding, actually very easy, all files live in /etc/calamares/branding/debian/ (with package calamares-settings-debian installed).

Just need to modify the .png files and the config file accordingly: /etc/calamares/branding/debian/branding.desc

Created https://phabricator.whonix.org/T919 for it.

1 Like

@Patrick Hello, sorry I haven’t contributed much lately, a bit busy period. I will have more time in July. Many thanks for all your feedback, I’ll get back to it when I have some more spare time available.

3 Likes

Sir @onion_knight we need you, Whonix Host needs you, Freedom needs you.

1 Like

@HulaHoop Thanks for your kind message! :slight_smile:
Sorry if you have the feeling that I let you down. I was indeed less involved with the project lately. I want back and I also want this thing to succeed, but I guess that I won’t be able to do it alone due to my limited abilities as a developper.
All right, let me at least catch up with the new topics and try to build anew from scratch a Whonix Host Operating machine, and see where we stand with this project, what works, what doesn’t, and what still needs to be done.

2 Likes

Awesome!

No worries. Your previous contributions were instrumental in moving this project forward! I don’t think we’d have the iso generation code without your original research and implementation and much more. If you can keep up with as you did previously, that would already be a big help!

1 Like

Building 15.0.0.9.0-developers-only (sudo ~/Whonix/whonix_build --build --target iso --flavor whonix-host-xfce --freedom false) fails at 1700_install-packages step:

Depends: security-misc but it is not going to be installed

And then installation of security-misc fails, because:

+ export IFS
+ '[' '!' '' = yes ']'
+ echo '/var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group '\''sudo'\''. Installation aborted.'
/var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group 'sudo'. Installation aborted.
+ echo '/var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:'
/var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:
+ echo ''

I chose to ignore the error and continue the build for the moment.

1 Like

Because of this error dpkg was interrupted and I had to chroot inside the raw file and apt install -f to finish the dpkg process by hand.
Furthermore, the following packages were not properly installed and automatically removed:

kicksecure-cli kicksecure-dependencies-cli kicksecure-xfce
  whonix-host-xfce-kvm-freedom whonix-host-xfce-kvm-nonfreedom

Anyway the resulting disk image is completely broken.

I’ll try it again from scratch once this error has been fixed… Unless someone has a proven method of building Whonix-Host.

1 Like

It’s related to the old discussion on how user user should be created.
( Whonix Desktop Installer with Calamares - field report )

For Non-Qubes-Whonix VM builds user user is created by anon-base-files postinst script.

https://github.com/Whonix/anon-base-files/blob/master/debian/anon-base-files.postinst

For Whonix Host builds this code does not run. This was a result of the discussion how user user (and user groups) should be created.

Nowadays security-misc disabled root login for better security (among a ton of other security hardening).

Since security-misc is also used outside of Whonix, there is a check to not install if there are no users in group sudo. This check is implemented in security-misc preinst.

https://github.com/Whonix/security-misc/blob/master/debian/security-misc.preinst

Meanwhile perhaps remove security-misc from anon-meta-packages debian/control?

https://github.com/Whonix/anon-meta-packages/blob/master/debian/control#L91

In that case (easiest), add to build command

--allow-untagged true --allow-uncommitted true

That should help avoiding issues some sudo/root access issues security-misc can be figured out later.

I think I suggested to avoid live-config so we don’t involve any of its user user creation code.

Whonix Desktop Installer with Calamares - field report

I’ll try to fix the build.

Could you please check package live-config? Maybe it’s mostly about the scripts in /lib/live/config/. What stuff we need?

Perhaps we can get rid of live-config or re-implement the few bits that we do need.

I try to use “standard” anon-base-files for user user and groups creation and dropping live-config. Seems the less complex solution to this issue.

As far as I remember, we need at least a script for user creation during boot, and probably some other small stuff that I don’t remember of yet.

From man live-config:

CUSTOMIZATION
       live-config can be easily customized for downstream projects or local usage.

   Adding new config components
       Downstream projects can put their components into /lib/live/config and do not need to do anything else, the components will be called automatically during boot.

       The components are best put into an own debian package. A sample package containing an example component can be found in /usr/share/doc/live-config/examples.

   Removing existing config components
       It is not really possible to remove components itself in a sane way yet without requiring either to ship a locally modified live-config package  or  using  dpkg-divert.  However,  the  same  can  be
       achieved  by  disabling the respective components through the live-config.nocomponents mechanism, see above. To avoid to always need specifying disabled components through the boot parameter, a con‐
       figuration file should be used, see above.

       The configuration files for the live system itself are best put into an own debian package. A sample package containing an example configuration can be found in /usr/share/doc/live-config/examples.

COMPONENTS
       live-config currently features the following components in /lib/live/config.

       debconf
           allows one to apply arbitrary preseed files placed on the live media or an http/ftp server.

       hostname
           configures /etc/hostname and /etc/hosts.

       user-setup
           adds a live user account.

       sudo
           grants sudo privileges to the live user.

       locales
           configures locales.

       locales-all
           configures locales-all.

       tzdata
           configures /etc/timezone.

       gdm3
           configures autologin in gdm3.

       kdm configures autologin in kdm.

       lightdm
           configures autologin in lightdm.

       lxdm
           configures autologin in lxdm.

       nodm
           configures autologin in nodm.

       slim
           configures autologin in slim.

       xinit
           configures autologin with xinit.

       keyboard-configuration
           configures the keyboard.

       systemd
           configures systemd autologin.

       sysvinit
           configures sysvinit.

       sysv-rc
           configures sysv-rc by disabling listed services.

       login
           disables lastlog.

       apport
           disables apport.

       gnome-panel-data
           disables lock button for the screen.

       gnome-power-manager
           disables hibernation.

       gnome-screensaver
           disables the screensaver locking the screen.

       kaboom
           disables KDE migration wizard (squeeze and newer).

       kde-services
           disables some unwanted KDE services (squeeze and newer).

       policykit
           grant user privilegies through policykit.

       ssl-cert
           regenerating ssl snake-oil certificates.

       anacron
           disables anacron.

       util-linux
           disables util-linux' hwclock.

       login
           disables lastlog.

       xserver-xorg
           configures xserver-xorg.

       broadcom-sta
           configures broadcom-sta WLAN drivers.

       openssh-server
           recreates openssh-server host keys.

       xfce4-panel
           configures xfce4-panel to default settings.

       xscreensaver
           disables the screensaver locking the screen.

       hooks
           allows one to run arbitrary commands from a file placed on the live media or an http/ftp server.

I guess better if re-implemented. A quick search looks like Tails also stopped using live-config.

/usr/lib/whonix-libvirt/install is currently breaking the build on a host system that has VirtualBox installed. During virsh -c qemu:///system net-start "default" it freezes everything.

Maybe it would be better to not do this during build inside chroot? Would be ok too if /usr/lib/whonix-libvirt/install was executed during first boot using a systemd unit file?

Great, would you mind sharing the links? Couldn’t find anything.

Meanwhile I did that and managed to complete the build without errors. Some did get wrong though, as the ISO file kernel panics on boot…

1 Like

“google”

site:tails.boum.org "live-config"

(Search only on domain tails.boum.org for exact string live-config.)

Thanks, will have a look.
My newly built Host VM (.raw file) also kernel panics when booting into live mode:

line 244: can't open '/scripts/live' : No such file or directory
1 Like

this https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831637 ?

Or we don’t have initramfs or dracut installed?

Done.

no, but package live-boot was not installed during the build… After installing it, it works.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]