Whonix Images Quick Rebuild


ID: 974
PHID: PHID-TASK-qala7z422pioxk4ddsdn
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal


Idea that needs to be thought through.

Sane to rebuild the same Whonix version git tag? Just re-build and re-upload?


  • an easy, doable way to create “fresher” official Whonix stable downloads

This would be updated in the rebuild images:

  • updated packages from packages.debian.org
  • updated Tor from deb.torproject.org
    • this will be automatically the case
  • updated Tor Browser
    • user/developer that rebuilds needs to set tbb_version which is already supported by package tb-updater
    • just need to make sure that environment variable is passed from the build script to the update-torbrowser script

This would not be updated in the rebuild images:

The following things would not be done:

  • call for testers
  • write release announcement
  • update version numbers

…which would safe a lot maintenance work.


  • There would be multiple official ova / iso versions of Whonix stored by different people. Same version number but different hashes and different software versions (packages.debian.org, deb.torproject.org, Tor Browser) but same Whonix software versions.
  • Somewhat nontransparent.


  • gpg signature verification. Since creation of gpg signatures (and sanity tests) are automated users can always verify gpg signatures.
  • upgrading from deb.whonix.org