Whonix KVM 15.0.0.6.6 - Testers' Release

Testers Needed!

Download the Testers-Only version of Whonix for KVM:

Some important changes like transition to a more modern and secure graphics device will need an install from scratch instead of an in-place upgrade using apt.

Notable Changes:

• fix starting pkexec based applications from start menu (such as gdebi, synaptic, gparted)
• Update Tor Browser to version 9.
• Whonix build script now optionally supports installing packages from Whonix remote repository rather than building packages locally
• use sudoedit rather than lxqtsudo editor
• Whonix Networking Implementation Developer Documentation
• usability: replace default sudo lecture
• remove deprecated obfs3 from ACW
• AppArmor Live Mode fixes
• AppArmor enhancements
• more seccomp hardening
• Restrict hardware information to root opt-in
• fix swap - swap file - Whonix-Gateway freezing during apt-get dist-upgrade - encrypted swap-file-creator
• fixed Noscript with Security Slider at Safest permits around 30 sites
• fix keyboard-configuration debconf popup during apt-get dist-upgrade
• fix command-not-found - WARNING:root:could not open file '/etc/apt/sources.list'

Full difference of all changes:

https://github.com/Whonix/Whonix/compare/15.0.0.4.9-developers-only...15.0.0.6.6-developers-only

This release would not have been possible without the generous supporters of Whonix!

Please Donate!

http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/whonix-external-xml-doesnt-exist/8343/4

Fixed documentation.

Why PulseAudio installed in GW?

Not on purpose, I think it’s difficult to separate dependecies involving this package? cc/ @Patrick

Trying out this 15.0.0.6.6 “Testers Release”. In the Whonix-Gateway XML file under sound there is a codec defined as output. When I try using virsh to “define” the Workstation XML file, I receive an error saying the codec ‘output’ is unknown. I removed this codec section from the Workstation XML file and then it worked. Is there supposed to be a different codec?

Under the video section of the Workstation XML file, I notice it is set to virtio. Yet in a previous earlier version of the Workstation XML file it is set to qxl. Is it OK if I switch it again to qxl? This virtio model seems really laggy for my computer.

Also, I notice mention of using a “more modern and secure graphics device”. The Workstation XML file seems to specify the type as spice. This is the same as an older version of Whonix 15 Workstation XML file However, maybe the secure graphics device has nothing to do with the Workstation XML settings? Sorry if I’m misunderstanding.

You must be using a pretty old version of libvirt that doesn’t support speaker without microphone. The codec field is optional so you can carry on.

Do what you have to. This is a sign that the software stack on the host side is outdated.

Spice is needed for the GUI display connection to work. virtio-gpu is the rendering device for guest graphics - different usecases. The serial console device allows a text UI alternative.

Thank you for responding to my questions. My host system is currently Debian Stretch and I have always kept it up to date. Most recent update was within the past week. I am using it because it has five years of support from Debian. I am sorry, but I’m not certain how much more up to date I can bring my host system without moving to Debian Buster. Are you and the Whonix developers preferring Whonix users to have Debian Buster for the host system? I understand Debian Buster is running in the Whonix VM’s, but I didn’t see any recommendation for users to also move their host system to Debian Buster. Maybe I missed seeing that recommendation? I’ll consider moving to Debian Buster if that is preferred. Thank you.

Yes, Debian buster.

Not sure this is documented clearly anywhere yet.

• https://www.whonix.org/wiki/About#Whonix_Version
• https://www.whonix.org/wiki/About#Support_Schedule
• https://www.whonix.org/wiki/Host_Operating_System_Selection

In essence, if Whonix is buster based, you can be assured that we’re using buster (based) ourselves. Hence, that will be the best supported host operating system for Non-Qubes-Whonix users.

Yes we always target stable and not stable-old. You can stay on stable-old, but you would need to handle it yourself because that’s not supported by me.

IN our opinion stable release cycle takes long enough and we wait an eternity for new exciting features to trickle down so delaying that to 5 years is a bit much.

https://github.com/Whonix/anon-meta-packages/commit/f5c97f4dd54094fefd48c8f7537f47b164040e6d

I guess that’s the quicker way of solving the complaint