Whonix Linux Installer - Development Discussion

Instructions on Kicksecure ™ for VirtualBox with Xfce are still too difficult for many non-technical users to follow. A Whonix Linux Installer is required to simplify the process. Here’s the development design plan:

Help with the implementation is welcome!

Automating the installation seems a good first issue as it is literally the place where most users may give up if too difficult.

I read the wiki page and I have some portable functions that can be used by the whonix installer:

• option parsing

• long opts

• short opts

• opt=arg

• range possible arguments for each option

• detect os

• check if program is installed

• handle installing packages

• other utilities that are better read than explained

• colors definition

Just try it and see what fits.

Thanks, used that functions as helpers.

Commits are signed and published to remote git server at installer-dist.

Correct link above, can’t edit above post.
bitbucket.org/uncut-grass/usability-misc/src/installer/usr/bin/installer-dist

https://bitbucket.org/uncut-grass/usability-misc/src/installer/.github/workflows/builds.yml

GitHub action because bitbkucket only allows 50 min a minute while github allows 2000 minutes for free.

Can’t test because my account is flagged so would be nice if other people could.

Check here Actions · nyxnor/usability-misc · GitHub
Done to master branch, Commits · nyxnor/usability-misc · GitHub, commits are signed.

+ '[' '"2204"' -lt 2204 ']'
./usr/bin/installer-dist: line 612: [: "2204": integer expression expected

+ grep -e ://fasttrack.debian.net -e grep ://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion
+ grep -v '#' /etc/apt/sources.list '/etc/apt/sources.list.d/*.list'
grep: /etc/apt/sources.list.d/*.list: No such file or directory
grep: ://5phjdr2nmprmhdhw4fdqfxvpvt363jyoeppewju2oqllec7ymnolieyd.onion: No such file or directory

./usr/bin/installer-dist: line 252: distro_version: unbound variable

I am working on it.

On github CI:

+ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux bookworm/sid"
NAME="Debian GNU/Linux"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Lacks VERSION_ID. Therefore:

+ root_cmd apt-get install --yes virtualbox linux-headers-generic
+ test -z apt-get
+ test '' = 1
+ test -n 1
+ true sucmd_quote
+ su -c '${@}'

Related code:

  if test -n "${sucmd_quote:-}"; then
    true "sucmd_quote"
    # shellcheck disable=SC2016
    ${sucmd} '${@}'
  else
    ${sucmd} "${@}"
  fi

${sucmd} '${@}' I don’t understand. How could that possibly work?

./usr/bin/installer-dist: line 1031: USER: unbound variable

There’s an issue with the error handler.

./usr/bin/installer-dist --non-interactive --dev
installer-dist: [NOTICE]: Current shell: 'bash'
installer-dist: [NOTICE]: Saving Installer user log to: '/home/user/installer-dist-download/logs/80/log.user.txt'.
installer-dist: [NOTICE]: Saving Installer debug log to: '/home/user/installer-dist-download/logs/80/log.debug.txt'.
installer-dist: [NOTICE]: Whonix Xfce for Virtualbox Installer.
installer-dist: [NOTICE]: License agreed by the user by setting non_interactive.
installer-dist: [NOTICE]: Detected system: Kicksecure 16.
installer-dist: [NOTICE]: Detected CPU architecture: x86_64.
installer-dist: [WARN]: Minimum RAM Check: Your systems has a low amount of total RAM: 1116 MB. See:
installer-dist: [WARN]:   https://www.whonix.org/wiki/RAM
installer-dist: [WARN]: Virtualization Support Test: No virtualization flag found.
installer-dist: [WARN]: (The virtualization detection is imperfect and might show a false negative warning.)
installer-dist: [WARN]: See user documentation on how to enable virtualization:
installer-dist: [WARN]:   https://www.whonix.org/wiki/VirtualBox/Troubleshooting#Enable_VT-x_in_BIOS
installer-dist: [WARN]: Nested Virtualization Test: Nested virtualization detected.
- Possibly a user mistake.
- This installer is designed to run on the host operating system.
- This installer is not designed to be run inside virtual machines.
- For more information about nested virtualization see:
  https://www.whonix.org/wiki/Nested_Virtualization
installer-dist: [NOTICE]: Checking if Virtual Machine(s) were already imported.
installer-dist: [NOTICE]: Virtual Machine(s) were imported previously.
installer-dist: [NOTICE]: Starting Virtual Machine(s).
VBoxManage: error: VT-x is not available (VERR_VMX_NO_VMX)
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole
Waiting for VM "Whonix-Gateway-XFCE" to power on...
installer-dist: [NOTICE]: Current script: ./usr/bin/installer-dist
installer-dist: [NOTICE]: Function executed: start_guest
installer-dist: [NOTICE]: Command executed: return 1
installer-dist: [ERROR]: Error detected. Installer aborted.
installer-dist: [ERROR]: No panic. Nothing is broken. Just some rare condition has been hit.
installer-dist: [ERROR]: There is likely a solution for this problem.
installer-dist: [ERROR]: Try again. If this issue is transient (not happening again) it can be safely ignored.
installer-dist: [ERROR]: Please see Whonix News and Whonix User Help Forum.
installer-dist: [ERROR]: If not already reported, please report this bug!

installer-dist: [BUG]: At line: 1047.
 1043
 1044   start_guest(){
 1045     case "${hypervisor}" in
 1046       virtualbox)
* 1047        start_virtualbox
 1048         ;;
 1049       kvm)
 1050         start_kvm
 1051         ;;

installer-dist: [ERROR]: Please include the user log and the debug log in your bug report.
installer-dist: [ERROR]: (For file locations where to find these logs, see above.)

installer-dist: [ERROR]: Exit code: 1.
zsh: exit 1     ./usr/bin/installer-dist --non-interactive --dev

Not line start_virtualbox was the “issue”. That was happening at a higher level. The actual command that failed was the vboxmanage command.
(It failed because virtualization was unavailable on purpose for testing purposes. That’s not the issue.)
Would be nicer if the error handler had shown the vboxmanage command. That is a general error handler issue not specifically about vboxmanage.

That’s a related point. If virtualization detection failed, then vboxmanage start vm issues should not be considered bug. I will work on the latter part but not on the error handler.

vboxmanage start vm issues should not be considered bug: Done.

Whonix ™ Linux Installer for VirtualBox (recommended) was blessed stable a while ago and is now the default download link for Linux.

So far so good, 1 issue:

The download command is non-ideal.

curl --tlsv1.3 --proto "=https" --output whonix-installer-xfce --url https://www.whonix.org/installer-dist

• Too long.
• The quotes for "=https" are required for zsh compatibility → related: Change default shell from bash to zsh by default? - #117 by Patrick
• --tlsv1.3 by itself is unfortunately insufficient to enforce TLS. --tlsv1.3 is useful to prevent TLS version downgrade attacks. But without --proto "=https" the following command would work.

.

curl --tlsv1.3 --max-time 180 --output ~/test.txt http://httpforever.com/

It only fails as it should when using:

curl --tlsv1.3 --proto "=https" --max-time 180 --output ~/test.txt http://httpforever.com/

But I might be mistaken. Curl might enforce the correct protocol “https” based on the url starting with “https://” and disallow “http”.

• Template:Curl Secure - Kicksecure
• Template:Curl Secure - Whonix