Whonix Linux Installer - Development Discussion

The installer can now switch back and forth from distribution packages to virtualbox.org packages.

This is being tested on CI.

1 Like

New installer uploaded.

1 Like

About RPM Fusion, I don’t think it has more issues with secure boot than with Oracle Repo, I believe they have the same issues.
About trusting RPM Fusion, it is a third party repo, not from Fedora, not from Oracle, but an alternative.

Is there a preference to use RPM Fusion over Oracle for Fedora?

I haven’t found any arguments why RPM Fusion is better / more trustworthy than Oracle Repo (virtualbox.org repos).

As for SecureBoot support I am pretty sure that Oracle has worked on that. But also Fedora might have added signing of kernel modules nowadays similar to how Debian (since bookworm) and Ubuntu fixed this issue.

Many changes today.

zsh autocompletion does not work yet after the rename. [1]

Maybe zsh autocompletion cache needs to be rebuild.

Is there some command that should be run during Debian maintainer postinst script?

[1] Kicksecure ™ Linux Installer - Design Documentation chapter Naming in Kicksecure wiki

I don’t think it is because the name has changed, but because the shell did not load the new completion with the new script.

When installer bash-completion, the shell also has to be reloaded.

I dont know but rehash from the provided answer might be the best solution, but still, it doesn’t load new completions.

1 Like
  • After installing package “some-cmd”, hash -r makes the command name completable, but its parameter completions are still missing, despite being added together with the (brew/deb/apk/…) package. The only way I can make it happen is to exit the shell and start a new session.


Dec 3, 2021 at 9:18

  • @conny Indeed neither bash nor zsh detects newly added command completions on the fly. You can run exec zsh (or exec bash as applicable) to completely reload the shell configuration, but keep the terminal and environment. Exactly what this does to your history (keep recent entries in the same order, or merge in the history from other terminals) depends on the shell configuration.
1 Like

I don’t think exec bash or zsh should be done by the script because if the user $SHELL is Zsh but he is currently using Bash, this causes problem for the script to detect the current shell in use.

I run these commands manually after such changes.

1 Like

Pushed small fixes to both completions and a typo in the script.

1 Like

All of this is possible. About uninstallation support…

This is easy for KVM and VirtualBox

Isn’t it better to simply recommend manual steps for this case?

It is possible to be done on the script, we already remove VMs when reimporting them, but uninstallation is not something I see much around this forum. It will add some number of lines but I feel it won’t be used at all, as it is far easier for the user to open virtualbox, right click, remove, confirm than reading the help message or man page and having to run this:

dist-installer-cli --uninstall-vm --guest --interface cli \
  --delete-only gateway

While if I allow this kind of option:

dist-installer-cli --uninstall-vm whonix-gateway-xfce

Then it would need to be repeated:

dist-installer-cli --uninstall-vm whonix-gateway-xfce
dist-installer-cli --uninstall-vm whonix-workstation-xfce
dist-installer-cli --uninstall-vm whonix-gateway-cli
dist-installer-cli --uninstall-vm whonix-workstation-cli
dist-installer-cli --uninstall-vm kicksecure-xfce
dist-installer-cli --uninstall-vm kicksecure-cli

And this would break the logic of using

--interface cli|xfce
--guest whonix|kicksecure
--(delete|import)-only gateway|workstation
1 Like

header package name auto detection: try linux-headers-generic first, then fall back to linux-headers-amd64, then fall back to linux-headers-$(uname -r)

% apt-cache search --names-only --quiet "^linux-headers-generic$"
linux-headers-amd64 - Header files for Linux amd64 configuration (meta-package)
1 Like

Should not be run by installer-dist-cli. That’s for sure. Does not belong there. Package desktop-config-dist or dist-base-files might be suitable. It could even be argued that it is a missing feature/bug in zsh upstream or in the zsh Debian package. To run such commands but that is more of a general issue and belongs to:

Merged, thanks!

Sure. It’s documented here:

(And can be elaborated if needed.)

Uninstallation isn’t a crucial feature as there’s no demand for it now. Can be revisited later if ever needed.

The added code complexity might indeed make this unjustified.

This is an old idea. Nowadays the way you implemented it such differences such as in package names you defined by operating system specific names (such as Ubuntu vs Debian). Now the correct header package names are already hardcoded. Therefore the header package name auto detection feature doesn’t seem important anymore. Can be moved to rejected features.

Package name looks correct.

Good enough for a generic virtualizer instruction.

1 Like

Awesome job you guys. I wanted to share someone’s implementation of a KVM import script I found that may be helpful to you when working out support for that hypervisor:

1 Like

KVM virtual machine image download support is already supported by the installer.

Other KVM support for KVM import etc. is not planned to be implemented by me. KVM support would need to be added by the maintainer of Whonix KVM, which is only you.

This is because if KVM support isn’t added by the maintainer, the KVM specific commands (import, re-import, network setup) done by the installer versus manual import will always be clouded in mystery what the installer actually does versus what not. That is, if there is an issue with KVM, the installer would always be the first suspect as the source of issues.

It might be the installer’s fault or it might not be. But that investigation should be done by the KVM maintainer. And any changes required for the installer, should also be be done by the KVM maintainer.

Especially with multiple operating system support KVM maintenance seems difficult by looking at the KVM sub forums. For example: Unsupported qcow2 feature extended L2 entries

If I added KVM support, it would be almost the same as taking over KVM maintenance, which is too much.

In other words, by adding KVM support to Whonix Linux Installer, you would be effectively “out of the game” for KVM maintenance.

Major Changes in git:

  • The installer got support for Debian unstable (sid).
  • Debian testing (trixie) support was fixed by installing VirtualBox from Debian unstable (sid) repository.
  • Error out when attempting to use --oracle-repo on Debian testing (trixie) / unstable (sid) because Oracle does not provide such a repository.
  • Use adduser instead of useradd on Debian.
  • Fix launch VirtualBox Manager (GUI). (Do not only start the VMs.)
  • Try to start VMs before trying to start VirtualBox Manager because if it fails, it is less confusing to avoid starting VirtualBox Manager
  • view VirtualBox dkmks make.log on Debian if installation of VirtualBox failed
  • if using --dev and if enabling Kicksecure repository, use Kicksecure developers repository instead of Kicksecure stable repository if Kicksecure repository is needed
  • No longer use mirror by default. Use direct downloads.