Whonix on Mac M1 (ARM) - User Support (still unsupported at time of writing)

(It’s not /user/. It really is /usr/.)

Where you get this from? Installing a package from the binary repository and building from source code are very different things. Not to be mixed up.

If you build from source code you won’t be needing any additional packages from the repository.

Certainly don’t use buster. This shouldn’t be necessary. This might actually mess up things here.

Best to mention which instructions you’re following from where by sharing the link when asking.

Sorry first one was a typo, i meant (/usr/

and for the rest its a copy and paste from noelnoel post in august 21 last year in this forum.
it was the only thing that i found that worked. And i know he did this on a older version of whonix that was build on buster. But there as no step by step guides to build it on Bullseye correctly on UTM.

And i am using Debian 11.2 Bullseye NOT buster when i build this from source.

and for why i used the buster repo, well it was because it was the only thing that worked.
When i try to download tb-updater tb-starter tb-default-browser, it will just say

Note, selecting ‘dummy-dependency’ instead of ‘tb-updater’

and so on for all 3 download. When i try to run update-torbrowser

bash: update-torbrowser: command not found

So when i do build the source code from Bullseye, tor browser does not work.
I cannot open it because i get.

Be careful if x-www-browser (/user/libexec/open-link-confirmation/open-link-confirmation) is already running as your activities might get linked.
Do you want to open x-www-browser (/user/libexec/open-link-confimation/open-link-confirmation)?

And everytime i press yes. It loops and i cannot open the web browser. So i tried my best to make it work with what information i had. And it worked. But i understood something was off so i had to ask here in the forums on what i have done wrong so i can make it work correctly.

I don’t know what the user was doing there but it makes no sense. The Whonix repository can be enabled using --repo true. Can be appended to the whonix_build command. And should be documented.

Don’t do it and if you do, don’t post here about it. Too confusing.

It’s supposedly installed by default for --flavor whonix-workstation-xfce in Whonix-Workstation.

If it’s not, please don’t try any workarounds but post the build commands and build log instead.

First of all i want to thank you so much that you take your time to help me with this.
And i want to apologies if i did make things more confusing for people here. That was not my intention.

Now to clarify what i am building on. Again i am using Debian 11.2 Bullseye with all dependencies installed as prescribed in the build guide. As mention on the Apple silicon guide for QEMU it was recommended to use the git master repository to build on. So the gir clone command i used is:

git clone --depth=1 --jobs=4 --recurse-submodules --shallow-submodules https://gitlab.com/whonix/Whonix.git

Now for the Build command i used. I used the allow untagged true so that i could build on the master repo as prescribed in the apple silicon qemu guide. Then i added as you said repo true.

So the command for workstation and gateway is:

sudo ./whonix_build --target utm --flavor whonix-workstation-xfce --build --arch arm64 --allow-untagged true --repo true
sudo ./whonix_build --target utm --flavor whonix-gateway-xfce --build --arch arm64 --allow-untagged true --repo true

after setting up both gateway and workstation. I still get the same warning and problems on the workstation when i try to open the webbrowser:

Be careful if x-www-browser (/user/libexec/open-link-confirmation/open-link-confirmation) is already running as your activities might get linked.
Do you want to open x-www-browser (/user/libexec/open-link-confimation/open-link-confirmation)?

I try to press yes, and it wont let me continue and the message loops. I try to use the update-torbrowser command on terminal and get:

bash: update-torbrowser: command not found

The only difference now is that i have access to the right apt-repo so that i can download tb-updater tb-starter tb-default-browser without adding any new apt repositories. But after i have installed these and try to use the update-torbrowser command. i get this:

QUESTION: Download now?
INFO: Tor Browser language variable TB_LANG was not yet set. Therefore defaulting TB_LANG to ‘en-US’, ok.
INFO: Because you are not using --nokilltb, now killing potentially still running instances of Tor Browser…
firefox.real: no process found
INFO: Digital signature (GPG) download… Will take a moment…
INFO: Downloading…: Tor Browser Ports - Browse Files at SourceForge.net
INFO: CURL_OUT_FILE: /home/user/.cache/tb/files/tor-browser-linux-arm64-11.0.3_en-US.tar.xz.asc
ERROR: Failed to download: Tor Browser Ports - Browse Files at SourceForge.net
Possible reasons:
-The download server is down.
-File size exceeded (endless data attack triggered).
-Tor Browser Downloader (by Whonix developers) has been broken due to upstream changes.
-Try again later. If the error persists it probably won’t solve itself before the next update.
-Check News: Follow Whonix Developments
-Manually update: Tor Browser: Manual Download
(Debugging information: curl_status_message: [22] - [HTTP page not retrieved. The requested url was not found or returned another error with the HTTP error code being 400 or above. This return code only appears if -f, --fail is used.])

This is as far as i have gotten. And i cannot get the browser to work. I am new to this so not sure what part of the build log you would need? if you need any.


Don’t. That is horribly outdated. Now updated in wiki.

It probably means the tb-updater / tb-starter package isn’t installed. Check

dpkg -l | grep tb-updater

Share the build log of the build it is not installed. → Pasting Logs for Support

The major issue is that this is even needed. Should be installed by default. Please share the build log.

Now this is going to be a separate issue. That file does not exist indeed.

The issue was mentioned here:

And there is no solution that any user could use to fix tb-updater functionality.

Anyway. I highly recommend to fix the other issue of tb-updater not being installed by default as this point at a broken/incomplete image build which would result in many more strange issues.

Tor Browser ARM64 download issues using tb-updater, see:

Wiki updated.

sequential next steps:

  1. The user must make sure that their builds is fixed. tb-updater should be installed by default and there should be no other broken/incomplete build issues. This cannot be skipped
  2. Only then start looking into other Tor Browser issues.

As for other Tor Browser issues:

  1. only if there are no issues with the image build and tb-updater / tb-starter being installed by default
  2. please read Tor Browser Manual Update
  3. instructions Tor Browser: Manual Download are currently only for Tor Browser on the Intel / AMD64 platform

Until the issue ARM64 Tor Browser - #8 by Patrick is fixed, users can only manually install Tor Browser from:

There are currently no instructions for Tor Browser ARM64 manual download, verification, extraction. Help welcome.

So when i used the dpkg -l | grep tb-updater command nothing showed up. I double checked by just running dpkg -l and found nothing of tb-updater.

Here is the full build log i have when i created the workstation


Would a more correct build command for UTM be this?

sudo ./whonix_build --target utm --flavor whonix-gateway-xfce --build --arch arm64 --repo true
sudo ./whonix_build --target utm --flavor whonix-workstation-xfce --build --arch arm64 --tb open --repo true

Also i think you have a typo on the new mac guide for apple silicon. Under workstation you used gateway commands and on gateway you used workstation command.

And i will look into Tor browser documentation for manual downloads. Thank you for all the links i have so that i can read into it.

If you need the log for gateway as well then i will send it if necessary.

There is no UTM until a developer invents it and properly adds it to the build script and wiki.

Referring to forum posts for this kind of things is just horrible.

This is now fixed by unduplicating the build instructions.

For now not needed.

Thank you. Issue is here:

The following additional packages will be installed

Somehow dummy-dependency is installed instead of tb-updater. That’s a bug. An arm64 porting issue.

Background information, to learn about that package:

apt-cache show dummy-dependency

So some dependency cannot be fulfilled and therefore dummy-dependency is installed instead which then prevents tb-updater being installed.

More related background information:

Next step:

sudo apt purge dummy-dependency

Basically we need to find out which dependency is preventing tb-updater being installed. Please try to be creative with the following commands. And then post the output here when you find something interesting such as the reason why this is happening.

sudo apt purge dummy-dependency
sudo apt-get install tb-updater tb-starter tb-default-browser

Another attempt…

sudo apt purge dummy-dependency
mkdir --parents ~/temp-delete
cd ~/temp-delete
apt download tb-updater tb-starter tb-default-browser
sudo apt install ./*.deb

I was able to run the below command on

Does this mean that the utm target is only available in the developer versions, or did someone add it and it got by your watchful eye? :slightly_smiling_face:

To make this as correct as possible i have decided to build the project with .raw format instead of the .utm format after you strongly discourage me to use the --target utm command. Again when i am building whonix i am using a clean Debian 11.2 install with all dependencies installed. I use the same git clone as i used last time:

git clone --depth=1 --jobs=4 --recurse-submodules --shallow-submodules https://gitlab.com/whonix/Whonix.git

git commit is: 32a7314cdf582c5fa663aab3f93b1796c55d14b3
if that is necessary information.

Build command for Gateway is:

sudo ./whonix_build --target raw --flavor whonix-gateway-xfce --build --arch arm64 --repo true

With this build log: https://anonpaste.org/?4bc0a823b5163576#Fj5hsGu9We2oRXDwEoPn5JCM95xaUBzn9RBFR5Ka32Sr

Build command for Workstation is:

sudo ./whonix_build --target raw --flavor whonix-workstation-xfce --build --arch arm64 --tb open --repo true

With this build log: https://anonpaste.org/?68cece4fc52d24dc#A78467Wythajdgg1njuoE6QrchXUYoCyYHW7utiCEFYh

When i got the file locally to my mac i imported the raw file to UTM. And setting up UTM with all the setting from qemu setup. Idk if i need to write that up here. But i made the gateway and workstation work.
apart from mouse and keyboard setting the only commands i have used on these two vms is.


sudo passwd root
sudo passwd user
sudo apt install spice-vdagent spice-webdavd
sudo shutdown now


sudo passwd root
sudo passwd user
sudo apt install spice-vdagent spice-webdavd davfs2
sudo shutdown now

Now for part 2 of the problems. The dummy-dependency/update-torbrowser problem. Well i can confirm that even on this build update-torbrowser does not work like last time. And when i try to open up the webbrowser i get the same problem and wont open. When i run the command dpkg -l | grep tb-updater nothing comes up. And did go trough dpkg -l and no tb-updater / tb-starter package is not installed.

Just to do some debugging i made a clone of the clean install for each of the example you came up with.

So did all of the command here as you said and here is what i got: https://anonpaste.org/?36b7c34b49df005e#8DYdumfRzGkpWPRL5wZWXdHYSNmGxZuZ8auiW4gETNBW

On this attempt i got this: https://anonpaste.org/?63d2a0b1cbc7c9fa#137Q6q2pPqBUsY93gMiHaZN8hCSbyCuD5z9PwrH7T9Pc

Well i might have misunderstood you and did something wrong again. But i do appreciate the help. Still no Torbrowser working. I will read up on how to install the Arm64 Tor browser and other documentation you have postet here so i am more up to date on how everything is configured.

Yeah the --target UTM works… but apperently its wrong. Anyways i do not get the Tor browser to work on it.

Well maybe GavinPacini the contributer from summer for this project might have added UTM support? I have not seen his commit yet on github. But who knows, maybe i am wrong again.

Broken links.

There is no strict rule to add all pastes to a paste website. For smaller things, this can certainly be posted to the forums directly. Appreciated when using quotation or code tag.

Only the full build log does not fit into the forums due to size restrictions.

If nobody is here who understands the UTM that was contributed to the source code, knows the state of what is done, what is missing, can make it good enough then that for all practical purposes means for users “there is no UTM support”.

As for these changes:
MacOS: Difference between revisions - Whonix

Please add some more changes…

The --repo true has to be suggested with care. It depends on the perspective of the one running instructions.

  • View point “I really want to build from source code as much as possible and avoid binary repositories”: Those building from source code get offended if the binary Whonix repository gets unexpected enabled.
  • View point: “I just want UTM because there is no downloadable image and otherwise as simple as possible” then --repo true is OK.

It’s confusing anyhow to have the “main” build documentation and then separate build instructions for UTM on a different page. If MacOS page mentions utm then at minimum it also needs to be mentioned on Whonix ™ VM Build Documentation.

Previously network configuration was changed on the wiki. This was then not reflected in the utm config files. What about this change MacOS: Difference between revisions - Whonix

Sorry about that, i edited the post with new links now and remembered to uncheck burn after read.
Link should work now on the same post.

For me personally i want to have a UTM build that work as correctly as possible. Meaning it should work from just building it from source and it works. But as of this moment the web browser does not work so i need to repo to do some debugging and troubleshooting. The reason for be being so persistent with UTM and not just using qemu is that UTM is way more accesible and easier to use than qemu. Parallels and vmware are closed source and does not meet what i seek to use for whonix and qemu is to complex for everyday use. Thats why i want to do my best to make it work correctly on UTM so its not just accessed by me but many more.

Also is there a way too update the UTM config file? Or make a guide so that UTM can be used for building this project?

1 Like

I have removed --repo true from the edit. I will look at the build documentation and see what I can change. I think the only change is the --target utm and for M1 --arch arm64.

The utm files generated for me by --target utm had the updated command before the edit was posted in this thread earlier.

I am confused. Are you saying that the change to networking on the wiki was the edit you linked to? If not, where in the wiki do I look?

1 Like

MacOS: Difference between revisions - Whonix was a wiki edit by someone who only did that wiki edit and isn’t around anymore apparently. It was an edit of the qemu command line parameters which were previously part of the wiki.

The edit MacOS: Difference between revisions - Whonix to the qemu command line in the wiki is not part of the utm files. The wiki was previously edited but the utm files have not been updated with the same change.

Posts where I include links often probably only make sense when visiting the link.

Does that answer your question?

Probably makes a lot sense. Copying super long qemu commands is really bad usability.

For sure. Original files were contributed earlier. Can be edited / please send a pull request.

This depends all on contributions.

Will check.

ERROR: Failed to download: Tor Browser Ports - Browse Files at SourceForge.net

Btw this is expected. The file does not exist. Nobody providing it. This is issue: ARM64 Tor Browser - #8 by Patrick

As for why not all packages are installed and why dummy-dependency is installed after build (it should not be), I don’t know yet.

More to try.

sudo apt purge dummy-dependency
sudo apt-get install tb-updater tb-starter tb-default-browser
sudo apt purge dummy-dependency
sudo apt-get install tb-updater tb-starter tb-default-browser electrum
sudo apt-get install tb-updater tb-starter tb-default-browser electrum monero-gui
sudo apt-get install non-qubes-whonix-workstation-xfce
sudo apt-get install non-qubes-whonix-workstation-cli
sudo apt-get install uwt
sudo apt-get install bindp
sudo apt-get install kloak
sudo apt-get install tirdad

More background information:

Now I think I am onto something, what might be happening. Some architecture specific package (list in above link) isn’t available for arm64. This results in the dummy-dependency package being pulled as dependency instead. That however then prevents other “optional dependencies” from getting pulled as dependency.

I looked at the settings in utm for the workstation, and it does have the corrected QEMU setting in it from that edit. I built from

Also, the plist for workstation that you linked to seems to have been updated as well? This is why I was confused.

If I am missing something, let me know. I will get it eventually. :slightly_smiling_face: