I saw that a new update came out with the git tag 16.0.5.5-developers-only and tried to build from that. But that failed as well. So i cannot build the project anymore on apple silicon based macs now. At least not on the newer tags.
https://notes.anonpaste.org/?4e872afd54ff5a3c#4MyQ3ZxChCQTHWKyy5aUxn7JoamwKQu1MDQBQveJ8wYr
Yeah. That’s currently broken due to refactoring. This is the issue:
This forum thread has been moved just now to the newly created Unsupported Platforms - Whonix Forum category. The direct link to this forum post remains the same.
Moderation changes:
Old:
This forum thread was used as a mixed development discussion and user support discussion.
New:
It will now become a user support only discussion.
This forum thread can still be used by users for asking questions, support (although there will probably no helpful answers as long as this is unmaintained), testing, expressing their interest and so forth.
To simplify potential future development discussion, a separate, development-only forum thread has been created just now:
Whonix on Mac M1 (ARM) - Development Discussion
This is a small change only. No worries. Future forum posts will be moved around accordingly should these end up in the wrong place.
As of the update with git tag 16.0.5.5-developers-only there is some refactoring problems. As far as i understood this. Its means the script fails to build when certain part of the script should be run as user and other as root. Seems like the recommended part to do is to make the script run without sudo privileges. And when the script runs as root/sudo it will run that inside the script. Annoying part is that it will ask for pass everytime you get to a point where you should run as sudo. But could be easy solved by having a deb image only for building whonix so we can have sudo passwordless (well could be one way to solve it).
Anyways it seems like i cannot build anything unless a solution for this is solved. Also as i have understood it we will do all our talk about mac m1 on this forum post? what do we need to do to make mac m1 supported now? and how can i help moving forward on this project? apart from me finding bugs or problems when building.
The current stable tag 16.0.5.3 might be broken for arm64 builds because there’s no maintainer that before that tag was released kept testing Whonix builds and there’s currently no CI either that would have automatically reported the broken build.
If it’s just about Tor Browser download breaking the build, then --tb open or --tb none might fix it.
A maintainer basically needs constant brain cycles on the component, being diligent. For example, now it might make sense to add --tb none to the build parameter documentation but for the next stable tag when all of this is likely resolved, then there needs to be a reminder and action to remove that build parameter.
The refactoring issues will for sure be resolved in the next stable tag. Meanwhile, yeah, there’s a chance that builds are broken and unfixable by users. That’s what it means there’s no maintainer / unsupported.
No worries, it’s not going to be a huge usability mess. Password will only be required once and then cached using sudo’s existing mechanisms. Small documentation change. Not a big deal. Refactoring is progressing nicely.
As a non-developer you cannot.
It needs a maintainer, someone keeping brain cycles on the component, being diligent, contribution solutions, research, source code.
Thanks for asking. You could keep doing what you’re already doing.
When there’s a new testers-only or stable tag you could try another build.
Well stable git tag 16.0.5.3-stable works with --tb open
https://notes.anonpaste.org/?645c36d43f83325c#7ktTE1DW5Eoi5JTZQ5VxZ9JCDMNHeYq5osddMVFDtNmC
Just need to manually download and install tor-browser on this one like before.
So when you can get version where i can build the project without the --tb open
Then i can test that out and build it again.
As of this moment i have just finished my bachelor degree as a computer engineer with security and networking as my specialty. That being said i am still pretty new to all of this and still searching for work. But i hope that one day i will get to a level where i can confidently help out on this project. I think its one of the better ways to surf the tor-web and is technically very interesting. I just need to really get into how the build script work, how everything is setup and be able to provide with you something useful. But for the moment i will try to build the project when newer tags comes inn. Also for those who ask explain to them how i build it.
Oh damn I’ve been trying to make a build for awhile now for the mac M1 and couldn’t make it work, I would just get errors in the build. Would sharing the UTM file be possible?
Not trivial. Software fork + project name change + hosting elsewhere required as per Whonix ™ Binary Images Policy.
Ooo they can call it Xinohw, Whonix backwards and upload to Google drive haha but I’m sure there would be more steps, understandable policy though. I guess I can always revert back to windows for now until an easier solution comes.
For those of us just starting to get Whonix working with UTM can we expand on this a little bit? I ran into the key-related installation failures for Tor Browser and had to get it manually from Sourceforge.
This leads me to a question I’m having trouble finding a clear answer for, as well: How do we verify we aren’t creating a Tor-over-Tor situation by manually installing this way?
In addition, at appears that we can’t get a “normal” Whonix configuration by manually installing, and might also break further isolation features if we prevent Tor-over-Tor with a configuration change.
If someone can help me clarify and sort this out that would be much appreciated. I know I’m not quite asking these questions clearly, am under the weather at the moment. Tor Browser does work, but it sounds like our manual method might cause other issues. I’d like to mitigate those if possible.
ETA: I did confirm just now that I do not see any circuits displayed for Tor Browser site tabs in Whonix even though I manually installed it (I haven’t changed any relevant config details, either). So I’m not sure what state it is presently in. I think going into a little more detail here would be helpful for myself and others who experiment with UTM + Whonix.
Hi! These links don’t work. Can you share new links please?
Or maybe anybody else can send latest gz files for UTM?
Can’t help with that, but here are a few things related to rolling your own:
It’s not too difficult to build. When installing Debian on UTM though if you run into issues with the installation process failing (I can’t quote the errors I was getting at the moment, only the solution, so YMMV if your errors are different), try just picking the GNOME choice for the Debian desktop when you use the installer. That got me and some others around an installation roadblock. Also make sure that you are giving 30+ GB to the installation. It might choke on less.
As for the Whonix instructions for Apple Silicon, I found it necessary to ignore this line at the bottom of the “1. Environment Setup” section, as it seems superfluous: “Double click the Bullseye utm file to import it.” There is no utm file to import at that point in the process.
Otherwise the process went surprisingly smoothly. Do also note that it might be necessary to understand better what’s going on with the Tor Browser installation because while a tool is provided for that within the workstation, it hasn’t worked for some of us and this could be related to how we did the build (didn’t change any configuration steps; I believe I had found a discussion of this on another forum thread, but can’t dig that up just now) and / or issues with signing key(s). But this can be worked around by getting Tor Browser by user holind from Tor Browser Ports on Sourceforge; go to the Files tab and find the 11.5.1 folder (current), then scroll until you find the arm64 builds. (Sorry, I can’t post links or I would have.)
As with my above separate question, I am not 100% sure of what the implications of this manual installation method are for Tor Browser. I can only report that it does seemingly work. So again, YMMV.
And, apologies for any potential errors above, as I am still learning.
May you upload the video how you built your own whonix step-by-step?
Build instructions
Relevant information:
Note: For simplicity this instruction is based on current stable version (16.0.5.3). See link about stable release for any newer releases (if may be)
Step 1: Download Debian arm64 image
Step 2: Load Debian image into UTM
Step 3: (Inside Debian image @ UTM) - run following commands:
git clone --depth=1 --branch 16.0.5.3-stable --jobs=4 --recurse-submodules --shallow-submodules GitHub - derivative-maker/derivative-maker: https://www.kicksecure.com/wiki/Imprint
cd derivative-maker
git fetch
git verify-tag 16.0.5.3-stable
git verify-commit 16.0.5.3-stable^{commit}
git --no-pager tag
git checkout --recurse-submodules 16.0.5.3-stable
git describe
git status
(see this link for appropriate PGP verification of source
sudo ./derivative-maker --target utm --flavor whonix-gateway-xfce --build --arch arm64 --tb open
sudo ./derivative-maker --target utm --flavor whonix-workstation-xfce --build --arch arm64 --tb open
Step 4:
Done, build of Whonix ™ has been completed. Move build files from ~/derivative_binary/16.0.5.3/ to local computer and load into UTM
Note: I just got a build error during first run of derivative-maker. The process continued with success after hitting (r) for retry. No idea why I had a road bump during compilation.
Edit: If you are experiencing issues with Tor browser, see previous post from Goldeneye128.
Is sudo apt upgrade process unnecessary?
So i have been trying to make the newest build of 16.0.6.8-developers-only too build on Mac M1. But have gotten myself into some problems. I have followed the https://forums.whonix.org/t/derivative-maker-automated-ci-builder/14468 thread and made sudo passwordless by adding /etc/sudoers.d/passwordless as explained in the thread. But got into some problems.
Building the gateway worked fine:
https://notes.anonpaste.org/?b65818cc9d69c9ed#9MzGBcqaLq9JaaxYMqvZbSDEpsz5gCQXvcssezPMxCb9
Used the command
$ ./derivative-maker --target utm --flavor whonix-gateway-xfce --build --arch arm64
But Building the workstation did not go so well:
https://notes.anonpaste.org/?7707cae5cebe5bc1#EKSDDMZCQkKEDLtDv97FFyUrSV2aXtybCanRhghY9AKK
I tried both of these commands
$ ./derivative-maker --target utm --flavor whonix-workstation-xfce --build --arch arm64
$ ./derivative-maker --target utm --flavor whonix-workstation-xfce --build --arch arm64 --tb open
From what i can see from the log its:
####################################################################
## BEGIN ERROR in /var/lib/dpkg/info/tb-updater.postinst detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: $tool $chroot_maybe --postinst
## EXIT_CODE: 7
##
## END ERROR in /var/lib/dpkg/info/tb-updater.postinst detected!
## Please report this bug!
####################################################################
That is the problem for why the build fail.
Hope these logs can help you find out about this.
Hopefully there are some contributors out here. I’m a normal user with m1, hoping to use whonix by utm.
However, while I build my image, I get 7~8 errors during the build by debian. I just continue it, since I can’t find what’s wrong.
After I finish it and initialize it at utm, vm skips to initialize booting files and goes on to uefi interactive shell.(maybe it fails to read the file)
After the failure, I even built it by qcow2, because I thought raw is not supported by utm. (but also this seems not to be the reason)
This is my 10th attempt with building this, and it seems hopeless to retry.
Is there any other options that I can use whonix…? Maybe a pre-made tar.gz file…?
I understand this is only for experts, but please give normal users a chance to use whonix… I can’t buy another laptop because of whonix…