That’s an incredible development. Thanks for creating this. It would be a pleasure for me to handle aarch64 KVM Builds. Will you be reachable for any bug troubleshooting in case something breaks down the line?
Thanks for the kind words @HulaHoop, it’s been a lot of fun working on it. Yes, of course please feel free to reach out.
Do you guys have gitter or some other direct messaging platform for quick chats?
The qemu-system-aarch64
command lines for gateway and workstation are crucial to be correct. In theory if wrong could even produce a leak. How have these been generated / figured out?
Where these created / based on using virsh domxml-to-native qemu-argv
? That would be great because then it would be similar to Whonix KVM xml files:
https://github.com/Whonix/whonix-libvirt/tree/master/usr/share/whonix-libvirt/xml
A lot thought on ideal configuration over the years was put into these by @HulaHoop.
No. Development is all in forums.
They have been modelled based on the XML files Whonix currently uses, however I could not map them 1-to-1, there are some differences with QEMU on macOS.
For example, neither bridge nor tap network backends work (at least easily, apparently there are some hacks for it to work), so I had to use user-space socket connections based on QEMU’s SLIRP.
I’m not too aware of what leaks this could create, maybe @HulaHoop knows more?
Okay, thanks!
Alright so some good news I was able to generate some Libvirt configs using the pre-built Debian Openstack images. The results should resemble x86 level of isolation that way. Since only SLIRP is available on Mac, some leaktesting is recommended just in case: Leak Tests
Are we currently getting raw files from the build script? I’m sure KVM can use them too and can even generate snapshots on top of it. However qcow2 would be ideal for compactness and functionality reasons if possible. Take your time. The plan is for one image to be able to support different OSs of the same arch.
Good news.
Any chance to make this work with libvirt?
libvirt supports MacOS but it doesn’t say if that goes for Intel and/or M1 based.
libvirt: Supported host platforms
Reason:
Linux “amd64” (Intel + AMD) KVM libvirt xml files are very established, development goes back to 2012, could be re-used for Linux arm64 KVM libvirt. Ideally there would be no difference or better as little differences as possible for Mac M1 support versus Linux arm64 KVM libvirt. That would be more maintainable / shared code base / easier to read/review than a super long qemu command line which better would be only last resort / stopgap.
Yes, see:
Whonix for macOS: Download and Installation
Contains the whonix_build
command lines which should be currently re-usable as is.
I’ll do some leak testing, thanks for the link. Regarding qcow2, I had some trouble with it breaking the EFI partition required for grub on aarch64. I do want to investigate further, I’m sure it’s possible (I can load other qcow2 files fine on maOS with QEMU). It would also mean we get spice-vdagent on the resulting image which is something we need anyway.
Will add to the todo list, agreed that would be much cleaner than a lengthy QEMU command.
Testing to cross build on Debian buster
amd64
does not work for me yet.
cross building Kicksecure arm64 on Kicksecure amd64
+ chroot /home/user/whonix_binary/15.0.1.7.4/Kicksecure-CLI-15.0.1.7.4.raw_mpoint_os update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.19.0-16-arm64
Found initrd image: /boot/initrd.img-4.19.0-16-arm64
Found linux image: /boot/vmlinuz-4.19.0-16-arm64
Found initrd image: /boot/initrd.img-4.19.0-16-arm64
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
Failed to set up async io, using sync io.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
Failed to set up async io, using sync io.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
Failed to set up async io, using sync io.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
Failed to set up async io, using sync io.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
Failed to set up async io, using sync io.
WARNING: Device /dev/loop7p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/sda5_crypt not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7p2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/root not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop2 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/host-vg/swap_1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop3 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/mapper/loop6p1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop4 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda5 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop6 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop7 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sdb5 not initialized in udev database even after waiting 10000000 microseconds.
Found Debian GNU/Linux 10 (buster) on /dev/mapper/host--vg-root
Seems to hang.
update-grub
seems to look at a lot unrelated host loop devices and getting confused. Perhaps that could be restricted?
Also running sudo chroot /path/to/chroot update-grub
on a amd64
host might not work since the chroot image would be arm64
? Wondering it goes that far at all? How could that be done? Qemu required or avoidable?
Actually not.
done
Related build script enhancements:
- GitHub - Kicksecure/developer-meta-files: Scripts for managing derivative official repositor; debug scripts; developer documentation
- https://github.com/Whonix/Whonix
Added:
- raw image support
- multiple architecture support
https://forums.whonix.org/t/long-wiki-edits-thread/3477/2009
https://github.com/Whonix/Whonix/commit/f5c0a78f30b68ee3c0bca29b72794f2152e7a520
Done?
Included in 15.0.1.7.6
.
--flavor qcow2
/ --flavor raw
might be insufficient. --flavor qcow2
used to imply Linux libvirt
(KVM).
- I could rename
--target
to--format
(image format). - Then
--target
would bevirtualbox
,libvirt
,m1
(target platform).
Depending on what is required and what makes sense. Not sure that is already needed. Let me know what would be useful.
build-steps.d/2376_build_arm64_fs
is currently very slow for me. The update-grub
step takes 40 minutes. Likely this needs to be improved:
mount --bind /dev "${mpoint_os}/dev"
Installing grub inside an image, a chroot is difficult. Most instructions mount the host’s /dev
inside the chroot. Not an immediate security risk but the image chroot has no business in the host’s real /dev
. Best avoided if possible.
/usr/sbin/grml-debootstrap
uses instead:
mount -t devtmpfs udev “${MNTPOINT}”/dev
That might be a faster and more secure solution.
(Variable name change required.)
(Secure as in less likely to mess up something on the host or host disk grub config leaking into the VM.)
I haven’t tried yet if that would successfully build. And even if it did, I cannot test if it would boot.
Great to see some progress on this! Hope there will be a more user friendly guide out in the near future.
I am not an advanced user and tried the guide, but I get stuck on how to build from master. I tried to run git checkout master
but it gives me an error saying that master is not a path. So I ignored that part and built 15.0.1.7.3 stable but it failed building. I did add --arch arm64 --allow-untagged true
at the end of the build command. Is there something really easy I’m missing or should I just wait until this is developed more?
Update: I just used git checkout
and then tried building 15.0.1.7.3-developers-only
workstation. It fails here: https://anonfiles.com/jaYbDev8u4/Screenshot_2021-05-11_at_23.34.38_png
Hey Patrick, could you try with this patch please:
https://github.com/Whonix/Whonix/pull/440
It still builds and runs for me afterwards, but I cannot say if it really solves your issue because I never had your issue anyway. Although, agree it’s cleaner in general.
Thanks for trying this out! You need to either build from a newer tag (e.g. 15.0.1.7.8-developers-only
) or from master
directly. I’d recommend using 15.0.1.7.8-developers-only
. Therefore, run git checkout --recurse-submodules 15.0.1.7.8-developers-only
while inside the repo directory. Note, you might need to run git pull
first.
Please try that and let me know how you get on.
P.S @Patrick, I noticed on the M1 section of the Mac Wiki pages, some of my longer commands are not showing in proper boxes. e.g. Section 3.3 “Run the below command to run the gateway:” is only showing a single line at a time. I’m not the best with this Wiki markdown language, any ideas on how to fix that? I couldn’t spot any difference between my code boxes and others which are expanded. Thanks!
Thanks for the help. I tried it your way and get the following when trying to build the workstation: https://ibb.co/Ydf6pfr
When running git checkout --recurse-submodules 15.0.1.7.8-developers-only
I get HEAD is now at 0745e88
instead of HEAD detached at 15.0.1.7.8-developers-only nothing to commit, working tree clean
Awesome! Will try.
A bug. My best guess, it’s caused by the expand box. I.e. the expand box incompatible with CodeSelect box. Let’s just drop the expand box, not important anyhow?
Can you please post more of the terminal output? The part you sent doesn’t actually show the error, it just shows that it was retried a few times (which the Whonix build script does). Ideally, run the command and redirect to a file. e.g.
sudo ./whonix_build --target raw --flavor whonix-workstation-xfce --build --arch arm64 > whonix_build_output.txt
Then upload whonix_build_output.txt
somewhere for us to view.
Yes, that fixed it, thanks!
I’m making good progress on getting Whonix working with UTM, it’s an open-source QEMU-backed VM host for macOS (and iOS).
This would deliver a much better user experience for people wanting to get Whonix running on Apple Silicon. For many reasons:
- It supports display scaling
- Copy and paste works
- Friendly UI as can be seen below (no need for QEMU commands in the terminal)
It has a very simple XML based config too, so we could actually output this as part of our build script:
And package both the Workstation and Gateway into .utm files which work together. You can see an example of .utm files here: Debian 10.4 (Xfce) | UTM
What do you guys think of this? It would basically mean a similar experience as VirtualBox currently gives Mac Whonix users. It could also be backported for Intel Macs such that we recommend a FOSS version of running Whonix on all Macs.
Tried it again, and this time it failed very early on. Here is a video with the commands and the text output:
https://justpaste.it/5zz55
https://www.youtube.com/watch?v=SJiT3WR_my8
I’m quite busy now and the next few days so I won’t be trying it again soon. It would be great if people could get it to work on UTM! If native ARM support still takes a long time, UTM supports running x86 operating systems on Apple Silicon with emulation (also ARM on Intel Macs with emulation btw)
EDIT: looking at the output I get the impression it’s just a mistake with the commands on my part. Will try it another time again
Thanks for that. Can you please try:
sudo ./whonix_build --target raw --flavor whonix-workstation-xfce --build --arch arm64 --allow-untagged true --allow-uncommitted true > whonix_build_output.txt