Yeah I am using Parallels. I saw the guide of running Debian under QEMU and it seemed too advanced for me, and I did not want to turn off System Integrity Protection.
I know what the issue is now. I enabled NextDNS in my VM and it is blocking Tor. Will fix it and report back.
Hey Patrick, this has actually broken booting for me unfortunately.
I reverted to commit 7390b90c70aa65f00e1e2b8cf390de5802ab1a86 and was able to get a successful boot to the XFCE desktop again.
It still fails after disabling NextDNS. This is the output by running script -c "sudo ./whonix_build --target raw --flavor whonix-workstation-xfce --build --arch arm64 --allow-untagged true --allow-uncommitted true" ./whonix_build_output.txt
https://justpaste.it/3qsy3
Hm, what happens when you just run tor in your terminal?
Could you try that, and then in another terminal run:
curl --socks5 localhost:9050 --socks5-hostname localhost:9050 -s https://check.torproject.org/ | cat | grep -m 1 Congratulations | xargs
You should see:
Congratulations. This browser is configured to use Tor.
Yeah I get that output:
parallels@debian-gnu-linux-10:~$ tor
May 15 21:38:54.175 [notice] Tor 0.4.5.7 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc.
May 15 21:38:54.175 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 15 21:38:54.175 [notice] Read configuration file "/etc/tor/torrc".
May 15 21:38:54.176 [notice] Opening Socks listener on 127.0.0.1:9050
May 15 21:38:54.176 [warn] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running?
May 15 21:38:54.176 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
May 15 21:38:54.176 [err] Reading config failed--see warnings above.
parallels@debian-gnu-linux-10:~$ curl --socks5 localhost:9050 --socks5-hostname localhost:9050 -s https://check.torproject.org/ | cat | grep -m 1 Congratulations | xargs
Congratulations. This browser is configured to use Tor.
parallels@debian-gnu-linux-10:~$
Iām giving up for now. Might try another time.
It seems there is a tor service already running. Maybe thatās also confusing the build script?
Either way, thanks for trying! Weāll have a much more user friendly solution soon.
Reverted https://github.com/Whonix/Whonix/commit/eb0f7e942ef4bd76e32de56b8596d87f536bde4a
Included in 15.0.1.8.1-developers-only.
Hope that unbroke it?
A firewall blocking connections to localhost IP 127.0.0.1 port 3142? Try:
curl http://127.0.0.1:3142
Expected output:
Some html. Otherwise a firewall is faulty.
Is there any way to get these patches of yours to work against the latest stable instead of master? If so, how would I go about that?
Too much to explain, document, complicated. Creating a support mess (more and more documentation, options, but taking away time from next stable version). Also too early for that.
Whonix usually doesnāt backport features in favor scarcely available development time for getting goals implemented for the next stable version of Whonix.
Is it likely these changes will make it into next stable?
Very likely the source code changes will be kept. Stable binary download release of Mac M1 / ARM cannot be predirected.
So I did try building it again, starting with a whole new Debian VM. The Workstation built, but the Gateway failed. I selected the text from the terminal starting a bit before the first error occured:
https://justpaste.it/5brx5
I have the two .raw files in my filesystem. Both are exactly 107.4 gb it says.
https://deb.torproject.org/torproject.org/dists/buster/main/binary-arm64/Packages / Why and how I can enable Tor Package Repository in Debian? | Tor Project | Support seems broken. It has
Package: tor-geoipdb
Version: 0.4.5.8-1~d10.buster+1
Depends: tor (>= 0.4.5.8-1~d10.buster+1)
but only
Package: tor
Version: 0.4.5.7-1~d10.buster+1
background: Tor integration in Whonix Development Notes
Thanks Patrick. Is there a way to fix this? Or will this prevent a Whonix port to M1 until the tor project fixes this?
Please help.
Tried to install the packages thorugh the page you linked and that is indeed the error.
Just sent them an email. Will let you know if they respond.
Also another question: if I would get this running with qemu on my M1 Mac (still have to wait until they fix a bug in the qemu patches so I can install them), can I just update to new Whonix versions when they are released like normal? Or do I have to rebuild for ARM every time if I want to update?
I guess e-mail workāt work. Needs a ticket at https://gitlab.torproject.org.
Hard to predict. The goal is usual updates being functional. I.e. no rebuild required.
The good thing is that https://deb.torproject.org / Why and how I can enable Tor Package Repository in Debian? | Tor Project | Support supports arm64.
Otherwise would be messy. Reason to reconsider Tor integration in Whonix Development Notes for Debian bullseye based Whonix 15.
Thanks Patrick. I tried to open a ticket on gitlab but you need an account which they have to approve, so I am waiting now for them to allow my account or get a response to my email. If people want to have it fixed faster and have already done this earlier they should open a ticket on gitlab
EDIT: just opened a ticket on gitlab: Can not install tor-geoipdb because it depends on an unreleased version of the tor package (#40436) Ā· Issues Ā· The Tor Project / Applications / Tor Browser Ā· GitLab
EDIT: They responded and it should be fixed now
So they just released a fix for the qemu patches and I managed to get something going. The gateway launched, but gave an error the second time that the greater onion service was not running. (Though now it seems to be fine). The workstation did not launch with the listed qemu commands, it gives:
qemu-system-aarch64: -netdev socket,id=internal,listen=:8010: can't bind ip=0.0.0.0 to socket: Address already in use
Anyone an idea how to solve this?
Iām happy that I have the gateway running though!
@GavinPacini how is it going with the UTM implementation? Let me know if I can help with something (I am a beginner though). UTM might have an additional security benefit as well as it uses the solid MacOS sanbox. Donāt know how well normal qemu is sandboxed.
I got the Workstation to boot up as well using the qemu commands that @GavinPacini sent on the 28th of april, but leaving out -drive "if=pflash,format=raw,file=./edk2-vars-work.fd,discard=on" \ for both VMās
When I try to open the browser I get an error that there is no browser installed that supports open-link-confirmation, so I installed firefox-rse for now. Am I correct that the tor browser is not there because it has not been ported to arm64 yet? So for now the only option is to use firefox or another browser that has been ported?
Networking seems to be ok now. If I map an address in the gateway that translates to the workstation. Issues I see on first impression are absence of tor browser, bad fluency and poor scaling (everything is really small) and resolution.