Whonix on Mac M1 (ARM)

OK, after some digging it looks like is the earliest tag I can use to build utm images with --target utm

After I do that, can I just rely on internal updates in the VM, or do I need to rebuild when a later stable version comes out?

Upgrade vs Image Re-Installation

I am trying to build the whonix-gateway-cli flavor with utm target. I get this error

clang: error: argument unused during compilation: '-fstack-clash-protection' [-Werror,-Wunused-command-line-argument]

I am using a freshly install arm64 debian bullseye VM in UTM and the command:

sudo ~/Whonix/whonix_build --flavor whonix-gateway-cli --target utm --repo true --arch arm64 --build

What am I doung wrong?

Forgot to mention I am using tag

1 Like

Stupid question. Can I just use gcc to compile with an options somewhere? It seems that clang may have a bug in version 11 that causes this.


1 Like

Probably the hardened-malloc package failing to build? That’s “amd64” only anyhow. Nothing else requires clang. I’ll work on disabling hardened-malloc building for non-“amd64” builds.

Is this https://github.com/Whonix/Whonix/commit/6d5fad54c6eba1a9f8ad71d5be26b9a79b27d9d3 the fix for the hardened-malloc you mentioned?

If so, are there any security considerations in building the images from master or should I wait for a new tag?

I attempted a build from master and ran into this error.

I: Running cd /build/hardened-malloc-8/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-buildpackage -us -uc -sa && env PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-genchanges -S '-sa' > ../hardened-malloc_8-4_source.changes
dpkg-buildpackage: info: source package hardened-malloc
dpkg-buildpackage: info: source version 0:8-4
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Patrick Schleizer <adrelanos@whonix.org>
dpkg-buildpackage: info: host architecture arm64
 dpkg-source --before-build .
dpkg-source: info: using options from hardened-malloc-8/debian/source/options: --extend-diff-ignore=^\.travis\.yml$
 debian/rules clean
dh clean
 dpkg-source -b .
dpkg-source: info: using options from hardened-malloc-8/debian/source/options: --extend-diff-ignore=^\.travis\.yml$
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building hardened-malloc using existing ./hardened-malloc_8.orig.tar.xz
dpkg-source: info: building hardened-malloc in hardened-malloc_8-4.debian.tar.xz
dpkg-source: info: building hardened-malloc in hardened-malloc_8-4.dsc
 debian/rules binary
dh binary
dpkg-genbuildinfo: error: binary build with no binary artifacts found; .buildinfo is meaningless
dpkg-buildpackage: error: dpkg-genbuildinfo subprocess returned exit status 255

Sorry, bad form I forgot the important info

commit 5c85057be9c5e0244b2120be8efd28edfd0511f2 (grafted, HEAD → master, origin/master, origin/HEAD)

Actually should compile on arm64.

OK, I was able to successfully build for the UTM target.

The VMs seem to run and function fine except for downloading the tor browser.
When I run update-torbrowser I get the following error:
ERROR: Failed to download: https://sourceforge.net/projects/tor-browser-ports/files/10.5.6/sha256sums-unsigned-build.txt.asc/download

Independent upstream. See:


The only source of Tor Browser arm64 builds as far as we’re aware.

That file was that file was only uploaded 4 hours ago so it might be functional by now.

Yep, it works now. I always get things at the wrong time.

1 Like

I got this the first time I tried to update, but figured the timeout would expire. It has reset multiple times now. Do I just need to leave it running for a day and then update it, or is it something else?

$ sudo apt update
[sudo] password for user:                     
Hit:1 tor+https://deb.debian.org/debian bullseye InRelease                     
Get:2 tor+https://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]   
Get:3 tor+https://deb.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Get:4 tor+https://deb.debian.org/debian bullseye-backports InRelease [40.9 kB] 
Get:5 tor+https://fasttrack.debian.net/debian bullseye-fasttrack InRelease [12.9 kB]
Get:6 tor+https://deb.whonix.org bullseye InRelease [39.6 kB]                  
Reading package lists... Done       
E: Release file for tor+https://deb.debian.org/debian/dists/bullseye-updates/InRelease is not valid yet (invalid for another 47min 32s). Updates for this repository will not be applied.
E: Release file for tor+https://deb.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 4h 47min 29s). Updates for this repository will not be applied.
E: Release file for tor+https://fasttrack.debian.net/debian/dists/bullseye-fasttrack/InRelease is not valid yet (invalid for another 6h 35min 29s). Updates for this repository will not be applied.
E: Release file for tor+https://deb.debian.org/debian/dists/bullseye-backports/InRelease is not valid yet (invalid for another 47min 31s). Updates for this repository will not be applied.

Check clock.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]