[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Whonix-OpenBSD Port

Hello.

I have created a guide to install OpenBSD as a Whonix-Custom-Workstation: ( /wiki/Other_Operating_Systems#Whonix_.E2.84.A2-OpenBSD-Workstation ) (cannot post links). I will update the guide once 6.7 is released, which should be soon.

What remains to be done is instructions to install Tor Browser. There is a tor-browser package in OpenBSD ports tree, but apparently an update to Rust broke it as I found here ( https : // www. reddit. com/r/openbsd/comments/dkuz7u/tor_browser/ ), so it currently can’t be installed using pkg_add.

Hopefully the issue will be resolved in 6.7.

I am currently trying to build Whonix packages on OpenBSD. Here is a summary of my progress so far:

Installed necessary packages for building: gcc gmake git

Started with genmkfile, because it is required to build all the other packages.

Since master branch of genmkfile does not have a Makefile, I cloned the Whonix13 branch.
Since OpenBSD paths are different, I changed all instances of /bin/bash to /usr/local/bin/bash.

All instances of /usr/bin/make must be replaced with /usr/local/bin/gmake.

After that, running
sudo gmake install
works fine.

I have built several packages partially; dist-base-files, helper-scripts, bootclockrandomization and attempted to build sdwdate.
Here is a synopsis of what needs to be done:

Installing the coreutils package, because the code uses some commands and flags absent in OpenBSD utilities; I did not want to make intrusive changes to the code. Then changing the code so it uses coreutils, synopsis:

chmod >> gchmod
chown >> gchown
cp >> gcp
date >> gdate
mkdir >> gmkdir
mkfifo >> gmkfifo
mktemp >> gmktemp
rm >> grm
timeout >> gtimeout

And so on.

After that, I cloned dist-base-files.
Replaced all instances of /bin/bash with /usr/local/bin/bash.
Saved the old Makefile from genmkfile in the directory and ran
sudo gmake install
This seems to have worked fine and the files were updated.

Cloned bootclockrandomization.
Changed bash paths, changed /run/ to /var/run/, date to gdate.
Wrote an /etc/rc.d bootclockrandomization script.
Then modified rc.conf.local to include bootclockrandomization in pkg_scripts.
But that did not make bootclockrandomization recognized by rc and using rcctl enable bootclockrandomization fails (service does not exist).
Not sure what to do with this yet. It seems it has to be installed as a package for pkg_scripts and rcctl to work.

Running the scripts clock-random-manual-cli and /usr/share/bootclockrandomization/start was successful with no errors after adding the line
gmkdir "$DIR"

to start (because first attempt reported missing directory).

Then I tried to build one of the most important Whonix packages, sdwdate.

Installed the dependencies found in debian/control.

pkg_add python3 py3-stem py3-dateutil py3-gevent py3-socks gbc

Then cloned python-guimessages, since it is a dependency.
Replaced all instances of /usr/bin/python3 with /usr/local/bin/python3.

Since Python modules are also stored elsewhere on OpenBSD, I moved all the files from
usr/lib/python/dist-files/guimessages/ to
usr/local/lib/python3.7/guimessages/

Just to make sure, I also made a copy of the directory usr/local/lib/python3.7/guimessages/ as usr/local/lib/python3.6/guimessages/.

Copied the old Makefile again and installed the modules.

Cloned helper-scripts.

Change bash and python paths as usual.
Change all commands to coreutils.

Change all the paths of /run/ to /var/run/

in te_pe_tb_check
comment line
source /usr/lib/helper-scripts/pkg_manager_running_check

in usr/lib/helper-scripts/tor_bootstrap_check.bsh:

added custom code to ensure the IP is correct

if [ -f "/etc/mygate" ]; then
   GATEWAY_IP="`cat /etc/mygate`"
fi

if [ "$gateway_control_port" = "" ]; then
   gateway_control_port="9051"
fi

Cloned sdwdate.
Once again, started with replacing the bash and python paths.

In usr/bin/sdwdate, I commented all lines related to sdnotify, including all instances of n.notify, as systemd-related code won’t work and does not seem to be critical to sdwdate’s functionality (except starting it at boot).

In usr/lib/sdwdate/restart_fresh
Change rm to grm and change systemctl to rcctl, remove its flags, and comment the line. rcctl won’t work yet as mentioned.

Change all the instances of coreutils in all files to their OpenBSD equivalents.

Comment the line related to systemd in suspend-post.
Change instances of systemctl to rcctl and remove the flags.
Change paths of /run/sdwdate to /var/run/sdwdate and update the paths elsewhere as well.

In /usr/bin/sdwdate
Change /bin/date to /usr/local/bin/gdate
Change mktemp to gmktemp

Then sudo gmake install

Error related to translation code. Comment all lines related to translations, because non-critical.

After reinstalling it, sdwdate started, but wasn’t able to connect:
bash-5.0$ sdwdate
2020-04-28 22:51:28 - sdwdate - INFO - sdwdate started. PID: 49391
2020-04-28 22:51:28 - sdwdate - INFO - create temp_dir: /tmp/tmp.Z6JXBEqSaH
2020-04-28 22:51:28 - sdwdate - INFO - Tor socks host: 10.152.152.10 Tor socks port: 9050
2020-04-28 22:51:28 - sdwdate - INFO - Running sdwdate main loop. iteration: 1 / 10000
2020-04-28 22:51:28 - sdwdate - INFO - WARNING - Tor Bootstrap Result: Tor’s Control Port could not be reached.

Did you start Gateway beforehand?

Unexpected error: <class ‘FileNotFoundError’>
^CTraceback (most recent call last):
File “/usr/bin/sdwdate”, line 604, in
prerequisite_check()
File “/usr/bin/sdwdate”, line 558, in prerequisite_check
time.sleep(prerequisite_check_sleep_seconds)
KeyboardInterrupt
bash-5.0$

Tried to manually run Tor-related helper-scripts.

tor_bootstrap_check, tor_circuit_established_check, and tor_signal_newnym report:
Unable to connect to tor. Are you sure it’s running?

It seems the problem is helper-scripts trying to connect to local Tor daemon which is disabled, instead of the Whonix-Gateway, despite adding the custom code earlier to ensure the IP settings are correct.

I looked through the code, but I am at a loss as to how to resolve this. Building anon-ws-disable-stacked-tor could help, but it seems to rely on systemd.

I do not know how much interest there will be in an OpenBSD port. It is a potential consideration for: /wiki/Dev/Operating_System#Criteria_for_Choosing_a_Base_Distribution , but OpenBSD was addressed already.

However, I will update on my progress. If anyone knows how to resolve these issues, help will be appreciated.

1 Like

Interesting, you seem to find your way around the source code really well.

singularity via Whonix Forum:

Started with genmkfile, because it is required to build all the other packages.

No longer required.

This was replaced by file:
debian/packagename.install

Which should be trivial to port anywhere hopefully. Folder structure
source code file usr/bin/something copying to /usr/bin/something is
still the same.

Since master branch of genmkfile does not have a Makefile, I cloned the Whonix13 branch.

Don’t bother with ancient releases.

Changed bash paths, changed /run/ to /var/run/, date to gdate.

Debian uses /run now. Past was /var/run. I guess compatibility symlink
might be better.

in te_pe_tb_check
comment line
source /usr/lib/helper-scripts/pkg_manager_running_check

in usr/lib/helper-scripts/tor_bootstrap_check.bsh:

added custom code to ensure the IP is correct

if [ -f “/etc/mygate” ]; then
GATEWAY_IP="cat /etc/mygate"
fi

Not sure why that would be required. A a fix / feature independent from
OpenBSD port?

if [ “$gateway_control_port” = “”]; then
gateway_control_port=“9051”
fi

""] is missing a space.

In usr/bin/sdwdate, I commented all lines related to sdnotify, including all instances of n.notify, as systemd-related code won’t work and does not seem to be critical to sdwdate’s functionality (except starting it at boot).

Indeed sdnotify not critical.

It seems the problem is helper-scripts trying to connect to local Tor daemon which is disabled, instead of the Whonix-Gateway,

That’s how Whonix works. anon-ws-disable-stacked-tor package redirects
Whonix-Workstation ports localhost to Whonix-Gateway. Also Tor Browser
will need this.

I looked through the code, but I am at a loss as to how to resolve this. Building anon-ws-disable-stacked-tor could help, but it seems to rely on systemd.

Indeed. Git history at some point implemented the same using a ton of
socat instances without “much” reliance on systemd (i.e. starting the
script as a usual daemon which would be similarly easy to replace).

Thank you for your response.

I will take note of your advice.

Good point.

Yes, this is probably only temporary. I wanted to make sure the gateway IP is set correctly and is the same as /etc/mygate. Because tor_bootstrap_check looks for the file /usr/share/anon-ws-base-files/workstation, but anon-ws-base-files was not installed.

My bad. That is because I rewrote the line here, instead of copying it. I did not forget the space in the script.

Seems it could be used as a basis for the OpenBSD version with some modifications, I will have a look.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]