Whonix Repository

Support
1

How do i check my whonix OS version?
What for do I use the whonix repository? Does it allow to upgrade to a new version of the OS?

2

While trying to enable whonix repository I get this:

sudo whonix_repository --verbose
whonix_repository verbose output…

  • VERBOSE=1
  • shift
  • :
  • case $1 in
  • break
  • ‘[’ ‘’ = ‘’ ‘]’
  • gui=1
  • ‘[’ 1 = 1 ‘]’
  • gui
  • trap error_handler ERR
  • local title=whonix_repository
  • local ‘msg=Which Whonix Repository do you like to use?’
  • exec
    ++ dialog --cancel-label Exit --title whonix_repository --menu ‘Which Whonix Repository do you like to use?’ 100 120 20 1 ‘Use Whonix Stable Repository.’ 2 ‘Use Whonix Testers Repository.’ 3 ‘Use Whonix Developers Repository.’ 4 ‘Deactivate Whonix Repository.’
  • local ‘_return=/usr/bin/whonix_repository: line 298: dialog: command not found’
  • exec
  • gui_return=’/usr/bin/whonix_repository: line 298: dialog: command not found’
  • ‘[’ ‘/usr/bin/whonix_repository: line 298: dialog: command not found’ = ‘’ ‘]’
  • ‘[’ 1 = 1 ‘]’
  • ‘[’ ‘/usr/bin/whonix_repository: line 298: dialog: command not found’ = 1 ‘]’
  • ‘[’ ‘/usr/bin/whonix_repository: line 298: dialog: command not found’ = 2 ‘]’
  • ‘[’ ‘/usr/bin/whonix_repository: line 298: dialog: command not found’ = 3 ‘]’
  • ‘[’ ‘/usr/bin/whonix_repository: line 298: dialog: command not found’ = 4 ‘]’
  • error ‘Invalid menu action. Please report this bug!’
    /usr/bin/whonix_repository: line 324: error: command not found
    ++ error_handler
    ++ local return_code=127
    ++ local 'MSG=###############################################################################

whonix_repository script bug.

Please report this bug!

BASH_COMMAND: error “Invalid menu action. Please report this bug!”

return_code: 127

Experts only:

whonix_repository --verbose

for verbose output. Clean the output and

submit to Whonix developers.

###############################################################################’
++ echo '###############################################################################

whonix_repository script bug.

Please report this bug!

BASH_COMMAND: error “Invalid menu action. Please report this bug!”

return_code: 127

Experts only:

whonix_repository --verbose

for verbose output. Clean the output and

submit to Whonix developers.

###############################################################################’
###############################################################################

whonix_repository script bug.

Please report this bug!

BASH_COMMAND: error “Invalid menu action. Please report this bug!”

return_code: 127

Experts only:

whonix_repository --verbose

for verbose output. Clean the output and

submit to Whonix developers.

###############################################################################
++ exit 1

How do i fix this and enable the repository?

3

whonixcheck will tell you. Run whonixcheck. Either in terminal or from the desktop or start menu.

[INFO] [whonixcheck] Whonix News Download Result: Installed Whonix Debian Package 7.7.2-debpackage1 is up to date. [INFO] [whonixcheck] Whonix News Download Result: Installed Whonix Build 137adretemp is up to date.

Alternatively, for build version:

cat /usr/share/whonix/build_version

Or for Whonix Debian Package version:

dpkg -l | grep whonix

There are two things here. Whonix Debian Package Repository is where the deb packages are located. The whonix_repository tool allows to enable/disable Whonix’s repository and to choose which one (stable/testers/developers).

Since you’re most likely using Whonix 7, in that version Whonix repository is enabled by default with stable updates. (Won’t be enabled by default in further versions, but users will be asked if they want to enable it upon first boot.)

To fix that bug, use:

sudo apt-get install dialog

(Will also be fixed after the update.)

If you wish to get the testers-only upgrade, see this blog post:
https://anonymousoperatingsystem.wordpress.com/2014/01/13/testers-wanted-testers-only-version-whonix-7-7-2-debian-packages-released/

Otherwise no action required. You’ll get Whonix stable upgrades automatically along with Debian upgrades when they are released.

4

What is the difference betweenWhonix Debian Package and Installed Whonix Build ?
My whonix was compiled from source and got version 7.3.7 but later i upgraded from repository to 7.7.2.
Now while running whonixcheck I get:

Whonix News Download Result: Installed Whonix Debian Package 7.7.2-debpackage1 is up to date.
Whonix News Download Result: Installed Whonix Build 7.3.7 is up to date.

So what version do I actually have now: 7.7.2 or 7.3.7?

Also whonixheck says this:
Tor Browser Update Check Result: Installed Tor Browser version: 2.3.25-16. Latest recommend Tor Browser version(s): 3.5. Please run:
Start menu → Applications → System → Tor Browser Updater

Do i need to upgrade? As far as I understood now iceweasel is used instead of torbrowser.

Also how do i install torchat now?

Can i install with sudo apt-get install torchat and is that all? Or do i need to do the following additional steps?
(This step won’t be necessary in Whonix 7.3.7 and anymore.)
sudo apt-get update
sudo apt-get install realpath
(This step won’t be necessary in Whonix 7.3.7 anymore.)
dpkg-divert --add --rename --divert /usr/sbin/tor.real /usr/sbin/tor
(This step won’t be necessary in Whonix 7.3.7 anymore.)
dpkg-divert --add --rename --divert /usr/bin/tor.real /usr/bin/tor
Create a file /usr/bin/tor. (Won’t be necessary in Whonix 7.3.7 anymore.)
kdesudo kwrite /usr/bin/tor
And add the following content. (Won’t be necessary in Whonix 7.3.7 anymore.)

#!/bin/bash

This file is part of Whonix

Copyright (C) 2012 - 2013 adrelanos adrelanos@riseup.net

See the file COPYING for copying conditions.

dummytor

echo “INFO $(realpath $BASH_SOURCE): Dummy Tor.”
exit 0

Also will i have to do this after torchat installation?:

Warning! If you later want to update Whonix you must undo the dpkg diversions. Do not run these commands right now. Run them when apt-get prompts you to install new Whonix packages.
dpkg-divert --remove --rename /usr/sbin/tor
dpkg-divert --remove --rename /usr/bin/tor

Can u update your documentation for torchat?

5
What is the difference between Whonix Debian Package and Installed Whonix Build ?
Whonix Debian Packages can be upgraded. It is the version of the actual .deb packages that are currently installed.

Whonix Build Version is created when initially creating a Whonix image. It can by definition never be upgraded.

In future we may have a situation where the build version becomes too old, where upgrading Whonix Debian Packages won’t be possible due to limitations of the original build.

My whonix was compiled from source and got version 7.3.7 but later i upgraded from repository to 7.7.2. Now while running whonixcheck I get:

Whonix News Download Result: Installed Whonix Debian Package 7.7.2-debpackage1 is up to date.
Whonix News Download Result: Installed Whonix Build 7.3.7 is up to date.

Seems correct.

So what version do I actually have now: 7.7.2 or 7.3.7?

You’ve build from version 7.3.7 and now have 7.7.2.

Do i need to upgrade?
Yes.
As far as I understood now iceweasel is used instead of torbrowser.
No. How do you come to that conclusion?
Also will i have to do this after torchat installation?
I managed to prepare the updated packages in a way so this won't be necessary at all.
Can u update your documentation for torchat?
Done. Please tell me if there is anything causing confusion left.
6

The confusion in the torchat section in the documentation still exists. The confusion is caused by the phrase “won’t be necessary in whonix 7.3.7 and above”. You should replace “won’t be necessary” by “is no longer required for whonix 7.3.7 and above” because when you use the future tense “won’t be” it may sound like you plan to implement this feature in the future, while actually it has already been implemented. So users don’t know if they should do those steps or not.

As far as I understood from your answer I need to upgrade to torbrowser 3.5. Does it mean that you managed to prevent TOR over TOR for version 3.5? Previous versions had vidalia and were started via a script. That script was modified by you to prevent vidalia from starting. But how did u solve the problem with version 3.5 which does not have a starting script. Can i safely install version 3.5 without being afraid that i will get tor over tor? I tried to extract firefox from version 3.5 to get rid of the tor module of the browser but the extracted firefox refused to start. How did you solve that issue?

7

First I did not figure out why iceweasel had been installed. The confusing thing was that it started to use the profile that i had previously created for one of my copies of torbrowser! And even all of its extensions were loaded for iceweasel! I guess it was because I made that my torbrowser copy a sensible browser! So iceweasel grabbed its profile and all extensions including torbutton. That’s why I thought that you had included iceweasel into whonix package as a main browser. But after I created a new profile for iceweasel and after starting it it asked me to download torbrowser. So I figured out that iceweasel had not been meant to be a replace for torbrowser.

8
The confusion in the torchat section in the documentation still exists. The confusion is caused by the phrase "won't be necessary in whonix 7.3.7 and above". You should replace "won't be necessary" by "is no longer required for whonix 7.3.7 and above" because when you use the future tense "won't be" it may sound like you plan to implement this feature in the future, while actually it has already been implemented. So users don't know if they should do those steps or not.
Whonix 7 is still the stable version. And you're at the moment using the testers-only version. So at the moment from a stable user perspective it's still future.
As far as I understood from your answer I need to upgrade to torbrowser 3.5.
Yes.
Does it mean that you managed to prevent TOR over TOR for version 3.5?
Yes.
Previous versions had vidalia and were started via a script. That script was modified by you to prevent vidalia from starting.

Yes.

But how did u solve the problem with version 3.5 which does not have a starting script.
See https://www.whonix.org/wiki/Manually_Updating_Tor_Browser#Footnotes
Can i safely install version 3.5 without being afraid that i will get tor over tor?
Yes. See https://www.whonix.org/wiki/Manually_Updating_Tor_Browser - Even without update script there will be no longer Tor over Tor.
I tried to extract firefox from version 3.5 to get rid of the tor module of the browser but the extracted firefox refused to start. How did you solve that issue?
See https://www.whonix.org/wiki/Manually_Updating_Tor_Browser#Footnotes
9
First I did not figure out why iceweasel had been installed.
I wouldn't know how to documentation that better. It's in the changelog. There is too much information. Well, when you start iceweasel, it's default home page will tell you.
I guess it was because I made that my torbrowser copy a sensible browser!
What is a "sensible browser"?
So iceweasel grabbed its profile and all extensions including torbutton.
This is very strange because Tor Browser always has its own folder and never uses iceweasel's settings folder.

(Unless you maybe start the firefox part of TBB manually without any startup script or command line parameter. Without any of this, it won’t use the settings that come with Tor Browser which are highly recommended.)

10

Your manual says:
Manually updating Tor Browser
(1) Go to https://www.torproject.org/ and/or http://idnxcnkne4qt76tg.onion/ and download the Tor Browser Bundle for Linux 32 bit. Store it in /home/user/.
I compiled whonix as 64-bit. Do i need to download 64-bit bundle instead of 32-bit bundle?

Sensible browser is the default browser. That is the browser which is set in the OS as default. For example, if you click a weblink in any window of any program the link will be opened in the default(sensible) browser.
And yes, you are right that my sensible browser is the firefox extracted from the previous version of TBB and it does not use the starting script.
Also the torbrowser itself is the modified firefox where all changes were made in about:config.
You may make any firefox get torbrowser’s fingerprint by modifying the corresponding strings in about:config.
What’s more interesting, you may change user-agent directly in about:config and make any FF version look like the current torbrowser release. I wonder why the TOR team does not supply a FF profile like jondo does. It would help users to avoid tor-over-tor where they have torified their entire OS. I have heard that they no longer welcome own torification efforts and promote using tails instead. That’s a potential narrowing of the target group of users.

11
Do i need to download 64-bit bundle instead of 32-bit bundle?

Yes.

Also the torbrowser itself is the modified firefox where all changes were made in about:config. You may make any firefox get torbrowser's fingerprint

I am afraid, that’s wrong. It’s not that simple. Tor Browser contains patches, see:

And applying them, means you have to build Tor Browser source code.

What's more interesting, you may change user-agent directly in about:config and make any FF version look like the current torbrowser release.
This is even more wrong. There are far more way to distinguish browsers than the user-agent.
I wonder why the TOR team does not supply a FF profile like jondo does.
Now you know.
It would help users to avoid tor-over-tor where they have torified their entire OS.
There is the TOR_SKIP_LAUNCH environment variable for this as explained on https://www.whonix.org/wiki/Manually_Updating_Tor_Browser#Footnotes . Well, if Tor Launcher would have an expert menu for this, it may be simpler for these use cases. Perhaps worth a feature request.
I have heard that they no longer welcome own torification efforts
I don't think you're any less welcome. Actually, if you have that from https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO then it was me who wrote that (proper in wiki history in torproject's wiki is my old nickname). On that site, it's not about any less welcome. It's documenting the technical challenges of doing so without shooting your own feet by having IP leaks or other identifying strings. It's just, that torification for applications where aren't good instructions or tools available (such as TBB or TorBirdy) is in my opinion too difficult a skill to learn and do in one long night. Having said that, you're very much welcome to improve the documentation on the topic, the knowledge, the instructions, improving the situation etc.
12

Thanks.
How should I configure version 3.5 for using the transparent proxy. Suppose I want to route VPN via TOR, i.e. to get VPN after TOR to avoid bans. Do i just create a copy of my regular Torbrowser 3.5 and in torbutton check against the transparent proxy?
Do i set other proxies (for example privoxy) also in torbutton addon?

13

Creating a copy should work.

Does Tor Browser Essentials answer your other questions?

14

Yes, it answers my question.

One more question. There is a tor launcher addon in version 3.5. Since Tor is already provided by whonix can i disable or remove that addon entirely from torbrowser?

15

Good question. No idea. I don’t know if/how incorporated Tor Button and Tor Launcher are and would wonder if they test it without Tor Launcher. Also I wouldn’t wonder to see specific bugs when Tor Launcher is removed.

I’d say you’re better off leaving it in. In Whonix it does not get removed, so we don’t depend on Whonix’s torbrowser script being functional. That situation is much simpler to support. Requiring extra steps from users for running Tor Browser in Whonix is an awful situation. Therefore many more users have the environment variable set and Tor Launcher still installed. Better chances of spotting any bugs.

16

The test at ip-check.info shows that the fingerprint remains the same when tor launcher is disabled.

By the way by default torbutton is missing on the panel and you have to customize the panel to get it back. Without it you can’t get New Identity wit version 3.5

17
The test at ip-check.info shows that the fingerprint remains the same when tor launcher is disabled.
ip-check.info isn't a complete test, there are other ways to fingerprint. For example, if you remove a toolbar, your inner browser window gets bigger, that changes the fingerprint. See also http://www.wilderssecurity.com/showpost.php?p=2327066&postcount=4 for my thoughts on ip-check.info.
By the way by default torbutton is missing on the panel and you have to customize the panel to get it back.
Sounds like a major bug. I wouldn't use that browser. If you go the standard route, i.e. start with a fresh profile, do as documented, this doesn't happen.
18

Each time whonixcheck is started it looks for new apt packages and then asks u to issue the update and upgrade command. Why not automate this process? New packages are found every day. I suggest that update and upgrade should start automatically with --yes option before whonixcheck and whonixcheck should not have apt-get update & upgrade part.

19

Please have a look here:

20

Is whonix vulnerable to this New Tor Denial of Service Attacks and Defenses | The Tor Project
What should we do?