Whonix VirtualBox 15.0.0.0.7 - Debian buster based - Testers Wanted!

nurmagoz · April 12, 2019, 5:27pm

Great Job!!!

My testing notes:

is it important to have super user for ACW?

Applications Test results:

qTox better privacy/Tor compatibility Tips:

Open qTox then go to Advanced and scroll down to connection settings → Then disable “Enable IPv6” & “Enable UDP” , change Proxy Type to SOCKS5 , Address to 127.0.0.1 , Port to 9101 (or isolated port for it connection)

Ricochet & Onionshare has an Onion grater issue in “Extend onion-grater Whitelist” instruction step mentioned in the wiki.

CoyIM has an issue of freezing up and not connecting (need to kill it in order to close it) upstream ticket:

github.com/coyim/coyim

CoyIM in buster freeze up

opened 05:26PM - 12 Apr 19 UTC

closed 06:28PM - 29 May 19 UTC

TNTBOMBOM

Whonix 15 going to be released soon based on Debian Buster. Im testing CoyIM and… i discovered its not connecting either its freeze up on registration or shutdown itself. steps to reproduce very easy just try to make it work/connect normally and it just wont continue. Terminal log: ``` user@host:~$ coyim (CoyIM:3353): dbind-WARNING **: 17:17:40.507: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8c6487] goroutine 9 [running]: github.com/twstrike/coyim/gui.requestAndRenderRegistrationForm(0xc000026640, 0x19, 0xc00006a0c0, 0xd77bb0, 0xde9460, 0xc0000948a0, 0x0, 0x0) github.com/twstrike/coyim/gui/registration.go:83 +0x1a7 github.com/twstrike/coyim/gui.(*gtkUI).showServerSelectionWindow.func1.2(0xc000068180, 0xc00006a0c0, 0xc000182750, 0xdf9540, 0xc00001f5b0, 0xc0001aa0c0) github.com/twstrike/coyim/gui/account.go:170 +0x7f created by github.com/twstrike/coyim/gui.(*gtkUI).showServerSelectionWindow.func1 github.com/twstrike/coyim/gui/account.go:169 +0x6c6 user@host:~$ ``` Screenshot where it freeze: ![coyimissue](https://user-images.githubusercontent.com/11895339/56055048-0ede7800-5d48-11e9-87cc-e78422ce99bc.png)

Patrick · April 12, 2019, 10:15pm

@nurmagoz via Whonix Forum:

is it important to have super user for ACW?

Yes since it modifies root owned files. Abolishing user/root separation
(on gateway only) would be a separate discussion.

Applications Test results:

qTox better privacy/Tor compatibility Tips:

Open qTox then go to Advanced and scroll down to connection settings → Then disable “Enable IPv6” & “Enable UDP” , change Proxy Type to SOCKS5 , Address to 127.0.0.1 , Port to 9101 (or isolated port for it connection)

Setting UDP will be futile. ( Tor Documentation for Whonix Users )
Otherwise good idea.

Ricochet & Onionshare has an Onion grater issue in “Extend onion-grater Whitelist” instruction step mentioned in the wiki.

Fixed in wiki.

CoyIM has an issue of freezing up and not connecting (need to kill it in order to close it) upstream ticket:

CoyIM in buster freeze up · Issue #527 · coyim/coyim · GitHub

Thanks!

nurmagoz · April 13, 2019, 6:29pm

yeah thats why better to disable them by default.

OnionShare tested and its working!
Ricochet Debian doesnt boot up: (expected ending)

Patrick · April 14, 2019, 12:28pm

Great!

Fixed.

Fix in all buster repositories.

Actual ricochet connectivity test has not been done by me. Would be nice if you could test.

Patrick · April 14, 2019, 1:07pm

qtox:

IPv6 might even work. (See IPv6 tests in Tor Browser.)

(Above commit works for new builds only because it is in /etc/skel.)

Proxy settings cannot be applied by default. Related bugs:

github.com/qTox/qTox

[Feature request] Launch options/flags for connection settings

opened 04:08PM - 12 Apr 18 UTC

rdroimfd

proposal M-ui C-feature-request

##### Brief Description OS: Fedora 27 qTox version: (version numbers in menu… `Settings → About`) Commit hash: https://github.com/qTox/qTox/commit/5d0f9509a8d5fac940f402237efe4a8a6ab7e27b toxcore: 0.2.1 ##### Observed Behavior At first I thought I had a bug that deleted settings, because I checked my advanced settings after updating and noticed my connection wasn't set to go through tor and had a random port instead of 9050. I eventually realized it was because I made a new account a few months ago and never set the same connection settings, and connection settings are saved on a per account basis. I thought about ways this might be able to be changed, and the best one I could think of are launch options/cli flag settings to set connection settings, like proxy type/IP/UDP settings etc on launch. Not only would this allow you to easily share this setting between accounts if you choose (such as changing your qTox shortcut to include them thus making any profile load those connection settings), but it would allow you to easily use your chosen settings on newly created accounts without ever having to connect to tox over a connection you don't want to. What I mean is even if I had known I would need to set the connection options again after making a new account, when I first load into the new account, it would attempt to connect to the tox network over my default IP address until I go and manually change things (unless I disable my internet, load into the new profile, change to tor, and then reenable internet). Edit: Was just reading over [this page](https://wiki.tox.chat/users/tox_over_tor_tot) and saw the example for doing it with toxic - " toxic –force-tcp –SOCKS5-proxy 127.0.0.1 9050"

We also cannot use torsocks, bug reported:

github.com/qTox/qTox

torsocks qtox results in segfault

opened 12:58PM - 14 Apr 19 UTC

closed 06:34AM - 27 Jun 19 UTC

adrelanos

U-low C-crash

##### Brief Description * OS: debian buster * qTox version v1.16.3-2-debian.… * Commit hash: build without git * toxcore version: 0.2.9 * Qt version: 5.11.3 ``` dpkg -l | grep qtox ii qtox 1.16.3-2 ``` * Reproducible: Always ##### Steps to reproduce Debian buster sudo apt-get install torsocks qtox torsocks qtox ##### Observed Behavior ``` [12:50:33.070 UTC] persistence/settings.cpp:129 : Debug: No settings file found, using defaults [12:50:33.070 UTC] persistence/settings.cpp:133 : Debug: "Loading settings from :/conf/qtox.ini" [12:50:33.077 UTC] ipc.cpp:61 : Debug: Our global IPC ID is 15713412508552978184 [12:50:33.078 UTC] main.cpp:251 : Debug: commit: build without git [12:50:40.685 UTC] persistence/settings.cpp:2411 : Debug: Creating new profile settings in "/home/user/.config/tox//aaaaaa.ini" [12:50:40.712 UTC] persistence/settings.cpp:462 : Debug: "Saving global settings at /home/user/.config/tox/qtox.ini" [12:50:40.755 UTC] persistence/settings.cpp:335 : Debug: Loading personal settings from "/home/user/.config/tox/aaaaaa.ini" [12:50:40.756 UTC] nexus.cpp:87 : Debug: Starting up [12:50:40.970 UTC] core/core.cpp:197 : Debug: Creating a new profile [12:50:40.970 UTC] core/toxoptions.cpp:63 : Debug: Core starting with IPv6 enabled [12:50:40.971 UTC] core/toxlogger.cpp:57 : Warning: "ERROR:network.c:new_networking_ex:764: Failed to get a socket?! 1, Operation not permitted" [12:50:40.971 UTC] core/toxlogger.cpp:57 : Warning: "ERROR:network.c:new_networking_ex:764: Failed to get a socket?! 1, Operation not permitted" [12:50:40.971 UTC] core/core.cpp:152 : Critical: can't to bind the port [12:50:41.843 UTC] widget/systemtrayicon.cpp:83 : Debug: Using the Qt backend Segmentation fault ``` journal: ``` Apr 14 12:48:02 host kernel: qTox Core[4416]: segfault at 0 ip 00007f3acac88cd0 sp 00007f3aa4b69ff0 error 4 in libtoxcore.so.2.9.0[7f3acac61000+31000] ``` ##### Expected Behavior qtox functional.

nurmagoz · April 14, 2019, 2:44pm

Add Workspace Switcher by default because if you open TBB and then open file manager and then press/hold the file manager top bar and go left of the screen then TBB page will disappear. it didnt disappear actually but the file manager window went to a new workspace. and in order to see all the work spaces you need to add workspace switcher plugin to the taskbar by default.

right click on the taskbar -> go to Panel -> Add New Items -> Workspace Switcher

then move the workspace switcher near to the browser icon (left) for better control.

nurmagoz · April 14, 2019, 2:45pm

sudo apt install --reinstall ricochet-im

fixed the issue for me.

nurmagoz · April 14, 2019, 3:12pm

Feature for new comers:

Make PulseAudio Plugin visible by adding it to the taskbar/Panel in WS.

nurmagoz · April 22, 2019, 3:31am

Ricochet giving false claims that its working but its not.

http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/ricochet-support/7174

HulaHoop · April 26, 2019, 3:57am

CoyIM tested and working here fine. Accounts can be created staright away and I’m logged into them as online.

nurmagoz · April 26, 2019, 3:32pm

how? it got fixed or it just worked with you?

HulaHoop · April 26, 2019, 4:15pm

I just used it normally and clicked register account and it works as expected. Just did it again now.

The hanging connection to the server you saw might be a network connectivity problem at the exit node, or a request throttling done to prevent spammers from that exit’s IP.

EDIT:

Let’s try to connect with coyIM too because there was a bug in the version in Stretch which kept making coy forget added contacts.

nurmagoz · April 26, 2019, 4:48pm

well this is my tested results (impossible to continue)

github.com/coyim/coyim

CoyIM in buster freeze up

opened 05:26PM - 12 Apr 19 UTC

closed 06:28PM - 29 May 19 UTC

TNTBOMBOM

Whonix 15 going to be released soon based on Debian Buster. Im testing CoyIM and… i discovered its not connecting either its freeze up on registration or shutdown itself. steps to reproduce very easy just try to make it work/connect normally and it just wont continue. Terminal log: ``` user@host:~$ coyim (CoyIM:3353): dbind-WARNING **: 17:17:40.507: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8c6487] goroutine 9 [running]: github.com/twstrike/coyim/gui.requestAndRenderRegistrationForm(0xc000026640, 0x19, 0xc00006a0c0, 0xd77bb0, 0xde9460, 0xc0000948a0, 0x0, 0x0) github.com/twstrike/coyim/gui/registration.go:83 +0x1a7 github.com/twstrike/coyim/gui.(*gtkUI).showServerSelectionWindow.func1.2(0xc000068180, 0xc00006a0c0, 0xc000182750, 0xdf9540, 0xc00001f5b0, 0xc0001aa0c0) github.com/twstrike/coyim/gui/account.go:170 +0x7f created by github.com/twstrike/coyim/gui.(*gtkUI).showServerSelectionWindow.func1 github.com/twstrike/coyim/gui/account.go:169 +0x6c6 user@host:~$ ``` Screenshot where it freeze: ![coyimissue](https://user-images.githubusercontent.com/11895339/56055048-0ede7800-5d48-11e9-87cc-e78422ce99bc.png)

AnonymousUser · April 29, 2019, 11:12am

OK, finally got a Whonix 15 running.

First thing I notice is both Gateway and Workstation have a GUI whonixcheck error right after first-run wizards finish:

WARNING: Debian Package Update Check Result: Could not check for software updates! (Timeout reached.) (apt-get code: 124)
Please manually check:
(Open a terminal, Start Menu → System → Terminal.)

Manual apt update / dist-upgrade commands work fine in terminal though.

BTW, should we move from apt-get to apt?

I read last week that the Debian world is moving in the direction of suggesting apt by default and that best practice is such that apt-get should only be used if necessary for a function that apt itself can’t provide (similar to aptitude does over apt-get). It would be neater and less daunting for the user to work with.

Patrick · April 30, 2019, 11:20am

AnonymousUser via Whonix Forum:

BTW, should we move from apt-get to apt?

I read last week that the Debian world is moving in the direction of suggesting apt by default and that best practice is such that apt-get should only be used if necessary for a function that apt itself can’t provide (similar to aptitude does over apt-get). It would be neater and less daunting for the user to work with.

Citation would be useful. We can consider this after Whonix 15 stable
release.

AnonymousUser · April 30, 2019, 10:38pm

Yeah I couldn’t find it that time, but found it now. It was this article:

So it seems apt is a little more user-friendly (in general) and is in Debian by default.

It shows in a table that apt-get dist-upgrade → becomes → apt full-upgrade.

Annoying that apt, apt-get and aptitude are all slightly different with different pros vs. cons, but at least we have choice for different situations. I had to use the deluxe aptitude to install a particularly difficult-to-install package that required sid repo dependencies on a Tails Debian the other week.

Further links that look useful:

https://debian-handbook.info/browse/stable/sect.apt-get.html

AnonymousUser · May 2, 2019, 9:15am

On a new fresh pair of 15.0.0.0.7 VMs, the above error doesn’t happen. Perhaps it was a connection issue.

nurmagoz · May 26, 2019, 3:05am

There are new stuff Questionable and Bug:

Geoclue Demo agent? i dunno is this needed ?
null is a process by whonix but it would be better to be named if possible

I dunno why only Desktop directory there , but no others like Downloads,Public …etc (Bug)

prefapp

Its better to have both of them filled , as TBB & Thunderbird or at least TBB.

→ ⚓ T913 bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time

Patrick · May 27, 2019, 9:22pm

nurmagoz · June 5, 2019, 1:05pm

Apparmor failed to start (GW,WS)

Script Bug (Gone after restart)

Whonix firewall failed to load (happened multiple times - GW)

Full log:

ERROR: whonix_firewall failed to load! 

The whonix_firewall failed to load for some reason. This could be due to the firewall being mis-configured or race-condition. Try restarting the VM to see if this error persists. 

Failure file /var/run/anon-firewall/failed.status does not exist, ok. 

output of sudo systemctl status whonix-firewall: 

######################################## 
● whonix-firewall.service - Whonix firewall loader
Loaded: loaded (/lib/systemd/system/whonix-firewall.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2019-06-05 08:35:24 UTC; 33s ago
Docs: https://www.whonix.org/wiki/Whonix_Firewall
Process: 1503 ExecStart=/usr/lib/whonix-firewall/enable-firewall (code=exited, status=0/SUCCESS)
Main PID: 1503 (code=exited, status=0/SUCCESS)

Jun 05 08:35:22 host enable-firewall[1503]: OK: SDWDATE_USER: 108
Jun 05 08:35:22 host enable-firewall[1503]: OK: WHONIXCHECK_USER: 111
Jun 05 08:35:22 host enable-firewall[1503]: OK: NO_NAT_USERS: 109 106 105
Jun 05 08:35:24 host enable-firewall[1503]: OK: The firewall should not show any messages,
Jun 05 08:35:24 host enable-firewall[1503]: OK: besides output beginning with prefix OK:...
Jun 05 08:35:24 host sudo[2131]: root : TTY=unknown ; PWD=/ ; USER=sdwdate ; COMMAND=/usr/bin/tee -a /var/log/sdwdate.log
Jun 05 08:35:24 host sudo[2131]: pam_unix(sudo:session): session opened for user sdwdate by (uid=0)
Jun 05 08:35:24 host enable-firewall[1503]: 2019-06-05 08:35:24 - /usr/bin/whonix-gateway-firewall - OK: Whonix firewall loaded.
Jun 05 08:35:24 host sudo[2131]: pam_unix(sudo:session): session closed for user sdwdate
Jun 05 08:35:24 host systemd[1]: Started Whonix firewall loader. 
######################################## 

output of sudo journalctl -u whonix-firewall: 

######################################## 
-- Logs begin at Wed 2019-06-05 08:33:00 UTC, end at Wed 2019-06-05 08:35:57 UTC. --
Jun 05 08:35:03 host systemd[1]: Starting Whonix firewall loader...
Jun 05 08:35:03 host enable-firewall[258]: OK: Loading Whonix firewall...
Jun 05 08:35:05 host sudo[275]: root : TTY=unknown ; PWD=/ ; USER=sdwdate ; COMMAND=/usr/bin/tee -a /var/log/sdwdate.log
Jun 05 08:35:05 host sudo[275]: pam_unix(sudo:session): session opened for user sdwdate by (uid=0)
Jun 05 08:35:05 host enable-firewall[258]: 2019-06-05 08:35:03 - /usr/bin/whonix-gateway-firewall - OK: Skipping firewall mode detection since already set to 'full'.
Jun 05 08:35:05 host sudo[275]: pam_unix(sudo:session): session closed for user sdwdate
Jun 05 08:35:05 host sudo[420]: root : TTY=unknown ; PWD=/ ; USER=sdwdate ; COMMAND=/usr/bin/tee -a /var/log/sdwdate.log
Jun 05 08:35:05 host sudo[420]: pam_unix(sudo:session): session opened for user sdwdate by (uid=0)
Jun 05 08:35:05 host enable-firewall[258]: 2019-06-05 08:35:05 - /usr/bin/whonix-gateway-firewall - OK: (Full torified network access allowed.)
Jun 05 08:35:05 host sudo[420]: pam_unix(sudo:session): session closed for user sdwdate
Jun 05 08:35:05 host enable-firewall[258]: OK: TOR_USER: 105
Jun 05 08:35:05 host enable-firewall[258]: OK: CLEARNET_USER: 109
Jun 05 08:35:05 host enable-firewall[258]: OK: USER_USER: 1000
Jun 05 08:35:05 host enable-firewall[258]: OK: ROOT_USER: 0
Jun 05 08:35:05 host enable-firewall[258]: OK: TUNNEL_USER: 106
Jun 05 08:35:05 host enable-firewall[258]: OK: SDWDATE_USER: 108
Jun 05 08:35:05 host enable-firewall[258]: OK: WHONIXCHECK_USER: 111
Jun 05 08:35:05 host enable-firewall[258]: OK: NO_NAT_USERS: 109 106 105
Jun 05 08:33:03 host enable-firewall[258]: OK: The firewall should not show any messages,
Jun 05 08:33:03 host enable-firewall[258]: OK: besides output beginning with prefix OK:...
Jun 05 08:33:03 host sudo[800]: root : TTY=unknown ; PWD=/ ; USER=sdwdate ; COMMAND=/usr/bin/tee -a /var/log/sdwdate.log
Jun 05 08:33:03 host sudo[800]: pam_unix(sudo:session): session opened for user sdwdate by (uid=0)
Jun 05 08:33:03 host enable-firewall[258]: 2019-06-05 08:33:03 - /usr/bin/whonix-gateway-firewall - OK: Whonix firewall loaded.
Jun 05 08:33:03 host sudo[800]: pam_unix(sudo:session): session closed for user sdwdate
Jun 05 08:33:03 host systemd[1]: Started Whonix firewall loader.
Jun 05 08:35:22 host systemd[1]: whonix-firewall.service: Succeeded.
Jun 05 08:35:22 host systemd[1]: Stopped Whonix firewall loader.
Jun 05 08:35:22 host systemd[1]: Stopping Whonix firewall loader...
Jun 05 08:35:22 host systemd[1]: Starting Whonix firewall loader...
Jun 05 08:35:22 host enable-firewall[1503]: OK: Loading Whonix firewall...
Jun 05 08:35:22 host sudo[1517]: root : TTY=unknown ; PWD=/ ; USER=sdwdate ; COMMAND=/usr/bin/tee -a /var/log/sdwdate.log
Jun 05 08:35:22 host sudo[1517]: pam_unix(sudo:session): session opened for user sdwdate by (uid=0)
Jun 05 08:35:22 host enable-firewall[1503]: 2019-06-05 08:35:22 - /usr/bin/whonix-gateway-firewall - OK: Skipping firewall mode detection since already set to 'full'.
Jun 05 08:35:22 host sudo[1517]: pam_unix(sudo:session): session closed for user sdwdate
Jun 05 08:35:22 host sudo[1522]: root : TTY=unknown ; PWD=/ ; USER=sdwdate ; COMMAND=/usr/bin/tee -a /var/log/sdwdate.log
Jun 05 08:35:22 host sudo[1522]: pam_unix(sudo:session): session opened for user sdwdate by (uid=0)
Jun 05 08:35:22 host enable-firewall[1503]: 2019-06-05 08:35:22 - /usr/bin/whonix-gateway-firewall - OK: (Full torified network access allowed.)
Jun 05 08:35:22 host sudo[1522]: pam_unix(sudo:session): session closed for user sdwdate
Jun 05 08:35:22 host enable-firewall[1503]: OK: TOR_USER: 105
Jun 05 08:35:22 host enable-firewall[1503]: OK: CLEARNET_USER: 109
Jun 05 08:35:22 host enable-firewall[1503]: OK: USER_USER: 1000
Jun 05 08:35:22 host enable-firewall[1503]: OK: ROOT_USER: 0
Jun 05 08:35:22 host enable-firewall[1503]: OK: TUNNEL_USER: 106
Jun 05 08:35:22 host enable-firewall[1503]: OK: SDWDATE_USER: 108
Jun 05 08:35:22 host enable-firewall[1503]: OK: WHONIXCHECK_USER: 111
Jun 05 08:35:22 host enable-firewall[1503]: OK: NO_NAT_USERS: 109 106 105
Jun 05 08:35:24 host enable-firewall[1503]: OK: The firewall should not show any messages,
Jun 05 08:35:24 host enable-firewall[1503]: OK: besides output beginning with prefix OK:...
Jun 05 08:35:24 host sudo[2131]: root : TTY=unknown ; PWD=/ ; USER=sdwdate ; COMMAND=/usr/bin/tee -a /var/log/sdwdate.log
Jun 05 08:35:24 host sudo[2131]: pam_unix(sudo:session): session opened for user sdwdate by (uid=0)
Jun 05 08:35:24 host enable-firewall[1503]: 2019-06-05 08:35:24 - /usr/bin/whonix-gateway-firewall - OK: Whonix firewall loaded.
Jun 05 08:35:24 host sudo[2131]: pam_unix(sudo:session): session closed for user sdwdate
Jun 05 08:35:24 host systemd[1]: Started Whonix firewall loader. 
######################################## 

To see this for yourself... 
1. Open a terminal. (Start Menu -> System -> Terminal) 
2. Run. 
sudo systemctl status whonix-firewall

2. Also see. 
sudo journalctl -u whonix-firewall | cat

3. Try to manually start Whonix firewall. 
sudo whonix_firewall
If you know what you are doing, feel free to disable this check. Create a file /etc/whonix.d/50_whonixcheck_user.conf and add: 
whonixcheck_skip_functions+=" check_whonix_firewall_systemd_status "

When installing fresh version and trying to upgrade: (gone after restart)