Whonix XFCE Development



iirc there is no preview without some image viewer installed. I added ristretto for this but I can remove it again, but there is also an option somewhere to disable preview with ristretto.

Yeah, I already have a xfce config package which puts stuff in there. End result after a build is a desktop like in the images above. Will post code soon™


I suggest we disable previews / thumbnails for better security.

That aspect of thunar config now good (doubt there is much more to configure?):

I opened some pull requests. I’m not sure about the actual purpose of the terminal wrapper. The original file also did not really work.
The Xfce desktop config lives here: GitHub - Algernon-01/whonix-xfce-desktop-config: Configuration for Whonix Xfce desktop.
In there I also disabled the preview for Thunar since it contains the xml file anyways. So I guess the file in security misc can be removed. I’m also not sure what file would take precedence in case there are two in /etc/skel.
It also seems to be possible to decrease the RAM to 350 MB for the gateway and the desktop still works fine.

1 Like

Most merged.

Purpose: not having to hardcode konsole or any other terminal emulator.

~/Whonix $ mygrep -r terminal-wrapper
+ exec grep --exclude=README.md --exclude=GPLv2 --exclude=GPLv3 --exclude=COPYING --exclude=changelog.upstream-old1 --exclude-dir=mnt --exclude-dir=qubes-src/linux-template-builder/mnt --exclude=changelog.upstream --exclude-dir=.git --exclude-dir=chroot-debian --exclude-dir=chroot-jessie -r terminal-wrapper
packages/whonix-firewall/usr/share/applications/whonix-reloadfirewall.desktop:Exec=/usr/lib/anon-shared-helper-scripts/terminal-wrapper /usr/lib/whonix-firewall/reloadfirewall

packages/anon-gw-anonymizer-config/usr/share/applications/gateway-restarttor.desktop:Exec=/usr/lib/anon-shared-helper-scripts/terminal-wrapper /usr/lib/gateway-shortcuts/restarttor
packages/anon-gw-anonymizer-config/usr/share/applications/gateway-reloadtor.desktop:Exec=/usr/lib/anon-shared-helper-scripts/terminal-wrapper /usr/lib/gateway-shortcuts/reloadtor
packages/anon-gw-anonymizer-config/usr/share/applications/gateway-stoptor.desktop:Exec=/usr/lib/anon-shared-helper-scripts/terminal-wrapper /usr/lib/gateway-shortcuts/stoptor
packages/anon-gw-anonymizer-config/usr/share/applications/gateway-arm.desktop:Exec=/usr/lib/anon-shared-helper-scripts/terminal-wrapper /usr/lib/gateway-shortcuts/arm
packages/anon-gw-anonymizer-config/usr/share/lintian/overrides/anon-gw-anonymizer-config:## usr/lib/anon-shared-helper-scripts/terminal-wrapper gets by anon-shared-helper-scripts
packages/sdwdate-gui/usr/lib/sdwdate-gui/log-viewer:/usr/lib/anon-shared-helper-scripts/terminal-wrapper "tail -f -n 100 /var/log/sdwdate.log"

Not well tested yet.

I’d rather keep it there since it would benefit Non-XFCE users as well (those using Thunar).

Even Qubes is interested in the security-misc package.

Not possible. Leads to package conflict. A file cannot be owned by two packages at the same time. Breaks apt-get (possible to repair but non-obvious for most users, not pretty to have support requests for that).

Yay! (Quite likely XFCE will become Non-Qubes-Whonix default download.)

Even apt-get / kernel upgrade does not freeze the VM?





Could you please remove any settings (if removeable) which you don’t explicitly intent to change?

For example in https://github.com/Algernon-01/whonix-xfce-desktop-config/blob/master/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml

I doubt <property name="last-separator-position" type="int" value="170"/> is intended?

Reason: any extraneous settings we’re not sure why we are changing / not sure what they are doing can cause issues now or later; obsolete code; generating follow up questions.

In case of thunar disabling thumbnails security-misc/thunar.xml at master · Kicksecure/security-misc · GitHub is more minimal, better.

Can we add comments to these xml files?

  • licensing
  • documenting rationale for changing settings?

For example in whonix-xfce-desktop-config/xfce4-desktop.xml at master · Algernon-01/whonix-xfce-desktop-config · GitHub I am wondering about the rationale of:

  • <property name=“show-trash” type=“bool” value=“false”/>
  • <property name=“show-removable” type=“bool” value=“false”/>
  • <property name=“window-width” type=“int” value=“634”/>
  • <property name=“window-height” type=“int” value=“460”/>

and more in other files. We shouldn’t preconfigure to our liking and then just share the ~/.config folder. Much better to keep it minimal.

https://github.com/Whonix/anon-shared-helper-scripts/blob/master/usr/lib/anon-shared-helper-scripts/terminal-wrapper should be working nicely now.

All merged. All uploaded to Whonix stretch-developers repository. Whonix/Whonix git tag Untested.

Good question. Need to test it.


Some of the settings like window-width can probably be removed. But other ones are used to hide some desktop icons (trash can, removable drives …), showing hidden files, configuration of the wallpaper and icon theme. Otherwise the desktop would not look as pleasant as it does. I’m biased of course :slight_smile: Some settings are also always set automatically by Xfce. I’ll try to figure out what can be removed while keeping the look the same.

1 Like

I added a general description to the xml files: Removed some settings. Added description. thunar.xml will be added to… · Algernon-01/whonix-xfce-desktop-config@06d1633 · GitHub But at least for some files it will automatically be removed by Xfce if you change some settings. I’m not sure what to add for licensing, we also don’t have this for e.g. the libvirt xml files and several other ones.

I also tried apt-get and kernel upgrades with 350 MB RAM. It seemed to hang for a short time but everything worked and the VM did not crash.

1 Like

That’s very much ok. Only very good to have the comment inside the source files in the git repository. (Similar to compiled C code. Source file has license but compiled binary is not human readable.)

Same as usual, I guess. Can we use multiple comment blocks like that?
But since just (small?) settings file it may not be copyrighted anyhow. //cc @HulaHoop


  • Why disable volume management? Not useful in case of users plugging in USB disks?
  • Why show hidden icons (files, folders?) by default?

True. Config files are not copyrightable so you can choose to omit this or whatever you prefer.

Afaik using USB storage devices in VM’s is not really recommended. Volume Management is part of automounting USB devices though you still need to specifically enable it. Thunar-volman is the package used for automounting, it is installed in a default Xfce installation but not in Whonix. So atm disabling or enabling volume management should not really do anything but I’d still opt for keeping it disabled.
Regarding hidden files: I usually like to see what is going on, (evil) $things are obviously easier to hide when dot files/folder are hidden.

1 Like

Problem is if this is part of security-misc, it’s not a VM specific package.

Adding USB or not to VMs is up to the user. Qubes has a decent way to handle USB.

However, by turning Volume Management off by default, we worsen usability for Qubes?

  • Case: user not adding USB to VM -> no security harm by Volume Management being enabled?
  • Case: user adding USB to VM -> usability harm by Volume Management being disabled?

Does that make sense? So better leave it enabled?

I don’t think we’ll find any backdoor by showing hidden files by default. The usability impact is too big here to change the default. Unless we can argue that hidden files by default is actually bad for usability.

1 Like

Currently enabling or disabling does nothing since Thunar-Volman is not installed and you would also need to enable auomounting manually. It’s more like a 49 vs 51% decision.

Depends on the kind of backdoor or malware and people actually looking for such files. There are certainly better and more complex ways to hide files. The usability impact probably depends on personal preferences.

1 Like


Currently enabling or disabling does nothing since Thunar-Volman is not installed and you would also need to enable auomounting manually. It’s more like a 49 vs 51% decision.

So let’s not change it.

I’d even consider installing Thunar-Volman by default.

Depends on the kind of backdoor or malware and people actually looking for such files. There are certainly better and more complex ways to hide files. The usability impact probably depends on personal preferences.

Let’s keep them hidden by default. Usability will be worsened for most
users who get confused by much, much simpler things already.

1 Like

Really awesome exiting stuff going on here. :slight_smile:


Is now merged in https://github.com/Whonix/Whonix/tree/master/packages.

All build and uploaded to developers repository. Untested.

Whonix/Whonix untested tag:

Let’s hope ⚓ T721 deb.debian.org instead of us.debian.org and use https (SSL, TLS) by default / fix build --connection onion did not break Non-Qubes-Whonix builds.

1 Like