Whonix XFCE Development

Mostly because @TNT_BOM_BOM did not want to have it in the gateway. It would not be required in there.



Thanks! Fixed. :slight_smile:

1 Like

Reduced delete between non-qubes-whonix-(gateway|workstation)-(kde|xfce), hopefully didn’t introduce bugs.

It looks like maybe hardened-packages-recommended-cli and
hardened-packages-dependencies-cli can be merged since they are always used in the same place. The same seems to be true for whonix-shared-packages-recommended-cli and whonix-shared-packages-dependencies-cli. Also all of those could be merged, except for hardened-debian-cli where it would add whonix specific packages. hardened-debian-kde is also currently missing kde specific stuff.

All package upgrades mentioned above tested. Working well. Merged into testers repository.

Changes below are not yet build and in the repository.



Yes, let’s not add Whonix specific packages to Hardened Debian.

Yes. hardened-debian-kde isn’t much used yet. Only one untested developers-only build. I guess it is dead on arrival.

And for a future hardened-debian-xfce (TODO) we must be careful not to add applications we don’t want to see on Whonix-Gateway.

It’s not clear to me what is remaining TODO. Please consider creating http://phabricator.whonix.org tickets so we can track, assign and implement them. (Same goes for CLI version.)

One task coming to mind which I don’t know how to implement:

remove browser starter in xfce task bar

Btw session saving glad it got disabled. Due to saved session saw this issue: kdesudo error popup window ( sdwdate-gui )

What is PromptOnLogout? What does it prompt for? Does it prompt to save session?

When set to false and you go to Applications --> Log Out you will be logged out immediately instead of the default window appearing which asks for log out, reboot, shut down … So the default should be used which is “true”. Or just dont set it and Xfce will use true automatically.

1 Like

configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus)

Let’s consider to no longer depend on meta package xfce4. Instead, we could just depend on the individual packages we care about. Some packages that xfce4 depends on that we may not need or don’t want:


What’s the reasoning behind this? Will it be easier to move to alternative DEs in the future? Seems like a lot of deps to add manually instead of xfce4

1 Like

Unrelated since this only affects package hardened-desktop-environment-essential-xfce.

(Since we nowadays have non-qubes-whonix-gateway-cli and non-qubes-whonix-workstation-cli it is nowadays a lot easier to add support for other desktop environments compares to times where Whonix KDE was the only thing that existed.)

See reason for each individual package above. Overall reasons:

  • don’t install things which are a potential source of bugs (such as session management, remember this bug where KDE session saving caused this: kdesudo error popup window ( sdwdate-gui ))
  • avoid unnecessary things (such as power savings inside VM)
  • less potential privacy issues (sessions savings)
  • lower attack surface
  • save disk space
  • not have some unnecessary, potentially harmful package included when upgrading to the next major Debian version
1 Like


Agreed with your assessment of each. Pull the trigger :slight_smile:

Rich source of XFCE settings manipulation:


Anything useful for us there?

1 Like

It’s not clear to me yet how folder /etc/xdg/xfce4/xfconf/xfce-perchannel-xml (or more generally folder /etc/xdg/xfce4/) works. It may be a superior solution to folder /etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml.

Progress on disable removable drives auto-mounting - XFCE only (https://phabricator.whonix.org/T902) was made.

1 Like

/etc/xdg/xfce4/xfconf/xfce-perchannel-xml looks better in any case. Going to port to it.

1 Like

Debian /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-session" version="1.0">
  <property name="general" type="empty">
    <property name="FailsafeSessionName" type="string" value="Failsafe"/>
  <property name="sessions" type="empty">
    <property name="Failsafe" type="empty">
      <property name="IsFailsafe" type="bool" value="true"/>
      <property name="Count" type="int" value="5"/>
      <property name="Client0_Command" type="array">
        <value type="string" value="xfwm4"/>
      <property name="Client0_PerScreen" type="bool" value="false"/>
      <property name="Client1_Command" type="array">
        <value type="string" value="xfsettingsd"/>
      <property name="Client1_PerScreen" type="bool" value="false"/>
      <property name="Client2_Command" type="array">
        <value type="string" value="xfce4-panel"/>
      <property name="Client2_PerScreen" type="bool" value="false"/>
      <property name="Client3_Command" type="array">
        <value type="string" value="Thunar"/>
        <value type="string" value="--daemon"/>
      <property name="Client3_PerScreen" type="bool" value="false"/>
      <property name="Client4_Command" type="array">
        <value type="string" value="xfdesktop"/>
      <property name="Client4_PerScreen" type="bool" value="false"/>
  <property name="splash" type="empty">
    <property name="Engine" type="string" value=""/>


Preparing to unpack .../whonix-xfce-desktop-config_1.4-1_all.deb ...
Unpacking whonix-xfce-desktop-config (3:1.4-1) ...
dpkg: error processing archive /mnt/initialdeb/pool/main/w/whonix-xfce-desktop-config/whonix-xfce-desktop-config_1.4-1_all.deb (--unpack):
 trying to overwrite '\''/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml'\'', which is also in package xfce4-session 4.12.1-6
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)       '
+ apt_get_exit_code=100
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]