Whonix XFCE Development



Feel free to re-suggest this one.

We can’t get rid of orage unfortunately since package xfce depends on it.


1 Like


Whonix XFCE call for testers announcement is immanent. Any strong warning against it? Anything you’d like to mention?

Wiki already updated.

XFCE shall soon become the Whonix stable default download. It may still be a bit rough in the edges usability wise but still a ton better than KDE due to lower resource requirements / less VM freezes. Leaks are unlikely.



I already wondered where it went. I guess I’m going to close my related commit for now. I’d still add it in some way to the workstation together with mupdf. imho some image viewer is required for a decent user experience. The only other package where it could be added is “non-qubes-whonix-workstation-xfce” . Maybe also pulseaudio could be added to “whonix-workstation-packages-recommended-gui” and removed from “non-qubes-vm-enhancements-gui” before TNT_BOM_BOM sees it. Probably together with alsa utils and libasound. In this case “non-qubes-vm-enhancements-cli” could be merged with “non-qubes-vm-enhancements-gui” since they would only differ in one package.



Sure. We’ll add it somewhere.

Upon reflection kcalc, okular, gwenview, kgpg, libkf5kipi31.0.0, libkf5kipi-data does not fit into hardened-desktop-applications-kde either since that results getting it installed on Whonix-Gateway.

Why? pulseaudio seems to fit perfectly into non-qubes-vm-enhancements-gui.

(Qubes sorts out its own audio support. And since whonix-workstation-packages-recommended-gui also gets installed on Qubes, pulseaudio does not fit there. This would result in a package conflict if Qubes moves from pulseaudio to an incompatible package that cannot be installed at the same time.)

Same as above.



This is not too simple to solve. In theory, we’d need:

  • whonix-workstation-default-applications-kde AND,
  • whonix-workstation-default-applications-xfce

This even doesn’t answer how to deal with Hardened Debian. Will think about this later.

Due to the limited prospects of a future of Whonix KDE in Debian 10 buster, I went for a slightly unclean, faster, duplicate code, but still less code in total solution.



All recent changes up to are now in the stretch-developers repository.



Mostly because @TNT_BOM_BOM did not want to have it in the gateway. It would not be required in there.




Thanks! Fixed. :slight_smile:

1 Like


Reduced delete between non-qubes-whonix-(gateway|workstation)-(kde|xfce), hopefully didn’t introduce bugs.



It looks like maybe hardened-packages-recommended-cli and
hardened-packages-dependencies-cli can be merged since they are always used in the same place. The same seems to be true for whonix-shared-packages-recommended-cli and whonix-shared-packages-dependencies-cli. Also all of those could be merged, except for hardened-debian-cli where it would add whonix specific packages. hardened-debian-kde is also currently missing kde specific stuff.



All package upgrades mentioned above tested. Working well. Merged into testers repository.

Changes below are not yet build and in the repository.



Yes, let’s not add Whonix specific packages to Hardened Debian.

Yes. hardened-debian-kde isn’t much used yet. Only one untested developers-only build. I guess it is dead on arrival.

And for a future hardened-debian-xfce (TODO) we must be careful not to add applications we don’t want to see on Whonix-Gateway.



It’s not clear to me what is remaining TODO. Please consider creating http://phabricator.whonix.org tickets so we can track, assign and implement them. (Same goes for CLI version.)

One task coming to mind which I don’t know how to implement:

remove browser starter in xfce task bar

Btw session saving glad it got disabled. Due to saved session saw this issue: kdesudo error popup window ( sdwdate-gui )

What is PromptOnLogout? What does it prompt for? Does it prompt to save session?



When set to false and you go to Applications --> Log Out you will be logged out immediately instead of the default window appearing which asks for log out, reboot, shut down … So the default should be used which is “true”. Or just dont set it and Xfce will use true automatically.

1 Like


configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus)



Let’s consider to no longer depend on meta package xfce4. Instead, we could just depend on the individual packages we care about. Some packages that xfce4 depends on that we may not need or don’t want:



What’s the reasoning behind this? Will it be easier to move to alternative DEs in the future? Seems like a lot of deps to add manually instead of xfce4

1 Like


Unrelated since this only affects package hardened-desktop-environment-essential-xfce.

(Since we nowadays have non-qubes-whonix-gateway-cli and non-qubes-whonix-workstation-cli it is nowadays a lot easier to add support for other desktop environments compares to times where Whonix KDE was the only thing that existed.)

See reason for each individual package above. Overall reasons:

  • don’t install things which are a potential source of bugs (such as session management, remember this bug where KDE session saving caused this: kdesudo error popup window ( sdwdate-gui ))
  • avoid unnecessary things (such as power savings inside VM)
  • less potential privacy issues (sessions savings)
  • lower attack surface
  • save disk space
  • not have some unnecessary, potentially harmful package included when upgrading to the next major Debian version
1 Like



Agreed with your assessment of each. Pull the trigger :slight_smile: