Pre-Release Audit of qubes-whonix 10.0.2-1

This announcement is pertaining to the Qubes + Whonix project for those interested in running Whonix on top of Qubes.

We have a newly developed and proposed version (10.0.2-1) of the “qubes-whonix” package, which is the primary module that allows Whonix to run seamlessly with Qubes. And before we go to release it, we are kicking off a brief audit period that is open to the Qubes + Whonix communities.

So if you have some developer knowledge and would like to look through the code, test things, or raise any usability or security concerns you find, then now is the best time to do so before we go to release the next version in the upcoming days.

This “qubes-whonix” package is planned to be used with the QubesBuilder [1] to generate new versions of the Whonix templates for Qubes.

Feel free to look through the code and let us know if you spot anything that needs attention.

The “qubes-whonix” package code repository is located here:

- https://github.com/Whonix/qubes-whonix

You can get more info about the audit and communicate with us through our audit forum thread:

- https://www.whonix.org/forum/index.php/topic,1169.0.html

You can find the primary documentation about the Qubes + Whonix project at:

- https://www.whonix.org/wiki/Qubes

Note that this audit period is brief and off-the-cuff, as we seem to spring new releases on the community without much notice or involvement. In the future, I hope our team can establish an even better open community centric release process for new versions of Qubes + Whonix with a bit more time for fair warning, auditing, and testing. As an example, Patrick does a good job of this with Whonix releases.

Thanks everyone! :D

References:
[1] https://www.qubes-os.org/doc/QubesBuilder

Posted in Qubes

Release Candidate! Testers Wanted! Whonix 10 ( 10.0.0.5.5 )

The version number for this testers-only release is 10.0.0.5.5, which will become Whonix 10 the moment it’s blessed stable.

Download link for Virtual Box images (.ova), experimental kvm / qemu / Qubes images and OpenPGP signatures (.asc):
http://mirror.whonix.de/10.0.0.5.5/

Upgrading Whonix 9 to Whonix 10:
– from the testers repository

If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1157.0.html

KVM Release Notes:

Existing users should update their xml files. See
https://www.whonix.org/forum/index.php/topic,827.0.html

Changelog between Whonix 9 and Whonix 10.0.0.5.0:

https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0

Changelog between Whonix 10.0.0.5.0 and Whonix 10.0.0.5.5:

– apparmor-profile-whonixcheck: fixes
– apparmor-profile-pidgin: fixes
– whonix-developer-meta-files: added a mirror tester script
– whonix-developer-meta-files: streamlined release maintenance scripts
– fix, no longer install tor package in Whonix-Workstation – https://phabricator.whonix.org/T262
– genmkfile: implemented “make git-tag-push”
– genmkfile: implemented “make reprepro-add”
– removed control-port-filter (bash) from source in favor of control-port-filter-python
– gpg-bash-lib: fixed dry run of gpg –fingerprint
– tb-updater: fix
– apparmor-profile-torbrowser: fixes
– whonix-legacy: fix broken gateway-firsttimesetup.desktop desktop icon after Whonix 9 -> Whonix 10 upgrade
– whonix-legacy: fix “Warning: Could not find ‘/usr/lib/whonixsetup’, starting ‘/bin/bash’ instead.  Please check your profile settings.” by deleting obsolete /etc/xdg/autostart/whonixsetup.desktop – https://www.whonix.org/forum/index.php/topic,971.0.html
– build-steps.d/2600_create-vbox-vm: Allow clipboard copying from the host to guest to ease entering bridges. – https://www.whonix.org/forum/index.php/topic,986.0.html
– Reverted:
— anon-meta-packages: added console-setup to anon-shared-packages-dependencies so users can use /etc/default/keyboard as alternative mechanism to change the keyboard layout
— anon-meta-packages: added console-data to anon-shared-packages-dependencies to make sure all three packages console-setup, console-data and console-common are installed.

Posted in testers-wanted

Testers Wanted! Whonix 10 ( 10.0.0.5.0 )

The version number for this testers-only release is 10.0.0.5.0, which will become Whonix 10 the moment it’s blessed stable.

Download link for Virtual Box images (.ova), experimental kvm /qemu / Qubes images and OpenPGP signatures (.asc):
http://mirror.whonix.de/10.0.0.5.0/

Upgrading Whonix 9 to Whonix 10:
– from the testers repository

If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1123.0.html

KVM Release Notes:

Existing users should update their xml files. See
https://www.whonix.org/forum/index.php/topic,827.0.html

Changelog between Whonix 9 and Whonix 10.0.0.5.0:

– build script: added retry feature to error handler; refactoring; output
– build script: added –auto-retry (default: 1) and –wait-auto-retry (default: 5) to error handler
– build script: implemented –dispatch-before-retry and –dispatch-after-retry
– ram adjusted desktop starter (rads): compatibility with gdm3
– build script:
workaround for
apt: Provide meaningful exit codes for gpg failures
W: A error occurred during the signature verification.
To catch situations such as:
The repository is not updated and the previous index files will be used.
GPG error: http://deb.torproject.org stable Release: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681
That apt-repository would otherwise be silently ignored without error notification.
– tb-default-browser: work on gnome compatibility
– tb-updater: updated man page
– whonixcheck: output
– added https://github.com/Whonix/apparmor-profile-gwenview to Whonix’s APT repository – thanks to @troubadoour
– package selection: install xserver-xorg-video-qxl by default (added xserver-xorg-video-qxl to anon-shared-desktop to aid kvm users getting higher desktop resolutions as per https://www.whonix.org/forum/index.php/topic,493.15/topicseen.html (thanks to HulaHoop for suggesting this))
– package selection: install kde-privacy by default (added kde-privacy to anon-shared-packages-recommended)
– added new package kde-privacy that deactivates deletes klipper contents on exit – thanks to z for suggesting
– package selection: added kde-common-resolution to anon-shared-desktop-kde
– added new package kde-common-resolution: Sets resolution to 1366×768 in KVM and VirtualBox in KDE
– build script: implemented –ignore-uncommitted
– build-script: Use `git clean` rather than “make deb-cleanup” for better security. It is also faster.
– build-script: No longer use `sort` in cleanup step for better security.
– build-script: No longer automatically cleanup before package building.
– build-script: moved whonix_build to help-steps/whonix_build_one
– build-script: renamed whonix_build_all to whonix_build
– build script: Now supports ./whonix_build –tor-gateway –tor-workstation — –build –vbox –qcow2 etc.
– build-script: implemented –all (which combines –tor-gateway –tor-workstation –tor-custom-workstation)
– updated frozen sources
– anon-meta-packages: Removed grub-pc from anon-shared-packages-dependencies. This is a weird dependency. The grub-pc should be already get installed in build-steps.d/1300_create-raw-image build step by grml-debootstrap (./grml_packages) which is fine for VM builds. For –install-to-root users it’s unnecessary, since they already have a booting system. As per https://github.com/Whonix/Whonix/issues/342.
– added new package: usability-misc
– package selection: added usability-misc to anon-shared-packages-recommended
– poweroff-passwordless: only for user “user”, not for all users
– bootclockrandomization: Set OLD_UNIXTIME variable right before calculation of NEW_UNIXTIME so calculation gets more accurate. Thanks to intrigeri for pointing that out! ( https://mailman.boum.org/pipermail/tails-dev/2014-September/006983.html )
– whonixcheck: Whonix News be 30 min lenient about signed before current time, implemented https://github.com/Whonix/Whonix/issues/275
– anon-shared-helper-scripts: added /usr/lib/anon-shared-helper-scripts/tor_signal_newnym.py
– apparmor-profile-(anondist|whonixcheck|sdwdate|timesync): Fixed Whonix-Gateway compatibility.
– anon-gw-anonymizer-config, anon-shared-helper-scripts: Fixed execution of /etc/cron.weeky/tor as per https://www.whonix.org/forum/index.php/topic,584.0.html, thanks to ir1s (https://www.whonix.org/forum/index.php?action=profile;u=335) for the bug report!
usability-misc: create once /home/user/Downloads, /home/user/Pictures
– sdwdate: fix, set sdwdate pool built in defaults to same values as in default config file
– sdwdate: updated time source pools
– sdwdate: fix, be quiet when using –quiet
– sdwdate: New option –echo-unixtime, echo remote unix time even when using –quiet.
– sdwdate: do not do anything if script was sourced (useful for external unit tests)
– sdwdate: create first success file /var/run/sdwdate/first_success
– sdwdate: implemented –timewarp-on-restartup and SDW_MODE restartup
– sdwdate: use sclockadj by default in restartup mode
– sdwdate: init script delete first success file when using force-reload
– sdwdate: init script new debugging option restartndclean
– msgcollector: make sure /var/run/msgcollector is mounted in RAM by mounting it as 10 MB big tmpfs
– msgcollector: use the much more efficient inotifywait rather than sleep/pulling
– msgcollector: msgdispatcher: wait forever in start up phase on very slow systems
– msgcollector: prevent duplicate instances; proper exit codes; clean up all daemons on shut down; refactoring
– whonixcheck: improved output of Whonix News
– timesync: don’t show “please do not use the internet until timesync succeeded” on sdwdate restart (#264) https://github.com/Whonix/Whonix/issues/264
– timesync: show success passive popup only in startup mode, not restartup mode
anon-meta-packages: make anon-workstation-default-applications depend on “pinentry-qt | pinentry-gtk | pinentry-curses | pinentry” rather than hardcoded “pinentry-qt”
– whonix-repository, whonixcheck: updated /usr/share/whonix/whonix-news-keys.d/patrick.asc (extended key until 2016, new key signature)
– msgcollector: implemented –status –progressbarxrunning
– apparmor-profile-whonixcheck: added /usr/share/torbrowser-launcher/torproject.pem r,
– whonixcheck: man page
– whonixcheck: added –no-del-tmp / DEL_TMP=”true” feature
– sdwdate: support use of .onion domains (not use –tlsv1 –proto =https then) for curl time fetching method
– sdwdate: updated man page
– build script: better git tag names that reflect stable, testers-only, developers-only (implemented https://github.com/Whonix/Whonix/issues/276)
– build script: implemented –clean –qcow2
– sdwdate: correct exit codes for sclockadj, sigterm exit 143, sigint exit 130
– anon-ws-disable-stacked-tor: Tor Browser 4.x compatibility fix
– tb-starter: Tor Browser 4.x compatibility fix
– whonixcheck: Improved whonixcheck warning when using multiple Whonix-Workstations on the same IP. Thanks to Jason Ayala for the suggestion (https://github.com/Whonix/Whonix/issues/352#issuecomment-60007137).
– whonixcheck: strip html from Whonix News
– sdwdate: Replaced `sdwdate`’s use of GNU `date` for converting untrusted date from remote servers with a `python` script /usr/lib/sdwdate/date_to_unixtime that uses `dateutil.parser`. Thanks to troubadoour for the review of usr/lib/sdwdate/date_to_unixtime.
timesync: when running timesync, always set clock using `date`, not `sclockadj`
– makefile: new target “make undist”, which deletes the upstream tarball
– makefile: $DISTDIR variable for make (un)dist, which defaults to “..” and can be used to create upstream tarballs in arbitrary locations
– makefile: refactoring, all function names and global variables now start with “make_” to make the script `source`ing friendly
– makefile: made `source`able
– makefile: new target “make debdist” and “make undebdist”
– build script: new whonix_build_config_dirs variable
– whonix-repository: fix root_check
– sdwdate: added libc6-dev as dependency to fix sclockadj error “/usr/include/ruby-2.1.0/ruby/defines.h:26:19: fatal error: stdio.h: No such file or directory” https://github.com/Whonix/Whonix/issues/360
– whonix-(gw|ws)-kde-desktop-conf: removed kde’s default network manager (NM) system tray icon, because it showed a misleading symbol (Whonix does not use NM. It uses ifupdown. NM is only installed by default to ease setting up VPNs.) Thanks to HulaHoop for the report. – https://www.whonix.org/forum/index.php/topic,532.0.html
– build script: deprecated –no-validate-libvirt-xml
– build script: implemented –conffile
– build script: implemented –grmlbin
– package selection: Removed apparmor-profiles from anon-shared-packages-recommended as suggested ( https://www.whonix.org/forum/index.php/topic,97.msg5045.html#msg5045 ) by Whonix AppArmor Profile Maintainer troubadour because they generate a lot of noise while having no effect.
– timesync: added hopefully Debian policy conform support for sending notifications by timesync when being run as sdwdate plugin to other user accounts than user “user”
– uwt: Fixed apt-get stream isolation port, thanks to nrgaway for the report!
– whonix-initializer: work on systemd support
– build script: added dh-systemd to list of build dependencies
– tb-updater: do not ask to start Tor Browser if tb-starter is not installed
build script: workaround for “bash: Shellshock fix breaks bash function exporting” – https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763164 – https://github.com/Whonix/Whonix/issues/367
– build script: use specific codename (wheezy) rather than generic code name (stable) as per “build script broken because of using grml-debootstrap with –release stable” – https://github.com/Whonix/Whonix/issues/368
– build script: updated frozen repository
– sdwdate: output: Use own pid rather than /proc/sys/kernel/random/uuid as ID.
– sdwdate: improved error handler
– sdwdate: Fixed sclockadj home folder permission issue. When users had group writeable permission on their root home folder, sclockadj would break due to ruby-inline complaining. Thanks to Jason Ayala (@JasonJAyalaP) for help fixing this. Now using /var/cache/sdwdate by default as INLINE cache dir. – https://github.com/Whonix/Whonix/issues/365
– sdwdate: stricter sudoers exceptions
– sdwdate: sclockadj fix: Fail when run (as normal user) without rights to change clock. Check return codes of clock_gettime and clock_settime. https://github.com/Whonix/Whonix/issues/370
– build script: new –apparmor has been added to build-steps.d/1200_create-debian-packages. It conveniently only builds all apparmor packages.
– build script: run check-virtualbox-vm-exists and install VirtualBox build dependencies only when using –target virtualbox.
– whonixcheck: Attempt to fix Windows hyperv VirtualBox detection bug: https://www.whonix.org/forum/index.php/topic,732.0.html
– sdwdate: refactoring, moved commands outside of functions form usr/lib/sdwdate/modules.d/sdwdate to usr/bin/sdwdate so usr/lib/sdwdate/modules.d/sdwdate can be sourced (by unit test)
– tb-updater: Create /home/user/tor-browser_$TB_LANG/Browser/Downloads folder for better AppArmor support as suggested by troubadour. – https://www.whonix.org/forum/index.php/topic,97.msg5541.html#msg5541
– build script: new “–target raw” to build raw images
– build script: help-steps/analyze_image: added support for –minimal; added –root as alternative to option name for –install-to-root
– build script: help-steps/analyze_image: –root now supports /path/to/folder, i.e. –root /path/to/folder
– build script: verifiable builds, build-steps.d/2800_create-report: can now analyze other (–target)s than virtualbox, i.e. also qcow2, raw and root.
– build script: verifiable builds, build-steps.d/2800_create-report: can now analyze multiple (–target)s at once.
– tb-starter, whonix-ws-start-menu-additions: fixed long icon bouncing bug when starting (kde launch feedback)
– build script: work on creating debian packaging for creating debs that include vm images
– build script: added packages python-guimessages and packages/whonix-setup-wizard
– build script: added packages/grub-output-verbose and packages/grub-screen-resolution
– build script: added python-all-dev and python-stdeb to build dependencies for building python setup.py packages
– build script: New build parameter –tb none|closed|failed. When set to closed, try installing Tor Browser, failing closed. When set to open, fail open. When unset or set to none, don’t attempt to install Tor Browser (default).
– anon-meta-packages: added console-setup to anon-shared-packages-dependencies so users can use /etc/default/keyboard as alternative mechanism to change the keyboard layout
– anon-meta-packages: added console-data to anon-shared-packages-dependencies to make sure all three packages console-setup, console-data and console-common are installed.
– anon-meta-packages: added menu to anon-shared-packages-recommended because it contains su-to-root. ticket: https://phabricator.whonix.org/T23
– generic makefile: do net set DEBMAIL to adrelanos personal e-mail address if not set
– generic makefile: use only lintian when environment variable make_use_lintian is set to yes
– generic makefile: only use gain_root_cmd when environment variable make_use_gain_root_command is set to true
– generic makefile: unless environment variable make_debdist_tolower is set to false, use lower case for debian tarball
– generic makefile: unless environment variable make_upstream_tarball_tolower is set to false, use lower case for upstream tarball
– generic makefile: also delete deb_dist folder when running make deb-clean
– package selection: Install VirtualBox Guest Additions by default when using –target virtualbox. ticket: https://phabricator.whonix.org/T13 forum discussion: https://www.whonix.org/forum/index.php/topic,758
– tb-starter: link open “Firefox is already running, but is not responding.” bug -> always start Tor Browser with –allow-remote – https://phabricator.whonix.org/T29
– anon-shared-build-inst-tb: Added support for environment variable anon_shared_inst_tb. When set to open, fail open. When set to close, fail close. When unset or set to none, don’t attempt to install Tor Browser.
– whonixcheck: whonixcheckdaemon, added support for .d-style drop-in configuration filers in /etc/default/whonixcheckd.d/
– whonixsetup: in x, prefer starting the graphical version whonix-setup-wizard, fall back to cli version whonixsetup when graphical version is not available
– whonixsetup: removed start menu entry and startup script for cli version whonixsetup because x version whonix-setup-wizard will add its own
– whonix-repository-wizard: added sudoers exception file etc/sudoers.d/whonix-setup-wizard for allowing to start whonix-setup-wizard as root without password for better usability when autostarting it
– tb-updater: Deactivating Tor Browser?s Internal Updater at least as long it does not support verification. See also:
– https://www.whonix.org/blog/tor-browser-updater-warning
– https://www.whonix.org/forum/index.php/topic,807
– tb-updater: make functions skipable through tb_skip_functions environment variable, so users could skip certain patches by using /etc/torbrowser.d configuration folder
– tb-updater: added timeout to extract function
– build script: got rid of grml_packages file in source root folder
– libvirt (KVM, QEMU): removed hugepages default (thanks to HulaHoop for the commit)
– libvirt (KVM, QEMU): disabled new timer hypervclock in libvirt since 1.2.2 (thanks to HulaHoop for the commit)
– build script: let reprepro create local apt repositories also for other architectures to ease porting to other architectures
– build script: moved libvirt folder to its own package https://github.com/Whonix/whonix-libvirt
– whonix-(gw|ws)-firewall: RELATED,ESTABLISHED -> ESTABLISHED https://phabricator.whonix.org/T28
– tb-updater: version parser, match for “-alpha-“, “-beta-“, “-rc-” rather than just “alpha”, “beta”, “rc”
– tb-updater: added experimental –alpha, –beta and –rc switches
– tb-updater: added new key tbb-team.asc as per https://trac.torproject.org/projects/tor/ticket/13407 which I verified to be signed by Georg Koppen
– anon-meta-packages: removed spice-vdagent from anon-shared-packages-recommended, because it became a weak recommended dependency in build-steps.d/1700_install-packages
– build-script: install spice-vdagent as weak recommended dependency
– build-script: show VirtualBox First Run Wizard for Whonix-Custom-Workstation – https://phabricator.whonix.org/T47
– apparmor-profile-torbrowser: added exception for Whonix’s local homepage
– tb-starter: open /usr/share/homepage/whonix-welcome-page/whonix.html as default homepage if that file is existing
– whonix-welcome-page: set, export environment variable TOR_DEFAULT_HOMEPAGE to set TorBrowser homepage to /usr/share/homepage/whonix-welcome-page/whonix.html https://trac.torproject.org/projects/tor/ticket/13835
– packaging: bumped compat from 8 to 9
– sdwdate, tb-updater, anon-shared-helper-scripts: refactoring, use errtrace and therefore fewer trap ERR’s required – https://phabricator.whonix.org/T48
– whonix-developer-meta-files: sign_images, use –verify-options show-notations
– anon-ws-disable-stacked-tor: Added: export TOR_NO_DISPLAY_NETWORK_SETTINGS=1 Environment variable to disable the “TorButton” -> “Open Network Settings…” menu item. It is not useful and confusing to have on a workstation, because Tor must be configured on the gateway, which is for security reasons forbidden from the gateway. https://trac.torproject.org/projects/tor/ticket/14100
– whonix-base-files: set: export TOR_HIDE_BROWSER_LOGO=1 Hide the Tor Browser Bundle (TBB) logo in tor-launcher. This is useful to avoid users confusing TBB and Whonix. Also useful when running tor-launcher in standalone mode, because then it’s not TBB that is starting. Lastly also useful avoid ​trademark issues when redistributing original, unmodified TBB in (linux) distributions. https://trac.torproject.org/projects/tor/ticket/14122 – https://www.torproject.org/docs/trademark-faq.html.en – https://www.whonix.org/wiki/Dev/TPO_Trademark
– whonixcheck: New config variable: whonixcheck_tor_bootstrap_wait_max – Default to 60. How long whonixcheck should wait at maximum until Tor bootstrap finished.
– whonixcheck: warn if whonix-initializer failed
– whonixcheck: ported to gpg-bash-lib
– whonixcheck: set -o errtrace, set -e until trap ERR has been set up
– whonix-initializer: add fail file in case first run initializer failed
– whonix-initializer: changed status file dir from /root/.whonix/ to /var/lib/whonix-initializer/status-files/
– gpg-bash-lib: new package – https://phabricator.whonix.org/T86 – https://github.com/Whonix/gpg-bash-lib
– tb-updater: ported to gpg-bash-lib – https://phabricator.whonix.org/T88 – https://github.com/Whonix/gpg-bash-lib
– tb-updater: Show when signature way made and ask for confirmation. Useful to detect downgrade or infinite freeze attack. – https://phabricator.whonix.org/T95
– tb-updater: Store and show last known signature creation date. – Useful to detect downgrade or infinite freeze attack. – https://phabricator.whonix.org/T96
– tb-updater: Authenticate file names. This is useful to detect a downgrade or indefinite freeze attack. To do this, the sha256sums.txt file needs to be verified using the sha256sums.txt.asc file. When that succeeded, the hash for the archive needs to be created and looked up within sha256sums.txt. – https://phabricator.whonix.org/T98
– open-link-confirmation: added graphical warning sign
– updated frozen repository
– anon-base-files: pre.bsh enable errtrace – https://phabricator.whonix.org/T101
– generic makefile: generic makefile: Check, that environment variable DEBEMAIL is not be empty when using “make deb-chl-bumpup”. Otherwise e-mail address in debian/changelog would default to user@host.localdomain and then lintian would complain and exit with failure code.
– whonixcheck: increased whonixcheck_tor_bootstrap_wait_max from 60 to 90
– build script: set -e before trap ERR gets enabled
– tb-updater: progress bar for extraction process
– anon-gw-anonymizer-config: reserved SocksPort 10.152.152.10:9152 for Tor Messenger – https://phabricator.whonix.org/T107
– anon-ws-disable-stacked-tor: Work on Tor Messenger Support: – Forward workstation 127.0.0.1 9152 to gateway 10.152.152.10 9152. (SocksPort) – Forward workstation 127.0.0.1 9153 to gateway 10.152.152.10 9052 where Control Port Filter Proxy. (ControlPort) – https://phabricator.whonix.org/T107
– whonix-ws-firewall: outgoing rule simplification – https://phabricator.whonix.org/T111
– Fixed Control Port Filter Proxy Connection by adding “iptables -A INPUT -p tcp -j REJECT –reject-with tcp-reset”. – https://phabricator.whonix.org/T112
– whonix-gw-firewall: support multiple external and internal interfaces – https://phabricator.whonix.org/T120
– whonix-gw-firewall: provide an option WORKSTATION_ALLOW_SOCKSIFIED to skip Tor SocksPort iptables rules – https://phabricator.whonix.org/T121
– build script: grml-debootstrap apt-get unsigned package install security bug workaround that is required for jessie and above – https://phabricator.whonix.org/T119
– whonixcheck: added qemu to list of supported virtualizers
– tb-starter: new TB_CUSTOM_HOMEPAGE setting; not touching default link to open when running outside of Whonix
– tb-starter: removed deprecated –recommend feature
– whonix-repository: postinst script, only enable bash -x, if xtrace has been enabled
– whonix-repository: postinst script, show output of whonix_repository tool for better transparency
– makefile: more efficient make install (fixed a bug, run ‘cp -R “$d” “$DESTDIR”‘ just one instead of for every file)
– makefile: if make_use_gain_root_command is unset, “./debian/gain-root-command” is executable and faketime is installed, then automatically set make_use_gain_root_command=”true”
– makefile: source ./make-helper-overrides.bsh if existing to allow overruling of functions
– makefile: source all files in ./make-helper-overrides.d if that folder is existing and if the files in that folder are executable to allow overruling of functions
– makefile: prepend package-version folder in upstream tarball
– makefile: made hardcoded list of folders to install (“bin boot dev etc home lib opt sbin srv sys usr var”) overwriteable through variable make_folder_list_for_un_and_install
– makefile: output
– makefile: new hook make_hook_at_the_end_of_get_destdir
– makefile: mkdir before cp when running make install (i.e. create eventually non-existing DESTDIR)
– makefile: mkdir only when directory does not exist
– makefile: bumped version number to 1.2
– makefile: make uch creates upstream changelog in changelog.upstream rather than debian/changelog.upstream
– makefile: new make deb-uachl-bumpup, Combination of make uch and make deb-chl-bumpup.
– makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning
– makefile: autodetect if lintian is available, automatically using it unless make_use_debian is set to false, failing open if automatically running it
– makefile: new, make lintian
– tb-updater, open-link-confirmation: set default button to cancel
– tb-updater: added progress bar for extraction
– msgcollector: added /usr/lib/msgcollector/pv_wrapper
– tb-updater: support running without having X running by reading answers from stdin
– build script: refactoring, renamed variable whonix_build_script_whonix_package to whonix_build_script_skip_package_install
– anon-shared-build-ban-nonfree: allow packages virtualbox-guest-utils and virtualbox-guest-x11 from contrib to be installed
– tb-updater, whonixcheck, sdwdate: instead of –socks5-hostname, use more modern –proxy + user:password@ip:port syntax for curl for better stream isolation – https://phabricator.whonix.org/T126
– tb-updater: distinct exit codes for each case of abort or failure
– build script: improved error handler output with process and function trace result
– build script: use non-interactive error handler, if stdin is not available
– sdwdate: BREAKING CHANGE: Changed mode of operation. Now using Tor hidden services (.onion) as time source. No longer supporting SSL/TLS, but connections to .onion’s are encrypted end-to-end with the advantage, that no malicious/broken SSL Certificate Authorities can interfere anymore. – https://phabricator.whonix.org/T131
– sdwdate: BRAKING CHANGE: deprecated –proxy, introduced –proxy-ip and –proxy-port
– sdwdate: BREAKING CHANGE: changed pool link format
– sdwdate: support comments for links in pools
– sdwdate: increased interval to INTERVAL=”180″ and MIN_INTERVAL=”60″ – https://phabricator.whonix.org/T147
– sdwdate: ported to url to unixtime
– sdwdate: refactored hook dispatching system for code reduction and to make it easier to add new hooks
– anon-meta-packages: install control-port-filter-python https://github.com/Whonix/control-port-filter-python replacement that has been written by @troubadoour https://github.com/troubadoour rather than control-port-filter https://github.com/Whonix/control-port-filter (bash)
– anon-gw-anonymizer-config: recommend control-port-filter-python rather than control-port-filter
– makefile generic: pass ${1+”$@”} to make_source_overrides_file and make_source_overrides_folder ${1+”$@”}
– makefile generic: added generic _hook_pre and _hook_post mechanism. Before calling any function, function function-name_hook_pre would be called and function-name_hook_post afterwards.
– makefile generic: for make deb-chl-bumpup, require DEBFULLNAME being set
– makefile generic: make deb-cleanup, delete “../${package}_”*-*_*”.deb” rather than “../${package}_”*-*”_all.deb”
– whonix-gw-firewall: provide hook after drop ipv4 invalid packages through variable GATEWAY_IPv4_DROP_INVALID_INCOMING_PACKAGES_POST_HOOK – https://phabricator.whonix.org/T176
– whonixcheck: Added usr/lib/apt-get-wrapper, a wrapper that exits 125, if output of apt-get update begins with “W:” or “E:”. Required to workaround several issues with apt-get exit codes. https://www.whonix.org/wiki/Dev/apt-get#Bugs  https://phabricator.whonix.org/T169
– build-script: check for network failures during build to make sure (security) repository is really in use – https://phabricator.whonix.org/T169
– tb-updater: new multiple version choice graphical user interface – thanks to troubadour for creating it! – https://phabricator.whonix.org/T149
– tb-updater: suggest lowest advertised version number by default because then chances are good, it is a stable and no alpha version – https://phabricator.whonix.org/T130
– tb-updater: fix, install stable rather than alpha by default since TBB version format changed – https://phabricator.whonix.org/T130
– whonixcheck: security workaround for “apt-get update” zero exit code discrepancy for network, gpg failures – https://phabricator.whonix.org/T194
– whonixcheck: output all functions when running –function without argument
– whonixsetup:
— added support for /var/cache/whonix-setup-wizard/status-files/whonixsetup.done
— added support for /var/cache/whonix-setup-wizard/status-files/whonixsetup.skip
— added support for /var/cache/whonix-setup-wizard/status-files/whonix_repository.done
— added support for /var/cache/whonix-setup-wizard/status-files/whonix_repository.skip
— added support for /var/cache/whonix-setup-wizard/status-files/disclaimer.done
— added support for /var/cache/whonix-setup-wizard/status-files/disclaimer.skip
— added support for legacy /var/lib/whonix/do_once/whonixsetup.done
– anon-meta-packages: no longer install anon-gw-first-run-notice by default because it has been incorporated into whonix-setup-wizard – https://phabricator.whonix.org/T228
– build script: break when attempting to build from non-tagged git by default – https://phabricator.whonix.org/T231
– tb-updater: improved architecture detection. ARCH can now be set to i386, i686, amd64 or one could also directly set ARCH_DOWNLOAD to for example to linux32 or linux64.
– whonix-repository: implemented –repository to fix “whonix-setup-wizard repository – code names issue – stable vs wheezy” – https://phabricator.whonix.org/T232
– added whonix-welcome-page to whonix-workstation-packages-recommended
– build script: code simplification – use deb [trusted=yes] rather than local signing key for local apt repository during build – https://phabricator.whonix.org/T246
– build script: check if we are building from a tag or not and –allow-untagged true
– build script: move backup raw image build steps out of main source code – https://phabricator.whonix.org/T249
– build script: build script should provide better optical separation of build steps – https://phabricator.whonix.org/T10
– build-script: build and install genmkfile – https://phabricator.whonix.org/T217
– refactoring: reduced code duplication generated by generic makefile (genmkfile) – https://phabricator.whonix.org/T217
– make tb-starter compatible with TBB 4.5a5 and above – https://phabricator.whonix.org/T253
– control-port-filter-python: added systemd service – https://phabricator.whonix.org/T106
– tb-updater: removed deactivation of TBB internal updater for TBB versions equal or higher than 4.5 because upstream fixed the security issue – https://phabricator.whonix.org/T105
– whonixcheck: implemented whonixcheck general Whonix News file – https://phabricator.whonix.org/T255
– whonixcheck: moved Whonix News files to mirror.whonix.de and use sourceforge as fallback – https://phabricator.whonix.org/T54
– whonix-repository: made baseuri configurable through WHONIX_APT_REPOSITORY_BASEURI environment and /etc/whonix.d configuration variable – https://phabricator.whonix.org/T54
– whonix-repository: moved Whonix APT Repository default baseuri from http://sourceforge.net/projects/whonixdevelopermetafiles/files/internal/ to http://mirror.whonix.de/whonixdevelopermetafiles/internal/
whonix-repository: made baseuri (WHONIX_APT_REPOSITORY_BASEURI) configurable through –baseuri command line parameter
– whonix-repository: add WHONIX_APT_REPOSITORY_BASEURI to auto generated configuration file

Posted in testers-wanted

towards a somewhat soon release of Whonix 10, postposting jessie/systemd support

For several reasons…

1) The TODO list for the release of Whonix 10 is getting smaller:
https://phabricator.whonix.org/maniphest/?statuses=open&allProjects=PHID-PROJ-azftsdqyk3mbrlzazoc6#R

2) Since the changelog for Whonix 10 is quite long already (https://www.whonix.org/blog/?p=1093&preview=1&_ppp=095bea96f1)…

3) And because of “release early, release often”…

4) And due to the brokenness of tb-updater, the many security enhancements in Whonix 10 and fixes:
https://www.whonix.org/forum/index.php/topic,1070.0.html
https://www.whonix.org/forum/index.php/topic,939.0.html
https://www.whonix.org/forum/index.php/topic,810.0.html
https://www.whonix.org/forum/index.php/topic,595.0.html

Therefore… I am proposing,
– to finish the remaining Whonix 10 TODO, to get Whonix 10 out somewhat soon
– to move jessie and systemd support [+ stuff someone contributes until then] to release goal of Whonix 11
– to move most Whonix 11 release goals to Whonix 12

Earlier I stated the release goal for Whonix 10 “ready to be upgraded to Debian jessie”. After working on actual jessie and systemd stuff, I learned that this is not really possible. We can either build packages with dh_installinit for wheezy or dh_systemd for jessie. Having them compatible with both suites at once seems unjustifiably difficult. What we could do however would be building a jessie based Whonix 11 and making upgrading to jessie mandatory for that upgrade.

I’ve asked troubadour, if we can remove the Whonix 10 tag for,
– whonix-setup-wizard polishing (https://phabricator.whonix.org/T190) and
– control-port-filter-python improvement (https://phabricator.whonix.org/T243)

What do you think about that plan? Is there anything you absolutely need/want to get merged in time for Whonix 10 – because otherwise everything would go evil – that you can eventually contribute before the rest of the Whonix 10 TODO is done?

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1071

Posted in Development

Can’t start Tor Browser in Whonix?

Please ‘stay tuned‘, because you missed an important news:
Bug: Tor Browser Alpha rather than Tor Browser Stable being installed by Tor Browser Updater (AnonDist)

If you want to start the alpha anyhow, which is recommended against (rather get the stable), go to start menu -> File Manager -> /home/user/tor-browser_en-US -> double click ‘start-tor-browser.desktop’.

It will be fixed in Whonix 10.

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1070.0.html

Posted in Important

Legal

Categories

Archives

Contribute

Would you like to contribute to the Whonix project?

Contributing can be as easy as sharing the blog over social media, volunteering, or making a monetary donation.

For more ideas on how to get involved see the "Contribute" and "Testers-Wanted" categories.

Thanks!

- Whonix Staff