Whonix https://www.whonix.org/blog Privacy and Anonymity OS Fri, 10 Apr 2015 21:24:59 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.1 Testers Wanted! Whonix 10 ( 10.0.0.5.0 ) https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0 https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0#comments Thu, 09 Apr 2015 23:07:36 +0000 https://www.whonix.org/blog/?p=1543 The version number for this testers-only release is 10.0.0.5.0, which will become Whonix 10 the moment it’s blessed stable. Download link for Virtual Box images (.ova), experimental kvm /qemu / Qubes images and OpenPGP signatures (.asc): http://mirror.whonix.de/10.0.0.5.0/ Upgrading Whonix 9

The post Testers Wanted! Whonix 10 ( 10.0.0.5.0 ) appeared first on Whonix.

]]>
The version number for this testers-only release is 10.0.0.5.0, which will become Whonix 10 the moment it’s blessed stable.

Download link for Virtual Box images (.ova), experimental kvm /qemu / Qubes images and OpenPGP signatures (.asc):
http://mirror.whonix.de/10.0.0.5.0/

Upgrading Whonix 9 to Whonix 10:
– from the testers repository

If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1123.0.html

KVM Release Notes:

Existing users should update their xml files. See
https://www.whonix.org/forum/index.php/topic,827.0.html

Changelog between Whonix 9 and Whonix 10.0.0.5.0:

– build script: added retry feature to error handler; refactoring; output
– build script: added –auto-retry (default: 1) and –wait-auto-retry (default: 5) to error handler
– build script: implemented –dispatch-before-retry and –dispatch-after-retry
– ram adjusted desktop starter (rads): compatibility with gdm3
– build script:
workaround for
apt: Provide meaningful exit codes for gpg failures
W: A error occurred during the signature verification.
To catch situations such as:
The repository is not updated and the previous index files will be used.
GPG error: http://deb.torproject.org stable Release: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681
That apt-repository would otherwise be silently ignored without error notification.
– tb-default-browser: work on gnome compatibility
– tb-updater: updated man page
– whonixcheck: output
– added https://github.com/Whonix/apparmor-profile-gwenview to Whonix’s APT repository – thanks to @troubadoour
– package selection: install xserver-xorg-video-qxl by default (added xserver-xorg-video-qxl to anon-shared-desktop to aid kvm users getting higher desktop resolutions as per https://www.whonix.org/forum/index.php/topic,493.15/topicseen.html (thanks to HulaHoop for suggesting this))
– package selection: install kde-privacy by default (added kde-privacy to anon-shared-packages-recommended)
– added new package kde-privacy that deactivates deletes klipper contents on exit – thanks to z for suggesting
– package selection: added kde-common-resolution to anon-shared-desktop-kde
– added new package kde-common-resolution: Sets resolution to 1366×768 in KVM and VirtualBox in KDE
– build script: implemented –ignore-uncommitted
– build-script: Use `git clean` rather than “make deb-cleanup” for better security. It is also faster.
– build-script: No longer use `sort` in cleanup step for better security.
– build-script: No longer automatically cleanup before package building.
– build-script: moved whonix_build to help-steps/whonix_build_one
– build-script: renamed whonix_build_all to whonix_build
– build script: Now supports ./whonix_build –tor-gateway –tor-workstation — –build –vbox –qcow2 etc.
– build-script: implemented –all (which combines –tor-gateway –tor-workstation –tor-custom-workstation)
– updated frozen sources
– anon-meta-packages: Removed grub-pc from anon-shared-packages-dependencies. This is a weird dependency. The grub-pc should be already get installed in build-steps.d/1300_create-raw-image build step by grml-debootstrap (./grml_packages) which is fine for VM builds. For –install-to-root users it’s unnecessary, since they already have a booting system. As per https://github.com/Whonix/Whonix/issues/342.
– added new package: usability-misc
– package selection: added usability-misc to anon-shared-packages-recommended
– poweroff-passwordless: only for user “user”, not for all users
– bootclockrandomization: Set OLD_UNIXTIME variable right before calculation of NEW_UNIXTIME so calculation gets more accurate. Thanks to intrigeri for pointing that out! ( https://mailman.boum.org/pipermail/tails-dev/2014-September/006983.html )
– whonixcheck: Whonix News be 30 min lenient about signed before current time, implemented https://github.com/Whonix/Whonix/issues/275
– anon-shared-helper-scripts: added /usr/lib/anon-shared-helper-scripts/tor_signal_newnym.py
– apparmor-profile-(anondist|whonixcheck|sdwdate|timesync): Fixed Whonix-Gateway compatibility.
– anon-gw-anonymizer-config, anon-shared-helper-scripts: Fixed execution of /etc/cron.weeky/tor as per https://www.whonix.org/forum/index.php/topic,584.0.html, thanks to ir1s (https://www.whonix.org/forum/index.php?action=profile;u=335) for the bug report!
usability-misc: create once /home/user/Downloads, /home/user/Pictures
– sdwdate: fix, set sdwdate pool built in defaults to same values as in default config file
– sdwdate: updated time source pools
– sdwdate: fix, be quiet when using –quiet
– sdwdate: New option –echo-unixtime, echo remote unix time even when using –quiet.
– sdwdate: do not do anything if script was sourced (useful for external unit tests)
– sdwdate: create first success file /var/run/sdwdate/first_success
– sdwdate: implemented –timewarp-on-restartup and SDW_MODE restartup
– sdwdate: use sclockadj by default in restartup mode
– sdwdate: init script delete first success file when using force-reload
– sdwdate: init script new debugging option restartndclean
– msgcollector: make sure /var/run/msgcollector is mounted in RAM by mounting it as 10 MB big tmpfs
– msgcollector: use the much more efficient inotifywait rather than sleep/pulling
– msgcollector: msgdispatcher: wait forever in start up phase on very slow systems
– msgcollector: prevent duplicate instances; proper exit codes; clean up all daemons on shut down; refactoring
– whonixcheck: improved output of Whonix News
– timesync: don’t show “please do not use the internet until timesync succeeded” on sdwdate restart (#264) https://github.com/Whonix/Whonix/issues/264
– timesync: show success passive popup only in startup mode, not restartup mode
anon-meta-packages: make anon-workstation-default-applications depend on “pinentry-qt | pinentry-gtk | pinentry-curses | pinentry” rather than hardcoded “pinentry-qt”
– whonix-repository, whonixcheck: updated /usr/share/whonix/whonix-news-keys.d/patrick.asc (extended key until 2016, new key signature)
– msgcollector: implemented –status –progressbarxrunning
– apparmor-profile-whonixcheck: added /usr/share/torbrowser-launcher/torproject.pem r,
– whonixcheck: man page
– whonixcheck: added –no-del-tmp / DEL_TMP=”true” feature
– sdwdate: support use of .onion domains (not use –tlsv1 –proto =https then) for curl time fetching method
– sdwdate: updated man page
– build script: better git tag names that reflect stable, testers-only, developers-only (implemented https://github.com/Whonix/Whonix/issues/276)
– build script: implemented –clean –qcow2
– sdwdate: correct exit codes for sclockadj, sigterm exit 143, sigint exit 130
– anon-ws-disable-stacked-tor: Tor Browser 4.x compatibility fix
– tb-starter: Tor Browser 4.x compatibility fix
– whonixcheck: Improved whonixcheck warning when using multiple Whonix-Workstations on the same IP. Thanks to Jason Ayala for the suggestion (https://github.com/Whonix/Whonix/issues/352#issuecomment-60007137).
– whonixcheck: strip html from Whonix News
– sdwdate: Replaced `sdwdate`’s use of GNU `date` for converting untrusted date from remote servers with a `python` script /usr/lib/sdwdate/date_to_unixtime that uses `dateutil.parser`. Thanks to troubadoour for the review of usr/lib/sdwdate/date_to_unixtime.
timesync: when running timesync, always set clock using `date`, not `sclockadj`
– makefile: new target “make undist”, which deletes the upstream tarball
– makefile: $DISTDIR variable for make (un)dist, which defaults to “..” and can be used to create upstream tarballs in arbitrary locations
– makefile: refactoring, all function names and global variables now start with “make_” to make the script `source`ing friendly
– makefile: made `source`able
– makefile: new target “make debdist” and “make undebdist”
– build script: new whonix_build_config_dirs variable
– whonix-repository: fix root_check
– sdwdate: added libc6-dev as dependency to fix sclockadj error “/usr/include/ruby-2.1.0/ruby/defines.h:26:19: fatal error: stdio.h: No such file or directory” https://github.com/Whonix/Whonix/issues/360
– whonix-(gw|ws)-kde-desktop-conf: removed kde’s default network manager (NM) system tray icon, because it showed a misleading symbol (Whonix does not use NM. It uses ifupdown. NM is only installed by default to ease setting up VPNs.) Thanks to HulaHoop for the report. – https://www.whonix.org/forum/index.php/topic,532.0.html
– build script: deprecated –no-validate-libvirt-xml
– build script: implemented –conffile
– build script: implemented –grmlbin
– package selection: Removed apparmor-profiles from anon-shared-packages-recommended as suggested ( https://www.whonix.org/forum/index.php/topic,97.msg5045.html#msg5045 ) by Whonix AppArmor Profile Maintainer troubadour because they generate a lot of noise while having no effect.
– timesync: added hopefully Debian policy conform support for sending notifications by timesync when being run as sdwdate plugin to other user accounts than user “user”
– uwt: Fixed apt-get stream isolation port, thanks to nrgaway for the report!
– whonix-initializer: work on systemd support
– build script: added dh-systemd to list of build dependencies
– tb-updater: do not ask to start Tor Browser if tb-starter is not installed
build script: workaround for “bash: Shellshock fix breaks bash function exporting” – https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763164 – https://github.com/Whonix/Whonix/issues/367
– build script: use specific codename (wheezy) rather than generic code name (stable) as per “build script broken because of using grml-debootstrap with –release stable” – https://github.com/Whonix/Whonix/issues/368
– build script: updated frozen repository
– sdwdate: output: Use own pid rather than /proc/sys/kernel/random/uuid as ID.
– sdwdate: improved error handler
– sdwdate: Fixed sclockadj home folder permission issue. When users had group writeable permission on their root home folder, sclockadj would break due to ruby-inline complaining. Thanks to Jason Ayala (@JasonJAyalaP) for help fixing this. Now using /var/cache/sdwdate by default as INLINE cache dir. – https://github.com/Whonix/Whonix/issues/365
– sdwdate: stricter sudoers exceptions
– sdwdate: sclockadj fix: Fail when run (as normal user) without rights to change clock. Check return codes of clock_gettime and clock_settime. https://github.com/Whonix/Whonix/issues/370
– build script: new –apparmor has been added to build-steps.d/1200_create-debian-packages. It conveniently only builds all apparmor packages.
– build script: run check-virtualbox-vm-exists and install VirtualBox build dependencies only when using –target virtualbox.
– whonixcheck: Attempt to fix Windows hyperv VirtualBox detection bug: https://www.whonix.org/forum/index.php/topic,732.0.html
– sdwdate: refactoring, moved commands outside of functions form usr/lib/sdwdate/modules.d/sdwdate to usr/bin/sdwdate so usr/lib/sdwdate/modules.d/sdwdate can be sourced (by unit test)
– tb-updater: Create /home/user/tor-browser_$TB_LANG/Browser/Downloads folder for better AppArmor support as suggested by troubadour. – https://www.whonix.org/forum/index.php/topic,97.msg5541.html#msg5541
– build script: new “–target raw” to build raw images
– build script: help-steps/analyze_image: added support for –minimal; added –root as alternative to option name for –install-to-root
– build script: help-steps/analyze_image: –root now supports /path/to/folder, i.e. –root /path/to/folder
– build script: verifiable builds, build-steps.d/2800_create-report: can now analyze other (–target)s than virtualbox, i.e. also qcow2, raw and root.
– build script: verifiable builds, build-steps.d/2800_create-report: can now analyze multiple (–target)s at once.
– tb-starter, whonix-ws-start-menu-additions: fixed long icon bouncing bug when starting (kde launch feedback)
– build script: work on creating debian packaging for creating debs that include vm images
– build script: added packages python-guimessages and packages/whonix-setup-wizard
– build script: added packages/grub-output-verbose and packages/grub-screen-resolution
– build script: added python-all-dev and python-stdeb to build dependencies for building python setup.py packages
– build script: New build parameter –tb none|closed|failed. When set to closed, try installing Tor Browser, failing closed. When set to open, fail open. When unset or set to none, don’t attempt to install Tor Browser (default).
– anon-meta-packages: added console-setup to anon-shared-packages-dependencies so users can use /etc/default/keyboard as alternative mechanism to change the keyboard layout
– anon-meta-packages: added console-data to anon-shared-packages-dependencies to make sure all three packages console-setup, console-data and console-common are installed.
– anon-meta-packages: added menu to anon-shared-packages-recommended because it contains su-to-root. ticket: https://phabricator.whonix.org/T23
– generic makefile: do net set DEBMAIL to adrelanos personal e-mail address if not set
– generic makefile: use only lintian when environment variable make_use_lintian is set to yes
– generic makefile: only use gain_root_cmd when environment variable make_use_gain_root_command is set to true
– generic makefile: unless environment variable make_debdist_tolower is set to false, use lower case for debian tarball
– generic makefile: unless environment variable make_upstream_tarball_tolower is set to false, use lower case for upstream tarball
– generic makefile: also delete deb_dist folder when running make deb-clean
– package selection: Install VirtualBox Guest Additions by default when using –target virtualbox. ticket: https://phabricator.whonix.org/T13 forum discussion: https://www.whonix.org/forum/index.php/topic,758
– tb-starter: link open “Firefox is already running, but is not responding.” bug -> always start Tor Browser with –allow-remote – https://phabricator.whonix.org/T29
– anon-shared-build-inst-tb: Added support for environment variable anon_shared_inst_tb. When set to open, fail open. When set to close, fail close. When unset or set to none, don’t attempt to install Tor Browser.
– whonixcheck: whonixcheckdaemon, added support for .d-style drop-in configuration filers in /etc/default/whonixcheckd.d/
– whonixsetup: in x, prefer starting the graphical version whonix-setup-wizard, fall back to cli version whonixsetup when graphical version is not available
– whonixsetup: removed start menu entry and startup script for cli version whonixsetup because x version whonix-setup-wizard will add its own
– whonix-repository-wizard: added sudoers exception file etc/sudoers.d/whonix-setup-wizard for allowing to start whonix-setup-wizard as root without password for better usability when autostarting it
– tb-updater: Deactivating Tor Browser?s Internal Updater at least as long it does not support verification. See also:
– https://www.whonix.org/blog/tor-browser-updater-warning
– https://www.whonix.org/forum/index.php/topic,807
– tb-updater: make functions skipable through tb_skip_functions environment variable, so users could skip certain patches by using /etc/torbrowser.d configuration folder
– tb-updater: added timeout to extract function
– build script: got rid of grml_packages file in source root folder
– libvirt (KVM, QEMU): removed hugepages default (thanks to HulaHoop for the commit)
– libvirt (KVM, QEMU): disabled new timer hypervclock in libvirt since 1.2.2 (thanks to HulaHoop for the commit)
– build script: let reprepro create local apt repositories also for other architectures to ease porting to other architectures
– build script: moved libvirt folder to its own package https://github.com/Whonix/whonix-libvirt
– whonix-(gw|ws)-firewall: RELATED,ESTABLISHED -> ESTABLISHED https://phabricator.whonix.org/T28
– tb-updater: version parser, match for “-alpha-“, “-beta-“, “-rc-” rather than just “alpha”, “beta”, “rc”
– tb-updater: added experimental –alpha, –beta and –rc switches
– tb-updater: added new key tbb-team.asc as per https://trac.torproject.org/projects/tor/ticket/13407 which I verified to be signed by Georg Koppen
– anon-meta-packages: removed spice-vdagent from anon-shared-packages-recommended, because it became a weak recommended dependency in build-steps.d/1700_install-packages
– build-script: install spice-vdagent as weak recommended dependency
– build-script: show VirtualBox First Run Wizard for Whonix-Custom-Workstation – https://phabricator.whonix.org/T47
– apparmor-profile-torbrowser: added exception for Whonix’s local homepage
– tb-starter: open /usr/share/homepage/whonix-welcome-page/whonix.html as default homepage if that file is existing
– whonix-welcome-page: set, export environment variable TOR_DEFAULT_HOMEPAGE to set TorBrowser homepage to /usr/share/homepage/whonix-welcome-page/whonix.html https://trac.torproject.org/projects/tor/ticket/13835
– packaging: bumped compat from 8 to 9
– sdwdate, tb-updater, anon-shared-helper-scripts: refactoring, use errtrace and therefore fewer trap ERR’s required – https://phabricator.whonix.org/T48
– whonix-developer-meta-files: sign_images, use –verify-options show-notations
– anon-ws-disable-stacked-tor: Added: export TOR_NO_DISPLAY_NETWORK_SETTINGS=1 Environment variable to disable the “TorButton” -> “Open Network Settings…” menu item. It is not useful and confusing to have on a workstation, because Tor must be configured on the gateway, which is for security reasons forbidden from the gateway. https://trac.torproject.org/projects/tor/ticket/14100
– whonix-base-files: set: export TOR_HIDE_BROWSER_LOGO=1 Hide the Tor Browser Bundle (TBB) logo in tor-launcher. This is useful to avoid users confusing TBB and Whonix. Also useful when running tor-launcher in standalone mode, because then it’s not TBB that is starting. Lastly also useful avoid ​trademark issues when redistributing original, unmodified TBB in (linux) distributions. https://trac.torproject.org/projects/tor/ticket/14122 – https://www.torproject.org/docs/trademark-faq.html.en – https://www.whonix.org/wiki/Dev/TPO_Trademark
– whonixcheck: New config variable: whonixcheck_tor_bootstrap_wait_max – Default to 60. How long whonixcheck should wait at maximum until Tor bootstrap finished.
– whonixcheck: warn if whonix-initializer failed
– whonixcheck: ported to gpg-bash-lib
– whonixcheck: set -o errtrace, set -e until trap ERR has been set up
– whonix-initializer: add fail file in case first run initializer failed
– whonix-initializer: changed status file dir from /root/.whonix/ to /var/lib/whonix-initializer/status-files/
– gpg-bash-lib: new package – https://phabricator.whonix.org/T86 – https://github.com/Whonix/gpg-bash-lib
– tb-updater: ported to gpg-bash-lib – https://phabricator.whonix.org/T88 – https://github.com/Whonix/gpg-bash-lib
– tb-updater: Show when signature way made and ask for confirmation. Useful to detect downgrade or infinite freeze attack. – https://phabricator.whonix.org/T95
– tb-updater: Store and show last known signature creation date. – Useful to detect downgrade or infinite freeze attack. – https://phabricator.whonix.org/T96
– tb-updater: Authenticate file names. This is useful to detect a downgrade or indefinite freeze attack. To do this, the sha256sums.txt file needs to be verified using the sha256sums.txt.asc file. When that succeeded, the hash for the archive needs to be created and looked up within sha256sums.txt. – https://phabricator.whonix.org/T98
– open-link-confirmation: added graphical warning sign
– updated frozen repository
– anon-base-files: pre.bsh enable errtrace – https://phabricator.whonix.org/T101
– generic makefile: generic makefile: Check, that environment variable DEBEMAIL is not be empty when using “make deb-chl-bumpup”. Otherwise e-mail address in debian/changelog would default to user@host.localdomain and then lintian would complain and exit with failure code.
– whonixcheck: increased whonixcheck_tor_bootstrap_wait_max from 60 to 90
– build script: set -e before trap ERR gets enabled
– tb-updater: progress bar for extraction process
– anon-gw-anonymizer-config: reserved SocksPort 10.152.152.10:9152 for Tor Messenger – https://phabricator.whonix.org/T107
– anon-ws-disable-stacked-tor: Work on Tor Messenger Support: – Forward workstation 127.0.0.1 9152 to gateway 10.152.152.10 9152. (SocksPort) – Forward workstation 127.0.0.1 9153 to gateway 10.152.152.10 9052 where Control Port Filter Proxy. (ControlPort) – https://phabricator.whonix.org/T107
– whonix-ws-firewall: outgoing rule simplification – https://phabricator.whonix.org/T111
– Fixed Control Port Filter Proxy Connection by adding “iptables -A INPUT -p tcp -j REJECT –reject-with tcp-reset”. – https://phabricator.whonix.org/T112
– whonix-gw-firewall: support multiple external and internal interfaces – https://phabricator.whonix.org/T120
– whonix-gw-firewall: provide an option WORKSTATION_ALLOW_SOCKSIFIED to skip Tor SocksPort iptables rules – https://phabricator.whonix.org/T121
– build script: grml-debootstrap apt-get unsigned package install security bug workaround that is required for jessie and above – https://phabricator.whonix.org/T119
– whonixcheck: added qemu to list of supported virtualizers
– tb-starter: new TB_CUSTOM_HOMEPAGE setting; not touching default link to open when running outside of Whonix
– tb-starter: removed deprecated –recommend feature
– whonix-repository: postinst script, only enable bash -x, if xtrace has been enabled
– whonix-repository: postinst script, show output of whonix_repository tool for better transparency
– makefile: more efficient make install (fixed a bug, run ‘cp -R “$d” “$DESTDIR”‘ just one instead of for every file)
– makefile: if make_use_gain_root_command is unset, “./debian/gain-root-command” is executable and faketime is installed, then automatically set make_use_gain_root_command=”true”
– makefile: source ./make-helper-overrides.bsh if existing to allow overruling of functions
– makefile: source all files in ./make-helper-overrides.d if that folder is existing and if the files in that folder are executable to allow overruling of functions
– makefile: prepend package-version folder in upstream tarball
– makefile: made hardcoded list of folders to install (“bin boot dev etc home lib opt sbin srv sys usr var”) overwriteable through variable make_folder_list_for_un_and_install
– makefile: output
– makefile: new hook make_hook_at_the_end_of_get_destdir
– makefile: mkdir before cp when running make install (i.e. create eventually non-existing DESTDIR)
– makefile: mkdir only when directory does not exist
– makefile: bumped version number to 1.2
– makefile: make uch creates upstream changelog in changelog.upstream rather than debian/changelog.upstream
– makefile: new make deb-uachl-bumpup, Combination of make uch and make deb-chl-bumpup.
– makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning
– makefile: autodetect if lintian is available, automatically using it unless make_use_debian is set to false, failing open if automatically running it
– makefile: new, make lintian
– tb-updater, open-link-confirmation: set default button to cancel
– tb-updater: added progress bar for extraction
– msgcollector: added /usr/lib/msgcollector/pv_wrapper
– tb-updater: support running without having X running by reading answers from stdin
– build script: refactoring, renamed variable whonix_build_script_whonix_package to whonix_build_script_skip_package_install
– anon-shared-build-ban-nonfree: allow packages virtualbox-guest-utils and virtualbox-guest-x11 from contrib to be installed
– tb-updater, whonixcheck, sdwdate: instead of –socks5-hostname, use more modern –proxy + user:password@ip:port syntax for curl for better stream isolation – https://phabricator.whonix.org/T126
– tb-updater: distinct exit codes for each case of abort or failure
– build script: improved error handler output with process and function trace result
– build script: use non-interactive error handler, if stdin is not available
– sdwdate: BREAKING CHANGE: Changed mode of operation. Now using Tor hidden services (.onion) as time source. No longer supporting SSL/TLS, but connections to .onion’s are encrypted end-to-end with the advantage, that no malicious/broken SSL Certificate Authorities can interfere anymore. – https://phabricator.whonix.org/T131
– sdwdate: BRAKING CHANGE: deprecated –proxy, introduced –proxy-ip and –proxy-port
– sdwdate: BREAKING CHANGE: changed pool link format
– sdwdate: support comments for links in pools
– sdwdate: increased interval to INTERVAL=”180″ and MIN_INTERVAL=”60″ – https://phabricator.whonix.org/T147
– sdwdate: ported to url to unixtime
– sdwdate: refactored hook dispatching system for code reduction and to make it easier to add new hooks
– anon-meta-packages: install control-port-filter-python https://github.com/Whonix/control-port-filter-python replacement that has been written by @troubadoour https://github.com/troubadoour rather than control-port-filter https://github.com/Whonix/control-port-filter (bash)
– anon-gw-anonymizer-config: recommend control-port-filter-python rather than control-port-filter
– makefile generic: pass ${1+”$@”} to make_source_overrides_file and make_source_overrides_folder ${1+”$@”}
– makefile generic: added generic _hook_pre and _hook_post mechanism. Before calling any function, function function-name_hook_pre would be called and function-name_hook_post afterwards.
– makefile generic: for make deb-chl-bumpup, require DEBFULLNAME being set
– makefile generic: make deb-cleanup, delete “../${package}_”*-*_*”.deb” rather than “../${package}_”*-*”_all.deb”
– whonix-gw-firewall: provide hook after drop ipv4 invalid packages through variable GATEWAY_IPv4_DROP_INVALID_INCOMING_PACKAGES_POST_HOOK – https://phabricator.whonix.org/T176
– whonixcheck: Added usr/lib/apt-get-wrapper, a wrapper that exits 125, if output of apt-get update begins with “W:” or “E:”. Required to workaround several issues with apt-get exit codes. https://www.whonix.org/wiki/Dev/apt-get#Bugs  https://phabricator.whonix.org/T169
– build-script: check for network failures during build to make sure (security) repository is really in use – https://phabricator.whonix.org/T169
– tb-updater: new multiple version choice graphical user interface – thanks to troubadour for creating it! – https://phabricator.whonix.org/T149
– tb-updater: suggest lowest advertised version number by default because then chances are good, it is a stable and no alpha version – https://phabricator.whonix.org/T130
– tb-updater: fix, install stable rather than alpha by default since TBB version format changed – https://phabricator.whonix.org/T130
– whonixcheck: security workaround for “apt-get update” zero exit code discrepancy for network, gpg failures – https://phabricator.whonix.org/T194
– whonixcheck: output all functions when running –function without argument
– whonixsetup:
— added support for /var/cache/whonix-setup-wizard/status-files/whonixsetup.done
— added support for /var/cache/whonix-setup-wizard/status-files/whonixsetup.skip
— added support for /var/cache/whonix-setup-wizard/status-files/whonix_repository.done
— added support for /var/cache/whonix-setup-wizard/status-files/whonix_repository.skip
— added support for /var/cache/whonix-setup-wizard/status-files/disclaimer.done
— added support for /var/cache/whonix-setup-wizard/status-files/disclaimer.skip
— added support for legacy /var/lib/whonix/do_once/whonixsetup.done
– anon-meta-packages: no longer install anon-gw-first-run-notice by default because it has been incorporated into whonix-setup-wizard – https://phabricator.whonix.org/T228
– build script: break when attempting to build from non-tagged git by default – https://phabricator.whonix.org/T231
– tb-updater: improved architecture detection. ARCH can now be set to i386, i686, amd64 or one could also directly set ARCH_DOWNLOAD to for example to linux32 or linux64.
– whonix-repository: implemented –repository to fix “whonix-setup-wizard repository – code names issue – stable vs wheezy” – https://phabricator.whonix.org/T232
– added whonix-welcome-page to whonix-workstation-packages-recommended
– build script: code simplification – use deb [trusted=yes] rather than local signing key for local apt repository during build – https://phabricator.whonix.org/T246
– build script: check if we are building from a tag or not and –allow-untagged true
– build script: move backup raw image build steps out of main source code – https://phabricator.whonix.org/T249
– build script: build script should provide better optical separation of build steps – https://phabricator.whonix.org/T10
– build-script: build and install genmkfile – https://phabricator.whonix.org/T217
– refactoring: reduced code duplication generated by generic makefile (genmkfile) – https://phabricator.whonix.org/T217
– make tb-starter compatible with TBB 4.5a5 and above – https://phabricator.whonix.org/T253
– control-port-filter-python: added systemd service – https://phabricator.whonix.org/T106
– tb-updater: removed deactivation of TBB internal updater for TBB versions equal or higher than 4.5 because upstream fixed the security issue – https://phabricator.whonix.org/T105
– whonixcheck: implemented whonixcheck general Whonix News file – https://phabricator.whonix.org/T255
– whonixcheck: moved Whonix News files to mirror.whonix.de and use sourceforge as fallback – https://phabricator.whonix.org/T54
– whonix-repository: made baseuri configurable through WHONIX_APT_REPOSITORY_BASEURI environment and /etc/whonix.d configuration variable – https://phabricator.whonix.org/T54
– whonix-repository: moved Whonix APT Repository default baseuri from http://sourceforge.net/projects/whonixdevelopermetafiles/files/internal/ to http://mirror.whonix.de/whonixdevelopermetafiles/internal/
whonix-repository: made baseuri (WHONIX_APT_REPOSITORY_BASEURI) configurable through –baseuri command line parameter
– whonix-repository: add WHONIX_APT_REPOSITORY_BASEURI to auto generated configuration file

The post Testers Wanted! Whonix 10 ( 10.0.0.5.0 ) appeared first on Whonix.

]]>
https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0/feed 0
towards a somewhat soon release of Whonix 10, postposting jessie/systemd support https://www.whonix.org/blog/towards-whonix-10 https://www.whonix.org/blog/towards-whonix-10#comments Fri, 03 Apr 2015 13:39:11 +0000 https://www.whonix.org/blog/?p=1497 For several reasons… 1) The TODO list for the release of Whonix 10 is getting smaller: https://phabricator.whonix.org/maniphest/?statuses=open&allProjects=PHID-PROJ-azftsdqyk3mbrlzazoc6#R 2) Since the changelog for Whonix 10 is quite long already (https://www.whonix.org/blog/?p=1093&preview=1&_ppp=095bea96f1)… 3) And because of “release early, release often”… 4) And due

The post towards a somewhat soon release of Whonix 10, postposting jessie/systemd support appeared first on Whonix.

]]>
For several reasons…

1) The TODO list for the release of Whonix 10 is getting smaller:
https://phabricator.whonix.org/maniphest/?statuses=open&allProjects=PHID-PROJ-azftsdqyk3mbrlzazoc6#R

2) Since the changelog for Whonix 10 is quite long already (https://www.whonix.org/blog/?p=1093&preview=1&_ppp=095bea96f1)…

3) And because of “release early, release often”…

4) And due to the brokenness of tb-updater, the many security enhancements in Whonix 10 and fixes:
https://www.whonix.org/forum/index.php/topic,1070.0.html
https://www.whonix.org/forum/index.php/topic,939.0.html
https://www.whonix.org/forum/index.php/topic,810.0.html
https://www.whonix.org/forum/index.php/topic,595.0.html

Therefore… I am proposing,
– to finish the remaining Whonix 10 TODO, to get Whonix 10 out somewhat soon
– to move jessie and systemd support [+ stuff someone contributes until then] to release goal of Whonix 11
– to move most Whonix 11 release goals to Whonix 12

Earlier I stated the release goal for Whonix 10 “ready to be upgraded to Debian jessie”. After working on actual jessie and systemd stuff, I learned that this is not really possible. We can either build packages with dh_installinit for wheezy or dh_systemd for jessie. Having them compatible with both suites at once seems unjustifiably difficult. What we could do however would be building a jessie based Whonix 11 and making upgrading to jessie mandatory for that upgrade.

I’ve asked troubadour, if we can remove the Whonix 10 tag for,
– whonix-setup-wizard polishing (https://phabricator.whonix.org/T190) and
– control-port-filter-python improvement (https://phabricator.whonix.org/T243)

What do you think about that plan? Is there anything you absolutely need/want to get merged in time for Whonix 10 – because otherwise everything would go evil – that you can eventually contribute before the rest of the Whonix 10 TODO is done?

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1071

The post towards a somewhat soon release of Whonix 10, postposting jessie/systemd support appeared first on Whonix.

]]>
https://www.whonix.org/blog/towards-whonix-10/feed 0
Can’t start Tor Browser in Whonix? https://www.whonix.org/blog/cannot-start-tor-browser https://www.whonix.org/blog/cannot-start-tor-browser#comments Fri, 03 Apr 2015 12:00:11 +0000 https://www.whonix.org/blog/?p=1492 Please ‘stay tuned‘, because you missed an important news: Bug: Tor Browser Alpha rather than Tor Browser Stable being installed by Tor Browser Updater (AnonDist) If you want to start the alpha anyhow, which is recommended against (rather get the

The post Can’t start Tor Browser in Whonix? appeared first on Whonix.

]]>
Please ‘stay tuned‘, because you missed an important news:
Bug: Tor Browser Alpha rather than Tor Browser Stable being installed by Tor Browser Updater (AnonDist)

If you want to start the alpha anyhow, which is recommended against (rather get the stable), go to start menu -> File Manager -> /home/user/tor-browser_en-US -> double click ‘start-tor-browser.desktop’.

It will be fixed in Whonix 10.

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1070.0.html

The post Can’t start Tor Browser in Whonix? appeared first on Whonix.

]]>
https://www.whonix.org/blog/cannot-start-tor-browser/feed 0
gpg-bash-lib – gpg file verification bash library – first public release announcement – 0.5-1 https://www.whonix.org/blog/gpg-bash-verification-library https://www.whonix.org/blog/gpg-bash-verification-library#comments Thu, 02 Apr 2015 13:30:43 +0000 https://www.whonix.org/blog/?p=1488 gpg-bash-lib is a gpg file verification bash library, addresses comprehensive threat model, that covers file name tampering, indefinite freeze, rollback, endless data attacks, etc. https://github.com/Whonix/gpg-bash-lib Why? Writing bash scripts that do file verification using gpg that really is secure and

The post gpg-bash-lib – gpg file verification bash library – first public release announcement – 0.5-1 appeared first on Whonix.

]]>
gpg-bash-lib is a gpg file verification bash library, addresses comprehensive threat model, that covers file name tampering, indefinite freeze, rollback, endless data attacks, etc.

https://github.com/Whonix/gpg-bash-lib

Why?

Writing bash scripts that do file verification using gpg that really is secure and passes a comprehensive threat model, that covers indefinite freeze, rollback, endless data attacks, etc. is hard.

gpg-bash-lib’s goal is to provide a bash library that we can collaboratively develop, audit and abstract the hard work into reuseable functions.

Checking gpg exit codes only is insufficient. Quote Werner Koch [1] (gnupg lead developer):

“there is no clear distinction between the codes and for proper error reporting you are advised to use the –status-fd messages.”

(For a definition of these attacks, see TUF [2] (The Update Framework)’s [3] threat model [4] [5].)

Mini Demo:
After installation, if you would run the following command.

/usr/share/gpg-bash-lib/examples/one

You would see the following output.

your_script_begin: …
verification: BEGIN
verification: END
your_script_output: BEGIN
gpg_bash_lib_output_failure_status: false
gpg_bash_lib_output_gpg_verify_exit_code: 0
gpg_bash_lib_output_goodsig_status: true
gpg_bash_lib_output_validsig_status: true
gpg_bash_lib_output_fingerprint_in_hex: 5E08605EBEA0FE88695DCB88FD0A8B4171DFE4E4
gpg_bash_lib_output_signed_on_unixtime: 1422049448
gpg_bash_lib_output_signed_on_date: March 01 13:56:27 UTC 2015
gpg_bash_lib_output_notation[$file@name]: test-file
gpg_bash_lib_output_file_name_tampering: false
gpg_bash_lib_output_freshness_status: true
gpg_bash_lib_output_freshness_detail: current
gpg_bash_lib_output_freshness_msg:
– Freshness: Signature is current.
– valid-max: Signatures are valid up to 30 days.
– Signature Creation Date: March 01 13:56:27 UTC 2015
– Current System Date    : March 02 16:0:55 UTC 2015
– Local System Clock: Your clock seems okay.
– Relative Signature Creation Time: According to your system clock, signature was created 2 days 26 minutes 3 seconds ago.
gpg_bash_lib_output_alright_status: true
your_script_output: END

All information (Signature Creation Date, etc.) are easily accessible through separate variables, which are all documented.

Documentation:
https://github.com/Whonix/gpg-bash-lib/blob/master/README.mediawiki

Usage examples:
https://github.com/Whonix/gpg-bash-lib/tree/master/usr/share/gpg-bash-lib/examples

Main code file:
https://github.com/Whonix/gpg-bash-lib/blob/master/usr/lib/gpg-bash-lib/modules.d/50_common

Specifically, does the status-fd parsing code look sane?
https://github.com/Whonix/gpg-bash-lib/blob/d6cff902f40135c3e100a5bb13a6fe8275a41828/usr/lib/gpg-bash-lib/modules.d/50_common#L350

Could you leave some feedback please?

Anyone else interested to contribute?

[1] http://lists.gnupg.org/pipermail/gnupg-devel/2005-December/022559.html
[2] https://www.updateframework.com/
[3] https://github.com/theupdateframework/tuf
[4] https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md
[5] http://www.webcitation.org/6F7Io2ncN

The post gpg-bash-lib – gpg file verification bash library – first public release announcement – 0.5-1 appeared first on Whonix.

]]>
https://www.whonix.org/blog/gpg-bash-verification-library/feed 0
TorProject Leaflets https://www.whonix.org/blog/torproject-leaflets https://www.whonix.org/blog/torproject-leaflets#comments Wed, 01 Apr 2015 02:01:00 +0000 https://www.whonix.org/blog/?p=1485 For those of you who are introducing Tor for the first time to friends and family, the TorProject has released their official leaflets for advocacy to better explain anonymity technology and its uses. https://blog.torproject.org/blog/spread-word-about-tor

The post TorProject Leaflets appeared first on Whonix.

]]>
For those of you who are introducing Tor for the first time to friends and family, the TorProject has released their official leaflets for advocacy to better explain anonymity technology and its uses.

https://blog.torproject.org/blog/spread-word-about-tor

The post TorProject Leaflets appeared first on Whonix.

]]>
https://www.whonix.org/blog/torproject-leaflets/feed 0
Major Updates for Qubes + Whonix! https://www.whonix.org/blog/major-updates-for-qubes-whonix https://www.whonix.org/blog/major-updates-for-qubes-whonix#comments Mon, 16 Mar 2015 22:36:51 +0000 https://www.whonix.org/blog/?p=1478 Hello everyone, WhonixQubes here. I wanted to finally update you on some major updates with the Qubes + Whonix platform that have been accomplished over the past few months. TLDR Summary: Qubes + Whonix is the seamless combination of Qubes

The post Major Updates for Qubes + Whonix! appeared first on Whonix.

]]>
Hello everyone, WhonixQubes here. :D

I wanted to finally update you on some major updates with the Qubes + Whonix platform that have been accomplished over the past few months.

TLDR Summary:

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

The Qubes + Whonix port has been fundamentally upgraded to a native seamless architecture (ProxyVM + AppVM).

Qubes + Whonix is now easy to install (Install Guide available on the wiki) and most all of the past usability issues have been fixed.

We now have upstream integration into the Qubes codebase and templates repository.

We now have newly updated documentation guides on our wiki with more to come soon.

Based on Qubes OS R2 and Whonix OS 9.6, the current newly released versions of the new Qubes + Whonix RPM templates is 2.1.8 and DEB updates package is 9.6.2.

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes
– Forum: whonix.org/forum/Qubes
– Blog: whonix.org/blog/Qubes
– Tracker: whonix.org/tracker/Qubes

Full Version:

First: What is Qubes + Whonix all about?

Qubes OS (qubes-os.org) is one of the most secure OS architectures you will ever encounter that is able to withstand greater attack due to its advanced isolation properties.

Whonix OS (whonix.org) is a Tor-based virtual machine OS for anonymizing all of your traffic through Tor in a meaningfully more optimal and secure way than normal.

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

New Architecture:

Last year, I accomplished the first port of Whonix OS over to Qubes OS.

Now, with big thanks to nrgaway, we have a new — much improved — seamless combination of Qubes + Whonix.

The new Qubes + Whonix is a much more natively integrated, seamless and easy to use combination of Qubes + Whonix.

Instead of the old TwoHVM architecture, we now make use of a seamless ProxyVM + AppVM architecture.

The Whonix-Workstation is installed as an AppVM in Qubes, which is where your user applications reside, and all of their traffic gets forced through the separate Whonix-Gateway Tor ProxyVM.

The Whonix-Gateway is installed as a ProxyVM in Qubes, which is where your Tor connection proxy resides, and is securely isolated so that malware can’t simply circumvent your Tor connection to easily find out your real identity, as it can with other Tor systems.

With the new architecture, we have seamless GUI desktop integration with Qubes OS.

And we have Qubes tools integration that allow for things like easy-and-secure copy/paste as well as easy-and-secure file moving between VMs.

From the base TemplateVMs, you can dynamically generate as many Whonix VMs as you please, to use simultaneously, for more optimal anonymous workspace isolation.

The new native port architecture of Qubes + Whonix is much more useful.

Upsteam Integration and Install/Updates:

The Qubes team has enjoyed our work on Qubes + Whonix and we now have upstream integration in the Qubes codebase and templates repository.

This also means that installation is very easy to do via the RPM packages (Install Guide available on the wiki).

Also, much of the Qubes + Whonix code has been moved out of the Qubes template builder codebase to an independent Whonix package called “qubes-whonix”.

This qubes-whonix package will now allow us to push more convenient updates to Qubes + Whonix without always needing to rebuild and reinstall the underlying TemplateVMs.

So install and update are much improved.

Qubes + Whonix Packages:

There are now three packages specific to the Qubes + Whonix platform now:

- Whonix-Gateway TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- Whonix-Workstation TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- qubes-whonix which comes as a DEB updates package in Whonix and is currently at version 9.6.2.

These current versions are based on Qubes OS R2 and Whonix OS 9.6.

New and Improved Documentation:

We have new documentation for Qubes + Whonix on our wiki (whonix.org/wiki/Qubes).

Here you can learn more about the platform and get some primary guides on how to work with Qubes + Whonix.

The new documentation was just recently launched and more is being added throughout the near-term future.

To learn more, go check it out the wiki documentation for yourself.

Also, the general Whonix wiki has extensive knowledge available about optimizing your Tor-based anonymity.

So, if you want to supercharge your Security + Anonymity, then feel free to try out Qubes + Whonix.

Also, if you’ve got skills, feel free to get in touch and join in on the development effort of the Qubes + Whonix platform.

More improvements coming soon.

Thanks everyone! :D

WhonixQubes

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes
– Forum: whonix.org/forum/Qubes
– Blog: whonix.org/blog/Qubes
– Tracker: whonix.org/tracker/Qubes

The post Major Updates for Qubes + Whonix! appeared first on Whonix.

]]>
https://www.whonix.org/blog/major-updates-for-qubes-whonix/feed 0
Poisoned Fruit https://www.whonix.org/blog/poisoned-fruit https://www.whonix.org/blog/poisoned-fruit#comments Wed, 11 Mar 2015 03:13:42 +0000 https://www.whonix.org/blog/?p=1470 https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/ The classic paper on compilers called “Trusting Trust” sheds light on the most devastating type of attacks in a computing environment. An attacker altering a compiler binary can make it produce malicious versions of every program it compiles, including

The post Poisoned Fruit appeared first on Whonix.

]]>
https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/

The classic paper on compilers called “Trusting Trust” sheds light on the most devastating type of attacks
in a computing environment. An attacker altering a compiler binary can make it produce malicious versions of every program it compiles, including itself. Once this is done, the attack remains undetectable in perpetuity:

http://cm.bell-labs.com/who/ken/trust.html

Apple sunk millions of dollars
into creating LLVM just to undermine GCC and to close off their development chain from developers. The problem with their closed proprietary model is that there can never be a way for users to
verify that their binary copy of the compiler is derived from clean
source code. Apple want to prevent users from seeing the source for
the compiler and spies are taking advantage of this.

Apple also bans GPL software from their Appstore.

This ladies and gentlemen is why the world without GCC would be a very dark place. Revelations like these vindicate Richard Stallman and his philosophy.

To no amazement, the tree of secret proprietary development can only bear the fruits of sabotage. By backdooring the compiler, as they do with Apple’s Xcode, the Intelligence Community is poisoning entire software ecosystems. For them its OK as long as they can get at a few bad apples. See what I did there? :P

Screw you Apple for viciously attacking Free Software, you reap what you sow.

My favorite part:
“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said last September in announcing Apple’s new privacy policy.

LOL ever heard of PRISM Mr. Cook? What do you mean you “never” allowed access to your servers? Last time I checked all surveillance programs foreign and domestic are still in place and being beefed up as we speak. Before you make privacy Apple’s next marketing gimmick you’d do well to keep up with the headlines.

The post Poisoned Fruit appeared first on Whonix.

]]>
https://www.whonix.org/blog/poisoned-fruit/feed 0
The ‘Libre’ in Libre Software https://www.whonix.org/blog/the-libre-in-libre-software https://www.whonix.org/blog/the-libre-in-libre-software#comments Tue, 10 Mar 2015 23:37:54 +0000 https://www.whonix.org/blog/?p=1466 For those of you using proprietary platforms, powerful privacy tools may be your first encounter with Libre Software. Unlike proprietary software, Libre Software is not some opaque mysterious blackbox, a shrink wrapped “product” or even a development process. Libre Software

The post The ‘Libre’ in Libre Software appeared first on Whonix.

]]>
For those of you using proprietary platforms, powerful privacy tools may be your first encounter with Libre Software.

Unlike proprietary software, Libre Software is not some opaque mysterious blackbox, a shrink wrapped “product” or even a development process.

Libre Software is an evolving dialogue between contributors and users, constantly improving and evolving to meet their needs and yours too if you participate in the discussion.

It is a community dedicated to protecting your inalienable human rights in a predatory, global corporate-government surveillance climate.

By its definition, Freedom cannot force itself on you or choose you, you must choose it. If you enjoy using Tor and Whonix I encourage you to try a GNU/Linux distro as your host OS.

(Anything but Ubuntu though. It saddens me to make an exception but their hostile actions against the community and user privacy make them untrustworthy)

The post The ‘Libre’ in Libre Software appeared first on Whonix.

]]>
https://www.whonix.org/blog/the-libre-in-libre-software/feed 3
Whonix KVM is Back! https://www.whonix.org/blog/whonix-kvm-is-back https://www.whonix.org/blog/whonix-kvm-is-back#comments Tue, 10 Mar 2015 22:31:31 +0000 https://www.whonix.org/blog/?p=1463 After a brief hiatus I am retaking up maintenance of KVM Whonix. Feel free to leave comments or raise support concerns in the dedicated sub-forum.

The post Whonix KVM is Back! appeared first on Whonix.

]]>
After a brief hiatus I am retaking up maintenance of KVM Whonix.

Feel free to leave comments or raise support concerns in the dedicated sub-forum.

The post Whonix KVM is Back! appeared first on Whonix.

]]>
https://www.whonix.org/blog/whonix-kvm-is-back/feed 1
First Bounty! 3.000 $ – Build Debian Packages from Source Code https://www.whonix.org/blog/bounty-debian-source-code https://www.whonix.org/blog/bounty-debian-source-code#comments Mon, 02 Mar 2015 18:05:57 +0000 https://www.whonix.org/blog/?p=1445 For Task Details see: https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code Bounty too low? How to apply? 1) Go to https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code 2) Click on “Developers” 3) Click on “Get Started” 4) Select Status “Bounty too low” 5) Enter your offer and press “Save”. The bounty may

The post First Bounty! 3.000 $ – Build Debian Packages from Source Code appeared first on Whonix.

]]>
For Task Details see:
https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code

Bounty too low? How to apply?

1) Go to https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code
2) Click on “Developers”
3) Click on “Get Started”
4) Select Status “Bounty too low”
5) Enter your offer and press “Save”.

The bounty may then be increased by if realistic and sustainable.

If you have any questions, please get in contact.

The post First Bounty! 3.000 $ – Build Debian Packages from Source Code appeared first on Whonix.

]]>
https://www.whonix.org/blog/bounty-debian-source-code/feed 0