Whonix https://www.whonix.org/blog Privacy and Anonymity OS Fri, 22 May 2015 21:12:14 +0000 en-US hourly 1 http://wordpress.org/?v=4.2.2 Whonix Project looking for Translations Coordinator https://www.whonix.org/blog/translations-coordinator https://www.whonix.org/blog/translations-coordinator#comments Fri, 22 May 2015 15:00:10 +0000 http://www.whonix.org/blog/whonix-project-looking-for-translations-coordinator Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. It has its focus on anonymity, privacy, security and usability. The Whonix project is looking for a volunteer Translations Coordinator. Your task: Join us

The post Whonix Project looking for Translations Coordinator appeared first on Whonix.

]]>
Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. It has its focus on anonymity, privacy, security and usability.

The Whonix project is looking for a volunteer Translations Coordinator.

Your task:

If you are interested, please sign up for the Whonix Development Forum [2] and say hello.

[1] https://www.mediawiki.org/wiki/MediaWiki_Language_Extension_Bundle
[2] https://www.whonix.org/forum/index.php/board,5.0.html

The post Whonix Project looking for Translations Coordinator appeared first on Whonix.

]]>
https://www.whonix.org/blog/translations-coordinator/feed 0
AppArmor and Whonix https://www.whonix.org/blog/apparmor-and-whonix https://www.whonix.org/blog/apparmor-and-whonix#comments Sun, 17 May 2015 20:38:23 +0000 https://www.whonix.org/blog/?p=1585 AppArmor (“Application Armor”) for better security. Current status of AppArmor and Whonix: – We do enable apparmor by default for a while now. (https://github.com/Whonix/grub-enable-apparmor) – Therefore The Tor Project’s apparmor profile for Tor is in use on Whonix-Gateway. – We

The post AppArmor and Whonix appeared first on Whonix.

]]>
AppArmor (“Application Armor”) for better security.

Current status of AppArmor and Whonix:

– We do enable apparmor by default for a while now. (https://github.com/Whonix/grub-enable-apparmor)
– Therefore The Tor Project’s apparmor profile for Tor is in use on Whonix-Gateway.
– We tweak that one a bit to make it work with Whonix and obfsproxy. (https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/etc/apparmor.d/local/system_tor.anondist)
– We don’t install any apparmor profiles by default as of Whonix 10.
– We do not install any longer the profiles from Debian (packages apparmor-profiles, apparmor-profiles-extra) since Whonix 10 because of the noise they generate in the forums.
– We do not plan on installing apparmor profiles by default for packages that are not developed under the Whonix umbrella such as for Tor Browser, pidgin, xchat, etc. (list: https://github.com/Whonix?utf8=%E2%9C%93&query=apparmor) – Package upgrades that we don’t control by upstream could make it impossible to start the application, lead to eventual fingerprinting issues, therefore installation of such apparmor profiles is manual for testers and advanced users.
– Upstreaming such profiles is a very time consuming process, also a slow process (requires a new stable debian release). Help welcome.
– For apparmor profiles developed under the Whonix such as sdwdate, whonixcheck, we plan in future for Whonix 12 or so on deprecating the separate apparmor profiles and installing those profiles by default, that is doable, because we control package upgrades.

The Whonix profiles can be installed with:

sudo apt-get install apparmor-profiles-whonix

AppArmor Whonix Wiki Page:
https://www.whonix.org/wiki/AppArmor

AppArmor Whonix Forum:
https://www.whonix.org/forum/index.php/board,18.0.html

Apparmor Whonix Phabricator TODO List:
https://phabricator.whonix.org/maniphest/?statuses=open%2Creview&allProjects=PHID-PROJ-q6t3ulhtja6xyqgs7l5z#R

Comments / Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1237.0.html

The post AppArmor and Whonix appeared first on Whonix.

]]>
https://www.whonix.org/blog/apparmor-and-whonix/feed 0
If-by-Surveillance https://www.whonix.org/blog/if-by-surveillance https://www.whonix.org/blog/if-by-surveillance#comments Sun, 17 May 2015 18:06:01 +0000 https://www.whonix.org/blog/?p=1583 My friends, I had not intended to discuss this controversial subject at this particular time. However, I want you to know that I do not shun controversy. On the contrary, I will take a stand on any issue at any

The post If-by-Surveillance appeared first on Whonix.

]]>
My friends, I had not intended to discuss this controversial subject at this particular time. However, I want you to know that I do not shun controversy. On the contrary, I will take a stand on any issue at any time, regardless of how fraught with controversy it might be. You have asked me how I feel about surveillance. All right, here is how I feel about surveillance:

If when you say surveillance you mean enabling the privileged to commit unchecked nepotism and corruption, choking out dissent, the overriding of Constitutional checks and balances, manufacturing threats to control the populace with fear, the five-eyed monster, that attacks innocents, aiding destruction of homes, creation of misery and poverty, yea, literally taking the bread from the mouths of little children; if you mean the agencies that topple third world nations and drive their peoples into the bottomless pit of degradation, and despair, and shame and helplessness, and hopelessness, then certainly I am against it.

But, if when you say surveillance you mean the sabotage of global internet infrastructure, subversion of crypto standards, spying on human rights groups lawyers and journalists, attacks on freedom of speech, manipulation of public opinion and media polls, political blackmail, interference with domestic criminal court procedures and evidence gathering, sitting on 0days while leaving national infrasructure wide open to attack, magnification of totalitarianism, destruction of happiness and our right to be forgotten if only for a little while; if you mean the agencies whose bills rob our treasuries of untold billions of dollars, which could otherwise by used to provide tender care for our little crippled children, our blind, our deaf, our dumb, our pitiful aged and infirm; to build highways and hospitals and schools, then certainly I am still very much against it.

This is my stand. I will not retreat from it. I will not compromise.

The above was a parody of a political speech by a lawmaker from Mississippi about prohibition, originally called if-by-whiskey. But unlike the original there’s no double-speak. When I saw it I thought its a good opportunity to take a 10000 foot bird’s eye view of what has been making headlines.

With that said, I’m not sure that every IC employee was aware of the total scope of surveillance and abuses before the Snowden cache was published. The majority of NSA employees probably don’t agree with what’s happening. This sad direction is the result of the leaders who direct the efforts of well-meaning people into self-serving ways. People who are smart enough to figure out that they are being used to build the surveillance systems that are intended for their children and grandchildren, their families and friends, their neighbors and fellow citizens. All whom they wanted to serve and protect by joining the agency in the first place.

In reality, corporate surveillance poses a bigger danger than state surveillance for the average internet user. Its the former that enables the latter in large part. The fact that they are willing to dish out information about your life to anyone willing to pay their advertising networks should worry you even more than a government employee with top-secret clearance taking a peak. That’s not to say anyone is entitled to your data, thoughts or information about who you talk with. Its a choice that comes down to you choosing to change your perception about the value of yourself and refusing to use systems that betray you.

The post If-by-Surveillance appeared first on Whonix.

]]>
https://www.whonix.org/blog/if-by-surveillance/feed 0
bounty overview – May 2015 https://www.whonix.org/blog/bounty-overview-may-2015 https://www.whonix.org/blog/bounty-overview-may-2015#comments Tue, 12 May 2015 15:40:28 +0000 https://www.whonix.org/blog/?p=1575 List of bounties and details: – Build Debian Packages from Source Code – $ 3.000 – https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code – implement rads (ram adjusted desktop starter) systemd unit – $ 50 – https://www.bountysource.com/issues/14466761-implement-rads-ram-adjusted-desktop-starter-systemd-unit – make grsecurity kernel, grsecurity-installer work inside Whonix  –

The post bounty overview – May 2015 appeared first on Whonix.

]]>
List of bounties and details:

– Build Debian Packages from Source Code – $ 3.000 – https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code

– implement rads (ram adjusted desktop starter) systemd unit – $ 50 – https://www.bountysource.com/issues/14466761-implement-rads-ram-adjusted-desktop-starter-systemd-unit

– make grsecurity kernel, grsecurity-installer work inside Whonix  – $ 400 – https://www.bountysource.com/issues/14471558-make-grsecurity-kernel-grsecurity-installer-work-inside-whonix

– bountysource/frontend – Add support for Phabricator – $ 100 – https://www.bountysource.com/issues/1384856-add-support-for-phabricator-100

Bounty too low? How to apply?

1) Go to specific bountysource tickets.
2) Click on “Developers”
3) Click on “Get Started”
4) Select Status “Bounty too low”
5) Enter your offer and press “Save”.

The bounty may then be increased by if realistic and sustainable.

If you have any questions, please get in contact.

The post bounty overview – May 2015 appeared first on Whonix.

]]>
https://www.whonix.org/blog/bounty-overview-may-2015/feed 0
qubes-whonix – Whonix on top of Qubes – Looking for Maintainer! https://www.whonix.org/blog/qubes-whonix-maintainer https://www.whonix.org/blog/qubes-whonix-maintainer#comments Sat, 02 May 2015 13:17:08 +0000 https://www.whonix.org/blog/?p=1570 WhonixQubes, the previous maintainer of qubes-whonix unfortunately resigned. qubes-whonix is the combination of Qubes and Whonix. What are the tasks of a maintainer? – answering questions in the forums – keeping the wiki up to date – testing of installation,

The post qubes-whonix – Whonix on top of Qubes – Looking for Maintainer! appeared first on Whonix.

]]>
WhonixQubes, the previous maintainer of qubes-whonix unfortunately resigned.

qubes-whonix is the combination of Qubes and Whonix.

What are the tasks of a maintainer?

– answering questions in the forums
– keeping the wiki up to date
– testing of installation, build, upgrade instructions
– having a look at the issue tracker, implementing bug fixes and perhaps new features in team with nrgaway and other contributors
– otherwise self-initiated (guess)work and care keeping- example current task: Qubes Whonix 10 – Testing Instructions and Issues

This is a volunteer position.

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1198

The post qubes-whonix – Whonix on top of Qubes – Looking for Maintainer! appeared first on Whonix.

]]>
https://www.whonix.org/blog/qubes-whonix-maintainer/feed 0
Whonix Anonymous Operating System Version 10 Released! https://www.whonix.org/blog/whonix-10-released https://www.whonix.org/blog/whonix-10-released#comments Mon, 27 Apr 2015 12:38:56 +0000 https://www.whonix.org/blog/?p=1563 Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s

The post Whonix Anonymous Operating System Version 10 Released! appeared first on Whonix.

]]>
Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

Wheezy vs Jessie

Whonix 10 is still based on Debian Wheezy. Work on Whonix 11, which will be based on Debian Jessie has already begun. Help welcome!

Download Whonix for VirtualBox

https://www.whonix.org/wiki/Download

Download Whonix for KVM / QEMU / Qubes

Instructions for KVM:
https://www.whonix.org/wiki/KVM

Instructions for QEMU:
https://www.whonix.org/wiki/QEMU

Instructions for Qubes:
There will be a separate release announcement when it’s ready.

Call for Help

– If you know python, shell scripting (/bin/bash) and/or linux sysadmin, please join us!
– Contribute: https://www.whonix.org/wiki/Contribute
– Donate: https://www.whonix.org/wiki/Donate

If you want to upgrade existing Whonix version using Whonix’s APT repository

– Just do a usual upgrade: https://www.whonix.org/wiki/Security_Guide#Updates

If you want to upgrade existing Whonix version from source code

See https://www.whonix.org/wiki/Dev/BuildDocumentation.

If you want to build images from source code

See https://www.whonix.org/wiki/Dev/BuildDocumentation.

Physical Isolation users

See https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation.

Changelog between Whonix 9 and Whonix 10

See following two blog posts that were calls for testing, these contain the changelogs. Whonix 10.0.0.5.5 has been blessed stable and released as Whonix 10.

https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0
https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-5

Forum Discussion:

https://www.whonix.org/forum/index.php/topic,1186.0.html

The post Whonix Anonymous Operating System Version 10 Released! appeared first on Whonix.

]]>
https://www.whonix.org/blog/whonix-10-released/feed 0
Pre-Release Audit of qubes-whonix 10.0.2-1 https://www.whonix.org/blog/pre-release-audit-of-qubes-whonix-10-0-2-1 https://www.whonix.org/blog/pre-release-audit-of-qubes-whonix-10-0-2-1#comments Fri, 24 Apr 2015 17:41:56 +0000 https://www.whonix.org/blog/?p=1556 This announcement is pertaining to the Qubes + Whonix project for those interested in running Whonix on top of Qubes. We have a newly developed and proposed version (10.0.2-1) of the “qubes-whonix” package, which is the primary module that allows

The post Pre-Release Audit of qubes-whonix 10.0.2-1 appeared first on Whonix.

]]>
This announcement is pertaining to the Qubes + Whonix project for those interested in running Whonix on top of Qubes.

We have a newly developed and proposed version (10.0.2-1) of the “qubes-whonix” package, which is the primary module that allows Whonix to run seamlessly with Qubes. And before we go to release it, we are kicking off a brief audit period that is open to the Qubes + Whonix communities.

So if you have some developer knowledge and would like to look through the code, test things, or raise any usability or security concerns you find, then now is the best time to do so before we go to release the next version in the upcoming days.

This “qubes-whonix” package is planned to be used with the QubesBuilder [1] to generate new versions of the Whonix templates for Qubes.

Feel free to look through the code and let us know if you spot anything that needs attention.

The “qubes-whonix” package code repository is located here:

https://github.com/Whonix/qubes-whonix

You can get more info about the audit and communicate with us through our audit forum thread:

https://www.whonix.org/forum/index.php/topic,1169.0.html

You can find the primary documentation about the Qubes + Whonix project at:

https://www.whonix.org/wiki/Qubes

Note that this audit period is brief and off-the-cuff, as we seem to spring new releases on the community without much notice or involvement. In the future, I hope our team can establish an even better open community centric release process for new versions of Qubes + Whonix with a bit more time for fair warning, auditing, and testing. As an example, Patrick does a good job of this with Whonix releases.

Thanks everyone! 😀

References:
[1] https://www.qubes-os.org/doc/QubesBuilder

The post Pre-Release Audit of qubes-whonix 10.0.2-1 appeared first on Whonix.

]]>
https://www.whonix.org/blog/pre-release-audit-of-qubes-whonix-10-0-2-1/feed 0
Release Candidate! Testers Wanted! Whonix 10 ( 10.0.0.5.5 ) https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-5 https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-5#comments Sun, 19 Apr 2015 20:21:40 +0000 https://www.whonix.org/blog/?p=1551 The version number for this testers-only release is 10.0.0.5.5, which will become Whonix 10 the moment it’s blessed stable. Download link for Virtual Box images (.ova), experimental kvm / qemu / Qubes images and OpenPGP signatures (.asc): http://mirror.whonix.de/10.0.0.5.5/ Upgrading Whonix

The post Release Candidate! Testers Wanted! Whonix 10 ( 10.0.0.5.5 ) appeared first on Whonix.

]]>
The version number for this testers-only release is 10.0.0.5.5, which will become Whonix 10 the moment it’s blessed stable.

Download link for Virtual Box images (.ova), experimental kvm / qemu / Qubes images and OpenPGP signatures (.asc):
http://mirror.whonix.de/10.0.0.5.5/

Upgrading Whonix 9 to Whonix 10:
– from the testers repository

If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1157.0.html

KVM Release Notes:

Existing users should update their xml files. See
https://www.whonix.org/forum/index.php/topic,827.0.html

Changelog between Whonix 9 and Whonix 10.0.0.5.0:

https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0

Changelog between Whonix 10.0.0.5.0 and Whonix 10.0.0.5.5:

– apparmor-profile-whonixcheck: fixes
– apparmor-profile-pidgin: fixes
– whonix-developer-meta-files: added a mirror tester script
– whonix-developer-meta-files: streamlined release maintenance scripts
– fix, no longer install tor package in Whonix-Workstation – https://phabricator.whonix.org/T262
– genmkfile: implemented “make git-tag-push”
– genmkfile: implemented “make reprepro-add”
– removed control-port-filter (bash) from source in favor of control-port-filter-python
– gpg-bash-lib: fixed dry run of gpg –fingerprint
– tb-updater: fix
– apparmor-profile-torbrowser: fixes
– whonix-legacy: fix broken gateway-firsttimesetup.desktop desktop icon after Whonix 9 -> Whonix 10 upgrade
– whonix-legacy: fix “Warning: Could not find ‘/usr/lib/whonixsetup’, starting ‘/bin/bash’ instead.  Please check your profile settings.” by deleting obsolete /etc/xdg/autostart/whonixsetup.desktop – https://www.whonix.org/forum/index.php/topic,971.0.html
– build-steps.d/2600_create-vbox-vm: Allow clipboard copying from the host to guest to ease entering bridges. – https://www.whonix.org/forum/index.php/topic,986.0.html
– Reverted:
— anon-meta-packages: added console-setup to anon-shared-packages-dependencies so users can use /etc/default/keyboard as alternative mechanism to change the keyboard layout
— anon-meta-packages: added console-data to anon-shared-packages-dependencies to make sure all three packages console-setup, console-data and console-common are installed.

The post Release Candidate! Testers Wanted! Whonix 10 ( 10.0.0.5.5 ) appeared first on Whonix.

]]>
https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-5/feed 0
Testers Wanted! Whonix 10 ( 10.0.0.5.0 ) https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0 https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0#comments Thu, 09 Apr 2015 23:07:36 +0000 https://www.whonix.org/blog/?p=1543 The version number for this testers-only release is 10.0.0.5.0, which will become Whonix 10 the moment it’s blessed stable. Download link for Virtual Box images (.ova), experimental kvm /qemu / Qubes images and OpenPGP signatures (.asc): http://mirror.whonix.de/10.0.0.5.0/ Upgrading Whonix 9

The post Testers Wanted! Whonix 10 ( 10.0.0.5.0 ) appeared first on Whonix.

]]>
The version number for this testers-only release is 10.0.0.5.0, which will become Whonix 10 the moment it’s blessed stable.

Download link for Virtual Box images (.ova), experimental kvm /qemu / Qubes images and OpenPGP signatures (.asc):
http://mirror.whonix.de/10.0.0.5.0/

Upgrading Whonix 9 to Whonix 10:
– from the testers repository

If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1123.0.html

KVM Release Notes:

Existing users should update their xml files. See
https://www.whonix.org/forum/index.php/topic,827.0.html

Changelog between Whonix 9 and Whonix 10.0.0.5.0:

– build script: added retry feature to error handler; refactoring; output
– build script: added –auto-retry (default: 1) and –wait-auto-retry (default: 5) to error handler
– build script: implemented –dispatch-before-retry and –dispatch-after-retry
– ram adjusted desktop starter (rads): compatibility with gdm3
– build script:
workaround for
apt: Provide meaningful exit codes for gpg failures
W: A error occurred during the signature verification.
To catch situations such as:
The repository is not updated and the previous index files will be used.
GPG error: http://deb.torproject.org stable Release: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681
That apt-repository would otherwise be silently ignored without error notification.
– tb-default-browser: work on gnome compatibility
– tb-updater: updated man page
– whonixcheck: output
– added https://github.com/Whonix/apparmor-profile-gwenview to Whonix’s APT repository – thanks to @troubadoour
– package selection: install xserver-xorg-video-qxl by default (added xserver-xorg-video-qxl to anon-shared-desktop to aid kvm users getting higher desktop resolutions as per https://www.whonix.org/forum/index.php/topic,493.15/topicseen.html (thanks to HulaHoop for suggesting this))
– package selection: install kde-privacy by default (added kde-privacy to anon-shared-packages-recommended)
– added new package kde-privacy that deactivates deletes klipper contents on exit – thanks to z for suggesting
– package selection: added kde-common-resolution to anon-shared-desktop-kde
– added new package kde-common-resolution: Sets resolution to 1366×768 in KVM and VirtualBox in KDE
– build script: implemented –ignore-uncommitted
– build-script: Use `git clean` rather than “make deb-cleanup” for better security. It is also faster.
– build-script: No longer use `sort` in cleanup step for better security.
– build-script: No longer automatically cleanup before package building.
– build-script: moved whonix_build to help-steps/whonix_build_one
– build-script: renamed whonix_build_all to whonix_build
– build script: Now supports ./whonix_build –tor-gateway –tor-workstation — –build –vbox –qcow2 etc.
– build-script: implemented –all (which combines –tor-gateway –tor-workstation –tor-custom-workstation)
– updated frozen sources
– anon-meta-packages: Removed grub-pc from anon-shared-packages-dependencies. This is a weird dependency. The grub-pc should be already get installed in build-steps.d/1300_create-raw-image build step by grml-debootstrap (./grml_packages) which is fine for VM builds. For –install-to-root users it’s unnecessary, since they already have a booting system. As per https://github.com/Whonix/Whonix/issues/342.
– added new package: usability-misc
– package selection: added usability-misc to anon-shared-packages-recommended
– poweroff-passwordless: only for user “user”, not for all users
– bootclockrandomization: Set OLD_UNIXTIME variable right before calculation of NEW_UNIXTIME so calculation gets more accurate. Thanks to intrigeri for pointing that out! ( https://mailman.boum.org/pipermail/tails-dev/2014-September/006983.html )
– whonixcheck: Whonix News be 30 min lenient about signed before current time, implemented https://github.com/Whonix/Whonix/issues/275
– anon-shared-helper-scripts: added /usr/lib/anon-shared-helper-scripts/tor_signal_newnym.py
– apparmor-profile-(anondist|whonixcheck|sdwdate|timesync): Fixed Whonix-Gateway compatibility.
– anon-gw-anonymizer-config, anon-shared-helper-scripts: Fixed execution of /etc/cron.weeky/tor as per https://www.whonix.org/forum/index.php/topic,584.0.html, thanks to ir1s (https://www.whonix.org/forum/index.php?action=profile;u=335) for the bug report!
usability-misc: create once /home/user/Downloads, /home/user/Pictures
– sdwdate: fix, set sdwdate pool built in defaults to same values as in default config file
– sdwdate: updated time source pools
– sdwdate: fix, be quiet when using –quiet
– sdwdate: New option –echo-unixtime, echo remote unix time even when using –quiet.
– sdwdate: do not do anything if script was sourced (useful for external unit tests)
– sdwdate: create first success file /var/run/sdwdate/first_success
– sdwdate: implemented –timewarp-on-restartup and SDW_MODE restartup
– sdwdate: use sclockadj by default in restartup mode
– sdwdate: init script delete first success file when using force-reload
– sdwdate: init script new debugging option restartndclean
– msgcollector: make sure /var/run/msgcollector is mounted in RAM by mounting it as 10 MB big tmpfs
– msgcollector: use the much more efficient inotifywait rather than sleep/pulling
– msgcollector: msgdispatcher: wait forever in start up phase on very slow systems
– msgcollector: prevent duplicate instances; proper exit codes; clean up all daemons on shut down; refactoring
– whonixcheck: improved output of Whonix News
– timesync: don’t show “please do not use the internet until timesync succeeded” on sdwdate restart (#264) https://github.com/Whonix/Whonix/issues/264
– timesync: show success passive popup only in startup mode, not restartup mode
anon-meta-packages: make anon-workstation-default-applications depend on “pinentry-qt | pinentry-gtk | pinentry-curses | pinentry” rather than hardcoded “pinentry-qt”
– whonix-repository, whonixcheck: updated /usr/share/whonix/whonix-news-keys.d/patrick.asc (extended key until 2016, new key signature)
– msgcollector: implemented –status –progressbarxrunning
– apparmor-profile-whonixcheck: added /usr/share/torbrowser-launcher/torproject.pem r,
– whonixcheck: man page
– whonixcheck: added –no-del-tmp / DEL_TMP=”true” feature
– sdwdate: support use of .onion domains (not use –tlsv1 –proto =https then) for curl time fetching method
– sdwdate: updated man page
– build script: better git tag names that reflect stable, testers-only, developers-only (implemented https://github.com/Whonix/Whonix/issues/276)
– build script: implemented –clean –qcow2
– sdwdate: correct exit codes for sclockadj, sigterm exit 143, sigint exit 130
– anon-ws-disable-stacked-tor: Tor Browser 4.x compatibility fix
– tb-starter: Tor Browser 4.x compatibility fix
– whonixcheck: Improved whonixcheck warning when using multiple Whonix-Workstations on the same IP. Thanks to Jason Ayala for the suggestion (https://github.com/Whonix/Whonix/issues/352#issuecomment-60007137).
– whonixcheck: strip html from Whonix News
– sdwdate: Replaced `sdwdate`’s use of GNU `date` for converting untrusted date from remote servers with a `python` script /usr/lib/sdwdate/date_to_unixtime that uses `dateutil.parser`. Thanks to troubadoour for the review of usr/lib/sdwdate/date_to_unixtime.
timesync: when running timesync, always set clock using `date`, not `sclockadj`
– makefile: new target “make undist”, which deletes the upstream tarball
– makefile: $DISTDIR variable for make (un)dist, which defaults to “..” and can be used to create upstream tarballs in arbitrary locations
– makefile: refactoring, all function names and global variables now start with “make_” to make the script `source`ing friendly
– makefile: made `source`able
– makefile: new target “make debdist” and “make undebdist”
– build script: new whonix_build_config_dirs variable
– whonix-repository: fix root_check
– sdwdate: added libc6-dev as dependency to fix sclockadj error “/usr/include/ruby-2.1.0/ruby/defines.h:26:19: fatal error: stdio.h: No such file or directory” https://github.com/Whonix/Whonix/issues/360
– whonix-(gw|ws)-kde-desktop-conf: removed kde’s default network manager (NM) system tray icon, because it showed a misleading symbol (Whonix does not use NM. It uses ifupdown. NM is only installed by default to ease setting up VPNs.) Thanks to HulaHoop for the report. – https://www.whonix.org/forum/index.php/topic,532.0.html
– build script: deprecated –no-validate-libvirt-xml
– build script: implemented –conffile
– build script: implemented –grmlbin
– package selection: Removed apparmor-profiles from anon-shared-packages-recommended as suggested ( https://www.whonix.org/forum/index.php/topic,97.msg5045.html#msg5045 ) by Whonix AppArmor Profile Maintainer troubadour because they generate a lot of noise while having no effect.
– timesync: added hopefully Debian policy conform support for sending notifications by timesync when being run as sdwdate plugin to other user accounts than user “user”
– uwt: Fixed apt-get stream isolation port, thanks to nrgaway for the report!
– whonix-initializer: work on systemd support
– build script: added dh-systemd to list of build dependencies
– tb-updater: do not ask to start Tor Browser if tb-starter is not installed
build script: workaround for “bash: Shellshock fix breaks bash function exporting” – https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763164 – https://github.com/Whonix/Whonix/issues/367
– build script: use specific codename (wheezy) rather than generic code name (stable) as per “build script broken because of using grml-debootstrap with –release stable” – https://github.com/Whonix/Whonix/issues/368
– build script: updated frozen repository
– sdwdate: output: Use own pid rather than /proc/sys/kernel/random/uuid as ID.
– sdwdate: improved error handler
– sdwdate: Fixed sclockadj home folder permission issue. When users had group writeable permission on their root home folder, sclockadj would break due to ruby-inline complaining. Thanks to Jason Ayala (@JasonJAyalaP) for help fixing this. Now using /var/cache/sdwdate by default as INLINE cache dir. – https://github.com/Whonix/Whonix/issues/365
– sdwdate: stricter sudoers exceptions
– sdwdate: sclockadj fix: Fail when run (as normal user) without rights to change clock. Check return codes of clock_gettime and clock_settime. https://github.com/Whonix/Whonix/issues/370
– build script: new –apparmor has been added to build-steps.d/1200_create-debian-packages. It conveniently only builds all apparmor packages.
– build script: run check-virtualbox-vm-exists and install VirtualBox build dependencies only when using –target virtualbox.
– whonixcheck: Attempt to fix Windows hyperv VirtualBox detection bug: https://www.whonix.org/forum/index.php/topic,732.0.html
– sdwdate: refactoring, moved commands outside of functions form usr/lib/sdwdate/modules.d/sdwdate to usr/bin/sdwdate so usr/lib/sdwdate/modules.d/sdwdate can be sourced (by unit test)
– tb-updater: Create /home/user/tor-browser_$TB_LANG/Browser/Downloads folder for better AppArmor support as suggested by troubadour. – https://www.whonix.org/forum/index.php/topic,97.msg5541.html#msg5541
– build script: new “–target raw” to build raw images
– build script: help-steps/analyze_image: added support for –minimal; added –root as alternative to option name for –install-to-root
– build script: help-steps/analyze_image: –root now supports /path/to/folder, i.e. –root /path/to/folder
– build script: verifiable builds, build-steps.d/2800_create-report: can now analyze other (–target)s than virtualbox, i.e. also qcow2, raw and root.
– build script: verifiable builds, build-steps.d/2800_create-report: can now analyze multiple (–target)s at once.
– tb-starter, whonix-ws-start-menu-additions: fixed long icon bouncing bug when starting (kde launch feedback)
– build script: work on creating debian packaging for creating debs that include vm images
– build script: added packages python-guimessages and packages/whonix-setup-wizard
– build script: added packages/grub-output-verbose and packages/grub-screen-resolution
– build script: added python-all-dev and python-stdeb to build dependencies for building python setup.py packages
– build script: New build parameter –tb none|closed|failed. When set to closed, try installing Tor Browser, failing closed. When set to open, fail open. When unset or set to none, don’t attempt to install Tor Browser (default).
– anon-meta-packages: added console-setup to anon-shared-packages-dependencies so users can use /etc/default/keyboard as alternative mechanism to change the keyboard layout
– anon-meta-packages: added console-data to anon-shared-packages-dependencies to make sure all three packages console-setup, console-data and console-common are installed.
– anon-meta-packages: added menu to anon-shared-packages-recommended because it contains su-to-root. ticket: https://phabricator.whonix.org/T23
– generic makefile: do net set DEBMAIL to adrelanos personal e-mail address if not set
– generic makefile: use only lintian when environment variable make_use_lintian is set to yes
– generic makefile: only use gain_root_cmd when environment variable make_use_gain_root_command is set to true
– generic makefile: unless environment variable make_debdist_tolower is set to false, use lower case for debian tarball
– generic makefile: unless environment variable make_upstream_tarball_tolower is set to false, use lower case for upstream tarball
– generic makefile: also delete deb_dist folder when running make deb-clean
– package selection: Install VirtualBox Guest Additions by default when using –target virtualbox. ticket: https://phabricator.whonix.org/T13 forum discussion: https://www.whonix.org/forum/index.php/topic,758
– tb-starter: link open “Firefox is already running, but is not responding.” bug -> always start Tor Browser with –allow-remote – https://phabricator.whonix.org/T29
– anon-shared-build-inst-tb: Added support for environment variable anon_shared_inst_tb. When set to open, fail open. When set to close, fail close. When unset or set to none, don’t attempt to install Tor Browser.
– whonixcheck: whonixcheckdaemon, added support for .d-style drop-in configuration filers in /etc/default/whonixcheckd.d/
– whonixsetup: in x, prefer starting the graphical version whonix-setup-wizard, fall back to cli version whonixsetup when graphical version is not available
– whonixsetup: removed start menu entry and startup script for cli version whonixsetup because x version whonix-setup-wizard will add its own
– whonix-repository-wizard: added sudoers exception file etc/sudoers.d/whonix-setup-wizard for allowing to start whonix-setup-wizard as root without password for better usability when autostarting it
– tb-updater: Deactivating Tor Browser?s Internal Updater at least as long it does not support verification. See also:
– https://www.whonix.org/blog/tor-browser-updater-warning
– https://www.whonix.org/forum/index.php/topic,807
– tb-updater: make functions skipable through tb_skip_functions environment variable, so users could skip certain patches by using /etc/torbrowser.d configuration folder
– tb-updater: added timeout to extract function
– build script: got rid of grml_packages file in source root folder
– libvirt (KVM, QEMU): removed hugepages default (thanks to HulaHoop for the commit)
– libvirt (KVM, QEMU): disabled new timer hypervclock in libvirt since 1.2.2 (thanks to HulaHoop for the commit)
– build script: let reprepro create local apt repositories also for other architectures to ease porting to other architectures
– build script: moved libvirt folder to its own package https://github.com/Whonix/whonix-libvirt
– whonix-(gw|ws)-firewall: RELATED,ESTABLISHED -> ESTABLISHED https://phabricator.whonix.org/T28
– tb-updater: version parser, match for “-alpha-“, “-beta-“, “-rc-” rather than just “alpha”, “beta”, “rc”
– tb-updater: added experimental –alpha, –beta and –rc switches
– tb-updater: added new key tbb-team.asc as per https://trac.torproject.org/projects/tor/ticket/13407 which I verified to be signed by Georg Koppen
– anon-meta-packages: removed spice-vdagent from anon-shared-packages-recommended, because it became a weak recommended dependency in build-steps.d/1700_install-packages
– build-script: install spice-vdagent as weak recommended dependency
– build-script: show VirtualBox First Run Wizard for Whonix-Custom-Workstation – https://phabricator.whonix.org/T47
– apparmor-profile-torbrowser: added exception for Whonix’s local homepage
– tb-starter: open /usr/share/homepage/whonix-welcome-page/whonix.html as default homepage if that file is existing
– whonix-welcome-page: set, export environment variable TOR_DEFAULT_HOMEPAGE to set TorBrowser homepage to /usr/share/homepage/whonix-welcome-page/whonix.html https://trac.torproject.org/projects/tor/ticket/13835
– packaging: bumped compat from 8 to 9
– sdwdate, tb-updater, anon-shared-helper-scripts: refactoring, use errtrace and therefore fewer trap ERR’s required – https://phabricator.whonix.org/T48
– whonix-developer-meta-files: sign_images, use –verify-options show-notations
– anon-ws-disable-stacked-tor: Added: export TOR_NO_DISPLAY_NETWORK_SETTINGS=1 Environment variable to disable the “TorButton” -> “Open Network Settings…” menu item. It is not useful and confusing to have on a workstation, because Tor must be configured on the gateway, which is for security reasons forbidden from the gateway. https://trac.torproject.org/projects/tor/ticket/14100
– whonix-base-files: set: export TOR_HIDE_BROWSER_LOGO=1 Hide the Tor Browser Bundle (TBB) logo in tor-launcher. This is useful to avoid users confusing TBB and Whonix. Also useful when running tor-launcher in standalone mode, because then it’s not TBB that is starting. Lastly also useful avoid ​trademark issues when redistributing original, unmodified TBB in (linux) distributions. https://trac.torproject.org/projects/tor/ticket/14122 – https://www.torproject.org/docs/trademark-faq.html.en – https://www.whonix.org/wiki/Dev/TPO_Trademark
– whonixcheck: New config variable: whonixcheck_tor_bootstrap_wait_max – Default to 60. How long whonixcheck should wait at maximum until Tor bootstrap finished.
– whonixcheck: warn if whonix-initializer failed
– whonixcheck: ported to gpg-bash-lib
– whonixcheck: set -o errtrace, set -e until trap ERR has been set up
– whonix-initializer: add fail file in case first run initializer failed
– whonix-initializer: changed status file dir from /root/.whonix/ to /var/lib/whonix-initializer/status-files/
– gpg-bash-lib: new package – https://phabricator.whonix.org/T86 – https://github.com/Whonix/gpg-bash-lib
– tb-updater: ported to gpg-bash-lib – https://phabricator.whonix.org/T88 – https://github.com/Whonix/gpg-bash-lib
– tb-updater: Show when signature way made and ask for confirmation. Useful to detect downgrade or infinite freeze attack. – https://phabricator.whonix.org/T95
– tb-updater: Store and show last known signature creation date. – Useful to detect downgrade or infinite freeze attack. – https://phabricator.whonix.org/T96
– tb-updater: Authenticate file names. This is useful to detect a downgrade or indefinite freeze attack. To do this, the sha256sums.txt file needs to be verified using the sha256sums.txt.asc file. When that succeeded, the hash for the archive needs to be created and looked up within sha256sums.txt. – https://phabricator.whonix.org/T98
– open-link-confirmation: added graphical warning sign
– updated frozen repository
– anon-base-files: pre.bsh enable errtrace – https://phabricator.whonix.org/T101
– generic makefile: generic makefile: Check, that environment variable DEBEMAIL is not be empty when using “make deb-chl-bumpup”. Otherwise e-mail address in debian/changelog would default to user@host.localdomain and then lintian would complain and exit with failure code.
– whonixcheck: increased whonixcheck_tor_bootstrap_wait_max from 60 to 90
– build script: set -e before trap ERR gets enabled
– tb-updater: progress bar for extraction process
– anon-gw-anonymizer-config: reserved SocksPort 10.152.152.10:9152 for Tor Messenger – https://phabricator.whonix.org/T107
– anon-ws-disable-stacked-tor: Work on Tor Messenger Support: – Forward workstation 127.0.0.1 9152 to gateway 10.152.152.10 9152. (SocksPort) – Forward workstation 127.0.0.1 9153 to gateway 10.152.152.10 9052 where Control Port Filter Proxy. (ControlPort) – https://phabricator.whonix.org/T107
– whonix-ws-firewall: outgoing rule simplification – https://phabricator.whonix.org/T111
– Fixed Control Port Filter Proxy Connection by adding “iptables -A INPUT -p tcp -j REJECT –reject-with tcp-reset”. – https://phabricator.whonix.org/T112
– whonix-gw-firewall: support multiple external and internal interfaces – https://phabricator.whonix.org/T120
– whonix-gw-firewall: provide an option WORKSTATION_ALLOW_SOCKSIFIED to skip Tor SocksPort iptables rules – https://phabricator.whonix.org/T121
– build script: grml-debootstrap apt-get unsigned package install security bug workaround that is required for jessie and above – https://phabricator.whonix.org/T119
– whonixcheck: added qemu to list of supported virtualizers
– tb-starter: new TB_CUSTOM_HOMEPAGE setting; not touching default link to open when running outside of Whonix
– tb-starter: removed deprecated –recommend feature
– whonix-repository: postinst script, only enable bash -x, if xtrace has been enabled
– whonix-repository: postinst script, show output of whonix_repository tool for better transparency
– makefile: more efficient make install (fixed a bug, run ‘cp -R “$d” “$DESTDIR”‘ just one instead of for every file)
– makefile: if make_use_gain_root_command is unset, “./debian/gain-root-command” is executable and faketime is installed, then automatically set make_use_gain_root_command=”true”
– makefile: source ./make-helper-overrides.bsh if existing to allow overruling of functions
– makefile: source all files in ./make-helper-overrides.d if that folder is existing and if the files in that folder are executable to allow overruling of functions
– makefile: prepend package-version folder in upstream tarball
– makefile: made hardcoded list of folders to install (“bin boot dev etc home lib opt sbin srv sys usr var”) overwriteable through variable make_folder_list_for_un_and_install
– makefile: output
– makefile: new hook make_hook_at_the_end_of_get_destdir
– makefile: mkdir before cp when running make install (i.e. create eventually non-existing DESTDIR)
– makefile: mkdir only when directory does not exist
– makefile: bumped version number to 1.2
– makefile: make uch creates upstream changelog in changelog.upstream rather than debian/changelog.upstream
– makefile: new make deb-uachl-bumpup, Combination of make uch and make deb-chl-bumpup.
– makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning
– makefile: autodetect if lintian is available, automatically using it unless make_use_debian is set to false, failing open if automatically running it
– makefile: new, make lintian
– tb-updater, open-link-confirmation: set default button to cancel
– tb-updater: added progress bar for extraction
– msgcollector: added /usr/lib/msgcollector/pv_wrapper
– tb-updater: support running without having X running by reading answers from stdin
– build script: refactoring, renamed variable whonix_build_script_whonix_package to whonix_build_script_skip_package_install
– anon-shared-build-ban-nonfree: allow packages virtualbox-guest-utils and virtualbox-guest-x11 from contrib to be installed
– tb-updater, whonixcheck, sdwdate: instead of –socks5-hostname, use more modern –proxy + user:password@ip:port syntax for curl for better stream isolation – https://phabricator.whonix.org/T126
– tb-updater: distinct exit codes for each case of abort or failure
– build script: improved error handler output with process and function trace result
– build script: use non-interactive error handler, if stdin is not available
– sdwdate: BREAKING CHANGE: Changed mode of operation. Now using Tor hidden services (.onion) as time source. No longer supporting SSL/TLS, but connections to .onion’s are encrypted end-to-end with the advantage, that no malicious/broken SSL Certificate Authorities can interfere anymore. – https://phabricator.whonix.org/T131
– sdwdate: BRAKING CHANGE: deprecated –proxy, introduced –proxy-ip and –proxy-port
– sdwdate: BREAKING CHANGE: changed pool link format
– sdwdate: support comments for links in pools
– sdwdate: increased interval to INTERVAL=”180″ and MIN_INTERVAL=”60″ – https://phabricator.whonix.org/T147
– sdwdate: ported to url to unixtime
– sdwdate: refactored hook dispatching system for code reduction and to make it easier to add new hooks
– anon-meta-packages: install control-port-filter-python https://github.com/Whonix/control-port-filter-python replacement that has been written by @troubadoour https://github.com/troubadoour rather than control-port-filter https://github.com/Whonix/control-port-filter (bash)
– anon-gw-anonymizer-config: recommend control-port-filter-python rather than control-port-filter
– makefile generic: pass ${1+”$@”} to make_source_overrides_file and make_source_overrides_folder ${1+”$@”}
– makefile generic: added generic _hook_pre and _hook_post mechanism. Before calling any function, function function-name_hook_pre would be called and function-name_hook_post afterwards.
– makefile generic: for make deb-chl-bumpup, require DEBFULLNAME being set
– makefile generic: make deb-cleanup, delete “../${package}_”*-*_*”.deb” rather than “../${package}_”*-*”_all.deb”
– whonix-gw-firewall: provide hook after drop ipv4 invalid packages through variable GATEWAY_IPv4_DROP_INVALID_INCOMING_PACKAGES_POST_HOOK – https://phabricator.whonix.org/T176
– whonixcheck: Added usr/lib/apt-get-wrapper, a wrapper that exits 125, if output of apt-get update begins with “W:” or “E:”. Required to workaround several issues with apt-get exit codes. https://www.whonix.org/wiki/Dev/apt-get#Bugs  https://phabricator.whonix.org/T169
– build-script: check for network failures during build to make sure (security) repository is really in use – https://phabricator.whonix.org/T169
– tb-updater: new multiple version choice graphical user interface – thanks to troubadour for creating it! – https://phabricator.whonix.org/T149
– tb-updater: suggest lowest advertised version number by default because then chances are good, it is a stable and no alpha version – https://phabricator.whonix.org/T130
– tb-updater: fix, install stable rather than alpha by default since TBB version format changed – https://phabricator.whonix.org/T130
– whonixcheck: security workaround for “apt-get update” zero exit code discrepancy for network, gpg failures – https://phabricator.whonix.org/T194
– whonixcheck: output all functions when running –function without argument
– whonixsetup:
— added support for /var/cache/whonix-setup-wizard/status-files/whonixsetup.done
— added support for /var/cache/whonix-setup-wizard/status-files/whonixsetup.skip
— added support for /var/cache/whonix-setup-wizard/status-files/whonix_repository.done
— added support for /var/cache/whonix-setup-wizard/status-files/whonix_repository.skip
— added support for /var/cache/whonix-setup-wizard/status-files/disclaimer.done
— added support for /var/cache/whonix-setup-wizard/status-files/disclaimer.skip
— added support for legacy /var/lib/whonix/do_once/whonixsetup.done
– anon-meta-packages: no longer install anon-gw-first-run-notice by default because it has been incorporated into whonix-setup-wizard – https://phabricator.whonix.org/T228
– build script: break when attempting to build from non-tagged git by default – https://phabricator.whonix.org/T231
– tb-updater: improved architecture detection. ARCH can now be set to i386, i686, amd64 or one could also directly set ARCH_DOWNLOAD to for example to linux32 or linux64.
– whonix-repository: implemented –repository to fix “whonix-setup-wizard repository – code names issue – stable vs wheezy” – https://phabricator.whonix.org/T232
– added whonix-welcome-page to whonix-workstation-packages-recommended
– build script: code simplification – use deb [trusted=yes] rather than local signing key for local apt repository during build – https://phabricator.whonix.org/T246
– build script: check if we are building from a tag or not and –allow-untagged true
– build script: move backup raw image build steps out of main source code – https://phabricator.whonix.org/T249
– build script: build script should provide better optical separation of build steps – https://phabricator.whonix.org/T10
– build-script: build and install genmkfile – https://phabricator.whonix.org/T217
– refactoring: reduced code duplication generated by generic makefile (genmkfile) – https://phabricator.whonix.org/T217
– make tb-starter compatible with TBB 4.5a5 and above – https://phabricator.whonix.org/T253
– control-port-filter-python: added systemd service – https://phabricator.whonix.org/T106
– tb-updater: removed deactivation of TBB internal updater for TBB versions equal or higher than 4.5 because upstream fixed the security issue – https://phabricator.whonix.org/T105
– whonixcheck: implemented whonixcheck general Whonix News file – https://phabricator.whonix.org/T255
– whonixcheck: moved Whonix News files to mirror.whonix.de and use sourceforge as fallback – https://phabricator.whonix.org/T54
– whonix-repository: made baseuri configurable through WHONIX_APT_REPOSITORY_BASEURI environment and /etc/whonix.d configuration variable – https://phabricator.whonix.org/T54
– whonix-repository: moved Whonix APT Repository default baseuri from http://sourceforge.net/projects/whonixdevelopermetafiles/files/internal/ to http://mirror.whonix.de/whonixdevelopermetafiles/internal/
whonix-repository: made baseuri (WHONIX_APT_REPOSITORY_BASEURI) configurable through –baseuri command line parameter
– whonix-repository: add WHONIX_APT_REPOSITORY_BASEURI to auto generated configuration file

The post Testers Wanted! Whonix 10 ( 10.0.0.5.0 ) appeared first on Whonix.

]]>
https://www.whonix.org/blog/testers-wanted-10-10-0-0-5-0/feed 0
towards a somewhat soon release of Whonix 10, postposting jessie/systemd support https://www.whonix.org/blog/towards-whonix-10 https://www.whonix.org/blog/towards-whonix-10#comments Fri, 03 Apr 2015 13:39:11 +0000 https://www.whonix.org/blog/?p=1497 For several reasons… 1) The TODO list for the release of Whonix 10 is getting smaller: https://phabricator.whonix.org/maniphest/?statuses=open&allProjects=PHID-PROJ-azftsdqyk3mbrlzazoc6#R 2) Since the changelog for Whonix 10 is quite long already (https://www.whonix.org/blog/?p=1093&preview=1&_ppp=095bea96f1)… 3) And because of “release early, release often”… 4) And due

The post towards a somewhat soon release of Whonix 10, postposting jessie/systemd support appeared first on Whonix.

]]>
For several reasons…

1) The TODO list for the release of Whonix 10 is getting smaller:
https://phabricator.whonix.org/maniphest/?statuses=open&allProjects=PHID-PROJ-azftsdqyk3mbrlzazoc6#R

2) Since the changelog for Whonix 10 is quite long already (https://www.whonix.org/blog/?p=1093&preview=1&_ppp=095bea96f1)…

3) And because of “release early, release often”…

4) And due to the brokenness of tb-updater, the many security enhancements in Whonix 10 and fixes:
https://www.whonix.org/forum/index.php/topic,1070.0.html
https://www.whonix.org/forum/index.php/topic,939.0.html
https://www.whonix.org/forum/index.php/topic,810.0.html
https://www.whonix.org/forum/index.php/topic,595.0.html

Therefore… I am proposing,
– to finish the remaining Whonix 10 TODO, to get Whonix 10 out somewhat soon
– to move jessie and systemd support [+ stuff someone contributes until then] to release goal of Whonix 11
– to move most Whonix 11 release goals to Whonix 12

Earlier I stated the release goal for Whonix 10 “ready to be upgraded to Debian jessie”. After working on actual jessie and systemd stuff, I learned that this is not really possible. We can either build packages with dh_installinit for wheezy or dh_systemd for jessie. Having them compatible with both suites at once seems unjustifiably difficult. What we could do however would be building a jessie based Whonix 11 and making upgrading to jessie mandatory for that upgrade.

I’ve asked troubadour, if we can remove the Whonix 10 tag for,
– whonix-setup-wizard polishing (https://phabricator.whonix.org/T190) and
– control-port-filter-python improvement (https://phabricator.whonix.org/T243)

What do you think about that plan? Is there anything you absolutely need/want to get merged in time for Whonix 10 – because otherwise everything would go evil – that you can eventually contribute before the rest of the Whonix 10 TODO is done?

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1071

The post towards a somewhat soon release of Whonix 10, postposting jessie/systemd support appeared first on Whonix.

]]>
https://www.whonix.org/blog/towards-whonix-10/feed 0