General Note about CI Services in use for Building Whonix ™
Since all Continuous Integration [archive] (CI) services we know of run Ubuntu and Whonix ™ is based on Debian, it was required to add a few CI specific workarounds to Whonix ™ build script. Therefore, if a CI build works, that doesn't necessarily mean, that a Debian based build would succeed as well. So the usefulness of the results is a bit limited. Nevertheless, compatibility with CI environments is a very useful "stress test" for the build script. It helps early spotting most bugs, which break the build.
Since there are no free CI services supporting mount (device-mapper), there is unfortunately no CI service which could be used for building Whonix ™ Virtual Machine images. Instead, we're CI's for simulating builds of Whonix ™ Debian Packages as well as (minimal or full) --install-to-root builds.
CI Services in Use
- Whonix ™ Travis [archive]
- Whonix ™ .travis.yml [archive]
- Whonix ™ .travis.yaml validatior [archive]
- We're using Travis CI to see if we can build Physically Isolated Whonix-Gateway ™ or Whonix-Workstation ™.
- Status Badges [archive]
Some more technical notes:
- Build time hard limit 50 minutes [archive]
- Build time inactivity limit 10 minutes [archive]
- Support says: The command and the URL to clone currently can't be influenced.
- These commands "$ rvm use default --install --binary --fuzzy ; $ ruby --version ; $ rvm --version ; $ gem --version" are not required. Support says: As for the commands listed, those can't be removed either, and they shouldn't add any significant load or time to your build.
- Support says: Regarding retaining storage, we have an APT caching service in the works, that's currently in testing. It won't be host-local, but it'll be network-local.
- Build failed log: https://api.travis-ci.org/jobs/12119447/log.txt?deansi=true [archive] - Failed due to missing device-mapper. No idea if possible to fix. - Opened a ticket. [archive]
- very low entropy, gpg key creation takes very long [archive]; impossible to start haveged daemon [archive]: workaround in place. 
- If image creation is not possible, Travis CI could still be used to check if the whonix_build script works with
- stop a build button [archive]
- Only building Whonix ™ Debian Packages. No virtual machine images or physically isolated machines, because build timeout is too short. Only running.
sudo -E ./build-steps.d/1100_prepare-build-machine --target root sudo -E ./build-steps.d/1200_create-debian-packages
- Whonix ™ drone.io [archive]
- Build timeout 15 minutes [archive]?
- github web hook (activated): https://drone.io/hook?id=github.com%2FWhonix%2FWhonix [archive]
Other CI Services not in use due to issues
- No root. - Asked support. - Impossible to build Whonix ™ VM images. kpartx and mount require root.
- Whonix ™ codeship.io [archive]
- "Due to our limited capacity we cannot accept all projects at once and that's why your subscription was queued. As we increase our capacity we will allow more and more open-source projects, based on a first registered, first served policy. Here is your position in the queue:" 198 Whonix
- has $WERCKER_CACHE_DIR
- gpg key creation takes very very log due to low entropy - asked support
- another issue while running grml-debootstrap
/dev/mapper/control: open failed: Operation not permitted Failure to communicate with kernel device-mapper driver. device mapper prerequisites not met * Error setting up loopback device. -> Failed (rc=1)
- If is CI detected... Linking to . In CI environment, there is usually very little entropy. Therefore gpg key creation takes very long. Since no images are deployed from CI systems, we can do this.