Jump to: navigation, search

Dev/Fedora

< Dev


Fedora[edit]

Consideration for recommending Fedora as host operating system...

Website

  • Looks much more friendly and modern.
  • It's available over SSL.
  • verification instructions are also available over SSL.
  • gpg signing key is available over SSL.

Package Manager

  • yum is safe as apt according to the theupdateframework.com people

Consideration for using it as Virtual Machine Guest

(i.e. for Whonix-Gateway and Whonix-Workstation)

  • Is there a tool to create virtual machine images like there is grml-debootstrap for Debian?
    • The feature set of grml-debootstrap seems to be a one-liner solution to getting a full working install.
    • Fedora supports kickstart files, which are the equivalent of Debian preseeding. It should conceivably not be too difficult to achieve a grml-deboostrap experience using kickstart files plus some minimal scripting (if one does not exist already). Fedora has automated builds for docker images.
  • The more restrictive approach taken by SELinux (which is default in Fedora) might offer some security benefits.

Other stuff.

  • Has not been considered yet.
  • What would be particularly interesting is if Whonix could provide a generalized set of scripts to set up the target environment in as much of a distro-agnostic way as possible (perhaps by leveraging Ansible, or similar). Making a working Fedora version in addition to Debian might be a start towards that. -> Unrealistic. Would require a dedicated maintainer. A port causes a huge amount of work.
  • Also interesting would be a containerized version of the Whonix-Gateway that could be easily deployed on a host OS (this provides less anonymity than what Whonix is mainly aiming at, but has different use cases): For example, setting up an OnionPi-style hotspot. Current solutions, like the Adafruit OnionPi tutorial, are (1) not very easily deployable, (2) not as feature-full -- for example, limited to HTTP or particular protocols -- not full isolating proxies, and (3) tend to have a large footprint on the host/root OS -- ideally, one Raspi could be used both for providing a Tor Hotspot and for numerous other functions, with the Tor hotspot functions contained in one LXC and using only a handful of ports and hardware interfaces from the host OS. -> Same as above.

Debugging Scriptlets[edit]

1) Add the prerun scriptlet to a file by running the following command (credit[1]):

rpm -q --queryformat '%{PREUN}\n' qubes-template-whonix-gw-experimental > ~/qubes-template-whonix-gw-experimental.preun

2) Run that script as root while having errexit, xtrace enabled and output exit code:

sudo sh -ex ~/qubes-template-whonix-gw-experimental.preun 0 ; echo $?

Trivia:
The file name qubes-template-whonix-gw-experimental.preun actually doesn't matter. You could use a shorter file name.

misc[edit]

sudo yum langinstall de

Requires newer yum. So at the moment the easiest is using a Fedora based VM as UpdateVM.

sudo qubes-dom0-update langinstall de

Footnotes[edit]

  1. Thanks to airfishey for it's answer on unix.stackexchange.

Random News:

Did you know that anyone can edit Whonix's wiki?


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.