Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes USB ISO (coming soon) More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Development Notes about Fedora

Fedora[edit]

Consideration for recommending Fedora as host operating system...

Website

• Looks much more friendly and modern.
• It is available over SSL.
• verification instructions are also available over SSL.
• gpg signing key is available over SSL.

Package Manager

• yum is safe as apt according to the theupdateframework.com people

Consideration for using it as Virtual Machine Guest

(i.e. for Whonix-Gateway^™ and Whonix-Workstation^™)

• Is there a tool to create virtual machine images like there is grml-debootstrap for Debian?
  • The feature set of grml-debootstrap seems to be a one-liner solution to getting a full working install.
  • Fedora supports kickstart files, which are the equivalent of Debian preseeding. It should conceivably not be too difficult to achieve a grml-deboostrap experience using kickstart files plus some minimal scripting (if one does not exist already). Fedora has automated builds for docker images.
• The more restrictive approach taken by SELinux (which is default in Fedora) might offer some security benefits.

In-Place Release Upgrades:

• Can be release upgraded in-place from one major release to another major release. ^[1]

Release Cycle:

• Fedora has a relatively short life cycle: each version is usually supported for at least 13 months, where version X is supported only until 1 month after version X+2 is released and with approximately 6 months between most versions.

• Can Whonix keep up with that?

Conflict of interest:

• Fedora won't really get stable since that would obsolete RHEL?

Package repository:

• Smaller than Debian?

apt-transport-tor:

• DNF equivalent is python3-dnf-plugin-torproxy.

Fedora doesn't seem to care about Reproducible Builds.

Other stuff:

• Has not been considered yet.

• What would be particularly interesting is if Whonix could provide a generalized set of scripts to set up the target environment in as much of a distro-agnostic way as possible (perhaps by leveraging Ansible, or similar). Making a working Fedora version in addition to Debian might be a start towards that. → Unrealistic. Would require a dedicated contributor. A port causes a huge amount of work.

• Also interesting would be a containerized version of the Whonix-Gateway that could be easily deployed on a host OS (this provides less anonymity than what Whonix is mainly aiming at, but has different use cases): For example, setting up an OnionPi-style hotspot. Current solutions, like the Adafruit OnionPi tutorial, are (1) not very easily deployable, (2) not as feature-full -- for example, limited to HTTP or particular protocols -- not full isolating proxies, and (3) tend to have a large footprint on the host/root OS -- ideally, one Raspi could be used both for providing a Tor Hotspot and for numerous other functions, with the Tor hotspot functions contained in one LXC and using only a handful of ports and hardware interfaces from the host OS. → Same as above.

Debugging Scriptlets[edit]

1) Add the prerun scriptlet to a file by running the following command (credit^[2]):

rpm -q --queryformat '%{PREUN}\n' qubes-template-whonix-gw-experimental > ~/qubes-template-whonix-gw-experimental.preun

2) Run that script as root while having errexit, xtrace enabled and output exit code:

sudo sh -ex ~/qubes-template-whonix-gw-experimental.preun 0 ; echo $?

Trivia:
The file name qubes-template-whonix-gw-experimental.preun actually doesn't matter. You could use a shorter file name.

misc[edit]

sudo yum langinstall de

Requires newer yum. So at the moment the easiest is using a Fedora based VM as UpdateVM.

sudo qubes-dom0-update langinstall de

Issues[edit]

phone home issue (says closed but is unfixed):

https://github.com/QubesOS/qubes-issues/issues/1814

Forum Discussion[edit]

https://forums.whonix.org/t/port-whonix-to-fedora-as-base-operating-system/16528

See Also[edit]

• Dev/Operating_System#Fedora

Footnotes[edit]

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!