Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes Intel / AMD64 ARM64 PPC64 USB ISO Raspberry Pi More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Development Notes about Fedora

Considerations for recommending Fedora as a host operating system...

Website

• Looks much more friendly and modern.
• It is available over SSL.
• Verification instructions are also available over SSL.
• The GPG signing key is available over SSL.

Package Manager

• yum is considered as safe as apt according to the theupdateframework.com people.

Considerations for using it as a Virtual Machine Guest

(i.e. for Whonix-Gateway^™ and Whonix-Workstation^™)

• Is there a tool to create virtual machine images like there is grml-debootstrap for Debian?
  • The feature set of grml-debootstrap seems to provide a one-liner solution for getting a fully working install.
  • Fedora supports kickstart files, which are equivalent to Debian preseeding. It should conceivably not be too difficult to achieve a grml-debootstrap experience using kickstart files plus some minimal scripting (if one does not already exist). Fedora has automated builds for Docker images.
• The more restrictive approach taken by SELinux (which is the default in Fedora) might offer some security benefits.

In-Place Release Upgrades:

• Can be release-upgraded in-place from one major release to another. ^[1]

Release Cycle:

• Fedora has a relatively short life cycle: each version is usually supported for at least 13 months, where version X is supported only until 1 month after version X+2 is released and with approximately 6 months between most versions.

• Can Whonix keep up with that?

Conflict of Interest:

• Fedora won't really become stable since that would obsolete RHEL?

Package Repository:

• Smaller than Debian?

apt-transport-tor:

• The DNF equivalent is python3-dnf-plugin-torproxy.

Fedora doesn't seem to care about Reproducible Builds.

Other considerations:

• Has not been considered yet.
• What would be particularly interesting is if Whonix could provide a generalized set of scripts to set up the target environment in a distro-agnostic way (perhaps by leveraging Ansible or similar). Creating a working Fedora version in addition to Debian might be a step toward that. → Unrealistic. Would require a dedicated contributor. A port causes a huge amount of work.
• Also interesting would be a containerized version of the Whonix-Gateway that could be easily deployed on a host OS (this provides less anonymity than what Whonix mainly aims for, but serves different use cases): for example, setting up an OnionPi-style hotspot. Current solutions, like the Adafruit OnionPi tutorial, are (1) not very easily deployable, (2) not as feature-rich, for example, limited to HTTP or specific protocols, not full isolating proxies, and (3) tend to have a large footprint on the host/root OS. -- ideally, one Raspi could be used both for providing a Tor Hotspot and for numerous other functions, with the Tor hotspot functions contained in one LXC and using only a handful of ports and hardware interfaces from the host OS. → Same as above.

1) Add the prerun scriptlet to a file by running the following command (credit^[2]):

rpm -q --queryformat '%{PREUN}\n' qubes-template-whonix-gw-experimental > ~/qubes-template-whonix-gw-experimental.preun

2) Run that script as root while having errexit, xtrace enabled and output the exit code:

sudo sh -ex ~/qubes-template-whonix-gw-experimental.preun 0 ; echo $?

Trivia:
The file name qubes-template-whonix-gw-experimental.preun actually doesn't matter. You could use a shorter file name.

sudo yum langinstall de

Requires a newer version of yum. So at the moment, the easiest solution is using a Fedora-based VM as UpdateVM.

sudo qubes-dom0-update langinstall de

Phone home issue (says closed but remains unfixed):

https://github.com/QubesOS/qubes-issues/issues/1814

https://forums.whonix.org/t/port-whonix-to-fedora-as-base-operating-system/16528

• Dev/Operating_System#Fedora

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Whonix is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!