Actions

Dev/Installation from Repository

From Whonix

< Dev



An installation of Debian can be transformed into Whonix ™ or Kicksecure ™. Also known as proverbial "sudo apt-get install whonix". This is also called distro-morphing. [1]

The following meta packages:

  • non-qubes-whonix-gateway-cli
  • non-qubes-whonix-gateway-xfce
  • non-qubes-whonix-workstation-cli
  • non-qubes-whonix-workstation-xfce
  • kicksecure-cli
  • kicksecure-cli-vm
  • kicksecure-xfce
  • kicksecure-xfce-vm

can be installed on Debian as per instructions Whonix ™ Packages for Debian Hosts.

This is unsupported, not tested by any Whonix ™ contributors and might need some work. What's missing?

This is being used in the wild. [archive]

From Source Code[edit]

Above instructions use packages from Whonix ™ binary repository. Transforming Debian to Whonix ™ or Kicksecure ™ is also possible from a local APT repository, i.e. without touching Whonix ™ binary repository. If you want to install from source code, info and scripts for automation (package building, creating a local repository, installation) are available [2] [3] [4] but could use better documentation.

Forum Discussion[edit]

https://forums.whonix.org/t/sudo-apt-get-install-whonix-part-i-distro-morphing/2346 [archive]

Distro Morphing vs Builds[edit]

What is the difference between a build (image downloaded or created from source code) versus distro morphing installation method?

  • It is quite similar as it should be.

Advantages of builds are that these are "cleaner":

  • Have tighter control over the packages getting installed. Using Debian installer is kinda like a "wonder box" what packages get installed. Difficult to predict what packages will be installed without skills to understand Debian installer. When using builds one can see what packages will be installed by studying mostly 1 file + dependency packages.
  • More likely to get the same tested build that developers and users received.
  • More likely to really get the distribution. Distro morphing might fail due to user error and not get noticed by novice users.
  • Redistributable.
    • No daemons where ever started inside the chroot. (Builds where created by mounting the image and chroot'ing into it while preventing daemons from starting.)
      • Start of daemons inside the image creates several persistent private user data files which must not be re-used by third parties such as the public. In other words, the public should not be using these private user data files as this would be insecure. Such private user data files are for example entropy seeds or Tor state files such as Tor entry guards.
      • Cleaning such files at the end of the creation of the image is not a reliable method either since that depends on what packages are installed by default which changes over time and what private data daemons create which also changes over time. There is no such list or research into that topic.
      • By creating a clean image, it used to be created twice and then compared to check what kinda of private data leaked into it.
    • Fewer non-deterministic artifacts which would hinder accomplishment of the reproducible builds [archive] goal.
    • Fewer superfluous packages. Build dependencies are only installed on the build machine. Not installed inside the build.

See Also[edit]

Footnotes[edit]



text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Dev/Installation from Repository&body=https://www.whonix.org/wiki/Dev/Installation_from_Repository link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Dev/Installation_from_Repository&title=Dev/Installation from Repository link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Dev/Installation_from_Repository&t=Dev/Installation from Repository link=https://mastodon.technology/share?message=Dev/Installation from Repository%20https://www.whonix.org/wiki/Dev/Installation_from_Repository&t=Dev/Installation from Repository

Please contribute by helping to answer Whonix ™ questions.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.