Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes USB ISO (coming soon) More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

An installation of Debian can be transformed into Whonix. Also known as proverbial "sudo apt install whonix". This is also called distro-morphing .

Is this technically feasible? Yes. Here are some examples.

• This is being used in the wild.
• This is how Qubes-Whonix^™ is build. ^[1]
• Installing Kicksecure^™ in a chroot
• Kicksecure^™ installation for Debian

Support Status[edit]

This is unsupported for acquiring Non-Qubes-Whonix^™, not tested by any Whonix contributors and might need some work. What's missing?

Organisational:

• instructions
• a contributor
• testing

Technical:

• While distro-morphing Debian into Whonix should be a stable process because it is very similar to how official Whonix downlodable images are built), what's missing is instructions how users get the required VM settings which are crucial to properly connect Whonix-Workstation^™ to Whonix-Gateway^™ among other VM settings (see source code). Instructions would be roughly:

1. Set up the VM settings for Whonix-Workstation and Whonix-Gateway

Either by looking at the source code how the VM settings are configured or by downloading an official VM image.

2. Set up a new virtual hard drive.

3. Install a minimal Debian.

4. Distro-morphing Debian into Whonix.

These instructions would be similar to the examples listed on the top of this page, perhaps specifically Kicksecure^™ installation for Debian .

5. Done.

The process of distro-morphing Debian into Whonix has been completed.

Meta Packages[edit]

The following meta packages:

• non-qubes-whonix-gateway-cli
• non-qubes-whonix-gateway-xfce
• non-qubes-whonix-workstation-cli
• non-qubes-whonix-workstation-xfce

can be installed on Debian as per instructions Whonix Packages for Debian Hosts.

From Source Code[edit]

Above instructions use packages from Whonix binary repository. Transforming Debian to Whonix is also possible from a local APT repository, i.e. without touching Whonix binary repository. If you want to install from source code, info and scripts for automation (package building, creating a local repository, installation) are available ^{[2] [3] [4]} but could use better documentation.

Forum Discussion[edit]

https://forums.whonix.org/t/sudo-apt-get-install-whonix-part-i-distro-morphing/2346

Distro Morphing vs Builds[edit]

What is the difference between a build (image downloaded or created from source code) versus distro morphing installation method?

• It is quite similar as it should be.

Advantages of builds are that these are "cleaner":

• Have tighter control over the packages getting installed. Using Debian installer is kinda like a "wonder box" what packages get installed. Difficult to predict what packages will be installed without skills to understand Debian installer. When using builds one can see what packages will be installed by studying mostly 1 file + dependency packages.
• More likely to get the same tested build that developers and users received.
• More likely to really get the distribution. Distro morphing might fail due to user error and not get noticed by novice users.
• Redistributable.
  • No daemons where ever started inside the chroot. (Builds where created by mounting the image and chroot'ing into it while preventing daemons from starting.)
    • Start of daemons inside the image creates several persistent private user data files which must not be re-used by third parties such as the public. In other words, the public should not be using these private user data files as this would be insecure. Such private user data files are for example entropy seeds or Tor state files such as Tor entry guards.
    • Cleaning such files at the end of the creation of the image is not a reliable method either since that depends on what packages are installed by default which changes over time and what private data daemons create which also changes over time. There is no such list or research into that topic.
    • By creating a clean image, it used to be created twice and then compared to check what kinda of private data leaked into it.
  • Fewer non-deterministic artifacts which would hinder accomplishment of the reproducible builds goal.
  • Fewer superfluous packages. Build dependencies are only installed on the build machine. Not installed inside the build.

See Also[edit]

• Whonix Packages for Debian Hosts
• Whonix Debian Packages
• Building/upgrading Whonix debian packages from source code
• Install Kicksecure^™ inside Debian

Footnotes[edit]

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!