Dev/Linux Installer

From Whonix
< Dev


A curl bash pipe (Dev/curl bash pipe)





  • install what
    • potentially later to be extended to download KVM version instead (this could be difficult)
  • signed version numbers instead of querying API
    • no need to distrust the source if we are verifying its signature.
    • the API is for HTTP (curl) not for rsync.



  • if vms were already imported, ask user if they want to start the vms.
  • log important commands.
  • change default download directory to $HOME/installer-dist-download.
  • set default license answer to agree.
    • can't do that on whiptail because of its limitations. When text is too long and scrolltext is needed, the yesno box does not display a default item. (note: --default-item is for items in the box to be selected as menu for example, not for buttons).
  • if vm was imported
    • start (default) (safe)
    • force-download (difficult to understand purpose for users)
    • factory-reset (can lead to data loss)
  • man page
  • bash completion
  • zsh completion
  • changing default features (download Whonix vs KS) depending on the name of the script
  • download from clearnet by default, support command line parameter to download from onion instead
  • check if fasttrack repo is already enabled clearnet/onion
  • wrap all into a function (guard bash pipe against server partial content transfer)
  • call specific functions only such as get_version for testing
    • dry-run mode was implemented instead because some functions depends on many others being called before.
  • check architecture - anything other than amd64 is unsupported by VirtualBox
    • check uname --machine is x86_64
    • this might be different later for KVM
    • check early
    • notify in textual output early
    • remind that this is a missing step at the end of the instillation process
      • do not offer to start VirtualBox because of this
  • check if enough disk space is available
  • use API to get latest stable version number
    • command line switch to download testers version instead
    • command line switch or env var to select arbitrary version
  • Multi distribution support:
    • Debian bullseye
    • Ubuntu 22.04
    • Kicksecure 16
  • Debian:
    • install fasttrack signing key
    • add fasttrack repository
  • Ubuntu:
    • check it's Ubuntu 22.04 or above - warn/abort for earlier versions
  • Kicksecure:
    • Installation is simpler than on Debian. This is already documented on VirtualBox/XFCE
  • install what?
    • Whonix for VirtualBox
    • potentially later to be extended to download Kicksecure
      • therefore the download location URL needs to be a variable
  • download progress meter needed
  • source code design optimization
    • Split into separate functions or scripts that do checks versus those that perform tasks.
      • What are tasks? For example, updating the package lists, install VirtualBox, download Whonix, import Whonix VMs.
      • Maybe good if these scripts can be tested standalone to make these easier to maintain?
      • Perhaps some shared command line parsing / variables are needed?
  • torify connections without changing user configuration
    • do not spawn a daemon, this bypass the main daemon bridges etc.
    • do not edit user configuration, this is very hard to do right and to do clean up later
    • give command line option to use a SOCKS proxy so user specify their own, if none specified, user tor variable TOR_SOCKS_HOST (default: and TOR_SOCKS_PORT. If the TOR_SOCKS_PORT is not set at all, default to TBB 9150 and then system tor 9050.
  • Accept legal texts vs --no-interactive
  • privileged user
    • run as user and makes inform about having long timeouts for the user password, because logged in as root is not a good option and the script won't know to which user add to the group vboxusers.
    • demand to not run as root
    • choose sudo, doas, su.
  • abort if the VMs already exist?
    • the system updates with apt, the VM file name version could still be using a previous version. Abort and inform.
    • if the VM is deleted, user could lose user data.
  • idempotent - possible to re-run the installer multiple times without breaking things


  • Needs to keep updating the user, inform approximately how long things will take. "This will take a moment." "This will take a while." This is needed to reassure the user that the installer isn't frozen, which then results to the user closing the installer which then results in the installer being run multiple times which shouldn't but could cause issues.
    • log function implemented to be verbose about the running commands.

installer-dist -l info

installer-dist: [NOTICE]: Testing internet connection...
verify depth is 4

Please show the command that is used to test internet connection. (Since using debug level info.)

installer-dist: [INFO]: Acquiring guest version from API.
installer-dist: [INFO]: API host:

Same as above.

installer-dist: [NOTICE]: Downloading rsync://
opening connection using: /usr/bin/rsync-ssl --HELPER rsync --server --daemon .  (7 args)
verify depth is 4
sending daemon args: --server --sender -vvze.LsfxCIvu --timeout=600 . whonix/ova/  (6 args)
delta-transmission enabled

Same as above.


  • check if virtualization is enabled in BIOS