Dev/OnionShare
Donate
OnionShare LogoOnionShare in Whonix - Development Notes
Developers only! Risk of Tor over Tor!
Notes[edit]
- Qubes-Whonix™ users should consider creating a separate, cloned
whonix-workstation-17-onionshareTemplate before installing OnionShare/flatpak. - OnionShare from the Debian stable repository is suitable for most users. Flatpak can be utilized for later OnionShare versions; v2.4 is packaged at the time of writing. [1]
[edit]
Install onionshare via flatpak.
1. Add a Flatpak repository.
A : Non-Qubes-Whonix
===Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.
B : Qubes-Whonix Template
===whonix-workstation-17)Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.
C : Qubes-Whonix App Qube
anon-whonix)The user needs to 
Enable the Flathub Repository
. Must be enabled per-user.
2. Install the flatpak onionshare package.
B : Qubes-Whonix Template
===Qubes-Whonix Template (whonix-workstation-17) [3]
Note: Advanced users that uninstalled the qubes-core-agent-passwordless-sudo package should see forum thread Warning: Flatpak system operation Deploy not allowed for user
.
http_proxy=http://127.0.0.1:8082 https_proxy=$http_proxy flatpak install flathub onionshare
C : Qubes-Whonix App Qube
Qubes-Whonix App Qube (anon-whonix) [4]
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub onionshare
3. Done.
The procedure of installing onionshare is complete.
4. Upgrades notice.
Note: this procedure will not keep the software up-to-date. How to update installation installed by flatpak is also documented on the Operating System Software and Updates wiki page.
Issue[edit]
Flatpak installed OnionShare does not listen on all network interfaces but 127.0.0.1 only. It is therefore unreachable from Whonix-Gateway™. This is because file /usr/share/anon-ws-base-files/workstation does not exist inside the Flatpak folder.
related:
https://github.com/onionshare/onionshare/blob/develop/cli/onionshare_cli/web/web.py#L360_L364
Does the following help?
sudo mkdir /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files
sudo touch /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files/workstation
flatpak breaks application's Whonix detection #4640
Debugging[edit]
To see what's happening "under the hood". When using Debian package installed OnionShare version only. This does not work for Flatpak installed OnionShare version.
uwtwrapper_verbose=1 onionshare
View listener.
netstat -tulpen
Should show Local Address 0.0.0.0, meaning listening on all interfaces which is required in case of Whonix so onionshare running inside Whonix-Workstation™ can be reached from Whonix-Gateway. (As opposed to onionshare running on a host without Whonix where it should listen on localhost 127.0.0.1 onl.y
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name [...] tcp 0 0 0.0.0.0:17605 0.0.0.0:* LISTEN 1000 30959 4009/python3
uwt and bindp is no longer required since Whonix 16 (Debian bullseye based).
/usr/bin/onionshare.anondist-orig a
Footnotes[edit]
- ↑
https://flathub.org/apps/details/org.onionshare.OnionShare
- ↑
Non-Qubes-Whonix:
- system-wide (requires administrative ("root") rights) (compatible with noexec): flatpak install flathub {{{package}}}
- per-user (no administrative rights required) (probably not compatible with noexec): flatpak --user install flathub {{{package}}}
- <>usability:</> Flathub is enabled by default system-wide but not per-user.
- multi-user: On a multi-user system (probably if multiple human users use the same computer, which is rare nowadays), system-wide might be preferable as this saves disk space.
- At preset: Does not make any difference.
- Future-proof: Per-user might be more future-proof. It would be compatible with future Whonix security improvements user-sysmaint-split. However, noexec for the home folder is to be considered later, at which point this documentation needs to be updated once that has been implemented.
- ↑
Qubes-Whonix Template:
flatpakcannot be used with the--useroption. This is because in case of using a Qubes Template, the flatpak needs to be installed system-wide into the/var/lib/flatpakfolder. This is due to Qubes Persistence. If the--useroption was used, the flatpak would only be available in the Template's home folder but not in any App Qube based on that Template, because App Qubes have their own independent home folder. - ↑
Qubes-Whonix App Qube:
flatpakshould be used with the--useroption. This is because in case of using an App Qube, the flatpak needs to be installed per-user only into the~/.local/share/flatpakfolder and not system-wide. This is due to Qubes Persistence. If the--useroption was not used, the flatpak would only be available in the App Qube's non-persistent/var/lib/flatpakfolder located in the root image.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!