From Whonix
< Dev
Jump to navigation Jump to search

OnionShare Logo

Ambox warning pn.svg.png Developers only! Risk of Tor over Tor!


  • Qubes-Whonix ™ users should consider creating a separate, cloned whonix-ws-16-onionshare Template before installing OnionShare/flatpak.
  • OnionShare from the Debian stable repository is suitable for most users. Flatpak can be utilized for later OnionShare versions; v2.4 is packaged at the time of writing. [1]

Flatpak OnionShare Installation[edit]

Install onionshare via flatpak.

1. Add flathub repository. [2]

Non-Qubes-Whonix ™:

flatpak remote-add --if-not-exists flathub

Qubes-Whonix ™ (in the anon-whonix App Qube):

flatpak --user remote-add --if-not-exists flathub

2. Install the flatpak onionshare package.

Non-Qubes-Whonix ™:

flatpak install flathub org.onionshare.onionshare

Qubes-Whonix ™ (in the anon-whonix App Qube):

flatpak --user install flathub org.onionshare.onionshare

Done. The procedure of installing onionshare is complete.

3. Upgrades notice.

Note: this procedure will not keep the software up-to-date. How to update installation installed by flatpak is also documented on the Operating System Software and Updates wiki page.


Flatpak installed OnionShare does not listen on all network interfaces but only. It is therefore unreachable from Whonix-Gateway ™. This is because file /usr/share/anon-ws-base-files/workstation does not exist inside the Flatpak folder.


Does the following help?

sudo mkdir /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files

sudo touch /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files/workstation

flatpak breaks application's Whonix detection


To see what's happening "under the hood". When using Debian package installed OnionShare version only. This does not work for Flatpak installed OnionShare version.

uwtwrapper_verbose=1 onionshare

View listener.

netstat -tulpen

Should show Local Address, meaning listening on all interfaces which is required in case of Whonix ™ so onionshare running inside Whonix-Workstation ™ can be reached from Whonix-Gateway. (As opposed to onionshare running on a host without Whonix ™ where it should listen on localhost onl.y

Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 *               LISTEN      1000       30959      4009/python3 and is no longer required since Whonix ™ 16 (Debian bullseye based).

/usr/bin/onionshare.anondist-orig a