Existing Ports of Whonix ™[edit]

Whonix ™ reported to be running on POWER9 (OpenPOWER), Raptor Talos II using distro-morphing.
Inoffical Whonix ™ Docker port. Not reviwed by Whonix ™ developers.
- https://forums.whonix.org/t/running-whonix-on-kvm-in-linux-containers/14048
- https://github.com/nspin/whonix-now
Some other Whonix ™ on github. Docker ports of on github.

Incomplete Ports of Whonix ™[edit]

Whonix for arm64 / Raspberry Pi ( RPi ) (wiki) (broken, unsupported)
Whonix on Mac M1 (ARM) based: project status / forum discussion

Existing Ports of Kicksecure ™[edit]

ppc64el Kicksecure ™ functional, created using distro-morphing on a test server for Whonix ™ developer Patrick.
Distro-morphing should generate viable images for KVM on arm64.

Packages[edit]

NOTE[edit]

amd64 might imply AMD only. This is wrong.

amd64 means Intel and AMD.

For technical reasons, in Debian (and in many other Linux / Freedom Software related places) both, Intel and AMD, is called amd64. This is common knowledge without controversy among technical people, in doubt see Wikipedia X86-64.

Porting Simplicity[edit]

To simplify ports to other architectures, all of the following packages are optional dependencies. These packages have very useful functionality however to simplify bootstrapping a port of Whonix ™ for a quick motivational milestone to reach of Whonix ™ building and booting, all architecture specific packages are optional dependencies by design in Whonix ™.

Therefore porters do not need to worry about any of the following packages during original porting work.

Most of Whonix ™ packages and all essential packages are architecture independent.

To simplify ports, Whonix ™ repository at time of writing supports the following architectures. ^[1]

amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64 ppc64el s390x sparc source

This might be useful for distro-morphing.

Distro-morphing might be the easiest way to create a proof of concept port of Whonix ™. Following the spirit of Free Support Principle, first experimenting with Debian (which Whonix ™ is based on) first might be helpful.

A production quality, redistributable port of Whonix ™ however should be created using Whonix ™ build script instead of distro-morphing.

bindp[edit]

maintained by third party: yes
compiled: yes
compiled when: at package installation time / at Whonix ™ build time
language: C
no upstream version number
documentation: none
upstream: https://github.com/yongboy/bindp
package source code: https://github.com/Kicksecure/bindp
kernel module: no

lkrg[edit]

maintained by third party: yes
compiled: yes
compiled when: at package installation time / at Whonix ™ build time (if it was pre-installed)
language: C
version number by upstream: yes
upstream architecture support: amd64 only
documentation: Linux Kernel Runtime Guard (LKRG)
upstream: https://lkrg.org/
Debian package source code: https://github.com/Kicksecure/lkrg
kernel module: yes
LKRG Development Discussion

kloak[edit]

maintained by third party: yes
compiled: yes
compiled when: during package build process / at Whonix ™ build time
version number by upstream: yes
architecture support: ?
- https://github.com/vmonaco/kloak/issues/24
- https://github.com/vmonaco/kloak/issues/25
documentation: kloak
upstream: https://github.com/vmonaco/kloak
Debian package source code: https://github.com/Whonix/kloak
kernel module: no
Kloak Forum Discussion

corridor[edit]

maintained by third party: yes
compiled: no
language: sh
version number by upstream: yes
upstream architecture support: any
documentation: Corridor
upstream: https://github.com/rustybird/corridor
Debian package source code: https://github.com/Whonix/corridor
kernel module: no
corridor Development Discussion

Hardened Malloc[edit]

Hardened Memory Allocator

maintained by third party: yes
compiled: yes
language: C
compiled when: at package build time / at Whonix ™ build time (if it was pre-installed)
version number by upstream: yes
upstream architecture support: amd64 only
documentation: Hardened Malloc
upstream: https://github.com/GrapheneOS/hardened_malloc
Debian package source code: https://github.com/Kicksecure/hardened_malloc
kernel module: no
Hardened Malloc Development Discussion
arm64 issue: ticket says closed but is still an issue as per this comment https://github.com/GrapheneOS/hardened_malloc/issues/149#issuecomment-1010526647

monero-gui[edit]

maintained by third party: yes
compiled: yes
compiled when: when upstream compiles it, the monero-gui package contains binaries aqquired from upstream (digital software signature verification is being performed during the packaging process)
version number by upstream: yes
upstream architecture support: amd64 only (?)
documentation: Monero
upstream: https://github.com/monero-project/monero-gui
Debian package source code: https://gitlab.com/Kicksecure/monero-gui
kernel module: no

tb-updater[edit]

maintained by third party: no
compiled: no
contains binaries: no, because it is a downloader script
language: bash
version number by upstream: no
architecture support:
- i386 and amd64
  - For the Linux platform The Tor Project is only providing i386 and amd64 downloads. See https://dist.torproject.org/torbrowser/.
- arm64 -> https://forums.whonix.org/t/arm64-tor-browser/11806
Debian package source code: https://github.com/Kicksecure/tb-updater
kernel module: no

tirdad[edit]

maintained by third party: yes
compiled: yes
compiled when: at package installation time / at Whonix ™ build time
version number by upstream: upstream does not (yet) provide version numbers
architecture support: amd64 only
documentation: TODO
upstream: https://github.com/0xsirus/tirdad
Debian package source code: https://github.com/Kicksecure/tirdad
kernel module: yes
tirdad Development Discussion

binaries-freedom[edit]

Currently not in use.

tor[edit]

Architectures amd64, i386 and arm64 are using the deb.torproject.org tor package. A newer version. The latest stable version provided by The Tor Project for the stable release of Debian. Why? See Dev/Tor and https://forums.whonix.org/t/tor-package-urgently-needs-update-to-v0-4-6-8-due-to-tor-browser-11-stable-fingerprintability/12762.
Architectures other than amd64, i386 and arm64 are using the packages.debian.org tor package. An older version. The frozen stable version provided by Debian for Debian stable. This has a disadvantage: https://forums.whonix.org/t/tor-package-urgently-needs-update-to-v0-4-6-8-due-to-tor-browser-11-stable-fingerprintability/12762
package maintained by third party: yes
compiled during package build process: no
contains binaries: yes
version number by upstream: yes

Check Tor SocksPort Reachability[edit]

On Whonix-Workstation ™. Test.

{{Curl_Plain}} 10.152.152.10:9100 ; echo $?

Should show.

<html>
<head>
<title>Tor is not an HTTP Proxy</title>
</head>
<body>
<h1>Tor is not an HTTP Proxy</h1>
<p>
It appears you have configured your web browser to use Tor as an HTTP proxy.
This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.
Please configure your client accordingly.
</p>
<p>
See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.
<!-- Plus this comment, to make the body response more than 512 bytes, so      IE will be willing to display it. Comment comment comment comment      comment comment comment comment comment comment comment comment.-→
</p>
</body>
</html>
0

Otherwise, it would be a grave error (Tor SocksPort not reachable).

Check CPFP Reachability[edit]

On Whonix-Workstation ™. Test.

{{Curl_Plain}} 10.152.152.10:9052

Should show.

510 Prohibited command "GET / HTTP/1.1"
510 Prohibited command "User-Agent: curl/7.26.0"
510 Prohibited command "Host: 10.152.152.10:9052"
510 Prohibited command "Accept: */*"
510 Unrecognized command ""

Otherwise, it would be a grave error (CPFP not reachable).

Forum Discussion[edit]

https://forums.whonix.org/t/architecture-specific-compiled-third-party-special-packages-porting-whonix/8562

RPM[edit]

These are some random notes about porting Whonix ™ update debs to rpm.

What would have to be done:

create rpm package
Find a replacement for config-package-dev, a package which allows third party packages (Whonix ™) to own files which are owned by other packages. Such as /etc/tor/torrc is owned by tor, but anon-gw-anonymizer-config includes its own config file.
add init scripts (currently done by debhelper)
add man pages (currently done by debhelper and ronn, see debian/rules)
minor: replacement for dh_apparmor

Footnotes[edit]

Whonix ™ The most watertight privacy operating system in the world.

Donate

FREE · PLUS · PREMIUM Support

Dark mode

At Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software. Learn more.

Whonix ™ is supported by Evolution Host DDoS Protected VPS.

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole. By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service , Privacy Policy , Cookie Policy , E-Sign Consent , DMCA , Imprint Whonix

ENCRYPTED SUPPORT LP, 2022

↑
- https://github.com/Whonix/blob/master/aptrepo_remote/conf/distributions#L7
- https://github.com/Whonix/blob/master/aptrepo_local/conf/distributions#L7

[1] 
https://github.com/Whonix/blob/master/aptrepo_remote/conf/distributions#L7

https://github.com/Whonix/blob/master/aptrepo_local/conf/distributions#L7

[2] ttps://github.com/Whonix/blob/master/aptrepo_remote/conf/distributions#L7

[3] ttps://github.com/Whonix/blob/master/aptrepo_local/conf/distributions#L7

[1]

Existing Ports of and Porting Whonix ™ to other Architectures

Contents