Dev/Redistribution
Donate
Design and Developer Documentation about Redistribution of Whonix.
Introduction[edit]
Developers only!
These are notes for producing official downloadable binary Whonix images.
Only required if you want to redistribute (official) Whonix builds.
Pre Building[edit]
Major Upgrade[edit]
Check if updates needed:
1. https://github.com/Kicksecure/kicksecure-base-files/blob/master/etc/kicksecure_version
2. https://github.com/Kicksecure/dist-base-files/blob/master/usr/share/distro-info/kicksecure.csv
3. https://github.com/Whonix/whonix-base-files/blob/master/etc/whonix_version
4. live-config-dist/etc/calamares/branding/Whonix-Host/branding.desc
Point Release[edit]
1. package timesanitycheck: ./usr/share/timesanitycheck/date-minimum-file-create
2. update VirtualBox download link if a newer is available
https://github.com/derivative-maker/derivative-maker/blob/master/windows/virtualbox/download.txt
3. update VirtualBox SHA256SUMS file if a newer is available
https://github.com/derivative-maker/derivative-maker/blob/master/windows/virtualbox/SHA256SUMS
Unsorted[edit]
Clean source code
- [1]
- [2]
- You can get a list of unwanted files with
git clean -dfxnand remove them withgit clean -dfx.
- Update Whonix debian package repository.
- add your own
default-keyto your own/home/user/.gnupg/gpg.conf.
- Check that all packages point to a signed git commit and signed git tag.
dm-packaging-helper-script pkg_verify_signed_commit_and_tag
- push the source code to github
git push origin master
- Check, that the current git commit is a signed. [3]
git log --show-signature HEAD^..HEAD
Or use the generic makefile as a shortcut.
make git-commit-verify
- Create an OpenPGP signed git tag. This will also be used as Whonix version number.
git tag -s version
- Make sure the current git head is a signed git commit and signed git tag.
To simplify this, you could use the generic makefile.
make git-verify
- Push the OpenPGP signed git tag to github.
git push origin version
Building[edit]
Notes[edit]
1. Remote Repository: By convention, enable Whonix stable repository by default. (--repo true) This is already the case below due to export dist_build_redistributable=true used below.
2. For other options and platforms also see build documentation.
Build[edit]
1.
export dist_build_redistributable=true
2. Build Whonix-Gateway™. For example Whonix-Gateway™ with Xfce for VirtualBox.
./derivative-maker --target virtualbox --flavor whonix-gateway-xfce
3. Build Whonix-Workstation™. For example Whonix-Workstation™ with Xfce for VirtualBox.
./derivative-maker --target virtualbox --flavor whonix-workstation-xfce
Post Building[edit]
Upload the images.
dm-upload-images
Testing[edit]
- /usr/share/whonix-ws-firewall/unit_tests/stream_isolation_test
- At least a few testers should test final releases before posting a news. Testers may be found by posting a news.
- Leak Tests!
- Test the images before final release! (Testers-only releases can be uploaded straight away.)
Update Permanent Links[edit]
Git Tag[edit]
Create -testers-only or -stable git tag.
Announcement Text Creation[edit]
Create Changelog and Announcement.
dm-packaging-helper-script pkg_git_packages_git_log_writer
Wiki Page Updates[edit]
Only required if you want to redistribute (official) Whonix builds.
- Check, if Tor Browser/Manual Download is still up to date.
- Update Download Table.
- See if the download table works in Tor Browser using New Identity.
- Update Known Issues.
- See if Documentation still makes sense.
- Search the wiki for Special:WhatLinksHere/Template:Stable and Special:WhatLinksHere/Template:Testing and act accordingly.
- Update links on the Dev/Build Documentation page.
- Update Features.
- Update Template:VersionNew.
- Update Template:VersionShort.
- Incorporate new documentation which has been prepared on the page: Next.
- Template:Stable_project_version_based_on_Debian_codename
- Template:Stable_project_version_based_on_Debian_version_short
- Template:Debian_Codename_Testing
- Changelog
- Instructions containing backports.
Misc[edit]
Only required if you want to redistribute (official) Whonix builds.
- See https://github.com/Whonix?utf8=%E2%9C%93&q=deprecated&type=&language= for deprecated repositories to be deleted.
- https://www.qubes-os.org/doc/supported-releases/#templates
- ask for an announcement on https://www.qubes-os.org/news/
Announcement[edit]
Only required if you want to redistribute (official) Whonix builds.
Contents
- introduction (what is Whonix) (The release announcement may be the first thing that new people who learn about Whonix see.)
- similar to https://forums.whonix.org/t/whonix-14-has-been-released
- deprecation notice of old Whonix version with date of deprecation
Where
- Finally announce: Post a news. (Not nagging external lists. Common sense. Mostly only final releases.)
- In Whonix Important and Feature Blog.
- https://lists.debian.org/debian-derivatives/
- debian-derivatives@lists.debian.org
- https://lists.torproject.org/pipermail/tor-talk/
- tor-talk@lists.torproject.org
- https://nmap.org/mailman/listinfo/fulldisclosure
- fulldisclosure@seclists.org
- Also this will do the job as well:
Cleanup[edit]
- any deprecated repositories (none at time of writing)
See Also[edit]
Footnotes[edit]
- ↑
get rid of .directory files inside the source code:
thunar→preferences→general→behavior→use common view properties for all folders - ↑
Get rid of
~backupfiles. In other words, get rid of files starting with~. find ./ -name '*~' | xargs trash-put - ↑
You might wish using a
gitorbashalias to safe typing.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!