Dev/Redistribution
Design and Developer Documentation about Redistribution of Whonix.
Introduction[edit]
Developers only!
These are notes for producing official downloadable binary Whonix images.
Pre Building[edit]
Major Upgrade[edit]
- check if https://github.com/Whonix/whonix-base-files/blob/master/etc/whonix_version
needs update
- live-config-dist/etc/calamares/branding/Whonix-Host/branding.desc
Point Release[edit]
1. package timesanitycheck
: ./usr/share/timesanitycheck/date-minimum-file-create
Unsorted[edit]
Clean source code
- [1]
- [2]
- You can get a list of unwanted files with
git clean -dfxn
and remove them withgit clean -dfx
.
- Update Whonix debian package repository.
- add your own
default-key
to your own/home/user/.gnupg/gpg.conf
.
- Check that all packages point to a signed git commit and signed git tag.
dm-packaging-helper-script pkg_verify_signed_commit_and_tag
- push the source code to github
git push origin master
- Check, that the current git commit is a signed. [3]
git log --show-signature HEAD^..HEAD
Or use the generic makefile as a shortcut.
make git-commit-verify
- Create an OpenPGP signed git tag. This will also be used as Whonix version number.
git tag -s version
- Make sure the current git head is a signed git commit and signed git tag.
To simplify this, you could use the generic makefile.
make git-verify
- Push the OpenPGP signed git tag to github.
git push origin version
Building[edit]
Notes[edit]
1. Remote Repository: By convention, enable Whonix stable repository by default. To do so, use --repo true
. Already included in build command below.
2. For other options and platforms also see build documentation.
Build[edit]
1. Build Whonix-Gateway. For example Whonix-Gateway with Xfce for VirtualBox.
./derivative-maker --build --target virtualbox --flavor whonix-gateway-xfce --repo true
2. Build Whonix-Workstation. For example Whonix-Workstation with Xfce for VirtualBox.
./derivative-maker --build --target virtualbox --flavor whonix-workstation-xfce --repo true
Post Building[edit]
Image Signing
- A) own custom builds: Optionally sign the images.
- B) official Whonix builds: Mandatory sign the images.
- OpenPGP sign the images.
dm-packaging-helper-script --flavor whonix-workstation --target virtualbox --build
Only required if you want to redistribute (official) Whonix builds.
- Upload the images.
dm-upload-images
Testing[edit]
- /usr/share/whonix-ws-firewall/unit_tests/stream_isolation_test
- At least a few testers should test final releases before posting a news. Testers may be found by posting a news.
- Leak Tests!
- Test the images before final release! (Testers-only releases can be uploaded straight away.)
Update Permanent Links[edit]
Git Tag[edit]
Create -testers-only
or -stable
git tag.
Announcement Text Creation[edit]
Create Changelog and Announcement.
dm-packaging-helper-script pkg_git_packages_git_log_writer
Wiki Page Updates[edit]
Only required if you want to redistribute (official) Whonix builds.
- Check, if Tor Browser/Manual Download is still up to date.
- Update Download Table.
- See if the download table works in Tor Browser using New Identity.
- Update Known Issues.
- See if Documentation still makes sense.
- Search the wiki for Special:WhatLinksHere/Template:Stable and Special:WhatLinksHere/Template:Testing and act accordingly.
- Update links on the Dev/Build Documentation page.
- Update Features.
- Update Template:VersionNew.
- Update Template:VersionShort.
- Incorporate new documentation which has been prepared on the page: Next.
- Template:Stable_project_version_based_on_Debian_codename
- Template:Stable_project_version_based_on_Debian_version_short
- Template:Debian_Codename_Testing
- Changelog
- Instructions containing backports.
Misc[edit]
Only required if you want to redistribute (official) Whonix builds.
- See https://github.com/Whonix?utf8=%E2%9C%93&q=deprecated&type=&language=
for deprecated repositories to be deleted.
- https://www.qubes-os.org/doc/supported-releases/#templates
- ask for an announcement on https://www.qubes-os.org/news/
Announcement[edit]
Only required if you want to redistribute (official) Whonix builds.
Contents
- introduction (what is Whonix) (The release announcement may be the first thing that new people who learn about Whonix see.)
- similar to https://forums.whonix.org/t/whonix-14-has-been-released
- deprecation notice of old Whonix version with date of deprecation
Where
- Finally announce: Post a news. (Not nagging external lists. Common sense. Mostly only final releases.)
- In Whonix Important and Feature Blog.
- https://lists.debian.org/debian-derivatives/
- debian-derivatives@lists.debian.org
- https://lists.torproject.org/pipermail/tor-talk/
- tor-talk@lists.torproject.org
- https://nmap.org/mailman/listinfo/fulldisclosure
- fulldisclosure@seclists.org
- Also this will do the job as well:
Cleanup[edit]
- any deprecated repositories (none at time of writing)
See Also[edit]
Footnotes[edit]
- ↑
get rid of .directory files inside the source code:
thunar
→preferences
→general
→behavior
→use common view properties for all folders
- ↑
Get rid of
~backup
files. In other words, get rid of files starting with~
. find ./ -name '*~' | xargs trash-put - ↑
You might wish using a
git
orbash
alias to safe typing.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!