Actions

Dev/git

From Whonix

< Dev


Branches[edit]

Introduction[edit]

While the project is small adrelanos thinks it is best not to make a too difficult policy.

Compare[edit]

Upstream git issue. Currently not easy to compare tags in a superproject while showing what changed in the submodules.

git log -p --submodule=log 15.0.0.3.3-stable..15.0.0.3.7-developers-only

master[edit]

  • Adrelanos's progress of work.
  • Not calling it unstable, because the changes will most likely never make it unstable but it is just not tested if it still builds.
  • Branching model, project readme, information, gpg...

signed git tags[edit]

Releases will be tagged and gpg signed.

Link to Source Code[edit]

https://github.com/Whonix/Whonix [archive]


subscribe to code changes[edit]

git[edit]

Git clone github [archive].

A git specific work flow could be:

git fetch

every (few) day(s) and then git diff(tool), merge, etc.

rss feed notification[edit]

https://github.com/Whonix/Whonix/commits/master.atom [archive]

manually in your browser[edit]

Check every now and then https://github.com/Whonix/Whonix/commits/master [archive].

Github Commits Mailing List[edit]

Currently not in use. Please get in contact if that interests you.

Whonix ™-commits read only mailing list [archive]

(Stay hosted on sourceforge.net. Barely anyone is signed up and it is quite high traffic.)

Twitter[edit]

If you prefer Twitter, use the Secondary Twitter Account for Source Code Commit Notification [archive]. Using third party service to forward git commits to twitter. Might not be reliable.


grep Whonix ™ source code[edit]

Get the Source Code[edit]

Get the Signing Key[edit]

This step is recommended for better security, but is not strictly required. (See Trust.)

Get Whonix ™ Signing Key.

Get the Source Code[edit]

FREE

Ambox warning pn.svg.png By proceeding, you acknowledge that you have read, understood and agreed to our Terms of Service and License Agreement. Ambox warning pn.svg.png

Install git.

sudo apt-get update && sudo apt-get install git

Get source code including git submodules. [1] [2]

Note: Replace 15.0.1.7.2-stable with the actual tag you want to build.

git clone --depth=1 --branch 15.0.1.7.2-stable --jobs=4 --recurse-submodules --shallow-submodules https://gitlab.com/whonix/Whonix.git

OpenPGP Verify the Source Code[edit]

This chapter is recommended for better security, but is not strictly required.[3]

Git fetch. [4]

git fetch

Verify the chosen tag to build. Replace with tag you want to build.

Note: Replace 15.0.1.7.2-stable with the actual tag you want to build.

git verify-tag 15.0.1.7.2-stable

The output should look similar to this.

object 1844108109a5f2f8bddcf2257b9f3675be5cfb22

type commit tag 15.0.1.7.2 tagger Patrick Schleizer <adrelanos@whonix.org> 1392320095 +0000

. gpg: Signature made Thu 13 Feb 2014 07:34:55 PM UTC using RSA key ID 77BB3C48

gpg: Good signature from "Patrick Schleizer <adrelanos@whonix.org>" [ultimate]

warning Check the GPG signature timestamp makes sense. For example, if you previously saw a signature from 2020 and now see a signature from 2019, then this might be a targeted rollback (downgrade) or indefinite freeze attack. [5]

The warning.

gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.

Is explained on the Whonix Signing Key page and can be safely ignored.

By convention, git tags should point to signed git commits. [6] (forum discussion [archive]) It is advisable to verify the signature of the git commit as well (replace 15.0.1.7.2 with the actual git tag being verified).

git verify-commit 15.0.1.7.2-stable^{commit}

The output should look similar to this.

commit 5aa1c307c943be60e7d2bfa5727fa5ada3a79c4a

gpg: Signature made Sun 07 Dec 2014 01:22:22 AM UTC using RSA key ID 77BB3C48 gpg: Good signature from "Patrick Schleizer <adrelanos@whonix.org>" [ultimate] Author: Patrick Schleizer <adrelanos@whonix.org> Date: Sun Dec 7 01:22:22 2014 +0000

.

Choose Version[edit]

Retrieve a list of available git tags.

git --no-pager tag

Use git checkout to select the preferred version to build.

Note: Replace 15.0.1.7.2-stable with the actual tag you want to build.

git checkout --recurse-submodules 15.0.1.7.2-stable

Check Git[edit]

Check if you really got the version you want.

git describe

Should show:

15.0.1.7.2-stable

Check if source folder is pristine.

git status

Should show nothing.

HEAD detached at 15.0.1.7.2-stable
nothing to commit, working tree clean

If it shows something else, do not continue.

grep[edit]

Create folder ~/bin.

mkdir ~/bin

Create a file ~/bin/mygrep. Paste the following.

#!/bin/bash
set -x
exec \
grep \
--exclude=README.md \
--exclude=GPLv2 \
--exclude=GPLv3 \
--exclude=COPYING \
--exclude=changelog.upstream-old1 \
--exclude-dir=mnt \
--exclude-dir=qubes-src/linux-template-builder/mnt \
--exclude=changelog.upstream \
--exclude-dir=".git" \
--exclude-dir=chroot-debian \

--exclude-dir=chroot-stretch \
--exclude-dir=chroot-jessie "$@"

Save.

chmod +x ~/bin/mygrep

Make executable.

cd Whonix

Search for string. For example grub-pc.

mygrep -r grub-pc


Compiled Code[edit]

find . -name '*.c' -not -iwholename '*.git*'

./sdwdate/usr/lib/sdwdate/sclockadj.c
./bindp/usr/lib/bindp.c
./kloak/src/main.c
./kloak/src/keycodes.c
./kloak/src/eventcap.c

Put folder under Git Version Control[edit]

Update the package lists.

sudo apt-get update

Install git.

sudo apt-get install --no-install-recommends git

Unless you want to use git for pushing changes to remotes which you probably won't in a testing VM you can use the following git config without using any real names or pseudonyms. (These are the git suggested defaults. [7])

git config --global user.email "you@example.com"

git config --global user.name "Your Name"

Desalinize git in current folder or cd to any folder you want to put under git version control. Can even be done for /home/user folder which is very useful.

git init

Add all files to be added for next commit.

git add -A

Actually commit to git.

git commit -a -m .

Check git status of that folder.

git status

No changes registered yet to the folder since just now committed all to git.

On branch master
nothing to commit, working tree clean

Create a test file or do some activity such as starting a browser or e-mail client.

touch test-file

Check again git status of that folder.

git status

Now git will show what changed.

On branch master
Untracked files:
  (use "git add <file>..." to include in what will be committed)

	test-file

nothing added to commit but untracked files present (use "git add" to track)

Goodies[edit]

Optional. Just sharing. Like it or not.

screenshot [archive]

apt-get source[edit]

You need to enable deb-src in /etc/apt/sources.list.d/whonix.list!

sudo apt-get update
Hit:1 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch InRelease
Hit:2 http://deb.qubes-os.org/r4.0/vm stretch InRelease                                            
Ign:3 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease                                   
Hit:4 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease                                  
Hit:5 tor+http://vwakviie2ienjx6t.onion/debian stretch Release                                     
Ign:7 http://ftp.us.debian.org/debian stretch InRelease                                            
Hit:8 http://security.debian.org stretch/updates InRelease                                  
Hit:9 http://ftp.us.debian.org/debian stretch Release                                       
Hit:11 http://deb.whonix.org stretch InRelease                             
Reading package lists... Done 
E: Failed to fetch tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/dists/stretch/InRelease  Unable to find expected entry 'contrib/source/Sources' in Release file (Wrong sources.list entry or malformed file)
E: Failed to fetch http://deb.whonix.org/dists/stretch/InRelease  Unable to find expected entry 'non-free/source/Sources' in Release file (Wrong sources.list entry or malformed file)
E: Some index files failed to download. They have been ignored, or old ones used instead.

The following can be ignored:

  • "Unable to find expected entry 'contrib/source/Sources'" and
  • "Unable to find expected entry 'non-free/source/Sources'"

There is nothing in these repositories. Does not limit functionality in any way. Inconinent message but won't fix since only asked once in 5 years.

apt-get source fully functional.

apt-get source apparmor-profiles-hardened-debian
Reading package lists... Done
Picking 'anon-meta-packages' as source package instead of 'apparmor-profiles-hardened-debian'
NOTICE: 'anon-meta-packages' packaging is maintained in the 'Git' version control system at:
https://github.com/{{project_name_short}}/anon-meta-packages.git
Please use:
git clone https://github.com/{{project_name_short}}/anon-meta-packages.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 48.9 kB of source archives.
Get:1 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch/main anon-meta-packages 3:7.9-1 (dsc) [5,513 B]
Get:2 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch/main anon-meta-packages 3:7.9-1 (tar) [37.8 kB]
Get:3 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch/main anon-meta-packages 3:7.9-1 (diff) [5,588 B]
Fetched 48.9 kB in 2s (19.4 kB/s)             
dpkg-source: info: extracting anon-meta-packages in anon-meta-packages-7.9
dpkg-source: info: unpacking anon-meta-packages_7.9.orig.tar.xz
dpkg-source: info: unpacking anon-meta-packages_7.9-1.debian.tar.xz



text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg Hacker.news.jpg 200px-Mastodon Logotype (Simple).svg.png

AppArmor Join us in testing our new AppArmor profiles for improved security! ( forum discussion)

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

  1. Optional git parameters:
    • --depth=1: Used to speed up download.
    • --branch 15.0.1.5.1-stable Usability. Used to speed up download.
    • --jobs=4: Used to speed up download.
    • --recurse-submodules --shallow-submodules: Usability.
    Knowledgeable users of git are free to drop any of these optional parameters.
  2. Alternative command. In several steps. Useful in case of network issues.
    git clone --depth=1 --branch 15.0.1.7.2-stable https://gitlab.com/whonix/Whonix.git

    cd Whonix

    git submodule update --init --recursive --progress --jobs=4

  3. See Trust.
  4. Optional. [...]
  5. As defined by TUF: Attacks and Weaknesses:
  6. Beginning from git tag 9.6 and above.
  7. git commit -a -m .
    
    *** Please tell me who you are.
    
    Run
    
      git config --global user.email "you@example.com"
      git config --global user.name "Your Name"
    
    to set your account's default identity.
    Omit --global to set the identity only in this repository.
    
    fatal: empty ident name (for <(null)>) not allowed
    
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.