Jump to: navigation, search

Template:Build Configuration

Build Configuration (Optional)[edit]

Introduction (Optional)

Usually you do not have to change the build configuration. Whonix build from source code comes with safe defaults. Whonix's APT Repository will NOT be used.

The most interesting build configurations (Terminal-Only, NoDefaultApps etc.) are documented in the following chapters below.

If you are interested, click on Expand on the right.

If you used build configurations earlier, it might be better to delete your build configuration folder since a few example files names change changed in meanwhile.

sudo rm -r /etc/whonix_buildconfig.d

Alternatively, if you know what you are doing, you can of course also manually get into the /etc/whonix_buildconfig.d folder, examine and change its contents to your linking.

/etc/whonix_buildconfig.d is a modular flexible .d style configuration folder.

Less popular build configurations are documented in the buildconfig.d folder and on the Dev/Source_Code_Intro#Build_Configuration page in a less user friendly documented way.

It is recommended to copy and paste text when creating build configuration files to avoid typos. Also keep care, that your editor even when you are using copy and paste, won't capitalizes variable names which are supposed to be lower case.

Platforms Choice (Optional)

Advanced users can create 64bit instead of 32bit builds.

If you are interested, click on Expand on the right.

By default, Linux 32 bit is used. [1] 64bit builds are less tested due to lack of developer manpower. Should work well in principle. Whonix 14 will be 64 bit by default. Forum discussion: State of offical 64 bit builds

Note, you cannot build 64 bit if you are running a 32 bit kernel. [2] In that case, try installing the packages linux-image-amd64 and linux-headers-amd64. Then boot that amd64 kernel by choosing it in your boot menu. (This does not require re-installation of the whole system. Just make sure you boot with an amd64 kernel.)

Linux 64 bit. To build Whonix 64 bit, add the following build parameter. [3] [4]

--arch amd64

kFreeBSD. entirely untested and most likely needs work. See footnotes. [5]

Whonix for arm64 development discussion:

Whonix APT Repository (Optional)

Whonix's APT Repository is disabled by default since Whonix 7.3.3. You may enjoy this for Trust reasons. You can later update Whonix debian packages from source code if you want. If you are interested in enabling Whonix's APT repository right after building (you could do that also after booting your build for the first time if you wanted) for convenience while sacrificing the extra security of not updating from source code, click on Expand on the right side.

Do you want to opt-in for Whonix's APT Repository? You can do this using an environment variable or build configuration. Below is an example using an environment variable.

WHONIX_APT_REPOSITORY_OPTS='--enable --repository stable'
WHONIX_APT_REPOSITORY_OPTS='--enable --repository testers'
WHONIX_APT_REPOSITORY_OPTS='--enable --repository developers'
WHONIX_APT_REPOSITORY_OPTS='--enable --codename jessie'

Add an environment variable as one can usually do that on the Linux platform. For example, if you wanted to enable Whonix stable repository during build, you could set WHONIX_APT_REPOSITORY_OPTS by interjecting it between sudo and the ./whonix_build command. Below is an example. Do not use [...]. Replace it with your other build parameters (such as --build, <code>--target etc.) after ./whonix_build.

sudo WHONIX_APT_REPOSITORY_OPTS='--enable --repository stable' ./whonix_build [...]

APT Cache (Optional)

Using an apt cache will greatly improve build speed when building several times in a row (debugging, development).

If you are interested, click on Expand on the right.

In short: just get an apt cache running and set the REPO_PROXY environment variable.


sudo apt-get install apt-cacher-ng

Be sure to have a firewall, so not the whole internet can use your apt-cacher-ng service.

sudo REPO_PROXY= ./whonix_build ...

If you are building inside a non-Whonix VM, you could use an apt cache on the host. In that case adjust the IP accordingly. (And manually test it is reachable.) If you are building inside a (Whonix) VM, you can just install the apt cache inside the VM and the point to a localhost apt cache.

VM Settings (Optional)

Only relevant for VM builds.

Examples below. Values can be changed.

VirtualBox's --vmsize option (virtual RAM).

--vmram 128

VirtualBox's --vram option (virtual video RAM).

--vram 12

grml-debootstrap's --vmsize option.

--vmsize 200G

grml-debootstrap's --filesystem option.

--file-system ext4

grml-debootstrap's --hostname option. (The anon-base-files package will change that later again.)

--hostname host

grml-debootstrap's --password option.

--os-password changeme

grml-debootstrap's --debopt option.

--debopt "--verbose"

Skip Steps (Optional)

--sanity-tests false

Source Code Changes

Only in case you made changes to the Whonix source folder! In that case click on Expand on the right.
Not required if you only added using your own build configuration in /etc/whonix_buildconfig.d folder.

If you made changes to the Whonix source code, it is the easiest to use the following build parameter.

--allow-uncommitted true

Or if you are not building from a git tag, it is the easiest to use the following build parameter.

--allow-untagged true

Otherwise changes would have to be committed to git first and then a git tag would have to be created.

Random News:

Please help in testing new features and bug fixes in Whonix.

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, the content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.

  1. And linux-image-686-pae linux-headers-686-pae linux-image-486 linux-headers-486 kernel is installed. The 486 kernel only gets installed for compatibility reasons. If you have modern hardware, you can omit linux-image-486 linux-headers-486. Or if you have ancient hardware, you could omit linux-image-686-pae linux-headers-686-pae.
  2. https://github.com/grml/grml-debootstrap/pull/13
  3. Only installs linux-image-amd64 linux-headers-amd64 kernel.
  4. For --arch amd64, the following is implicitly added unless you manually set these.
    --kernel linux-image-amd64 --headers linux-headers-amd64
  5. Lacks --kernel and --headers. kFreeBSD 64 bit.
    --arch kfreebsd-i386

    kFreeBSD 32 bit.

    --arch kfreebsd-amd64