Build Documentation CurrentSources

From Whonix



Advanced users can install from Current Sources (custom) instead of from Frozen Sources (the Whonix default since version 7.4.0). Both options have security advantages and disadvantages.

If you are interested, click on Expand on the right.

Current Sources builds are rarely tested due to a lack of contributor manpower. It should work reasonably well in principle, so long as no packages are removed from Debian. The worst possible thing that can happen is that the build fails due to missing packages.

Frozen Sources:

  • The Whonix build script uses [archive] instead of the more popular
  • will never change i.e. their packages and versions will remain the same forever* [currentsources 1] [currentsources 2].
  • Using Frozen Sources has the advantage that all builders end up with a very similar image. [currentsources 3] Builders therefore have more confidence that they have an intact image.
  • Are a precondition for the Verifiable Builds security feature.
  • Logically, fresh image builds will contain outdated packages, but upgrades can be run after booting for the first time.
  • Package downloads are still verified, but the valid-until [archive] field is ignored. A man-in-the-middle attack capable adversary could potentially insert packages that are older than those configured in the Whonix version being built (any packages which were ever signed with the APT repository signing key of that codename). [currentsources 4] To avoid this, users may prefer to build from Current Sources.
  • At some point it may be dangerous to continue building that version, for example, if remotely exploitable vulnerabilities are found in the apt-get version (defined by Frozen Sources).
  • The images should be compared with others to ensure that no man-in-the-middle attack happened while building Whonix ™.

Current Debian APT repository:

  • Packages and versions may change over time. Packages may be removed or replaced with others. Versions get security or other other updates.
  • The build script may break, particularly the older the Whonix source code release version becomes. "Break" here refers to a build that won't even finish, not a created image containing bugs.
  • Each builder ends up with an individual image.
  • The valid-until field gets verified.

If building from Current Sources, please add the following build script command line argument.

--freshness current


  1. Besides a few rare exceptions [archive].
  2. For as long as the great service lasts.
  3. Timestamps, temporary files and other unknown factors differ; this is an open research question.
  4. Codename as in Testing, Wheezy, Jessie.