Whonix ™ Packages for Debian Hosts and Whonix ™ Host Enhancements
About this Packages for Debian Hosts Page This wiki page is maintained by a contributor. | |
---|---|
Support Status | testing |
Difficulty | medium |
Contributor | HulaHoop![]() |
Support | Support |
Introduction[edit]
Many of the packages developed under the Whonix ™ umbrella can be thought of as independent projects in their own right. They are directly relevant to Debian hosts because they can increase privacy and security.
This guide shows how to download these select packages from the Whonix ™ repository; they can be downloaded stand-alone or combined.
Community Support Only!: | |
---|---|
![]() |
|
How-to: Install Whonix ™ Packages[edit]
Complete the following steps to add the Whonix ™ Signing Key to the system's APT keyring.
Open a terminal.
Package curl
needs to be installed.
Install package(s) curl
.
A. Update the package lists and upgrade the system.
sudo apt update && sudo apt full-upgrade
B. Install the curl
package(s).
Using apt
command line parameter --no-install-recommends
is in most cases optional.
sudo apt install --no-install-recommends curl
C. Done.
The procedure of installing package(s) curl
is complete.
2. Download Whonix ™ Signing Key. [1]
If you are using Debian, run.
curl --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.whonix.org/keys/derivative.asc
If you are using a Qubes Debian Template, run.
curl --proxy http://127.0.0.1:8082/ --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.whonix.org/keys/derivative.asc
3. Users can check Whonix ™ Signing Key for better security.
4. Add the Whonix ™ signing key to APT's keyring folder. [2]
sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc
5. Done.
The procedure of adding Whonix ™ signing key is now complete.
Add Whonix ™ Repository.
Choose either: Option A, Option B OR Option C
Option A: Add Whonix ™ Onion Repository.
To add Whonix ™ Repository over Onion please install apt-transport-tor from the Debian repository.
sudo apt install apt-transport-tor
Add Whonix ™ APT repository for default Whonix ™ using Debian stable. At the time of writing this was bullseye
.
echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
Option B: Add Whonix ™ Clearnet Repository over Tor.
To add Whonix ™ Repository over torified clearnet install apt-transport-tor
from the Debian repository.
sudo apt install apt-transport-tor
Add Whonix ™ APT repository for default Whonix ™ using Debian stable. At the time of writing this was bullseye
.
echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+https://deb.whonix.org bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
Option C: Add Whonix Clearnet Repository over clearnet.
NOTE: When later using Whonix ™ repository tool, then this will be upgraded to "Clearnet Rep. via Tor", unless see footnote. [3]
To add Whonix ™ Repository over clearnet please add Whonix ™ APT repository for default Whonix ™ using Debian stable. At the time of writing this was bullseye
.
echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.whonix.org bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
Install a supported package.
Note: Replace package-name
with the actual name of a supported package.
Install package(s) package-name
.
A. Update the package lists and upgrade the system.
sudo apt update && sudo apt full-upgrade
B. Install the package-name
package(s).
Using apt
command line parameter --no-install-recommends
is in most cases optional.
sudo apt install --no-install-recommends package-name
C. Done.
The procedure of installing package(s) package-name
is complete.
Supported Packages[edit]
Packages Looking for a Contributor[edit]
corridor
: Tor traffic whitelisting gateway - Debian focused. This is a GitHubfork
of rustybird/corridor
[4]
Footnotes[edit]
- ↑
See Secure Downloads to understand why
curl
and the parameters--tlsv1.3 --proto =https
are used instead ofwget
. - ↑
Placing an additional signing key into folder
/usr/share/keyrings
by itself alone has no impact on security as this folder is not automatically used by Debian's APT by default. Only when an APT sources list configuration file points to folder/usr/share/keyrings
using thesigned-by
keyword the signing key will be actually used. Therefore deleting keys in/usr/share/keyrings
is optional if intending to disable an APT repository. See alsoAPT Signing Key Folders
.
- ↑
Unless using
repository-dist --transport plain-tls
. See alsoman repository-dist
. - ↑ https://phabricator.whonix.org/T524