[Whonix-devel] Testers wanted! Whonix 7.7.6.4 based on Debian stable!

Mon Feb 3 00:26:56 CET 2014

I'm looking at the KVM instructions now. I think there's one or two
unnecessary steps. First of all, Virtual Machine Manager / qemu-kvm
*can* work with VMDK files directly. And I don't think you don't need
to convert VMDK -> VDI -> QCOW2. qemu-img will convert from VMDK to
QCOW2 directly.

I'm running Virtual Machine Manager 0.10.0-5.git1ffcc0cc.fc20 on
Fedora 20 host. The GUI there supports snapshots; earlier ones may
not. In any event, I'll take a shot at testing all of this later this
week - Thursday, I'm guessing.

On Sun, Feb 2, 2014 at 7:06 AM, Patrick Schleizer <adrelanos at riseup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Download:
> #########
>
> VirtualBox:
> ===========
>
> Whonix-Gateway for VirtualBox:
> http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-7.7.6.4/Whonix-Gateway-7.7.6.4.ova/download
>
> Whonix-Gateway for VirtualBox signature:
> http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-7.7.6.4/Whonix-Gateway-7.7.6.4.ova.asc/download
>
> Whonix-Workstation for VirtualBox:
> http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-7.7.6.4/Whonix-Workstation-7.7.6.4.ova/download
>
> Whonix-Workstation signature:
> http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-7.7.6.4/Whonix-Workstation-7.7.6.4.ova.asc/download
>
> KVM / Qemu:
> ===========
>
> Entirely untested! This is only useful if you have a developers mindset!
>
> This is the first time .qcow2 images are available:
> http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-7.7.6.4/
>
> We have unfinished(!) instructions for KVM:
> https://www.whonix.org/wiki/KVM
>
> There are still a few blockers before using Whonix with KVM can be
> considered sane:
> https://www.whonix.org/wiki/Dev/KVM
>
> Please help out solving them. Whonix also needs a maintainer to
> support using Whonix with KVM.
>
> If you want to upgrade existing Whonix version:
> ###############################################
>
> Sorry, upgrading from existing Whonix version (0.5.6, 7, etc.) to
> 7.7.6.4 (and 8 when it's released) will not be possible.
>
> If you want to build images from source code:
> #############################################
>
> See https://www.whonix.org/wiki/Dev/BuildDocumentation_8 and use git
> tag 7.7.6.4.
>
> Physical Isolation users:
> #########################
>
> Use Debian stable instead of testing, use git tag 7.7.6.4 and see
> https://www.whonix.org/wiki/Physical_Isolation.
>
> Changelog between Whonix 7 and Whonix 7.7.6.4 (testers-only version):
> #####################################################################
>
> * Whonix is now based on Debian stable instead of Debian testing.
> * In new installations, automatic updates of Whonix's debian packages
> are disabled by default. During first start, users can decide if they
> want to enable Whonix's APT repository or want to leave it disabled.
> * Fixed Whonix's Tor Browser download and start script for TBB 3.5.
> * Fixed physical isolation build script.
> * Verifiable Builds. Whonix now has a feature which allows the community
> to check that Whonix .ova releases are verifiably created from project's
> own source code. Also made ade Whonix's APT repository verifiable (even
> deterministic!). Please see
> https://www.whonix.org/wiki/Verifiable_Builds for details.
> * Made Whonix build script configurable (can now build terminal-only
> Whonix-Gateway's and/or Whonix-Workstations; 64 bit builds and more)
> * Improved Whonix News's security. All Whonix News Files are now inside
> one tarball, which is signed. This stops leaking how many users are
> using a particular version.
> * whonixcheck's Whonix News download now checks if Whonix News are still
> valid (currently up to 4 weeks) and therefore detects indefinite freeze
> and replay attacks.
> * whonix_repository tool now has a graphical user interface; added more
> command line switches.
> * Set default locale to en_US.UTF-8.
> * Simplified custom user installation of TorChat, thanks to dummytor.
> (Protecting from Tor over Tor.)
> * Removed apper and synaptic from default installation, because they are
> too confusing / have too many bugs, do not always work in all cases for
> all users, #104, can still be manually installed if wanted, see also
> https://www.whonix.org/wiki/Dev/Automatic_Updates
> * whonixcheck: more configuration options, any function can now be
> disabled, this is useful for users who wish to disable control port
> filter proxy, they can disable the check_tor_bootstrap function
> * whonixcheck: added protection against possibly malicious strings from
> check.torproject.org (in case of a bug, compromise of check.tpo server
> or CA compromise), IP strings are now max 50 characters long. User will
> be warned in case the limit is exceeded.
> * Whonix-Workstation: no longer installing Tor Browser by default, this
> simplified implementing verifiable builds (#113), installing iceweasel
> by default, which can be used to download Tor Browser, added local
> iceweasel browser homepage saying that iceweasel should not be used for
> anything other than downloading Tor Browser, unless one knows what one
> is doing.
> * Removed galternatives from whonix-workstation-default-applications
> because galternatives has been (temporarily) removed from Debian testing
> * Building Whonix from frozen repository, from snapshot.debian.org to
> make the build script more resistant from upstream changes and also to
> make Whonix verifiable.
> * The Whonix Team can now use separate keys for Whonix's APT Repository
> and Whonix News.
> * Added technical documentation about keys in Whonix
> whonix_shared/usr/share/whonix/keys/readme.
> * new man page: man/whonix_shared/sdwdate.8.ronn
> * Deactivated Maximizing Windows by dragging them to the top of the
> screen to prevent users from accidentally maximizing their browser
> window when they are using resolutions higher than 1024x768. See
> https://www.whonix.org/wiki/Higher_Screen_Resolution ;
> https://github.com/Whonix/Whonix/issues/110 and
> https://trac.torproject.org/projects/tor/ticket/7255 for more
> information. #108
> * added udisks to whonix-shared-packages-recommended for mounting
> removable drives
> * KDE settings changes, set to oxygen as suggested by scarp in
> "[Whonix-devel] Plastique kwin style & Widget Style"
> * whonixcheck: increased timeout for the tor bootstrap.py utility from 5
> to 10 seconds to make it compatible with slow systems as per bug report
> https://www.whonix.org/wiki/Special:AWCforum/st/id248/whonixcheck%3A_tor_bootstrap_statu....html
> * whonixcheck: Whonix News File is now deterministic
> * whonixcheck: Whonix News added timeout for gpg and tar
> * added secure-delete, because it contains sfill, which can be used to
> zero out free space, which is required for disk shrinking
> * Deactivated running update-command-not-found during build, since not
> deterministic (verifiable). Manually running is of course still possible.
> * whonix_shared/etc/apt/sources.list.d/torproject.list: removed the "deb
> http://deb.torproject.org/torproject.org tor-0.2.4.x-jessie main"
> repository, since that repository has been removed by The Tor Project
> (Tor is now in their Debian testing repository, which is already added)
> * fixed a bug reported by scarp,
> whonix_shared/usr/share/whonix/postinst.d/70_disable_kdm_autostart: was
> not disabling other display managers other than kdm. Now using the more
> generic
> /usr/lib/whonix/display-manager-dpkg-post-invoke.
> * msgcollector: fix race condition not always closing progress bar when
> it reached 100%
> * Whonix-Gateway: Workaround for
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732578
> https://www.whonix.org/wiki/Download#Connection_Issues_-
> _Tor_stops_working_after_an_Upgrade_and_needs_a_Workaround
> https://www.whonix.org/wiki/Special:AWCforum/st/id287/
> new_tor_and_debian_updates_today....html
> Set in /etc/default/tor:
> USE_AA_EXEC="no"
> Can be commented out when that bug gets fixed.
> * optionally (opt-in) building qcow2 images, first rudimentary
> implementation, build target (VirtualBox or qcow2 or both) should
> probably be configurable in whonix_build script (#122)
> * Whonix News Blog Download / Whonix News: Whonix News Blogs (Whonix
> Feature Blog and Whonix Important Blog) are now deployed over the same
> mechanism as Whonix News.
> * Whonix-Workstation: better implementation of dummytor using
> config-package-dev (might break compatibility with Whonix 7)
> * removed adrelanos' old key; removed
> whonix_shared/usr/share/whonix/postinst.d/70_legacy (breaks
> compatiblity with Whonix 7)
> * Re-implemented uwt and dummytor using config-package-dev instead of
> custom dpkg-diversions. Breaks compatibly with Whonix 7.
> * Removed rawdog and pandoc since no longer required.
> * moved misc scripts (Scripts for managing Whonix's offical repository
> and Whonix News; debug scripts; developer documentation and deprecated
> code) to https://github.com/Whonix/whonix-developer-meta-files
> * Improved messages.
> * Lots of smaller fixes.
> * Code refactoring.
> * For more details, see the git log.
>
> -----BEGIN PGP SIGNATURE-----
>
> iQJ8BAEBCgBmBQJS7l7xXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2RTk3OUIyOEE2RjM3QzQzQkUzMEFGQTFD
> QjhENTBCQjc3QkIzQzQ4AAoJEMuNULt3uzxINSMP/AiqxlsB4V1ndqxe2YnhTUg2
> PHL9xfCQ8sOnzb7DDYRFxfr2h3GlfwqmS2QfKW6Y3QEtGCu+bgZlsmtaESxWVX4H
> UBuIjG53sEJ1hptMq1OZvS4SyAbarFnU4jFqjxY9vPKBo3uOHlNjZPzrIkA8uZTc
> kaE5v173VQ+BJxoRxeZQ3F2ockIol33EYz0YorXqYTb1tG5gp6j0aMXVknz4VdTJ
> OXJWbw/YOok2OFD43hTwvbjDxHt5IUn3UVzKfWPM0XsuXRgoDMmCI6EFFtWs2rff
> 6HUfW2toZpv1j5d5Y5crFHWkTu21xChdf7NWQiaWZcM2hgDJYkY9Cy4GTyiTvTRZ
> /c5u4n1FkqwZencmR+4RgFLCBRwlJbmtbdkICgP9ly7VSf1jt5gY1ktkIHB+uG+0
> n9HEqrj/rfDxDiQLSp17ux77kIiU3kpIUHrJZdfciLL+5cMRbjfKX6V40SXqwgko
> eIDmDXnMoQPs7VI2aqvbTs7uL4NpVp3XOIluJmq6rj1EkY995+0l+YssiA3nKPid
> lkEBXi0jHa4dc1qaYIrhsD7hvmgspApUctvWv/qCrKzKKtd/b5nrJG+TjQ0rpXWB
> mF+qHIfMSoiww6kpcj0nLI71OuHyojVUqEGEbHudki94te0Ag6y4Fi4B4/1+r1wq
> h4NzFrhrPFo3IMIEEmYE
> =8gwj
> -----END PGP SIGNATURE-----
> _______________________________________________
> You are receiving this e-mail because you subscribed Whonix-devel mailing list. To unsubscribe visit https://whonix.org/cgi-bin/mailman/listinfo/whonix-devel or mail "unsubscribe" to Whonix-devel-unsubscribe at whonix.org.
>
> Sie erhalten diese E-Mail, weil Sie die Whonix-devel Mailingliste aboniert haben. Zum abbestellen besuchen Sie https://whonix.org/cgi-bin/mailman/listinfo/whonix-devel oder mailen Sie "unsubscribe" an Whonix-devel-unsubscribe at whonix.org.

-- 
Twitter: http://twitter.com/znmeb; Computational Journalism on a Stick
http://j.mp/CompJournoStickOverview

My poltergeist can beat up your zeitgeist.