[Whonix-devel] Testers wanted! Whonix 9 early first test version
Whonix | Privacy and Anonymity OS
newblogpost at whonix.org
Mon Jul 14 16:04:56 CEST 2014
The version number for this testers-only release is 8.6.2.8, which will become Whonix 9 the moment it's blessed stable.
Download link for Virtual Box images (.ova), experimental kvm/qemu images and OpenPGP signatures (.asc):
http://sourceforge.net/projects/whonixdevelopermetafiles/files/8.6.2.8/
Thanks to everyone who made this test release possible! Next step is working on that.
Upgrading from Whonix 8, 8.1, 8.2, 8.3 to 8.6.2.8 is not yet possible!
Testers wanted!
If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation
Build instructions for Physical Isolation are not yet tested. Help needed!
https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation
Changelog between Whonix 8.2 and Whonix 8.6.2.8
- Modding Whonix, extending Whonix, such as installing a different desktop environment is now much simpler, because Whonix has been split into smaller packages https://github.com/Whonix/Whonix/issues/40. Therefore also understanding Whonix internals got simpler.
- added experimental libvirt (kvm, qemu) support
- Breaking change: Changed Whonix-Gateway internal IP address to 10.152.152.10 and netmask to 255.255.192.0 to avoid conflicts, such as with real networks when using physical isolation and to aid KVM users.
- Breaking change: Changed Whonix-Workstation internal IP address to 10.152.152.11, netmask to 255.255.192.0 and gateway to 10.152.152.10 to avoid conflicts, such as with real networks when using physical isolation and to aid KVM users.
- use logrotate for bootclockrandomization, sdwdate, control-port-filter, timesanitycheck
- sdwdate now uses the median instead of average
- fixed timezone question during upgrade for Whonix build version 9 and above
- added apt-transport-https to anon-shared-packages-dependencies
- encrypt swapfile on boot with random password, create swap file on boot using init script instead of postinst script
- added openvpn to anon-shared-packages-recommended
- sdwdate implemented options --no-move-forward and --no-move-backwards (disabled by default)
- sdwdate implemented option to update hardware clock --systohc (disabled by default)
- Whonix-Gateway firewall: reject invalid outgoing packages
- added spice-vdagent to anon-shared-packages-recommended for better kvm support
- providing xz archives with sparse .qcow2 images
- build script: improved error handling, when error is detected, wait until builder presses enter before cleanup and exit to make it simpler to read error messages when building in cli
- ram adjusted desktop starter: fixed lightdm (/usr/sbin/...) auto detection
- Physical Isolation: automated 'Install Basic Packages' ('sudo apt-get install $(grep -vE "^\s*#" grml_packages | tr "\n" " ")') build step
- verifiable builds: now using fixed disk identifiers to make verification easier
- build script: added support for --vram, --vmram, --vmsize switches
- whonixcheck: increased Tor socks port reachability test timeout from 5 to 10 as per https://www.whonix.org/forum/index.php/topic,129.0.html
- Changed keyserver (suggested by tempest @ https://www.whonix.org/forum/index.php/topic,140.0.html) from hkp://2eghzlv2wwcq7u7y.onion to hkp://qdigse2yzvuglcix.onion as used by torbirdy and https://raw.github.com/ioerror/torbirdy/master/gpg.conf.
- Whonix-Gateway: Re-enabled AppArmor for System Tor. Removed workaround for http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732578 (USE_AA_EXEC="no") by removing Whonix's displaced (config-package-dev) /etc/default/tor since that bug has been fixed upstream.
- build script: whonix_build now acts differently for --clean option depending on --virtualbox, --qcow2 and --bare-metal
- removed Whonix's grml-debootstrap fork, because Whonix's patches were merged upstream
- bootclockrandomization: randomizing milliseconds
- update-torbrowser: break when endless data attack is detected (max file size 100 mb for torbrowser, 1 mb for other files)
- Whonix-Workstation: added password manager fpm2 as per https://www.whonix.org/forum/index.php/topic,187.15.html
- removed --onion feature from update-torbrowser and its man page because torproject took its .onion domain permanently offline (https://trac.torproject.org/projects/tor/ticket/11567) thanks got z (https://www.whonix.org/forum/index.php?action=profile;u=94) for the report (https://www.whonix.org/forum/index.php/topic,277.msg1827.html#msg1827)
- help_check_tor_bootstrap.py: - suggestions by Damian Johnson from -- https://lists.torproject.org/pipermail/tor-dev/2014-May/006799.html -- https://lists.torproject.org/pipermail/tor-dev/2014-May/006804.html - troubadour advised on implementation https://www.whonix.org/forum/index.php/topic,278.0 - controller.authenticate("password") isn't required, controller.authenticate() works - more robust method to parse Tor bootstrap percent
- removed obsolete whonix_gateway/usr/bin/armwrapper (user "user" is now member of group "debian-tor", so no longer required to start arm as user "debian-tor")
- removed backgroundd, was replaced by gateway first run notice https://www.whonix.org/forum/index.php?topic=207
- added machine readable copyright files
- build script: Renamed "img" to "raw", because "img" was a poor name for raw images.
- build script: made variables overrideable by build config
- build script: set DEBUILD_LINTIAN_OPTS to "--info --display-info --show-overrides --fail-on-warnings", to show more verbose lintian output and to break the build should lintian find an error such as a syntax error in a bash script
- build script: Workaround for a bug in kpartx, which fails to delete the loop device when using very long file names as per https://www.redhat.com/archives/dm-devel/2014-July/msg00053.html
- better output, better formatting, clickable links, thanks to https://github.com/troubadoour for working on msgcollector
- kde-kgpg-tweaks: added gnupg-agent to dependencies because we're using it in the config and because otherwise kgpg would complain about using use-agent while having no agent installed
- Refined whonixlock.png. Thanks to nanohard (https://www.whonix.org/forum/index.php?action=profile;u=248) for the edit!
- added apt-transport-https to anon-shared-packages-dependencies
- added openvpn to anon-shared-packages-recommended
- added network-manager-kde to anon-shared-desktop-kde
- changed displace extension from .apparmor to .anondist, thanks to http://mailman.mit.edu/pipermail/config-package-dev/2014-May/000018.html
- control-port-filter: Added "lie feature", i.e. when getting asked "GETINFO net/listeners/socks" answer '250-net/listeners/socks="127.0.0.1:9150"'; configurable by CONTROL_PORT_FILTER_LIMIT_GETINFO_NET_LISTENERS_SOCKS variable. Enabled by default.
- control-port-filter: Limit maximum accepted command string length to 128 (configurable) as done by Tails (https://mailman.boum.org/pipermail/tails-dev/2014-February/005041.html). Thanks to HulaHoop (https://www.whonix.org/forum/index.php?action=profile;u=87) for suggesting this (https://www.whonix.org/forum/index.php/topic,342.0.html).
- control-port-filter: added GETINFO status/circuit-established to whitelist
- whonixcheck / timesync / update-torbrowser: correct exit codes on signal sigterm and sigint
- sdwdate: no more clock jumps. Gradually adjust clock as NTP does. Sclockadj has been written by Jason Ayala (Jason at JasonAyala.com) (@JasonJAyalaP) - https://github.com/Whonix/Whonix/issues/169 - Sclockadj helps sdwdate gradually adjusting the clock instead of producing clock jumps, which can confuse Tor, i2p, servers, logs and more. - It can add/subtract any amount of nanoseconds. - It supports waiting an interval of min/max nanoseconds between iterations, which will be randomized if min/max differs. - It supports slewing the time for min/max nanoseconds, which will be randomized if min/max differs. - It supports to wait before its first iteration. - It can run either verbose or quite. - It supports either really changing the time or running in debug mode.
- sdwdate: use median instead of average as suggested in https://www.whonix.org/forum/index.php/topic,267.0.html
- whonixcheck: don't check just if Tor is fully bootstrapped, also check if Tor was actually able to create a circuit.
- added VPN_FIREWALL feature to Whonix-Gateway's firewall https://www.whonix.org/blog/testers-wanted-vpn-firewall - https://www.whonix.org/wiki/Next#Tunnel_Tor_through_VPN
- Whonix-Firewall: make variables overwrite able by /etc/whonix_firewall.d config folder
- Whonix-Firewall: renamed variable NON_TOR_WHONIXG to NON_TOR_GATEWAY
This post has been automatically cross-posted by whonix.org/blog To see the original (including links), go to https://www.whonix.org/blog/testers-wanted-9-first-test
More information about the Whonix-devel
mailing list