Difference between revisions of "Whonix"
JeremyRand (talk | contribs) (Upgrade to Whonix 16) |
JeremyRand (talk | contribs) (→Known Issues: Link to Kicksecure.) |
||
Line 105: | Line 105: | ||
== Known Issues == | == Known Issues == | ||
− | + | See [[Kicksecure#Known_Issues|Kicksecure known issues]]. | |
+ | |||
+ | No Whonix-specific known issues. |
Revision as of 06:52, 25 September 2021
Whonix (clearnet link) can be installed on POWER using KVM. These instructions were tested with Whonix 16.
Contents
Both Whonix-Gateway and Whonix-Workstation
Download Whonix from the Whonix KVM download page (clearnet link).
Extract it:
tar -xvf Whonix*.libvirt.xz
Install the Whonix virtual networks:
sudo virsh -c qemu:///system net-define Whonix_external*.xml sudo virsh -c qemu:///system net-define Whonix_internal*.xml sudo virsh -c qemu:///system net-autostart Whonix-External sudo virsh -c qemu:///system net-start Whonix-External sudo virsh -c qemu:///system net-autostart Whonix-Internal sudo virsh -c qemu:///system net-start Whonix-Internal
Then, create two Debian Bullseye ppc64el VM's. When installing Debian, do not create a separate root password, name the user user
, and for desktop environment either pick XFCE or do not install one. Launch a shell in each VM, and follow the below instructions for each VM.
Import the Whonix/Kicksecure signing key (source) (clearnet):
sudo apt-get update sudo apt-get dist-upgrade sudo apt-get install --no-install-recommends curl gpg gpg-agent curl --tlsv1.3 --proto =https --max-time 180 --output ~/patrick.asc https://www.whonix.org/patrick.asc sudo cp ~/patrick.asc /etc/apt/trusted.gpg.d/derivative.asc
Initialize the console
group (source) (clearnet):
sudo addgroup --system console sudo adduser user console
Add the Whonix/Kicksecure package repository (source) (clearnet):
sudo apt-get install apt-transport-tor echo "deb tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion bullseye main" | sudo tee /etc/apt/sources.list.d/derivative.list sudo apt-get update
Note: As of 2021 September 10, there are bugs in the security-misc
package in the Whonix bullseye
suite, which break ppc64el support. These bugs were fixed by security-misc
version 3:22.7-1
. Until the fixes make their way to the bullseye
suite, you can get the fixes early by substituting bullseye-developers
for bullseye
in the derivative.list
line above.
Upgrade Linux to 5.14 or higher; a bug was fixed between Linux 5.10 and Linux 5.14 that broke ppc64le support in Whonix. As of 2021 September 10, this means using the Debian Experimental suite (source) (clearnet):
echo "deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian experimental main" | sudo tee /etc/apt/sources.list.d/experimental.list sudo apt-get update sudo apt-get -t experimental install linux-image-powerpc64le
Whonix-Gateway
Run one of the following, depending on whether you want the Whonix-Gateway to use XFCE or CLI-only:
sudo apt-get install --no-install-recommends non-qubes-whonix-gateway-xfce
sudo apt-get install --no-install-recommends non-qubes-whonix-gateway-cli
If you get a package conflict error that mentions console-common
, run the following and then try again:
sudo apt-get install --no-install-recommends console-common
If you get prompted with questions during package installation, you can choose the defaults.
The Whonix packages will install their own sources.list
data in /etc/apt/sources.list.d/debian.list
, which means you should delete the sources.list
that Debian came with (in order to avoid warnings from apt-get
about duplicated repos):
sudo rm /etc/apt/sources.list
Shut off the VM.
Set the VM's NIC to use the Whonix-External
Network source.
Add a 2nd NIC to the VM, and set it to use the Whonix-Internal
Network source.
Launch the VM again; Whonix-Gateway should be running.
If you get errors about the Tor service failing to start, this is probably an AppArmor issue. You can fix it by running the following:
sudo touch /etc/apparmor.d/local/system_tor.anondist
Restart the VM again and Tor should work.
Whonix-Workstation
Run one of the following, depending on whether you want the Whonix-Workstation to use XFCE or CLI-only:
sudo apt-get install --no-install-recommends non-qubes-whonix-workstation-xfce
sudo apt-get install --no-install-recommends non-qubes-whonix-workstation-cli
If you get a package conflict error that mentions console-common
, run the following and then try again:
sudo apt-get install --no-install-recommends console-common
If you get prompted with questions during package installation, you can choose the defaults.
The Whonix packages will install their own sources.list
data in /etc/apt/sources.list.d/debian.list
, which means you should delete the sources.list
that Debian came with (in order to avoid warnings from apt-get
about duplicated repos):
sudo rm /etc/apt/sources.list
Shut off the VM.
Set the VM's NIC to use the Whonix-Internal
Network source.
Launch the VM again; Whonix-Workstation should be running.
Known Issues
No Whonix-specific known issues.