|
|
| Line 1: |
Line 1: |
| − | [http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ Whonix] ([https://www.whonix.org/ clearnet link]) can be installed on POWER using KVM. These instructions were tested with Whonix 17.
| + | #REDIRECT [[Kicksecure and Whonix]] |
| − | | |
| − | Download Whonix from the [http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/KVM#Download_Whonix_.E2.84.A2 Whonix KVM download page] ([https://www.whonix.org/wiki/KVM#Download_Whonix_.E2.84.A2 clearnet link]).
| |
| − | | |
| − | Extract it:
| |
| − | | |
| − | tar -xvf Whonix*.libvirt.xz
| |
| − | | |
| − | Install the Whonix virtual networks:
| |
| − | | |
| − | sudo virsh -c qemu:///system net-define Whonix_external*.xml
| |
| − | sudo virsh -c qemu:///system net-define Whonix_internal*.xml
| |
| − | sudo virsh -c qemu:///system net-autostart Whonix-External
| |
| − | sudo virsh -c qemu:///system net-start Whonix-External
| |
| − | sudo virsh -c qemu:///system net-autostart Whonix-Internal
| |
| − | sudo virsh -c qemu:///system net-start Whonix-Internal
| |
| − | | |
| − | Then, create two Debian Bookworm ppc64el VM's. Set the Video Model in each VM to Virtio ([https://github.com/Whonix/whonix-libvirt/blob/master/usr/share/whonix-libvirt/xml/Whonix-Gateway.xml source 1]) ([https://github.com/Whonix/whonix-libvirt/blob/master/usr/share/whonix-libvirt/xml/Whonix-Workstation.xml source 2]). When installing Debian, do not create a separate root password, name the user <code>user</code>, and for desktop environment either pick XFCE or do not install one. Launch a shell in each VM, and follow the below instructions for each VM.
| |
| − | | |
| − | Import the Whonix/Kicksecure signing key ([http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Kicksecure/Debian#Add_the_Whonix_.E2.84.A2_Signing_Key source]) ([https://www.whonix.org/wiki/Kicksecure/Debian#Add_the_Whonix_.E2.84.A2_Signing_Key clearnet]):
| |
| − | | |
| − | sudo apt-get update
| |
| − | sudo apt-get dist-upgrade
| |
| − | sudo apt-get install --no-install-recommends curl gpg gpg-agent
| |
| − | <nowiki>curl --tlsv1.3 --output ~/derivative.asc --url https://www.kicksecure.com/keys/derivative.asc</nowiki>
| |
| − | sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc
| |
| − | | |
| − | Initialize the <code>console</code> group ([http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Kicksecure/Debian#Prerequisites source]) ([https://www.whonix.org/wiki/Kicksecure/Debian#Prerequisites clearnet]):
| |
| − | | |
| − | sudo addgroup --system console
| |
| − | sudo adduser user console
| |
| − | | |
| − | Add the Kicksecure package repository ([http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Repository source]) ([https://www.kicksecure.com/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Repository clearnet]):
| |
| − | | |
| − | sudo apt-get install apt-transport-tor
| |
| − | <nowiki>echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main" | sudo tee /etc/apt/sources.list.d/derivative.list</nowiki>
| |
| − | sudo apt-get update
| |
| − | | |
| − | Add the Whonix package repository ([http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Kicksecure/Debian#Add_the_Whonix_.E2.84.A2_Repository source]) ([https://www.whonix.org/wiki/Kicksecure/Debian#Add_the_Whonix_.E2.84.A2_Repository clearnet]):
| |
| − | | |
| − | <nowiki>echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion bookworm main" | sudo tee /etc/apt/sources.list.d/whonix.list</nowiki>
| |
| − | sudo apt-get update
| |
| − | | |
| − | If you're using Trixie (Bookworm is unaffected), run the following to work around a bug in the <code>xserver-xorg-video-qxl</code> package that breaks Whonix ([https://tracker.debian.org/pkg/xserver-xorg-video-qxl source]):
| |
| − | | |
| − | echo "deb [check-valid-until=no] https://snapshot.debian.org/archive/debian/20230801/ trixie main" | sudo tee /etc/apt/sources.list.d/qxl.list
| |
| − | sudo apt-get update
| |
| − | | |
| − | Then, run one of the following, depending on whether you want Whonix to use XFCE or CLI-only, and whether you are installing Whonix-Gateway or Whonix-Workstation:
| |
| − | | |
| − | sudo apt-get install --no-install-recommends non-qubes-whonix-gateway-xfce
| |
| − | | |
| − | sudo apt-get install --no-install-recommends non-qubes-whonix-workstation-xfce
| |
| − | | |
| − | sudo apt-get install --no-install-recommends non-qubes-whonix-gateway-cli
| |
| − | | |
| − | sudo apt-get install --no-install-recommends non-qubes-whonix-workstation-cli
| |
| − | | |
| − | If you get a package conflict error that mentions <code>console-common</code>, run the following and then try again:
| |
| − | | |
| − | sudo apt-get install --no-install-recommends console-common
| |
| − | | |
| − | If you get prompted about choosing the default display manager during package installation, choose <code>gdm3</code> ([http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Stable_Release#Whonix_™_16.0.2.7 source]) ([https://www.whonix.org/wiki/Stable_Release#Whonix_™_16.0.2.7 clearnet]).
| |
| − | | |
| − | If you get prompted with other questions during package installation, you can choose the defaults.
| |
| − | | |
| − | The Whonix packages will install their own <code>sources.list</code> data in <code>/etc/apt/sources.list.d/debian.list</code>. If you're using Bookworm, that means you should clear the <code>sources.list</code> that Debian came with (in order to avoid warnings from <code>apt-get</code> about duplicated repos):
| |
| − | | |
| − | sudo rm /etc/apt/sources.list
| |
| − | sudo touch /etc/apt/sources.list
| |
| − | sudo rm /etc/apt/sources.list.d/backports.list
| |
| − | | |
| − | On Trixie or higher, the Whonix <code>sources.list</code> is nonfunctional, so you should clear it instead:
| |
| − | | |
| − | sudo rm /etc/apt/sources.list.d/debian.list
| |
| − | sudo touch /etc/apt/sources.list.d/debian.list
| |
| − | | |
| − | Run the following to work around a bug that breaks subsequent package updates ([http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/dist-base-files-postinst-aborted-on-ppc64el/13381/2 source]) ([https://forums.whonix.org/t/dist-base-files-postinst-aborted-on-ppc64el/13381/2 clearnet]):
| |
| − | | |
| − | sudo mkdir -p /etc/dist-base-files.d/
| |
| − | echo "set +e" | sudo tee /etc/dist-base-files.d/50_user.conf
| |
| − | | |
| − | Shut off the VM.
| |
| − | | |
| − | If you're installing Whonix-Gateway, set the VM's NIC to use the <code>Whonix-External</code> Network source. Then add a 2nd NIC to the VM, and set it to use the <code>Whonix-Internal</code> Network source.
| |
| − | | |
| − | If you're installing Whonix-Workstation, set the VM's NIC to use the <code>Whonix-Internal</code> Network source.
| |
| − | | |
| − | Launch the VM again; Whonix should be running.
| |
| − | | |
| − | If you get errors in Whonix-Gateway about the Tor service failing to start, this is probably an AppArmor issue. You can fix it by running the following:
| |
| − | | |
| − | sudo touch /etc/apparmor.d/local/system_tor.anondist
| |
| − | | |
| − | Restart Whonix-Gateway again and Tor should work.
| |
| − | | |
| − | == Known Issues ==
| |
| − | | |
| − | See [[Kicksecure#Known_Issues|Kicksecure known issues]].
| |
| − | | |
| − | No Whonix-specific known issues.
| |
