Difference between revisions of "Whonix"

From RCS Wiki
Jump to navigation Jump to search
(Remove extraneous sudo)
(Remove extraneous sudo)
Line 76: Line 76:
 
Install the Whonix packages:
 
Install the Whonix packages:
  
  sudo apt-get update
+
  apt-get update
  sudo apt-get install non-qubes-whonix-workstation-kde
+
  apt-get install non-qubes-whonix-workstation-kde
  
 
Shut off the VM.
 
Shut off the VM.

Revision as of 22:49, 21 September 2018

Whonix (clearnet link) can be installed on the Talos using KVM.

Both Whonix-Gateway and Whonix-Workstation

Download Whonix-Gateway from the Whonix KVM download page (clearnet link).

Extract it:

tar -xvf Whonix-Gateway*.libvirt.xz

Install the Whonix virtual networks:

virsh -c qemu:///system net-define Whonix_external*.xml
virsh -c qemu:///system net-define Whonix_internal*.xml
virsh -c qemu:///system net-autostart external
virsh -c qemu:///system net-start external
virsh -c qemu:///system net-autostart internal
virsh -c qemu:///system net-start internal

Then, create two Debian Stretch ppc64el VM's, launch a root shell in each, and follow the below instructions for each VM.

Install dirmngr (this is required in order to import the Whonix signing key):

apt-get install dirmngr

Import the Whonix signing key (source):

apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

Add the Whonix package repository (source):

echo "deb http://deb.whonix.org stretch main" | tee /etc/apt/sources.list.d/whonix.list

Whonix-Gateway

Unfortunately, Whonix's tor package, which is a required dependency of Whonix-Gateway, is not available for ppc64el. Debian's stretch-backports repo does have a tor package that works, we just need to edit its metadata to make the package manager happy. First, we download the tor package and extract it:

echo "deb http://http.debian.net/debian stretch-backports main" | tee /etc/apt/sources.list.d/stretch-backports.list
apt-get update
apt-get download -t stretch-backports tor
mkdir tor_extracted
dpkg-deb -R ./tor_*.deb ./tor_extracted

Then, run the following command. It will fail with a dependency error, note the minimum tor version that it wants.

apt-get install non-qubes-whonix-gateway-kde whonix-gateway-shared-packages-shared-meta whonix-gateway-packages-recommended-cli tor-geoipdb

Then, edit the metadata file:

nano tor_extracted/DEBIAN/control

And replace the Version field with the minimum version you noted earlier. Then exit nano.

Rebuild the package and install it:

mkdir tor_rebuilt
dpkg-deb -b tor_extracted tor_rebuilt
apt-get install ./tor_rebuilt/tor*.deb

Now we can install the Whonix packages:

apt-get install non-qubes-whonix-gateway-kde

Shut off the VM.

Set the VM's NIC to use the external Network source.

Add a 2nd NIC to the VM, and set it to use the internal Network source.

Launch the VM again; Whonix-Gateway should be running.

Whonix-Workstation

This one's a lot easier, since Whonix's tor package version isn't a requirement.

Install the Whonix packages:

apt-get update
apt-get install non-qubes-whonix-workstation-kde

Shut off the VM.

Set the VM's NIC to use the internal Network source.

Launch the VM again; Whonix-Workstation should be running.