Whonix

From RCS Wiki
Revision as of 01:49, 24 May 2021 by JeremyRand (talk | contribs) (systemcheck is fixed in buster-developers)
Jump to navigation Jump to search

Whonix (clearnet link) can be installed on the Talos using KVM. These instructions were tested with Whonix 15.

Both Whonix-Gateway and Whonix-Workstation

Download Whonix from the Whonix KVM download page (clearnet link).

Extract it:

tar -xvf Whonix*.libvirt.xz

Install the Whonix virtual networks:

virsh -c qemu:///system net-define Whonix_external*.xml
virsh -c qemu:///system net-define Whonix_internal*.xml
virsh -c qemu:///system net-autostart external
virsh -c qemu:///system net-start external
virsh -c qemu:///system net-autostart internal
virsh -c qemu:///system net-start internal

Then, create two Debian Buster ppc64el VM's. When installing Debian, do not create a separate root password, name the user user, and for desktop environment either pick XFCE or do not install one. Launch a shell in each VM, and follow the below instructions for each VM.

Import the Whonix signing key (source):

wget https://www.whonix.org/patrick.asc
sudo apt-key --keyring /etc/apt/trusted.gpg.d/derivative.gpg add ~/patrick.asc

Initialize the console group (source):

sudo addgroup --system console
sudo adduser user console

Whonix-Gateway

Install Tor:

echo "deb https://deb.debian.org/debian buster-backports main" | sudo tee /etc/apt/sources.list.d/backports.list
sudo apt-get update
sudo apt-get -t buster-backports install tor

Add the Whonix package repository (source):

echo "deb https://deb.whonix.org buster main" | sudo tee /etc/apt/sources.list.d/derivative.list
sudo apt-get update

Note: As of 2021 May 24, there are bugs in the sdwdate and systemcheck packages in the Whonix buster suite, which break ppc64el support. These bugs were fixed by sdwdate version 3:14.9-1 and systemcheck version 3:21.1-1. Until the fixes make their way to the buster suite, you can get the fixes early by substituting buster-developers for buster in the derivative.list line above.

Then, run one of the following, depending on whether you want the Whonix-Gateway to use XFCE or CLI-only:

sudo apt-get install non-qubes-whonix-gateway-xfce
sudo apt-get install non-qubes-whonix-gateway-cli

If you get prompted with questions during package installation, you can choose the defaults.

The Whonix packages will install their own sources.list data in /etc/apt/sources.list.d/debian.list, which means you should delete the sources.list that Debian came with (in order to avoid warnings from apt-get about duplicated repos):

sudo rm /etc/apt/sources.list

Shut off the VM.

Set the VM's NIC to use the external Network source.

Add a 2nd NIC to the VM, and set it to use the internal Network source.

Launch the VM again; Whonix-Gateway should be running.

If you get errors about the Tor service failing to start, this is probably an AppArmor issue. You can fix it by running sudo touch /etc/apparmor.d/local/system_tor.anondist. Restart the VM again and Tor should work.

Whonix-Workstation

Add the Whonix package repository (source):

echo "deb https://deb.whonix.org buster main" | sudo tee /etc/apt/sources.list.d/derivative.list
sudo apt-get update

Note: As of 2021 May 24, there are bugs in the sdwdate and systemcheck packages in the Whonix buster suite, which break ppc64el support. These bugs were fixed by sdwdate version 3:14.9-1 and systemcheck version 3:21.1-1. Until the fixes make their way to the buster suite, you can get the fixes early by substituting buster-developers for buster in the derivative.list line above.

Then, run one of the following, depending on whether you want the Whonix-Workstation to use XFCE or CLI-only:

sudo apt-get install non-qubes-whonix-workstation-xfce
sudo apt-get install non-qubes-whonix-workstation-cli

If you get prompted with questions during package installation, you can choose the defaults.

The Whonix packages will install their own sources.list data in /etc/apt/sources.list.d/debian.list, which means you should delete the sources.list that Debian came with (in order to avoid warnings from apt-get about duplicated repos):

sudo rm /etc/apt/sources.list

Shut off the VM.

Set the VM's NIC to use the internal Network source.

Launch the VM again; Whonix-Workstation should be running.

Known Issues

None.