Page MenuHomePhabricator
Create Task
Maniphest T498

Qubes-Whonix build process: install Whonix from Whonix binary APT repository
Closed, ResolvedPublic
Actions

Description

advantages:

  • simpler qubes-template-whonix code
  • faster builds, packages no longer need to be build during Qubes-Whonix template build
  • build dependencies will no longer be installed inside the template
    • therefore smaller template sizes
      • therefore less space issues on Qubes installer DVD
  • solves T416 for free
  • simpler than trying to have Qubes builder create Whonix packages (T438 ?)

disadvantages:

  • building Whonix templates with Whonix packages build from source code gets harder

related:

Details

Impact
Normal

Related Objects

Event Timeline

Patrick created this task.Apr 19 2016, 10:17 PM
Herald added a project: Whonix. · View Herald TranscriptApr 19 2016, 10:17 PM
Herald added a subscriber: WhonixQubes. · View Herald Transcript
Patrick mentioned this in T416: allow running Whonix build script as root, rework user_name.Apr 19 2016, 10:18 PM
Patrick added a comment.Apr 19 2016, 10:21 PM
Qubes-Whonix build process: install Whonix from Whonix binary APT repository

https://phabricator.whonix.org/T498

https://github.com/adrelanos/qubes-template-whonix/commit/b7b83fee56d72abb69617bd8bc8deda239f29ae7

(I will clean up all the comments and todo soon.)

Please have a glimpse if the current 04_install_qubes_post.sh goes into the direction you imagined. @marmarek

04_install_qubes_post.sh:
https://github.com/adrelanos/qubes-template-whonix/blob/b7b83fee56d72abb69617bd8bc8deda239f29ae7/whonix-gateway/04_install_qubes_post.sh

Patrick mentioned this in T461: Installation from Repository / proverbial "sudo apt-get install whonix".Apr 19 2016, 10:29 PM
marmarek added a comment.Apr 19 2016, 10:40 PM

Looks really good! :)

Patrick changed the task status from Open to Review.Apr 21 2016, 4:37 AM

It's done.

As for building Qubes-Whonix templates with Whonix packages build from source...

  • It would help if Qubes builder worked on top of Debian. (#1907)
  • Then one could create a local repository of all Whonix packages (using Whonix build script).
  • By setting whonix_signing_key_fingerprint to none would results into not adding any signing key.
  • Alternatively, a signing key of ones choice could be added.
  • As for getting the local packages into the repository, that is not that simple.
    • Either one would have to upload them to some remote repository and set a custom whonix_repository_uri.
    • Or run a local web server and something like whonix_repository_apt_line="[trusted=yes] deb 127.0.0.1/... jessie main".
    • whonix_repository_apt_line="[trusted=yes] deb file:/... jessie main" and then somehow get the local repository mounted inside the chroot. Perhaps by hacking 04_install_qubes_post.sh.
Patrick mentioned this in T438: have Qubes Builder build Whonix packages so build dependencies do not get installed inside the template.Apr 21 2016, 4:41 AM
Patrick closed this task as Resolved.Apr 26 2016, 3:05 PM
Patrick claimed this task.
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer