Page MenuHomePhabricator

Qubes-Whonix build process: install Whonix from Whonix binary APT repository
Closed, ResolvedPublic

Description

advantages:

  • simpler qubes-template-whonix code
  • faster builds, packages no longer need to be build during Qubes-Whonix template build
  • build dependencies will no longer be installed inside the template
    • therefore smaller template sizes
      • therefore less space issues on Qubes installer DVD
  • solves T416 for free
  • simpler than trying to have Qubes builder create Whonix packages (T438 ?)

disadvantages:

  • building Whonix templates with Whonix packages build from source code gets harder

related:

Details

Impact
Normal

Event Timeline

Patrick created this task.Apr 20 2016, 12:17 AM
Qubes-Whonix build process: install Whonix from Whonix binary APT repository

https://phabricator.whonix.org/T498

https://github.com/adrelanos/qubes-template-whonix/commit/b7b83fee56d72abb69617bd8bc8deda239f29ae7

(I will clean up all the comments and todo soon.)

Please have a glimpse if the current 04_install_qubes_post.sh goes into the direction you imagined. @marmarek

04_install_qubes_post.sh:
https://github.com/adrelanos/qubes-template-whonix/blob/b7b83fee56d72abb69617bd8bc8deda239f29ae7/whonix-gateway/04_install_qubes_post.sh

Looks really good! :)

Patrick changed the task status from Open to Review.Apr 21 2016, 6:37 AM

It's done.


As for building Qubes-Whonix templates with Whonix packages build from source...

  • It would help if Qubes builder worked on top of Debian. (#1907)
  • Then one could create a local repository of all Whonix packages (using Whonix build script).
  • By setting whonix_signing_key_fingerprint to none would results into not adding any signing key.
  • Alternatively, a signing key of ones choice could be added.
  • As for getting the local packages into the repository, that is not that simple.
    • Either one would have to upload them to some remote repository and set a custom whonix_repository_uri.
    • Or run a local web server and something like whonix_repository_apt_line="[trusted=yes] deb 127.0.0.1/... jessie main".
    • whonix_repository_apt_line="[trusted=yes] deb file:/... jessie main" and then somehow get the local repository mounted inside the chroot. Perhaps by hacking 04_install_qubes_post.sh.
Patrick closed this task as Resolved.Apr 26 2016, 5:05 PM
Patrick claimed this task.