Page MenuHomePhabricator

Whonix Images Quick Rebuild
Open, NormalPublic

Description

Idea that needs to be thought through.

Sane to rebuild the same Whonix version git tag? Just re-build and re-upload?

Advantages:

  • an easy, doable way to create "fresher" official Whonix stable downloads

This would be updated in the rebuild images:

  • updated packages from packages.debian.org
    • this will be automatically the case (since we're not building from snapshot.debian.org)
  • updated Tor from deb.torproject.org
    • this will be automatically the case
  • updated Tor Browser
    • user/developer that rebuilds needs to set tbb_version which is already supported by package tb-updater
    • just need to make sure that environment variable is passed from the build script to the update-torbrowser script

This would not be updated in the rebuild images:

The following things would not be done:

  • call for testers
  • write release announcement
  • update version numbers

...which would safe a lot maintenance work.

Disadvantages:

  • There would be multiple official ova / iso versions of Whonix stored by different people. Same version number but different hashes and different software versions (packages.debian.org, deb.torproject.org, Tor Browser) but same Whonix software versions.
  • Somewhat nontransparent.

Non-Issues:

  • gpg signature verification. Since creation of gpg signatures (and sanity tests) are automated users can always verify gpg signatures.
  • upgrading from deb.whonix.org

Details

Impact
Normal

Event Timeline

Patrick triaged this task as Normal priority.Mar 21 2020, 12:00 PM
Patrick created this task.
Patrick renamed this task from Whonix Image Quick Refresh to Whonix Images Quick Refresh.Apr 13 2020, 9:18 PM
Patrick updated the task description. (Show Details)
Patrick renamed this task from Whonix Images Quick Refresh to Whonix Images Quick Rebuild.Apr 13 2020, 9:20 PM
Patrick updated the task description. (Show Details)