Due to phabricator being deprecated upstream, all tickets need to me migrated. Therefore closing here.

Major clean up done.

At the moment the electrum version from Debian stable (currently: jessie) is too old to even work. The one from jessie-backports should still work?

no need to replace ip's in /etc/network/interfaces.whonix - https://phabricator.whonix.org/T347:
https://github.com/Whonix/qubes-whonix/commit/b251a4af0a20738446e1cc16bc31d59f52ba7350

use /etc/network/interfaces.d instead of /etc/network/interfaces - https://phabricator.whonix.org/T347:

Currently Qubes configures interfaces manually from udev rule. Actually
I think it would be better to move it to some more standard place, for
example to not conflict with NetworkManager (which is currently handled
as a special case) or other network-related tools.
Or at least move it out of udev rule, which is called in quite
unpredictable time (->race conditions). I think it may somehow related
to:
https://github.com/QubesOS/qubes-issues/issues/1067

I am currently trying to get rid of this hack:
https://github.com/nrgaway/qubes-template-whonix/blob/be0c1f53cc10a3ccb8628d132da35006225bdff6/whonix-gateway/02_install_groups_pre.sh#L122-L130

In T375#6320, @mfc wrote:

Sorry the context is Whonix in Qubes, no?

Sorry the context is Whonix in Qubes, no? In which case it is a very
similar context to Tails.

Checking this again when the next test release has been created.

deactivated most code, testing to deprecate anon-shared-build-fix-grub package - https://phabricator.whonix.org/T340:
https://github.com/Whonix/anon-shared-build-fix-grub/commit/3ce9b90b02f25d4cf7ea0733eb9228dc668b144b

clean up /boot/grub/device.map because the anon-shared-build-fix-grub package can be deprecated - https://phabricator.whonix.org/T340:
https://github.com/Whonix/whonix-initializer/commit/c7c5cddc595d41079d54752a1c3f1949298d592b

Install Icedove (Thunderbird) + TorBirdy + Enigmail, added icedove, enigmail and xul-ext-torbirdy to anon-workstation-packages-recommended - https://phabricator.whonix.org/T113:
https://github.com/Whonix/anon-meta-packages/commit/33c41008270345b8f780e0a4afaf35afde8ec56d

What I don't like about WhisperBack alike approaches is, that it leads to more secrecy behind closed doors. Everyone thinks their report need secrecy, is special and should be sent by encrypted mail to Whonix developers where they get private, premium support for free. Encourages laziness of just pressing the button. Less searching for existing discussions. Less incentive to sign up for the forums and user to user exchange.

We are not going to be running our own anonymous bug reporting infrastructure like TAILS does with WhisperBack. That would be very demanding and need many things to make sure its done right.

Is this not desirable in the medium- or long-term though?

I took another look at reportbugs vs reportbugs-ng and I think the gui tool is actually more awkward to use than the text-based tool. I don't think it should be included anymore.

I researched ReportBug some more. It seems to be a form asking for specific things to be filled out about a bug and then its sent via sendmail to Debian servers. Nothing besides whats filled out is sent.

Big project.

Tails uses WhisperBack.

Big project.

You mean

open icedove
see some link
click the link
opens the link in Tor Browser

You mean

1. open icedove
2. see some link
3. click the link
4. opens the link in Tor Browser

?

If you decided to integrate Icedove in Whonix can you please set it to open links in messages from Tor Browser?

Fixed "vga=ext is deprecated. Use set gfxpayload=text before linux command instead". Upgraded for grub2 / Debian jessie.:
https://github.com/Whonix/grub-screen-resolution/commit/c3b653a27c95f2b513953c63b714962746ae09a3

In T113#5304, @HulaHoop wrote:

Also 'confirm before sending', 'Always' should stay recommended for serious usage.

I don't see this option in Enigmail the menus have changed since the instructions were made and so I thought this obsolete option became Convenient Encryption.

Also 'confirm before sending', 'Always' should stay recommended for serious usage.

I am not happy with documentation yet.

I'm happy with the documentation. You can close this if you want.

Something useful came up.

systemd unit: added 'Before=graphical.target' and 'Before=getty.target' - https://phabricator.whonix.org/T106:
https://github.com/Whonix/msgcollector/commit/ab24bd261d8ac2027f6a3ad85da4b4a3d416b044

Done, tested and functional in Whonix 11.0.0.2.0-developers-only.

Fixed in Whonix 11.0.0.2.0-developers-only.

It's a different category of tool. More like in the category as grml-debootstrap. A handy tool for sysadmins. Not so much for distributions. Not for install scripts after the system has already been installed.

FAI is a flexible framework for unattended Debian installs but can be used for much more including automatic package installs. Its a decade old and robust, used for massive Debian deployments. Each feature can be used alone.

Tested restart instead of start reload before your post, working. Could not check if that solves the issue at first boot in Whonix Gateway, (tor active, exited) but I guess it does, because a manual sudo service tor restart works.

systemd unit: added 'Before=tor.service' and 'After=swap-file-creator.service' for better look and feel. - https://phabricator.whonix.org/T106:
https://github.com/Whonix/whonix-initializer/commit/0c1490942edd4c58207980785bb658afa163cb15

more work on systemd support - https://phabricator.whonix.org/T106:

• https://github.com/Whonix/sdwdate/commit/0f6e50748eaeab34f9f00ce7dfbd80e980cb2a5b
• https://github.com/Whonix/timesync/commit/b506ea4186a50bb50ae9b198deefaf2c9a7ca5d8

install scripts:
Probably not. apt-get automation is very difficult due to issues introduced at a higher levels. More info:
https://www.whonix.org/wiki/Dev/Automatic_Updates

systemd unit: added 'StandardOutput=tty' for better look and feel. - https://phabricator.whonix.org/T106
https://github.com/Whonix/swap-file-creator/commit/f49f572e5a06ed33eeacc5647f0f85751cc611b9

Improved implementation. When there is enough RAM... On 'enter': instantly start login manager. On 'ctrl + c': instantly abort and do not start login manager. On 'timeout': start login manager. Thanks to 'dh_systemd_start --no-start' we can now use 'StandardInput=tty' and 'read' instead of 'systemd-ask-password'. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). - https://phabricator.whonix.org/T57:
https://github.com/Whonix/rads/commit/c8c94c3dfe625dee62bd0fcbe76c5480d4e94056

In T68#4883, @HulaHoop wrote:

Can firewalld help here? https://packages.debian.org/jessie/firewalld

fix 'Tor fails after reload related to torrc DisableNetwork setting issue' by only restarting Tor, no longer trying to reload Tor - https://phabricator.whonix.org/T320:
https://github.com/Whonix/whonix-setup-wizard/commit/d5aacf5c58d5aad1c158e589b43d0dd5ccc9cc3f

For example let's say electrum creates a folder under the user's home directory for its settings (like xchat). Can whonix ship with an artificially created folder containing the wrapper script or will it be overwritten when the user installs the program?

Can firewalld help here? https://packages.debian.org/jessie/firewalld

Done in whonixsetup,
fix 'Tor fails after reload related to torrc DisableNetwork setting issue' by only restarting Tor, no longer trying to reload Tor - https://phabricator.whonix.org/T320
https://github.com/Whonix/whonixsetup/commit/bc8cb713430a655eb3bb8dd3f8397babce1b6d3e

In T320#4855, @Patrick wrote:

Reported a bug upstream.
Tor dies on reload when swichting to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53':
https://trac.torproject.org/projects/tor/ticket/16161

Email is a basic activity that we should provide a secure answer for. However I can see how a growing image size isn't good for Whonix infrastructure.

Removed 'pre-up /usr/bin/whonix_firewall', because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. - https://phabricator.whonix.org/T68:

• https://github.com/Whonix/whonix-gw-network-conf/commit/4136361ac308e8664a61eaf9c2da2fbba9c2e74b
• https://github.com/Whonix/whonix-ws-network-conf/commit/3c6042abfa56996a4211913460b5f4438cdd2cdd

added apt-transport-tor to anon-shared-packages-recommended - https://phabricator.whonix.org/T92:
https://github.com/Whonix/anon-meta-packages/commit/f4153f36cfbe8fec8a13839e775ae93152de48f7

sudo apt-get install icedove xul-ext-torbirdy enigmail requires 92.4 MB of additional disk space. Still worth it?

section: Combining pluggable transports

Until upstream fixes that bug and until their fix landed in deb.torproject.org, which will take a while... Our options are:

Reported a bug upstream.
Tor dies on reload when swichting to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53':
https://trac.torproject.org/projects/tor/ticket/16161

Updated ticket description with instructions on how to reproduce this issue.

added obfs4proxy to anon-gateway-packages-recommended - https://phabricator.whonix.org/T323:
https://github.com/Whonix/anon-meta-packages/commit/62cf77e325ad05fb3b46d089d8a0f51dfec95e80

In T323#4832, @HulaHoop wrote:

Tor upstream plans it, its not something I'm suggesting we should do.

Ticket addition: include enigmail package from Debian repos with IceDove.

Tor upstream plans it, its not something I'm suggesting we should do. All I said was we should include bridge support in gw so we can take advantage of features like this when they become ready.

In T323#4819, @HulaHoop wrote:

Long term we should have the pluggable transports chaining framework in Whonix so transports can be combined in interesting ways.

Yes it should be installed especially if we want Whonix to be useful for people behind firewalls.

more work on systemd support - https://phabricator.whonix.org/T106:
https://github.com/Whonix/timesync/commit/0a76d86a8e37ae9691374da69bdef452b6def7cc

bug report,
deb-systemd-helper fails to enable systemd units when using 'WantedBy = ' with spaces:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786418

Judging by the system man pages that do not use spaces and info from a systemd contributor on systemd IRC, no spaces should be used.

I guess just not using spaces would be the way to go. I used to not use spaces, but then added them as it seems like that should be supported and works with systemd, just not the deb-systemd-helper

In T316#4773, @nrgaway wrote:

That's a nasty upstream bug for deb-systemd-helper. You would have thought that would have been fixed for Jessie stable release.

That's a nasty upstream bug for deb-systemd-helper. You would have thought that would have been fixed for Jessie stable release. Do you know if there is a reported issue on it upstream?

In T316#4749, @Patrick wrote:

pull request against @nrgaway/qubes-whonix,
systemd unit file remove spaces fix/workaround:
https://github.com/nrgaway/qubes-whonix/pull/3

This is fixed, but there is a similar outstanding issue. Created T320 for it.

This is fixed in 11.0.0.1.8-developers-only.

pull request against @nrgaway/qubes-whonix,
systemd unit file remove spaces fix/workaround:
https://github.com/nrgaway/qubes-whonix/pull/3

All these changes are available in 11.0.0.1.8-developers-only. Now testing a build.