Btw this issue tracker is being phased out:
https://www.whonix.org/wiki/Reporting_Bugs#Issue_Tracker

https://gitlab.com/whonix/qubes-whonix/-/commit/53ff72ab6ce59cb2c98401fd701ae782ca100e37

I've found why sudo asked for password, it wasn't related to security-misc script mentioned earlier. And should be fixed in newer qubes-core-agent package.

In T1001#20201, @Patrick wrote:

/usr/lib/qubes-whonix/init/torified-updates-proxy-check is currently only started by /lib/systemd/system/qubes-whonix-torified-updates-proxy-check.service.

Wondering why this is happening. When root uses sudo, pam shouldn't even be involved.

/usr/lib/qubes-whonix/init/torified-updates-proxy-check is currently only started by /lib/systemd/system/qubes-whonix-torified-updates-proxy-check.service.

Looks all good and quite in Whonix 15.0.1.5.1.

553 Unable to store creds for

Did you set ClientOnionAuthDir in torrc (to a directory with "private
enough" permissions)?

Rusty

Tor Browser onion authentication prompt:
https://blog.torproject.org/sites/default/files/inline-images/onion-auth%402x.png

What Tor related apps are broken without support for this?

Maybe this is bound per connection similar to ephemeral Tor onion services? In that case, other VMs couldn't re-use it.

https://github.com/adrelanos/anon-gw-anonymizer-config/commit/97ff68a6c49ecef3e79ab10e1a930a4f5e13198d#commitcomment-39671373

onion_client_auth_add Flags=Permanent fails with 553 Unable to store creds for

In T996#20096, @rustybird wrote:

https://github.com/adrelanos/anon-gw-anonymizer-config/commit/97ff68a6c49ecef3e79ab10e1a930a4f5e13198d#commitcomment-39671373

Maybe this is bound per connection similar to ephemeral Tor onion services?

Update Tor to 0.4.3.5

The The news report [1] link is nowadays broken. It redirects to another page.

More points that should be removed:

Awesome!

Yes, worth it. I guess lots of people are going to try Whonix-Host inside a virtual machine before considering installation on real hardware. That's why I even would like to have ability to run Whonix-Host inside VirtualBox.

Please post new tickets in forums as per:
https://forums.whonix.org/t/abolishing-whonix-phabricator-issue-tracker-moving-issue-tracking-to-forums-migrating-phabricator-whonix-org-to-forums-whonix-org/7112

But forgot to add sudo install_package_list+=" debug-misc "...

Just built 15.0.1.3.6-developers-only

Great! Will try to build tomorrow and report back... asap :)

Please add your build commands to Whonix wiki Dev/Whonix-Host, then I can add suggestion there how to improve these.

Not sure what you mean here?

That's probably because of T950. You'd need to remove both:

quiet loglevel=0

I see. But I won't lose time trying to debug this particular build, I will just try a new one and see if the problem persists. Had some problems with lack of space on the VM I am building with, maybe related. Not worth debugging if it's a one time thing. We'll see.

In T914#20017, @onion_knight2 wrote:

Seems I have quite a flexible notion of "asap" :)...

• https://github.com/Whonix/security-misc/commit/3cd7b144bba1a92ca771b16fc5215073c7561a1a
• https://github.com/Whonix/debug-misc/commit/5a856595c1cf0a4a3b08e6ea75bd2fe2b3f2f398
• https://github.com/Whonix/debug-misc/commit/9e1ea579ca0a2d4399f2e1126b2ae2f583410947
• https://github.com/Whonix/debug-misc/commit/2cac2bed7169ae4d5477cbca1f2916bae110a450

Done, as well as further additions.

Seems I have quite a flexible notion of "asap" :)...

Added upload access also just now. Please try upload image.

Approved now.

Done. Waiting for approval. Still uncompleted, will add instruction step by step.
I also wanted to add some pictures but I think I don't have sufficient rights...

Yes, by all means. Please do.
Generally, most non-controversial (and this one certainly is) wiki edits can be done without prior asking.

Glad that you liked it!
If you don't mind, I can already start modifying the Wiki page:
http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Whonix-Host

Excellent!

Warning: Whonix-Host is experimental software and still in early development. It is currently still lacking some core features, such as persistent installation in EFI mode or a working firewall on the Host, and is not yet ready for production, nor intended for end-users, only developers. Please see https://forums.whonix.org/t/whonix-host-developers-only-preview-version-15-0-1-2-7-released/9360 for more information on its development state. Help welcome.

What is Whonix-Host?
Whonix-Host is a complete Operating System provided by Whonix developers specifically designed to run Whonix virtual machines ("Whonix-Gateway" and "Whonix-Workstation").

Works fine in 15.0.1.3.2-developers-only.

xfce4-power-manager is installed on Whonix-Host in 15.0.1.3.2-developers-only.

Fixed in 15.0.1.3.2-developers-only.

Setting quiet loglevel=0 in that exact order as per https://github.com/Whonix/security-misc/commit/6485df8126b52a2072824fa442e8d1dd5cb18981 does now hide [sda] Incomplete mode parameter data. However, messages by LKRG are not yet hidden.

Great news! I am rebuilding the whole package Host+gw+ws now, excited to test it out! Will report asap.

echo "options overlay metacopy=on" > /etc/modprobe.d/overlay.conf 
update-initramfs -u

That would be OK but this is not my preferred solution. Reason: an unclean shutdown in Whonix installed persistent mode would with a subsequent boot into live mode would result in a failed reboot into Whonix installed live mode.

Awesome analysis and description!

Likely fixed in next build already. Updated, relevant code is here:

Not 100% sure it would also be fixed inside VMs.

Excellent work. Thanks for researching this!

Some progress made as of Whonix-Host 15.0.1.2.7:

As of Whonix-Host 15.0.1.2.7 each environment (Host, gw, ws) has its own background color.
Should we close this ticket?

Do we need more tests or can we close this ticket?

Fixed.
https://forums.whonix.org/t/whonix-host-operating-system/3931/261

Also, just tried it on Whonix-Host 15.0.1.2.7. It works.

Even kernel parameter quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_priority=3
(from https://wiki.archlinux.org/index.php/Silent_boot)
does not hide [sda] Incomplete mode parameter data.

https://github.com/Whonix/security-misc/commit/72be31e870057b035651c1b5a7e9a9db149e9d25
https://github.com/Whonix/security-misc/commit/442931529121e9e402e7ac56e27df3dcec43167b
https://github.com/Whonix/security-misc/commit/b3ce18f0f9f1da0552a4a1bd882a5b5dda13626e
https://github.com/Whonix/security-misc/commit/8851c9ed29e79d2ef5df9c7b7086878e69b90bd4

https://github.com/Whonix/security-misc/commit/8d2e4b68dcae87b27f519196488e0ed7e8b95ef2

kernel.printk = 3 3 3 3

And of course these messages are attributed to whatever Whonix issue someone is having.

All tests done in KVM with 4 logical host CPUs, but I would expect to have similar (if not better) results on real hardware.

marmarek (Marek Marczykowski-Górecki):

Have you checked how it behaves with multiple Whonix Gateways?

In T947#19761, @Patrick wrote:

But we couldn't just set that IP inside sys-whonix without touching dom0?

qvm-prefs sys-whonix ip 10.152.152.10 works great so far. Will test more. And call for testers.

qvm-prefs -D sys-whonix ip

How can I undo qvm-prefs sys-whonix ip 10.152.152.10 back to default?

[1] There is currently no trigger (systemd unit file) to execute /usr/lib/whonix-libvirt/persistent-mode-to-read-write.

https://forums.whonix.org/t/whonix-host-operating-system/3931/213

Included since Whonix 15.0.1.0.8-developers-only.