Projects qubes-whonix 12

qubes-whonix 12Project
ArchivedPublic
Watch Project

Members (1)

Patrick (Patrick Schleizer)
a maintainer of Whonix
View All

Watchers

This project does not have any watchers.
View All

Recent Activity
View All

Jan 19 2023

Patrick archived qubes-whonix 12.

Jan 19 2023, 11:26 AM

Nov 19 2015

Patrick closed T349: /etc/systemd/system/qubes-whonix-tor.service code simplification as Resolved.

Nov 19 2015, 7:49 PM · refactoring, Whonix 12, Qubes, qubes-whonix 12, Whonix, whonixcheck

Patrick closed T395: integrate whonix-firewall-plugin.sh into whonix-gw-firewall as Resolved.

Nov 19 2015, 7:48 PM · whonix-gw-firewall, qubes-whonix 12, Whonix, Qubes, Whonix 12

Nov 5 2015

Patrick added a comment to T424: fix /etc/xdg/autostart vs systemd race condition.

qubes-whonix-firewall: Preventing race condition with Qubes Whonix Setup.:
https://github.com/Whonix/qubes-whonix/commit/790679d88bba74a587dbaedaae1ea166dcdf0989

Nov 5 2015, 7:05 PM · Debian version 10 codename Buster, enhancement, research, systemd, Whonix, Qubes

Patrick added a comment to T424: fix /etc/xdg/autostart vs systemd race condition.

That's alright as a workaround for Whonix 12. Let's see if there is a more efficient solution.

Nov 5 2015, 7:01 PM · Debian version 10 codename Buster, enhancement, research, systemd, Whonix, Qubes

marmarek added a comment to T424: fix /etc/xdg/autostart vs systemd race condition.

The easiest (but maybe not the most efficient) way would be adding
Before= ordering in service. In Qubes case, it would be
Before=qubes-gui-agent.service.

Nov 5 2015, 6:43 PM · Debian version 10 codename Buster, enhancement, research, systemd, Whonix, Qubes

Patrick added a comment to T424: fix /etc/xdg/autostart vs systemd race condition.

How to have an /etc/xdg/autostart/app.desktop service wait for a (systemd) service?
http://unix.stackexchange.com/questions/241058/how-to-have-an-etc-xdg-autostart-app-desktop-service-wait-for-a-systemd-servi

Nov 5 2015, 4:57 PM · Debian version 10 codename Buster, enhancement, research, systemd, Whonix, Qubes

Patrick created T424: fix /etc/xdg/autostart vs systemd race condition.

Nov 5 2015, 4:52 PM · Debian version 10 codename Buster, enhancement, research, systemd, Whonix, Qubes

Sep 8 2015

Patrick closed T162: qubes-whonix handling of /etc/timezone and /etc/localtime as Resolved.

In T162#1975, @Patrick wrote:

I have a simpler solution in mind.

feature request against core-agent-linux that basically says:
"If setting Y is set in X (.d style folder preferred), then omit syncing vm timezone to dom0, because ... anonymity distributions ..."

Sep 8 2015, 3:53 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick added a comment to T162: qubes-whonix handling of /etc/timezone and /etc/localtime.

abolished hack to write to /etc/localtime and /etc/timezone because now using Qubes protected files mechanism:
https://github.com/Whonix/qubes-whonix/commit/d11e42836f027c00e321c2660e332bbd47bd2670

Sep 8 2015, 3:52 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick closed T173: triggers interest-noawait /etc/resolv.conf will probably not work as Resolved.

fixed 'triggers interest-noawait /etc/resolv.conf will probably not work' - https://phabricator.whonix.org/T173:
https://github.com/Whonix/qubes-whonix/commit/d299505b6c7bbf7b2e856e5e2d87b5de4d664f9e

Sep 8 2015, 3:47 PM · Whonix 12, qubes-whonix 12, Qubes, Whonix

Aug 19 2015

Patrick closed T32: check if the haveged entropy gathering daemon passes entropy tests in Qubes as Resolved.

Couldn't find any irregularities compared to non-Qubes systems.

Aug 19 2015, 6:17 PM · Whonix 12, qubes-whonix 12, Whonix, security, Qubes

Patrick closed T370: whonix_build and whonix_build_post should not end up in home folder as Resolved.

Aug 19 2015, 5:48 PM · usability, bug, Whonix 12, Whonix, qubes-whonix 12

Patrick assigned T370: whonix_build and whonix_build_post should not end up in home folder to nrgaway.

No longer the case with Whonix 11.

Aug 19 2015, 5:48 PM · usability, bug, Whonix 12, Whonix, qubes-whonix 12

Patrick closed T396: Qubes-Whonix obfsproxy AppArmor issue as Resolved.

fixed obfsproxy AppArmor issue "OSError: [Errno 13] Permission denied: '/rw/usrlocal/lib/python2.7/dist-packages'" using superior /etc/apparmor.d/tunables/home.d/qubes-whonix-anondist solution - https://phabricator.whonix.org/T396:
https://github.com/Whonix/apparmor-profile-anondist/commit/8785d3124c75dc39c6da2f1753e19b02d625a987

Aug 19 2015, 5:45 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Aug 18 2015

Patrick closed T398: Qubes-Whonix whonixcheck sanity test for 'prevent dom0 telling Qubes-Whonix VMs the time' as Resolved.

Added an info level message when running with --verbose if dom0 is telling us the time. As long as https://phabricator.whonix.org/T397 is unsolved. - https://phabricator.whonix.org/T398:
https://github.com/Whonix/whonixcheck/commit/0019e00e28ef85cdd95937d4d1e134335a03af18

Aug 18 2015, 2:01 AM · qubes-whonix 12, whonixcheck, Whonix 12, bug, security, Qubes, Whonix

Patrick added a comment to T398: Qubes-Whonix whonixcheck sanity test for 'prevent dom0 telling Qubes-Whonix VMs the time'.

/etc/qubes-rpc/qubes.SetDateTime.anondist: dom0 should not tell us its time. But if it does, create a file /var/run/qubes-whonix/qubes.SetDateTime so whonixcheck could warn in case this file exists. - https://phabricator.whonix.org/T398:
https://github.com/Whonix/qubes-whonix/commit/300d09b2514019e67fec16403177092f14504ba2

Aug 18 2015, 1:48 AM · qubes-whonix 12, whonixcheck, Whonix 12, bug, security, Qubes, Whonix

Aug 16 2015

Patrick created T398: Qubes-Whonix whonixcheck sanity test for 'prevent dom0 telling Qubes-Whonix VMs the time'.

Aug 16 2015, 2:10 AM · qubes-whonix 12, whonixcheck, Whonix 12, bug, security, Qubes, Whonix

Aug 15 2015

Patrick closed T186: many lintian warnings in qubes-whonix package as Resolved.

Those are all fixed in latest master.

Aug 15 2015, 8:10 PM · qubes-whonix 12, Qubes, Whonix

Patrick claimed T186: many lintian warnings in qubes-whonix package.

Aug 15 2015, 8:10 PM · qubes-whonix 12, Qubes, Whonix

Patrick added a comment to T162: qubes-whonix handling of /etc/timezone and /etc/localtime.

Alright! :)

Aug 15 2015, 6:52 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick reopened T396: Qubes-Whonix obfsproxy AppArmor issue as "Open".

Actually, that's a much better solution.

Aug 15 2015, 6:41 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.

Got another answer.

Aug 15 2015, 2:19 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

nrgaway added a comment to T162: qubes-whonix handling of /etc/timezone and /etc/localtime.

Go nuts at it ;)

Aug 15 2015, 12:50 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick closed T337: install Tor Browser by default in Qubes-Whonix as Resolved.

Done in Whonix 11.

Aug 15 2015, 12:39 AM · usability, sponsor-C, Whonix 12, qubes-whonix 12, Whonix

Aug 14 2015

Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.

In T396#6413, @Patrick wrote:

AppArmor upstream feature request - symlink support:
https://bugs.launchpad.net/apparmor/+bug/1485055

Aug 14 2015, 9:54 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Patrick raised the priority of T162: qubes-whonix handling of /etc/timezone and /etc/localtime from Low to Normal.

State of /usr/lib/qubes-whonix/init/qubes-whonix-sysinit at time of writing:
https://github.com/Whonix/qubes-whonix/blob/df04392a60c6c0c9edc0fe0909610f9711b31d4c/usr/lib/qubes-whonix/init/qubes-whonix-sysinit

Aug 14 2015, 7:39 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick claimed T162: qubes-whonix handling of /etc/timezone and /etc/localtime.

Aug 14 2015, 7:10 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick closed T396: Qubes-Whonix obfsproxy AppArmor issue as Resolved.

Aug 14 2015, 4:56 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.

AppArmor upstream feature request - symlink support:
https://bugs.launchpad.net/apparmor/+bug/1485055

Aug 14 2015, 4:56 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.

A real fix would require having an AppArmor option to follow symlinks.

Aug 14 2015, 4:49 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Patrick created T396: Qubes-Whonix obfsproxy AppArmor issue.

Aug 14 2015, 4:33 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Patrick closed T392: Qubes-Whonix-Workstation 11 build breaks during qubes package standard list installation as Resolved.

https://phabricator.whonix.org/T391#6396

Aug 14 2015, 3:26 PM · Whonix, Qubes, qubes-whonix 11, qubes-whonix 12, Whonix 11, Whonix 12

Patrick closed T391: taksel in Qubes-Whonix builds unwanted and breaking the build as Resolved.

No longer using taksel. Building Whonix templates now with flavor minimal and no-recommends to get better control of the installed packages. Therefore also no more build error.

Aug 14 2015, 3:25 PM · Whonix 12, Whonix 11, qubes-whonix 12, qubes-whonix 11, Qubes, Whonix

Aug 12 2015

Patrick added a comment to T162: qubes-whonix handling of /etc/timezone and /etc/localtime.

Actually there is a very elegant solution to this that requires no changes in Qubes.

Aug 12 2015, 8:05 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick updated subscribers of T162: qubes-whonix handling of /etc/timezone and /etc/localtime.

Aug 12 2015, 7:43 PM · Whonix 12, qubes-whonix 12, Whonix, Qubes

Patrick added a comment to T389: make sure Qubes-Whonix has no access to clocksource=xen.

In T389#6308, @Patrick wrote:

How to read clocksource xen as a [root] user?:
http://lists.xen.org/archives/html/xen-users/2015-08/msg00020.html

Aug 12 2015, 2:54 PM · mgmt, research, security, Whonix, Qubes

Patrick changed the status of T395: integrate whonix-firewall-plugin.sh into whonix-gw-firewall from Open to Review.

Stage 1 sounds good.

Aug 12 2015, 1:45 PM · whonix-gw-firewall, qubes-whonix 12, Whonix, Qubes, Whonix 12

nrgaway added a comment to T395: integrate whonix-firewall-plugin.sh into whonix-gw-firewall.

It would be nice to eliminate anything that is not Qubes specific in qubes-whonix pacakge completely, or as much as possible. Anything you can take out of it by intergrating into Whonix would be a good thing.

Aug 12 2015, 8:50 AM · whonix-gw-firewall, qubes-whonix 12, Whonix, Qubes, Whonix 12

Patrick created T395: integrate whonix-firewall-plugin.sh into whonix-gw-firewall.

Aug 12 2015, 3:03 AM · whonix-gw-firewall, qubes-whonix 12, Whonix, Qubes, Whonix 12

Patrick added a comment to T349: /etc/systemd/system/qubes-whonix-tor.service code simplification.

https://github.com/adrelanos/qubes-whonix/commit/1cb387851a091f5453daad01d205b8cd43f00747

Aug 12 2015, 1:52 AM · refactoring, Whonix 12, Qubes, qubes-whonix 12, Whonix, whonixcheck

Patrick changed the status of T349: /etc/systemd/system/qubes-whonix-tor.service code simplification from Open to Review.

https://github.com/Whonix/whonixcheck/blob/master/lib/systemd/system/whonixcheck.service is already using Wants=tor.service.

Aug 12 2015, 1:15 AM · refactoring, Whonix 12, Qubes, qubes-whonix 12, Whonix, whonixcheck

Patrick added a comment to T349: /etc/systemd/system/qubes-whonix-tor.service code simplification.

get rid of etc/systemd/system/qubes-whonix-tor.service which is error prone, code simplification - https://phabricator.whonix.org/T349:
https://github.com/adrelanos/qubes-whonix/commit/a1a022a974b8c13132369b391cd3194207f3bf19

Aug 12 2015, 1:11 AM · refactoring, Whonix 12, Qubes, qubes-whonix 12, Whonix, whonixcheck

Aug 11 2015

Patrick closed T307: switch from '--target root' to '--target qubes' for qubes-whonix builds as Resolved.

Aug 11 2015, 2:30 AM · Whonix 12, qubes-whonix 12, build, Whonix, Qubes

Patrick assigned T307: switch from '--target root' to '--target qubes' for qubes-whonix builds to nrgaway.

This is implemented:
https://github.com/nrgaway/qubes-template-whonix/blob/be0c1f53cc10a3ccb8628d132da35006225bdff6/whonix-gateway/02_install_groups_pre.sh#L37

Aug 11 2015, 2:29 AM · Whonix 12, qubes-whonix 12, build, Whonix, Qubes

Aug 10 2015

Patrick added a comment to T389: make sure Qubes-Whonix has no access to clocksource=xen.

Is it possible to read PVclock from user space?:
http://unix.stackexchange.com/questions/222287/is-it-possible-to-read-pvclock-from-user-space

Aug 10 2015, 12:59 PM · mgmt, research, security, Whonix, Qubes

Aug 7 2015

Patrick created T392: Qubes-Whonix-Workstation 11 build breaks during qubes package standard list installation.

Aug 7 2015, 12:00 AM · Whonix, Qubes, qubes-whonix 11, qubes-whonix 12, Whonix 11, Whonix 12

Aug 6 2015

marmarek added a comment to T391: taksel in Qubes-Whonix builds unwanted and breaking the build.

In T391#6310, @Patrick wrote:

Wild speculation: perhaps the build script killed apt-cacher-ng running on the build VM level?

Aug 6 2015, 10:44 PM · Whonix 12, Whonix 11, qubes-whonix 12, qubes-whonix 11, Qubes, Whonix

Patrick added a comment to T391: taksel in Qubes-Whonix builds unwanted and breaking the build.

In T391#6309, @marmarek wrote:

I think those are two totally unrelated issues:

Build failure

Usage of tasksel (and more generally - default package list for Qubes Debian template) in Whonix template build

Aug 6 2015, 9:18 PM · Whonix 12, Whonix 11, qubes-whonix 12, qubes-whonix 11, Qubes, Whonix

marmarek added a comment to T391: taksel in Qubes-Whonix builds unwanted and breaking the build.

I think those are two totally unrelated issues:

Build failure
Usage of tasksel (and more generally - default package list for Qubes Debian template) in Whonix template build

Aug 6 2015, 8:28 PM · Whonix 12, Whonix 11, qubes-whonix 12, qubes-whonix 11, Qubes, Whonix