News Opensource

Whonix Anonymous Operating System Version 11 Released!

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.

Whonix consists of two parts:

  • One solely runs Tor and acts as a gateway, which we call Whonix-Gateway.
  • Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

Whonix for Qubes

https://www.whonix.org/wiki/Qubes

Whonix for KVM

https://www.whonix.org/wiki/KVM

Whonix for VirtualBox

https://www.whonix.org/wiki/VirtualBox

If you want to upgrade existing Whonix version using Whonix’s APT repository

Special instructions required:
https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

Edit 1:

There will be no more support for upgrading Whonix 10 to Whonix 11 after October 17 2015.

If you want to upgrade existing Whonix version from source code

See https://www.whonix.org/wiki/Dev/BuildDocumentation.

 

Changelog between Whonix 10 and Whonix 11:

See following two blog posts that were calls for testing, these contain the changelogs. Whonix 11.0.0.3.0 has been blessed stable and released as Whonix 11.

https://www.whonix.org/blog/whonix-11-testers-wanted
https://www.whonix.org/blog/testers-wanted-rc-11-0-0-3-0

  • fixed custom workstation build
  •  build script: refactoring, use errtrace rather than many traps – https://phabricator.whonix.org/T48
  • build script: refactoring, use exit trap to reduce code duplication – https://phabricator.whonix.org/T269
  • whonixcheck: warn if whonix-gateway / whonix-workstation package is not installed – https://phabricator.whonix.org/T264
  • whonixcheck: warn if there is low entropy – https://phabricator.whonix.org/T202
  • build, anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository: changed release codename from wheezy to jessie – https://phabricator.whonix.org/T270
  • grub-enable-apparmor: Refactoring. Simplified for Debian jessie. Thanks to the new /etc/default/grub.d configuration folder, the grub-enable-apparmor has been greatly simplified. No longer need to config-package-dev divert /etc/default/grub.
  • genmkfile: if debuild not available, recommend installation of the devscripts package
  • build script: added fakeroot to whonix_build_script_build_dependency (required for verifiable builds)
  • genmkfile: if debuild not available, recommend installation of the devscripts package
  • genmkfile: fix, do not set automatically make_use_gain_root_command to true if fakeroot is not installed
  •  genmkfile: run dpkg-checkbuilddeps before lintian to show better hint if build dependencies are missing
  • build script: build-steps.d/1200_create-debian-packages: commented out get_extra_packages, no longer need to download packages from testing
  • build script: refactoring, created separate help step, help-steps/git_sanity_test
  •  whonixcheck: verbose output for check_tor_socks_port_reachability
  •  all packages: packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support
  •  lintian warning copyright fix
  •  tb-updater: show “highest version number is not necessarily the best one” message also on first run if no Tor Browser is installed yet – https://phabricator.whonix.org/T283
  •  build script: No longer install acpi-support-base by default on jessie, because systemd now implements that functionality. – https://phabricator.whonix.org/T284
  •  whonixcheck: added link to Whonix Build Version documentation https://www.whonix.org/wiki/Whonixcheck#Whonix_Build_Version – https://phabricator.whonix.org/T276
  • build script: Fix commit 287bdcf6ddee007ba579e3ee9a1997edc8188581 ‘”makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning’ – added –pedantic help-steps/variables.
  • all packages: added debian/source/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning – https://phabricator.whonix.org/T277
  • whonix-setup-wizard, anon-gw-anonyminizer-config, whonixcheck, whonix-ws-start-menu-additions, whonix-host-firewall: added ‘Keywords=’ to ‘.desktop’ files to fix lintian warning ‘desktop-entry-lacks-keywords-entry’ – https://phabricator.whonix.org/T281
  •  anon-shared-helper scripts: replaced dependency ‘python-support (>= 0.90)’ with dh-python to fix lintian warning
  • control-port-filter-python: packaging, use debhelper with python2 to fix lintian warning
  •  modify apt-get parameters during build to prevent need to remove apt-listchanges – https://phabricator.whonix.org/T282
  • build-script: refactoring, moved variables DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND from help-steps/variables to buildconfig.d/30_apt_opts
  •  genmkfile: hint “Is the build dependency genmkfile installed?” if genmkfile is not installed
  • genmkfile: hint ‘dpkg-parsechangelog not found. Do you have the “build-essential” package installed?’ if dpkg-parsechangelog is not available
  •  sdwdate: removed dependency on ruby1.9.1-dev to fix lintian warning ‘E: sdwdate: depends-on-obsolete-package depends: ruby1.9.1-dev’
  • whonixcheck: show diagnostic message on whonixcheck Whonix News gpg verification failure by default
  •  build script: Fix building Whonix on Whonix, fix if lsb_release –short –i returns ‘Whonix’. Temp hack ‘export whonix_build_on_operating_system=”debian”‘ no longer required. Thanks to @nrgaway for the bug report and the analysis. – https://phabricator.whonix.org/T278
  • tb-updater: tbbversion_installed parser fix
  •  anon-meta-packages: removed dependency on libupower-glib1 which is no longer available in Debian jessie (which has been replaced by upower, that already gets installed)
  •  anon-base-files, whonix-developer-meta-files: implemented WHONIX_BUILD_QUBES=true environment variable support – https://phabricator.whonix.org/T298
  • anon-meta-packages: whonix-gateway and whonix-workstation package no longer depend on anon-shared-build-fix-grub because it has been made a weak dependency for better physical isolation and Qubes support
  • – code simplification, removed support for environment variable ANON_BUILD_INSTALL_TO_ROOT=true because anon-shared-build-fix-grub now gets only installed on required platforms
  • implemented build parameter ‘–unsafe-io true’, that speeds up builds, that uses ‘-o Dpkg::Options::=–force-unsafe-io’, eatmydata and ignores ‘sync’. – Thanks to @nrgaway for the suggestion!  – https://phabricator.whonix.org/T295
  • implemented $apt_misc_opts – https://phabricator.whonix.org/T295
  • whonixcheck: new –verbose debug feature, showing output of systemd-detect-virt
  •  vbox-disable-timesync: more robust implementation that is compatible with systemd – https://phabricator.whonix.org/T106
  •  timesync: compatibility with systemd – https://phabricator.whonix.org/T106
  • whonixcheck, msgdispatcher: ported to systemd – https://phabricator.whonix.org/T106
  • qubes-whonix: skip rads on Qubes – https://phabricator.whonix.org/T306
  • systemd unit files: workaround/fix, removed spaces from ‘WantedBy = ‘, likely bug in ‘deb-systemd-helper’ that prevents enabling the service by default – https://phabricator.whonix.org/T316
  • created a hellodaemon package, useful for Debian systemd packaging debugging – not part of Whonix – https://github.com/adrelanos/hellodaemon
  • whonixcheck: debian/control: fix, added to ‘Build-Depends:’ ‘ruby-ronn (>= 0.7.3)’
  • disable torsocks warning spam – https://phabricator.whonix.org/T317
  • whonix-libvirt: fixed CI builds
  • whonix-libvirt: added driver name=’qemu’ – Thanks to HulaHoop! – https://github.com/Whonix/whonix-libvirt/pull/20 https://github.com/Whonix/whonix-libvirt/pull/19 https://github.com/Whonix/whonix-libvirt/pull/18
  •  anon-meta-packages: added obfs4proxy to anon-gateway-packages-recommended – https://phabricator.whonix.org/T323
  • anon-meta-packages: added apt-transport-tor to anon-shared-packages-recommended – https://phabricator.whonix.org/T92
  • whonix-gw-network-conf, whonix-ws-network-conf: Removed ‘pre-up /usr/bin/whonix_firewall’, because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68
  • whonix-gw-firewall, whonix-ws-firewall, whonix-host-firewall: Made package more standalone. Requiring ‘pre-up /usr/bin/whonix_firewall’ in /etc/network/interfaces is no longer necessary. Added etc/network/if-pre-up.d/30_whonix_firewall to load the firewall, because of a Debian upstream bug ‘interface comes up even if a script in /etc/network/if-pre-up.d/ fails’ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68
  • whonixsetup, whonix-setup-wizard: fix ‘Tor fails after reload related to torrc DisableNetwork setting issue’ by only restarting Tor, no longer trying to reload Tor – https://phabricator.whonix.org/T320
  • rads: Improved implementation. When there is enough RAM… On ‘enter’: instantly start login manager. On ‘ctrl + c’: instantly abort and do not start login manager. On ‘timeout’: start login manager. Thanks to ‘dh_systemd_start –no-start’ we can now use ‘StandardInput=tty’ and ‘read’ instead of ‘systemd-ask-password’. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). – https://phabricator.whonix.org/T57
  • whonixcheck: abolished random wait by default – https://phabricator.whonix.org/T299
  • anon-ws-disable-stacked-tor: fixed ‘insserv: script tor.anondist-orig: service tor already provided!’ warning during upgrades – https://phabricator.whonix.org/T303
  • anon-ws-disable-stacked-tor: systemd compatibility – https://phabricator.whonix.org/T303
  • anon-base-files: no longer ‘set -o pipefail’ in /usr/lib/pre.bsh. config-package-dev doesn’t like ‘set -o pipefail’ – http://mailman.mit.edu/pipermail/config-package-dev/2015-May/000041.html – https://phabricator.whonix.org/T329
  • upstream bug report: spaces in Tor’s systemd unit file causes issues – https://trac.torproject.org/projects/tor/ticket/16162
  • upstream bug report: Tor dies on reload when swichting to ‘DisableNetwork 0’ when using ‘DnsPort 127.0.0.1:53’ – https://trac.torproject.org/projects/tor/ticket/16161
  • build script: fix, support ‘–verifiable false’ (was ‘–verifiable minimal’ while build documentation said ‘false’)
  • uwt: multi user fix – https://www.whonix.org/forum/index.php/topic,1267
  • Qubes: WiFi Realtek RTL8191SEvB Issue and Solution  https://groups.google.com/forum/#!topic/qubes-users/kMGTSwP72aU
  • whonix-setup-wizard API proposal: https://www.whonix.org/wiki/Dev/whonixsetup

If you want to build images from source code

See https://www.whonix.org/wiki/Dev/BuildDocumentation.

Call for Help

– If you know javascript, python, shell scripting (/bin/bash) and/or linux sysadmin, please join us!
– Contribute: https://www.whonix.org/wiki/Contribute
– Donate: https://www.whonix.org/wiki/Donate

 

Source: https://www.whonix.org

Download Whonix

 

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.

I’m a Linux,opensource advocate and interested in network security and InfoSec.

Leave a Reply