{"id":2544,"date":"2015-08-22T03:03:03","date_gmt":"2015-08-22T03:03:03","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2544"},"modified":"2015-08-22T03:03:03","modified_gmt":"2015-08-22T03:03:03","slug":"whonix-anonymous-operating-system-version-11-released","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2544","title":{"rendered":"Whonix Anonymous Operating System Version 11 Released!"},"content":{"rendered":"<p><strong><a href=\"https:\/\/www.whonix.org\/\">Whonix<\/a> <\/strong>is an operating system focused on anonymity, privacy and security. It\u2019s based on the Tor anonymity network, Debian GNU\/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user\u2019s real IP.<br \/>\n<strong>Whonix consists of two parts:<\/strong><\/p>\n<ul>\n<li>One solely runs Tor and acts as a gateway, which we call Whonix-Gateway.<\/li>\n<li>Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.<\/li>\n<\/ul>\n<p><strong>Whonix for Qubes<br \/>\n<\/strong><br \/>\nhttps:\/\/www.whonix.org\/wiki\/Qubes<br \/>\n<strong>Whonix for KVM<br \/>\n<\/strong><br \/>\n<a href=\"https:\/\/www.whonix.org\/wiki\/KVM\">https:\/\/www.whonix.org\/wiki\/KVM<\/a><br \/>\n<strong>Whonix for VirtualBox<\/strong><br \/>\n<a href=\"https:\/\/www.whonix.org\/wiki\/VirtualBox\">https:\/\/www.whonix.org\/wiki\/VirtualBox<\/a><br \/>\n<strong>If you want to upgrade existing Whonix version using Whonix\u2019s APT<\/strong> <strong>repository<\/strong><br \/>\nSpecial instructions required:<br \/>\n<a href=\"https:\/\/www.whonix.org\/wiki\/Upgrading_Whonix_10_to_Whonix_11\">https:\/\/www.whonix.org\/wiki\/Upgrading_Whonix_10_to_Whonix_11<\/a><br \/>\n<strong>Edit 1:<\/strong><br \/>\nThere will be no more support for upgrading Whonix 10 to Whonix 11 after October 17 2015.<br \/>\n<strong>If you want to upgrade existing Whonix version from source code<\/strong><br \/>\nSee <a href=\"https:\/\/www.whonix.org\/wiki\/Dev\/BuildDocumentation\">https:\/\/www.whonix.org\/wiki\/Dev\/BuildDocumentation<\/a>.<br \/>\n&nbsp;<br \/>\n<strong>Changelog between Whonix 10 and Whonix 11:<\/strong><br \/>\nSee following two blog posts that were calls for testing, these contain the changelogs. Whonix 11.0.0.3.0 has been blessed stable and released as Whonix 11.<br \/>\n\u2013 <a href=\"https:\/\/www.whonix.org\/blog\/whonix-11-testers-wanted\">https:\/\/www.whonix.org\/blog\/whonix-11-testers-wanted<\/a><br \/>\n\u2013 <a href=\"https:\/\/www.whonix.org\/blog\/testers-wanted-rc-11-0-0-3-0\">https:\/\/www.whonix.org\/blog\/testers-wanted-rc-11-0-0-3-0<\/a><\/p>\n<ul>\n<li>fixed custom workstation build<\/li>\n<li>\u00a0build script: refactoring, use errtrace rather than many traps \u2013 https:\/\/phabricator.whonix.org\/T48<\/li>\n<li>build script: refactoring, use exit trap to reduce code duplication \u2013 https:\/\/phabricator.whonix.org\/T269<\/li>\n<li>whonixcheck: warn if whonix-gateway \/ whonix-workstation package is not installed \u2013 https:\/\/phabricator.whonix.org\/T264<\/li>\n<li>whonixcheck: warn if there is low entropy \u2013 https:\/\/phabricator.whonix.org\/T202<\/li>\n<li>build, anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository: changed release codename from wheezy to jessie \u2013 https:\/\/phabricator.whonix.org\/T270<\/li>\n<li>grub-enable-apparmor: Refactoring. Simplified for Debian jessie. Thanks to the new `\/etc\/default\/grub.d` configuration folder, the `grub-enable-apparmor` has been greatly simplified. No longer need to config-package-dev divert `\/etc\/default\/grub`.<\/li>\n<li>genmkfile: if debuild not available, recommend installation of the devscripts package<\/li>\n<li>build script: added fakeroot to whonix_build_script_build_dependency (required for verifiable builds)<\/li>\n<li>genmkfile: if debuild not available, recommend installation of the devscripts package<\/li>\n<li>genmkfile: fix, do not set automatically make_use_gain_root_command to true if fakeroot is not installed<\/li>\n<li>\u00a0genmkfile: run dpkg-checkbuilddeps before lintian to show better hint if build dependencies are missing<\/li>\n<li>build script: build-steps.d\/1200_create-debian-packages: commented out get_extra_packages, no longer need to download packages from testing<\/li>\n<li>build script: refactoring, created separate help step, help-steps\/git_sanity_test<\/li>\n<li>\u00a0whonixcheck: verbose output for check_tor_socks_port_reachability<\/li>\n<li>\u00a0all packages: packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support<\/li>\n<li>\u00a0lintian warning copyright fix<\/li>\n<li>\u00a0tb-updater: show \u201chighest version number is not necessarily the best one\u201d message also on first run if no Tor Browser is installed yet \u2013 https:\/\/phabricator.whonix.org\/T283<\/li>\n<li>\u00a0build script: No longer install acpi-support-base by default on jessie, because systemd now implements that functionality. \u2013 https:\/\/phabricator.whonix.org\/T284<\/li>\n<li>\u00a0whonixcheck: added link to Whonix Build Version documentation https:\/\/www.whonix.org\/wiki\/Whonixcheck#Whonix_Build_Version \u2013 https:\/\/phabricator.whonix.org\/T276<\/li>\n<li>build script: Fix commit 287bdcf6ddee007ba579e3ee9a1997edc8188581 \u2018\u201dmakefile: added \u2013pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining \u201cmissing upstream changelog\u201d warning\u2019 \u2013 added \u2013pedantic help-steps\/variables.<\/li>\n<li>all packages: added debian\/source\/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning \u2013 https:\/\/phabricator.whonix.org\/T277<\/li>\n<li>whonix-setup-wizard, anon-gw-anonyminizer-config, whonixcheck, whonix-ws-start-menu-additions, whonix-host-firewall: added \u2018Keywords=\u2019 to \u2018.desktop\u2019 files to fix lintian warning \u2018desktop-entry-lacks-keywords-entry\u2019 \u2013 https:\/\/phabricator.whonix.org\/T281<\/li>\n<li>\u00a0anon-shared-helper scripts: replaced dependency \u2018python-support (&gt;= 0.90)\u2019 with dh-python to fix lintian warning<\/li>\n<li>control-port-filter-python: packaging, use debhelper with python2 to fix lintian warning<\/li>\n<li>\u00a0modify apt-get parameters during build to prevent need to remove apt-listchanges \u2013 https:\/\/phabricator.whonix.org\/T282<\/li>\n<li>build-script: refactoring, moved variables DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND from help-steps\/variables to buildconfig.d\/30_apt_opts<\/li>\n<li>\u00a0genmkfile: hint \u201cIs the build dependency genmkfile installed?\u201d if genmkfile is not installed<\/li>\n<li>genmkfile: hint \u2018dpkg-parsechangelog not found. Do you have the \u201cbuild-essential\u201d package installed?\u2019 if dpkg-parsechangelog is not available<\/li>\n<li>\u00a0sdwdate: removed dependency on ruby1.9.1-dev to fix lintian warning \u2018E: sdwdate: depends-on-obsolete-package depends: ruby1.9.1-dev\u2019<\/li>\n<li>whonixcheck: show diagnostic message on whonixcheck Whonix News gpg verification failure by default<\/li>\n<li>\u00a0build script: Fix building Whonix on Whonix, fix if `lsb_release \u2013short \u2013i` returns \u2018Whonix\u2019. Temp hack \u2018export whonix_build_on_operating_system=\u201ddebian\u201d\u2018 no longer required. Thanks to @nrgaway for the bug report and the analysis. \u2013 https:\/\/phabricator.whonix.org\/T278<\/li>\n<li>tb-updater: tbbversion_installed parser fix<\/li>\n<li>\u00a0anon-meta-packages: removed dependency on libupower-glib1 which is no longer available in Debian jessie (which has been replaced by upower, that already gets installed)<\/li>\n<li>\u00a0anon-base-files, whonix-developer-meta-files: implemented WHONIX_BUILD_QUBES=true environment variable support \u2013 https:\/\/phabricator.whonix.org\/T298<\/li>\n<li>anon-meta-packages: whonix-gateway and whonix-workstation package no longer depend on anon-shared-build-fix-grub because it has been made a weak dependency for better physical isolation and Qubes support<\/li>\n<li>\u2013 code simplification, removed support for environment variable ANON_BUILD_INSTALL_TO_ROOT=true because anon-shared-build-fix-grub now gets only installed on required platforms<\/li>\n<li>implemented build parameter \u2018\u2013unsafe-io true\u2019, that speeds up builds, that uses \u2018-o Dpkg::Options::=\u2013force-unsafe-io\u2019, eatmydata and ignores \u2018sync\u2019. \u2013 Thanks to @nrgaway for the suggestion!\u00a0 \u2013 https:\/\/phabricator.whonix.org\/T295<\/li>\n<li>implemented $apt_misc_opts \u2013 https:\/\/phabricator.whonix.org\/T295<\/li>\n<li>whonixcheck: new \u2013verbose debug feature, showing output of systemd-detect-virt<\/li>\n<li>\u00a0vbox-disable-timesync: more robust implementation that is compatible with systemd \u2013 https:\/\/phabricator.whonix.org\/T106<\/li>\n<li>\u00a0timesync: compatibility with systemd \u2013 https:\/\/phabricator.whonix.org\/T106<\/li>\n<li>whonixcheck, msgdispatcher: ported to systemd \u2013 https:\/\/phabricator.whonix.org\/T106<\/li>\n<li>qubes-whonix: skip rads on Qubes \u2013 https:\/\/phabricator.whonix.org\/T306<\/li>\n<li>systemd unit files: workaround\/fix, removed spaces from \u2018WantedBy = \u2018, likely bug in \u2018deb-systemd-helper\u2019 that prevents enabling the service by default \u2013 https:\/\/phabricator.whonix.org\/T316<\/li>\n<li>created a hellodaemon package, useful for Debian systemd packaging debugging \u2013 not part of Whonix \u2013 https:\/\/github.com\/adrelanos\/hellodaemon<\/li>\n<li>whonixcheck: debian\/control: fix, added to \u2018Build-Depends:\u2019 \u2018ruby-ronn (&gt;= 0.7.3)\u2019<\/li>\n<li>disable torsocks warning spam \u2013 https:\/\/phabricator.whonix.org\/T317<\/li>\n<li>whonix-libvirt: fixed CI builds<\/li>\n<li>whonix-libvirt: added driver name=\u2019qemu\u2019 \u2013 Thanks to HulaHoop! \u2013 https:\/\/github.com\/Whonix\/whonix-libvirt\/pull\/20 https:\/\/github.com\/Whonix\/whonix-libvirt\/pull\/19 https:\/\/github.com\/Whonix\/whonix-libvirt\/pull\/18<\/li>\n<li>\u00a0anon-meta-packages: added obfs4proxy to anon-gateway-packages-recommended \u2013 https:\/\/phabricator.whonix.org\/T323<\/li>\n<li>anon-meta-packages: added apt-transport-tor to anon-shared-packages-recommended \u2013 https:\/\/phabricator.whonix.org\/T92<\/li>\n<li>whonix-gw-network-conf, whonix-ws-network-conf: Removed \u2018pre-up \/usr\/bin\/whonix_firewall\u2019, because \/etc\/network\/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in \/etc\/network\/if-pre-up.d\/ fails http:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=700811 was fixed. \u2013 https:\/\/phabricator.whonix.org\/T68<\/li>\n<li>whonix-gw-firewall, whonix-ws-firewall, whonix-host-firewall: Made package more standalone. Requiring \u2018pre-up \/usr\/bin\/whonix_firewall\u2019 in \/etc\/network\/interfaces is no longer necessary. Added etc\/network\/if-pre-up.d\/30_whonix_firewall to load the firewall, because of a Debian upstream bug \u2018interface comes up even if a script in \/etc\/network\/if-pre-up.d\/ fails\u2019 http:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=700811 was fixed. \u2013 https:\/\/phabricator.whonix.org\/T68<\/li>\n<li>whonixsetup, whonix-setup-wizard: fix \u2018Tor fails after reload related to torrc DisableNetwork setting issue\u2019 by only restarting Tor, no longer trying to reload Tor \u2013 https:\/\/phabricator.whonix.org\/T320<\/li>\n<li>rads: Improved implementation. When there is enough RAM\u2026 On \u2018enter\u2019: instantly start login manager. On \u2018ctrl + c\u2019: instantly abort and do not start login manager. On \u2018timeout\u2019: start login manager. Thanks to \u2018dh_systemd_start \u2013no-start\u2019 we can now use \u2018StandardInput=tty\u2019 and \u2018read\u2019 instead of \u2018systemd-ask-password\u2019. Now we could even implement an interactive menu at boot (that allows to configure wait time and\/or disabling rads). \u2013 https:\/\/phabricator.whonix.org\/T57<\/li>\n<li>whonixcheck: abolished random wait by default \u2013 https:\/\/phabricator.whonix.org\/T299<\/li>\n<li>anon-ws-disable-stacked-tor: fixed \u2018insserv: script tor.anondist-orig: service tor already provided!\u2019 warning during upgrades \u2013 https:\/\/phabricator.whonix.org\/T303<\/li>\n<li>anon-ws-disable-stacked-tor: systemd compatibility \u2013 https:\/\/phabricator.whonix.org\/T303<\/li>\n<li>anon-base-files: no longer \u2018set -o pipefail\u2019 in \/usr\/lib\/pre.bsh. config-package-dev doesn\u2019t like \u2018set -o pipefail\u2019 \u2013 http:\/\/mailman.mit.edu\/pipermail\/config-package-dev\/2015-May\/000041.html \u2013 https:\/\/phabricator.whonix.org\/T329<\/li>\n<li>upstream bug report: spaces in Tor\u2019s systemd unit file causes issues \u2013 https:\/\/trac.torproject.org\/projects\/tor\/ticket\/16162<\/li>\n<li>upstream bug report: Tor dies on reload when swichting to \u2018DisableNetwork 0\u2019 when using \u2018DnsPort 127.0.0.1:53\u2019 \u2013 https:\/\/trac.torproject.org\/projects\/tor\/ticket\/16161<\/li>\n<li>build script: fix, support \u2018\u2013verifiable false\u2019 (was \u2018\u2013verifiable minimal\u2019 while build documentation said \u2018false\u2019)<\/li>\n<li>uwt: multi user fix \u2013 https:\/\/www.whonix.org\/forum\/index.php\/topic,1267<\/li>\n<li>Qubes: WiFi Realtek RTL8191SEvB Issue and Solution \u00a0https:\/\/groups.google.com\/forum\/#!topic\/qubes-users\/kMGTSwP72aU<\/li>\n<li>whonix-setup-wizard API proposal: https:\/\/www.whonix.org\/wiki\/Dev\/whonixsetup<\/li>\n<\/ul>\n<div><\/div>\n<p><strong>If you want to build images from source code<\/strong><br \/>\nSee <a href=\"https:\/\/www.whonix.org\/wiki\/Dev\/BuildDocumentation\">https:\/\/www.whonix.org\/wiki\/Dev\/BuildDocumentation<\/a>.<br \/>\n<strong>Call for Help<\/strong><br \/>\n\u2013 If you know javascript, python, shell scripting (\/bin\/bash) and\/or linux sysadmin, please join us!<br \/>\n\u2013 Contribute: <a href=\"https:\/\/www.whonix.org\/wiki\/Contribute\">https:\/\/www.whonix.org\/wiki\/Contribute<\/a><br \/>\n\u2013 Donate: <a href=\"https:\/\/www.whonix.org\/wiki\/Donate\">https:\/\/www.whonix.org\/wiki\/Donate<\/a><br \/>\n&nbsp;<br \/>\n<strong>Source:<\/strong>\u00a0https:\/\/www.whonix.org<br \/>\n<strong><a href=\"https:\/\/www.whonix.org\/wiki\/Main_Page#Download_Whonix\" target=\"_blank\" rel=\"noopener noreferrer\">Download Whonix<\/a><\/strong><br \/>\n&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Whonix is an operating system focused on anonymity, privacy and security. It\u2019s based on the Tor anonymity network, Debian GNU\/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user\u2019s real IP. Whonix consists of two parts: One solely runs Tor and acts as a<\/p>\n","protected":false},"author":1,"featured_media":2545,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,13],"tags":[22,557,275],"class_list":["post-2544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-opensource","tag-linux","tag-os","tag-pentest"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2544"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2544\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}