News Opensource

Whonix Anonymous Operating System Version 11 Released!

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.
Whonix consists of two parts:

  • One solely runs Tor and acts as a gateway, which we call Whonix-Gateway.
  • Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

Whonix for Qubes
Whonix for KVM
Whonix for VirtualBox
If you want to upgrade existing Whonix version using Whonix’s APT repository
Special instructions required:
Edit 1:
There will be no more support for upgrading Whonix 10 to Whonix 11 after October 17 2015.
If you want to upgrade existing Whonix version from source code
Changelog between Whonix 10 and Whonix 11:
See following two blog posts that were calls for testing, these contain the changelogs. Whonix has been blessed stable and released as Whonix 11.

  • fixed custom workstation build
  •  build script: refactoring, use errtrace rather than many traps –
  • build script: refactoring, use exit trap to reduce code duplication –
  • whonixcheck: warn if whonix-gateway / whonix-workstation package is not installed –
  • whonixcheck: warn if there is low entropy –
  • build, anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository: changed release codename from wheezy to jessie –
  • grub-enable-apparmor: Refactoring. Simplified for Debian jessie. Thanks to the new `/etc/default/grub.d` configuration folder, the `grub-enable-apparmor` has been greatly simplified. No longer need to config-package-dev divert `/etc/default/grub`.
  • genmkfile: if debuild not available, recommend installation of the devscripts package
  • build script: added fakeroot to whonix_build_script_build_dependency (required for verifiable builds)
  • genmkfile: if debuild not available, recommend installation of the devscripts package
  • genmkfile: fix, do not set automatically make_use_gain_root_command to true if fakeroot is not installed
  •  genmkfile: run dpkg-checkbuilddeps before lintian to show better hint if build dependencies are missing
  • build script: build-steps.d/1200_create-debian-packages: commented out get_extra_packages, no longer need to download packages from testing
  • build script: refactoring, created separate help step, help-steps/git_sanity_test
  •  whonixcheck: verbose output for check_tor_socks_port_reachability
  •  all packages: packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support
  •  lintian warning copyright fix
  •  tb-updater: show “highest version number is not necessarily the best one” message also on first run if no Tor Browser is installed yet –
  •  build script: No longer install acpi-support-base by default on jessie, because systemd now implements that functionality. –
  •  whonixcheck: added link to Whonix Build Version documentation –
  • build script: Fix commit 287bdcf6ddee007ba579e3ee9a1997edc8188581 ‘”makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning’ – added –pedantic help-steps/variables.
  • all packages: added debian/source/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning –
  • whonix-setup-wizard, anon-gw-anonyminizer-config, whonixcheck, whonix-ws-start-menu-additions, whonix-host-firewall: added ‘Keywords=’ to ‘.desktop’ files to fix lintian warning ‘desktop-entry-lacks-keywords-entry’ –
  •  anon-shared-helper scripts: replaced dependency ‘python-support (>= 0.90)’ with dh-python to fix lintian warning
  • control-port-filter-python: packaging, use debhelper with python2 to fix lintian warning
  •  modify apt-get parameters during build to prevent need to remove apt-listchanges –
  • build-script: refactoring, moved variables DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND from help-steps/variables to buildconfig.d/30_apt_opts
  •  genmkfile: hint “Is the build dependency genmkfile installed?” if genmkfile is not installed
  • genmkfile: hint ‘dpkg-parsechangelog not found. Do you have the “build-essential” package installed?’ if dpkg-parsechangelog is not available
  •  sdwdate: removed dependency on ruby1.9.1-dev to fix lintian warning ‘E: sdwdate: depends-on-obsolete-package depends: ruby1.9.1-dev’
  • whonixcheck: show diagnostic message on whonixcheck Whonix News gpg verification failure by default
  •  build script: Fix building Whonix on Whonix, fix if `lsb_release –short –i` returns ‘Whonix’. Temp hack ‘export whonix_build_on_operating_system=”debian”‘ no longer required. Thanks to @nrgaway for the bug report and the analysis. –
  • tb-updater: tbbversion_installed parser fix
  •  anon-meta-packages: removed dependency on libupower-glib1 which is no longer available in Debian jessie (which has been replaced by upower, that already gets installed)
  •  anon-base-files, whonix-developer-meta-files: implemented WHONIX_BUILD_QUBES=true environment variable support –
  • anon-meta-packages: whonix-gateway and whonix-workstation package no longer depend on anon-shared-build-fix-grub because it has been made a weak dependency for better physical isolation and Qubes support
  • – code simplification, removed support for environment variable ANON_BUILD_INSTALL_TO_ROOT=true because anon-shared-build-fix-grub now gets only installed on required platforms
  • implemented build parameter ‘–unsafe-io true’, that speeds up builds, that uses ‘-o Dpkg::Options::=–force-unsafe-io’, eatmydata and ignores ‘sync’. – Thanks to @nrgaway for the suggestion!  –
  • implemented $apt_misc_opts –
  • whonixcheck: new –verbose debug feature, showing output of systemd-detect-virt
  •  vbox-disable-timesync: more robust implementation that is compatible with systemd –
  •  timesync: compatibility with systemd –
  • whonixcheck, msgdispatcher: ported to systemd –
  • qubes-whonix: skip rads on Qubes –
  • systemd unit files: workaround/fix, removed spaces from ‘WantedBy = ‘, likely bug in ‘deb-systemd-helper’ that prevents enabling the service by default –
  • created a hellodaemon package, useful for Debian systemd packaging debugging – not part of Whonix –
  • whonixcheck: debian/control: fix, added to ‘Build-Depends:’ ‘ruby-ronn (>= 0.7.3)’
  • disable torsocks warning spam –
  • whonix-libvirt: fixed CI builds
  • whonix-libvirt: added driver name=’qemu’ – Thanks to HulaHoop! –
  •  anon-meta-packages: added obfs4proxy to anon-gateway-packages-recommended –
  • anon-meta-packages: added apt-transport-tor to anon-shared-packages-recommended –
  • whonix-gw-network-conf, whonix-ws-network-conf: Removed ‘pre-up /usr/bin/whonix_firewall’, because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails was fixed. –
  • whonix-gw-firewall, whonix-ws-firewall, whonix-host-firewall: Made package more standalone. Requiring ‘pre-up /usr/bin/whonix_firewall’ in /etc/network/interfaces is no longer necessary. Added etc/network/if-pre-up.d/30_whonix_firewall to load the firewall, because of a Debian upstream bug ‘interface comes up even if a script in /etc/network/if-pre-up.d/ fails’ was fixed. –
  • whonixsetup, whonix-setup-wizard: fix ‘Tor fails after reload related to torrc DisableNetwork setting issue’ by only restarting Tor, no longer trying to reload Tor –
  • rads: Improved implementation. When there is enough RAM… On ‘enter’: instantly start login manager. On ‘ctrl + c’: instantly abort and do not start login manager. On ‘timeout’: start login manager. Thanks to ‘dh_systemd_start –no-start’ we can now use ‘StandardInput=tty’ and ‘read’ instead of ‘systemd-ask-password’. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). –
  • whonixcheck: abolished random wait by default –
  • anon-ws-disable-stacked-tor: fixed ‘insserv: script tor.anondist-orig: service tor already provided!’ warning during upgrades –
  • anon-ws-disable-stacked-tor: systemd compatibility –
  • anon-base-files: no longer ‘set -o pipefail’ in /usr/lib/pre.bsh. config-package-dev doesn’t like ‘set -o pipefail’ – –
  • upstream bug report: spaces in Tor’s systemd unit file causes issues –
  • upstream bug report: Tor dies on reload when swichting to ‘DisableNetwork 0’ when using ‘DnsPort’ –
  • build script: fix, support ‘–verifiable false’ (was ‘–verifiable minimal’ while build documentation said ‘false’)
  • uwt: multi user fix –,1267
  • Qubes: WiFi Realtek RTL8191SEvB Issue and Solution!topic/qubes-users/kMGTSwP72aU
  • whonix-setup-wizard API proposal:

If you want to build images from source code
Call for Help
– If you know javascript, python, shell scripting (/bin/bash) and/or linux sysadmin, please join us!
– Contribute:
– Donate:
Download Whonix

Post Comment