Whonix 14 has been Released

[Patrick Schleizer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

After more than two years of development, the Whonix Project is proud
to announce the release of Whonix 14.

Whonix 14 is based on the Debian stretch (Debian 9) distribution which
was released in June 2017. This means users have access to many new
software packages in concert with existing packages such as a modern
branch of GNuPG, and more. [1][2][3]

**Major Changes and New Features**

Whonix 14 contains extensive security and usability improvements, new
features and bug fixes. For a detailed description of these and other
changes, please refer to the official release notes. [4]

* Rebased Whonix on **Debian stretch** (Debian 9).
* Whonix 14 is **64-bit** (amd64) only - 32-bit (i386) images will no
longer be built and made available for download. [5]
* The new **Anon Connection Wizard** [6] feature in Whonix simplifies
connections to the Tor network via a Tor bridge and/or a proxy.
* The Tor pluggable transport **meek_lite** [7] is now supported,
making it much easier to connect to the Tor network in heavily
censored areas, like China. [8]
* **Onioncircuits** are installed by default in Whonix. [9]
* Tails' **onion-grater** program has been implemented to enable
**OnionShare, Ricochet and Zeronet** compatibility with Whonix. [10]
* **Onion sources** are now preferred for Whonix updates/upgrades for
greater security.
* Reduced the size of the default, binary Whonix images by
approximately **35 per cent** using zerofree. [11] [12]
* **Updated Tor** to version 3.3.7 (stable) release to enable full v3
onion functionality for both hosting of onion services and access to
v3 onion addresses in Tor Browser.
* Created the **grub-live package** [13] which can run Whonix as a
**live system** on non-Qubes-Whonix platforms. [14]
* Corrected and hardened various **AppArmor profiles** to ensure the
correct functioning of Tor Browser, obfsproxy and other applications.


**Known Issues**

* Desktop shortcuts are no longer available in non-Qubes-Whonix.
* OnionShare is not installed by default in Whonix 14 as it is not in
the stretch repository. [15] It can still be manually installed by
following the Whonix wiki instructions [16] or building it from source
code. [17]
* Enabling seccomp (Sandbox 1) in /usr/local/etc/torrc.d/50_user.conf
causes the Tor process to crash if a Tor version lower than 0.3.3 is
used. [18] [19]


While there may be other issues that exist in this declared stable
release, every effort has been made to address major known problems.

Please report any other issues to us in the forums, after first
searching for whether it is already known.

https://www.whonix.org/wiki/Known_Issues

**Download Whonix 14**

Whonix is cross-platform and can be installed on the Windows, macOS,
Linux or Qubes operating systems. Choose your operating system from
the link below and follow the instructions to install it.

https://www.whonix.org/download/

**Upgrade to Whonix 14**

Current Whonix users (or those with 32-bit hardware) who would prefer
to upgrade their existing Whonix 13 platform should follow the upgrade
instructions below.

https://whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14

**What’s Next?**

Work on Whonix 15 is ongoing and interested users can refer to the
roadmap to see where Whonix is heading. [20]

Developer priorities are currently focused on easing the transition to
the next Debian release due in 2019 (“buster”; Debian 10) and
squashing existing bugs, rather than implementing new features.

We need your help and there are various ways to contribute to Whonix -
donating or investing your time will help the project immensely. Come
and talk with us! [21]

**References**

[1] https://www.debian.org/News/2017/20170617
[2] https://www.debian.org/releases/stable/amd64/release-notes/
[3] https://www.debian.org/releases/stable/i386/release-notes/
[4] https://whonix.org/wiki/Whonix_Release_Notes#Whonix_14
[5] Whonix 13 users with 32-bit systems can however upgrade their
platform by following the available wiki instructions, rather than
download new Whonix-WS and Whonix-GW images.
[6] https://whonix.org/wiki/Anon_Connection_Wizard
[7] https://www.whonix.org/blog/meek_lite-whonix-14
[8]
https://github.com/Yawning/obfs4/commit/611205be681322883a4d73dd00fcb13c
4352fe53
[9] https://packages.debian.org/stretch/onioncircuits
[10] https://phabricator.whonix.org/T657
[11] https://phabricator.whonix.org/T790
[12] VirtualBox .ova and libvirt qcow2 raw images. The Whonix-Gateway
is reduced from 1.7 GB to 1.1 GB, while the Whonix-Workstation is
reduced from 2 GB to 1.3 GB.
[13] https://whonix.org/wiki/Whonix_Live
[14] grub-live is optional and requires the user to first enable it
manually.
[15] https://packages.debian.org/search?searchon=names&keywords=onionsha
re
[16] https://whonix.org/wiki/Onionshare
[17] https://github.com/micahflee/onionshare/blob/master/BUILD.md#gnulin
ux
[18] https://trac.torproject.org/projects/tor/ticket/22605
[19] https://packages.debian.org/stretch/tor
[20] https://phabricator.whonix.org/maniphest/query/open/
[21] https://forums.whonix.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEbpebKKbzfEO+MK+hy41Qu3e7PEgFAltpcbJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDZF
OTc5QjI4QTZGMzdDNDNCRTMwQUZBMUNCOEQ1MEJCNzdCQjNDNDgACgkQy41Qu3e7
PEhxNQ//SIYdoE64adUykqUSlWGZXeDpn090+RDolyOmg6zn1XuSTKAkeX7uuqoI
7dAr+YM2ZUM73LtlnmLTDPXZFxhSXUB/Z2OUEdivDgau+FUaF80z7rMbw7kZkfhH
+V5hdY+GDH4ud/1iCR1agaiVHqJ0zY7HfEFmthJkaqn4UPynMciNrAn8CDijUmuE
KjJCeWCYIvrq/mRIUuwdvdwjRyWeMgUiH1elVBURVqT/IUK97yXm+/cC0uTTw/MG
Gp+i3wAVWsVt5AV2k7DSdRanlWsBRXFOwCuGDLnGyYsXBwS0lYmJK60psBAJK7rj
AEh0Vo3VcY9B+ueCe4/bwLe28rN4HfC4uF8FB1a8PtgOz41xsUvWBtI+CrHcTrdc
WPcEnFqsRXtEd5DN/TqsiiPFT7OeiVvXL2lM37o2fcMf7XIAwPB3oQXGKOZURvRD
SJbXUqE0IqzRy3j+oUVS9wo/lgZkTjdtCDNITljxVBZckYVEIm3KsJIsgeeX6+oN
07OPQB/h6jfn2TQWueOunUUvzqS2Jjs+IjNVLZWUvn5jgFEPAlB1Qzj6XI5qOgJy
8EstwiS4wAU1UjOqO+0/wEiopsbVvw596rvS3bw981yF7O3kEzUjXaKrllmLsKpM
Mi9ux7wy3lx5puS/Sc/j8qlxNRDdN5XM14CMtAuS4d7YkyzSDWs=
=I8IO
-----END PGP SIGNATURE-----

[Franz]

Many thanks, so, following this link, the command

sudo qubesctl state.sls qvm.anon-whonix

 should download Whonix 14, correct?

But the same link tells that this would download templates whonix-gw and whonix-ws. But these are the same names of the old templates. So am I expected to rename the old templates before calling the above command?

[Patrick Schleizer]

Franz:

> Many thanks, so, following this link, the command
>
> sudo qubesctl state.sls qvm.anon-whonix
>
> should download Whonix 14, correct?
>
> But the same link tells that this would download templates whonix-gw and
> whonix-ws. But these are the same names of the old templates. So am I
> expected to rename the old templates before calling the above command?
>

Hi,

thanks!

Please refer to:
https://www.whonix.org/wiki/Qubes/Install

Cheers,
Patrick

[mstv...@gmail.com]

Given some recent edits on the whonix instruction pages I would like to take the opportunity to suggest a few others as well.

From minor to major:

1. https://www.whonix.org/wiki/Qubes/Uninstall
a. On Qubes 4.0 the instruction "Qubes App Launcher (blue/grey "Q") -> System Tools -> Qube Manager" would be preferable as there is no such thing as "Qubes VM Manager".
b. There is a switch in the guide from removal through the GUI to one through the terminal. A short note as to whether the particular choice is necessary to the corresponding step would be welcome.
c. There is no particular instruction in relation to the removal of anon-whonix or whonix-ws-dvm. Especially when it comes to the latter, a link to https://www.qubes-os.org/doc/dispvm-customization/#deleting-disposable-vm would have been of benefit to a newbie like me.

2. Page https://www.whonix.org/wiki/Qubes/Install is much clearer now, but one problem remains. Command "sudo qubesctl state.sls qvm.anon-whonix" installed whonix-ws-14-dvm as well (appmenus and all). So what does the command "sudo qubesctl state.sls qvm.whonix-ws-dvm" of the next (optional) step do? I ran it anyway, it played through, but no changes were mentioned in the output. If memory serves well a "qvm-run" executed with "no changes" and all other steps were "skipped". Maybe I just missed it, but the only difference in the two commands seemed to be that the last one did not try to install "anon-whonix".

P.S. I would like to thank Patrick Schleizer for his feedback this past week. His effort has not gone unnoticed.

[sm...@tutamail.com]

"P.S. I would like to thank Patrick Schleizer for his feedback this past week. His effort has not gone unnoticed."

I'd second this!! "Ich bin ein berliner...."

Thanks Patrick for this extra effort to make us safer...

[Franz]

On Tue, Aug 7, 2018 at 7:17 AM, Patrick Schleizer <patrick-ma...@whonix.org> wrote:

Many thanks for the hard work.

My upgrade to Whonix 14/Qubes 3.2  worked, but only if sys-whonix depends on template whonix-gw, but if it depends on template whonix-gw-14 which would seem more appropriate to me, then it is unable to connect to Tor.

[awokd]

On Sat, August 18, 2018 10:54 am, Franz wrote:

> Many thanks for the hard work.
> My upgrade to Whonix 14/Qubes 3.2 worked, but only if sys-whonix depends
> on template whonix-gw, but if it depends on template whonix-gw-14 which
> would seem more appropriate to me, then it is unable to connect to Tor.

Dropping other lists from this; please be careful about not cross-posting
needlessly.

Try setting sys-whonix to whonix-gw-14. Start it and let it run for at
least 10 minutes, then check sys-whonix's /var/log/tor/log and address any
errors.

[Franz]

On Sat, Aug 18, 2018 at 8:31 AM, awokd <aw...@danwin1210.me> wrote:

On Sat, August 18, 2018 10:54 am, Franz wrote:

> Many thanks for the hard work.
> My upgrade to Whonix 14/Qubes 3.2  worked, but only if sys-whonix depends
> on template whonix-gw, but if it depends on template whonix-gw-14 which
> would seem more appropriate to me, then it is unable to connect to Tor.

Dropping other lists from this; please be careful about not cross-posting
needlessly.

ok
 

Try setting sys-whonix to whonix-gw-14. Start it and let it run for at
least 10 minutes, then check sys-whonix's /var/log/tor/log and address any
errors.

Thanks
a /var/log/tor/log file does not exists. There are no files in /var/log/tor/ folder.

It did not happened before, but now I'm getting the enclosed alert window, which tells about permission errors.

Perhaps it is better to try to delete the Whonix 14 installation and try another time.

[cubit]

20. Aug 2018 11:27 by 169...@gmail.com:

Thanks
a /var/log/tor/log file does not exists. There are no files in /var/log/tor/ folder.

It did not happened before, but now I'm getting the enclosed alert window, which tells about permission errors.

Perhaps it is better to try to delete the Whonix 14 installation and try another time.

I had this exact problem when I did my first install of whonix-14.   /var/lib/tor and all sub filders and files were owned by user "pulse".   I did chown them to be owned by "debian-tor" but with other time related problems I just delete the whonix-14 templates and re-installed them.   Second time they worked fine despite doing nothing different.

[awokd]

On Mon, August 20, 2018 11:27 am, Franz wrote:


> Thanks
> a /var/log/tor/log file does not exists. There are no files in
> /var/log/tor/ folder.
>
>
> It did not happened before, but now I'm getting the enclosed alert
> window, which tells about permission errors.
>
> Perhaps it is better to try to delete the Whonix 14 installation and try
> another time.

Did you rename/delete your old sys-whonix before following the Whonix 14
installation steps to create a new one? If you tried to re-use it with the
new template, I'm not sure that would work.

[Franz]

Thanks
No, from the various instructions I understood had to  rename only the templates. So did not rename sys-whonix.

I'll try to rename it and do a new update.