Hi!
I made some process splitting Whonix into multiple packages. Not
published yet. Still needs a lot packaging / testing.
Almost every function Whonix implements, has been implemented in a
separate package. Most Whonix specific code has been transformed into
more general form, so it can possibly be used by other projects such as
QubesOS TorVM, Debian, etc.
I kept inclusion into Debian (as well as a bit rpm) in mind. Some
packages are unlikely to join Debian, others stand chances, I think.
Using very simple make files, using very simple packaging. Files in
package_source_folder/usr/bin/xxx will get installed to /usr/bin/xxx on
actual system. Here is an already published example package:
https://github.com/Whonix/sdwdate
No reason to re-use all packages. They have little dependencies on each
other, are made as standalone as possible. You can pick and choose what
you like.
Below is the temporary list of packages names. Hopefully package names
are descriptive, telling you what they are doing without explanation. A
few less descriptive names have descriptions inside [].
Any suggestions for package names without "Tor" in their name? I don't
want to challenge the Tor Project, they are quite adamant about this:
https://www.torproject.org/docs/trademark-faq.html.en - (Hence the name
"anonymizer-config-gateway", what would be better called
"anonymizer-config-tor".) What to call a Tor Browser Updater, if not
torbrowser-updater?
Before I go ahead and create loads of git remote repositories... Now
would be a good time to suggest better/changed package names as well as
combination/split of functionality.
Cheers,
Patrick
anon-apt-sources-list [debian stable sources.list]
anon-apt-sources-tpo [torproject stable sources.list]
anon-banned-packages [packages better not installed on an anon distro]
anon-base-files
anon-dist-chroot-sanity-checks [scripts running inside chroot during build]
anon-gateway-dhcp-conf
anon-gateway-dns-conf
anon-gateway-firewall [Not sure if we can make a general one or if this
has to become whonix-gateway-firewall]
anon-gateway-network-conf
anon-gateway-sdwdate-conf
anon-gpg-tweaks [gpg.conf for improved privacy and security]
anon-gw-base-files
anon-gw-chroot-upgrade-tor
anon-gw-clearnet-user [creates clearnet user on gateway]
anon-gw-first-run-notice ["do not use this gateway as a workstation",
"do not show again"]
anon-gw-kde-startmenu [suggested kde start menu entries useful for a gateay]
anon-iceweasel-warning ["do not use iceweasel for anything other than
downloading Tor Browser unless you know what you are doing"]
anon-icon-pack
anon-kde-streamiso [kde global proxy settings]
anon-meta-packages [recommended packages to have installed]
anon-mixmaster [mixmaster config to make it work over Tor]
anon-torchat [torchat config to make it work in a workstation]
anon-shared-chroot-fix-grub
anon-shared-chroot-inst-linux-486
anon-shared-chroot-inst-linux-686
anon-shared-chroot-inst-linux-amd64
anon-shared-chroot-log-build-version
anon-shared-chroot-remember-sources [remember sources.list used for
install for later download of gpl sources]
anon-shared-chroot-upgrade-torsocks
anon-shared-chroot-vrms [check, that there are no contrib, non-free
packages installed]
anon-torchat [torchat in anon distribution without Tor over Tor]
anon-workstation-dns-conf
anon-workstation-firewall
anon-workstation-network-conf
anon-ws-base-files
anon-ws-chroot-inst-tb [chroot script for installing Tor Browser while
building]
anon-ws-kde-startmenu [start menu favorites]
anon-ws-kde-startmenu
anonymizer-config-gateway [torrc etc.]
anonymizer-helper-scripts [check Tor enabled, check Tor bootstrap
status, etc.]
apparmor-profile-anondist [apparmor-profile rules required when having
apparmor installed to work around a few diverted files]
apparmor-profile-torbrowser
... more apparmor profiles to come [
https://www.whonix.org/wiki/AppArmor]
apt-longer-timeouts
apt-no-autoupdate [to prevent fingerprinting, no running at predictable
times, auto update check at randomized intervals is implemented in
whonixcheck]
bootclockrandomization [prevent time based fingerprinting by unlinking
host/vm clock at boot]
console-autologin [usability]
control-port-filter [we discussed this on this list a while ago]
curl-scripts [lib: curl-prgs for bash; curl exit codes to human readable
error messages]
damngpl [
http://www.finnie.org/software/damngpl/damngpl]
desktop-icons-gateway
desktop-icons-workstation
dummytor [run Tor Browser without Tor over Tor and without modifications
right after download and extract from
torproject.org; prevent Tor over
Tor by installing Tor on the workstation;
https://www.whonix.org/wiki/Dev/Dummy_Tor]
grub-enable-apparmor [+ verbose messages while booting]
ipv4-forward-disable [make sure no leaks]
ipv6-disable [don't have IPv6 firewall rules yet, very limited Tor IPv6
support]
kde-apper-no-autoupdate [to prevent fingerprinting, no running at
predictable times, auto update check at randomized intervals is
implemented in whonixcheck]
kde-dolphin-menubar-enable [usability preference only for new/first time
users; can be changed by the user]
kde-kgpg-tweaks [usability preference only for new/first time users; can
be changed by the user + keyserver changed]
kde-konsole-unlim-scrollback [usability preference only for new/first
time users; can be changed by the user]
kde-lowfat [performance tweaks only for new/first time users; can be
changed by the user]
kde-mouse-doubleclick [usability preference only for new/first time
users; can be changed by the user]
kde-no-move-max-win [prevent accidentally maximizing browser window,
because Tor Browser hasn't sorted out related fingerprinting issues yet]
kde-sounds-off [usability preference only for new/first time users; can
be changed by the user]
kdm-autologin [usability preference only for new/first time users; can
be changed by the user]
kmix-disable-autostart [usability preference only for new/first time
users; can be changed by the user]
knetattach-hide [not useful (?) in context of anonymity distributions,
installed as dependency]
leaktest-gateway
leaktest-workstation
msgcollector [gets messages from whonixcheck, timesync,
torbrowser-updater, shows them in terminal and/or X]
open_link_confirmation [ask for confirmation before opening a link to
prevent linking activities, configurable]
pidgin-improved-privacy
poweroff-passwordless [usability only]
powersaving-disable [usability only [not useful inside VMs, up to the host]
rads [RAM Adjusted Desktop Starter
https://www.whonix.org/wiki/Desktop#RAM_Adjusted_Desktop_Starter]
scurl [small simple curl https-only wrapper]
sdwdate
sdwdate-plugin-anon-dist-con-check [checks if Tor is enabled + no
package manager is running + Tor is fully bootstrapped]
sdwdate-plugin-anon-dist-streamiso
shared-folder-help [usability]
swap-file-creator [usability]
swappiness-lowest [usability]
timesanitycheck
timesync [sdwdate plugin; GUI and monitor for sdwdate,
bootclockrandomzation and timesanitycheck]
timezone-utc
torbrowser-default-browser [use Tor Browser as default browser]
torbrowser-starter
torbrowser-updater
tor-ctrl
torsocks-remove-ld-preload [lib]
uwt [for stream isolation]
uwtwrapper-apt-get
uwtwrapper-aptitude
uwtwrapper-curl
uwtwrapper-git
uwtwrapper-gpg
uwtwrapper-mixmaster
uwtwrapper-rawdog
uwtwrapper-ssh
uwtwrapper-wget
vbox-disable-timesync [to prevent conflicts with sdwdate]
whonix-base-files [dpkg origins, motd...]
whonixcheck [making anoncheck of it perhaps later]
whonix-developer-meta-files [scripts for signing, compressing,
uploading, ...]
whonix-gw-kde-desktop-conf [kde folderview + desktop background]
whonix_initializer [
https://www.whonix.org/wiki/Verifiable_Builds]
whonix-legacy [support for upgrading older Whonix versions to newer]
whonix_repository [tool for enabled/disabling Whonix's stable, testers,
developers APT repository]
whonixsetup [On first run. Connection wizard. Enable Whonix's APT
Repository? Do not automatically connect to the public Tor network to
aid users who want to hide Tor from their ISP.
(
https://www.whonix.org/wiki/Hide_Tor_and_Whonix_from_your_ISP)]
whonix-ws-kde-desktop-conf [kde folderview + desktop background]
xchat-improved-privacy