Actions

Dev/Fedora

From Whonix

< Dev



Fedora[edit]

Consideration for recommending Fedora as host operating system...

Website

Package Manager

  • yum is safe as apt according to the theupdateframework.com people

Consideration for using it as Virtual Machine Guest

(i.e. for Whonix-Gateway ™ and Whonix-Workstation ™)

  • Is there a tool to create virtual machine images like there is grml-debootstrap for Debian?
    • The feature set of grml-debootstrap seems to be a one-liner solution to getting a full working install.
    • Fedora supports kickstart files, which are the equivalent of Debian preseeding. It should conceivably not be too difficult to achieve a grml-deboostrap experience using kickstart files plus some minimal scripting (if one does not exist already). Fedora has automated builds for docker images.
  • The more restrictive approach taken by SELinux (which is default in Fedora) might offer some security benefits.

In-Place Release Upgrades:

  • Can be release upgraded in-place from one major release to another major release.[1]

Release Cycle:

  • Fedora has a relatively short life cycle: each version is usually supported for at least 13 months, where version X is supported only until 1 month after version X+2 is released and with approximately 6 months between most versions.

  • Can Whonix ™ keep up with that?

Conflict of interest:

  • Fedora won't really get stable since that would obsolete RHEL?

Package repository:

  • Smaller than Debian?

apt-transport-tor:

  • DNF equivalent is python3-dnf-plugin-torproxy.

Fedora doesn't seem to care about Reproducible Builds [archive].


Other stuff:

  • Has not been considered yet.
  • What would be particularly interesting is if Whonix ™ could provide a generalized set of scripts to set up the target environment in as much of a distro-agnostic way as possible (perhaps by leveraging Ansible, or similar). Making a working Fedora version in addition to Debian might be a start towards that. → Unrealistic. Would require a dedicated contributor. A port causes a huge amount of work.
  • Also interesting would be a containerized version of the Whonix-Gateway ™ that could be easily deployed on a host OS (this provides less anonymity than what Whonix ™ is mainly aiming at, but has different use cases): For example, setting up an OnionPi-style hotspot. Current solutions, like the Adafruit OnionPi tutorial, are (1) not very easily deployable, (2) not as feature-full -- for example, limited to HTTP or particular protocols -- not full isolating proxies, and (3) tend to have a large footprint on the host/root OS -- ideally, one Raspi could be used both for providing a Tor Hotspot and for numerous other functions, with the Tor hotspot functions contained in one LXC and using only a handful of ports and hardware interfaces from the host OS. → Same as above.

Debugging Scriptlets[edit]

1) Add the prerun scriptlet to a file by running the following command (credit[2]): 

rpm -q --queryformat '%{PREUN}\n' qubes-template-whonix-gw-experimental > ~/qubes-template-whonix-gw-experimental.preun

2) Run that script as root while having errexit, xtrace enabled and output exit code: 

sudo sh -ex ~/qubes-template-whonix-gw-experimental.preun 0 ; echo $?

Trivia:
The file name qubes-template-whonix-gw-experimental.preun actually doesn't matter. You could use a shorter file name.

misc[edit]

sudo yum langinstall de

Requires newer yum. So at the moment the easiest is using a Fedora based VM as UpdateVM. 

sudo qubes-dom0-update langinstall de

Issues[edit]

phone home issue (says closed but is unfixed):

https://github.com/QubesOS/qubes-issues/issues/1814 [archive]

Footnotes[edit]

  1. https://docs.fedoraproject.org/en-US/quick-docs/upgrading/ [archive]
  2. Thanks to airfishey for the answer [archive] on unix.stackexchange.
Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg Hacker.news.jpg 200px-Mastodon Logotype (Simple).svg.png

AppArmor Join us in testing our new AppArmor profiles for improved security! ( forum discussion)

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=Dev/Fedora&oldid=68945"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information