Dev/git
From Whonix
< Dev
Branches[edit]
Introduction[edit]
While the project is small adrelanos thinks it is best not to make a too difficult policy.
Compare[edit]
Upstream git issue. Currently not easy to compare tags in a superproject while showing what changed in the submodules.
git log -p --submodule=log 15.0.0.3.3-stable..15.0.0.3.7-developers-only
master[edit]
Adrelanos's progress of work.- Not calling it unstable, because the changes will most likely never make it unstable but it is just not tested if it still builds.
- Branching model, project readme, information, gpg...
signed git tags[edit]
Releases will be tagged and gpg signed.
Link to Source Code[edit]
https://github.com/Whonix/Whonix [archive]
subscribe to code changes[edit]
git[edit]
A git specific work flow could be:
git fetch
every (few) day(s) and then git diff(tool), merge, etc.
rss feed notification[edit]
https://github.com/Whonix/Whonix/commits/master.atom [archive]
manually in your browser[edit]
Check every now and then https://github.com/Whonix/Whonix/commits/master [archive].
Github Commits Mailing List[edit]
Currently not in use. Please get in contact if that interests you.
Whonix ™-commits read only mailing list [archive]
(Stay hosted on sourceforge.net. Barely anyone is signed up and it is quite high traffic.)
Twitter[edit]
If you prefer Twitter, use the Secondary Twitter Account for Source Code Commit Notification [archive]. Using third party service to forward git commits to twitter. Might not be reliable.
Search the Source Code[edit]
Introduction[edit]
greping (search for keywords inside files) or finding files the Whonix ™ source code can be useful when looking for certain keywords or files. However, a common grep -r or find . will show lots of irrelevant search results due to changelog files, license files and git history. The following is a suggestions on how to securely acquire Whonix ™ source code as well as on greping or finding the Whonix ™ with relevant only relevant search results.
Get the Source Code[edit]
Get the Signing Key[edit]
This step is recommended for better security, but is not strictly required. (See Trust.)
Get the Whonix ™ Signing Key.
Get the Source Code[edit]
Note: By proceeding, you acknowledge that you have read, understood and agreed to our Terms of Service and License Agreement.
Install git.
sudo apt update && sudo apt install git
Get the source code including git submodules. [1] [2]
Note: Replace 16.0.3.7-stable with the actual tag you want to build.
git clone --depth=1 --branch 16.0.3.7-stable --jobs=4 --recurse-submodules --shallow-submodules https://gitlab.com/whonix/Whonix.git
OpenPGP Verify the Source Code[edit]
This chapter is recommended for better security, but is not strictly required. [3]
Git fetch. [4]
git fetch
Verify the chosen tag to build. Replace with tag you want to build.
Note: Replace 16.0.3.7-stable with the actual tag you want to build.
git verify-tag 16.0.3.7-stable
The output should look similar to this.
object 1844108109a5f2f8bddcf2257b9f3675be5cfb22
type commit tag 16.0.3.7 tagger Patrick Schleizer <adrelanos@whonix.org> 1392320095 +0000
. gpg: Signature made Thu 13 Feb 2014 07:34:55 PM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@whonix.org>" [ultimate]
Check the GPG signature timestamp makes sense. For example, if you previously saw a signature from 2021 and now see a signature from 2020, then this might be a targeted rollback (downgrade) or indefinite freeze attack. [5]
The warning.
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
Is explained on the Whonix ™ Signing Key page and can be safely ignored.
By convention, git tags should point to signed git commits. [6] (forum discussion [archive]) It is advisable to verify the signature of the git commit as well (replace 16.0.3.7 with the actual git tag being verified).
git verify-commit 16.0.3.7-stable^{commit}
The output should look similar to this.
commit 5aa1c307c943be60e7d2bfa5727fa5ada3a79c4a
gpg: Signature made Sun 07 Dec 2014 01:22:22 AM UTC using RSA key ID 77BB3C48 gpg: Good signature from "Patrick Schleizer <adrelanos@whonix.org>" [ultimate] Author: Patrick Schleizer <adrelanos@whonix.org> Date: Sun Dec 7 01:22:22 2014 +0000
.
Choose Version[edit]
Retrieve a list of available git tags.
git --no-pager tag
Use git checkout to select the preferred version to build.
Note: Replace 16.0.3.7-stable with the actual tag you want to build.
git checkout --recurse-submodules 16.0.3.7-stable
Check Git[edit]
Check if you really got the version you want.
git describe
The output should show.
16.0.3.7-stable
Check if the source folder is pristine.
git status
The output should show nothing.
HEAD detached at 16.0.3.7-stable
nothing to commit, working tree clean
If it shows something else, do not continue.
Find Keywords[edit]
Create folder ~/bin.
mkdir ~/bin
Create a file ~/bin/mygrep. Paste the following.
#!/bin/bash set -x exec \ grep \ --exclude=README.md \ --exclude=GPLv2 \ --exclude=GPLv3 \ --exclude=COPYING \ --exclude=changelog.upstream-old1 \ --exclude-dir=mnt \ --exclude-dir=qubes-src/linux-template-builder/mnt \ --exclude=changelog.upstream \ --exclude-dir=".git" \ --exclude-dir=chroot-debian \ --exclude-dir=chroot-buster "$@"
Save.
Make executable.
chmod +x ~/bin/mygrep
Change directory.
cd Whonix
Search for string. For example grub-pc.
mygrep -r -i grub-pc
Find Files[edit]
Create folder ~/bin.
mkdir ~/bin
Create a file ~/bin/myfind. Paste the following.
#!/bin/bash set -x exec \ find \ "$@" \ -type f \ -not -iwholename '*.git*
Save.
Make executable.
chmod +x ~/bin/myfind
Change directory.
cd Whonix
Search for string. For example /etc/apparmor.d.
myfind .
Compiled Code[edit]
find . -name '*.c' -not -iwholename '*.git*'
./sdwdate/usr/lib/sdwdate/sclockadj.c ./bindp/usr/lib/bindp.c ./kloak/src/main.c ./kloak/src/keycodes.c ./kloak/src/eventcap.c
Put folder under Git Version Control[edit]
Update the package lists.
sudo apt update
Install git.
sudo apt install --no-install-recommends git
Unless you want to use git for pushing changes to remotes which you probably won't in a testing VM you can use the following git config without using any real names or pseudonyms. (These are the git suggested defaults. [7])
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
Desalinize git in current folder or cd to any folder you want to put under git version control. Can even be done for /home/user folder which is very useful.
git init
Add all files to be added for next commit.
git add -A
Actually commit to git.
git commit -a -m .
Check git status of that folder.
git status
No changes registered yet to the folder since just now committed all to git.
On branch master nothing to commit, working tree clean
Create a test file or do some activity such as starting a browser or e-mail client.
touch test-file
Check again git status of that folder.
git status
Now git will show what changed.
On branch master Untracked files: (use "git add <file>..." to include in what will be committed) test-file nothing added to commit but untracked files present (use "git add" to track)
Goodies[edit]
Optional. Just sharing. Like it or not.
- Bash completion can complete git commands and branch names.
- Colorful git prompt. [archive]
apt source[edit]
You need to enable deb-src in /etc/apt/sources.list.d/derivative.list!
sudo apt update
Hit:1 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster InRelease
Hit:2 http://deb.qubes-os.org/r4.0/vm buster InRelease
Ign:3 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian buster InRelease
Hit:4 tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion buster/updates InRelease
Hit:5 tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian buster Release
Ign:7 http://ftp.us.debian.org/debian buster InRelease
Hit:8 http://security.debian.org buster/updates InRelease
Hit:9 http://ftp.us.debian.org/debian buster Release
Hit:11 http://deb.whonix.org buster InRelease
Reading package lists... Done
E: Failed to fetch tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/dists/{{Stable project version based on Debian codename}}/InRelease Unable to find expected entry 'contrib/source/Sources' in Release file (Wrong sources.list entry or malformed file)
E: Failed to fetch http://deb.whonix.org/dists/{{Stable project version based on Debian codename}}/InRelease Unable to find expected entry 'non-free/source/Sources' in Release file (Wrong sources.list entry or malformed file)
E: Some index files failed to download. They have been ignored, or old ones used instead.
The following messages can be ignored:
- "Unable to find expected entry 'contrib/source/Sources'" and
- "Unable to find expected entry 'non-free/source/Sources'"
There is nothing in these repositories and it does not limit functionality in any way. This is an inconvenient message but it will not be fixed since it was only raised once in that last five years.
apt source is fully functional.
apt source sandbox-app-launcher
Reading package lists... Done
Picking 'anon-meta-packages' as source package instead of 'sandbox-app-launcher'
NOTICE: 'anon-meta-packages' packaging is maintained in the 'Git' version control system at:
https://github.com/{{project_name_short}}/sandbox-app-launcher.git
Please use:
git clone https://github.com/{{project_name_short}}/sandbox-app-launcher.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 48.9 kB of source archives.
Get:1 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster/main sandbox-app-launcher 3:7.9-1 (dsc) [5,513 B]
Get:2 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster/main sandbox-app-launcher 3:7.9-1 (tar) [37.8 kB]
Get:3 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster/main sandbox-app-launcher 3:7.9-1 (diff) [5,588 B]
Fetched 48.9 kB in 2s (19.4 kB/s)
dpkg-source: info: extracting sandbox-app-launcher in sandbox-app-launcher-7.9
dpkg-source: info: unpacking sandbox-app-launcher_7.9.orig.tar.xz
dpkg-source: info: unpacking sandbox-app-launcher_7.9-1.debian.tar.xz
Footnotes[edit]
- ↑
Optional
gitparameters:--depth=1: Used to speed up download.--branch 16.0.3.7-stableUsability. Used to speed up download.--jobs=4: Used to speed up download.--recurse-submodules --shallow-submodules: Usability.
gitusers are free to drop any of these optional parameters. - ↑
Alternatively, this can be achieved with the following commands in several steps. This is useful if network issues arise.
git clone --depth=1 --branch 16.0.3.7-stable https://gitlab.com/whonix/Whonix.git
cd Whonix
git submodule update --init --recursive --progress --jobs=4
- ↑ See Trust.
- ↑ Optional. [...]
- ↑ As defined by TUF: Attacks and Weaknesses:
- ↑
Beginning from git tag
9.6and above. - ↑
git commit -a -m . *** Please tell me who you are. Run git config --global user.email "you@example.com" git config --global user.name "Your Name" to set your account's default identity. Omit --global to set the identity only in this repository. fatal: empty ident name (for <(null)>) not allowed
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
|
100px |
| Fosshost | About Advertisements |
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Did you know that anyone can edit the Whonix ™ wiki to improve it?
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | 
Freedom Software / 
Open Source (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.