forked from QubesOS/qubes-template-whonix
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.whonix
215 lines (208 loc) · 8.5 KB
/
README.whonix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
#!/bin/bash
# vim: set ts=4 sw=4 sts=4 et :
# ==============================================================================
# Build Whonix Gateway and Workstation
# ==============================================================================
# Follow the steps within this README to create a Whonix based template
# or just execute this README to create the defaults as shown in the
# examples.
#
# This README will show 3 different methods to build the templates:
#
# METHOD 1: 'Running this script'
# - Will install keys, but they are not verified. Its best to manually
# download, verify and import the keys yourself.
# - Just copy this file to `qubes-builder` root directory and run it
# (./README.whonix)
# - Offers to custom configuration options
#
# METHOD 2: Using 'setup'
# - Detailed instructions are included to use 'setup' program to
# assist in creating a custom builder configuration file. It
# may be worthwhile to also read the 'example-configs/templates.conf'
# configuration within the `qubes-builder` directory as it is the
# master file `setup` uses to create the custom configuration.
#
# METHOD 3: Manual configuration
#
# ==============================================================================
# FIRST TIME INSTALLATION NOTES
# ==============================================================================
# Although the `setup` program will do this for you, it is still highly
# recommended that before building for the first time, you follow the
# instructions for setting up the Qubes master keys manually:
# https://qubes-os.org/wiki/QubesBuilder
#
#
# Import the Qubes master key
gpg --keyserver pgp.mit.edu --recv-keys 0x36879494
gpg --keyserver pgp.mit.edu --recv-keys 0x36879494
#
# Verify its fingerprint, set as 'trusted'.
# This is described here:
# s://wiki.qubes-os.org/trac/wiki/VerifyingSignatures
wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
gpg --import qubes-developers-keys.asc
#
# #############################################################################
# METHOD 2: BUILD TEMPLATES USING SETUP
# #############################################################################
#
# =============================================================================
# STEP 1 - BUILD CONFIGURATION FILE
# =============================================================================
# Run ./setup from the root qubes-builder directory
#
# dialog is not installed and required for setup
# ----------------------------------------------
# Press 'Y' to download 'dialog` package
#
# Install Keys For:
# -----------------
# 'Marek Marczykowski-Gorecki' (lead developer) and
# 'Qubes Master Signing Key'
# You will only be prompted to install keys if you have not already
# installed them manually. It is a good idea to install them manually
# beforehand to better be able to confirm them. They will always be
# verified when running setup as well. Select 'Yes'
#
# Choose Qubes Version
# --------------------
# Select Release of Qubes to build for (2 or 3)
#
# Choose Repos To Use To Build Packages
# -------------------------------------
# `qubes-` is the official and default stable repo
#
# Enable SSH Access
# -----------------
# This dialog will only be displayed if you have an override.conf
# file and is used to change the git prefix to allow write access
# to the repo if you already have write permission. Useful for
# developers that have a complete mirror. Normally you would select
# `No`.
#
# Build Template Only
# -------------------
# Select 'Yes' unless you are also build an iso
#
# Template Distribution Selection
# -------------------------------
# You will not see any `Whonix` options in select DIST_VMS dialog yet
# since the package has not yet been downloaded; just choose 'OK' for now
#
# Builder Plugins Selection
# -------------------------
# You need to make sure both 'builder-debian' and 'template-whonix' are
# selected, then choose 'OK'
#
# At this point, a copy of the generated `builder.conf` will display to
# show the options you selected. Scroll up to read it, or edit 'builder.conf'
# directory
#
# =============================================================================
# STEP 2 - DOWNLOAD SOURCES
# =============================================================================
# Download all the source files
# make get-sources
#
# If you have not yet installed the Whonix signing keys, you will be
# prompted with a disclaimer. Press 'Y' to accept.
#
# =============================================================================
# STEP 3 - CHOOSE WHONIX VERSION TO BUILD
# =============================================================================
# Run ./setup again. Just keep pressing 'ENTER' until you get back to the
# 'Template Distribution Selection'. (Setup will remember your previous
# settings)
# Now choose any templates you wish to build and choose 'OK'
# Just choose 'OK' on 'Builder Plugins Selection' again as well
#
# At this point, a copy of the generated `builder.conf` will display to
# show the options you selected. Scroll up to read it, or edit 'builder.conf'
# directory
#
# =============================================================================
# STEP 4 - BUILD TEMPLATE(S)
# =============================================================================
# Build the template modules
# make qubes-vm
#
# Build the templates
# make template
#
# Once the templates have built (takes about an hour on a fast CPU with SSD)
# you will see a message that the template is available to install in dom0.
#
# Follow the instructions at the END of this file to assist in installing the
# template in dom0
#
# #############################################################################
# METHOD 3: BUILD TEMPLATES MANUALLY
# #############################################################################
#
# Builder configuration file is located in ./example-configs/whonix.conf
#
# Build Steps
# -----------
# Copy, then edit builder.conf to customize
# The default configuration is set only to build 'whonix-gateway' so you
# would need to edit the file and uncomment out 'whonix-workstation' if you
# also want to build it.
# cp example-configs/whonix.conf builder.conf
#
# Clean the repo (WARNING: Will delete all existing images and downloaded
# source files, even if they are not commited. You can skip this step
# make clean-all
#
# Download the source files
# make get-sources
#
# Build the template modules
# make qubes-vm
#
# Build the template(s)
# make template
#
# Once the templates have built (takes about an hour on a fast CPU with SSD)
# you will see a message that the template is available to install in dom0.
#
# Follow the instructions at the END of this file to assist in installing the
# template in dom0
#
# Copy the examples/whonix.conf file to builder.conf and edit as needed
if ! [ -f "builder.conf" ]; then
ln -fs example-configs/whonix.conf builder.conf
fi
make about | grep -q "^whonix.conf$" || {
echo "Incorrect builder.conf file selected for building whonix templates"
echo "Copy and edit the example whonix configuration file to build whonix or Debian templates"
echo "cp ./example-configs/whonix.conf ./builder.conf"
echo "Exiting..."
exit 1
}
# Get / update sources
make get-sources || exit 1
# Build qubes modules
make qubes-vm || exit 1
# Build templates
make template || exit 1
# ==============================================================================
# I N S T A L L A T I O N O N D O M 0
# ==============================================================================
#
# - Once build is complete the template rpm can be found in in
# '~/qubes-builder/qubes-src/linux-template-builder/rpm/noarch'
#
# On dom0:
# ========
# - A script has been created in 'qubes-src/linux-template-builder/rpm/install-templates.sh'
# that can help transfer the template images over for installation. Use the
# following command in dom0 to get the script, then once the script has been
# downloaded to dom0 change the permissions of the file so it can be executed
# (chmod a+x install-template.sh); then edit or run the file. It will download,
# remove old template and install new one.
#
# qvm-run --pass-io development-qubes 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/install-templates.sh' > install-templates.sh
# chmod a+x install-templates.sh
# ./install-templates.sh