-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathNOTES
76 lines (59 loc) · 3.69 KB
/
NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
=================================================================================
W H O N I X 1 1 N O T E S
[⏳] = Implemented feature waiting for testing results [23F3]
[✓] = Feature Implemented and appears working [2713]
=================================================================================
=================================================================================
Whonix 11 Checks and Issues
=================================================================================
Current issues:
- bind-directories...
'bind-directories' will automatically bind important Whonix configuration
directories within root image filesystem to the users /rw/ filesystem so the
changes will persist apon rebbot eliminating the need to have Whonix be a
standalone VM.
The first time an AppVM is started the original content from the root image
are copied to the users /rw directory (one-time) to make sure any changes
that have already been made in template are reflected in AppVM.
Any further changes, like enabling 'Tor' are stored directly in the 'rw'
filesystem. For example '/etc/tor' is bound to '/rw/Whonix/etc/tor'.
If a user then makes any changes in the TemplateVM, those changes will not
be reflected in the AppVM after the initial bind which may cause confusion
if a user is attempting to make configuration changes in the TemplateVM.
Possible solutions:
- track original date / shasum of files when originally copying defaults to /rw
- store that in /rw as .bind-dirs/filename ?
- before binding; check for changes; update rw if there are changes; maybe
just using file date would work?
- Need a utility to search for files with IP address pattern during installation.
- consider a FUSE type module that 'intercepts' file open and can change
output of the configuration file on the fly with something like jinja2.
- Currently the list is manually generated
Build issues:
- None
=================================================================================
Other Notes
=================================================================================
- tmpfile.d:
Files in /etc/tmpfiles.d override files with the same name in
/usr/lib/tmpfiles.d and /run/tmpfiles.d. Files in /run/tmpfiles.d
override files with the same name in /usr/lib/tmpfiles.d. Packages
should install their configuration files in /usr/lib/tmpfiles.d.
Files in /etc/tmpfiles.d are reserved for the local administrator,
who may use this logic to override the configuration files installed
by vendor packages
=================================================================================
Configuration Issues
=================================================================================
- Test obsproxy, etc
=================================================================================
Wheezy / Jessie Issues
=================================================================================
- Look into kde dialog issue where dialogs do not appear focused
=================================================================================
Likely Solved Issues
=================================================================================
- qubes-whonixsetup: Add back in check for disabled Tor and run setup again
on boot if its disabled. Could be disabled via 'whonix-tor-disable' service
- 'qubes-whonix-postinit' will remove 'whonixsetup.done/skip' if 'Tor' has
been indicated disabled