Menu
▾
▴
Re: [Whonix-devel] OpenBSD gateway development
|
From: chiccofx <chi...@to...> - 2013-06-10 20:47:45
|
adrelanos: > chiccofx: >> adrelanos: >>> How do you plan to replace grml-debootstrap, i.e. the step for creating >>> a base VM image? >> >> I just recently started looking into whonix source code. I believe that >> whonix would have to be built from inside an OpenBSD machine. This could >> possibly break the workstation building process, but I believe that it >> is easier to fix that from inside OpenBSD, than building OpenBSD inside >> linux. OpenBSD introduces changes to the gcc, assembler, linker, etc. >> This: http://www.openbsd.org/faq/faq5.html, illustrates the building >> process. > > Its not a problem, to build Whonix you also need to build on Debian > Wheezy (or maybe above) on hardware or inside a VM. You can't build > Whonix on Ubuntu, unless you want to change a few things and get an > Ubuntu-based Whonix and you can not build on top of Windows and I doubt > you can build it on top of Mac, BSD, etc. Nice. > >> Of course this would only apply to the ones wanting to build from >> source, and these could (or not?) be considered computer literate enough >> to setup a OpenBSD virtual machine (that if they are not already using >> one as host). > > Seems only natural to be, that you have to build the Debian based VMs on > Debian and BSD based VMs on BSD. > > If you want support building a Whonix-BSD-Gateway on Debian, maybe > chroots could work? In this case I believe it would be simpler to adapt things to build on BSD than building the BSD on debian, because there is not a deboostrap similar on OpenBSD. Anyway, crossbuild and crosscompiling always is a bad idea, so building the whonix workstation should be done on debian, and build whonix openbsd gateway should be done on openbsd. > >> Also, the script can detect and only build an OpenBSD gateway if being >> run from inside it (or asked to, or both), if not build the debian based >> gateway. This is the price to pay for extra security, even smaller >> attack surface on the gateway and less RAM needed for it, freeing RAM to >> the workstation (to me this is the most nice, for performance reasons). > > Yes, we can autodetect it and/or use command line options. As soon as I have a setup that I consider stable (pf firewall rules + tor), I will start working on the building process, and virtual machine image generation. -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
