mirror of
https://github.com/oSoWoSo/DistroHopper.git
synced 2026-06-14 09:32:21 +00:00
153 lines
4.3 KiB
Text
153 lines
4.3 KiB
Text
# Template file for 'whonix'
|
|
OSNAME="whonix"
|
|
PRETTY="Whonix"
|
|
LOGO=""
|
|
ICON="whonix.svg"
|
|
ICON_ONLINE="https://distrowatch.com/images/yvzhuwbpy/whonix.png"
|
|
CATEGORY="Desktop, Privacy, Security"
|
|
BASEDOF="Debian"
|
|
HOMEPAGE="https://www.whonix.org"
|
|
DESCRIPTION="Superior Internet Privacy with Whonix(tm) - delivering maximum anonymity and security"
|
|
CREDENTIALS="-"
|
|
GPG=""
|
|
RSS=""
|
|
DW=""
|
|
|
|
function arch_() {
|
|
echo "amd64"
|
|
}
|
|
|
|
function releases_() {
|
|
local VERSIONS=""
|
|
VERSIONS=$(curl --disable --silent --location "https://download.whonix.org/libvirt" | grep -oP 'title="\K[0-9.]+' | sort -V | tail -n 3)
|
|
echo "${VERSIONS}"
|
|
}
|
|
|
|
function editions_() {
|
|
# mixed = Gateway CLI (headless) + Workstation LXQt (recommended)
|
|
echo mixed CLI LXQt
|
|
}
|
|
|
|
function get_() {
|
|
local HASH=""
|
|
local ISO=""
|
|
local URL="https://download.whonix.org/libvirt/${RELEASE}"
|
|
|
|
case "${EDITION}" in
|
|
CLI) ISO="Whonix-CLI-${RELEASE}.Intel_AMD64.qcow2.libvirt.xz";;
|
|
LXQt) ISO="Whonix-LXQt-${RELEASE}.Intel_AMD64.qcow2.libvirt.xz";;
|
|
mixed) ISO="Whonix-CLI-${RELEASE}.Intel_AMD64.qcow2.libvirt.xz";;
|
|
esac
|
|
|
|
HASH=$(curl --disable --silent --location "${URL}/${ISO}.sha512sums" 2>/dev/null | cut -d' ' -f1 | head -n1)
|
|
echo "${URL}/${ISO} ${HASH}"
|
|
}
|
|
|
|
function _whonix_extract() {
|
|
local ARCHIVE="${1}"
|
|
local PATTERN="${2}"
|
|
local XZ="${ARCHIVE}.xz"
|
|
local URL="https://download.whonix.org/libvirt/${RELEASE}"
|
|
|
|
if [ ! -f "${XZ}" ] && [ ! -f "${ARCHIVE}" ]; then
|
|
web_get "${URL}/${XZ}" "."
|
|
fi
|
|
if [ -f "${XZ}" ]; then
|
|
unxz -k "${XZ}" && rm -f "${XZ}"
|
|
fi
|
|
if [ -n "${PATTERN}" ]; then
|
|
tar -xf "${ARCHIVE}" --wildcards "${PATTERN}" 2>/dev/null
|
|
else
|
|
tar -xf "${ARCHIVE}"
|
|
fi
|
|
rm -f "${ARCHIVE}"
|
|
}
|
|
|
|
function extract_() {
|
|
local URL="https://download.whonix.org/libvirt/${RELEASE}"
|
|
local CLI_BUNDLE="Whonix-CLI-${RELEASE}.Intel_AMD64.qcow2.libvirt"
|
|
local LXQT_BUNDLE="Whonix-LXQt-${RELEASE}.Intel_AMD64.qcow2.libvirt"
|
|
local QE="${QUICKEMU:-quickemu}"
|
|
|
|
pushd "${VM_PATH}" > /dev/null || return
|
|
|
|
case "${EDITION}" in
|
|
CLI)
|
|
_whonix_extract "${CLI_BUNDLE}"
|
|
;;
|
|
LXQt)
|
|
_whonix_extract "${LXQT_BUNDLE}"
|
|
;;
|
|
mixed)
|
|
# Extract full CLI bundle (includes license), discard CLI workstation
|
|
_whonix_extract "${CLI_BUNDLE}"
|
|
rm -f Whonix-Workstation-CLI-*.qcow2
|
|
# Extract only LXQt workstation from second bundle
|
|
_whonix_extract "${LXQT_BUNDLE}" "Whonix-Workstation-LXQt-*.qcow2"
|
|
;;
|
|
esac
|
|
|
|
if [ -f WHONIX_BINARY_LICENSE_AGREEMENT ]; then
|
|
cat WHONIX_BINARY_LICENSE_AGREEMENT > /dev/tty
|
|
echo > /dev/tty
|
|
read -r -n 1 -p "Do you agree? [y/N] " REPLY < /dev/tty > /dev/tty
|
|
echo > /dev/tty
|
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
touch WHONIX_BINARY_LICENSE_AGREEMENT_accepted
|
|
else
|
|
touch WHONIX_BINARY_LICENSE_AGREEMENT_denied
|
|
popd > /dev/null || true
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
for f in Whonix-*.qcow2; do
|
|
[ -f "$f" ] || continue
|
|
if [[ "$f" =~ Gateway ]]; then
|
|
mkdir -p "gateway"
|
|
mv "$f" "gateway/disk.qcow2"
|
|
elif [[ "$f" =~ Workstation ]]; then
|
|
mkdir -p "workstation"
|
|
mv "$f" "workstation/disk.qcow2"
|
|
fi
|
|
done
|
|
|
|
# Gateway: user network (internet/Tor) + socket NIC for internal network to Workstation
|
|
# Waits for gateway monitor socket (= QEMU is running), then launches Workstation
|
|
local GW_DISPLAY=""
|
|
[[ "${EDITION}" == "LXQt" ]] || GW_DISPLAY=$'\ndisplay="none"'
|
|
|
|
cat > "../${VM_PATH}-gateway.conf" << EOF
|
|
#!${QE} --vm
|
|
guest_os="linux"
|
|
boot="legacy"
|
|
disk_img="${VM_PATH}/gateway/disk.qcow2"${GW_DISPLAY}
|
|
extra_args="-device virtio-net-pci,netdev=int -netdev socket,id=int,listen=:4321"
|
|
(until nc -z 127.0.0.1 4321 2>/dev/null; do sleep 1; done
|
|
${QE} --vm "\${VM%-gateway.conf}-workstation.conf") &
|
|
EOF
|
|
chmod u+x "../${VM_PATH}-gateway.conf"
|
|
|
|
# Workstation: only internal socket NIC connected to Gateway
|
|
cat > "../${VM_PATH}-workstation.conf" << EOF
|
|
#!${QE} --vm
|
|
guest_os="linux"
|
|
boot="legacy"
|
|
disk_img="${VM_PATH}/workstation/disk.qcow2"
|
|
network="none"
|
|
extra_args="-device virtio-net-pci,netdev=int -netdev socket,id=int,connect=127.0.0.1:4321"
|
|
EOF
|
|
chmod u+x "../${VM_PATH}-workstation.conf"
|
|
|
|
# Placeholder so make_vm_config skips creating a broken main conf
|
|
cat > "../${VM_PATH}.conf" << EOF
|
|
# Whonix: start Gateway — Workstation launches automatically.
|
|
# ${QE} --vm ${VM_PATH}-gateway.conf
|
|
EOF
|
|
|
|
echo -e "\nWhonix setup complete!" > /dev/tty
|
|
echo " ${QE} --vm ${VM_PATH}-gateway.conf" > /dev/tty
|
|
echo " (Workstation starts automatically once Gateway is ready)" > /dev/tty
|
|
|
|
popd > /dev/null || true
|
|
}
|