Download
Upgrade
Alternatively, an in-place release upgrade is possible using the instructions: Release Upgrade Kicksecure 17 to Kicksecure 18
This release would not have been possible without the numerous supporters of Kicksecure!
Please Donate!
Please Contribute!
Major Changes
- port to Debian 13 / trixie
- ram-wipe - Wipe RAM on shutdown and reboot
- external security audit of ram-wipe: Thoughts dereferenced from the scratchpad noise. | ram-wipe: Further analysis
- install USBGuard by default: USBGuard - protect your computer against rogue USB devices
- port to Wayland - Development - Whonix Forum
- Non-Qubes only
- Qubes: see Qubes ticket
- related: Wayland only or Noland
- port to LXQt
[EDIT]bring back Btrfs support in ISO installer- port to privleap
- no longer install
xpdfby default (due to port to Wayland) - investigated VirtualBox - Green Turtle Issue issue and provided Hyper-V disable scripts
- Switch to using deb822 sources
backlight-tool-dist: New privleap, LXQt compatible backlight adjustment tool.- Keyboard Layout new tools:
set-system-keymapset-console-keymapset-labwc-keymapset-grub-keymap
- disable clipboard sharing by default for VM images (since broken by Wayland)
- VirtualBox: VirtualBox Guest Additions: Clipboard Sharing, Shared Folder, and More
- KVM: Clipboard Sharing
- Qubes: Unaffected. No changes.
- GRUB boot menu now has a keyboard selection menu. (This is documented in chapter Temporary Kernel Boot Parameter Change.)
- Boot performance and RAM savings improvements.
- Consistent naming of meta packages.
- VirtualBox / KVM: Fix auto adjustment of window size in Wayland using
wlr-resize-watcher(in packagevm-config-dist).
Changelog up to 18.0.8.7
- bootclockrandomization:
- Fix output on non-English locale systems
- desktop-config-dist:
- Fix taskbar and screen background if broken due to unclean shutdown.
- developer-meta-files:
- Check if on expected branch
- Check for empty directories
- helper-scripts:
- set keymap scripts: port to localectl-static for higher reliability inside chroot
- luks-path-check: fix detection when using Btrfs (to fix swap-file-creator on Btrfs failing to detect encrypted LUKS device)
- Optimize stsponge memory usage, add NUL byte check to stdisplay malicious Unicode test
set-system-keymapnow also runsset-grub-keymap- Rename
strip-html→strip-markup - Refactor strip_markup and sanitize_string libraries, add tests
- Check if Tor is dormant and re-activate Tor
- Add
tor-dormant-check - Add
tor-signal-newnym - Keyboard layout script and localectl-static fixes / optimization
- kicksecure-meta-packages:
- Install
tor-ctrlby default. - Add
firmware-carl9170 - Add new meta package
firmware-freedom
- Install
- rads:
- No longer switch to virtual terminal 2 as it is no longer required in Debian Trixie no login prompt / getty not started on tty1 anymore in Whonix 16 (Debian bullseye based) - Development - Whonix Forum
- Fix on systems with non-English system language
- ram-wipe:
- Code simplification
- Fix: no longer enable kexec because ram-wipe fortunately no longer requires kexec. The new default (set by security-misc) is to keep kexec disabled even if ram-wipe is installed, which is installed by default.
- Fix false-positive detection of remaining encrypted disk still being mounted (Question about RAM Wipe)
- sdwdate-gui:
- Make sdwdate-gui-qubes-proxy much less likely to fail, to avoid systemd showing the system as degraded incorrectly
- Fix cosmetic issue in Qubes sys-net journal:
sdwdate-gui-qubes@0-1443-1000.service: Failed with result 'protocol'.
- security-misc:
- Fix block-unsafe-logins when running as non-root, add swaylock to list of safe auth services
- Documentation improvements.
- Remove the option to reduce the MCE tolerance level
- Provide options to enable AMD SME and SEV
- Provide options to panic upon receiving NMIs
- Set
net.ipv4.tcp_tw_reuse=0 - Add docs on logging martian packets
- Set
bdev_allow_write_mounted=0 - Set
kpti=1 - Set
proc_mem.force_override=ptrace - Add another method to disable 32-bit legacy vsyscalls
- serial-console-enable:
- Remove gfxterm, as it results in multiple conflicting GRUB menu displays under KVM
- swap-file-creator:
- Fix swap file creation on
Btrfsfilesystem. - Also parse
.conffiles in/etc/default/swap-file-creator.dand/usr/local/etc/default/swap-file-creator.dfolders
- Fix swap file creation on
- systemcheck:
- Fix crypt-check to work (Systemcheck incorrectly warns that full disk encryption (FDE) is absent)
- Check both systemd system and systemd user units that are hung in state failed, activating, or deactivating
- Silence SRSO warning when running in VMs or containers
- Fix systemcheck first line (header) when running in non-US languages
- Fix: no longer matching
debug:in critical messages - Improve notification of critical kernel messages related to hardware errors
- tb-updater:
- Install latest TBB version even if hardcoded version number is out of date
- Use hardcoded version number as minimum version, but download higher versions if available
- Fix desktop icon by adding
StartupWMClass=Tor Browser Downloader (AnonDist)Whonix 18.0.8.7 Released! Major Release Upgrade! - #11 by anontroll - News - Whonix Forum
- tb-starter:
- Fix desktop icon by adding
StartupWMClass=Tor BrowserWhonix 18.0.8.7 Released! Major Release Upgrade! - #11 by anontroll - News - Whonix Forum
- Fix desktop icon by adding
- tor-ctrl:
- Fix end-of-options parsing
- usability-misc:
- Add optional
check-user-slice-on-shutdown.servicesystemd unit for debugging stuck user processes insession-c1slice on shutdown - Disable
orca-kill-at-shutdown.serviceby default because it might slow down shutdown
- Add optional
- user-sysmaint-split:
- Show a notification and log an entry to the system journal if a qrexec action is blocked in sysmaint mode
- Better error handling in case the disk is read-only without ephemeral overlay
- sysmaint-panel:
- Lowercase names of packages being installed, update apt lists if the package isn’t initially found
- derivative-maker:
- Fix: avoid need for
localectlon the build host - ISO builds: require command line parameter
--freedom trueor--freedom falseby default for--architectureamd64(andi386) only. (Other architectures do not need this as there are no nonfreedom firmware packages installed in any case.) - Always install meta package
firmware-freedom/firmware-nonfreedomon the ISO by default for official builds. See also: Non-Freedom Firmware and Drivers
- Fix: avoid need for
- anon-connection-wizard:
- Sync hardcoded bridges with Tor Browser, rename meek-azure → meek since the current Meek bridge does not appear to use Azure
- tor-control-panel:
- Rename meek-azure → meek since the current Meek bridge does not appear to use Azure
Changelog up to 18.0.7.5 (testers-only version)
-
anon-apt-sources-list:
- Replace
XfcewithLXQtwhere appropriate. - Switch to using
deb822sources.
- Replace
-
anon-connection-wizard:
- Remove remaining
pkexecreferences, useprivleaponly. - Avoid an either/or dependency bug.
- Remove remaining
-
anon-shared-build-apt-sources-tpo:
- Switch to using
deb822sources.
- Switch to using
-
bindp:
- Use a
Makefilewhen buildingbindpin thepostinstscript. - Improve security and clean up the code.
- Use a
-
bootclockrandomization:
- Remove features from
msgcollectorthat do not work with Wayland.
- Remove features from
-
browser-choice:
- Port to
package-installed-check. - Add dependency on
helper-scripts. - Use
apt-get-noninteractive. - Fix Tor Browser plugin behavior and disable the install option for packages that are already installed.
- Explain how to install Tor Browser in the user account without installing it into the
sysmaintaccount. - fix: No longer depend on
tb-updaterandtb-starter. - Use the Qubes update proxy for all HTTP requests when running in a TemplateVM.
- Add notifications when a browser installation or removal completes.
- Fix privileged vs unprivileged execution logic.
- Do not offer to start a browser in a Qubes TemplateVM.
- Fix the user session warning message on Qubes OS.
- Switch to using
deb822sources.
- Port to
-
calamares-settings-debian:
- Double the length of most timeouts to accommodate slow installation target media.
-
debug-misc:
- Disable
panic_on_oom. - Disable
security-misc’s/usr/lib/sysctl.d/30_security-misc_ptrace-disable.conf. See Force disable usage of `ptrace()` until reboot / Increase `kernel.yama.ptrace_scope`: `2` → `3` · Issue #321 · Kicksecure/security-misc · GitHub - Remove
initramfs-toolssupport. - Reorder settings to be consistent with
security-misc. - Remove
sysctl kernel.panic=-1. - Update
sysctlsettings related to kernel panics.
- Disable
-
desktop-config-dist:
- Prevent
lxqt-powermanagementfrom overriding system-wide defaults with auto-configuration. - Redirect output from greeter-launched
labwcsessions to the system journal to make debugging easier. - Fix a black screen issue for users who had already triggered it.
- Fix a black screen issue when the first user session reboot or shutdown is done via the command line.
- Run
livecheck-lsblk.serviceaftersystemd-tmpfiles-setup.service. - Refuse to log into a full graphical session in
sysmaintmode or as thesysmaintuser. - Update default power management settings.
- Prevent more than one
livecheckwindow from being open at the same time. - Improve
backlight-tool-distdebug messages and make messaging clearer when there is no brightness to restore. - Add a generic lock screen background.
- Move Waybar configuration for
sysmaintsessions to*-base-filespackages. - Avoid
greetdgetting stuck on a black screen when authentication fails. - Add missing dependencies for
wlr-resize-watcher,python3-pyudevandwlr-randr. - Create a backlight helper tool, bind it to brightness keys and enable brightness restore on login.
- Switch
greetdlabwcconfiguration to a configuration directory so keyboard layout can be changed in the greeter. - Disable the color change on Waybar’s volume widget when hovering.
- Move
swaylockconfiguration out ofdesktop-config-dist. - Move
zshconfiguration tousability-misc. - Make the battery indicator in
sysmaintsessions detect AC plug/unplug events more quickly. - Fix Qt application theming under Qubes OS.
- Slow down the mouse pointer; the previous configuration made it too fast.
- Signal to the system when the Wayland session has started.
- Export
XDG_CONFIG_DIRSandXDG_DATA_DIRScorrectly. - Hide unnecessary error output (
stderr) where appropriate. - Set
WLR_RENDERERonly on non-Qubes and non-VM systems. - Under Qubes OS, do not set
GDK_BACKENDandQT_QPA_PLATFORMbecause Qubes does not support Wayland yet. See Use Wayland instead of X11 to increase performance and improve security · Issue #3366 · QubesOS/qubes-issues · GitHub - Fix
xdg-desktop-portalsupport insysmaintsessions and remove unnecessary dependencies. - Make
Ctrl+Alt+TlaunchQTerminal. - Turn off the empty tooltip on the Waybar clock.
- Add a volume widget to Waybar.
- Make the Waybar clock update every second.
- Do not run the
greetdconfiguration builder in Qubes. - Add desktop configuration for
LXQt + labwc. - Show a notification about the system’s live state at login when not booting in persistent mode.
- Prevent
-
developer-meta-files:
- Reject cache directories.
- Check for empty directories.
- Add more maintenance automation.
- Install
qubes-core-agent-dom0-updatesby default in Kicksecure for Qubes. - Add a wrapper for
dm-tor-update-repositorytodm-packaging-helper-script. - Create the
dm-tor-update-repositoryscript. - Automatically update the VirtualBox Windows SHA256 file.
- Automatically update the Windows download link.
- Support scripted
git pushfor Windows-related components. - Support scripted
git pushfor Qubes templates.
-
dist-base-files:
- Fix strings in the GRUB menu for user session advanced settings.
- Fix anon-base-files machine ID prompt and
/etc/hostswarning. See Setting up anon-base-files shows machine-id prompt followed by "OMINOUS WARNING" - *** OMINOUS WARNING ***: /etc/hosts is not linked to either hosts.whonix or hosts.whonix-orig - #14 by Patrick - Qubes-Whonix - Whonix Forum - Stop disabling UUIDs in
grub.cfg. - fix: Avoid calling
daily activitiesforSYSMAINT Session; usesystem maintenance tasksinstead. - Remove support for
initramfs-tools. - Fix
leapctlerrors withgreetdand fix GRUB boot entries. - Do not source Bash scripts from POSIX
shgrub.dscripts. - Enable Dracut hostonly sloppy mode.
- Update core GRUB configuration generator scripts for Debian Trixie.
-
genmkfile:
- Check for empty directories.
- Fix
genmkfile deb-cleanupto also deleteorig.tar.xz. - Delete the
genmkfiletemporary directory at the end. - Add a feature to auto-generate
debian/*.installfiles based on#(hash) in filenames. - Make
deb-cleanupwork withdh_clean. - Fix running
genmkfile installcheckas non-root.
-
grub-live:
- Switch back to the
overlay-rootmodule androotovlparameter for live boot;rd.live.overlay.overlayfsis broken with BTRFS. - Set the
nohibernatekernel parameter (thanks to @desi_fubu for the suggestion). See Support for hibernation? - #6 by desi_fubu - Fix a
live-hardenersubmount edge case, improve performance of submount detection and add regression tests (mostly done by ChatGPT Codex). - Improve regression test coverage of
live-hardener, fix bugs and avoid misleading error messages in logs. - Ensure the
dmsquash-livemodule is present in the initramfs and omit the Debian-specificoverlay-rootmodule. - Remove support for
initramfs-tools. - Place
live-hardener’s overlay repository under/runto avoid issues when/varis on a separate partition. - Fix
live-hardenerbehavior when dealing with mount points under non-root mount points.
- Switch back to the
-
helper-scripts:
- Add
/usr/libexec/helper-scripts/system-ready-check-user. - Try to prevent
/tmp/user/100*from becoming owned byrootbecause oflockfile.sh. - Add
/usr/libexec/helper-scripts/systemd-notify.bsh. curl-prgrs: also handle the-oargument./usr/libexec/helper-scripts/curl-prgrs: fix argument quoting.- Port to
package-installed-check. - Split out
/usr/libexec/helper-scripts/package_installed_checkand/usr/libexec/helper-scripts/package_installed_check.sh. - Add a
--no-update-gruboption toset-grub-keymap, and refactor and improve the help output inset-keyboard-layout.sh. - Adjust how standard input is read in the GRUB keyboard layout setter.
- Add the
set-grub-keymapscript and refactorlocalectlavailability checks inset-keyboard-layout.sh. set-system-console: improve the code that regenerates the initramfs.- Keyboard layout scripts: use standard output for informational messages, regenerate initramfs images during layout changes, make non-standard options work in interactive mode, enable
pipefail, and change--persistto--no-persist. - Add
luks-path-check. dummy-dependency: useapt-get-noninteractive(but keep--yesopt-in).set-console-keymap: restartkeyboard-setup.service.- Handle more cases where
localectlis unavailable. /usr/libexec/helper-scripts/sudo-tools-enable: addsu-to-root.- Import
br_add_to_filefromsystemcheck. - Fix return codes of
linux_user_account_shell_to_zsh. This fixes a bug when installinguser-sysmaint-split. set-system-keymap: improve error handling.- Reload
labwckeyboard layout after changing the system keyboard layout. - Improve
system-ready-check. /usr/libexec/helper-scripts/pkg_manager_running_checkfunctioncheck_package_manager_running_helper: change API toreturn 0on success and non-zero on error.- Add tests for the
run_as_target_userfunction. - Remove unneeded
TMP=/tmp. tor-circuit-established-check: exit with status0if a circuit is established, and non-zero otherwise.- Create
query-sock-pidscript and library. - Improve
read_integer_file. - Import
read_integer_filefromdesktop-config-dist. - Improve lock screen notifications and their integration with
LXQt. - Move the
lock-screenscript to/usr/bin/. - Use
systemctl --no-pager --no-blockwhere appropriate to avoid blocking on output. - Split Tor service wait logic out of
qubes.UpdatesProxy.anondistintotry-wait-for-tor-service-running. - Add
leaprun system-ready-check. - Code simplification: use
ischrootand remove/usr/libexec/helper-scripts/in-chroot.sh. - Add
set-console-keymapscript. - Add
git.sh. - Use standardized detection of
kernel_cmdline. - Import
user-sysmaint-split-checkfrombrowser-choice. - Add new function
sudo_error_exit_if_unavailable. - Add
in-chroot.shlibrary and avoid callinglocalectlin a chroot inset-keyboard-layout.sh. - Display keyboard layout change success messages in both interactive and non-interactive modes.
- Add
disallowed-test. - Reload
labwcif it is running, and show output. - Add explicit checks for running as
rootvs non-root. - Improve error handling.
set-system-keymap: filter out spurious error messages:cat: '/sys/bus/usb/devices/*:*/bInterfaceClass': No such file or directory cat: '/sys/bus/usb/devices/*:*/bInterfaceSubClass': No such file or directory cat: '/sys/bus/usb/devices/*:*/bInterfaceProtocol': No such file or directory- Show
/etc/default/keyboardcontents before executingdpkg-reconfigure --frontend=noninteractive keyboard-configuration. - Add a
set-keymaptest plan. - Add
/usr/libexec/helper-scripts/boot-session-detection.shand refactor related code. - Fix bugs in
set-keyboard-layout.sh. - Apply an ephemeral keyboard layout change fix from ChatGPT Codex with minor adjustments and set the executable bit on
set-keyboard-layout.sh. - Refactor
set-labwc-keymapinto a library and two frontends. - Add an interactive UI option and start menu entry for
set-labwc-keymap. - Fix several
autologinchangeissues (collapsing lines ingreetdincorrectly, failing to remove effectively emptygreetdconfiguration files, and usingechoinstead ofprintf). - Add
lockfile-test. - Add
/usr/libexec/helper-scripts/lockfile.sh. - Add
random_alpha_numerichelper. - Use
passwordless-root --qubes-rwindev-rootwhen necessary. - Use
/etc-based sudo enablement inpasswordless-rootunder Qubes by default and require--qubes-rwfor the persistent-in-AppVM mechanism. - Move
passwordless-rootfromusability-misctohelper-scripts. - Fix usage of
start-stop-daemonindist-virtual-keyboard. - Allow deleting configuration entries in
config_builder. - Polish
set-labwc-keymapargument parsing, write messages tostderr, and add--no-reload,--config, and end-of-options arguments. set-labwc-keymap: useoverwriteand show the contents of the created~/.config/labwc/environmentfile.dist-virtual-keyboard: port tostart-stop-daemon.- Create
set-labwc-keymapscript. - Move
dist-virtual-keyboardfromusability-misctohelper-scripts. - Add
env-sorted(env -0 | sort -z | tr '\0' '\n'). Thanks to Iguananaut. See https://stackoverflow.com/questions/60756020/print-environment-variables-sorted-by-name-including-variables-with-newlines - Only include the
abstractions/torAppArmor file if it exists. - Fix backing device detection for the live ISO root filesystem.
- Add Wayland screen locker support to the
lock-screenscript. origins-parser: fix cover status when/etc/dpkg/origins/kicksecureand/etc/dpkg/origins/whonixare no longer symlinks to/etc/dpkg/origins/default.origins-parser: make initialization more robust.- Remove no longer required
apt-get-update-plus.upgrade-nonrootnow uses/usr/bin/apt-get --update full-upgradeinstead. - Stop modifying
.bashrcto keep behavior consistent withzsh. dummy-dependency: use a singleapt-getcommand to remove the original package and install the dummy package.- Avoid using
shell=True. get-backing-devices-for-mountpoint: improve parsing of/dev/dm*devices.get-backing-devices-for-mountpoint: make symlink resolution more robust.get-backing-devices-for-mountpoint: make parsing of loop devices more robust.- Fix live mode tests.
- Allow overriding
kernel_cmdlinefor test mode. - Remove tabs from scripts where not needed.
- Exit with a non-zero status on error.
dummy-dependency: add--cache-onlyoption.dummy-dependency: implement actual package removal or purge.- Switch
dummy-dependencyfrom usingBreaks/Replaces/Providesto usingConflicts/Provides. - Add
str-replace-many. - Move
dpkg-noninteractivefromusability-misctohelper-scripts. - Prevent
light_sleepfrom crashing scripts that useset -e. - Remove
initramfs-tools-specific debug helper script. - Add memory-efficient sleep alternative
light_sleep. LXQtporting: add a configuration build utility, revise live mode detection for Trixie, and makepackage_installed_check.bshcallable as a script.- Move
upgrade-nonrootfromusability-misctohelper-scripts. - Move
apt-get-resetfromusability-misctohelper-scripts. - Move
apt-get-noninteractivefromusability-misctohelper-scripts. - Move
apt-get-update-plusfromusability-misctohelper-scripts. - Move
security-misc/apt-get-update*tohelper-scripts. - Add
GATEWAY_IP6variable.
- Add
-
icon-pack-dist:
- Add a rounded version of the Kicksecure logo for the start button.
-
initializer-dist:
- Remove invalid or broken sources list files during build.
-
kicksecure-base-files:
- Tell the user how to leave a GRUB submenu.
- Remove the network icon from the desktop.
- Use
lock-screenfromhelper-scriptsfor screen locking, add a lock screen background and remove the now redundant Waybar battery widget. - Move Waybar configuration for
sysmaintsessions to*-base-filespackages. - Add
swaylockconfiguration for Kicksecure. - Disable the
pcmanfm-qtthumbnailer and ensurepcmanfm-qtsystem-wide settings are honored in both user andsysmaintsessions. - Stop modifying
.bashrcto keep behavior consistent withzsh. - Add
/usr/share/kicksecuretoXDG_CONFIG_DIRS, add a desktop background for Kicksecure LXQt, and addlxqt-panelandpcmanfm-qtconfiguration. - Bump the Kicksecure version.
- Advertise a Kicksecure feature flag to enable
sdwdate-guicommunication.
-
kicksecure-meta-packages:
- Install
vm-config-disteverywhere also on host operating systems (ISO) for better support if run inside VMs. - Install
usbguardby default. - Install
nmapby default (includesnping, a TCP-based ping utility useful for debugging network issues). See Ping operation permitted? - Support - Whonix Forum - Install
qubes-core-agent-dom0-updatesby default in Kicksecure for Qubes. - Remove
upowerfrom Qubes machines. - Remove
smart-notifierfrom Qubes machines. - Switch
kicksecure-qubes-clifromfirmware-nonfreedomtofirmware-nonfreedom-network. - Install
extrepo-offline-databy default. - Install
firmware-nonfreedomby default on Qubes, useful forsys-net. - Add
liblxqt-backlight-helpertodist-baremetal-gui-lxqt. - Add
qubes-notification-agentto GUI Qubes systems. - Add
kanshitodist-nonqubes-gui-lxqt. - Do not install
wvkbdin Qubes. - Add
wvkbdvirtual keyboard todist-general-gui-lxqt. - Use the
PCManFM-QtQubes file manager helper. - Install
ram-wipeby default on Kicksecure bare metal. - Switch image viewer from
lximage-qttoloupe. - Add
wpasupplicantto Kicksecure on Qubes and bare metal. - Adjust dependencies for the
security-miscsplit. - Merge
qubes-whonixmetapackages into the main metapackages. - Fix metapackage bugs.
- Add
usbguard-notifierto thedist-general-gui-allmetapackage. - Add
qubes-core-agent-network-managertodist-qubes-cli. This package is required forNetVM; otherwise/usr/lib/qubes/network-manager-prepare-conf-diris missing and the journal will show:NetworkManager.service: Unable to locate executable ‘/usr/lib/qubes/network-manager-prepare-conf-dir’: No such file or directory
- Fix spacing and add
Breaks/Replacesagainst Xfce metapackages. - Add missing firmware packages and a missing
Flameshotdependency. - Avoid an either/or dependency bug and rework the
dummy-dependencysystem. - Use
Conflictsrather thanBreaksto fix the Lintian warning:dummy-dependency-lxqt-policykit: breaks-without-version lxqt-policykit
- Replace
screengrabwithflameshot. - Adjust for Qubes OS compatibility.
- Do not install
labwcon Qubes OS. - Fix some incorrect package dependencies.
- Restructure metapackages.
- Add a hard dependency on
systemd-cryptsetup. - Adjust
grub-liveinstallation code for removal ofinitramfs-toolssupport. - Remove
initramfs-toolssupport. - Switch the desktop to
LXQt. - Add a dependency on
USBGuardto enablesecurity-misc’s USBGuard configuration.
- Install
-
legacy-dist:
- Port to the new
package-installed-checklibrary. - Move
sdwdate-guiconfiguration migration code to thesdwdate-guipostinstscript. - Rewrite
sdwdate-guiconfigurationgateway=sys-whonixtogateway="sys-whonix". - Remove
/etc/dracut.conf.d/30-repart.confduring upgrades because it causes spurious errors on Trixie when run within Dracut on Trixie. - Remove
xscreensaverduring release upgrades to Trixie. - Replace
lightdm(or the active display manager) withgreetdon upgrade. - Release upgrade: Qubes R4.2 workaround:
dummy-dependency qubes-core-agent-pcmanfm-qt. - Add a CLI deprecation popup message to the Debian maintainer
postinstscript. - Add CLI support.
- Implement
--forcefor release-upgrade. - Prohibit release upgrades by default on Qubes R4.2 and require Qubes R4.3.
- Mark CLI as not yet deprecated where appropriate.
- Document that Kicksecure 17 and Whonix 17 will remain supported until one month after Qubes R4.3 stable has been released. See decide availability of Kicksecure, and Whonix 18 (Debian trixie based) on Qubes R4.2 versus R4.3 · Issue #10219 · QubesOS/qubes-issues · GitHub
- Rework the
dummy-dependencymetapackage system. - Fix checking whether the
tor@defaultsystemd unit is running only when a Qubes Template has been detected. - Add metapackage transition handling.
- Show the deprecation popup also in Qubes.
- Skip SSH confirmation if
DEBIAN_FRONTEND=noninteractive. - Bump Kicksecure/Whonix major version number to 18.
- Remove
tb-default-browserduring updates. (Merged into packageopen-link-confirmation.) - Allow release info origin and label changes during Bookworm → Trixie upgrades.
- Add an SSH warning in
release-upgradedue to new SSH client and server configuration files. - Disable a probably unnecessary repository change in
release-upgrade.
- Port to the new
-
libvirt-dist:
- Disable clipboard sharing.
- Add IPv6 support to the Whonix external network.
- Change
XfcetoLXQtwhere appropriate.
-
live-config-dist:
- Double the length of most timeouts to accommodate slow installation target media.
- Use standardized detection of
kernel_cmdline. - Port to using
set-system-keymapfromhelper-scripts. - Set keyboard layout for the greeter as well.
- Enhance keyboard layout helper code to work with
labwcand handle XKB variants and options. - Fix Calamares launch under Wayland.
- Remove obsolete code from
install-host.
-
lxqt-wayland-session:
- Do not disable hardware cursors in virtual machines.
- Enable merged configuration in
labwc. - Enable
dh_cleanto clean up build artifacts. - Silence
lxqt-river-initLintian warning and fix the copyright file. - Update to
lxqt-wayland-session0.2.0 and apply Kicksecure-specific patches. - Initial commit of this package.
-
mediawiki-shell:
- Refactor the code and improve correctness (thanks to Ben Grande).
-
msgcollector:
msgprogressbar: use a timeout./usr/libexec/msgcollector/msgprogressbar: handle theSIGINTsignal.- Use
light_sleep. - Set
KillSignal=SIGKILLso stuck processes are forcefully terminated if needed. /usr/libexec/msgcollector/msgprogressbar: fix terminating the parent program when the progress bar is closed.- Avoid an either/or dependency bug.
- Switch to the
LXQtnotifier. - Replace a recurring 10 second sleep with
light_sleep. - Remove Wayland-incompatible features from
msgcollector.
-
open-link-confirmation:
- Use standardized detection of
kernel_cmdline. - Add
tb-default-browsertransitional package. - Fix XDG handling and remove now obsolete
tb-default-browser. - Configure Firefox so it does not ask to be the default browser.
- Add HTML and XML MIME types to
x-www-browserand selecttorbrowseras the default browser on Whonix-Workstation.
- Use standardized detection of
-
privleap:
- Add a check for insecure configuration file permissions.
- Explicitly drop all supplementary groups.
- Rework the
leaprunsignal handler to reduce the risk of terminate messages not being sent. - Remove sockets for disallowed users on configuration reload.
- Avoid allowing anyone to run an action that has user or group restrictions for only nonexistent users or groups.
- Make
privleapdpick up changes to group ownership immediately and disconnect disallowed users who still manage to connect. Include minor test refactoring (inspired by ChatGPT Codex). - Harden
umaskas defense in depth against socket ownership vulnerabilities. - Fix an incorrect function call for normalizing a group ID.
- Add username/UID to authorized/unauthorized messages in
leaprun, and refactor tests to be easier to work with. - Fix
leaprundocumentation. - Make adjustments to pass
black,mypy,pylintand regression tests under Trixie.
-
rads:
- Increase RAM requirements for GUI and pause for five seconds after displaying a low RAM warning.
- Remove an unnecessary dependency on
systemd. - Adjust for Wayland.
-
ram-wipe:
- Comment changes for the
security-miscsplit. - Clarify lack of
initramfs-toolssupport. - Remove
sdmemand the second-stagekexecRAM wipe. Kernel memory zeroing withinit_on_free=1makes the second pass redundant. See RAM Wipe Development Notes (thanks to Kamil Aronowski<kamil.aronowski@3mdeb.com>).
- Comment changes for the
-
repository-dist:
- Use layouts in
repository-dist-wizardrather than manual positioning to prevent UI issues and allow resizing. - Extend the signing key validity.
- Stop unnecessarily using
dh_python. - Check if
/etc/apt/sources.list.d/derivative.listexists before deleting it to avoid repeated verbose deletion messages. - Switch to using
deb822sources.
- Use layouts in
-
sdwdate:
- Trim about a quarter second off of
sdwdate’s apparent startup time by notifyingsystemdof startup earlier. - Move
sclockadjbuild intopostinstand remove an obsoleteaddusercall. - Remove a down
onion.debian.orgtime source:
http://iebkxzjscv4jgaucepdbdf4b7bqmcwd5peulm5cbpoavlsnkfhda5gyd.onion(see archived link https://web.archive.org/web/20210430195930/https://onion.debian.org/). - Remove
Mullvadtime sources referenced here: Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate - #254 by Patrick - Development - Whonix Forum - Add a Startpage onion URL (thanks to Nurmagoz).
- Collect all SecureDrop URLs in one place (thanks to Nurmagoz).
- Fix
Depends: util-linux-extra(provideshwclock). - Remove down or duplicated time sources.
- Port to
privleapand remove the dependency onsudo. - Harden the C code to make it more robust and secure.
- Stop using
dh_pythonto avoid replacing shebangs:
dh_python3was replacing shebangs in:debian/sdwdate/usr/share/sdwdate/get-time-from-servers-testdebian/sdwdate/usr/share/sdwdate/onion-list-alldebian/sdwdate/usr/share/sdwdate/onion-testerdebian/sdwdate/usr/bin/url_to_unixtime
- Add Mullvad search engine
letaonion mirror (thanks to Nurmagoz). - Stop using the
sleepbinary; this is no longer necessary.
- Trim about a quarter second off of
-
sdwdate-gui:
- Tell
systemdwhensdwdate-gui-qubes@.serviceis initialized and running. - Send repeated Tor status messages if the server restarts.
- Do not make the
sdwdate-gui-qubesservice fail if thesdwdate-gui-serverVM is not running. - Prevent
sdwdate-gui-qubes-proxy-helperfrom possibly delaying boot. - Fix menu flashing and CPU usage issues, and prevent massive notification floods when
qrexecfails; harden code paths. - Move
sdwdate-guiconfiguration migration code to thesdwdate-guipostinst. - Improve handling of invalid data (based on ChatGPT Codex suggestions).
- Add better exception handling for configuration file parse failures and refactor the main loop in
sdwdate_gui_clientto satisfypylint. - Add
Depends: python3-pyinotify. - Fix icon change failures when a Whonix-Workstation is shut down and remove confusing information from a docstring.
- Autodetect the server socket location rather than hardcoding it in
sdwdate-gui-qubes-proxy-helper. - Remove no longer necessary dependencies on
sudo. - Port
sdwdate_gui_client.pytoasyncio/pyinotifyinstead of Qt. - Rename
sdwdate.Connect(Check)tosdwdate-gui.Connect(Check). - Change the
sdwdate-guitooltip to indicate that right-click opens the menu. - Avoid hanging with an error icon if Tor or
sdwdateis not started whensdwdate-gui-clientstarts. - Make
sdwdate-guiconfiguration parsing more robust, also parse/usr/local/etc/sdwdate-gui.d. - Enable Qubes-related services only on Qubes OS.
- Disable left-click on the
sdwdate-guiicon. - Add
rm_conffilecommands for migration to the newsdwdate-guiarchitecture. - Add more
sdwdate-guirewrite bug fixes. - Fix memory management issues in client and server.
- Rewrite
sdwdate-guito use a client-server model.
- Tell
-
security-misc:
- Add a
pkexecremembered-permissions fix forpermission-hardenerand fix somepostinstbugs. - Remove obsolete migration code for
permission-hardenerand add initial state installation code. - Do not break passwordless sudo in unrestricted admin mode.
- Port to
package-installed-check. - Fix passwordless login for sensitive accounts and only deny passwordless privilege escalation.
- Add
kill-vboxdrmclient-on-shutdown.service. - Prevent non-
sysmaintlogins insysmaintmode and unsafe passwordless logins in user mode. - Revert “Force immediate kernel panic on OOM”. See Consider enabling `panic_on_oom` · Issue #324 · Kicksecure/security-misc · GitHub
- Suppress
usbguardstartup unless a USB controller is visible tolspci. - Move
usbguardreject rules to the top. - Update
README.mdwith information about Flatpak authentication hardening. - Remove Unicode characters where they were problematic.
- Lock down Flatpak software management. Now requires sysmaint session if using user-sysmaint-split.
- Use standardized detection of
kernel_cmdline. - Do not start
usbguard-notifierif/sys/bus/usbdoes not exist. - Fix
USBGuard-notifieraccept/rejectbuttons. See USBGuard - what should we allow or disallow by default? - #49 by Patrick - Set USBGuard to permit USB hubs and Qubes USB passthrough.
- Allow listing USB devices via
usbguard. - Separate
ptrace()disabling into its own file. - [reverted] Force immediate kernel panic on OOM. This is intended to avoid security features such as the screen locker,
kloakandemerg-shutdownbeing terminated when the system runs out of memory. See Screen Locker (In)Security - Can we disable these at least 4 backdoors? - #14 by arraybolt3 - Development - Whonix Forum and Consider enabling `panic_on_oom` · Issue #324 · Kicksecure/security-misc · GitHub (vm.panic_on_oom=2). [reverted] (Needs future work.) - Update documentation on
slab_debugfor future improvements. - Add documentation about risks associated with IPv6 Router Advertisements.
- Fix
emerg-shutdowngccbuild. - Allow users in the
qubesgroup to access USBGuard IPC. - Disable usage of
ptrace()by all processes. - Add additional hardening to
emerg-shutdown. - Add a notice on public releases in the README.
- Update strings for the
security-miscsplit. security-misc→security-misc-sharedpackage migration. See Split the `security-misc` into `security-misc-shared`, `security-misc-desktop` and `security-misc-server` · Issue #187 · Kicksecure/security-misc · GitHub- Add
Replaces: security-misc - Add
security-misc-serverplaceholder - Implement packaging split for
security-misc - Add
genmkfile debdistfile. - Split
security-miscintosecurity-misc-shared,security-misc-desktopandsecurity-misc-server, rename files. See Split the `security-misc` into `security-misc-shared`, `security-misc-desktop` and `security-misc-server` · Issue #187 · Kicksecure/security-misc · GitHub - Enable
vmscape=force. - Allow users in the
sudogroup to useusbguard-notifier. - Update SRSO documentation.
- Allow USB devices that are already connected at USBGuard start time.
- Enable USB video and audio devices, and reject USB RNDIS devices.
- Disable RNDIS due to unfixable security issues.
- Remove
initramfs-toolssupport. - Disable
memlockdservice by default and fix its systemd path. - Disable
emerg-shutdownandensure-shutdownon Qubes OS. - Fix XDG handling, replace Xfce references with LXQt where appropriate, and make USBGuard configuration work correctly.
- Update documentation on instant reboot on kernel panic.
- Update documentation on the
oopsboot parameter. - Add a reference on
conntrackhelpers. - Enable
ia32_emulation=0. - Temporarily revert IA32 documentation updates (earlier IA32 doc changes were later reverted).
- Update the kernel panic service description.
- Set
sysctl kernel.panic=-1. - Clarify documentation on panics on
oopsand warnings (later reverted by IA32 doc revert). - Clarify documentation on disabling 32-bit x86 support (later reverted by IA32 doc revert).
- Polish USBGuard configuration.
- Remove obsolete Thunderbird configuration hardening.
- Set hard and soft limits on core file size at the same time.
- Move
security-misc/apt-get-update*tohelper-scripts. - Add SSH hardening configuration.
- Update documentation on recovery restrictions.
- Update various documents.
- Upgrade
sysctlsettings and related documentation on kernel panics. - Enable
cfi=kcfi. - Set soft limit for core dumps to 0 (thanks to
nexus$).
- Add a
-
setup-dist:
- Adjust for new
radsfilenames.
- Adjust for new
-
setup-wizard-dist:
- Port to
package-installed-check. - Autostart
setup-wizard-distwhen/etc/systemcheck.d/autostartor/usr/local/etc/systemcheck.d/autostartexists (developer feature). - Skip the finish page inside Qubes.
- Show which
donefile has been found in terminal output for easier debugging. - Fix keyboard layout change instructions for Whonix-Gateway.
- Adjust keyboard layout change instructions for
labwc.
- Port to
-
swap-file-creator:
- Allow running
swap-file-creatorinside Xen / Qubes whenDO_PRE_CHECK=nois set. - Use a configuration file to allow users to disable the LUKS check and fix related issues.
- Move to
helper-scripts. - Speed up skipping behavior under Qubes.
- Allow forcing creation of a swapfile on unencrypted systems, do not remove the swapfile if unnecessary, and adjust wording.
- Stop creating encrypted swapfiles; only create swapfiles on LUKS volumes, delete swapfiles on shutdown, and improve
do_stopreliability. - Remove
initramfs-toolssupport.
- Allow running
-
sysmaint-panel:
- Adjust to the new
lock-screenscript location. - Hide
set system keymapandtoggle on-screen keyboardbuttons on Qubes OS. - Add a button for
set-system-keymap. - Add a display configuration button.
- Add on-screen keyboard and
LXQtconfiguration buttons, and reformat code withblack. - Remove dependency on
usability-misc(required functionality moved tohelper-scripts). - Move
security-misc/apt-get-update*tohelper-scripts.
- Adjust to the new
-
systemcheck:
- Detect the potential VirtualBox green turtle issue.
- Check for
self-detected stall on CPU. - Improve the system ready check.
- Point out both failed and activating systemd units.
- Tone down
tirdadchecks in Qubes when using--verbose. - Port to shell-based
br_add(helper-scripts,strings.bsh) to fix:
/usr/libexec/systemcheck/check_services.bsh: line 51: /usr/libexec/msgcollector/br_add: Argument list too long - Silence more journal warnings.
- Prevent a silenced harmless
labwcerror message from causingsystemcheckto fail. - Silence another journal warning.
- Wait for both of these commands:
systemctl --wait is-systemsystemctl --user --wait is-system
- Fix AppArmor tests when using a non-English system locale.
- Port to
light_sleep. - Simplify the login security table now that the
sysmaintaccount is no longer locked by default. - Improve the system ready check further.
- Report if no systemd units failed in verbose mode.
- Always check for failed systemd units, not only with
--verbose. - Check if
manis functional. - Remove undocumented
--test-connectfeature to simplify the code. - Polish control port and systemd status messages (thanks to
assisted-by-aibot). - Fix some mistakes in journal ignore lines and add more patterns.
- Add new command line tool
updatecheckand renameusr/libexec/systemcheck/updatechecktousr/bin/updatecheck. updatecheck: addleaprun system-ready-check.updatecheck: improve error handling.- Remove an unnecessary dependency on
systemd. - Fix broken pipe handling.
- Disable
lockfiledue to bugs. - Wait for
multi-user.targetorsysmaint.target. - Prevent duplicate runs of
systemcheckusing a lockfile. - Use standardized detection of
kernel_cmdline. - In
ex_funct, fall back to the failed command’s exit code ifEXIT_CODEis empty or 0. - Use
curl --proxy-userfor better stream isolation. - Suggest migrating from
/etc/apt/sources.list/derivative.listto/etc/apt/sources.list/derivative.sourcesusing therepository-distutility. - Remove the
user-sysmaint-splitexception for Whonix-Gateway. - Isolate log checking code so less privileged users cannot leak journal and
dmesglogs. - Only include the
abstractions/torAppArmor file if it exists. - Make disk encryption checks substantially more robust.
- Silence more journal warnings.
- Remove the virtualizer success check, because
systemd-detect-virtexits non-zero on bare metal. - Document a USB module load order issue under VirtualBox and silence the corresponding warning.
- Silence more bogus journal warnings.
- Fix Qubes network settings checks inside Qubes
sys-net. - Move the deprecation notice to
legacy-dist. - Hide confusing output from:
systemctl --global disable updatecheck.service The unit files have no installation config (WantedBy=, RequiredBy=, UpheldBy=, Also=, or Alias= settings in the [Install] section, and DefaultInstance= for template units). This means they are not meant to be enabled or disabled using systemctl. Possible reasons for having these kinds of units are: * A unit may be statically enabled by being symlinked from another unit's .wants/, .requires/, or .upholds/ directory. * A unit's purpose may be to act as a helper for some other unit which has a requirement dependency on it. * A unit may be started when needed via activation (socket, path, timer, D-Bus, udev, scripted systemctl call, ...). * In case of template units, the unit is meant to be enabled with some instance name specified. - Comment and dependency changes for the
security-miscsplit. - Switch to using
light_sleepincanary-daemon. - Switch to using
deb822sources. - Move
security-misc/apt-get-update*tohelper-scripts.
-
tb-starter:
- Do not make Tor Browser the default image viewer.
- Adjust for Wayland compatibility and remove the obsolete
tb-default-browserdependency.
-
tb-updater:
- Remove an unnecessary dependency on
sudo. - Use
curl --proxy-userfor stream isolation. - Un-reverse
chroot-preandchroot-post. - Re-enable
chroothandling and make it safer. - Adjust for LXQt/Wayland and remove obsolete dependency on
tb-default-browser. - Fix default behavior in Qubes Templates: skip the network interface availability test by default, because Qubes Templates are non-networked by default. (Thanks to
baxter.) See Tor browser downloader fails in whonix-workstation-17 template - Qubes-Whonix - Whonix Forum
- Remove an unnecessary dependency on
-
tor-control-panel:
- Fix the journal log viewer.
- Avoid an either/or dependency bug.
-
usability-misc:
- Skip
set-grub-keymapin Qubes. - Silence spurious messages from Lintian.
- Do not try to run
set-grub-keymapin a chroot at all. - Do not update GRUB when building GRUB keyboard layouts if running in a chroot.
- Fix GRUB keyboard options menu and generate GRUB keyboard layouts on upgrade or installation when possible.
- Move the keyboard menu to the bottom of the boot menu.
- Add a keyboard layout menu to GRUB.
- Detect
user-sysmaint-split. dist-installer-cli: fix by runningchmod o+ron created sources list files.- Remove a problematic
ttycheck from50_default_editor.sh. - Simplify code by merging
/usr/libexec/default-editor/default_editor.shinto/etc/profile.d/50_default_editor.sh. /usr/libexec/default-editor/default_editor.sh: set default editor tofeatherpad(part of the port to LXQt).- Polish additional
dist-installermessaging grammar (thanks toassisted-by-aibot). - Add tests for
run_as_target_user. - Enable
systemd-journaldaudit transport, required byapparmor-infoandapparmor-watch. Rundeb-systemd-helper enable systemd-journald-audit.socket. Debian no longer enablessystemd-journald-audit.socketby default (see Debian bug #1038993). - Keep
polkit-mate-authentication-agent-1from launching when it is unnecessary. - Suppress startup of USBGuard-related units if no USB controller is found on the system.
- Add a missing
preinstscript header. dist-installer-cli(Trixie-based): install VirtualBox from the Oracle repository because VirtualBox is not yet in Debianfasttrackand Debianunstableis no longer compatible with Trixie.- Move
passwordless-rootfromusability-misctohelper-scripts. - Move
dist-virtual-keyboardfromusability-misctohelper-scripts. dist-virtual-keyboard: port tostart-stop-daemon.- Add a wrapper script and desktop files for the virtual keyboard.
- Switch default file manager to
PCManFM-Qt. dist-installer-cli: use a more minimal APT pinning configuration.dist-installer-cli: adjust APT pinning to handle cases wheresidis used instead of the genericunstablesuite.dist-installer-cli: implement--noupgradedevelopment option to ignore pending upgrades.dist-installer-cli: Fedora VirtualBox version bump.dist-installer-cli: fix APT pinning to preferstable(trixieat the time of writing) overunstable.dist-installer-cli: fix so it does not enable theunstablerepository as a fallback.dist-installer-cli: support new key location/usr/share/keyrings/debian-archive-keyring.pgp.dist-installer-cli: test whether thesigned-bykey exists.dist-installer-cli: add Kalisigned-byhandling.- Move
config-package-devdisplace handling fromdesktop-config-disttousability-misc. - Fix packaging: migrate
zshconfiguration files forconfig-package-dev. - Restore the
Flameshotexecutable displace that was dropped by accident. - Add
Breaks/Replacesagainstdesktop-config-dist (<< 3:13.8-1). - Delete superfluous man pages.
- Import
zshconfiguration fromdesktop-config-dist. dist-installer-cli: string changes forsecurity-miscsplit.curl-download/scurl-download: port towcurl.- Add
Flameshotcompatibility wrapper. - Fix VirtualBox with Linux 6.12 and higher.
- Keep VirtualBox and KVM from conflicting.
- Move
dpkg-noninteractivefromusability-misctohelper-scripts. - Adjust for Wayland/LXQt.
dist-installer-cli: adddeb822support, make variable handling safer, and rename some variables.dist-installer-cli: reducetestingandunstablepin priority to avoid unintentionally upgrading a system to Testing or Sid.- Move
upgrade-nonrootfromusability-misctohelper-scripts. - Move
apt-get-resetfromusability-misctohelper-scripts. - Move
apt-get-noninteractivefromusability-misctohelper-scripts. - Move
apt-get-update-plusfromusability-misctohelper-scripts. - Remove
apt-cacher-ng-prepare/undo; image builds now useapproxinstead.
- Skip
-
user-sysmaint-split:
- Remove
qubes-whonix-sysinit.service. - Ensure
sysmaintaccount password is unlocked upon creation since a PAM-based locking mechanism is used. - Add
After=systemd-tmpfiles-setup.serviceto wait forsystemd-tmpfiles-setup.serviceto create/run/qubes-rpc. - Add
sysmaint-bootdependency onkill-vboxdrmclient-on-shutdown.service. - Stop locking the
sysmaintaccount and removexscreensavercode. - Improve exposure of informational and error messages in
sysmaint-boot.service. - Hide the
gsmartcontrolstart menu entry because it is incompatible withuser-sysmaint-split. - Restrict
su-to-root(similar tosudo) so it is non-executable for non-root users, making failures clearer. - Clean up a previous
sysmaintgraphical session when starting a new one if needed. - Fix
lxqt-powermanagementstartup; it was starting too early. - Start
lxqt-powermanagementinsysmaintsessions for sleep and screen locking. - Add more important systemd units to
sysmaint-boot.target. - Start
qubes-bind-dirs.serviceinsysmaintsessions. - Start
qubes-updates-proxy.serviceinsysmaintsessions to fix template updates when Whonix-Gateway (sys-whonix) is booted insysmaintmode. - Use standardized detection of
kernel_cmdline. - Change default to
sysmaint_session_wayland='yes'. - Enable backlight restore in
sysmaintsessions. - Run
wlr-resize-watcherinsysmaintsessions. - Enable passwordless root in Qubes unrestricted admin mode when the user password is locked.
- Avoid crashing
greetdwhensysmaintautologin is disabled. - Stop logging into a full desktop session when
sysmaintautologin is disabled. - Enable merged configuration in
labwc. - Export
LABWC_PIDto allow easier compositor reconfiguration. - Set
XDG_SESSION_TYPEcorrectly insysmaintsessions. - Stop disabling UUIDs in
grub.cfg. - Fix
sysmaintWayland session startup on physical hardware. - Adjust comments and dependencies for the
security-miscsplit. - Signal to the system when the Wayland session has started.
- Fix memory ballooning under Qubes OS.
- Avoid spurious error messages if
/etc/X11/default-display-managerdoes not exist. - Fix
sysmaintsession Qt theming. - Unmute audio in the
sysmaintsession since there is no easy way for users to unmute it otherwise. - Autostart
LXQtnotification service. - Switch back from
lxqt-policykittomate-polkit. - Remove
initramfs-toolssupport. - Improve Wayland support.
- Do not source Bash scripts from POSIX
shgrub.dscripts. - Do not unset
GRUB_DEVICE_UUIDunless usinginitramfs-tools.
- Remove
-
vm-config-dist:
- Set
labwcresolution to1024x768by default under Xen. This is to work arround various Qubes HVM upstream issues: Kicksecure for Qubes - HVM Issues - Port to
package-installed-check. - Bring back
vbox-guest-installer. - Delay
suppress-power-management-in-vms.serviceuntiltmp.mountis finished. - Ensure
vm-config-distXDG_CONFIG_DIRSsettings take precedence overdesktop-config-dist. - Make
vm-config-distsafe for installation on all platforms and remove unneeded code. - Disable
wlr_resize_watcheron physical hardware, remove/mnt/sharedbookmarks on platforms other than VirtualBox and KVM, and makepostinstsafe. - Use better settings for disabling
LXQtpower management. - Suppress VM power management under
LXQt. - Switch from
glxinfotoeglinfoin/etc/profile.d/20_software_rendering_in_vms.sh. - Simplify code by removing unmaintained KDE-related functionality.
- Stop shipping
config-package-dev displacefor/etc/gdm3/daemon.conf.distandundisplacefor the same file, becausegdm3is no longer supported out of the box. Autologin in VMs is now handled byautologinchange. wlr_resize_watcher: set all displays to1920x1080when dynamic resizing is not possible.- Do not start
wlr-resize-watcherneedlessly in Qubes. - Add
Depends: python3-pyudevforwlr-resize-watcher. - Suppress unwanted PIDs being written to stdout in
wlr-resize-watcher. - In
wlr-resize-watcher, do not error out if an expected but nonessential component is missing. - Add hypervisor-specific graphics helper checks to
wlr_resize_watcher. - Make
wlr_resize_watcher.pyvalid as a standalone Python executable. - Clean up and reformat
wlr_resize_watcherwithblack. - Fix
wlr_resize_watchermypyandpylintissues. - Add a tool for dynamic resolution resizing on
wlroots-based compositors. - Fix
spice-vdagentwrapper. - Fix
AC97audio speed. - Make
spice-vdagentable to launch under Wayland viaXwayland. - Switch from
p7zip-fullto7zip. - Fix XDG handling.
- Set
-
qubes-template-kicksecure:
- Fix failure to install
firmware-nonfreedomduring template build. - Fix metapackage name and point to the
trixie-developersrepository. - Use
pcmanfm-qtinstead ofThunar. - Remove
apt-keycall, which no longer exists in Debian 13. - Switch to
LXQt. - Switch to using
deb822sources.
- Fix failure to install
-
derivative-maker:
- Fix theming for the ISO keyboard layout menu.
- Avoid shredding the hostname when the build host’s hostname matches.
- Port to
package-installed-check. - Generate GRUB keyboard layout files during image builds.
- Fix more reliable
chmod +rfordebian.sources. - Make
grml-debootstrapable to set locale toen_US.UTF-8during image builds. - Do not yet install VirtualBox by default inside the
cowbuilderchroot. Enable after runningbuild-steps.d/*_create-vbox-vminside the chroot. (Needs further work.) - Enable passwordless sudo for the current user (
$USER) after the build process starts to avoidsudo: a password is requirederrors. - For ISO builds, ensure
/etc/apt/sources.list.d/debian.sourcesis readable by “others”. - Update VirtualBox download links for the Whonix Windows Installer.
- Stop downloading VirtualBox from Debian
unstable/sidbecause it is no longer compatible withtrixie. - Install
user-sysmaint-splitby default also on Whonix-Gateway VMs. - Clear repository metadata from
approx’s cache before a build. - Add VirtualBox guest additions from Debian
unstableto the ISO. - Use consistent options for
dist-installer-cli(VirtualBox installer by Kicksecure developers) on the build host and insidepbuilder-chroot-script-virtualbox. - Simplify code.
- Isolate the APT state directory when using temporary APT repositories.
- Fix stray mount device tests when using
--target root. - VirtualBox version bump.
- Run
virtualbox-installerwith--noupdatebecause the system has already been updated; this avoids race conditions when new updates appear during the build. - Disable VBox clipboard sharing and drag and drop.
- Fix
tirdadpackage cleanup and switch back to AC97 audio for VirtualBox. - Add
lxqt-wayland-session. - Bump RAM for CLI VMs to
768Mto prevent freezing. - Fix Kicksecure CLI VM builds (now referred to as
server). - Code cleanup: Remove no longer Ubuntu sources which were no longer used for many years.
- Fix origin and label for Trixie.
- Revert incorrect
bullseye/bookwormlabels. - Add temporary workarounds for the port to Trixie.
check-operating-system-version: allow Bookworm to build Trixie based images.- Remove support for
initramfs-tools. - Port to Debian Trixie.
Full difference of all changes
(This forum post was previously a call for testers. No release critical bugs where found during the testing period. This forum post was therefore transformed into a stable release announcement. See edit history.)