Package: anon-apt-sources-list Version: 3:6.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 71 Depends: fasttrack-archive-keyring Homepage: https://github.com/Kicksecure/anon-apt-sources-list Priority: optional Section: misc Filename: pool/main/a/anon-apt-sources-list/anon-apt-sources-list_6.5-1_all.deb Size: 29004 SHA256: 6fa8b2315209fa13e1d284d9374f87239ef4855915220e7615d8b18bcf7e30f4 SHA1: b249e32b173c837959380dddc763ab0914b52aa9 MD5sum: 74f5eb17ea3157694122842d0aa3c764 Description: Kicksecure APT and Flatpak Repository Configuration Configuring APT and Flatpak sources: - Includes Debian APT repositories (main, updates, backports, fasttrack, security) - Incorporates Debian APT components (main, contrib, non-free, non-free-firmware) - Integrates the Flathub repository (verified and floss subsets only) . Flatpak: - Official Flathub repository only. - Uses subset verified_floss, which means only verified applications and freedom software can be installed by default. . Provides configuration files: - /etc/apt/sources.list.d/debian.list for APT sources - /etc/flatpak/remotes.d/flathub.flatpakrepo for Flatpak sources . A Discussion on Distribution Maintenance Strategies: . The more standard way would indeed be populating /etc/apt/sources.list at install or build time and leaving /etc/apt/sources.list.d alone. . The idea of managing /etc/apt/sources.list.d/debian.list for the user is, the security-focused distribution maintainers can decide when it is a better "change stable to oldstable", "keep wheezy as long as needed to work out [eventual!] issues that would break during upgrade to jessie" and such. Package: anon-connection-wizard Version: 1:9.0-1 Architecture: all Maintainer: iry Installed-Size: 261 Depends: helper-scripts, pkexec, policykit-1-gnome | polkit-1-auth-agent, python3, python3-pyqt5, python3-stem, python3-yaml, qtwayland5 Recommends: obfs4proxy, tor Homepage: https://www.kicksecure.com/wiki/Anon_Connection_Wizard Priority: optional Section: misc Filename: pool/main/a/anon-connection-wizard/anon-connection-wizard_9.0-1_all.deb Size: 92144 SHA256: 942fff6acd08ac1c393231d8fa0c37de9894a6cd6291274b2923b34f5b97d6ba SHA1: 1f839f62f30bd3a32a21428b0e86662daf433f2c MD5sum: 8b8e1e27e20dadd5b3573233378444a6 Description: Tor Connection Configuration (ACW) WARNING: Not (yet) a standalone ready to use outside of Whonix: . Creates a Tor settings file: `/usr/local/etc/torrc.d/40_tor_control_panel.conf` . anon-connection-wizard (ACW) is a Tor-launcher-like application that helps users in different Internet environment connect to the Tor network. It helps user to configure Tor to use a proxy and/or Tor bridges. This application is especially useful for system Tor users who would like to run the standalone core Tor with different torified applications. The wizard can be run at any time to change the connection configuration. . Creates a Tor settings file: `/usr/local/etc/torrc.d/40_tor_control_panel.conf` . anon-connection-wizard is produced independently from the Tor anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. Package: anon-shared-build-apt-sources-tpo Version: 3:6.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 120 Depends: helper-scripts, gnupg Recommends: deb.torproject.org-keyring Homepage: https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo Priority: optional Section: misc Filename: pool/main/a/anon-shared-build-apt-sources-tpo/anon-shared-build-apt-sources-tpo_6.2-1_all.deb Size: 63120 SHA256: 93d0d89d18025e1200755635af96f97ebea5e086c9484957eff195e45fb2c0dc SHA1: 93daa8302198f735fad9e9f92a434e6f000e0290 MD5sum: 6167bac13332fc589f834410b45b6b79 Description: Adds TPO's APT repository to Derivative Linux Distributions Comes with "deb http://deb.torproject.org/torproject.org stable main", The Tor Project's APT signing key. . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: apparmor-profile-dist Version: 3:8.9-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 95 Depends: helper-scripts Replaces: apparmor-profile-anondist Homepage: https://www.kicksecure.com/wiki/Apparmor-profile-everything Priority: optional Section: misc Filename: pool/main/a/apparmor-profile-dist/apparmor-profile-dist_8.9-1_all.deb Size: 34960 SHA256: 95ef0e1a258ff875f503f1996315c9eb195d4714ac58c9d998edfe039b9a369d SHA1: 2c84beb209d7b06255d19fd1528aa51b21ee5c7c MD5sum: c62b3ad0679a4057962a9ee86c461304 Description: AppArmor Profile for Derivative Linux Distributions Displaces /etc/apparmor.d/abstractions/base with a version, that includes additions required for Derivative Linux Distributions. . Does not depend on AppArmor, so this package can be installed by default on any anonymity distribution by default, without requiring to also have AppArmor installed. Just for the case, AppArmor gets installed later by the user. Package: apparmor-profile-everything Version: 3:8.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 163 Depends: apparmor, apparmor-profile-torbrowser, libpam-apparmor Homepage: https://www.kicksecure.com/wiki/Apparmor-profile-everything Priority: optional Section: misc Filename: pool/main/a/apparmor-profile-everything/apparmor-profile-everything_8.2-1_all.deb Size: 44248 SHA256: 54a593e067f0c974d837588bb4efa9c17c740ee69b223431a53b1a047698f0ea SHA1: 9722a920985210d1b633d37445be1346e929486d MD5sum: febc85940a0e252da5e0c84518e0142d Description: Full system AppArmor policy This is an AppArmor policy to confine all user space processes on the system which allows one to enforce a strong security model and follow principle of least privilege. An AppArmor policy for the init, systemd is loaded in the initramfs which then applies to all other processes. Specific policies for many system services/applications are also enforced. . This follows design ideas already present in other operating systems such as Android and attempts to make something similar available on desktop Linux. . In addition to locking down user space, this also protects the kernel as it restricts access to kernel interfaces like `/proc` or `/sys`, making kernel pointer and other leaks much less likely. . This does not and cannot confine the kernel or initramfs. . This is expected to be used in combination with other security technologies such as a hardened kernel, strong sandboxing architecture, verified boot and so on. . apparmor-profile-everything supports different boot modes: aadebug and superroot. aadebug allows certain permissions necessary for advanced debugging and superroot relaxes the policy substantially, even making bypasses possible. It is highly recommended to stick to the default boot mode. . It also contains a wrapper to restrict apt as apt requires permissions that may be abused to circumvent the policy. When updating or installing applications, you must use the `rapt` command. . This is still in development and breakage is likely. This should only be used by developers for now. . For now, please only use this development discussion forum thread: https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339 . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: apparmor-profile-hexchat Version: 3:5.1-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 60 Depends: apparmor Replaces: apparmor-profile-xchat Homepage: https://www.kicksecure.com/wiki/AppArmor Priority: optional Section: misc Filename: pool/main/a/apparmor-profile-hexchat/apparmor-profile-hexchat_5.1-1_all.deb Size: 23508 SHA256: 8736fb2b12f22a165f2180f3cc379bfe7d82b9ff7e39f3ff78b517e8959c6937 SHA1: c442bcef6d890ce339d8280e0e1ec8fdc215d85a MD5sum: ae1447ed5da0ca66b977bb6239606215 Description: AppArmor profile for HexChat IRC An AppArmor profile to confine HexChat IRC. This profile is developed by the Whonix team. HexChat IRC is developed by xchat.org / hexchat.github.io. . For better security. Package: apparmor-profile-thunderbird Version: 3:5.6-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 65 Depends: apparmor Replaces: apparmor-profile-icedove Homepage: https://www.kicksecure.com/wiki/AppArmor Priority: optional Section: misc Filename: pool/main/a/apparmor-profile-thunderbird/apparmor-profile-thunderbird_5.6-1_all.deb Size: 26372 SHA256: 542a425da07544f8fbf0b3d79180317605c6ef55bbd9d249f93dd958034f32d0 SHA1: e2d19edc5e1697ee1e853edb024bcd6e639f1496 MD5sum: 37edd2f0b005b409d96f5d0b6b5bb58d Description: AppArmor profile for Thunderbird for Debian An AppArmor profile to confine Thunderbird. . This profile is just an extension of the upstream AppArmor Debian profile. The upstream AppArmor upstream profile is the foundation. . Primarily this AppArmor profile makes Debian's AppArmor profile for Thunderbird compatible with Qubes Debian based VMs. . This profile is developed by the Kicksecure team. Thunderbird is developed by mozilla.org. Package: apparmor-profile-torbrowser Version: 3:9.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 73 Depends: apparmor Homepage: https://www.kicksecure.com/wiki/AppArmor Priority: optional Section: misc Filename: pool/main/a/apparmor-profile-torbrowser/apparmor-profile-torbrowser_9.2-1_all.deb Size: 34240 SHA256: ec52697707248dd65376e34239748697b711da2650b591ca57d4424d281b5dfd SHA1: bbdf54f1bd08e4c45755f8d0053fbbbf24ff67d7 MD5sum: 9f3824256e767e0a6fd906bf9cc31f41 Description: AppArmor profile for The Tor Browser Bundle (TBB) An AppArmor profile to confine The Tor Browser Bundle (TBB). This profile is developed by the Whonix team. TBB is developed by The Tor Project. . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: apparmor-profiles-kicksecure Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: apparmor-profile-hexchat, apparmor-profile-thunderbird, apparmor-profile-torbrowser, apparmor-profiles, apparmor-profiles-extra Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/apparmor-profiles-kicksecure_29.0-1_all.deb Size: 73040 SHA256: f087de294599ce0e56f86bc5b0a407fb4e2fcfa0172c178da222ebf50205de20 SHA1: 3f2abef5c79ef5f7d4ca4a1e2653c53c3e9a569e MD5sum: 63e97def3a612a22242938c6626d1bb5 Description: AppArmor profiles developed by the Kicksecure Team A metapackage, which installs apparmor profiles packages from Debian: . * apparmor-profile * apparmor-profiles-extra . as well as installs apparmor profiles developed by the Kicksecure team: . * apparmor-profile-thunderbird * apparmor-profile-torbrowser * apparmor-profile-hexchat . Increases security. . Safe to remove, if you know what you are doing. Package: binaries-freedom Version: 0:2.9-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 30 Depends: fuse Homepage: https://github.com/Kicksecure/binaries-freedom Priority: optional Section: misc Filename: pool/main/b/binaries-freedom/binaries-freedom_2.9-1_all.deb Size: 10684 SHA256: 97cf97956b5313199a4c9a60f0b79cde27f6eee73e66aaf2881d4c716df7fe01 SHA1: f51d85d84bd2b2c5bdc2bd3054f9e73b7c8e3438 MD5sum: 4b6c5317f8c7d7bd5a70dd0dc40e861d Description: Freedom Software Binaries This is an empty package at this time. . https://forums.whonix.org/t/policy-for-inclusion-of-compiled-software/6635 Package: bindp Version: 3:3.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 27 Homepage: https://github.com/Kicksecure/bindp Priority: optional Section: misc Filename: pool/main/b/bindp/bindp_3.5-1_all.deb Size: 12912 SHA256: 064a52e8af450a109f3d9ad3f9c9ae488148dfc4c63e91f554ab2b19799c0b24 SHA1: 136628b64dc53434b20412d5d89cd5c9f3450f20 MD5sum: 0605b7487fa35c447357811bf445f2b0 Description: Binding specific IP and Port for Linux Running Application This package is probably most useful for Anonymity Distributions. . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: bootclockrandomization Version: 3:6.6-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 86 Depends: msgcollector Homepage: https://www.kicksecure.com/wiki/Boot_Clock_Randomization Priority: optional Section: misc Filename: pool/main/b/bootclockrandomization/bootclockrandomization_6.6-1_all.deb Size: 29980 SHA256: 47c80c978e85bb6e872bcf3a035ae83a4a9d5518dc69e69bdc20f9c279637b0b SHA1: 438f2366f725f57ccb04a0d304f377dacd9a565f MD5sum: 27d7a798d25a27151dd7325e1bc0f3c9 Description: Randomizes clock when systems boots Randomizes clock at boot time. Moves clock a few seconds and nanoseconds to past or future. Useful in context of anonymity/privacy/Tor. . This is useful to enforce the design goal, that the host clock and Gateway/Workstation clock should always slightly differ (even before secure timesync succeeded!) to prevent time based fingerprinting / linkablity issues. . Runs before Tor / sdwdate (if installed). . See also: https://www.whonix.org/wiki/Dev/TimeSync Package: damngpl Version: 3:4.1-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 31 Depends: perl Homepage: http://www.finnie.org/software/damngpl/damngpl Priority: optional Section: misc Filename: pool/main/d/damngpl/damngpl_4.1-1_all.deb Size: 13088 SHA256: 73f8deb8464d4b52a44b3f30b8bf3be0125974aee96edb0a51717ad2ba8d99d4 SHA1: 42ee6d1cbb1cd1f133a914172dc7e4b5fcb4a62a MD5sum: 0c3e9a0d1ede9350ae52c68dacdea300 Description: Extract source package info from Debian status files damngpl will parse a Debian-style /var/lib/dpkg/status file and extract source package information about installed packages. This information can be used in several ways, usually to download source packages. . Multiple input files can be specified on the command line, or piped into standard input if no files are specified. Results are returned to standard output. . The name damngpl was chosen as a tongue-in-cheek description of its purpose (downloading Debian sources for the Finnix project to remain GPL compliant). Please do not send hate mail to the author, thinking he is anti-GPL. He's not. . See also: http://blog.finnix.org/2011/08/21/finnix-and-gpl-compliance/ Package: deb.torproject.org-keyring Version: 2024.05.22 Architecture: all Maintainer: Peter Palfrader Installed-Size: 20 Priority: important Section: misc Filename: pool/main/d/deb.torproject.org-keyring/deb.torproject.org-keyring_2024.05.22_all.deb Size: 4372 SHA256: 22eb433ce2e23eb79914b80825b84c30f6aa785a824a971a9a7aff93bc0a5057 SHA1: 2d8e1f35f05c2b62051c83bb6fe0bebce0029335 MD5sum: 058f3b902a815b762f79e7b035705d00 Description: GnuPG archive key of the deb.torproject.org repository The deb.torproject.org repository digitally signs its Release files. This package contains the current repository key used for that, and upon installation configures your system to accept archives signed with this key. Package: debug-misc Version: 3:3.9-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Suggests: systemd-coredump, serial-console-enable Replaces: grub-output-verbose Homepage: https://github.com/Kicksecure/debug-misc Priority: optional Section: misc Filename: pool/main/d/debug-misc/debug-misc_3.9-1_all.deb Size: 24512 SHA256: f826372198f95ffac4f3c8dd6208b3765df00fdd6e72916a22a520ee91dbadd0 SHA1: cf62820f63e635a0e9defeb299690c8be2facace MD5sum: 692d49021ad3724856b71364aef9ef7c Description: Enables miscellaneous debug settings Ships a `/etc/default/grub.d/45_debug-misc.cfg` configuration file, that removes `quiet`, `loglevel=0` and `debugfs=off` from the `GRUB_CMDLINE_LINUX_DEFAULT` variable and adds `debug=vc` to the kernel boot parameter to enable verbose output during the initial ramdisk boot phase. . Undo debugging related `sysctl` settings by package `security-misc`. . Enables persistent systemd journal log. . Disables `/lib/systemd/coredump.conf.d/disable-coredumps.conf` by package `security-misc` by creating a symlink from `/etc/systemd/coredump.conf.d/disable-coredumps.conf` to `/dev/null`. `debian/debug-misc.links` . Disables `panic-on-oops`, `remove-system.map` by package `security-misc`. . `config-package-dev` `hide` `/etc/sysctl.d/30_silent-kernel-printk.conf` which kernel.printk to default as if security-misc would not have lowered verbosity. . Configure systemd `getty` service to not clear `tty`. `/lib/systemd/system/getty@tty.service.d/30_debug-misc.conf` . Coredumps are enabled. `/etc/security/limits.d/40_debug-misc.conf` . Coredumps may contain important information such as encryption keys or passwords. Package `security-misc` disables coredumps. Package `debug-misc` re-enables coredumps. . Contains a helper tool to cause a segfault for testing purposes. `segfault-build` creates `segfault-run`. Running `segfault-run` results in `segfault-run` terminating with a segfault. This is useful to test if coredump files are being generated when an application crashes. `/usr/sbin/segfault-build` `/usr/share/debug-misc/segfault.c` . For better usability, to ease debugging in case of issues. . For better security, this package should only be installed on specific machines that require debugging. Unfortunately, security and debugging are conflicting optimization goals. Package: desktop-config-dist Version: 3:9.6-1 Architecture: all Maintainer: Algernon <33966997+Algernon-01@users.noreply.github.com> Installed-Size: 133 Conflicts: whonix-xfce-desktop-config Replaces: whonix-xfce-desktop-config Provides: whonix-xfce-desktop-config Homepage: https://github.com/Kicksecure/desktop-config-dist Priority: optional Section: misc Filename: pool/main/d/desktop-config-dist/desktop-config-dist_9.6-1_all.deb Size: 41732 SHA256: a89b879264b160cd0bcf93e2ec23174c9cdef4f326562f6c30646b236736efb6 SHA1: 959d4e2cd5fd3a7cf45bbc66cc7952fb6213f819 MD5sum: 153dc228522b58ef5feff807df30854d Description: Configuration for Derivative Desktop Sets desktop and display setting, wallpaper and desktop icons. Sets icon theme and style. Settings for the default panel aka task bar, like panel position/color/size and panel plugins/shortcuts. . Autologin for user 'user' setting in lightdm. . Live check systray indicator which indicates the status of grub-live, whether the system was booted into persistent or live mode. See also: https://www.kicksecure.com/wiki/grub-live . Adds start menu entries for web browser, terminal emulator, file manager. . Sets Whisker Menu for better usability. . Disable maximize windows when moving to top for better privacy. . Disables thumbnails for better security. . Disables save on exit for better privacy. . Ships `zsh` derivative configuration settings folder `/etc/zsh`. But does not configure `zsh` as default shell. (That is up to package `dist-base-files`.) Package: desktop-config-dist-dependencies Source: desktop-config-dist Version: 3:9.6-1 Architecture: all Maintainer: Algernon <33966997+Algernon-01@users.noreply.github.com> Installed-Size: 60 Depends: xfce4-whiskermenu-plugin, xfce4-genmon-plugin, arc-theme, gnome-themes-extra, gnome-themes-extra-data, gtk2-engines-murrine, gnome-colors-common, adwaita-icon-theme Homepage: https://github.com/Kicksecure/desktop-config-dist Priority: optional Section: misc Filename: pool/main/d/desktop-config-dist/desktop-config-dist-dependencies_9.6-1_all.deb Size: 30708 SHA256: a991b8774aa8be7a866adb2f2916b21eac768760b4215e3d0ff26fff125cc589 SHA1: da7d04b4397f29e4bf62fb389e61e06cae3b1ea3 MD5sum: 80a698a47cb956ab901859dfd4998bd9 Description: Dependencies of desktop-config-dist A metapackage with dependencies for package desktop-config-dist. . Only useful for Non-Qubes. Not useful in Qubes. Package: developer-meta-files Version: 3:33.9-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 290 Depends: python3, bc Homepage: https://github.com/Kicksecure/developer-meta-files Priority: optional Section: misc Filename: pool/main/d/developer-meta-files/developer-meta-files_33.9-1_all.deb Size: 110544 SHA256: cbe49927101256a84104db29c654295eb692035116e91efdc0bccaf5eb61d1e8 SHA1: c21065f8df63b7adb01459f7df1f44ecb7450bdd MD5sum: 452f239a83b53cea4601fc7744ff0193 Description: Linux Distributions Maintenance Helper Scripts Todo . Description Package: dist-base-files Version: 3:10.7-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 119 Depends: sudo, dpkg-dev, helper-scripts, adduser, zsh, zsh-syntax-highlighting, zsh-autosuggestions Conflicts: anon-base-files Replaces: anon-base-files Provides: anon-base-files Homepage: https://github.com/Kicksecure/dist-base-files Priority: optional Section: misc Filename: pool/main/d/dist-base-files/dist-base-files_10.7-1_all.deb Size: 41344 SHA256: dd8abc84c3b4f8d2445bc996a7326f366c7b1884d30f3c7fbfaf4c54ff2ed153 SHA1: 08c9bd27918db2e50575bbbd298e803d9e4d2239 MD5sum: c0a2e765402264c8514efdcd2c9e4647 Description: base files for distributions Creates user `user` with password `changeme` (not in Qubes). That is if user `user` is not existing yet. And if it does create user `user` it also locks the root account. Therefore root account locking effectively only happens in new builds not having user `user` already created. . Adds user `user` to groups `cdrom`, `audio`, `dip`, `sudo`, `plugdev`. . Ships a systemd unit file dist-skel-first-boot.service which runs `/usr/libexec/helper-scripts/first-boot-skel` (part of helper-scripts) package. . Simplifies sudo default lecture to only showing the default password once. . Creates version file `/var/lib/dist-base-files/build_version`. . Default shell: Sets default shell for user `user` to `zsh`. (Unless file `/etc/no-shell-change` exists.) `debian/dist-base-files.postinst` . This package gets installed by default in both, Kicksecure and Whonix. Package: dummy-dependency Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Provides: firefox-esr, qubes-core-agent-passwordless-root, tb-default-browser, tb-starter, tb-updater Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency_29.0-1_all.deb Size: 73064 SHA256: a9cb04a3a6cfc56350f3e359a65bc23f6388deefa39785d1f1373546b80a190d SHA1: c5664f59350564fdeb01d0d361f738ea4fb9f70d MD5sum: be5b015f2c42228d9523590c78942a66 Description: dummy package to satisfy architecture specific dependencies A metapackage, which satisfies the dependency on: . - tb-updater - tb-starter - tb-default-browser - qubes-core-agent-passwordless-root - firefox-esr . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: dummy-dependency-apparmor-profiles-kicksecure Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Provides: apparmor-profiles-kicksecure Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency-apparmor-profiles-kicksecure_29.0-1_all.deb Size: 73004 SHA256: 933b919fd39d47af5aa18fc87107e09de1e3201475e2d5cf4a3f07cc9a88f1f5 SHA1: b05b57c47470195f8a8cc356e82cda667f6a060b MD5sum: 64149a2e16c3f83a2e6b2a79ffe63668 Description: dummy package apparmor-profiles-kicksecure A metapackage, which satisfies the dependency on apparmor-profiles-kicksecure. . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: dummy-dependency-bindp Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Provides: bindp Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency-bindp_29.0-1_all.deb Size: 72976 SHA256: d77a46217bba3142e764325fa9c0b6871b8bc9752d7495cbac41e4e4b6d997f6 SHA1: 708b56414816142b089c502ecfa47baf394d1023 MD5sum: cfa55cf79431e25931225dc6ebbb5242 Description: dummy package to satisfy architecture specific dependency bindp A metapackage, which satisfies the dependency on bindp. . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: dummy-dependency-electrum Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Replaces: dummy-dependency-hardened-electrum Provides: dummy-dependency-hardened-electrum, electrum Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency-electrum_29.0-1_all.deb Size: 73004 SHA256: 560a827ffedc6abcadf7dc64c473bc8f60dd1b6ba35c73b750bbc50856761436 SHA1: 7d6744ce1e35d5b675d8ee8ab6be082c93344f47 MD5sum: 0c75529089b62916c4ca812b8c863527 Description: dummy package to satisfy architecture specific dependency electrum A metapackage, which satisfies the dependency on electrum. . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: dummy-dependency-hardened-malloc Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Provides: hardened-malloc Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency-hardened-malloc_29.0-1_all.deb Size: 73004 SHA256: d530618dccf3dd484077ab087236e4ce89cc770a58d33e4c0299e7f7b2a60506 SHA1: 94eb0617805c12feeb188c26d6c41ca2ecb29c5f MD5sum: ffd9e934017764a868417c497626fa49 Description: dummy package to satisfy architecture specific dependency hardened-malloc A metapackage, which satisfies the dependency on: . hardened-malloc . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: dummy-dependency-kloak Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Provides: kloak Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency-kloak_29.0-1_all.deb Size: 72972 SHA256: ebaa27262fefb803968ef57b1e8af66f031bf859d2f1e8a818823873dbecaaa7 SHA1: ae354db976827104f8a9e9050b73c8933ddf02f4 MD5sum: c21affe5e9b89617895dbf9d55f05006 Description: dummy package to satisfy architecture specific dependency kloak A metapackage, which satisfies the dependency on kloak. . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: dummy-dependency-tirdad Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Provides: tirdad Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency-tirdad_29.0-1_all.deb Size: 72984 SHA256: 6278567cb54a3c81275db4090e7c4cc448d4c7b217401c9d7a2c844bc9a62ec9 SHA1: 4831d1f6ab75ff8126d2c9bb03955fdff96081e6 MD5sum: 2abf35a480817fc17813080b9bfa7244 Description: dummy package to satisfy architecture specific dependency tirdad A metapackage, which satisfies the dependency on tirdad. . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: dummy-dependency-xorg-vm Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Provides: xserver-xorg-video-vmware Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/dummy-dependency-xorg-vm_29.0-1_all.deb Size: 73004 SHA256: 9278d45ec744b26bf9bf49bfe4090651161e1c5d101862111e9b38e9fdcdce70 SHA1: 6fe5b01e447f0bd9c4f6ee87ced837a881ddb47d MD5sum: 9565c6636e0241d9667a79e84d410691 Description: dummy dependency xserver-xorg-video-vmware A metapackage, which satisfies the dependency on xserver-xorg-video-vmware. . This package cannot provide a real implementation of that package. It is only a dummy to satisfy the dependency. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: genmkfile Version: 3:14.7-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 149 Depends: make, dpkg-dev, devscripts, strip-nondeterminism, sudo, perl, rsync, python3 Homepage: https://github.com/Kicksecure/genmkfile Priority: optional Section: misc Filename: pool/main/g/genmkfile/genmkfile_14.7-1_all.deb Size: 53560 SHA256: df5b2d2c1cdd7bff292155a7888cdb21e9582a4ae5500bde133aca34ba193e75 SHA1: d58021790d85341ec299b7d8f0abde4166b7a364 MD5sum: 65f3c313adc5d8a3799ccbd588628d58 Description: Generic Makefile Makes packaging simpler. No more need to manually maintain 'make install' targets or distribution specific install files such as debian/pkg-name.install. . Files in etc/... in root source folder will be installed to /etc/..., files in usr/... will be installed to /usr/... and so forth. This should make renaming, moving files around, packaging, etc. very simple. Packaging of most packages can look very similar. . Provides common make targets such as 'make install', 'make dist', 'make installsim', 'make installcheck', 'make uninstall', 'make uninstallcheck', 'make distclean'. . Very extensible through file ./make-helper-overrides.bsh or folder ./make-helper-overrides.d. By using overrides, any make target can be easily extended using pre or post hooks or replaced. Override files which are executable will be used. Override files which are not executable will be skipped. . Contains a minimal Makefile while the heavy lifting is done by a bash script make-helper.bsh. . Building for multiple platforms possible, example: export make_cross_build_platform_list="i386 amd64" . Can call with lintian (static analysis tool for Debian packages). By default it will be using lintian if installed while failing open (non-zero exit code). lintian can be disabled. export make_use_lintian=false Or can be configured to fail closed (non-zero exit code). export make_use_lintian=true . Can build packages without chroot using debuild (default) or inside chroot using cowbuilder. To enable cowbuilder, use: export make_use_cowbuilder=true . Supports signing packages using debsign. (sign a Debian .changes and .dsc file pair using GPG) export make_use_debsign=true Package: gpg-bash-lib Version: 3:4.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 646 Homepage: https://github.com/Kicksecure/gpg-bash-lib Priority: optional Section: libs Filename: pool/main/g/gpg-bash-lib/gpg-bash-lib_4.5-1_all.deb Size: 490216 SHA256: 88bf1bad852a7a2f157da8343d1df8e0a93eb2cc3c5861a72e72952c74d32572 SHA1: 9ed1dd0668ad67babbf1ef3eb549b8d242e1e6a8 MD5sum: 6b536f52b9a62ee5312ea300bcc88d7c Description: gpg bash library Abstracts file verification into common functions. Allows detecting of stale files, i.e. detection downgrade or indefinite freeze attacks by implementing a valid-until like mechanism. . Internally parses gpg's --status-file output. . For better security. Package: grub-live Version: 3:5.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 63 Depends: grub-live-initramfs-tools | grub-live-dracut Provides: boot-live, grub-live-boot Homepage: https://github.com/Kicksecure/grub-live Priority: optional Section: misc Filename: pool/main/g/grub-live/grub-live_5.5-1_all.deb Size: 24188 SHA256: 7fb92e2049edad1db3534f65c2d356735993cda26bdf6abe2d01702506c663e3 SHA1: 6335c7038096b9e9e2a31214b8dad0e2fdf51170 MD5sum: b76128003bcbb8544343f799022951a8 Description: grub live boot menu entry Allows booting the system in live mode. Meaning, no persistent modifications will be written to the disk. All changes stay in RAM. . Adds a grub live boot menu entry. . Existing grub boot entries stay unmodified. . No claims are made with regard to anti forensics. Package: grub-live-dracut Source: grub-live Version: 3:5.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 51 Depends: dracut Provides: boot-live, grub-live-boot Homepage: https://github.com/Kicksecure/grub-live Priority: optional Section: misc Filename: pool/main/g/grub-live/grub-live-dracut_5.5-1_all.deb Size: 22024 SHA256: d5c1f2873eb48b2ccc22f618df1f0be2ec6a5721b7523b336860fe7c661e9690 SHA1: eb9885c7a8e1cf6ce19e6b12a2a121d2262f3598 MD5sum: ba13f5892e1df53c55f6bb2212a9812b Description: grub live dracut dependencies Dracut version metapackage for grub-live. . See also the package grub-live. Package: grub-live-initramfs-tools Source: grub-live Version: 3:5.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 51 Depends: live-boot, live-tools Provides: boot-live, grub-live-boot Homepage: https://github.com/Kicksecure/grub-live Priority: optional Section: misc Filename: pool/main/g/grub-live/grub-live-initramfs-tools_5.5-1_all.deb Size: 22048 SHA256: b3dcdc11fba14737e39571cf9eaae68ce5a1b27a1230ec5b955309dc51feeeeb SHA1: e84f0a27783c3fe2f3fdf3fb3df2e3e9ff3a862d MD5sum: 6527479d868b577eb9527461f736f74a Description: grub live initramfs-tools dependencies initramfs-tools version metapackage for grub-live . See also grub-live package. Package: hardened-kernel Version: 3:4.7-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 474 Depends: build-essential, libssl-dev, libncurses-dev, fakeroot, libelf-dev, bison, flex, gcc-12-plugin-dev, curl, bc, kmod, cpio Homepage: https://www.kicksecure.com/wiki/Hardened-kernel Priority: optional Section: misc Filename: pool/main/h/hardened-kernel/hardened-kernel_4.7-1_all.deb Size: 157576 SHA256: d7c4ad2fcecca09a1d4089f73378269bed96a073ad797695f82eeb73d42c65a7 SHA1: f89b0cb1507000a08940eb0027d2f248a0b66ed2 MD5sum: 8c46c9b71b8ba3c000327650d64d8a79 Description: Hardened Kernel for Host and VMs This is a hardened kernel configuration for Whonix / Kicksecure. hardened-vm-kernel is designed specifically for virtual machines and hardened-host-kernel is designed for hosts. . Both configs try to have as many hardening options enabled as possible and have little attack surface. hardened-vm-kernel only has support for VMs and all other hardware options are disabled to reduce attack surface and compile time. . During installation of hardened-vm-kernel, it compiles the kernel on your own machine and does not use a pre-compiled kernel. This ensures the kernel symbols in the compiled image are completely unique which makes it far harder for kernel exploits. This is possible due to hardened-vm-kernel having only VM config options enabled which drastically reduces compile time. . During installation of hardened-host-kernel, the kernel is not compiled on your machine and it uses a pre-compiled kernel. This is because the host kernel needs most hardware options enabled to support most devices which makes compilation take a very long time. . The VM kernel is more secure than the host kernel due to having less attack surface and not being pre-compiled but if you want more security for the host, it is recommended to edit the hardened host config, enable only the hardware options you need and compile the kernel yourself. This makes the security of the host and VM kernel comparable. . Both configs were based on the default Debian config. . These kernels use the linux-hardened patch for further hardening. Custom hardening patches should be sent there. . This only supports LTS kernels as they have the least attack surface (stable kernels have more code and more bugs) and the best stability. . Build script /usr/share/hardened-vm-kernel/build does not run automatic yet. . Kernel does not get installed automatic yet. . See also development discussion: http://forums.whonix.org/t/kernel-recompilation-for-better-hardening Package: hardened-malloc Version: 0:12.5-1 Architecture: amd64 Maintainer: Patrick Schleizer Installed-Size: 159 Depends: libc6 (>= 2.34), libgcc-s1 (>= 3.0), libstdc++6 (>= 4.9) Homepage: https://github.com/GrapheneOS/hardened_malloc Priority: optional Section: libs Filename: pool/main/h/hardened-malloc/hardened-malloc_12.5-1_amd64.deb Size: 77600 SHA256: 689ec7b1880b7b8b68e20ccf9cae5f7402094570fe565384edb15d800c8af276 SHA1: e6e4067c261a82375561eb759daa8b922ee20bfd MD5sum: 36467628bb285d2aaa8097fddc11fda0 Description: security-focused general purpose memory allocator This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independently arenas, with the internal locking within arenas further divided up per size class. . It can be added as a preloaded library using /etc/ld.so.preload. . Ships two files: . * [1] /usr/lib/x86_64-linux-gnu/libhardened_malloc.so/libhardened_malloc.so * [2] /usr/lib/x86_64-linux-gnu/libhardened_malloc.so/libhardened_malloc-light.so . [1] Was compiled with Hardened Malloc Default compilation parameters. . [2] Was compiled with Hardened Malloc Light compilation parameters. Package: hardened-malloc-dbgsym Source: hardened-malloc Version: 0:12.5-1 Auto-Built-Package: debug-symbols Architecture: amd64 Maintainer: Patrick Schleizer Installed-Size: 112 Depends: hardened-malloc (= 0:12.5-1) Priority: optional Section: debug Filename: pool/main/h/hardened-malloc/hardened-malloc-dbgsym_12.5-1_amd64.deb Size: 84872 SHA256: b00fc372b729be67e10c9e4b5cbe6b0fd2d61195767816bc8fe8e9015fe0eb60 SHA1: 9acc14819248769d2777616145dffbe6611d2479 MD5sum: 817cfc567c1858294ef8a30a91fee045 Description: debug symbols for hardened-malloc Build-Ids: b581e45ea2ffaee54c7031a31ed7f6dc033a03b7 df3453b128cef562b3bc65ab4ebda222f8848cc2 Package: hardened-malloc-kicksecure-enable Source: hardened-malloc Version: 0:12.3-1 Architecture: amd64 Maintainer: Patrick Schleizer Installed-Size: 61 Depends: hardened-malloc-light-enable Homepage: https://github.com/GrapheneOS/hardened_malloc Priority: optional Section: oldlibs Filename: pool/main/h/hardened-malloc/hardened-malloc-kicksecure-enable_12.3-1_amd64.deb Size: 56356 SHA256: db0114dda3d1da185dfcec1ff73d8a1b4b5189c414f7a2bb7552fe639b45ccab SHA1: f3c2c92af7d123115c0888ea3313777fc1bc6b4c MD5sum: eb83fcf084dd2207147181e58042bdd0 Description: transitional package This is a transitional package. It can safely be removed. . Legacy. . Other than doing that this is an empty package. Package: hardened-malloc-light-enable Source: hardened-malloc Version: 0:12.5-1 Architecture: amd64 Maintainer: Patrick Schleizer Installed-Size: 71 Depends: hardened-malloc, helper-scripts Replaces: hardened-malloc-kicksecure-enable Provides: hardened-malloc-kicksecure-enable Homepage: https://github.com/GrapheneOS/hardened_malloc Priority: optional Section: libs Filename: pool/main/h/hardened-malloc/hardened-malloc-light-enable_12.5-1_amd64.deb Size: 57992 SHA256: 0d8b547880f9fa46bae6c6097158e8d9218ea021443cdf4c9760505d33f5d454 SHA1: 7eea65629828df9528a467a08ddae7d4eb373b2a MD5sum: d18629ead8ae6e409e9355f16e64c938 Description: enables Hardened Malloc Light Adds libhardened_malloc-light.so to /etc/ld.so.preload systemd wide configuration file. . Does this only once per installation. The user is free to undo changes to /etc/ld.so.preload. Once this package is purged and re-installed it will re-enable the Hardened Malloc Light. . Other than doing that this is an empty package. Package: helper-scripts Version: 3:22.9-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 329 Depends: sudo, python3, python3-stem, python3-scapy, python3-yaml, bubblewrap Replaces: anon-shared-helper-scripts, anon-ws-leaktest, curl-scripts, python-guimessages, python3-guimessages Homepage: https://github.com/Kicksecure/helper-scripts Priority: optional Section: misc Filename: pool/main/h/helper-scripts/helper-scripts_22.9-1_all.deb Size: 107200 SHA256: 64c5479bf8ef39dd9ae53e50654c6858e0d3d0716c57e427712ab8de8803e1b8 SHA1: 483b153af4d720fd35116ba394e6b966a3806cbd MD5sum: 4486723e1092e60d8a285b1492511d47 Description: Helper scripts useful for Linux Distributions Contains a script for curl progress bar in terminal. Includes another script to convert curl exit codes to curl status messages. Implemented in bash. Common code that can be used by other scripts. . Library that can be used by other (anonymity related) packages that want to programmatically get information about states of Tor. Common code, that is often required. Includes bash and Python helper scripts. . Leak Test for Anonymity Distribution Workstations Integrated leak test. Needs to be manually run. See: https://www.whonix.org/wiki/Dev/Leak_Tests . Translatable GUI Messages Generic modules guimessage.py and translations.py. Called with two parameters: .yaml file path and yaml section. Return translations according to distribution local language (Python 'locale'). . Provides the ld-system-preload-disable wrapper to disable /etc/ld.so.preload per application via bubblewrap. Useful if hardened_malloc is being globally preloaded and needs to be disabled for some applications. Package: icon-pack-dist Version: 3:4.4-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 2696 Conflicts: anon-icon-pack Replaces: anon-icon-pack Provides: anon-icon-pack Homepage: https://github.com/Kicksecure/icon-pack-dist Priority: optional Section: misc Filename: pool/main/i/icon-pack-dist/icon-pack-dist_4.4-1_all.deb Size: 1478216 SHA256: 252814bef6c607acf880542f3b2f35ef167fa9e2bfbfb413e9883b8733756983 SHA1: cdd7bb994b890274e1f7aa0b11a88d383dc37c28 MD5sum: fda034651a6e8ac5a3d4702556379167 Description: Icon Pack for Derivative Distributions Contains icons, that are used by other derivative distribution specific packages. Others are welcome to use these icons according to their Free licenses as well. Package: initializer-dist Version: 3:6.8-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 70 Depends: psmisc, debsums, damngpl Conflicts: anon-shared-build-remember-sources, anon-shared-build-sanity-checks, whonix-initializer Replaces: anon-shared-build-remember-sources, anon-shared-build-sanity-checks, whonix-initializer Provides: anon-shared-build-remember-sources, anon-shared-build-sanity-checks, whonix-initializer Homepage: https://www.kicksecure.com/wiki/Verifiable_Builds Priority: optional Section: misc Filename: pool/main/i/initializer-dist/initializer-dist_6.8-1_all.deb Size: 29460 SHA256: 22312c463e548e9023e072e2e60dd1f1d9a93d8e1eac31dfb0340464ecbf1d5c SHA1: 99b7a2e0242af7a3af92d941ac88f556c45f7b9e MD5sum: d20489314a382526b800dd82380c7090 Description: Initializes Linux distributions, Release Upgrades and Legacy Contains a chroot-scripts-post.d script, that cleans up temporary files, logs. . Deletes random seeds. Since these should not be included in a redistributed image. Also sometimes called 'golden' image. . - /var/lib/urandom/random-seed - /var/lib/systemd/random-seed - /var/lib/random-seed - See also: https://systemd.io/RANDOM_SEEDS.html Package: kicksecure-base-files Version: 3:7.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 149 Depends: less, sudo Conflicts: diverts-etc++issue, diverts-etc++motd, diverts-etc++skel++.bashrc Provides: diverts-etc++issue, diverts-etc++motd, diverts-etc++skel++.bashrc Homepage: https://github.com/Kicksecure/kicksecure-base-files Priority: optional Section: misc Filename: pool/main/k/kicksecure-base-files/kicksecure-base-files_7.5-1_all.deb Size: 27392 SHA256: b1bbbe89bde3f48fe8c382dffa7b59ab68060533621c0bea843142d945477587 SHA1: 94f82eadbdd4212d210bb3569a4b1ed52c951d42 MD5sum: baac7e728bf6fe5a06634eed71615971 Description: Kicksecure base system miscellaneous files This package contains several important miscellaneous files, such as /etc/issue, /etc/motd, /etc/dpkg/origins/kicksecure, /etc/skel/.bashrc, /usr/bin/kicksecure, and others. . Sets the KICKSECURE environment variable to 1 as well. Package: kicksecure-cli Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: anon-apt-sources-list, dosfstools, kicksecure-base-files, kicksecure-default-applications-cli, kicksecure-dependencies-cli, kicksecure-recommended-cli, lvm2, ntfs-3g, obfs4proxy Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-cli_29.0-1_all.deb Size: 72992 SHA256: b46053e35cd7d8f10f6a076cc2d3d13a4fee57b09ceec7f71480c5eab05b9ca8 SHA1: 517ecb41fedbb81345d995f17477476b1d0d2b8f MD5sum: 9dfbb1861b8ccefdec6986a45ae6f74c Description: Kicksecure command line interface CLI A metapackage, which installs packages, for Kicksecure CLI. . Do not remove. Package: kicksecure-cli-host Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: kicksecure-cli, kicksecure-cli-host-packages-recommended, kicksecure-dependencies-system Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-cli-host_29.0-1_all.deb Size: 72928 SHA256: 0a7a176c6c1e9e5d9c46360799f7726feb5d69e0cfd184d8b8acbbef752b17bd SHA1: 2f78355e2ba10133de19f28b7ade0fbd5334adb3 MD5sum: 80b0e670066177b930a86bf2e644febf Description: Kicksecure Host command line interface CLI A metapackage, which installs packages, for Kicksecure CLI Host. . Do not remove. Package: kicksecure-cli-host-packages-recommended Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: tirdad Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-cli-host-packages-recommended_29.0-1_all.deb Size: 72976 SHA256: 03f2e8ab1bba984260542a3e5d74c53c0f508b5cfc37930efb40ed93fec41746 SHA1: ef47c13de115b711c5f69232d84236bab8b701a5 MD5sum: 1f704108f2c5e391c0981927e35db148 Description: Recommended Kicksecure Host CLI Packages A metapackage, which installs packages, which are recommended for Kicksecure CLI Host. . Not useful to have inside Qubes. . Safe to remove, if you know what you are doing. Package: kicksecure-cli-vm Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: kicksecure-cli, kicksecure-dependencies-system, kicksecure-network-conf, non-qubes-vm-enhancements-cli Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-cli-vm_29.0-1_all.deb Size: 73020 SHA256: fa045da68ac8f1b4bb78bb5c6bd2a7419daa8aa730644b5292e945971510d564 SHA1: 4cfef278cdf9d9cf401599ef3618f9ac9e84d792 MD5sum: 7321ecbb2855c1e9cc9a46f04dbd8156 Description: Kicksecure command line interface CLI VMs A metapackage, which installs packages, for Kicksecure CLI Virtual Machines. . Not suitable for Qubes since it depends on packages not yet compatible with Qubes. . Do not remove. Package: kicksecure-default-applications-cli Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: codecrypt, diceware, dirmngr, equivs, extrepo, flatpak, fuse, gpg, gpg-agent, magic-wormhole, makepasswd, pwgen Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-default-applications-cli_29.0-1_all.deb Size: 73044 SHA256: a84cb8afd8b284a0e13210124d2fb194c7f09ecf06ced59cf82c45ee135453a8 SHA1: 9e7df5f128519e2c2950cf028c4989d28612a815 MD5sum: 6c9e780a81d6bbec0381a3df43294af5 Description: Default applications packages for Kicksecure A metapackage, which includes default packages to ensure, Kicksecure useful recommended tools are installed. . Safe to remove, if you know what you are doing. Package: kicksecure-dependencies-cli Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: apparmor-profile-dist, apt-transport-tor, apt-utils, bootclockrandomization, ca-certificates, desktop-config-dist, dialog, dist-base-files, init, initializer-dist, locales, menu, repository-dist, sdwdate, security-misc, setup-dist, sudo, timesanitycheck, usrmerge Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-dependencies-cli_29.0-1_all.deb Size: 73096 SHA256: 757b324bd0b5959b784d696e634854a9667273f5e60d0be3e306032538c685ed SHA1: 1b0ac19058ac5007e7b54b3c2f91af40701754f9 MD5sum: 9819e7ceb668aebb09d5798517eed0f3 Description: Dependencies for hardened systems CLI A metapackage, which installs command line interface (CLI) packages which should be installed on hardened systems. . Do not remove. Package: kicksecure-dependencies-system Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: dracut | linux-initramfs-tool | initramfs-tools Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-dependencies-system_29.0-1_all.deb Size: 72988 SHA256: 5f298e83c91aa8fb7c2bd570083c7ab3303843733c4952948c560bd1c6767070 SHA1: 0629e3645d36d5ddd887e4bb368f57206f688cbc MD5sum: e36b7ca43e4172633c63bffd45fb7c81 Description: System for hardened systems A metapackage, which installs system packages which should be installed on hardened systems. . Currently only depends on boot process related dependencies. . Do not remove. Package: kicksecure-desktop-applications-recommended Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: electrum | dummy-dependency-electrum, firefox-esr | dummy-dependency, gpa, hunspell-en-us, keepassxc, kicksecure-welcome-page, repository-dist-wizard, ristretto, sdwdate-gui, setup-wizard-dist, tumbler, vlc Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-desktop-applications-recommended_29.0-1_all.deb Size: 73068 SHA256: 60a4f620402e0be3a2188c36b288b1fac310e0c22a1e1bdc205e32ce8f64ca12 SHA1: f89f13c48c094ad7e35958a05f66b272edf47705 MD5sum: c845890850cc57a5d82f30c1580fd6e1 Description: Kicksecure Recommended Desktop Applications A metapackage, which installs recommended packages, for graphical user interface (GUI) Kicksecure. . Do not remove. Package: kicksecure-desktop-applications-xfce Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: gvfs, libexo-2-0, lxqt-sudo, mousepad, p7zip-full, pkexec, policykit-1-gnome, polkitd, thunar, thunar-archive-plugin, thunar-volman, unar, unzip, xarchiver, xfce4-terminal, xz-utils, zip Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-desktop-applications-xfce_29.0-1_all.deb Size: 73080 SHA256: 682c3cb6e0536625cdcd6672666875382a8c2e5fa94b534252e4d5fca015a9e1 SHA1: 28bc774763ce1004d0eda17211284bea1d097e4c MD5sum: a43147dd7c13b5a23ee69ba7659d0dd5 Description: Recommended applications for hardened Xfce desktop GUI A metapackage, which installs minimal, yet complete enough to contain the very basics, Xfce applications. . Safe to remove. Package: kicksecure-desktop-environment-essential-gui Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: desktop-config-dist, desktop-config-dist-dependencies, gtk2-engines-pixbuf, libgl1-mesa-dri, upower, x11-xserver-utils, xserver-xorg, xserver-xorg-video-fbdev, xserver-xorg-video-vesa, xserver-xorg-video-vmware | dummy-dependency-xorg-vm Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-desktop-environment-essential-gui_29.0-1_all.deb Size: 73060 SHA256: 75fb5a7039cc0e9402e5ed4f79c3a5b4519003be6cb394934ff0862284dad234 SHA1: c4136c74f9393f47d0f3523a72c809994ffc1f1d MD5sum: 4d7141798a5a8cd8def98d79ca5d7429 Description: Desktop Depends GUI A metapackage, which installs dependencies for desktop environments, such as KDE, GNOME, etc. . kicksecure-desktop-environment-essential-xfce depends on this package. Package: kicksecure-desktop-environment-essential-xfce Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: gnome-brave-icon-theme, kicksecure-desktop-environment-essential-gui, lightdm, xfce4 Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-desktop-environment-essential-xfce_29.0-1_all.deb Size: 73012 SHA256: 01b60382ba9242ec00f6043508d4a2e641f07edfc8fabf3d8ebf467cd44005c3 SHA1: 3a74d8461fbde2fed589c670c449b2e1ad94f68f MD5sum: 17185e9dfd1988a7c394f37ebfdd0965 Description: Recommended applications for hardened Xfce Desktop Environment A metapackage, which installs minimal, yet complete enough to contain a very basic Xfce Desktop Environment. . Safe to remove. Package: kicksecure-network-conf Version: 3:6.3-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 74 Depends: network-manager, iw, wpasupplicant, netbase Homepage: https://github.com/Kicksecure/kicksecure-network-conf Priority: optional Section: misc Filename: pool/main/k/kicksecure-network-conf/kicksecure-network-conf_6.3-1_all.deb Size: 22088 SHA256: 1498e92a834407b00489a470b64aac0c78fbf5a028cf767d5d59b683d1e4e233 SHA1: fd1c6121bc0cf0e4f3362e6ad3c3ce32daae33a6 MD5sum: 834439e1af2650130dd184a5c6a47d9d Description: Network Configuration for Kicksecure CLI Disables systemd Predictable Network Interface Names. . Disables systemd-resolved during boot unless file /etc/dns-enable exists. . Disables systemd-resolved fallback DNS (which by default is set to Google). . Disables NetworkManager hostname management (useful in redistributed Kicksecure VMs). Package: kicksecure-network-conf-gui Source: kicksecure-network-conf Version: 3:6.3-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 48 Depends: network-manager-gnome Homepage: https://github.com/Kicksecure/kicksecure-network-conf Priority: optional Section: misc Filename: pool/main/k/kicksecure-network-conf/kicksecure-network-conf-gui_6.3-1_all.deb Size: 18736 SHA256: 0118799592591aa295ed769f7c856ab080a1adab45e306ac08a5da2ea3918aff SHA1: 484fb8c541e984ced27573bb4b73d16afd9e064c MD5sum: 4519259d3dbd285b69fe4aba2f4a9741 Description: Network Configuration for Kicksecure GUI A metapackage with dependencies recommended for a Kicksecure GUI for networking. . See also kicksecure-network-conf. Package: kicksecure-packages-dependencies-pre Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Depends: dist-base-files, kicksecure-network-conf Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-packages-dependencies-pre_29.0-1_all.deb Size: 72988 SHA256: 86204b59d47b7bd774a99aa1faa2aab5be559d74742915a9da0230a067590b60 SHA1: 6e2e38b20b2ccb0c21ef6f3120e7035d121867ad MD5sum: c2370bd4efdee2a4d4bee564aec15808 Description: Dependencies for Kicksecure that changes network related files A metapackage, which installs packages which Kicksecure depends on. Can not be merged into another package due to conflicts with chroot build process. . Do not remove. Package: kicksecure-qubes-cli Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: kicksecure-cli Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-qubes-cli_29.0-1_all.deb Size: 73004 SHA256: 0a7452cd07ec94eb0b5790f6502bf2c178207d8c20db09fe65dbb97c4ab63fed SHA1: 03c7da662a0173a784aa9cb5a0572e4424536d2e MD5sum: dfc59d0c6f7907193e62a1cdc5b7ad03 Description: Default packages for Kicksecure-Qubes CLI A metapackage, which installs packages, for Kicksecure on Qubes without recommended GUI applications. . Currently only depends on kicksecure-cli but useful for future maintenance in case Qubes specific changes will be required. . Do not remove. Package: kicksecure-qubes-gui Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: kicksecure-desktop-applications-xfce, kicksecure-desktop-applications-recommended, kicksecure-qubes-cli Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-qubes-gui_29.0-1_all.deb Size: 72952 SHA256: d2c4aee72708cea2489b5f109141c478ddd0ccdaf909c016d6d74a4ead65f704 SHA1: 1915c2988f4d12f8a9df8a48944f1836804aaf7c MD5sum: 376e45b1e84a10238963a02715dc1c67 Description: Default packages for Kicksecure-Qubes GUI A metapackage, which installs packages, for Kicksecure on Qubes including recommended GUI applications. . Do not remove. Package: kicksecure-recommended-cli Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: apparmor-profiles-kicksecure | dummy-dependency-apparmor-profiles-kicksecure, apparmor-utils, bash-completion, bzip2, curl, dnsutils, e2fsprogs, file, hardened-malloc | dummy-dependency, haveged, iotop, iputils-ping, jitterentropy-rngd, less, libblockdev-crypto2, libpam-tmpdir, lsof, man-db, most, nano, net-tools, open-link-confirmation, openvpn, pciutils, procps, secure-delete, sensible-utils, strace, sysfsutils, systemcheck, torsocks, udisks2, usability-misc, boot-info-script Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-recommended-cli_29.0-1_all.deb Size: 73204 SHA256: d79459c13c402b6b9e7f4cf3dcd557fe09b0d21b2668384e13392794851596e6 SHA1: 3654234086965fb0063ff94cb8ea12eb49fc4616 MD5sum: 1f9b90f8809d65c198d7da1783960c6d Description: Recommended packages for Kicksecure A metapackage, which includes recommended packages to ensure, Kicksecure standard tools are available. . Safe to remove, if you know what you are doing. Package: kicksecure-shared-host-xfce Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: gnome-system-monitor, gparted, gnome-disk-utility, gsmartcontrol, smartmontools, smart-notifier, nvme-cli, pv, lshw, hwinfo, gddrescue, ddrescueview, lm-sensors, psensor, grub-live | grub-live-boot | boot-live, non-qubes-audio, sdwdate-gui, xfce4-power-manager, xfce4-screenshooter, xfce4-xkb-plugin, xscreensaver, msgcollector-gui, icon-pack-dist Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-shared-host-xfce_29.0-1_all.deb Size: 73176 SHA256: affbbed315c6bfd3616dcf1512d5a3fd0cb9cf3f77acbf50651023fcbad77aa7 SHA1: a25dd801f9642498cc00c0f9fd3d5a7c05520402 MD5sum: bc4334b25eaca0027b95a72999e6b29a Description: Kicksecure Shared Host Xfce GUI A metapackage, which installs packages, which are recommended for Kicksecure Xfce Host as well as a Whonix-Host with a graphical user interface (GUI). . Safe to remove, if you know what you are doing. Package: kicksecure-welcome-page Version: 3:6.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 962 Depends: fonts-roboto-fontface, libjs-jquery Homepage: https://github.com/Kicksecure/kicksecure-welcome-page Priority: optional Section: misc Filename: pool/main/k/kicksecure-welcome-page/kicksecure-welcome-page_6.5-1_all.deb Size: 876804 SHA256: fa29aa189282073f845b6264469afecccf1218d48638f27c364b6ec4aa8f7dd2 SHA1: e00a098458ada39fbf5c6d2d3f379d65d33890ac MD5sum: ca3345a24bfd2a8bbdf272c28091bc37 Description: Local Browser Homepage for Kicksecure Kicksecure specific browser start page. . Contains Kicksecure logo and Kicksecure links. . Safe to remove, if you know what you are doing. Package: kicksecure-xfce Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: kicksecure-cli, kicksecure-desktop-applications-xfce, kicksecure-desktop-environment-essential-xfce Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-xfce_29.0-1_all.deb Size: 72920 SHA256: c924319488b40cac9fc159076574044f0b7d372b807782343b04697e474db33a SHA1: cdcc9c3fca578848d848896b52aba5b612851b54 MD5sum: 53350b39045fb6d76e4564410f08bf35 Description: Kicksecure Xfce GUI A metapackage, which installs packages, for Kicksecure Xfce. . Do not remove. Package: kicksecure-xfce-host Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: kicksecure-cli-host, kicksecure-desktop-applications-recommended, kicksecure-network-conf, kicksecure-network-conf-gui, kicksecure-shared-host-xfce, kicksecure-xfce Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-xfce-host_29.0-1_all.deb Size: 72964 SHA256: aa3bfff1255f5a841ceb35149c6442b7febf67580aa1f436c3bb9da4b01d2587 SHA1: f35a1dd7b60e4d3053d7ae03de2ed69dca950a09 MD5sum: 264ace256b324bcda23f08aa235d262c Description: Kicksecure Host Xfce GUI A metapackage, which installs packages, for Kicksecure Xfce Host. . Do not remove. Package: kicksecure-xfce-vm Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: kicksecure-cli-vm, kicksecure-desktop-applications-recommended, kicksecure-network-conf-gui, kicksecure-xfce, non-qubes-audio, non-qubes-vm-enhancements-gui Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/kicksecure-xfce-vm_29.0-1_all.deb Size: 73028 SHA256: d54abf9163aefd98ee3bea2e909696b96908753e7f45e8e53bfd73696626e73a SHA1: 76270068c92871588cb89a6fcd275cd7517fc88b MD5sum: 7ab40c18fcae2fe9b794fd51d04c51bf Description: Kicksecure Xfce GUI for VMs A metapackage, which installs packages, for Kicksecure Xfce in Virtual Machines. . Not suitable for Qubes since it depends on packages not yet compatible with Qubes. . Do not remove. Package: legacy-dist Version: 3:15.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 124 Depends: helper-scripts, apt-forktracer, deborphan Conflicts: vbox-disable-timesync, whonix-legacy Replaces: vbox-disable-timesync, whonix-legacy Provides: vbox-disable-timesync, whonix-legacy Homepage: https://github.com/Kicksecure/legacy-dist Priority: optional Section: misc Filename: pool/main/l/legacy-dist/legacy-dist_15.2-1_all.deb Size: 48228 SHA256: e40d6b4337695eb44605753004188e75017f7fc1ae696ad91d6b1b68241d172c SHA1: 6dbd57399eefb0dead76974d25cfaa9f3e4595ac MD5sum: 94dc44b6d66ecba330e00aa332c69008 Description: Prepare older Build Versions of Whonix for Upgrade Applies fixes required for upgrading from for example Whonix 8.x to Whonix 9.x etc. . Upgrades from Whonix 7.x or older versions is unsupported. . Safe to remove. Package: libvirt-dist Version: 3:9.9-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 139 Depends: adduser, qemu-kvm, libvirt-daemon-system, libvirt-clients, virt-manager, gir1.2-spiceclientgtk-3.0, dnsmasq-base, helper-scripts, msgcollector Conflicts: whonix-libvirt Replaces: whonix-libvirt Provides: whonix-libvirt Homepage: https://github.com/Kicksecure/libvirt-dist Priority: optional Section: misc Filename: pool/main/libv/libvirt-dist/libvirt-dist_9.9-1_all.deb Size: 51252 SHA256: af646e5821fd623af30113fb18f112e2555eaaf3bea59b64ab3060d25424e469 SHA1: 3c4bce607c180f652679e52263de5ccdacab8a7b MD5sum: 90894efb0fb3beb31c14cc0653911550 Description: Whonix Libvirt XML Files for KVM and QEMU Libvirt XML files for Whonix-Gateway, Whonix-Workstation, Whonix-Custom-Workstation and Whonix's internal network. . Whonix-Host grub branding, motd and issue banner. . Whonix-Host boot popup. . See also: - https://www.kicksecure.com/wiki/KVM - https://www.kicksecure.com/wiki/QEMU Package: live-config-dist Version: 3:5.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 253 Depends: helper-scripts, pkexec, rsync, libglib2.0-bin, xdg-user-dirs Homepage: https://github.com/Kicksecure/live-config-dist Priority: optional Section: misc Filename: pool/main/l/live-config-dist/live-config-dist_5.2-1_all.deb Size: 76416 SHA256: 54623f1c4d1de1e7b2071556df8ba2c2dcd609e6640d261462974c5a9e184b0c SHA1: 49f3e9bddd5b0018c04388da40b3ce8bc6472881 MD5sum: a39cd833663adc2170fb6a3e2ea77783 Description: calamares-settings-kicksecure and maybe calamares-settings-whonix Installed in Host ISO Live. . Supposed to be removed in Host installed. . Enables autologin for Host ISO Live. . Kernel parameters required for Live ISO. Package: lkrg Version: 0.9.6.2-1 Architecture: all Maintainer: Mikhail Morfikov Installed-Size: 16 Depends: lkrg-dkms (= 0.9.6.2-1) Homepage: https://lkrg.org Priority: optional Section: kernel Filename: pool/main/l/lkrg/lkrg_0.9.6.2-1_all.deb Size: 9300 SHA256: 06099d7d14880eca02ea4e8355f25c9664668ed8420c956051bb61541958f41f SHA1: 77f32a0334d6359a084ddd96d6e0f2bed6c7c4ae MD5sum: 75c8c83ff7bbc8eb47ce425bebd69b13 Description: Linux Kernel Runtime Guard (LKRG) LKRG performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. . LKRG is a kernel module (not a kernel patch), so it can be built for and loaded on top of a wide range of mainline and distros' kernels, without needing to patch those. . That is only a dependency package to install the LKRG kernel module and also some systemd service in order to help to manage loading/unloading the module at system boot/shutdown. Package: lkrg-dkms Source: lkrg Version: 0.9.6.2-1 Architecture: all Maintainer: Mikhail Morfikov Installed-Size: 787 Depends: dkms (>= 2.1.0.0) Recommends: lkrg-systemd (= 0.9.6.2-1) Homepage: https://lkrg.org Priority: optional Section: kernel Filename: pool/main/l/lkrg/lkrg-dkms_0.9.6.2-1_all.deb Size: 103928 SHA256: 858cedaefb1958b7966548f5d5f5990835d09965c415c8f6bd4039d589919503 SHA1: ba764d1501476e67904976cfbb64aa7630fb182f MD5sum: 45700ff02b87e317c1bebf8b12dd191b Description: Linux Kernel Runtime Guard (LKRG) Source Code and DKMS LKRG performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. . LKRG is a kernel module (not a kernel patch), so it can be built for and loaded on top of a wide range of mainline and distros' kernels, without needing to patch those. . This package uses DKMS to automatically build the LKRG kernel module. Package: lkrg-systemd Source: lkrg Version: 0.9.6.2-1 Architecture: all Maintainer: Mikhail Morfikov Installed-Size: 24 Depends: lkrg-dkms (= 0.9.6.2-1), systemd Homepage: https://lkrg.org Priority: optional Section: kernel Filename: pool/main/l/lkrg/lkrg-systemd_0.9.6.2-1_all.deb Size: 10196 SHA256: 575d2ef015a44056b11b894004ee5e026361ff44a894628c197d18d435b48cc9 SHA1: 78f3ebfdc801a3510a1104f8783389578d9514d1 MD5sum: 70d7d1e11516ccf08559234cec2cfeec Description: Systemd integration for Linux Kernel Runtime Guard (LKRG) LKRG performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. . LKRG is a kernel module (not a kernel patch), so it can be built for and loaded on top of a wide range of mainline and distros' kernels, without needing to patch those. . This package provides systemd integration for the LKRG kernel module. Package: mediawiki-shell Version: 3:2.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 132 Depends: helper-scripts, jq, retry Homepage: https://github.com/Kicksecure/mediawiki-shell Priority: optional Section: misc Filename: pool/main/m/mediawiki-shell/mediawiki-shell_2.5-1_all.deb Size: 36956 SHA256: 6ab0176bfc5ffefb2936f77e6fa48204190a0604bda097a8133634dac350a145 SHA1: ed4457529008a0e40d36d413296554bb90b8f1ba MD5sum: e40862822ef8f865e163fc789ce1cb62 Description: bash shell scripts for usage of MediaWiki API Description here. . TODO Package: msgcollector Version: 3:11.1-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 217 Depends: python3, sudo, inotify-tools, procps, init-system-helpers (>= 1.52) Conflicts: diverts-etc++bash.bash+-+logout Provides: diverts-etc++bash.bash+-+logout Homepage: https://github.com/Kicksecure/msgcollector Priority: optional Section: misc Filename: pool/main/m/msgcollector/msgcollector_11.1-1_all.deb Size: 61536 SHA256: 27d1c277bf380213976ed83e715e5034fd82b03977794503f9f41257928a12b8 SHA1: 883532b31b8f88a3ba5b154fbee86adc9ef66b03 MD5sum: c26dd3d1d0c5269a91aba22d9248a030 Description: Command Line Interface Messages Toolkit Library A programming library providing an application programming interface (API) that allows the programmer to output colored text in terminal user interfaces (CLI). . Applications can send messages to msgcollector which it collects and dispatches once instructed to do so by the application. . For clarity and avoidance of confusion, msgcollector does not collect any data. Applications that do not use msgcollector do not interact with msgcollector. It is roughly in the same category as ncurses but has of course much less and very different features. . For graphical user interface (GUI) support also install package msgcollector-gui. Package: msgcollector-gui Source: msgcollector Version: 3:11.1-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 69 Depends: msgcollector, wmctrl, python3-pyqt5, qtwayland5, zenity, libnotify-bin | kde-baseapps-bin, mate-notification-daemon, x11-utils Homepage: https://github.com/Kicksecure/msgcollector Priority: optional Section: misc Filename: pool/main/m/msgcollector/msgcollector-gui_11.1-1_all.deb Size: 40348 SHA256: d36bdb7724d43bdb8050dfffc7e1aab7e7ef12c195076b40d249dc16b41ca08b SHA1: 0869d47add3fe283db2899a336d1b3c0c096f33d MD5sum: 02ba3cfbe6b56f27e1a5689855d85c27 Description: Graphical User Interface Toolkit Library A programming library providing an application programming interface (API) that allows the programmer to output colored text in graphical user interfaces (GUI). . Applications can send messages to msgcollector which it collects and dispatches once instructed to do so by the application. . For clarity and avoidance of confusion, msgcollector does not collect any data. Applications that do not use msgcollector do not interact with msgcollector. It is roughly in the same category as Qt or GDK but has of course much less and very different features. . A metapackage that installs required dependencies for graphical user interface support. Package: non-qubes-audio Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: alsa-utils, libasound2, pavucontrol, pipewire-audio | pulseaudio, pipewire-pulse, wireplumber Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/non-qubes-audio_29.0-1_all.deb Size: 73048 SHA256: 5746a8693eb34c435a8a96d788f13318797214b5e4e1f750bb4222af372b9f48 SHA1: d9e28b81fe46c3bacf20c4f7302715ac40e72b2c MD5sum: f98f29b43551851c85385613cfa66af6 Description: Recommended packages for Audio Support in non-Qubes A metapackage, which includes recommended packages which are useful to provide audio support. . These are not useful in Qubes, since Qubes already has its own native audio implementation. . Safe to remove, if you know what you are doing. Package: non-qubes-vm-enhancements-cli Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: acpi-support, console-common, console-setup, cryptsetup, dmsetup, grub-live | grub-live-boot | boot-live, kbd, keyboard-configuration, libzulucrypt-plugins, swap-file-creator, tirdad, udev, vm-config-dist, zulucrypt-cli Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/non-qubes-vm-enhancements-cli_29.0-1_all.deb Size: 73160 SHA256: 6eb5338c494f5e1b60c10ab0e59cbb7a67b0994aec80c206208b0c13e703b7ee SHA1: a7b44fc6fcc319bd7dd85279a35a8e736e073cea MD5sum: af3c601d8b6247a1ea6c83607bf9c9db Description: Recommended packages for terminal based VMs CLI A metapackage, which includes recommended packages which are useful within CLI based non-Qubes virtual machines. These are not useful in Qubes, since Qubes already has native implementations for those. . Safe to remove, if you know what you are doing. Package: non-qubes-vm-enhancements-gui Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: non-qubes-vm-enhancements-cli, rads, zulucrypt-gui Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/non-qubes-vm-enhancements-gui_29.0-1_all.deb Size: 73056 SHA256: 11a563f48404784a22fcaca670c86b4d1e579f9aa668a5eb63e24bbc3fae7c70 SHA1: d2fc50fa510f8bbf671303e5b9bb9d4d9106aae2 MD5sum: 5965dfe169faf79b63908fc30a3a987c Description: Recommended packages for graphical VMs GUI A metapackage, which includes recommended packages which are useful within GUI based non-Qubes virtual machines. These are not useful in Qubes, since Qubes already has native implementations for those. . Safe to remove, if you know what you are doing. Package: open-link-confirmation Version: 3:6.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 87 Depends: sensible-utils, icon-pack-dist, msgcollector, xdg-utils Recommends: tb-starter, tb-updater, tb-default-browser Homepage: https://github.com/Kicksecure/open-link-confirmation Priority: optional Section: misc Filename: pool/main/o/open-link-confirmation/open-link-confirmation_6.2-1_all.deb Size: 29900 SHA256: 91daba198a9432b5ea4325a1c5af5b949eb2426e5fe46e1c97a31c121eace4a5 SHA1: 66eeb46136374cfe73316ac2a6284e9d7702cf2f MD5sum: 205c9024fe38f1a420b839a414d01a6b Description: Asks for confirmation before opening links Asks before a link is (accidentally) opened in a browser. Links are opened in x-www-browser. . Currently only the Tor Browser starter from the tb-starter package (by Whonix developers) supports using open-link-confirmation. Shell wrappers could be written to support other browsers as well. . On an Anonymity Gateway (when the anon-gw-base-files package is installed), it honors the $EDITOR environment variable (falls back to kwrite if unset), asks if a file should be opened in an editor before opening it and informs, that opening links on a Gateway is unsupported for security reasons. . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: orca-screen-reader-support Source: kicksecure-meta-packages Version: 3:29.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 101 Pre-Depends: legacy-dist Depends: gstreamer1.0-plugins-good, libatk-adaptor, libgail-common, non-qubes-audio, orca, python3-gst-1.0, sound-icons, speech-dispatcher-espeak-ng, xbrlapi Homepage: https://github.com/Kicksecure/kicksecure-meta-packages Priority: optional Section: metapackages Filename: pool/main/k/kicksecure-meta-packages/orca-screen-reader-support_29.0-1_all.deb Size: 73048 SHA256: 624986ba6c65ecc4b722a335364f143b567d328c558eac929901c8dfaf6e4aa3 SHA1: 9983cbbc4f4e6df6967235903fd24fc429e1064f MD5sum: 455e03e6f7f0a468c688f0bd054c16da Description: dependencies for the orca screen reader A metapackage, which includes depencency packages for the orca screen reader. . Safe to remove if its removal does not remove another metapackage, which is not safe to remove. Package: rads Version: 3:7.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 111 Depends: systemd Homepage: https://www.kicksecure.com/wiki/RAM_Adjusted_Desktop_Starter Priority: optional Section: misc Filename: pool/main/r/rads/rads_7.2-1_all.deb Size: 34736 SHA256: c5c4eb52aabb77a3b939761d9603c8e6b5d525a059d2019ee2db32a162ccddd7 SHA1: 18a4365295514955f6a2dda212995f066d486a33 MD5sum: 1f53a3253b7760768ccb05489d9f32cd Description: RAM Adjusted Desktop Starter If there is more than X MB RAM in total, the desktop environment will be started. . If less than X MB RAM in total (for example, only 196 MB RAM in total), no desktop environment will be started. . This should be quite convenient, because users with low RAM could reduce Y MB and even if they sometimes wanted to configure/check something, they could assign 512 RAM and automagically boot into the graphical desktop. There are also many settings in /etc/rads.d/ (stackable) to configure this feature, so if you want, you can also add a lot RAM, but not boot into a desktop environment, or use different display managers and so on. . Most useful in virtual machines. Package: ram-wipe Version: 3:2.7-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 102 Depends: helper-scripts, dracut, kexec-tools Homepage: https://github.com/Kicksecure/ram-wipe Priority: optional Section: misc Filename: pool/main/r/ram-wipe/ram-wipe_2.7-1_all.deb Size: 24268 SHA256: 192f82b999484ccd353a94f002154d30f03b297ccbcd56d6da67ecdb945df21a SHA1: fbe810ad5cdaf6d04ae68d323201d8d13c84b429 MD5sum: 39d59a85360855b4d93a3f60a9a15e08 Description: Wipe RAM on shutdown and reboot A dracut module that wipes RAM on shutdown and reboot. . Not implemented for initramfs. Package: repository-dist Version: 3:10.8-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 190 Depends: helper-scripts, lsb-release, python3:any Homepage: https://www.kicksecure.com/wiki/Project-APT-Repository Priority: optional Section: misc Filename: pool/main/r/repository-dist/repository-dist_10.8-1_all.deb Size: 102244 SHA256: d1f22c9ff3d56bd1495a3efc0d3ff5b0351bc09b67d22c001bd5e700e99dcdd7 SHA1: 480d1c394f0c509a8d0f37444e9874f7d9169c45 MD5sum: 8335864588015844df15a2fcf9cd49c0 Description: Derivative APT Repository Command Line Interface (CLI) This tool can always be used to enable either Derivative's stable, testers or developers repository or to disable Derivative's repository. . Derivative's APT Repository is not enabled by default. Some users prefer this for trust/security reasons. . On first boot of Derivative, the Derivative Repository Tool gets automatically started by setup-dist. The user is free to either leave Derivative's repository disabled or to configure it as desired. . Technically speaking, this tool creates or deletes file `/etc/sources.list.d/derivative.list`. . Using APT `signed-by`. Package: repository-dist-wizard Source: repository-dist Version: 3:10.8-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 69 Depends: pkexec, python3-pyqt5, python3:any, qtwayland5 Homepage: https://www.kicksecure.com/wiki/Project-APT-Repository Priority: optional Section: misc Filename: pool/main/r/repository-dist/repository-dist-wizard_10.8-1_all.deb Size: 36064 SHA256: e09fb65a2bb8c71f6e4766762443a580c6b62e492b4573a4a57e65d54c1a6336 SHA1: 8ff127b75d2cb7e0133f3986768e815c69311059 MD5sum: a14ecce79d33b3d0bc5224356fc1e66f Description: Derivative APT Repository Graphical User Interface (GUI) This tool can always be used to enable either Derivative's stable, testers or developers repository or to disable Derivative's repository. . This is a metapackage depending on the required packages for the GUI (Graphical User Interface). Package: ro-mode-init Version: 3:2.8-1 Architecture: all Maintainer: Algernon <33966997+Algernon-01@users.noreply.github.com> Installed-Size: 60 Depends: live-boot, live-boot-initramfs-tools, live-tools Conflicts: grub-default-live, grub-live Replaces: grub-default-live, grub-live Provides: boot-live Homepage: https://github.com/Kicksecure/ro-mode-init Priority: optional Section: misc Filename: pool/main/r/ro-mode-init/ro-mode-init_2.8-1_all.deb Size: 19004 SHA256: 25f626fc9873ebbaf06d53f745b5918d62519bf0c27e0fa4c45ac33adc609ec0 SHA1: a848ea36168f059ba2c0e1beb98f00f0bf4ec521 MD5sum: 92a9416b15691d729af03ddb6aeac9b9 Description: Detects read-only disks and automatically enables live-boot Allows booting the system in live mode. Meaning, no persistent modifications will be written to the disk. All changes stay in RAM. . No claims are made with regard to anti forensics. Package: sandbox-app-launcher Version: 0:6.6-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 131 Depends: sudo, bubblewrap, apparmor, libseccomp-dev, helper-scripts, dbus-x11 Homepage: https://www.kicksecure.com/wiki/Sandbox-app-launcher Priority: optional Section: misc Filename: pool/main/s/sandbox-app-launcher/sandbox-app-launcher_6.6-1_all.deb Size: 48376 SHA256: 5d2321904e83310698a1730f0bd919f87d5b6e7dbc81ff3f0d603ad8d319bd77 SHA1: cf837cdb2e3469381c9a2345c892d0500a686515 MD5sum: 51b74b9c6fa87389b7e428b698e2a923 Description: application launcher to start apps in a restrictive sandbox sandbox-app-launcher runs each app as its own user, in a bubblewrap sandbox and confined by apparmor. . The directory, `/shared`, is shared across all app sandboxes to transfer files across. . This implements a permissions system to configure what apps can access. There are currently 5 available permissions: . * Network access . * Webcam access . * Microphone access . * Shared storage access (read-only or read-write) . * Dynamic native code execution . All apps the user installs will be automatically configured to run in the sandbox and a prompt will ask the user which permissions they wish to grant the application (not implemented yet). . Currently a WIP and not for actual use. Package: sdwdate Version: 3:23.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 336 Depends: sudo, bc, helper-scripts, adduser, gcc, libc6-dev, python3-stem, python3-dateutil, python3-socks, python3-sdnotify, python3-requests, python3, tor, python3:any Recommends: timesanitycheck, bootclockrandomization Conflicts: time-daemon Provides: time-daemon Homepage: https://www.kicksecure.com/wiki/Sdwdate Priority: optional Section: misc Filename: pool/main/s/sdwdate/sdwdate_23.5-1_all.deb Size: 146740 SHA256: ce960554c24c0628f9eeeafb209426878a71fb4711e2e7be96a2b9bc638d27e6 SHA1: e87a142363a25e8ed5d6c48548b13ca99a8249be MD5sum: bf8de922a297e242adb715dcdf291284 Description: Secure Distributed Network Time Synchronization Time keeping is crucial for security, privacy, and anonymity. Sdwdate is a Tor friendly replacement for rdate and ntpdate that sets the system's clock by communicating via onion encrypted TCP with Tor onion webservers. . At randomized intervals, sdwdate connects to a variety of webservers and extracts the time stamps from http headers (RFC 2616). Using sclockadj option, time is gradually adjusted preventing bigger clock jumps that could confuse logs, servers, Tor, i2p, etc. . This package contains the sdwdate time fetcher and daemon. No installation on remote servers required. To avoid conflicts, this daemon should not be enabled together with ntp or tlsdated. Package: sdwdate-gui Version: 1:10.1-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 239 Depends: sudo, python3, python3-pyqt5, qtwayland5, helper-scripts, sdwdate, adduser Homepage: https://www.kicksecure.com/wiki/sdwdate-gui Priority: optional Section: misc Filename: pool/main/s/sdwdate-gui/sdwdate-gui_10.1-1_all.deb Size: 89996 SHA256: 05330328ee5d09b5c80e8cd26cbad2187fb1b7f317d8d891f8026fc6f07fef71 SHA1: 39ae160c17354d6bff104c2c45968d1f11cccb19 MD5sum: f541a019a0e1ace6859bcba20b25b87a Description: Sdwdate Monitor sdwdate-gui is a systray icon monitor for sdwdate: checks sdwdate's status and modify the tray icon accordingly. In addition, it allows the user to restart sdwdate and view the log. Package: security-misc Version: 3:37.6-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 500 Depends: adduser, apparmor-profile-dist, dmsetup, helper-scripts, libcap2-bin, libglib2.0-bin, libpam-modules-bin, libpam-runtime, libpam-umask, python3, secure-delete, sudo, dconf-gsettings-backend | gsettings-backend Replaces: anon-gpg-tweaks, swappiness-lowest, tcp-timestamps-disable Homepage: https://www.kicksecure.com/wiki/Security-misc Priority: optional Section: misc Filename: pool/main/s/security-misc/security-misc_37.6-1_all.deb Size: 169908 SHA256: 16af62ad2cae29b6baf83f05b211e6f948e9bc69e9e9f967da2d174dcfc9b745 SHA1: 85e5d96b9563e33dc0e6e3c4fa8367edb99474a6 MD5sum: 10a20487485becb38d99f2a369fcc32e Description: Enhances Miscellaneous Security Settings https://github.com/Kicksecure/security-misc/blob/master/README.md . https://www.kicksecure.com/wiki/Security-misc . Discussion: . Happening primarily in Whonix forums. https://forums.whonix.org/t/kernel-hardening/7296 Package: serial-console-enable Version: 3:4.1-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 61 Homepage: https://github.com/Kicksecure/serial-console-enable Priority: optional Section: misc Filename: pool/main/s/serial-console-enable/serial-console-enable_4.1-1_all.deb Size: 17528 SHA256: bca714e19b0cb79468a7a4e5c21d1c773f50f565adc050a051eee9bf0d3de4c5 SHA1: afcf614e4ebf7b99974a4addcd237c6e1e769e02 MD5sum: cc005f12c21ae426e1b4aeaaab6c6260 Description: Enables serial console Ships a /etc/default/grub.d/30_serial_console.cfg configuration file, that enables serial console. . Enables /lib/systemd/system/getty.target.wants/serial-getty@ttyS0.service by creating a symlink from: /lib/systemd/system/serial-getty@.service to: /lib/systemd/system/getty.target.wants/serial-getty@ttyS0.service . Useful for serial console login such as into Whonix KVM VMs from the host operating system. . Forum discussion: https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271 . Safe to remove if you do not require serial console login such as: virsh console vm-name Package: setup-dist Version: 3:9.4-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 132 Depends: helper-scripts, dialog, sudo, menu Conflicts: whonixsetup Replaces: whonixsetup Provides: whonixsetup Homepage: https://github.com/Kicksecure/setup-dist Priority: optional Section: misc Filename: pool/main/s/setup-dist/setup-dist_9.4-1_all.deb Size: 44524 SHA256: 46a9531c85c2174c9223723542072b94525a5549f6a933baec2e7cc4e51814cf SHA1: 9580483f1e4bae898fc3390511e7cc6a4c7d64f3 MD5sum: 135c84ee75aa041d754d9a45c4b0589a Description: First Time Connection Setup Disclaimer. . When the derivative starts for the first time, it won't automatically connect to the public Tor network. This is useful for users who want to hide Tor from their ISP. setup-dist is automatically started, which educates about different methods to connect (public Tor network, bridges, etc.). Package: setup-wizard-dist Version: 3:10.4-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 130 Depends: setup-dist, python3-yaml, python3-distutils, helper-scripts, python3, x11-xserver-utils Recommends: icon-pack-dist Conflicts: whonix-setup-wizard Replaces: whonix-setup-wizard Provides: whonix-setup-wizard Homepage: https://github.com/Kicksecure/setup-wizard-dist Priority: optional Section: misc Filename: pool/main/s/setup-wizard-dist/setup-wizard-dist_10.4-1_all.deb Size: 54564 SHA256: 54b79d5fc5b5a8fa6a08ec70194d359a5c2ef2981361441e8915f06239d5d91e SHA1: 1b0e386745a2f4cb43486f25f33ec42b93073908 MD5sum: 330188f9d7d1d1822bfd8a2bfddef69c Description: First Boot Setup Disclaimer. . When distribution starts for the first time, it won't automatically connect to the public Tor network. This is useful for users who want to hide Tor from their ISP. Anon Connection Wizard is automatically started, which educates about different methods to connect (public Tor network, bridges, etc.). Package: swap-file-creator Version: 3:7.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 82 Depends: helper-scripts, cryptsetup-bin, bc Recommends: haveged, jitterentropy-rngd Homepage: https://www.kicksecure.com/wiki/Swap-file-creator Priority: optional Section: misc Filename: pool/main/s/swap-file-creator/swap-file-creator_7.0-1_all.deb Size: 30296 SHA256: 4c35f43b1ba36746183c2082b7b8ee43a7b94f3b6ac832e96001f1065bae1c5b SHA1: ec065c2b71fa90dd46f8c0c95dd26c0fa1518e86 MD5sum: 734cb110bcb15159798bec4f98b596e9 Description: Adds encrypted swap file to the system On every boot, creates a new encrypted swapfile with a random key. . Useful for systems with low RAM such as inside virtual machines. . Has an option to shred the swapfile on shutdown. Package: systemcheck Version: 3:30.1-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 431 Depends: dist-base-files, python3, signify-openbsd, curl, ca-certificates, msgcollector, psmisc, sudo, vrms, libarchive-tools, helper-scripts, net-tools, systemd, adduser, security-misc, spectre-meltdown-checker, apparmor-profile-dist Recommends: icon-pack-dist, msgcollector-gui Conflicts: apparmor-profile-whonixcheck, whonixcheck Replaces: apparmor-profile-whonixcheck, whonixcheck Homepage: https://www.kicksecure.com/wiki/systemcheck Priority: optional Section: misc Filename: pool/main/s/systemcheck/systemcheck_30.1-1_all.deb Size: 138628 SHA256: 2b2ae0cf1d98de79080ac1deda79f801eedfbaa656ac7df46243d32ed18deeda SHA1: ae6e927652e2b7d9d082a65678c69d2e951adc32 MD5sum: c51a8fe67299f443c822bca9591b3e16 Description: Anonymity and security check Checks many important aspects for better security. . Only checks things. Does not change things. . Safe to remove. Package: tb-default-browser Version: 3:5.0-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 78 Depends: tb-starter Recommends: tb-updater, open-link-confirmation Homepage: https://github.com/Kicksecure/tb-default-browser Priority: optional Section: misc Filename: pool/main/t/tb-default-browser/tb-default-browser_5.0-1_all.deb Size: 24052 SHA256: 46f1288f71daacb838d97e21828cd6f3aacf61f666a9a9743767a2975a0dd2ec SHA1: b6993d53bd252cfcd53e3735ad44a0e6efc0eab9 MD5sum: 746a41c51f9e1848b9ce33e9e238784a Description: Configures system to use /usr/bin/torbrowser as default browser Sets /usr/bin/x-www-browser to /usr/bin/torbrowser. . Sets /usr/bin/gnome-www-browser to /usr/bin/torbrowser. . Sets BROWSER environment variable to /usr/bin/x-www-browser by using /etc/profile.d/ and /etc/X11/Xsession.d/ hooks. . Registers of MIME type handlers to 'torbrowser'. . Sets KDE's default browser to x-www-browser. This only takes effect for newly created user accounts. Not for existing user accounts. This is most useful to help Linux distribution maintainers setting divergent defaults. . See also: The Default Browser on Linux Debacle http://blog.codef00.com/2011/02/18/the-default-browser-on-linux-debacle/ . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: tb-starter Version: 3:16.7-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 165 Depends: msgcollector Recommends: tb-updater, tb-default-browser, open-link-confirmation, icon-pack-dist Provides: torbrowser-launcher Homepage: https://github.com/Kicksecure/tb-starter Priority: optional Section: misc Filename: pool/main/t/tb-starter/tb-starter_16.7-1_all.deb Size: 65096 SHA256: 339b1b7ee154737998f8221c1b131352e812fcb9826e882ec664f21dc17d89dc SHA1: db995c20ca3297a37edc488b2894ae77dd5b3e83 MD5sum: 4c3a4d0caa529d4df23910c0232d37e4 Description: Tor Browser Starter (by Whonix developers) Both, a starter for Tor Browser. Provides security hardening, integration with Debian, Whonix and Qubes. . Starter. . - Tor Browser Starter start menu entry and `/usr/bin/torbrowser` starter. Starts `/home/user/.tb/tor-browser/start-tor-browser`. . When config option tb_hardening=true is set or when using command line option --hardening, firejail will be used. . Uses open-link-confirmation if available. . Prompts to install the browser if not yet installed. . Changes directory into browser directly before startup. . Custom homepage support. . Qubes integration. . Sanity tests: - Aborts if detected being run as root. - Aborts in Qubes TemplateVM. - Aborts in Qubes DVM Template. - Waits for Qubes mount dirs and gui agent being ready. . In Qubes AppVM copies browser from root image to private image at first start. . Tor Browser documentation by Whonix. . - https://www.whonix.org/wiki/Tor_Browser - https://www.whonix.org/wiki/Tor_Browser/Advanced_Users . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: tb-updater Version: 3:33.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 502 Depends: msgcollector-gui, curl, psmisc, gpg-bash-lib, pv, libarchive-tools, sudo, jq Recommends: tb-starter, icon-pack-dist, helper-scripts Suggests: tb-default-browser, open-link-confirmation Homepage: https://github.com/Kicksecure/tb-updater Priority: optional Section: misc Filename: pool/main/t/tb-updater/tb-updater_33.5-1_all.deb Size: 245528 SHA256: 2e362ac81fa54aab5c896be8b05349596d591334209e53416ebf7de3d04af092 SHA1: db4fd8b7910364f91d4a1db9815fc05b5d8532e7 MD5sum: a083a80e1249ee078949890f5de68bd2 Description: Tor Browser Downloader by Whonix developers Automates download and verification of Tor Browser from The Tor Project's website. Useful for initial installation of Tor Browser, clean re-installations of Tor Browser and keeping newly created Qubes AppVMs inherited from updated Qubes TemplateVMs can ship up to date versions of Tor Browsers. . Incapable of preserving of updating and preserving user data. Use Tor Browser's internal updater for that purpose. Notifies about already exiting installations of Tor Browser. Renamed rather than deletes old versions of Tor Browsers to avoid user data loss. . Has a cli and a gui mode. Can auto detect latest version numbers or use user configured version numbers. Comes with a download confirmation screen that lets users choose which version to download. [1] Has a installation confirmation screen [2] that enables users to detect indefinite freeze and rollback attacks. . Integrates well with tb-starter, tb-default-browser and open-link-confirmation package as well as with Qubes. . Without the helper-scripts package installed, the GUI will not move the progress bar. . If you have the helper-scripts package installed, it will show a nicer progress bar when run in terminal and more meaningful curl exit code messages, when curl failed. . When having the helper-scripts package installed (recommended for Anonymity Distributions), Tor Browser Downloader will check, that Tor is enabled, that no package manager is currently running and that Tor finished bootstrapping before download attempts. . Supports being run inside chroot and from Debian maintainer postinst script. . Qubes integration: . - Up-to-date browser versions made available to freshly created AppVMs and DispVMs. - In DispVM mounts browser folder which resides in root image to user home folder rather than copying for faster browser startup. . This package is produced independently of, and carries no guarantee from, The Tor Project. . [1] https://www.whonix.org/wiki/Tor_Browser#Download_Confirmation_Screen [2] https://www.whonix.org/wiki/Tor_Browser#Installation_Confirmation_Screen Package: timesanitycheck Version: 3:6.3-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 77 Homepage: https://www.whonix.org/wiki/Dev/TimeSync Priority: optional Section: misc Filename: pool/main/t/timesanitycheck/timesanitycheck_6.3-1_all.deb Size: 26308 SHA256: 5d6eb39437aa110fa20c32bd82a50bfda1de62bd71a81498b9b20e9a3abbda1f SHA1: f86d02749bf3c0bb05fc2a29b49a56636b133462 MD5sum: 0038f96d6838cdccd642f764d3ebe511 Description: Checks if the system clock is sane between build timestamp and expiration date Reports, if clock is sane and not slower than build timestamp or faster than expiration date (configurable, default currently set to 17 MAY 2033 10:00:00). . This should catch situations, where the host's clock is too much off (CMOS battery defect, user mistakenly set a very wrong date, etc.), resulting in network time synchronization tools (such as sdwdate) no longer being able to correct the clock; catch eventual bigger bugs in network time synchronization tools; and some types of attacks on network time synchronization. Package: tirdad Version: 0:0.1.27-1 Architecture: amd64 Maintainer: Patrick Schleizer Installed-Size: 17 Depends: tirdad-dkms Homepage: https://github.com/0xsirus/tirdad Priority: optional Section: kernel Filename: pool/main/t/tirdad/tirdad_0.1.27-1_amd64.deb Size: 12632 SHA256: f3243f8aa9bb901c49cbb819f7b8e8bee3bae409e640a0e8c6e311bde6174cfe SHA1: c9131ccf46938b5b0ac6853f91312c53b6e78424 MD5sum: 26b4d3084be2e287c05d8bb8f6721cc1 Description: TCP ISN CPU Information Leak Protection TCP Initial Sequence Numbers Randomization to prevent TCP ISN based CPU Information Leaks. . The Linux kernel has a side-channel information leak bug. It is leaked in any outgoing traffic. This can allow side-channel attacks because sensitive information about a system's CPU activity is leaked. . It may prove very dangerous for long-running cryptographic operations. [A] . Research has demonstrated that it can be used for de-anonymization of location-hidden services. [1] . Clock skew, . - is leaked through TCP ISNs (Initial Sequence Number) by the Linux kernel. - can be remotely detected through observing ISNs. - can be induced by an attacker through producing load on the victim machine. . Quote Security researcher Steven J. Murdoch (University of Cambridge, Cambridge, UK) [B] . "What the Linux ISN leaks is the difference between two timestamps, not the timestamp itself. A difference lets you work out drift and skew, which can help someone fingerprint the computer hardware, its environment and load. Of course that only works if you can probe a computer, and maintain the same source/destination port and IP address." . Quote Mike Perry, developer at The Tor Project [A]: . "... it is worth complaining to the kernel developers for the simple reason that adding the 64ns timer post-hash probably *does* leak side channels about CPU activity, and that may prove very dangerous for long-running cryptographic operations (along the lines of the hot-or-not issue). Unfortunately, someone probably needs to produce more research papers before they will listen." . tirdad is a kernel module to hot-patch the Linux kernel to generate random TCP Initial Sequence Numbers for IPv4 TCP connections. . You can refer to this bog post to get familiar with the original issue: . - An analysis of TCP secure SN generation in Linux and its privacy issues - https://bitguard.wordpress.com/?p=982 . This metapackage depends on tirdad-dkms. . References: . - [1] https://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf - [2] http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf - [3] http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf - [4] https://stackoverflow.com/a/12232126 - [5] http://lxr.free-electrons.com/source/net/core/secure_seq.c?v=3.16 - [6] https://trac.torproject.org/projects/tor/ticket/16659 - [7] https://phabricator.whonix.org/T543 - [A] https://trac.torproject.org/projects/tor/ticket/16659#comment:10 - [B] https://trac.torproject.org/projects/tor/ticket/16659#comment:18 Package: tirdad-dkms Source: tirdad Version: 0:0.1.27-1 Architecture: amd64 Maintainer: Patrick Schleizer Installed-Size: 42 Depends: linux-headers-amd64 | linux-headers-generic, dkms (>= 2.1.0.0) Homepage: https://github.com/0xsirus/tirdad Priority: optional Section: kernel Filename: pool/main/t/tirdad/tirdad-dkms_0.1.27-1_amd64.deb Size: 16004 SHA256: 1332639aea186c1735ec09bd42f36be10ff94ac8652be4c021429afdeee884c6 SHA1: f80cde9537e327b2c5ebbda9109957b37a0a02bc MD5sum: 79973c238301859668f07293dc991953 Description: TCP Initial Sequence Numbers Randomization - Source Code and DKMS tirdad is a kernel module to hot-patch the Linux kernel to generate random TCP Initial Sequence Numbers for IPv4 TCP connections. . This package uses DKMS to automatically build the tirdad kernel module. Package: tor Version: 0.4.8.12-1~d12.bookworm+1 Architecture: amd64 Maintainer: Peter Palfrader Installed-Size: 5759 Depends: libc6 (>= 2.34), libcap2 (>= 1:2.10), libevent-2.1-7 (>= 2.1.8-stable), liblzma5 (>= 5.1.1alpha+20120614), libseccomp2 (>= 0.0.0~20120605), libssl3 (>= 3.0.0), libsystemd0, libzstd1 (>= 1.5.2), zlib1g (>= 1:1.1.4), adduser, runit-helper (>= 2.14.0~), lsb-base Recommends: logrotate, tor-geoipdb, torsocks Suggests: mixmaster, torbrowser-launcher, socat, apparmor-utils, nyx, obfs4proxy Conflicts: libssl0.9.8 (<< 0.9.8g-9) Breaks: runit (<< 2.1.2-51~) Homepage: https://www.torproject.org/ Priority: optional Section: net Filename: pool/main/t/tor/tor_0.4.8.12-1~d12.bookworm+1_amd64.deb Size: 2049516 SHA256: ea90916fe85dcd2e7e79e3e71e3f486f10c3420ac186673f4bab1b8d90dd12bc SHA1: 471679872882ac9f9359add38cc7067dc9dabbf8 MD5sum: 17536685c29aa087e62011ee56ba4287 Description: anonymizing overlay network for TCP Tor is a connection-based low-latency anonymous communication system. . Clients choose a source-routed path through a set of relays, and negotiate a "virtual circuit" through the network, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is decrypted at each relay, which reveals the downstream relay. . Basically, Tor provides a distributed network of relays. Users bounce their TCP streams (web traffic, ftp, ssh, etc) around the relays, and recipients, observers, and even the relays themselves have difficulty learning which users connected to which destinations. . This package enables only a Tor client by default, but it can also be configured as a relay and/or a hidden service easily. . Client applications can use the Tor network by connecting to the local socks proxy interface provided by your Tor instance. If the application itself does not come with socks support, you can use a socks client such as torsocks. . Note that Tor does no protocol cleaning on application traffic. There is a danger that application protocols and associated programs can be induced to reveal information about the user. Tor depends on Torbutton and similar protocol cleaners to solve this problem. For best protection when web surfing, the Tor Project recommends that you use the Tor Browser Bundle, a standalone tarball that includes static builds of Tor, Torbutton, and a modified Firefox that is patched to fix a variety of privacy bugs. Package: tor-control-panel Version: 1:6.3-1 Architecture: all Maintainer: troubadour Installed-Size: 179 Depends: anon-connection-wizard, helper-scripts, pkexec, policykit-1-gnome | polkit-1-auth-agent, python3, python3-ipy, python3-pyqt5, python3-stem, qtwayland5 Recommends: obfs4proxy, tor Homepage: https://www.whonix.org/wiki/Tor-control-panel Priority: optional Section: misc Filename: pool/main/t/tor-control-panel/tor-control-panel_6.3-1_all.deb Size: 67772 SHA256: 15b8b4bbbd3afab3cda67073a0706bee6d6b473e8a2d3767494cd3a6ec698d40 SHA1: 250f731e148298e31e510e99f0eb03395ebc143c MD5sum: 8d4ed5ac8817cdaabcd96a080c7f4a79 Description: Tor Control Graphical User Interface WARNING: Not (yet) a standalone ready to use outside of Whonix: . tor-control-panel is a Tor controller. . tor-control-panel is produced independently from the Tor anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. Package: tor-ctrl Version: 3:5.5-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 75 Depends: tor, netcat-openbsd, xxd Homepage: https://gitweb.torproject.org/torspec.git/tree/control-spec.txt Priority: optional Section: misc Filename: pool/main/t/tor-ctrl/tor-ctrl_5.5-1_all.deb Size: 26652 SHA256: b6aa1262eea60201441b300b8d0e4d8f358e53c1ef6b036771f9dc8a6038c01a SHA1: 6e4c7af0d04a213ee001bed0d20162fc1db8ff21 MD5sum: 1afa21e6ce9e33bfd2a817cdbefd5a20 Description: Tor controller command line tool Command line tool for setting up stream for communication from the Tor Controller's (client) to a Tor process (server). The client send commands using TCP sockets or Unix-domain sockets and receive replies from the server. . https://gitweb.torproject.org/torspec.git/tree/control-spec.txt . This package is produced independently of, and carries no guarantee from, The Tor Project. Package: tor-geoipdb Source: tor Version: 0.4.8.12-1~d12.bookworm+1 Architecture: all Maintainer: Peter Palfrader Installed-Size: 17524 Depends: tor (>= 0.4.8.12-1~d12.bookworm+1) Breaks: tor (<< 0.2.4.8) Replaces: tor (<< 0.2.4.8) Homepage: https://www.torproject.org/ Priority: optional Section: net Filename: pool/main/t/tor/tor-geoipdb_0.4.8.12-1~d12.bookworm+1_all.deb Size: 2331584 SHA256: e459e2e3a077283d06eb69b21eb5e12bc7f31cdc46144e4004c0b06ec62752c6 SHA1: 5651445ea9b4264b21bc07fed5ff92d468b1cb52 MD5sum: c59f13e4c6f1aebeac9bbb48c8afe45a Description: GeoIP database for Tor This package provides a GeoIP database for Tor, i.e. it maps IPv4 addresses to countries. . Bridge relays (special Tor relays that aren't listed in the main Tor directory) use this information to report which countries they see connections from. These statistics enable the Tor network operators to learn when certain countries start blocking access to bridges. . Clients can also use this to learn what country each relay is in, so Tor controllers like arm or Vidalia can use it, or if they want to configure path selection preferences. Package: usability-misc Version: 3:21.3-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 608 Depends: sudo, policyrcd-script-zg2, adduser, python3, damngpl Replaces: gpl-sources-download, grub-screen-resolution, scurl Homepage: https://github.com/Kicksecure/usability-misc Priority: optional Section: misc Filename: pool/main/u/usability-misc/usability-misc_21.3-1_all.deb Size: 207208 SHA256: 8cc1b014842c13f0d6a51bc3e4aa9078abe1b6dcc4c72b02841be61365175da6 SHA1: ec0e448232880b3128112da8eef1ac4bb6c705e5 MD5sum: 4e86920d6fecdc7a29648828fe190220 Description: Misc usability improvements Creates user "user" if it does not already exist. . Creates folders /home/user/Downloads and /home/user/Pictures. . Adds user "user" to group libvirt as well as to group kvm. . Ships a file /etc/sudoers.d/user-passwordless that contains comments and "#user ALL=(ALL:ALL) NOPASSWD:ALL". Lets user "user" easily run all commands without password. Disabled (out commented) by default. . Simplifies running OpenVPN as unprivileged user. . Ships a FoxyProxy add-on configuration file for use with Tor Browser. . Provides apt-get-noninteractive that is a simple wrapper around apt-get, that sets all required environment variables to make it interactive as well as to prevent systemd service starts and restarts during apt-get. . Sets mousepad as the default editor for environment variable VISUAL is unset and if mousepad is installed. . Disable sudo default lecture. /etc/sudoers.d/sudo-lecture-disable . Add pwfeedback to sudo Defaults so password asterisks are shown while typing. /etc/sudoers.d/pwfeedback . xfce4-terminal: . * Disables automatic scroll on output when manually scrolled up to make reading output such as "sudo journalctl -f" easier. Automatic scroll on output still happening in default when not manually scrolling up beforehand first. . * Enables unlimited scrollback by default to avoid output from being truncated. . Ships gsudoedit, a wrapper to run sudoedit with a graphical editor. . Bisq workarond "sudo mkdir -p /usr/share/desktop-directories" as per https://github.com/bisq-network/bisq/issues/848 . gpl_sources_download GPL'ed source code of all installed packages. Used damngpl to get a list of all GPL'ed packages, then downloads them using apt-get source. . SSL curl wrapper: Simple wrapper called scurl, that adds "--tlsv1.3 --proto =https" in front of all invocations of "curl" when running "scurl". . Sets 1024x768 as boot screen resolution Ships a /etc/default/grub.d/30_screen_resolution.cfg configuration file, that injects "vga=0x0317" into the GRUB_CMDLINE_LINUX_DEFAULT variable. Package: vm-config-dist Version: 3:10.2-1 Architecture: all Maintainer: Patrick Schleizer Installed-Size: 135 Depends: sudo, adduser, p7zip-full Replaces: power-savings-disable-in-vms, shared-folder-help Homepage: https://github.com/Kicksecure/vm-config-dist Priority: optional Section: misc Filename: pool/main/v/vm-config-dist/vm-config-dist_10.2-1_all.deb Size: 40020 SHA256: 29b22161257f94a317bcc185ec03f94a5b0c89a5114e41ebaced27295c5890d3 SHA1: 6a97d3e4ac74cb326f794813fc7d847e56c70a41 MD5sum: 944504e6c69c15bb8b5a38eb5f9d63cd Description: usability enhancements inside virtual machines Enables auto login for user `user` in `lightdm`. `/etc/lightdm/lightdm.conf.d/30_autologin.conf` https://www.kicksecure.com/wiki/Desktop#Disable_Autologin . Sets environment variable `QMLSCENE_DEVICE=softwarecontext` as workaround for "Automatic fallback to softwarecontext renderer". . It is not useful to open a screensaver or to power down the desktop for operating systems that are run inside VMs. There is no real display that could be saved and no real power that could be saved. From usability perspective it also is counter intuitive when looking at the VM window and only seeing a black screen. Therefore it makes sense to disable power savings in VMs. `/etc/X11/Xsession.d/20_kde_screen_locker_disable_in_vms.sh` `/etc/profile.d/20_power_savings_disable_in_vms.sh` `/etc/X11/Xsession.d/20_software_rendering_in_vms.sh` `/usr/share/kde-power-savings-disable-in-vms/kdedrc` `/usr/share/kde-screen-locker-disable-in-vms/kscreenlockerrc` . Disables screen locker when running in VMs because that is not useful either. . Makes setting up a shared folder for virtual machines a bit easier. . * Creates a folder `/mnt/shared` with `chmod 777`, adds a group "vboxsf", adds user "user" to group "vboxsf". Facilitates auto-mounting of shared folders. . * Helps using shared folders with VirtualBox and KVM a bit easier (as in requiring fewer manual steps from the user). . * `/lib/systemd/system/mnt-shared-vbox.service` * `/lib/systemd/system/mnt-shared-kvm.service` . Set screen resolution 1920x1080 by default for VM in VirtualBox and KVM. Workaround for low screen resolution 1024x768 at first boot. When using lower screen resolutions, Xfce will automatically scale down. `/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/displays.xml` . Installs VirtualBox guest additions if package `virtualbox-guest-additions-iso` is installed if environment variable `dist_build_virtualbox=true` or if running inside VirtualBox. (`systemd-detect-virt` returning `oracle`) `/usr/bin/vbox-guest-installer`