Walletwasabi: Deb Package In Debian Repos

I've spoken with @kixunil about this at length - forgot what exactly the resolution was...

If it is a person to create the package in the acceptable format, I'd be glad to help.

I see this as a big impediment to tying the safest wallet with the safest OS. This is a necessary and huge step in proper automation of the solution for the masses. We need to work together toward this goal.

Isn't this the same as #3755?

Not exactly. It turns out that the Wasabi deb package is not in the Debian repos. Therefore, it is of no value to Tails.

We must make it available in the official repo for each new version of Debian moving forward. Currently, it is Buster or version 10.

Should I go ahead and try to get the .deb version accepted? All I'd have to do is find a Debian sponsor and I believe we'd be good to go.

@KitchM I'm working on a whole repository of Bitcoin-related Debian packages, however it's not official yet. Wasabi is not there yet, but something I definitely want to do.

Unfortunately, some strict Debian policies seem to conflict with the design goals of Wasabi, more specifically, to my knowledge Wasabi bundles dependencies (stability is important for Wasabi) and Debian requires packaging the dependencies individually. So the answer is: don't expect it any time soon.

I'm not familiar with Tails (I prefer Whonix, which seems to have picked more reasonable trade offs), is adding a new repository an option for you? My project is not that strict about dependencies and I could package Wasabi relatively quickly. However, my project has other policies that might make it harder or inconvenient for you (everything strictly connects to your full node).

If you're interested in helping me, please open an issue at my repo and I'll instruct you.

Related: #1673 - it has to be resolved in order for the package to be accepted by either Debian or my project.

Anyway, I agree with the general idea fully - if I didn't, I wouldn't have spent months working on packaging Bitcoin stuff. :)

Thanks, Kixunil, I appreciate the thoughts.

You wrote:

,,,,to my knowledge Wasabi bundles dependencies..."

I do not understand the significance nor the lack of certainty. Maybe it doesn't matter, but there is help for that with the sponsor method Debian offers.

Also, unlike Whonix, Qubes or others, Tails is for portable use. This is exactly what is needed for quick, anonymous transactions. It is booted from flash drive and, if lost, nothing can be retrieved without the passphrases. Completely safe, secure and private. It is the only option of its type in the world right now.

Tails only uses Tor and any connection it can find to the 'Net. It is the ideal platform for Wasabi.

With that said, the problem is that Tails is based upon Debian, and the creator requires the use of only Debian repositories to take advantage of its ability to auto-install an app at login. This is big. Using a custom script is not only difficult, but fraught with problems to those unfamiliar with the inner workings of Tails. I do not want to fool with it, and I don't see the average user able to do it when they are less able than I.

We are trying to get a system that will solve the problems of the average user, not the techie. And in this day and age, we need it more than ever.

I totally appreciate and support your good efforts. Without people like you, the world would be in so much worse shape. Your work is commendable.

Thanks.

PS: Your link is bad.

Well, this is not my top priority right now, but I definitely want to look into it deeper at some point. At least if nobody else does. Don't expect it any time soon. May be easily year or more. My current constraint is the ability to iterate quickly.

Interestingly, github screwed up the link because of missing https://, fixed now.

Off-topic part follows

Don't want to turn this into a flame war, just want to point out some things you might have missed: Tails is made to forget information, yet almost everyone I know sets it up to keep information (encrypted) as your example also shows. I don't see how it's different from Whonix, which doesn't bother with forgetting (it's still encrypted!), but instead bothers with making separate virtual machines to prevent leaks even if the VM is compromised. This is something remarkable and much more useful from my point of view. Of course, feel free to use whatever you like.

Also something to keep in mind: if you download the same applications on login it could be used to fingerprint you (with some timing attacks).

That's a summary of my viewpoint, for more we should move somewhere else.

No worries, Good Buddy. It may very well be my mistake for not being clear in some way.

Tails is portable. I would think that it would be difficult to create the same setup for Whonix. Would it even be possible to run Whonix from a flash drive in some Internet cafe?

And I would hope that timing attacks on an anonymous user would be unlikely, as most people are not big targets for that sort of thing.

Anyway, as always, your interest is appreciated. We will see what the powers that be have to say about the deb package issue.

I don't see any good reason why it would be impossible to run anything from a stick. All Linux distros support it, even Qubes installer is running Qubes from a stick and that is yet another level... But never tried myself, I just installed Qubes and use it every day. :) You will need to check it for yourself.

Maybe the complexity? I don't know. But good question.

@Kixunil
There are some clear advantages in using Tails, at least in my opinion.

First and foremost, Tails is much easier to setup. A newbie can, with relative low effort, create a usable Tails boot, portable and easy to encrypt.
On the other hand, Whonix requires a host (which needs to be encrypted manually and separately by the user), either Qubes, Windows, Linux, etc...
If a newbie wants to recreate a "portable like Tails" setup he would need to:

• Install the host OS on the USB first (which is not as easy as Tails)
• Install Virtual Box (the only real option a newbie can use)
• Install Whonix in Virtual Box (arguably very easy, but still another step)

Seems to me there is no comparison under this front.

This brings, and is related to, another big advantage of Tails.
Tails is a standalone, while Whonix is not.

It's very common for a newbie to install VB and Whonix on a very insecure host (classic Windows machine where he plays video games and watches porn). And feel secure just because he's using a virtual machine. Also, Virtual Box in itself is a big chunk of code that carries vulnerabilities.

I can agree though, that for an advanced user, Whonix is more expressive. It's easier to expand and work with. But on the other hand, I would be very cautious promoting Whonix to newbies.

The other situation that comes to my mind right now where Tails would be almost always better, is the coffee shop/Starbucks example. Tails is more convenient in those scenarios cause it picks different guard nodes each time, while Whonix would require tinkering a little bit with the Gateway to achieve the same. (Using the same guard from two different places, maybe in the same city, could be damaging).

Of course, feel free to use whatever you like.

In the end this.

@PulpCattel thanks for in-depth explanation! Setting it up in Qubes was incredibly easy (literally just leaving a checkbox checked), so that's why I didn't expect a huge difference. Good to know, I'll be more careful recommending it. That being said, stripped-down live version of Qubes with Whonix would be a nice project. :)

Back on topic: I will consider trying Tails to see exactly how the repositories are configured there to see if we can do something about it. But not until I resolve some other crucial issues with my repo.

Yes, good explanation.

The bottom line is that Tails gives a goof-proof easily transportable OS for quick and secure communications. There is nothing else like it right now.

With regard to the repos, it only uses official Debian repos. Therefore, any program must meet the strict Debian standards. As I understand it, this helps with the security necessary in all aspects of Tails. The creator is not going to change that (he has said so), and there is no way around it. So we see our focus for a Debian-standard package of Wasabi must be to fit the Debian standard. At that point all problems just go away.

@Kixunil, Happy New Year to you and all here.

I thought it wise to check in and see if you had made any progress on the Debian package of Wasabi.

Thanks.

Hi, happy new year! Sadly, I still have tons of other very important things to do. Perhaps it'll be interesting for you to know that my repository is now considered beta as opposed to being experimental. It's now being tested by a few people and seems to work well.

I was also considering creating my own OS images with the repository and a few minor tweaks. Perhaps one based on Tails would be interesting too. Note however, that my repository is currently unable to provide strong privacy.

Many thanks, Good Buddy. I totally understand. Please keep us informed if anything changes or you hear of another option.

Hang in there.

If anyone else hears of a Debian package for Wasabi, please post here. It is vitally important.

I believe I have stumbled upon the solution, or at least a step in the right direction. I will quote here from two sources: Additional Software and Persistence.

1. We note the clear warnings and preferences. However, we have a section entitled "Configuring additional APT repositories (for advanced users)". A lot is left to the user. The key may be the use of an additional repository.
2. It may be necessary to require custom user data stores and the use of the Dot Files option. This makes if possible to store the persistent configuration files for the program.

Anyway, we may be able to use the existing .deb file and work from there within the framework of what has already be allowed for, although not clearly described. There appears to be more leaway than first realized.

@KitchM nice find! Adding the repository is easy enough (can be automated a bit). All dot files are not required but ~/.wasabi definitely is.

Is your intention to also run a full node or just trust Wasabi regarding blocks?

Trust Wasabi, for sure. There simply isn't enough bandwidth or time and/or storage space to do it any other way.

Hmm, if I want to add it into my repository, this will require more design to not break setups of people who require trustless mode.

Please explain.

Currently it's impossible to install e.g. lnd and have it configured automatically without full node. In other words, my repository guarantees that whichever app you install and use the default, you will always use your own full node. Using anything without automatic configuration is incredibly annoying and not recommended.

To include Wasabi in a way that can be used without your own full node, I need to find a way to do it without destroying this guarantee for users who want such guarantee but also without making it too annoying to those who don't want such guarantee. (But I think people should be annoyed at least a bit to nudge them into doing the right thing.)

But a full node is a huge download!

Yes, it is. Required for full Bitcoin security, privacy of non-Wasabi apps and reliability. The best way to use Bitcoin.

How big is it currently?

I found that the Bitcoin Core full node is 350 gigabytes of free disk space, accessible at a minimum read/write speed of 100 MB/s.. That's just crazy. There is no way that is going to fit on my little flash drive.

From Wasabi docs: " Bitcoin Full Node
A wallet that is connected to a full node is the ultimate way of minimizing trust. Wasabi now offers 3 different ways to connect to a full node:

If you are already running a full node on the same computer, Wasabi will automatically detect and connect to it.
You may connect to a trusted remote node via the Settings tab.
Wasabi includes an optional, integrated full node (Bitcoin Knots), which can be enabled in the Settings tab."

I personally would have said "maximizing trust", but the rest suggests maybe using Knots. How big is that? No one seems to know. If it is the same, then it is worthless in a portable situation, too.

In any case, I did none of those things and it does work, so that is just more confusion.

There is no way that is going to fit on my little flash drive.

Perhaps use an external USB 3.0 SSD instead?

Anyway, maybe Wasabi can work with pruned node? @MaxHillebrand please confirm.

I personally would have said "maximizing trust"

Bitcoin intends to remove trust and replace it with certainty of math. Therefore "minimizing trust" is the correct wording. "maximizing" would be exactly opposite.

maybe using Knots. How big is that?

Same size if not pruned. IDK if pruning can be enabled. If yes, they can be equally small. Integrated setup with Knots is mainly useful to poor folks who don't have access to proper dependency management.

In any case, I did none of those things and it does work, so that is just more confusion.

I didn't buy a bulletproof west and still didn't get shot. That doesn't mean I shouldn't buy one or that I don't need it. Running without full node works in time of peace but it's risky in the presence of attacks.

Ah..so.....

The implication I am reading is that Wasabi is made to be a stand-alone hardware device with big processor and at least a terrabyte of storage.

I don't see it, and frankly I don't buy it. I think I will continue to use it without the full node. The basic concept of Wasabi with CoinJoin is to provide anonymity and security. I am running into a lot of "Yes, but"s.

Wasabi is made to be a stand-alone hardware device with big processor and at least a terrabyte of storage.

Nope, it's just general recommendation to run full node if you want to use full power of Bitcoin. Wasabi or any other wallet are unrelated to this. At best they might support pruned mode.

Feel free to use a less secure setup if you can't afford ~$50 for perfect security.

My repository doesn't support non-full node setups right now but it may in the future. As I said I will have to think about it. I already have some idea that doesn't look bad. Anyway, btc-rpc-proxy with fake non-pruned mode will likely be supported in the near future so it may help as well.

You may be forgetting the portable computer it must run on. A good portable computer is a lot of money.

I assumed you already have a computer, so the additional storage cost + bandwidth should be around $50, I believe. Bitcoin doesn't need a supercomputer, many people are running it on Raspberry Pis (although I do think that's lower bound for performance).

Of course it might mean having to actually buy a bit larger storage to get a good deal but then you can use the remaining space for other things. If you want to optimize it for low cost and usable performance, then small SSD + large HDD should work.

In other words, my repository guarantees that whichever app you install and use the default, you will always use your own full node.

@Kixunil then currently Wasabi might not at all be usable in your repo, even when a full node is connected, it is used for example block download & fee estimation, but it is NOT used for block filter generation / consensus verification.

Anyway, maybe Wasabi can work with pruned node?

@Kixunil Wasabi does not work with a pruned node.

Yeah, it wouldn't be as good a in other apps but at least it'd not lead to fake coins being able to exist.
I'll consider making another interface for RPC proxy but maybe this could be better handled by Wasabi - ask the node for block hashes only and fetch them from peers if needed. I believe most of the code is already there.

@Kixunil, another forum discussed this issue. We are trying to configure a portable solution. It must be anonymous and it must be easy to deploy in a place such as an Internet cafe. This scenario must be kept in mind when thinking about the appropriate computer.

Also, I am trying to find solutions that are useful for a greater audience base, including poorer folks who wish to practice safer and more private Internet dealings.

With that said, any old portable computer would be useful because it is cheap and is battery powered. Sticking in the Tails USB drive will serve the needs of anyone and keep the trail away from the everyday personal computer. Also, it is more handy for travel.

I point all this out to better help you and others know what is needed by the vast majority of users in the world.

While someone may purchase a hardware wallet, we are limited by the ones who use Wasabi, as well as various other desirable features often missing in all of them. It makes no sense to invest in second-best, when one may have an old portable laying around.

I trust I have explained clearly enough. Please feel free to ask if there is something unclear.

Thank you.