Installation

Quick start guide for installing and configuring Wahay.

At the moment Wahay is available for Linux operating system and should work in most distributions. If you are using Debian based distributions or Fedora you can use our repositories to easily install Wahay and keep it updated. If you are using a different distribution you can install the binary and install the dependencies manually. We also support Wahay bundles for specific distributions that can be installed without the need of a root account.

# Debian and Ubuntu

To install Wahay in Debian-based distributions you can use our apt repositories. This has been tested in Debian (9.x and 10.x) and Ubuntu (16.04, 18.04, 19.04 and 19.10). This repositories should also work with derivative distributions such as Linux Mint or Elementary.

Debian 9 and Ubuntu (16.04, 18.04) are shipped with an old version of Tor that won’t work with Wahay. Please follow instructions from Tor project to update Tor version.

1 Import private key

It can be installed like this:

sudo apt install curl

Download and import repository public key:

curl -s https://dl.autonomia.digital/debian/keys.asc | sudo apt-key add -

Verify that you have the right key.

sudo apt-key list debian@autonomia.digital

You should have an output similar to this one:

pub   rsa4096 2020-03-10 [SC] [expires: 2022-03-10]
      ED58 4B28 6166 F9B7 996C  7688 B23E 1CB2 B726 83F8
uid           [ unknown] Centro de Autonomía Digital Debian Signing Key <debian@autonomia.digital>
sub   rsa4096 2020-03-10 [E] [expires: 2022-03-10]

Pay attention to the second line of the output. You should have this string: ED58 4B28 6166 F9B7 996C 7688 B23E 1CB2 B726 83F8. If you don’t get the same string, then something went wrong and you should not proceed until you fix this.

2 Setup repositories

Run the following two commands to setup the repositories, unless you are using Linux Mint 19.x, Elementary 5.x or other distribution based in Ubuntu 18.04:

echo deb https://dl.autonomia.digital/debian $(lsb_release -c | cut -f 2) main |  sudo tee /etc/apt/sources.list.d/wahay.list
echo deb-src https://dl.autonomia.digital/debian $(lsb_release -c | cut -f 2) main |  sudo tee -a /etc/apt/sources.list.d/wahay.list

If you are using Linux Mint 19.x or Elementary 5.x or other distribution based in Ubuntu 18.04, use the following command:

echo deb https://dl.autonomia.digital/debian bionic main |  sudo tee /etc/apt/sources.list.d/wahay.list
echo deb-src https://dl.autonomia.digital/debian bionic main |  sudo tee -a /etc/apt/sources.list.d/wahay.list
3 Update the repositories
sudo apt update
4 Install Wahay
sudo apt install wahay
5 Run Wahay

Now you should find Wahay on the system menu or you can run it from the command line using the following command:

wahay

# Arch

Thanks to Arch community Wahay can be installed using the Arch User Repository (AUR).

yay -S wahay-bin

# Tails

Using Wahay in Tails is one of the most secure ways to use it. The installation is similar to the one of Debian distributions.

1 Setup a root password

When you start Wahay, you might have to setup root password:

image

2 Get CAD's public key
wget https://dl.autonomia.digital/debian/keys.asc
sudo apt-key add keys.asc

Verify that you have the right key:

sudo apt-key list debian@autonomia.digital

You should have an output similar to this one:

pub   rsa4096 2020-03-10 [SC] [expires: 2022-03-10]
      ED58 4B28 6166 F9B7 996C  7688 B23E 1CB2 B726 83F8
uid           [ unknown] Centro de Autonomía Digital Debian Signing Key <debian@autonomia.digital>
sub   rsa4096 2020-03-10 [E] [expires: 2022-03-10]

Pay attention to the second line of the output. You should have this string: ED58 4B28 6166 F9B7 996C 7688 B23E 1CB2 B726 83F8. If you don’t get the same string, then something went wrong and you should not proced until you fix this.

2 Add Wahay repositories to sources list

Open the file:

sudo gedit /etc/apt/sources.list

Add the following files at the end if you are using Tails 4.x:

deb tor+https://dl.autonomia.digital/debian buster main
deb-src tor+https://dl.autonomia.digital/debian buster main

If you are using Tails 3.x, then you should add the following lines instead:

deb tor+http://dl.autonomia.digital/debian stretch main
deb-src tor+http://dl.autonomia.digital/debian stretch main
3 Install Wahay
sudo apt update
sudo apt install wahay
4 Run Wahay

After you are done you can run Wahay from the command line or from the applications menu.

wahay

# Fedora 30/31

To install Wahay in Fedora you can use CAD’s Fedora repositories. In that way you can keep your Wahay installation updated. For this, run the following commands in a terminal:

1 Add Wahay's repository
sudo dnf config-manager --add-repo https://dl.autonomia.digital/fedora/wahay.repo
2 Install Wahay
sudo dnf install wahay

The first time you are going to be asked to verify the signing key:

warning: /var/cache/dnf/wahay-abe5fcb415a950d8/packages/wahay-0-0.4.20200413git971d012.fc30.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 125a17f4: NOKEY
Fedora 30 - x86_64                                                                                 1.4 kB/s | 1.8 kB     00:01    
Importing GPG key 0x125A17F4:
 Userid     : "Centro de Autonomia Digital Fedora Signing Key <fedora@autonomia.digital>"
 Fingerprint: B72C 7485 5391 E6D0 9875 F9E3 E77B E56B 125A 17F4
 From       : https://dl.autonomia.digital/fedora/key.asc
Is this ok [y/N]:

The signing key should have the following fingerprint value: B72C 7485 5391 E6D0 9875 F9E3 E77B E56B 125A 17F4

If the value is different, something went wrong and you should not install Wahay.

If everything is ok, accept the key and continue with the installation.

2 Run Wahay

You should be able to run Wahay from the system application or by running the following command now:

wahay

# Bundles

The bundles allow you to use Wahay without the need of root privileges. You just have to download the bundle, extract it and run it. It is available for Debian 10, Ubuntu 18.04, Fedora 30 and Fedora 31.

1 Download the bundle

Download the Wahay bundle from the website by choosing the right version for your distribution:

Distribution Download link Hash
Debian 10 wahay.org/downloads/wahay-debian-10-latest.tar.bz2 sha56sum
Ubuntu 18.04 wahay.org/downloads/wahay-ubuntu-18_04-latest.tar.bz2 sha56sum
Fedora 30 wahay.org/downloads/wahay-fedora-30-latest.tar.bz2 sha56sum
Fedora 31 wahay.org/downloads/wahay-fedora-31-latest.tar.bz2 sha56sum
2 Uncompress the bundle

Depending on your desktop environment you might be able to right click on the bundle and extract it.

image

From the command line you can run:

tar -xvf wahay-ubuntu-18_04-latest.tar.bz2
3 Run Wahay

Open the extracted directory and double click on the Wahay binary.

image

From the command line you can try something similar to this:

cd wahay-debian-10-latest/wahay-debian-10-2020-04-06-971d012/
./wahay

# Linux Generic

The Linux binary package should work in most Linux distributions. Use this installation method if there is no specific instructions for your distribution.

1 Requirements

In order to use Wahay, you must have the following packages installed in your system:

  • Tor (>= 0.3.5) (in some distributions you might need to install torsockspackage)
  • Mumble
  • GTK3 libs
  • xclip

Use your distribution package manager to install those dependencies.

2 Download Wahay

Download the latest version of Wahay via web browser or with the following command:

wget https://wahay.org/downloads/wahay-latest
3 Set execution permissions

Depending on the distribution, you can change the file permissions of the downloaded file from the file manager. In Gnome for example, you can do right click in the file and set the execution permissions as shown in the following image:

image

From the terminal, you can run the following command in the directory where the binary has been downloaded:

chmod +x wahay-latest
4 Run Wahay

From the graphical interface you can double click on the binary, from the terminal you can run the following command:

./wahay-latest

# Verify hash and signatures

# Hashes

Digital hashes protect against unintentional modification of data in transit. They help you making sure that you get the same data as that sent from the website. They DO NOT protect against any kind of attack. To verify the integrity of the file you need to obtain the sha256sum of the binary you have downloaded and compare it to the correspondent wahay-xxxxx.sha256.sum.

For example, to verify the integrity of wahay-2020-01-22-9319d8d binary, you would need to obtain the sha256sum of the binary you have downloaded and compare it to the correspondent wahay-xxxxx.sha256sum, in this case wahay-2020-01-22-9319d8d. For this, you can run:

sha256sum wahay-2020-01-22-9319d8d
f75a4b04d05571d5eb7dff267c1efa996b1e24ff9a8d84c4fa1088141dc48cf8  wahay-2020-01-22-9319d8d

The output of the previous command should be compared with the content of wahay-2020-01-22-9319d8d.sha256sum file. If the output of both is the same, then the binary has not been modified in transit, otherwise you have a corrupted file.

# Signatures

Digital signatures assure that what CAD intended to publish is the same as it was published. It protects against attacks where the binary or source code has been modified by an attacker on the website, or modified it in transit from the website to your system. Digital signatures DO NOT protect you against attacks where the source code has been modified in our repositories, or when the build system has been compromised.

Download CAD signing key (testing key at the moment):

wget https://wahay.app/cad-testing-public-key.asc

Import the key

gpg --import cad-testing-public-key.asc
gpg: key A8854162D28F171E: public key "CAD Signing Key - testing (This is just a test key) <admin@autonomia.digital>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Verify hash signature

gpg --verify wahay-2020-01-22-9319d8d.sha256sum.asc wahay-2020-01-22-9319d8d.sha256sum<br>
gpg: Signature made mié 22 ene 2020 10:06:02 -05<br>
gpg:                using EDDSA key A5DA0791073C1374BB2A98B3A5ABBD2E8E623464<br>
gpg: Good signature from "CAD Signing Key - testing (This is just a test key) \<admin@autonomia.digital\>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0124 2FFA B8CE 1EC0 C8F5  4456 A885 4162 D28F 171E
     Subkey fingerprint: A5DA 0791 073C 1374 BB2A  98B3 A5AB BD2E 8E62 3464

If you see the message: “gpg: Good signature from “CAD Signing Key - testing (This is just a test key) “, that means that the signature is valid. However you would get the following warning: “This key is not certified with a trusted signature!”. That is because the key is not trusted. At the moment don’t trust in this key, when we have the final CAD signing key, we will provide more information.