But after Patrick’s comment and my own blurred understanding of what DisableNetwork 1 is exactly achieving, I chose the first solution. The newnym button is disabled if Tor is not running.
BTW, thanks for the work with snowflake. It was ported right away in tor-control-panel. Not sure it should be left at this time. It could be disabled until Tor Browser 9 becomes stable.
Yes! It should be disabled until we make snowflake-client available in Whonix-Gateway. We don’t have to wait until Tor Browser 9 to become stable, I just need to somehow get it into Whonox-Gateway.
tor-control-panel
Traceback (most recent call last):
File "/usr/bin/tor-control-panel", line 3, in <module>
from tor_control_panel import tor_control_panel
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 15, in <module>
from . import tor_status, tor_bootstrap, torrc_gen, info
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_status.py", line 9, in <module>
from anon_connection_wizard import repair_torrc
ImportError: No module named 'anon_connection_wizard'
So we either need to depend on ACW, merge that ACW code into tor-control-panel or move that code into anon-shared-helper-scripts (if that makes sense) and depend on that.
tor-control-panel
QLayout: Attempting to add QLayout "" to QFrame "", which already has a layout
tail: cannot open '/var/run/tor/log' for reading: No such file or directory
Traceback (most recent call last):
File "/usr/bin/tor-control-panel", line 4, in <module>
tor_control_panel.main()
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 743, in main
tor_controller.refresh(True)
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 709, in refresh
self.refresh_user_configuration()
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 664, in refresh_user_configuration
self.bridges_type.setText(args[0])
TypeError: 'NoneType' object is not subscriptable
tor-control-panel
QLayout: Attempting to add QLayout "" to QFrame "", which already has a layout
NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 587, in configure
torrc_gen.gen_torrc(args)
File "/usr/lib/python3/dist-packages/tor_control_panel/torrc_gen.py", line 66, in gen_torrc
with open(torrc_file_path, "w") as f:
PermissionError: [Errno 13] Permission denied: '/usr/local/etc/torrc.d/40_anon_connection_wizard.conf'
Aborted
Could you please mimic ACW?
anon-connection-wizard
ERROR: This must be run as root!
Use "kdesudo".
tor-control-panel is running in plain Debian. Still having a problem with Tor log. There is no /run/tor/log neither /var/tor/log. The log output should probably be set to a file in torrc (Log notice err File somefile). Had no time test further.
When ACW created /etc/torrc.d/40_anon_connection_wizard.conf earlier, these settings will conflict with each other. So perhaps just stick with /etc/torrc.d/40_anon_connection_wizard.conf?
That brings us to a related point. What is the future of ACW? We’ll still need it at first boot? So let’s just put the code for enabling/disabling Tor / bridges into anon-shared-helper-scripts package?
Regarding tor-control-panel vs anon-connection-wizard, I modified whonix-setup-wizard to run the former if torrc does not exist or if the Tor network is disabled.
In either case, tor-control-panel is started on reboot, with instructions on how to enable the network. If torrc does not exist, the template being created by anon-gw-anonymiser-config without the DisableNetwork line, the user should also enable the network (first boot configuration, I believe).
I find it problematic to use different config file names in Whonix vs non-Whonix. This makes documentation needlessly more complex. If we want to change the name of the config file, why not just use the same config name everywhere?
'''repair_torrc() function will be called when we want to gurantee the existence of:
1. /etc/torrc.d/95_whonix.conf
2. /etc/tor/torrc
3. "%include /etc/torrc.d/95_whonix.conf" line in /etc/tor/torrc file
In addition, we create 40_anon_connection_wizard.conf
and 50_user.conf here if they do not exist.
'''
So in simple words repair_torrc() is a helper function, safe to call at any time.
But on the other hand torrc_text contains DisableNetwork 0 which enables networking which leads to connecting to the public Tor network. That’s a bug?
Regarding tor-control-panel vs anon-connection-wizard, I modified whonix-setup-wizard to run the former if torrc does not exist or if the Tor network is disabled.
That indicates that anon-connection-wizard still gets run in some cases?
Did you push that commit? Didn’t find it.
In either case, tor-control-panel is started on reboot, with instructions on how to enable the network. If torrc does not exist, the template being created by anon-gw-anonymiser-config without the DisableNetwork line, the user should also enable the network (first boot configuration, I believe).
Yes, using tor-control-panel (or anon-connection-wizard depending on
how we move forward) will be very popular but we won’t make it a hard
dependency. Users are still able to do everything manually. Would be
very unclean otherwise.
Related to the new torrc path: on booting, regardless of /etc/torrc.d state, 95_whonix.conf is created with a %include /usr/local/etc/torrc.d/40_anon_connection_wizard.conf line before tor-control-panel is run. Just wondering where it comes from (bind-dirs ?). No change after disabling anon-gw-anonymizer-config service in whonix-gw-14.
Yes and no. It was in the pipeline. I guess users in Debian or other should expect to connect directly to the public Tor network, without performing the Enable network step required in Whonix.