Done.
Good catch. 
But after Patrick’s comment and my own blurred understanding of what DisableNetwork 1 is exactly achieving, I chose the first solution. The newnym button is disabled if Tor is not running.
BTW, thanks for the work with snowflake. It was ported right away in tor-control-panel. Not sure it should be left at this time. It could be disabled until Tor Browser 9 becomes stable.
Yes! It should be disabled until we make snowflake-client available in Whonix-Gateway. We don’t have to wait until Tor Browser 9 to become stable, I just need to somehow get it into Whonox-Gateway.
Minor: man page needs author.
There is a diff between:
Could you please have a look if there are any enhancements from ACW that should be forward ported to tor-control-panel?
Testing this on plain Debian.
tor-control-panel
Traceback (most recent call last):
File "/usr/bin/tor-control-panel", line 3, in <module>
from tor_control_panel import tor_control_panel
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 15, in <module>
from . import tor_status, tor_bootstrap, torrc_gen, info
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_status.py", line 9, in <module>
from anon_connection_wizard import repair_torrc
ImportError: No module named 'anon_connection_wizard'
So we either need to depend on ACW, merge that ACW code into tor-control-panel or move that code into anon-shared-helper-scripts (if that makes sense) and depend on that.
tor-control-panel
QLayout: Attempting to add QLayout "" to QFrame "", which already has a layout
tail: cannot open '/var/run/tor/log' for reading: No such file or directory
Traceback (most recent call last):
File "/usr/bin/tor-control-panel", line 4, in <module>
tor_control_panel.main()
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 743, in main
tor_controller.refresh(True)
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 709, in refresh
self.refresh_user_configuration()
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 664, in refresh_user_configuration
self.bridges_type.setText(args[0])
TypeError: 'NoneType' object is not subscriptable
Testing in Whonix. Starting as non-root.
tor-control-panel
QLayout: Attempting to add QLayout "" to QFrame "", which already has a layout
NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 587, in configure
torrc_gen.gen_torrc(args)
File "/usr/lib/python3/dist-packages/tor_control_panel/torrc_gen.py", line 66, in gen_torrc
with open(torrc_file_path, "w") as f:
PermissionError: [Errno 13] Permission denied: '/usr/local/etc/torrc.d/40_anon_connection_wizard.conf'
Aborted
Could you please mimic ACW?
anon-connection-wizard
ERROR: This must be run as root!
Use "kdesudo".A batch of commits.
Minor:
The last one should fix some bigger issues.
https://github.com/troubadoour/tor-control-panel/commit/48274e81a650ab115e26dcb29a32ea3d1a104612
@iry Could you review ?
The package does not longer depends on ACW.
tor-control-panel is running in plain Debian. Still having a problem with Tor log. There is no /run/tor/log neither /var/tor/log. The log output should probably be set to a file in torrc (Log notice err File somefile). Had no time test further.
Debian’s Tor default log:
/usr/share/tor/tor-service-defaults-torrc
Log notice file /var/log/tor/log
But user user cannot access it due to access rights.
This is a problem:
torrc_file_path = '/etc/torrc.d/40_tor_control_panel.conf'
When ACW created /etc/torrc.d/40_anon_connection_wizard.conf earlier, these settings will conflict with each other. So perhaps just stick with /etc/torrc.d/40_anon_connection_wizard.conf?
That brings us to a related point. What is the future of ACW? We’ll still need it at first boot? So let’s just put the code for enabling/disabling Tor / bridges into anon-shared-helper-scripts package?
Or perhaps easier: we merge ACW into tor-control-panel?
tor-control-panel uploaded to all stretch repositories.
I was ready to change this, because it seems to be conflicting with anon-gw-anonymizer-config.
Changed the path in the others files.
https://github.com/troubadoour/tor-control-panel/commit/33bbb9398686b7c1ae187a561b20ab9fdd08c602
A couple of commits.
Enable / Disable Tor, which may set the future of Anon Connection Wizard.
get torrc path from a single place · troubadoour/tor-control-panel@9049a82 · GitHub
Did you change back to (hardcoded) path /etc/torrc.d/40_tor_control_panel.conf by mistake?
if not log_exists:
with open('/usr/share/tor/tor-service-defaults-torrc', 'a') as f:
f.write('Log notice file /var/log/tor/log\n')
This makes the package unfit for inclusion into packages.debian.org.
If we need a guaranteed setting Log notice file /var/log/tor/log then we could add it to torrc_text.
No, 40_tor_control_panel.conf is used in non Whonix distributons.
Yes, I forgot that /usr/share/tor/tor-service-defaults-torrc belongs to Tor.
Tested in plain Debian, OK.
A couple of cosmetic commits, too.
Regarding tor-control-panel vs anon-connection-wizard, I modified whonix-setup-wizard to run the former if torrc does not exist or if the Tor network is disabled.
In either case, tor-control-panel is started on reboot, with instructions on how to enable the network. If torrc does not exist, the template being created by anon-gw-anonymiser-config without the DisableNetwork line, the user should also enable the network (first boot configuration, I believe).
I find it problematic to use different config file names in Whonix vs non-Whonix. This makes documentation needlessly more complex. If we want to change the name of the config file, why not just use the same config name everywhere?
Could you please make it consistently use 40_tor_control_panel.conf everywhere? Then I will add code to GitHub - Kicksecure/legacy-dist: Prepare older Build Versions of Whonix for Upgrade to migrate to the new config file name.
'''repair_torrc() function will be called when we want to gurantee the existence of:
1. /etc/torrc.d/95_whonix.conf
2. /etc/tor/torrc
3. "%include /etc/torrc.d/95_whonix.conf" line in /etc/tor/torrc file
In addition, we create 40_anon_connection_wizard.conf
and 50_user.conf here if they do not exist.
'''
So in simple words repair_torrc() is a helper function, safe to call at any time.
But on the other hand torrc_text contains DisableNetwork 0 which enables networking which leads to connecting to the public Tor network. That’s a bug?
troubadour:
Regarding
tor-control-panelvsanon-connection-wizard, I modifiedwhonix-setup-wizardto run the former if torrc does not exist or if the Tor network is disabled.
That indicates that anon-connection-wizard still gets run in some cases?
Did you push that commit? Didn’t find it.
In either case,
tor-control-panelis started on reboot, with instructions on how to enable the network. If torrc does not exist, the template being created byanon-gw-anonymiser-configwithout theDisableNetworkline, the user should also enable the network (first boot configuration, I believe).
Yes, using tor-control-panel (or anon-connection-wizard depending on
how we move forward) will be very popular but we won’t make it a hard
dependency. Users are still able to do everything manually. Would be
very unclean otherwise.
No, only manually as far as it was tested.
I was just about to do it, but there is a discrepancy between the installed whonix-setup-wizard and the one cloned from Whonix. An diff excerpt:
- self.im_checkbox = QtWidgets.QCheckBox(self.group)
+ self.kbd_checkbox = QtWidgets.QCheckBox(self.group)Done here.
Related to the new torrc path: on booting, regardless of /etc/torrc.d state, 95_whonix.conf is created with a %include /usr/local/etc/torrc.d/40_anon_connection_wizard.conf line before tor-control-panel is run. Just wondering where it comes from (bind-dirs ?). No change after disabling anon-gw-anonymizer-config service in whonix-gw-14.
Yes and no. It was in the pipeline. I guess users in Debian or other should expect to connect directly to the public Tor network, without performing the Enable network step required in Whonix.