After last apt-get upgrade Gateway doesn't connect to tor anymore

Support
1

Looks like my last update something went wrong. I succefully completed the update but when I start the gateway now I get this:

Tor Pid Check Result: Tor not running. (tor_pid_message: Pid file /var/run/tor/tor.pid does not exist.)

You have to fix this error, before you can use Tor.

Please restart Tor after fixing this error.

Of course i’ve tried sudo service tor restart but doesn’t work cause I got to fix this in some way.

How can I do it?

2

Please post the full upgrading log.

Please post the full error message.

Also check /var/run/tor/log.

3

Just installed whonix 9 gateway and ran into this.

Can you tell me how to post the upgrade log?

I’m not sure where it’s at.

4

It’s a manual thing.

terminal Konsole log.
Edit -> select all
Edit -> Copy
open new empty text file
Edit -> Paste
save

5

I’m terrible at this so i’ll walk you through what I did

Here a failed error at the first start up. Ignore the signs at encrypted swap I was trying to screenshot my virtualbox.

sudo apt-get update results

sudo apt-get dist-upgrade results


restarted gateway using sudo poweroff


6

Also /var/run/tor/log is empty.

7

I meant the upgrade log when upgrading Whonix 8 -> Whonix 9.

Probably easier to get a fresh Whonix-Gateway.

8

This is a fresh install of Whonix 9 Gateway. I didn’t upgrade from 8.x anything.

9

Ok.

What happens if you run?

10

Also.

11

tried restart and verify-config

sudo cat

12

[quote=“TurtleMan, post:11, topic:532”]tried restart and verify-config

sudo cat

Yeah I get same error too. B4 apt-get upgrade no problem everything was working fine.

Also this is a fresh install of whonix gateway 9

13

Can you please check if these files exist?

I wonder why they would go missing.

14

15

[quote=“Patrick, post:13, topic:532”]Can you please check if these files exist?

I wonder why they would go missing.[/quote]

They are both present, wtf is this error :-\

I still can’t use tor and the gateway

16

Thanks.

I am unable to reproduce this on a fresh Whonix-Gateway 9. Still works after upgrading.

What however I can reproduce is this.

profile system_tor: has merged rule /usr/bin/obfsproxy with conflicting x modifiers
ERROR merging rules for profile system_tor, failed to load

Doesn’t interfere with my system though.

Asked troubadour, Whonix’s AppArmor maintainer about it.

17

Can you please check if your /etc/apparmor.d/local/system_tor has the exact same content as anon-gw-anonymizer-config/system_tor.anondist at master · Whonix/anon-gw-anonymizer-config · GitHub ?

18

Please also check if the content of /etc/apparmor.d/system_tor looks like this.

# vim:syntax=apparmor
#include <tunables/global>

profile system_tor {
  #include <abstractions/tor>

  owner /var/lib/tor/** rwk,
  owner /var/log/tor/* w,

  /{,var/}run/tor/control w,
  /{,var/}run/tor/tor.pid w,
  /{,var/}run/tor/control.authcookie w,
  /{,var/}run/tor/control.authcookie.tmp rw,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/system_tor>
}
19

Does a restart fix this issue?

20

Please have a look at.

/etc/init.d/tor

And check if it looks like this.

#! /bin/bash

### BEGIN INIT INFO
# Provides:          tor
# Required-Start:    $local_fs $remote_fs $network $named $time
# Required-Stop:     $local_fs $remote_fs $network $named $time
# Should-Start:      $syslog
# Should-Stop:       $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts The Onion Router daemon processes
# Description:       Start The Onion Router, a TCP overlay
#                    network client that provides anonymous
#                    transport.
### END INIT INFO

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
. /lib/lsb/init-functions

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/tor
NAME=tor
DESC="tor daemon"
TORLOGDIR=/var/log/tor
TORPIDDIR=/var/run/tor
TORPID=$TORPIDDIR/tor.pid
DEFAULTSFILE=/etc/default/$NAME
WAITFORDAEMON=60
DEFAULT_ARGS="--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
VERIFY_ARGS="--verify-config $DEFAULT_ARGS"
USE_AA_EXEC="yes"
ARGS=""
if [ "${VERBOSE:-}" != "yes" ]; then
	ARGS="$ARGS --hush"
fi

# Let's try to figure our some sane defaults:
if [ -r /proc/sys/fs/file-max ]; then
	system_max=`cat /proc/sys/fs/file-max`
	if [ "$system_max" -gt "80000" ] ; then
		MAX_FILEDESCRIPTORS=32768
	elif [ "$system_max" -gt "40000" ] ; then
		MAX_FILEDESCRIPTORS=16384
	elif [ "$system_max" -gt "10000" ] ; then
		MAX_FILEDESCRIPTORS=8192
	else
		MAX_FILEDESCRIPTORS=1024
		cat << EOF

Warning: Your system has very few filedescriptors available in total.

Maybe you should try raising that by adding 'fs.file-max=100000' to your
/etc/sysctl.conf file.  Feel free to pick any number that you deem appropriate.
Then run 'sysctl -p'.  See /proc/sys/fs/file-max for the current value, and
file-nr in the same directory for how many of those are used at the moment.

EOF
	fi
else
	MAX_FILEDESCRIPTORS=8192
fi

NICE=""

test -x $DAEMON || exit 0

# Include tor defaults if available
if [ -f $DEFAULTSFILE ] ; then
	. $DEFAULTSFILE
fi

wait_for_deaddaemon () {
	pid=$1
	sleep 1
	if test -n "$pid"
	then
		if kill -0 $pid 2>/dev/null
		then
			cnt=0
			while kill -0 $pid 2>/dev/null
			do
				cnt=`expr $cnt + 1`
				if [ $cnt -gt $WAITFORDAEMON ]
				then
					log_action_end_msg 1 "still running"
					exit 1
				fi
				sleep 1
				[ "`expr $cnt % 3`" != 2 ] || log_action_cont_msg ""
			done
		fi
	fi
	log_action_end_msg 0
}


check_torpiddir () {
	if test ! -d $TORPIDDIR; then
		mkdir -m 02750 "$TORPIDDIR"
		chown debian-tor:debian-tor "$TORPIDDIR"
		! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR"
	fi

	if test ! -x $TORPIDDIR; then
		log_action_end_msg 1 "cannot access $TORPIDDIR directory, are you root?"
		exit 1
	fi
}

check_torlogdir () {
	if test ! -d $TORLOGDIR; then
		mkdir -m 02750 "$TORLOGDIR"
		chown debian-tor:adm "$TORLOGDIR"
		! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR"
	fi
}


check_config () {
	if ! $DAEMON $VERIFY_ARGS > /dev/null; then
		log_failure_msg "Checking if $NAME configuration is valid"
		$DAEMON $VERIFY_ARGS >&2
		exit 1
	fi
}


case "$1" in
  start)
	if [ "$RUN_DAEMON" != "yes" ]; then
		log_action_msg "Not starting $DESC (Disabled in $DEFAULTSFILE)."
		exit 0
	fi

	if [ -n "$MAX_FILEDESCRIPTORS" ]; then
		[ "${VERBOSE:-}" != "yes" ] || log_action_begin_msg "Raising maximum number of filedescriptors (ulimit -n) for tor to $MAX_FILEDESCRIPTORS"
		if ulimit -n "$MAX_FILEDESCRIPTORS" ; then
			[ "${VERBOSE:-}" != "yes" ] || log_action_end_msg 0
		else
			[ "${VERBOSE:-}" != "yes" ] || log_action_end_msg 1
		fi
	fi

	check_torpiddir
	check_torlogdir
	check_config

	log_action_begin_msg "Starting $DESC"

	if start-stop-daemon --stop --signal 0 --quiet --pidfile $TORPID --exec $DAEMON; then
		log_action_end_msg 0 "already running"
	else
		if [ "$USE_AA_EXEC" = "yes" ] &&
		   [ -x /usr/sbin/aa-status ] && \
		   [ -x /usr/sbin/aa-exec ] && \
		   [ -e /etc/apparmor.d/system_tor ] && \
		   /usr/sbin/aa-status --enabled ; then
			AA_EXEC="--startas /usr/sbin/aa-exec"
			AA_EXEC_ARGS="--profile=system_tor -- $DAEMON"
		else
			AA_EXEC=""
			AA_EXEC_ARGS=""
		fi
		if start-stop-daemon --start --quiet \
			--pidfile $TORPID \
			$NICE \
			$AA_EXEC \
			--exec $DAEMON -- $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS
		then
			log_action_end_msg 0
		else
			log_action_end_msg 1
			exit 1
		fi
	fi
	;;
  stop)
	log_action_begin_msg "Stopping $DESC"
	pid=`cat $TORPID 2>/dev/null` || true

	if test ! -f $TORPID -o -z "$pid"; then
		log_action_end_msg 0 "not running - there is no $TORPID"
		exit 0
	fi

	if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID --exec $DAEMON; then
		wait_for_deaddaemon $pid
	elif kill -0 $pid 2>/dev/null; then
		log_action_end_msg 1 "Is $pid not $NAME?  Is $DAEMON a different binary now?"
		exit 1
	else
		log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied"
		exit 1
	fi
	;;
  reload|force-reload)
	check_config

	log_action_begin_msg "Reloading $DESC configuration"
	pid=`cat $TORPID 2>/dev/null` || true

	if test ! -f $TORPID -o -z "$pid"; then
		log_action_end_msg 1 "not running - there is no $TORPID"
		exit 1
	fi

	if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID --exec $DAEMON
	then
		log_action_end_msg 0
	elif kill -0 $pid 2>/dev/null; then
		log_action_end_msg 1 "Is $pid not $NAME?  Is $DAEMON a different binary now?"
		exit 1
	else
		log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied"
		exit 1
	fi
	;;
  restart)
	check_config

	$0 stop
	sleep 1
	$0 start
	;;
  status)
	if test ! -r $(dirname $TORPID); then
		log_failure_msg "cannot read PID file $TORPID"
		exit 4
	fi
	pid=`cat $TORPID 2>/dev/null` || true
	if test ! -f $TORPID -o -z "$pid"; then
		log_failure_msg "$NAME is not running"
		exit 3
	fi
	if ps "$pid" >/dev/null 2>&1; then
		log_success_msg "$NAME is running"
		exit 0
	else
		log_failure_msg "$NAME is not running"
		exit 1
	fi
	;;
  *)
	log_action_msg "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2
	exit 1
	;;
esac

exit 0

As well as.

/etc/default/tor

Which should look like this.

# Defaults for tor initscript
# sourced by /etc/init.d/tor
# installed at /etc/default/tor by the maintainer scripts

#
# This is a bash shell fragment
#
RUN_DAEMON="yes"

#
# Servers sometimes may need more than the default 1024 file descriptors
# if they are very busy and have many clients connected to them.  The top
# servers as of early 2008 regularly have more than 10000 connected
# clients.
#  (ulimit -n)
#
# (the default varies as it depends on the number of available system-wide file
#  descriptors.  See the init script in /etc/init.d/tor for details.)
#
# MAX_FILEDESCRIPTORS=

#
# If tor is seriously hogging your CPU, taking away too much cycles from
# other system resources, then you can renice tor.  See nice(1) for a
# bit more information.  Another way to limit the CPU usage of an Onion
# Router is to set a lower BandwidthRate, as CPU usage is mostly a function
# of the amount of traffic flowing through your node.  Consult the torrc(5)
# manual page for more information on setting BandwidthRate.
#
# NICE="--nicelevel 5"

# Additional arguments to pass on tor's command line.
#
# ARGS="$ARGS "

#
# Uncomment the ulimit call below, and set "DisableDebuggerAttachment 0"
# in /etc/tor/torrc, if you want tor to produce coredumps on segfaults
# and assert errors.
#
# Keeping coredumps around is some sort of security issue since they
# may leak session keys, sensitive client data and more, should such
# files fall into the wrong hands.  Therefore coredumps are not enabled
# by default.
#
# ulimit -c unlimited

#
# Config option for the weekly cron file: Whether or not to remove old
# coredumps in /var/lib/tor.  Coredumps can hold sensitive data, as such
# they probably should not be kept lying around if nobody will ever look
# at them.  This option makes /etc/cron.weekly/tor clean out files older
# then three weeks.
#
CLEANUP_OLD_COREFILES=y

#
# By default the tor init script will launch Tor using apparmor iff
# /usr/sbin/aa-status exists and is executable and calling it with --enabled
# returns true, /usr/sbin/aa-exec is executable, there is a
# /etc/apparmor.d/system_tor policy, and USE_AA_EXEC is set to 'yes'.
#
# USE_AA_EXEC="yes"  # default
# USE_AA_EXEC="no"

# Let the vidalia package override some of our settings.
# People who have vidalia installed might not want to run Tor as a system
# service. The vidalia .deb can ask them that and then set run-daemon to no.
if [ -e /etc/default/tor.vidalia ] && [ -x /usr/bin/vidalia ]; then
	. /etc/default/tor.vidalia
fi

# Begin of modifications for Anonymity Distributions.

source /usr/lib/anon-shared-helper-scripts/torsocks-remove-ld-preload

# End of modifications for Anonymity Distributions.

License: anon-gw-anonymizer-config/COPYING at master · Whonix/anon-gw-anonymizer-config · GitHub