Cleanly disabling CPFP

I followed your latest instructions and the error in the workstation is now gone but sdwdate still stalls.

Are you sure you got the DISPATCH_PREREQUISITE=“” setting in /etc/sdwdate.d/50_anon_dist_con_check_plugin_user? If yes…

Watch log in terminal 1.

tail -f /var/log/sdwdate.log

Restart sdwdate in terminal 2.

sudo service sdwdate restart

The log should include.

ce74fbfc-c800-4648-91cd-2e8dae85cbd3: dispatching prerequisite (SDW_MODE: startup) (CURL: curl.anondist-orig) (LD_PRELOAD: ): true ce74fbfc-c800-4648-91cd-2e8dae85cbd3: DISPATCH_PREREQUISITE exited 0, continuing...

Does it include that?

Otherwise were does it hang?

False alarm. Re applied all instructions on a clean snapshot and Timesync works

Just now updated Advanced Security Guide - Whonix.

  • added how to check that CPFP is no longer running
  • added how to close CPFP’s port in Whonix-Gateway’s firewall
  • actually no need to deactivate sdwdate-plugin-anon-shared-con-check / whonixcheck’s Tor bootstrap test on Whonix-Gateway - it doesn’t use CPFP on Whonix-Gateway (uses Tor’s ControlPort directly)

Please check.

I tested the latest instructions and they seem to work.

Type: "whonix" for help. user@host:~$ ps aux | grep controlportfilt user 4699 0.3 5.0 100088 25856 ? S 22:42 0:00 /usr/bin/python /usr/lib/msgcollector/msgdispatcher_dispatch_x error whonixcheck | Whonix-Gateway | 0.4-1 | Wed Sep 24 22:43:11 UTC 2014

ERROR: Control Port Filter Proxy Test Result:

File /var/run/controlportfilt/ownrunning does not exist.

Please report this Whonix bug!<\p> 1 /usr/share/icons/anon-icon-pack/whonix.ico user 6310 0.0 0.1 3944 732 pts/0 S+ 22:44 0:00 grep controlportfilt user@host:~$

2 related issues when testing, this time with 9.1

-Torbrowser Launcher refuses to function if the controlport is disabled.

  • CPFP disabling is what causes the red X with the network manager. Normally its not there if its enabled.

9.1 is not yet released. When you download it before the announcement in the blog, I might upload a “newer” 9.1 release later.

Please don’t attribute all universal evils to CPFP. :wink:

Have you had it working while CPFP was enabled and then disabling CPFP made it no longer work?

As per CPFP’s log torbrowser-launcher doesn’t seem to try to use ControlPort.

tail -f /var/log/controlportfilt.log

Also torbrowser-launcher does not depend on Tor (anymore?) (apt-cache show torbrowser-launcher).

There is a Whonix AppArmor related bug that was likely introduced in Whonix 10 or earlier:

And another issue most likely unrelated to CPFP:

Are you sure about this? Also causes a red X for me when CPFP is enabled. I don’t see how it could be related.

Please don't attribute all universal evils to CPFP. ;)

As per CPFP’s log torbrowser-launcher doesn’t seem to try to use ControlPort.

:smiley: I know it seems that way but I double checked and its really the case. Enabling makes these features work while without it it doesn’t.

Have you had it working while CPFP was enabled and then disabling CPFP made it no longer work?

Yes.

Are you sure about this? Also causes a red X for me when CPFP is enabled. I don't see how it could be related.

Yes. I noticed that this was the culprit this time. I’m extra careful about reaching these conclusions because I don’t want to waste anybody’s time.

Full error:

Tor Browser Updater (by Whonix developers)
ERROR: Tor not fully bootstrapped.
Possible reasons:
- no internet connectivity
Please check:
Start menu -> System -> Whonix Check
or in Terminal: whonixcheck
or in Terminal with debugging: whonixcheck -v
Run whonixcheck on Whonix-Gateway as well.
If whonixcheck reports no problems with internet activity and this still fails, please report a bug!</blockquote>

[quote=“HulaHoop, post:9, topic:506”]Full error:

[quote] Tor Browser Updater (by Whonix developers)

ERROR: Tor not fully bootstrapped.
Possible reasons:
- no internet connectivity
Please check:
Start menu -> System -> Whonix Check
or in Terminal: whonixcheck
or in Terminal with debugging: whonixcheck -v
Run whonixcheck on Whonix-Gateway as well.
If whonixcheck reports no problems with internet activity and this still fails, please report a bug![/quote][/quote]

Is this what you mean by “torbrowser-launcher”?

“torbrowser-launcher” (GitHub - micahflee/torbrowser-launcher: Securely and easily download, verify, install, and launch Tor Browser in Linux) is a non-ideal, but “reserved” term by the “torbrowser-launcher” developers. Please don’t mix them up when talking about GitHub - Kicksecure/tb-updater: Tor Browser Downloader - Automates download and verification of Tor Browser from The Tor Project's website. This package is produced independently of, and carries no guarantee from, The Tor Project.. See also:
Tor Browser Essentials

About the error itself, it’s documented here:

Please add to your posts if you are talking about tb-updater, tb-starter(, tb-default-browser) / or / torbrowser-launcher. Otherwise we mix up topics and talk past each other.

[quote=“Patrick, post:7, topic:506”]There is a Whonix AppArmor related bug that was likely introduced in Whonix 10 or earlier:

torbrowser-launcher: I am more sure now this is a Whonix related AppArmor issue:

[quote=“Patrick, post:7, topic:506”]And another issue most likely unrelated to CPFP:
https://github.com/micahflee/torbrowser-launcher/issues/134[/quote]
torbrowser-launcher: False alarm. Was using an old verison.

whoops I meant tor-browser updater. I mixed it up with launcher.

Please no new terms. Enough sources available for confusion. tb-updater