Could you please port it to python3(.4)?
(highest Debian stretch python version available from packages.debian.org through apt-get)
(Optional: by looking at whonix-setup-wizard git commit history you could get many if not all pointers on what needs changed to make it work with python3.)
I don't think I reviewed anon-connection-wizard before because it was never deployed. Going thorough the historic script as as well as your changes at once. Some comments are about old issues, where fixes would be appreciated anyhow.
proxy_password = ''#Q: Do we need special care for password? Like encryption? A: No. At least tor_launcher does not do that.
(This was probably not a bug introduced by you.)
f = open('/var/cache/whonix-setup-wizard/status-files/whonix_connection.done', 'w')
Please move the shutil.copy on top to make sure it really happens. (Race conditions, other corner cases.)
Typos. (Probably not be introduced by you.)
(Btw if not too much effort, please enable a spell checker in your editor.)
(I was wondering to fix some of these small nitpicks myself, however I abstained from it to not have your bigger more important changes merge conflict with mine.)
Please set your editor to remove trailing spaces.
self.bridges = ['obfs4 (recommended)',
The following will be uncommented as soon as being implemented.
The closing bracket intent looks wrong.
# Notice that the scramblesuit is even not supproted in offcial 6.5.1 TBB
# Is this option still useful or safe?
# No. Do not use it anymore.
Agreed. If a pluggable support was deprecated from TBB, we should not provide that option in anon-connection-wizard. (Well, unless a strong argument was made.)
Whonix Connection Wizard
Please strip out
Whonix there so this can be a general purpose package, which is not really tied to Whonix.
Legacy. This is not so great. A very rudimentary implementation.
That way the user cannot add any custom customizations since these would be overwritten.
On the topic of configuration file edits, could you read please https://www.whonix.org/wiki/Dev/Tor and tell me what you think about that?
Until https://trac.torproject.org/projects/tor/ticket/1922 is implemented - which is likely not very soon - which is likely after anon-connection-wizard is finished... What do you think, should anon-connection-wizard edit /etc/tor/torrc using the
### BEGIN anon-connection-wizard ### /
### END anon-connection-wizard ### approach? Let's call that the edit marker approach or can you think of a better term for this?
Another approach would be:
- write the output of anon-connection-wizard to a file in /var/cache/anon-connection-wizard/output.conf (check if okay with FHS)
/usr/share/tor/tor-service-defaults-torrc (still use markers, but not for the user to add customizations, but to mark changes from anon-connection-wizard)
- when the anon-gw-anonymizer-config package is upgraded,
/usr/share/tor/tor-service-defaults-torrc would be overwritten
- we'd to make sure using Debian maintainer scripts (or even Debian triggers if required) to re-append
/var/cache/anon-connection-wizard/output.conf before Tor gets reload (so settings are not lost on upgrades)
- That way we would not have to edit /etc/tor/torrc.
What do you think?
# Q: Why there is no those lines in torrc after using Torlauncher to configure that?
# Do we really need these?
# If so, can we just input them as default and mange them only use UseBridges 0/1 to control it?
# TODO: Both proxy_ip and proxy_port are not implemented yet.
In that case, please remove the comment.
print 'ERROR: This must be run as root!\nUse "kdesudo".'# Q: But why?
Because of unix file permissions. torrc and status files are not owned by user
user. However, gui applications have to be run as a user using kdesudo or gksudo. To simplify this we could provide a shell wrapper that automates prepending the kdesudo. Also on the gateway we can have anon-connection-wizard start passwordless as sudo using sudoers. (Which is one of the simplest parts, please ask me if you don't know how to do that so I can save you the time from figuring that out.)