I upgraded to version 18 with release-upgrade. Now kloak is not working. Keystroke has no delay. Dragging things high FPS. systemctl status kloak shows stopped.
Functioning in the sysmaint mode, not in user mode. journalctl gave a message about job kloak.service/start stopped due to cyclic conflict with multi-user.target/start. I cannot copy log exactly because of split security.
Maybe it’s not broken? Compare a newly installed version.
Kloak has been completely rewritten. Avoid expectations from previous versions. Visual tearing inside Whonix-Workstation with kloak active is to be expected.
Broken release upgrade is too time consuming to debug.
I recommend doing a factory reset:
Note:
I fixed it. It was broken. The new install was choppy and laggy, means kloak working. The release-upgraded version was smooth and responsive, kloak not working.
Do cat /lib/systemd/system/kloak.service on the version 17. It has the line Before=graphical.target. This is same with the version in GitHub - vmonaco/kloak: Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level. .
In the new version commited by @arraybolt3 in new repo it is now After=graphical.target. kloak/usr/lib/systemd/system/kloak.service at master · Whonix/kloak · GitHub
Why?
The release-upgraded kloak has before dependency on multi-user.target. This cause cyclic dependency, kloak.service after graphical.target but before multi-user.target while graphical.target runs after multi-user.target. Therefore kloak killed.
The new install kloak does not have before dependency on multi-user.target. Therefore kloak works.
I changed the line back to Before=graphical.target in release-upgraded vm. Now it is choppy and laggy again, systemctl status kloak shows running correctly.
I think all release-upgraded versions will have broken kloak. Very bad for user anonymity. Please patch release-upgrade immediately. Why was the dependency changed?
Was a compete rewrite for Wayland.
This is the first bug report for this. Likely a localized issue.
systemcheck in version 18 looks for systemd units that are not healthy and reports details on problems.
The old version of kloak basically captured all input devices, and then made new input devices that the rest of the system could read from. This worked without a GUI and made things more-or-less transparent to the rest of the system, but it also made it impossible to anonymize mouse input events correctly. See:
The new version of kloak captures input devices, and then passes them directly to the display server via emulated input. This allows much tighter integration with the display server, which allows us to anonymize mouse input properly. Consequently, kloak can only work once a display server is running, so it needs to run After=graphical.target.
It shouldn’t. and it looks like in the source code it doesn’t:
If you still have a Before=multi-user.target dependency for some reason, that should be removed. (Note that WantedBy=multi-user.target is expected and is fine; that means that starting multi-user.target will try to start kloak.service, but kloak.service will wait until graphical.target comes up to actually start. We could probably change that to WantedBy=graphical.target safely, but the existing mechanism should work.)
I again tried in brand new imported whonix 17 release-upgrade to 18. Problem persists. I suspect many users have this problem. No reports because no awareness that something is wrong. Perhaps they thought more responsiveness was performance improvement. Suggest you try yourself.
systemcheck reports nothing about this.
There is no explicit line Before=multi-user.target in kloak.service. Never was. However it has this dependency when listing them. Persists on release-upgrade. Don’t know why.
Adding the line After=multi-user.target to the kloak.service file and keeping After=graphical.target fixes this too. It should comply with @arraybolt3 explanation on kloak needing to start after graphical. Is this valid fix?
I very highly suggest adding this and pushing an update immediately. Don’t know how many users have this problem and don’t know. release-upgrade on brand new whonix 17 workstation is breaking kloak. Not good.
I’ve not been able to reproduce the problem yet; I ran into an issue that prevents Whonix 17 from release-upgrading to Whonix 18 reliably, and need to fix it before I can reproduce this bug. Only once this can be reproduced by a developer can we figure out what the proper fix is; there’s a high risk of creating ordering cycles when using Before= and After= lines in systemd units, which can result in system breakage, so we can’t just add After=multi-user.target until we’ve verified that it works, is safe, and is the correct way to fix the problem.
It’s worth noting that release upgrades were tested in development, and this bug was not observed, so it’s possible this is not a universal problem.
Alright, I did manage to reproduce the issue after getting the upgrade procedure unbroken. For two, I thought Before=multi-user.target was what was being used in Whonix 18, but looking now I see that Before=graphical.target is what’s being used. I’m not sure how I got confused there (maybe I was accidentally looking at the systemd unit from Whonix 17).
I also see that the root cause of the issue is that systemd is not picking up the change from WantedBy=multi-user.target to WantedBy=graphical.target. This ends up causing an ordering cycle somehow (not entirely sure why but it does), and so systemd decides to not start kloak in order to break the cycle. A solution that works without any change to the systemd unit is to boot into sysmaint mode, and then run sudo systemctl disable kloak.service; sudo systemctl enable kloak.service. This gets systemd to realize that the WantedBy= unit has changed and that it should adjust accordingly.
This is probably best implemented as a legacy-dist fixup. I’ll create that now.
Edit: Fix, awaiting review and merge:
3 posts were split to a new topic: Lag while typing in Whonix 18?
You have After=graphical.target already. multi-user.target is an earlier runlevel in systemd. Will always run before graphical.target. It seems safe and correct to add After=multi-user.target. This is strictly weaker than After=graphical.target. One line fix.
Will this fix existing workstations that have already been release-upgraded? Can’t tell from your commit. The After=multi-user.target addition worked on existing release-upgraded workstation.
The unit file is correct, the issue is that systemd is not doing what the unit file says to do. Your suggested fix is able to nudge systemd to do things the way it should have been doing them all along, but the unit file already tells systemd to do that and systemd isn’t paying attention. A better way to fix the issue (in my opinion) is to make systemd obey what the file says to do.
Yes, it will. The disable-and-re-enable will take place when legacy-dist is updated.
Are you sure? Updated the workstation with the “Install Updates” button in sysmaint which runs upgrade-nonroot. kloak remains broken in user mode. I see it is merged. Is it invalid? The installed version of legacy-dist is 3.19.1 instead of 3.20.1 in latest commit.